Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-21 18:11:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Py-collaborator bugfixes and improvements.

Browse Source
This commit is contained in:
mb 2019-01-14 01:59:41 +01:00
parent dc64fdd6b2
commit 8c359f5f7f
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/py-collaborator/py-collaborator-mitmproxy-addon.py
View File

@ -22,7 +22,8 @@ VERSION = '0.1'
# Must point to JSON file containing configuration mentioned in `config` dictionary below.
# One can either supply that configuration file, or let the below variable empty and fill the `config`
# dictionary instead.
CONFIGURATION_FILE = 'config.json'
CONFIGURATION_FILE = '..\\py-collaborator\\config.json'
CONFIGURATION_FILE = '/mnt/d/dev2/py-collaborator/config.json'
config = {
'debug' : False,
@ -230,7 +231,7 @@ class PyCollaboratorMitmproxyAddon:
requestData+= 'Accept: */*\r\n'
requestData+= 'Connection: close\r\n'
self.saveRequestForCorrelation(self.request, pingback, uuid, 'Overridden Host header ({} -> GET /{} )'.format(self.request.headers['Host'], pingback))
self.saveRequestForCorrelation(self.request, pingback, uuid, 'Overridden Host header ({} -> GET {} )'.format(self.request.headers['Host'], pingback))
PyCollaboratorMitmproxyAddon.sendRawRequest(self.request, requestData)
ctx.log.info('(2) Re-sent host overriding request ({} -> {})'.format(self.request.path, pingback))

8
web/py-collaborator/py-collaborator-server.py
View File

@ -65,8 +65,8 @@ class PingbackServer(BaseHTTPRequestHandler):
Logger.dbg('Failure along __init__ of BaseHTTPRequestHandler: {}'.format(str(e)))
raise
Logger.info('Previously catched pingbacks:\n--------------------------\n')
self.presentAtStart()
#Logger.info('Previously catched pingbacks:\n--------------------------\n')
#self.presentAtStart()
def presentAtStart(self):
rows = databaseInstance.query(f'SELECT * FROM calledbacks')
@ -178,12 +178,14 @@ The payload was sent at ({record['sent']}) and received on ({now}).
def do_GET(self):
if not (self.client_address[0] in config['exclude-pingbacks-from-clients']):
if config['debug']:
Logger.dbg('Incoming HTTP request from {}: {} {}'.format(
Logger.dbg('--------------------------\nIncoming HTTP request from {}: {} {}'.format(
self.client_address[0],
self.method,
self.path[:25]
))
Logger.dbg(PingbackServer.requestToString(self) + '\n')
(where, uuid) = PingbackServer.extractUuid(self)
if uuid:
self.checkUuid(where, uuid)