Skip to content

Fixed proxy support leading to false positives #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fixed proxy support leading to false positives #56

wants to merge 1 commit into from

Conversation

slicingmelon
Copy link
Contributor

@slicingmelon slicingmelon commented Oct 30, 2024
edited
Loading

The current proxy support implementation does not work well, it leads only to false positives. (e.g. all responses are 200 OK) because it does not handle all HTTP methods properly.

Sample results before the fix

[#####] [bypass_method] [payload] => [status_code] [content_type] [content_length] [lines_count] [word_counts] [title] [server] [redirect_url] (filename)
[GROUP (14)] [http_headers_ip] [-H Host: 8.8.8.8 https://mynewsite.net/index] => [200] [] [59] [2] [4] [] [] [] (bypass-0e740fd65ce7819f6f7d45dd3d757adc.html)
[SINGLE] [http_headers_ip] [-H Host: 0177.1 https://mynewsite.net/index] => [200] [] [355] [7] [17] [] [] [] (bypass-c233403fb9853f6c1af0c73db18a619c.html)
[SINGLE] [http_methods] [-X CONNECT https://mynewsite.net/index] => [200] [] [155] [5] [9] [] [] [] (bypass-8fa1f8df2f295cfedd890ecbb222bf77.html)
[SINGLE] [http_methods] [-X OPTIONS https://mynewsite.net/index] => [200] [] [483] [9] [19] [] [] [] (bypass-8e08bdc57deaae9079edc009bf23a4d7.html)
2024-10-30 19:36:16 DESKTOP-6Q0P1OL HeadBypasser[509] INFO Save JSON results for 'https://mynewsite.net/index' in /tmp/tmp5eyz9wi9-bypass-url-parser/triaged-bypass.json

Sample results after the patch:

[#####] [bypass_method] [payload] => [status_code] [content_type] [content_length] [lines_count] [word_counts] [title] [server] [redirect_url] (filename)
[GROUP (3935)] [http_headers_ip] [-H Via: norealhost https://mynewsite.net/index] => [403] [text/html] [564] [13] [69] [403 Forbidden] [nginx] [] (bypass-ebc064b935fb0f5eb8d6fd9e3a28c190.html)
[GROUP (37)] [user_agent] [-H User-Agent: Ruby https://mynewsite.net/index] => [403] [text/html] [162] [7] [3] [403 Forbidden] [nginx] [] (bypass-d1f18f6c7b9c76e4858b35a936b20a79.html)
[GROUP (13)] [http_headers_ip] [-H Host: 192.168.0.2 https://mynewsite.net/index] => [403] [text/html] [3187] [28] [215] [] [] [] (bypass-ca29174257875cc578ec0830ffe3ee2f.html)
[SINGLE] [http_methods] [-X OPTIONS https://mynewsite.net/index] => [200] [application/octet] [0] [0] [0] [] [nginx] [] (bypass-8e08bdc57deaae9079edc009bf23a4d7.html)
[SINGLE] [http_headers_ip] [-H Host: 0177.1 https://mynewsite.net/index] => [301] [text/html] [178] [7] [5] [301 Moved Permanently] [nginx] [http://www.0177.1/ldap_login] (bypass-c233403fb9853f6c1af0c73db18a619c.html)
[SINGLE] [http_methods] [-X CONNECT https://mynewsite.net/index] => [200] [text/html] [1394] [26] [130] [Burp Suite Professional] [] [] (bypass-8fa1f8df2f295cfedd890ecbb222bf77.html)
[SINGLE] [http_methods] [-X TRACE https://mynewsite.net/index] => [405] [text/html] [568] [13] [71] [405 Not Allowed] [nginx] [] (bypass-34e1b725272c95bf1d3390456fee54b6.html)
[SINGLE] [http_methods] [-X PRI https://mynewsite.net/index] => [400] [text/html] [3172] [27] [198] [] [] [] (bypass-8c8e46f531e4b5d16c9aaa14e5c70905.html)

@slicingmelon slicingmelon closed this by deleting the head repository Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@slicingmelon