Skip to content

Commit

Permalink
Custom headers use, proxies fix and add path for Tomcat discovering (#42
Browse files Browse the repository at this point in the history 
)

* Use custom HTTP headers from the user

* Fix proxies with urllib 1.26.6 (requirements.txt)

Error with previous format: [debug] Error in is_http_accessible('www.target.com', 443, 'https'): HTTPSConnectionPool(host='www.target.com', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', TimeoutError('_ssl.c:989: The handshake operation timed out')))

* Add other way to discover Tomcat version

- /..;/
- /..;/status.html with 406 HTTP response code
  • Loading branch information
@cosad3s
cosad3s authored Mar 19, 2024
1 parent 39e2fe1 commit 1a863aa
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 6 deletions.
4 changes: 2 additions & 2 deletions apachetomcatscanner/Config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,8 +141,8 @@ def set_request_proxies(self, proxy_ip, proxy_port, protocol=None):
if proxy_ip is not None and proxy_port is not None:
if protocol is None:
self.request_proxies = {
"http": "http://%s:%d/" % (proxy_ip, proxy_port),
"https": "https://%s:%d/" % (proxy_ip, proxy_port)
"http": "%s:%d" % (proxy_ip, proxy_port),
"https": "%s:%d" % (proxy_ip, proxy_port)
}
else:
self.request_proxies[protocol] = "%s://%s:%d/" % (protocol, proxy_ip, proxy_port)
Expand Down
1 change: 1 addition & 0 deletions apachetomcatscanner/utils/network.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ def is_http_accessible(target, port, config, scheme="http"):
url,
timeout=config.request_timeout,
proxies=config.request_proxies,
headers=config.request_http_headers,
verify=(not (config.request_no_check_certificate))
)
return True
Expand Down
16 changes: 12 additions & 4 deletions apachetomcatscanner/utils/scan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ def is_tomcat_manager_accessible(url_manager, config):
url_manager,
timeout=config.request_timeout,
proxies=config.request_proxies,
headers=config.request_http_headers,
verify=(not (config.request_no_check_certificate))
)
if r.status_code in [401]:
Expand All @@ -46,6 +47,8 @@ def get_version_from_malformed_http_request(url, config):
("GET", url + "/{}"),
("GET", url + "/" + "..;/" * url_depth + "{}"),
("GET", url + "/..;/..;/"),
("GET", url + "/..;/"),
("GET", url + "/..;/status.html"),
("ACL", url + "/"),
]
test_urls = list(set(test_urls))
Expand All @@ -57,9 +60,10 @@ def get_version_from_malformed_http_request(url, config):
url=test_url,
timeout=config.request_timeout,
proxies=config.request_proxies,
headers=config.request_http_headers,
verify=(not (config.request_no_check_certificate))
)
if r.status_code in [400, 401, 403, 404, 405, 500]:
if r.status_code in [400, 401, 403, 404, 405, 406, 500]:
# Bug triggered
matched = re.search(b"(<h3>)Apache Tomcat(/)?([^<]+)(</h3>)", r.content)
if matched is not None:
Expand All @@ -72,6 +76,7 @@ def get_version_from_malformed_http_request(url, config):
url=(url + "/docs/"),
timeout=config.request_timeout,
proxies=config.request_proxies,
headers=config.request_http_headers,
verify=(not (config.request_no_check_certificate))
)
if r.status_code == 200:
Expand All @@ -91,11 +96,14 @@ def try_default_credentials(url_manager, config):
try:
for credentials in config.credentials:
auth_string = bytes(credentials["username"] + ':' + credentials["password"], 'utf-8')
headers={
"Authorization": "Basic " + base64.b64encode(auth_string).decode('utf-8')
}
headers.update(config.request_http_headers)

r = requests.post(
url_manager,
headers={
"Authorization": "Basic " + base64.b64encode(auth_string).decode('utf-8')
},
headers=headers,
timeout=config.request_timeout,
proxies=config.request_proxies,
verify=(not (config.request_no_check_certificate))
Expand Down

0 comments on commit 1a863aa

Please sign in to comment.