s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #33 from s0md3v/hotfix

Browse Source 
HOTFIX
This commit is contained in:
Somdev Sangwan
2021-01-28 18:24:23 +05:30
committed by GitHub
parent 35d18e9062 de9aff1794
commit 06f4d4a06d
2 changed files with 33 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/requester.py
View File

@@ -8,7 +8,7 @@ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Added verbose options. # Added verbose options.
def requester(url, scheme, headers, origin): def requester(url, scheme, headers, origin):
headers['Origin'] = scheme + origin headers['Origin'] = origin
try: try:
response = requests.get(url, headers=headers, verify=False).headers response = requests.get(url, headers=headers, verify=False).headers
for key, value in response.items(): for key, value in response.items():
@@ -19,3 +19,4 @@ def requester(url, scheme, headers, origin):
print ('%s %s is unreachable' % (bad, url)) print ('%s %s is unreachable' % (bad, url))
elif 'requests.exceptions.TooManyRedirects:' in str(e): elif 'requests.exceptions.TooManyRedirects:' in str(e):
print ('%s %s has too many redirects' % (bad, url)) print ('%s %s has too many redirects' % (bad, url))
return {}

54
core/tests.py
View File

@@ -8,7 +8,7 @@ details = load_json(sys.path[0] + '/db/details.json')
def passive_tests(url, headers): def passive_tests(url, headers):
root = host(url) root = host(url)
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header == '*': if acao_header == '*':
info = details['wildcard value'] info = details['wildcard value']
info['acao header'] = acao_header info['acao header'] = acao_header
@@ -23,10 +23,12 @@ def passive_tests(url, headers):
def active_tests(url, root, scheme, header_dict, delay): def active_tests(url, root, scheme, header_dict, delay):
headers = requester(url, scheme, header_dict, 'example.com') origin = scheme + '://' + root
headers = requester(url, scheme, header_dict, origin)
if headers: if headers:
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) origin = root + '://' + 'example.com'
if acao_header and acao_header == (scheme + 'example.com'): acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == (origin):
info = details['origin reflected'] info = details['origin reflected']
info['acao header'] = acao_header info['acao header'] = acao_header
info['acac header'] = acac_header info['acac header'] = acac_header
@@ -35,26 +37,29 @@ def active_tests(url, root, scheme, header_dict, delay):
return return
time.sleep(delay) time.sleep(delay)
headers = requester(url, scheme, header_dict, root + '.example.com') origin = scheme + '://' + root + '.example.com'
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) headers = requester(url, scheme, header_dict, origin)
if acao_header and acao_header == (scheme + root + '.example.com'): acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == (origin):
info = details['post-domain wildcard'] info = details['post-domain wildcard']
info['acao header'] = acao_header info['acao header'] = acao_header
info['acac header'] = acac_header info['acac header'] = acac_header
return {url : info} return {url : info}
time.sleep(delay) time.sleep(delay)
headers = requester(url, scheme, header_dict, 'd3v' + root) origin = scheme + '://d3v' + root
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) headers = requester(url, scheme, header_dict, origin)
if acao_header and acao_header == (scheme + 'd3v' + root): acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == (origin):
info = details['pre-domain wildcard'] info = details['pre-domain wildcard']
info['acao header'] = acao_header info['acao header'] = acao_header
info['acac header'] = acac_header info['acac header'] = acac_header
return {url : info} return {url : info}
time.sleep(delay) time.sleep(delay)
headers = requester(url, '', header_dict, 'null') origin = 'null'
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) headers = requester(url, '', header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == 'null': if acao_header and acao_header == 'null':
info = details['null origin allowed'] info = details['null origin allowed']
info['acao header'] = acao_header info['acao header'] = acao_header
@@ -62,17 +67,19 @@ def active_tests(url, root, scheme, header_dict, delay):
return {url : info} return {url : info}
time.sleep(delay) time.sleep(delay)
headers = requester(url, scheme, header_dict, root + '_.example.com') origin = scheme + '://' + root + '_.example.com'
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) headers = requester(url, scheme, header_dict, origin)
if acao_header and '_.example.com' in acao_header: acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == origin:
info = details['unrecognized underscore'] info = details['unrecognized underscore']
info['acao header'] = acao_header info['acao header'] = acao_header
info['acac header'] = acac_header info['acac header'] = acac_header
return {url : info} return {url : info}
time.sleep(delay) time.sleep(delay)
headers = requester(url, scheme, header_dict, root + '%60.example.com') origin = scheme + '://' + root + '%60.example.com'
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and '`.example.com' in acao_header: if acao_header and '`.example.com' in acao_header:
info = details['broken parser'] info = details['broken parser']
info['acao header'] = acao_header info['acao header'] = acao_header
@@ -81,17 +88,18 @@ def active_tests(url, root, scheme, header_dict, delay):
time.sleep(delay) time.sleep(delay)
if root.count('.') > 1: if root.count('.') > 1:
spoofed_root = root.replace('.', 'x', 1) origin = scheme + '://' + root.replace('.', 'x', 1)
headers = requester(url, scheme, header_dict, spoofed_root) headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and host(acao_header) == spoofed_root: if acao_header and acao_header == origin:
info = details['unescaped regex'] info = details['unescaped regex']
info['acao header'] = acao_header info['acao header'] = acao_header
info['acac header'] = acac_header info['acac header'] = acac_header
return {url : info} return {url : info}
time.sleep(delay) time.sleep(delay)
headers = requester(url, 'http', header_dict, root) origin = 'http://' + root
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) headers = requester(url, 'http', header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header.startswith('http://'): if acao_header and acao_header.startswith('http://'):
info = details['http origin allowed'] info = details['http origin allowed']
info['acao header'] = acao_header info['acao header'] = acao_header