Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Social Eng. Extension: Web Cloner doesn't like GET params in mount point #757

Closed
gallypette opened this Issue · 8 comments

2 participants

@gallypette

Hi,

I'm playing a bit with the new extension and it seems that :

  • something like : /login.php will be OK
  • but something like : /login.php?authCAS=NOCAS won't be OK, sinatra will print "Not Found."

I haven't tried the massmailer yet, but i experience a high level of awesomeness so far :D

Best, j-louis.

@antisnatchor
Collaborator

Do you get any more errors enabling debug:true in the main config file?
I will have a look at it soon buddy.

@gallypette

I just tried with debugging mode on, it doesn't give any error on sdtout.

@antisnatchor
Collaborator

We're using Rack as the middleware. if you put a breakpoint on line 119 of web_cloner.rb,
you will see that @http_server -> @mounts contains the right path+params.

I think I might need to patch Rack in order to enable this :-(
https://github.com/rack/rack/blob/master/lib/rack/urlmap.rb

@antisnatchor antisnatchor was assigned
@gallypette

Hey,

Ok, i had a look on this this morning, i'm not sure we have to patch rack;
It doesn't work if we chose /login?auth=CAS as mount point, but if we chose /login we are able to access /login?auth=CAS

Maybe something like this could do the trick ?

@http_server.mount("#{mount}".split('?')[0], interceptor.new) 
@antisnatchor
Collaborator

LOL of course :D I feel dumb buddy, I was prob too tired yesterday.

I will commit that fix after testing. Should work.
Btw, in ruby you can do .first instead of [0] for the first element, or .last for the last element :D

@gallypette

No problem, ty for the tip ;)

@antisnatchor
Collaborator

Mate, let me know if it works now. Just committed a fix, works for my tests.
Thanks for pointing me at this!

@gallypette

Tested, it's OK now.
np ;)

@gallypette gallypette closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.