Minor patch for injecting into custom HTTP Header

commixproject · Mar 7, 2022 · 8ede519 · 8ede519
1 parent 7d63277
commit 8ede519
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 5 deletions.
diff --git a/setup.py b/setup.py
@@ -17,7 +17,7 @@
 
 setup(
       name='commix',
-      version='3.4',
+      version='3.5-dev',
       description='Automated All-in-One OS Command Injection Exploitation Tool',
       long_description=open('README.md').read(),
       long_description_content_type='text/markdown',

diff --git a/src/core/requests/headers.py b/src/core/requests/headers.py
@@ -424,6 +424,7 @@ def do_check(request):
            settings.INJECT_TAG in http_header_value:
           settings.CUSTOM_HEADER_INJECTION = True
           settings.CUSTOM_HEADER_NAME = http_header_name
+          settings.CUSTOM_HEADER_VALUE = http_header_value
         # Add HTTP Header name / value to the HTTP request
         if http_header_name not in [settings.HOST, settings.USER_AGENT, settings.REFERER, settings.COOKIE]:
           request.add_header(http_header_name, http_header_value)

diff --git a/src/core/requests/requests.py b/src/core/requests/requests.py
@@ -895,7 +895,7 @@ def inject_custom_header(url, vuln_parameter, payload, proxy):
     #Check if defined extra headers.
     headers.do_check(request)
     payload = checks.newline_fixation(payload) 
-    request.add_header(settings.CUSTOM_HEADER_NAME, payload)
+    request.add_header(settings.CUSTOM_HEADER_NAME, settings.CUSTOM_HEADER_VALUE.replace(settings.INJECT_TAG, payload))
     try:
       headers.check_http_traffic(request)
       response = opener.open(request)

diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -224,9 +224,9 @@ def sys_argv_errors():
 DESCRIPTION_FULL = "Automated All-in-One OS Command Injection Exploitation Tool"
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
-VERSION_NUM = "3.4"
-REVISION = "66"
-STABLE_RELEASE = True
+VERSION_NUM = "3.5"
+REVISION = "1"
+STABLE_RELEASE = False
 if STABLE_RELEASE:
   VERSION = "v" + VERSION_NUM + "-stable"
 else:
@@ -580,6 +580,7 @@ def sys_argv_errors():
 # Custom HTTP Headers injection
 CUSTOM_HEADER_INJECTION = False
 CUSTOM_HEADER_NAME = "" 
+CUSTOM_HEADER_VALUE = "" 
 
 # Valid URL format check
 VALID_URL_FORMAT = "https?://(?:www)?(?:[\w-]{2,255}(?:\.\w{2,6}){1,2})(?:/[\w&%?#-]{1,310})?"