Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-11-04 13:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated proxy2

Browse Source
This commit is contained in:
mgeeky
2020-11-25 04:11:12 -08:00
parent 3648c19a46
commit aff6d72337
2 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
red-teaming/malleable_redirector/README.md
View File

@@ -223,6 +223,19 @@ action_url:
proxy_pass:
- /foobar\d* bing.com
#
# If set, removes all HTTP headers sent by Client that are not expected by Teamserver according
# to the supplied Malleable profile and its client { header ... } section statements. Some CDNs/WebProxy
# providers such as CloudFlare may add tons of their own metadata headers (like: CF-IPCountry, CF-RAY,
# CF-Visitor, CF-Request-ID, etc.) that can make Teamserver unhappy about inbound HTTP Request which could
# cause its refusal.
#
# We can strip all of these superfluous, not expected by Teamserver HTTP headers delivering a vanilla plain
# request. This is recommended setting in most scenarios.
#
# Default: True
#
remove_superfluous_headers: True
#
# Every time malleable_redirector decides to pass request to the Teamserver, as it conformed
@@ -372,6 +385,39 @@ policy:
drop_malleable_without_prepend_pattern: True
# [IP: DROP, reason:10] Did not found append pattern:
drop_malleable_without_apppend_pattern: True
# [IP: DROP, reason:11] Requested URI does not aligns any of Malleable defined variants:
drop_malleable_unknown_uris: True
# [IP: DROP, reason:12] HTTP request was expected to contain <> section with URI-append containing prepend/append fragments
drop_malleable_with_invalid_uri_append: True
#
# If Proxy2 validates inbound request's HTTP headers, according to policy drop_malleable_without_expected_header_value:
# "[IP: DROP, reason:6] HTTP request did not contain expected header value:"
#
# and senses some header is missing or was overwritten along the wire, the request will be dropped. We can relax this policy
# a bit however, since there are situations in which Cache systems (such as Cloudflare) could tamper with our requests thus
# breaking Malleable contracts. What we can do is to specify list of headers, that should be overwritten back to their values
# defined in provided Malleable profile.
#
# So for example, if our profile expects:
# header "Accept-Encoding" "gzip, deflate";
#
# but we receive a request having following header set instead:
# Accept-Encoding: gzip
#
# Because it was tampered along the wire by some of the interim systems (such as web-proxies or caches), we can
# detect that and set that header's value back to what was expected in Malleable profile.
#
# In order to protect Accept-Encoding header, as an example, the following configuration could be used:
# protect_these_headers_from_tampering:
# - Accept-Encoding
#
#
# Default: <empty-list>
#
protect_these_headers_from_tampering:
- Accept-Encoding
```

2
red-teaming/malleable_redirector/proxy2

Submodule red-teaming/malleable_redirector/proxy2 updated: ec2381157c...a47ea2fe0c