missing b64 replace on Referer on request #55

makovez · 2021-06-05T21:23:45Z

Hi, i have noticed that if the fake domain is b64 encoded on "Referer" header on request to target site it is not replaced by the correct b64 domain so the fake domain is actually being sent in the Referer header if b64 encoded.

ohpe · 2021-06-06T14:55:22Z

Is the Referer header included in the list of HTTP headers to transform? Maybe provide an example so I can even debug it.

ohpe · 2021-06-06T15:08:16Z

Proxied where? It's not clear what's the flow and what you want to do. If it is from your browser to muraena it still makes sense to have the phishing domain in it.
But to me this doesn't seem a bug but more a problem of configuration .. MiTM Muraena to check what's going on (see here: https://github.com/muraenateam/muraena/wiki/Debugging)

ohpe · 2021-06-07T07:39:24Z

Thanks, well spotted @soermejo!

makovez · 2021-06-07T07:55:45Z

Thanks to you for fixing the issue

ohpe closed this as completed Jun 6, 2021

ohpe reopened this Jun 6, 2021

ohpe self-assigned this Jun 6, 2021

ohpe added the bug Something isn't working label Jun 6, 2021

ohpe closed this as completed in 2505c93 Jun 6, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

missing b64 replace on Referer on request #55

missing b64 replace on Referer on request #55

makovez commented Jun 5, 2021

ohpe commented Jun 6, 2021

ohpe commented Jun 6, 2021

ohpe commented Jun 7, 2021

makovez commented Jun 7, 2021

missing b64 replace on Referer on request #55

missing b64 replace on Referer on request #55

Comments

makovez commented Jun 5, 2021

ohpe commented Jun 6, 2021

ohpe commented Jun 6, 2021

ohpe commented Jun 7, 2021

makovez commented Jun 7, 2021