Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Social Eng. Extension: Web Cloner doesn't like GET params in mount point #757

Closed
gallypette opened this Issue Oct 9, 2012 · 8 comments

Comments

Projects
None yet
2 participants
Contributor

gallypette commented Oct 9, 2012

Hi,

I'm playing a bit with the new extension and it seems that :

  • something like : /login.php will be OK
  • but something like : /login.php?authCAS=NOCAS won't be OK, sinatra will print "Not Found."

I haven't tried the massmailer yet, but i experience a high level of awesomeness so far :D

Best, j-louis.

Collaborator

antisnatchor commented Oct 9, 2012

Do you get any more errors enabling debug:true in the main config file?
I will have a look at it soon buddy.

Contributor

gallypette commented Oct 9, 2012

I just tried with debugging mode on, it doesn't give any error on sdtout.

Collaborator

antisnatchor commented Oct 9, 2012

We're using Rack as the middleware. if you put a breakpoint on line 119 of web_cloner.rb,
you will see that @http_server -> @Mounts contains the right path+params.

I think I might need to patch Rack in order to enable this :-(
https://github.com/rack/rack/blob/master/lib/rack/urlmap.rb

@ghost ghost assigned antisnatchor Oct 9, 2012

Contributor

gallypette commented Oct 10, 2012

Hey,

Ok, i had a look on this this morning, i'm not sure we have to patch rack;
It doesn't work if we chose /login?auth=CAS as mount point, but if we chose /login we are able to access /login?auth=CAS

Maybe something like this could do the trick ?

@http_server.mount("#{mount}".split('?')[0], interceptor.new) 
Collaborator

antisnatchor commented Oct 10, 2012

LOL of course :D I feel dumb buddy, I was prob too tired yesterday.

I will commit that fix after testing. Should work.
Btw, in ruby you can do .first instead of [0] for the first element, or .last for the last element :D

Contributor

gallypette commented Oct 10, 2012

No problem, ty for the tip ;)

Collaborator

antisnatchor commented Oct 11, 2012

Mate, let me know if it works now. Just committed a fix, works for my tests.
Thanks for pointing me at this!

Contributor

gallypette commented Oct 11, 2012

Tested, it's OK now.
np ;)

@gallypette gallypette closed this Oct 11, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment