commit
6d13aae69e
|
@ -2,7 +2,7 @@ id: https-to-http-redirect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: HTTPS to HTTP redirect Misconfiguration
|
name: HTTPS to HTTP redirect Misconfiguration
|
||||||
author: kazet
|
author: kazet,idealphase
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Detects whether there is a redirect from https:// to http://
|
Detects whether there is a redirect from https:// to http://
|
||||||
|
@ -16,11 +16,19 @@ http:
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}"
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: or
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'startswith(tolower(location), "http://")'
|
- 'startswith(tolower(location), "http://")'
|
||||||
- 'startswith(tostring(BaseURL), "https://")'
|
- 'startswith(tostring(BaseURL), "https://")'
|
||||||
- '(status_code == 301 || status_code == 302 || status_code == 307)'
|
- '(status_code == 300 || status_code == 301 || status_code == 302 || status_code == 303 || status_code == 307 || status_code == 308)'
|
||||||
condition: and
|
condition: and
|
||||||
# digest: 4a0a0047304502206212deffff885bc2abd110b7921124764815e61844a28cf278f271f6d9753151022100861fee57cff6e033d3b77a48aa8a88595f5d7ea267d502b1aadf739e417f6608:922c64590222798bb761d5b6d8e72950
|
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'startswith(tostring(BaseURL), "https://")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
- 'contains(tolower(body), "<meta http-equiv=\"refresh\" content=\"0; url=http://")'
|
||||||
|
condition: and
|
||||||
|
# digest: 4b0a0048304602210095c09fe6d8f15bcb97731bcc870184de2350c35ab0db26b19fc3bbced9862e7b022100fbe5cddc9cf4e2d70fc2e700dbe0c90a05e20536b932ac17e44bb0b83d7edf8c:32bd8904a85baa2268cd2e24368f3b1a
|
||||||
|
|
|
@ -3731,8 +3731,13 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- "status_code==200 && (\"-1599943282\" == mmh3(base64_py(body)))"
|
- "status_code==200 && (\"-1599943282\" == mmh3(base64_py(body)))"
|
||||||
|
|
||||||
|
- type: dsl
|
||||||
|
name: "Veeam Service Provider Console"
|
||||||
|
dsl:
|
||||||
|
- "status_code==200 && (\"-1728967963\" == mmh3(base64_py(body)))"
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'mmh3(base64_py(body))'
|
- 'mmh3(base64_py(body))'
|
||||||
# digest: 4a0a00473045022100d5db6ca1e3fae692c3d73e04bb2b8f32fbb0ce71e9dbe0e5e2568124a785b0b902202a8410c129ccda07db2f0cff823f28efc91b909fe40a147716b71e8f016a177e:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a00473045022100d5db6ca1e3fae692c3d73e04bb2b8f32fbb0ce71e9dbe0e5e2568124a785b0b902202a8410c129ccda07db2f0cff823f28efc91b909fe40a147716b71e8f016a177e:922c64590222798bb761d5b6d8e72950
|
||||||
|
|
Loading…
Reference in New Issue