Created
June 13, 2017 19:06
-
-
Save decal/036c28662219237b434e5ea74ebec98a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| decal@localhost:~/GIT/decal/zap_attack/bin$ ./find-proxy-paths www.google.com | |
| https://www.google.com/ads/user-lists => adclick_server | |
| https://www.google.com/gen_204 => gws | |
| https://www.google.com/xjs/_/js/k=xjs.s.en_US.cyz2y8Se00A.O/m=aa,abd,async,dvl,foot,fpe,ifl,ipv6,lu,m,sf,d3l/am=ACMU5fGCA5D_I4TCcBPCAmkBUwzg/exm=sx,c,sb,cdos,cr,elog,hsm,jsa,r,qsm,j,p,d,csi/rt=j/d=1/ed=1/t=zcms/rs=ACT90oGOmZKw0x4UG8OvDH994727tWOcRw => sffe | |
| https://www.google.com/logos => Google Frontend | |
| decal@localhost:~/GIT/decal/zap_attack/bin$ cat find-proxy-paths | |
| #!/usr/bin/env ruby | |
| # encoding: utf-8 | |
| # | |
| # Traverse all known directories under web root in search of differing Server | |
| # fields in the HTTP response header that would indicate configured proxy paths. | |
| # | |
| ## TODO: Compare Set-Cookie differences in case Server header is missing | |
| # | |
| require 'zap_attack' | |
| require 'dirverser' | |
| require 'rest-client' | |
| require 'uri' | |
| include ZapAttack::API, Dirverser::URI | |
| if ARGV.empty? | |
| STDERR.puts("\nusage: #{$0} HOST\n") | |
| STDERR.puts(" HOST name of host to check for proxy paths\n\n") | |
| exit 1 | |
| end | |
| host, locs, urls = ARGV.first.dup, Array.new, Urls.new | |
| host.downcase! | |
| urls.each do |u| | |
| begin | |
| auri = URI(u) | |
| begin [30/1901] | |
| auri = URI(u) | |
| ahst = auri.host | |
| ahst.downcase! | |
| next if !ahst.eql?(host) | |
| rescue Exception => e | |
| next | |
| end | |
| urlz = traverse(u, { :trail_slash => false } ) | |
| urlz.each do |a| | |
| next if !a or a.empty? | |
| aslind = a.rindex('/') | |
| next if !aslind | |
| aprind = a[aslind .. -1].rindex('.') | |
| next if aprind | |
| aqmind = a.rindex('?') | |
| a = a[0 .. (aqmind - 1)] if aqmind | |
| locs << a | |
| end | |
| end | |
| locs.sort! | |
| locs.uniq! | |
| srvs, thrs = [], [] | |
| amut = Mutex.new | |
| locs.each do |l| | |
| thrs << Thread.new do | |
| begin | |
| r = RestClient.get(l) | |
| h, x = r.headers, { :URL => l } | |
| h.merge!(x) | |
| amut.synchronize { srvs << h } | |
| rescue Exception => e | |
| end | |
| end | |
| end | |
| thrs.each { |t| t.join } | |
| srvs.uniq! { |s| s[:server] } | |
| srvs.each do |z| | |
| STDOUT.puts("#{z[:URL]} => #{z[:server]}") | |
| end | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment