Twenty Year Anniversary

proxycheck.pl.txt

proxycheck.pl.txt
Posted Dec 18, 2007
Authored by Tom Van de Wiele

This is a simple proxy tool that checks for the HTTP CONNECT method and grabs verbose output from a webserver. It is primarily useful when verifying false positives from automated vulnerability assessment tools.

tags | tool, web, scanner
systems | unix
MD5 | fb11bbbc4ef1b48fa160f60a2e846ef9

proxycheck.pl.txt

Change Mirror Download
#!/usr/bin/perl
#
# Tool to easily check for the HTTP CONNECT method and get verbose output from a webserver. Mainly useful to verify false positives of
# automated web vulnerability assessment tools. 2007 - Tom Van de Wiele (tom@ashrae.be).
#
# Please use responsibly.
#
use strict; # an offering to the perl nazi's
use IO::Socket;

my ($targethost, $targetport, $useragent, $rhost, $rport, $found200, $foundmethods);

sub usage() {
print "HTTP 1.0 \"CONNECT\" method checker -- Tom Van de Wiele (tom\@ashrae.be)\n";
print "proxycheck.pl <target-to-test> <target-proxyport> [rhost] [rport] [useragent]\n";
}

if ($#ARGV < 1) {
usage();
exit(0);
}

$targethost = $ARGV[0];
$targetport = $ARGV[1];

print "HTTP 1.0 \"CONNECT\" method checker -- Tom Van de Wiele (tom\@ashrae.be)\n\n";

if ($ARGV[2]) {
$rhost = $ARGV[2];
}
else {
print "(-) No rhost specified, going to try www.google.com\n";
$rhost = "www.google.com";
}


if ($ARGV[3]) {
$rport = $ARGV[3];
}
else {
print "(-) No rport specified, gonna use port 80\n";
$rport = "80";
}


if ($ARGV[4]) {
$useragent = $ARGV[4];
}
else {
print "(-) No useragent specified, gonna use: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) (Debian)\n";
$useragent = "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) (Debian)";
}




my $request = "CONNECT $rhost:$rport HTTP/1.0\nUser-agent: $useragent\nHost: $targethost\n\n\n";

# everyone has at least one dirty sock

my $dirty_sock = new IO::Socket::INET(
PeerAddr => $targethost,
PeerPort => $targetport,
Proto => 'tcp');
$dirty_sock or die "(!) Connection failed: $!";

print $dirty_sock $request;

my @copy;

while (<$dirty_sock>) {

if (/(HTTP\/1.[0-9] 200.*)/) {
my $http_response = $1;
print "(-)\n(+) $targethost accepted the connection\n(-)\n";
$found200 = 1;
}

if (/^Allow:\s+.*CONNECT.*$/) {
print "(-)\n(+) Found \"ALLOW\" method in HTTP header\n(-)\n";
$foundmethods = 1;
}
push(@copy, $_);

}

if ($found200 == 0) {
print "(-)\n(+) Server $targethost refused or returned no HTTP 200\n(-)\n";
}
if ($foundmethods == 0) {
print "(+) Server $targethost did not give out allowed HTTP methods\n(-)\n";
}

print "(+) Response from webserver:\n(-)\n";

foreach my $line (@copy) {
print "(+) " . $line;
}
print "\n";

exit(0);

#EOF

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close