revolunet · January 8, 2017 06:17
diff --git a/injector.py b/injector.py
 #-*- encoding: UTF-8 -*-
 
 import os
 import sys
 import re
 
 PROXY = '%s.myproxy.com' % os.environ.get('host','')
 
 lines = sys.stdin.readlines()
 html = ''.join( lines )
 
 def replaceUrls( inTxt, host ):
        r = re.compile('https?://[^\'"/\s%:#]+', re.MULTILINE|re.IGNORECASE)
        m = r.findall( inTxt )
        return  re.sub(r, '\g<0>.%s' % host, inTxt)
 
 print replaceUrls( html, PROXY  )
 
 # inject custom javascript
 print '<script language="javascript">alert("injected!");</script>'
 
 sys.exit(1)
diff --git a/vhost.conf b/vhost.conf
 <VirtualHost *:80>
        ServerAlias *.myproxy.com
 
        UseCanonicalName Off
 
        LogLevel debug
        ProxyHTMLLogVerbose Off
        ProxyHTMLExtended On
        ProxyHTMLMeta On
        ErrorLog  /var/log/apache2/error-myproxy.log
        CustomLog /var/log/apache2/access-myproxy.log combined
 
        ProxyRequests Off
        ProxyPreserveHost Off
 
        RewriteEngine On
 
        RewriteCond %{HTTP_HOST} ^(.+)\.myproxy\.com
        RewriteRule ^(.*)$ http://%1$1 [P,E=target:%1,E=host:%{HTTP_HOST}]
 
        ProxyPassInterpolateEnv On
 
        ExtFilterDefine injector mode=output intype=text/html outtype=text/html;charset=utf-8 cmd="/usr/bin/python /root/scripts/injector.py" disableenv=BRIDGE
 
        <Location />
                Order deny,allow
                deny from all
                allow from W.X.Y.Z
                ProxyHTMLInterp On
                ProxyHTMLURLMap http://${target}/ / v
                BrowserMatch MSIE force-response-1.0
                RequestHeader unset Accept-Encoding
                SetOutputFilter proxy-html;injector
                RequestHeader set X-Forwarded-Host "%{target}e"
        </Location>
 
        <Proxy *>
            Order deny,allow
            Allow from all
        </Proxy>
 </VirtualHost>
	#-- encoding: UTF-8 --

	import os
	import sys
	import re

	PROXY = '%s.myproxy.com' % os.environ.get('host','')

	lines = sys.stdin.readlines()
	html = ''.join( lines )

	def replaceUrls( inTxt, host ):
	r = re.compile('https?://[^\'"/\s%:#]+', re.MULTILINE\|re.IGNORECASE)
	m = r.findall( inTxt )
	return re.sub(r, '\g<0>.%s' % host, inTxt)

	print replaceUrls( html, PROXY )

	# inject custom javascript
	print '<script language="javascript">alert("injected!");</script>'

	sys.exit(1)
	<VirtualHost *:80>
	ServerAlias *.myproxy.com

	UseCanonicalName Off

	LogLevel debug
	ProxyHTMLLogVerbose Off
	ProxyHTMLExtended On
	ProxyHTMLMeta On
	ErrorLog /var/log/apache2/error-myproxy.log
	CustomLog /var/log/apache2/access-myproxy.log combined

	ProxyRequests Off
	ProxyPreserveHost Off

	RewriteEngine On

	RewriteCond %{HTTP_HOST} ^(.+)\.myproxy\.com
	RewriteRule ^(.*)$ http://%1$1 [P,E=target:%1,E=host:%{HTTP_HOST}]

	ProxyPassInterpolateEnv On

	ExtFilterDefine injector mode=output intype=text/html outtype=text/html;charset=utf-8 cmd="/usr/bin/python /root/scripts/injector.py" disableenv=BRIDGE

	<Location />
	Order deny,allow
	deny from all
	allow from W.X.Y.Z
	ProxyHTMLInterp On
	ProxyHTMLURLMap http://${target}/ / v
	BrowserMatch MSIE force-response-1.0
	RequestHeader unset Accept-Encoding
	SetOutputFilter proxy-html;injector
	RequestHeader set X-Forwarded-Host "%{target}e"
	</Location>

	<Proxy *>
	Order deny,allow
	Allow from all
	</Proxy>
	</VirtualHost>