From 667c00161d3e188b132c55d5d3ed130daf7f46c0 Mon Sep 17 00:00:00 2001 From: Chao Mu Date: Wed, 12 Oct 2011 00:30:25 +0000 Subject: [PATCH] Remembering to Propset and include $Id: $ this time. Also, switching from BSD_LICENSE to MSF_LICENSE. git-svn-id: file:///home/svn/framework3/trunk@13884 4d416f70-5f16-0410-b530-b9f4589650da --- .../scanner/http/rewrite_proxy_bypass.rb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb index 34034f85c2..fd2b909711 100644 --- a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb +++ b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb @@ -1,3 +1,5 @@ +$Id$ + require 'msf/core' class Metasploit4 < Msf::Auxiliary @@ -7,30 +9,30 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'Reverse Proxy Bypass Scanner', - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'Description' => %q{ Scan for poorly configured reverse proxy servers. By default, this module attempts to force the server to make - a request with an invalid domain name. Then, if the bypass - is successful, the server will look it up and of course fail, + a request with an invalid domain name. Then, if the bypass + is successful, the server will look it up and of course fail, then responding with a status code 502. A baseline status code is always established and if that baseline matches your test status code, the injection attempt does not occur. "set VERBOSE true" if you are paranoid and want to catch potential false negatives. Works best against Apache and mod_rewrite }, - 'Author' => 'chao-mu', - 'License' => BSD_LICENSE, + 'Author' => ['chao-mu'], + 'License' => MSF_LICENSE, 'References' => [ ['URL', 'http://www.contextis.com/research/blog/reverseproxybypass/'], - ['CVE', 'CVE-2011-3368'], + ['CVE', '2011-3368'], ] ) register_options( [ - OptString.new('ESCAPE_SEQUENCE', + OptString.new('ESCAPE_SEQUENCE', [true, 'Character(s) that terminate the rewrite rule', '@']), OptString.new('INJECTED_URI', @@ -58,7 +60,7 @@ class Metasploit4 < Msf::Auxiliary vprint_error "Request against #{host} timed out" return nil end - + seconds_transpired = (responded_at - requested_at).to_f vprint_status "#{host} took #{seconds_transpired} seconds to respond to URI #{uri}"