Feature #20
opener.py: all add.header need to get commented out
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | Lukas Rist | % Done: | 0% |
|
| Category: | Glastopf | Spent time: | - | |
| Target version: | To be done sometime | |||
| Resolution: | fixed |
Description
well, i told you once, that there are downloaded files with ugz content.
i did something and had not seen it again, but i forgot what i did he.
now, while running the last version, the problem is back.
it consist in sending the
req.add_header("Accept-Encoding", "gzip,deflate")
and at least we are not a client,
so please comment out in opener.py:
req = urllib2.Request(url)
# req.add_header("User-agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3")
# req.add_header("Referer", "")
# req.add_header("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
# req.add_header("Accept-Encoding", "gzip,deflate")
# req.add_header("Accept-Language", "en,de-de;q=0.8,de;q=0.5,en-us;q=0.3")
# req.add_header("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
# req.add_header("Keep-Alive", "300")
# req.add_header("Connection", "keep-alive")
we don't need it, we are not "browser".
greets,
kat
History
Updated by Lukas Rist over 3 years ago
- Status changed from New to Assigned
Updated by Lukas Rist over 3 years ago
Yes, should be replaced with server headers.
Updated by Lukas Rist over 3 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed
Updated by Manfred Schilling over 3 years ago
I'm going to setup a RFI vuln page.
Updated by Manfred Schilling over 3 years ago
- Status changed from Closed to Feedback
- Resolution deleted (
fixed)
ok.
in branches, opener.py:
you put the server's header in, thats incorrect.
8 req.add_header("Server", "Apache/2.2.6 (Unix)")
9 req.add_header("Date", strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime()))
10 req.add_header("Last-Modified", "Tue, 15 Jul 2008 16:46:59 GMT")
11 req.add_header("Content-Type", "text/html")
12 req.add_header("Accept-Ranges", "bytes")
is what the server sends, when client connects.
it is NOT what the server sends, when it connects to include a file.
i made little test vuln.php:
<?php
$vuln = include ("http://to.be.included.example.com/index.php");
if (!$vuln) {
echo "huch.\n";
exit;
}
else {
echo $vuln;
}
?>
and ran it from my local apache.
the result at serverside:
cat /var/log/honeyd.txt|grep ac947 [ac947]--MARK--,"Tue Jan 13 08:41:14 CET 2009","apache/HTTP","192.168.1.1","172.16.1.10",46534,80, [ac947]GET /index.php HTTP/1.0 [ac947]Host: to.be.included.example.com [ac947]--ENDMARK--
oh, NO User-Agent? hmm?
so, best way would be to add no header and get rid of python sending the User-Agent.
greets,
kat
#reopen
Updated by Lukas Rist over 3 years ago
What about apache/HTTP? Isn't that the "server" Header? I try to compare the unstable GET entry with your test GET entry.
Updated by Manfred Schilling over 3 years ago
Replying to [comment:7 glaslos]:
What about apache/HTTP? Isn't that the "server" Header? I try to compare the unstable GET entry with your test GET entry.
apache/HTTP... it's from honeyd service/protocol
you should try netcat to see what really happens
Updated by Lukas Rist about 3 years ago
- Status changed from Feedback to Closed
- Resolution set to fixed
See Changeset r98