Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix little issues #3

Closed
wants to merge 1 commit into from
Closed

fix little issues #3

wants to merge 1 commit into from

Conversation

AlessandroZ
Copy link

@AlessandroZ AlessandroZ commented Dec 11, 2019
edited
Loading

Hi,

I had some issues using your script so I fixed it:

  • adding a try/except on the extractDatas function (I get a stracktrace)
  • t_urlparse.netloc return [ip]:[port] so if your url is composed using [ip]:[port], sock.connect( (t_urlparse.netloc, port) ) will fail
  • the url printed was always the same on the error when using -u [url_list] because the url printed wasn't the good one.
  • adding custom data wasn't added to the base http header

I didn't add but I think it would be easy to add new techniques described here:

Such as:

Transfer-Encoding: identity, chunked

Or adding some pads to get a request over than 40kb:

Thanks for your work. Have a nice day !

@gwen001
Copy link
Owner

gwen001 commented Dec 12, 2019

I didn't merge your pull request, I'm not confortable with that but I added all your fixes.

Also added "identify" keyword and chunky (padding) as a new method but not as an overall option.
I have to refactor the code to not play with strings manipulation anymore, it's so crap.
Anyway thank you for the feedback.

If you have any idea of what do vanilla and reversevanilla method I would be happy to write them. Thanks again :)

@gwen001 gwen001 closed this Dec 12, 2019
@AlessandroZ
Copy link
Author

vanilla method seems to be a basic check without any modification.
Disable all options from the burp HTTP Request smuggling plugin and enable only "vanilla". You can see with logger++ 4 requests sent:

Content-Length: 5
Transfer-Encoding: chunked

0

Content-Length: 11
Transfer-Encoding: chunked

1
Z
Q

Content-Length: 5
Transfer-Encoding: chunked

1
Z

Content-Length: 6
Transfer-Encoding: chunked

0

X

For the reverse vanilla, it seems to be disabled on the burp plugin: https://github.com/PortSwigger/http-request-smuggler/blob/master/src/burp/SmuggleScanBox.java#L62

@gwen001
Copy link
Owner

gwen001 commented Dec 12, 2019

Yeah yeah it's exactly what I tried and I didn't notice anything so I though there was a kind of magic I couldn't understand. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@AlessandroZ @gwen001