From c6d307b2bc9c5b3914308fb57fc851757d8b55d1 Mon Sep 17 00:00:00 2001 From: vvMelody Date: Wed, 4 Dec 2019 14:04:03 +0800 Subject: [PATCH 1/2] Simplify some code --- core/requester.py | 7 ++-- core/tests.py | 102 +++++++++++++++++++++++----------------------- core/utils.py | 14 ++----- corsy.py | 3 +- 4 files changed, 59 insertions(+), 67 deletions(-) diff --git a/core/requester.py b/core/requester.py index 1d736b0..5a0326b 100644 --- a/core/requester.py +++ b/core/requester.py @@ -10,7 +10,6 @@ headers = { } def requester(url, scheme, origin): - headers['Origin'] = scheme + origin - response = requests.get(url, headers=headers).headers - if 'Access-Control-Allow-Origin' in response: - return response['Access-Control-Allow-Origin'] + headers['Origin'] = scheme + origin + response = requests.get(url, headers=headers).headers + return response.get('Access-Control-Allow-Origin', None) diff --git a/core/tests.py b/core/tests.py index 217f174..fd86317 100644 --- a/core/tests.py +++ b/core/tests.py @@ -3,57 +3,57 @@ import time from core.utils import host from core.requester import requester + def passive_tests(url, acao_header): - root = host(url) - if acao_header == '*': - return 'Wildcard value' - if root: - if root != host(acao_header): - print(acao_header) - return 'Third party allowed' - elif url.startswith('http://'): - return 'HTTP origin allowed' - else: - return False - else: - return 'Invalid value' + root = host(url) + if acao_header == '*': + return 'Wildcard value' + if root: + if root != host(acao_header): + print(acao_header) + return 'Third party allowed' + elif url.startswith('http://'): + return 'HTTP origin allowed' + else: + return None + else: + return 'Invalid value' def active_tests(url, root, scheme, delay): - acao_header = requester(url, scheme, 'example.com') - if acao_header: - if acao_header == (scheme + 'example.com'): - return 'Origin reflected' - time.sleep(delay) - acao_header = requester(url, scheme, root + '.example.com') - if acao_header: - if acao_header == (scheme + root + '.example.com'): - return 'Post-domain wildcard' - time.sleep(delay) - acao_header = requester(url, scheme, 'd3v' + root) - if acao_header: - if acao_header == (scheme + 'd3v' + root): - return 'Pre-domain wildcard' - time.sleep(delay) - acao_header = requester(url, '', 'null') - if acao_header: - if acao_header == 'null': - return 'Null origin allowed' - time.sleep(delay) - acao_header = requester(url, scheme, root + '%60.example.com') - if acao_header: - if '`.example.com' in acao_header: - return 'Broken parser' - if root.count('.') > 1: - time.sleep(delay) - spoofed_root = root.replace('.', 'x', 1) - acao_header = requester(url, scheme, spoofed_root) - if acao_header: - if host(acao_header) == spoofed_root: - return 'Unescaped regex' - time.sleep(delay) - acao_header = requester(url, 'http', root) - if acao_header: - if acao_header.startswith('http://'): - return 'HTTP origin allowed' - else: - return passive_tests(url, acao_header) + acao_header = requester(url, scheme, 'example.com') + if acao_header and acao_header == (scheme + 'example.com'): + return 'Origin reflected' + time.sleep(delay) + + acao_header = requester(url, scheme, root + '.example.com') + if acao_header and acao_header == (scheme + root + '.example.com'): + return 'Post-domain wildcard' + time.sleep(delay) + + acao_header = requester(url, scheme, 'd3v' + root) + if acao_header and acao_header == (scheme + 'd3v' + root): + return 'Pre-domain wildcard' + time.sleep(delay) + + acao_header = requester(url, '', 'null') + if acao_header and acao_header == 'null': + return 'Null origin allowed' + time.sleep(delay) + + acao_header = requester(url, scheme, root + '%60.example.com') + if acao_header and '`.example.com' in acao_header: + return 'Broken parser' + + if root.count('.') > 1: + time.sleep(delay) + spoofed_root = root.replace('.', 'x', 1) + acao_header = requester(url, scheme, spoofed_root) + if acao_header and host(acao_header) == spoofed_root: + return 'Unescaped regex' + time.sleep(delay) + + acao_header = requester(url, 'http', root) + if acao_header and acao_header.startswith('http://'): + return 'HTTP origin allowed' + else: + return passive_tests(url, acao_header) diff --git a/core/utils.py b/core/utils.py index b61cfe6..c96bad8 100644 --- a/core/utils.py +++ b/core/utils.py @@ -1,17 +1,11 @@ import tld import json -def load_file(path): - with open(path, 'r') as f: - result = [line.rstrip('\n').encode('utf-8').decode('utf-8') for line in f] - return '\n'.join(result) def host(string): - if string and '*' not in string: - try: - return tld.get_fld(string, fix_protocol=True) - except: - return False + if string and '*' not in string: + return tld.get_fld(string, fix_protocol=True, fail_silently=True) def load_json(file): - return json.loads(load_file('./db/details.json')) + with open(file) as f: + return json.load(f) diff --git a/corsy.py b/corsy.py index 47212df..2e4fee5 100644 --- a/corsy.py +++ b/corsy.py @@ -30,8 +30,7 @@ def cors(target, delay, scheme=False): url = scheme + '://' + url root = host(url) parsed = urlparse(url) - netloc = parsed.netloc - scheme = parsed.scheme + netloc, scheme = parsed.netloc, parsed.scheme url = scheme + '://' + netloc active = active_tests(url, root, scheme, delay) return active From 678517ca8796420bbd62871b1d96d8fd8aae0d5d Mon Sep 17 00:00:00 2001 From: Mio Date: Sun, 15 Dec 2019 18:14:24 +0800 Subject: [PATCH 2/2] Update requester.py --- core/requester.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/core/requester.py b/core/requester.py index 4a97c5f..9a50d9d 100644 --- a/core/requester.py +++ b/core/requester.py @@ -17,9 +17,4 @@ def requester(url, scheme, origin): headers['Origin'] = scheme + origin response = requests.get(url, headers=headers, verify=False).headers return response.get('Access-Control-Allow-Origin', None) -======= - headers['Origin'] = scheme + origin - response = requests.get(url, headers=headers, verify=False).headers - if 'Access-Control-Allow-Origin' in response: - return response['Access-Control-Allow-Origin']