Skip to content

Fixed proxy support leading to false positives #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fixed proxy support leading to false positives #56

wants to merge 1 commit into from

Conversation

slicingmelon
Copy link
Contributor

@slicingmelon slicingmelon commented Oct 30, 2024
edited
Loading

The current proxy support implementation does not work well, it leads only to false positives. (e.g. all responses are 200 OK) because it does not handle all HTTP methods properly.

Sample results before the fix

[#####] [bypass_method] [payload] => [status_code] [content_type] [content_length] [lines_count] [word_counts] [title] [server] [redirect_url] (filename)
[GROUP (14)] [http_headers_ip] [-H Host: 8.8.8.8 https://mynewsite.net/index] => [200] [] [59] [2] [4] [] [] [] (bypass-0e740fd65ce7819f6f7d45dd3d757adc.html)
[SINGLE] [http_headers_ip] [-H Host: 0177.1 https://mynewsite.net/index] => [200] [] [355] [7] [17] [] [] [] (bypass-c233403fb9853f6c1af0c73db18a619c.html)
[SINGLE] [http_methods] [-X CONNECT https://mynewsite.net/index] => [200] [] [155] [5] [9] [] [] [] (bypass-8fa1f8df2f295cfedd890ecbb222bf77.html)
[SINGLE] [http_methods] [-X OPTIONS https://mynewsite.net/index] => [200] [] [483] [9] [19] [] [] [] (bypass-8e08bdc57deaae9079edc009bf23a4d7.html)
2024-10-30 19:36:16 DESKTOP-6Q0P1OL HeadBypasser[509] INFO Save JSON results for 'https://mynewsite.net/index' in /tmp/tmp5eyz9wi9-bypass-url-parser/triaged-bypass.json

Sample results after the patch:

[#####] [bypass_method] [payload] => [status_code] [content_type] [content_length] [lines_count] [word_counts] [title] [server] [redirect_url] (filename)
[GROUP (3935)] [http_headers_ip] [-H Via: norealhost https://mynewsite.net/index] => [403] [text/html] [564] [13] [69] [403 Forbidden] [nginx] [] (bypass-ebc064b935fb0f5eb8d6fd9e3a28c190.html)
[GROUP (37)] [user_agent] [-H User-Agent: Ruby https://mynewsite.net/index] => [403] [text/html] [162] [7] [3] [403 Forbidden] [nginx] [] (bypass-d1f18f6c7b9c76e4858b35a936b20a79.html)
[GROUP (13)] [http_headers_ip] [-H Host: 192.168.0.2 https://mynewsite.net/index] => [403] [text/html] [3187] [28] [215] [] [] [] (bypass-ca29174257875cc578ec0830ffe3ee2f.html)
[SINGLE] [http_methods] [-X OPTIONS https://mynewsite.net/index] => [200] [application/octet] [0] [0] [0] [] [nginx] [] (bypass-8e08bdc57deaae9079edc009bf23a4d7.html)
[SINGLE] [http_headers_ip] [-H Host: 0177.1 https://mynewsite.net/index] => [301] [text/html] [178] [7] [5] [301 Moved Permanently] [nginx] [http://www.0177.1/ldap_login] (bypass-c233403fb9853f6c1af0c73db18a619c.html)
[SINGLE] [http_methods] [-X CONNECT https://mynewsite.net/index] => [200] [text/html] [1394] [26] [130] [Burp Suite Professional] [] [] (bypass-8fa1f8df2f295cfedd890ecbb222bf77.html)
[SINGLE] [http_methods] [-X TRACE https://mynewsite.net/index] => [405] [text/html] [568] [13] [71] [405 Not Allowed] [nginx] [] (bypass-34e1b725272c95bf1d3390456fee54b6.html)
[SINGLE] [http_methods] [-X PRI https://mynewsite.net/index] => [400] [text/html] [3172] [27] [198] [] [] [] (bypass-8c8e46f531e4b5d16c9aaa14e5c70905.html)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@slicingmelon