Minor update of redirection mechanism.

commixproject · Nov 14, 2018 · 5548fff · 5548fff
1 parent bed154a
commit 5548fff
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 27 deletions.
diff --git a/readme/CHANGELOG.md b/readme/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## Version 2.7 (upcoming)
+* Revised: Minor update of redirection mechanism.
 * Revised: Minor improvement regarding identifying the target web server.
 * Revised: Minor improvement regarding identifying corrupted .pyc file(s).
 * Added: New tamper script "dollaratsigns.py" that adds dollar-sign followed by an at-sign ("$@") between the characters of the generated payloads.

diff --git a/src/core/requests/redirection.py b/src/core/requests/redirection.py
@@ -21,46 +21,41 @@
 
 def do_check(url):
   """
-  This functinality is based on Filippo's Valsorda script [1]
-  which uses HEAD requests (with fallback in case of 405) 
-  to follow the redirect path up to the real URL.
+  This functinality is based on Filippo's Valsorda script [1].
   ---
   [1] https://gist.github.com/FiloSottile/2077115
   """
-  class HeadRequest(urllib2.Request):
+  class Request(urllib2.Request):
       def get_method(self):
-          return "HEAD"
+          return "GET"
 
-  class HEADRedirectHandler(urllib2.HTTPRedirectHandler):
+  class RedirectHandler(urllib2.HTTPRedirectHandler):
       """
       Subclass the HTTPRedirectHandler to make it use our 
-      HeadRequest also on the redirected URL
+      Request also on the redirected URL
       """
       def redirect_request(self, req, fp, code, msg, headers, redirected_url): 
-          if code in (301, 302, 303, 307):
-            redirected_url = redirected_url.replace(' ', '%20') 
-            newheaders = dict((k,v) for k,v in req.headers.items()
-                              if k.lower() not in ("content-length", "content-type"))
-            warn_msg = "Got a " + str(code) + " redirection (" + redirected_url + ")."
-            print settings.print_warning_msg(warn_msg)
-            return HeadRequest(redirected_url, 
-                               headers = newheaders,
-                               origin_req_host = req.get_origin_req_host(), 
-                               unverifiable = True
-                               ) 
-          else: 
-            err_msg = str(urllib2.HTTPError(req.get_full_url(), code, msg, headers, fp)).replace(": "," (")
-            print settings.print_critical_msg(err_msg + ").")
-            raise SystemExit()
+        if code in (301, 302, 303, 307):
+          redirected_url = redirected_url.replace(' ', '%20') 
+          newheaders = dict((k,v) for k,v in req.headers.items() if k.lower() not in ("content-length", "content-type"))
+          warn_msg = "Got a " + str(code) + " redirection (" + redirected_url + ")."
+          print settings.print_warning_msg(warn_msg)
+          return Request(redirected_url, 
+                             headers = newheaders,
+                             origin_req_host = req.get_origin_req_host(), 
+                             unverifiable = True
+                             ) 
+        else: 
+          err_msg = str(urllib2.HTTPError(req.get_full_url(), code, msg, headers, fp)).replace(": "," (")
+          print settings.print_critical_msg(err_msg + ").")
+          raise SystemExit()
 
   class HTTPMethodFallback(urllib2.BaseHandler):
     """
-    Fallback to GET if HEAD is not allowed (405 HTTP error)
     """
     def http_error_405(self, req, fp, code, msg, headers): 
       fp.read()
       fp.close()
-
       newheaders = dict((k,v) for k,v in req.headers.items() if k.lower() not in ("content-length", "content-type"))
       return self.parent.open(urllib2.Request(req.get_full_url(), 
                               headers = newheaders, 
@@ -85,12 +80,12 @@ def http_error_405(self, req, fp, code, msg, headers):
 
   for handler in [urllib2.HTTPHandler,
                   HTTPMethodFallback,
-                  HEADRedirectHandler,
+                  RedirectHandler,
                   urllib2.HTTPErrorProcessor, 
                   urllib2.HTTPSHandler]:
       opener.add_handler(handler())   
   try:
-    response = opener.open(HeadRequest(url))
+    response = opener.open(Request(url))
     redirected_url = response.geturl()
 
     if redirected_url != url:

diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -151,7 +151,7 @@ def sys_argv_errors():
 DESCRIPTION_FULL = "Automated All-in-One OS Command Injection and Exploitation Tool"
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
-VERSION_NUM = "2.7.31"
+VERSION_NUM = "2.7.32"
 STABLE_VERSION = False
 if STABLE_VERSION:
   VERSION = "v" + VERSION_NUM[:3] + "-stable"