Skip to content

Commit 06f4d4a

Browse files
s0md3vs0md3v
authored
Merge pull request #33 from s0md3v/hotfix
HOTFIX
2 parents 35d18e9 + de9aff1 commit 06f4d4a

File tree

2 files changed

+33
-24
lines changed

2 files changed

+33
-24
lines changed

core/requester.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
# Added verbose options.
99

1010
def requester(url, scheme, headers, origin):
11-
headers['Origin'] = scheme + origin
11+
headers['Origin'] = origin
1212
try:
1313
response = requests.get(url, headers=headers, verify=False).headers
1414
for key, value in response.items():
@@ -19,3 +19,4 @@ def requester(url, scheme, headers, origin):
1919
print ('%s %s is unreachable' % (bad, url))
2020
elif 'requests.exceptions.TooManyRedirects:' in str(e):
2121
print ('%s %s has too many redirects' % (bad, url))
22+
return {}

core/tests.py

Lines changed: 31 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
def passive_tests(url, headers):
1010
root = host(url)
11-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
11+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
1212
if acao_header == '*':
1313
info = details['wildcard value']
1414
info['acao header'] = acao_header
@@ -23,10 +23,12 @@ def passive_tests(url, headers):
2323

2424

2525
def active_tests(url, root, scheme, header_dict, delay):
26-
headers = requester(url, scheme, header_dict, 'example.com')
26+
origin = scheme + '://' + root
27+
headers = requester(url, scheme, header_dict, origin)
2728
if headers:
28-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
29-
if acao_header and acao_header == (scheme + 'example.com'):
29+
origin = root + '://' + 'example.com'
30+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
31+
if acao_header and acao_header == (origin):
3032
info = details['origin reflected']
3133
info['acao header'] = acao_header
3234
info['acac header'] = acac_header
@@ -35,44 +37,49 @@ def active_tests(url, root, scheme, header_dict, delay):
3537
return
3638
time.sleep(delay)
3739

38-
headers = requester(url, scheme, header_dict, root + '.example.com')
39-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
40-
if acao_header and acao_header == (scheme + root + '.example.com'):
40+
origin = scheme + '://' + root + '.example.com'
41+
headers = requester(url, scheme, header_dict, origin)
42+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
43+
if acao_header and acao_header == (origin):
4144
info = details['post-domain wildcard']
4245
info['acao header'] = acao_header
4346
info['acac header'] = acac_header
4447
return {url : info}
4548
time.sleep(delay)
4649

47-
headers = requester(url, scheme, header_dict, 'd3v' + root)
48-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
49-
if acao_header and acao_header == (scheme + 'd3v' + root):
50+
origin = scheme + '://d3v' + root
51+
headers = requester(url, scheme, header_dict, origin)
52+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
53+
if acao_header and acao_header == (origin):
5054
info = details['pre-domain wildcard']
5155
info['acao header'] = acao_header
5256
info['acac header'] = acac_header
5357
return {url : info}
5458
time.sleep(delay)
5559

56-
headers = requester(url, '', header_dict, 'null')
57-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
60+
origin = 'null'
61+
headers = requester(url, '', header_dict, origin)
62+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
5863
if acao_header and acao_header == 'null':
5964
info = details['null origin allowed']
6065
info['acao header'] = acao_header
6166
info['acac header'] = acac_header
6267
return {url : info}
6368
time.sleep(delay)
6469

65-
headers = requester(url, scheme, header_dict, root + '_.example.com')
66-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
67-
if acao_header and '_.example.com' in acao_header:
70+
origin = scheme + '://' + root + '_.example.com'
71+
headers = requester(url, scheme, header_dict, origin)
72+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
73+
if acao_header and acao_header == origin:
6874
info = details['unrecognized underscore']
6975
info['acao header'] = acao_header
7076
info['acac header'] = acac_header
7177
return {url : info}
7278
time.sleep(delay)
7379

74-
headers = requester(url, scheme, header_dict, root + '%60.example.com')
75-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
80+
origin = scheme + '://' + root + '%60.example.com'
81+
headers = requester(url, scheme, header_dict, origin)
82+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
7683
if acao_header and '`.example.com' in acao_header:
7784
info = details['broken parser']
7885
info['acao header'] = acao_header
@@ -81,17 +88,18 @@ def active_tests(url, root, scheme, header_dict, delay):
8188
time.sleep(delay)
8289

8390
if root.count('.') > 1:
84-
spoofed_root = root.replace('.', 'x', 1)
85-
headers = requester(url, scheme, header_dict, spoofed_root)
86-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
87-
if acao_header and host(acao_header) == spoofed_root:
91+
origin = scheme + '://' + root.replace('.', 'x', 1)
92+
headers = requester(url, scheme, header_dict, origin)
93+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
94+
if acao_header and acao_header == origin:
8895
info = details['unescaped regex']
8996
info['acao header'] = acao_header
9097
info['acac header'] = acac_header
9198
return {url : info}
9299
time.sleep(delay)
93-
headers = requester(url, 'http', header_dict, root)
94-
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
100+
origin = 'http://' + root
101+
headers = requester(url, 'http', header_dict, origin)
102+
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
95103
if acao_header and acao_header.startswith('http://'):
96104
info = details['http origin allowed']
97105
info['acao header'] = acao_header

0 commit comments

Comments
 (0)