Merge pull request #260 from seccubus/feature/redirect_test

Redirect test that doesn't depend om JSON/CSV output
This commit is contained in:
Dirk Wetter 2015-12-21 21:14:13 +01:00
commit 0d53013c47
2 changed files with 11 additions and 1 deletions

View File

@ -66,6 +66,9 @@
* Dmitri S * Dmitri S
- inspiration & help for Darwin port - inspiration & help for Darwin port
* Frank Breedijk
- Detection of insecure redirect
* Bug reports: * Bug reports:
- Viktor Szépe, Olivier Paroz, Jan H. Terstegge, Lorenz Adena, Jonathon Rossi, Stefan Stidl - Viktor Szépe, Olivier Paroz, Jan H. Terstegge, Lorenz Adena, Jonathon Rossi, Stefan Stidl

View File

@ -643,7 +643,14 @@ run_http_header() {
out " $status_code$msg_thereafter" out " $status_code$msg_thereafter"
case $status_code in case $status_code in
301|302|307|308) out ", redirecting to \"$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')\"" ;; 301|302|307|308)
out ", redirecting to \"$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')\""
if [[ ( $redirect == https* ) || ( $redirect == /* ) ]]; then
# Ok
else
pr_litered " -- Redirect to insecure url (NOT ok)"
fi
;;
200) ;; 200) ;;
206) out " -- WTF?" ;; 206) out " -- WTF?" ;;
400) pr_litemagenta " (Hint: better try another URL)" ;; 400) pr_litemagenta " (Hint: better try another URL)" ;;