infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remembering to Propset and include $Id: $ this time. Also, switching from BSD_LICENSE to MSF_LICENSE. 

git-svn-id: file:///home/svn/framework3/trunk@13884 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Chao Mu 2011-10-12 00:30:25 +00:00
parent 460353fec4
commit 667c00161d
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb
View File

@ -1,3 +1,5 @@
$Id$
require 'msf/core' require 'msf/core'
class Metasploit4 < Msf::Auxiliary class Metasploit4 < Msf::Auxiliary
@ -7,30 +9,30 @@ class Metasploit4 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Reverse Proxy Bypass Scanner', 'Name' => 'Reverse Proxy Bypass Scanner',
'Version' => '$Revision: $', 'Version' => '$Revision$',
'Description' => %q{ 'Description' => %q{
Scan for poorly configured reverse proxy servers. Scan for poorly configured reverse proxy servers.
By default, this module attempts to force the server to make By default, this module attempts to force the server to make
a request with an invalid domain name. Then, if the bypass a request with an invalid domain name. Then, if the bypass
is successful, the server will look it up and of course fail, is successful, the server will look it up and of course fail,
then responding with a status code 502. A baseline status code then responding with a status code 502. A baseline status code
is always established and if that baseline matches your test is always established and if that baseline matches your test
status code, the injection attempt does not occur. status code, the injection attempt does not occur.
"set VERBOSE true" if you are paranoid and want to catch potential "set VERBOSE true" if you are paranoid and want to catch potential
false negatives. Works best against Apache and mod_rewrite false negatives. Works best against Apache and mod_rewrite
}, },
'Author' => 'chao-mu', 'Author' => ['chao-mu'],
'License' => BSD_LICENSE, 'License' => MSF_LICENSE,
'References' => 'References' =>
[ [
['URL', 'http://www.contextis.com/research/blog/reverseproxybypass/'], ['URL', 'http://www.contextis.com/research/blog/reverseproxybypass/'],
['CVE', 'CVE-2011-3368'], ['CVE', '2011-3368'],
] ]
) )
register_options( register_options(
[ [
OptString.new('ESCAPE_SEQUENCE', OptString.new('ESCAPE_SEQUENCE',
[true, 'Character(s) that terminate the rewrite rule', '@']), [true, 'Character(s) that terminate the rewrite rule', '@']),
OptString.new('INJECTED_URI', OptString.new('INJECTED_URI',
@ -58,7 +60,7 @@ class Metasploit4 < Msf::Auxiliary
vprint_error "Request against #{host} timed out" vprint_error "Request against #{host} timed out"
return nil return nil
end end
seconds_transpired = (responded_at - requested_at).to_f seconds_transpired = (responded_at - requested_at).to_f
vprint_status "#{host} took #{seconds_transpired} seconds to respond to URI #{uri}" vprint_status "#{host} took #{seconds_transpired} seconds to respond to URI #{uri}"