Check if the service that is going to be scanned speaks HTTP before launching ANY web test #108

Closed
7a opened this Issue Dec 9, 2013 · 4 comments

Comments

Projects
None yet
4 participants
@7a
Member

7a commented Dec 9, 2013

I've had a case where non-HTTP services (like SSH) were listening on HTTP ports (i.e. 80, 443). When this happens OWTF gets stuck forever since many of the tools launched will get stuck.

To avoid this, OWTF should be smarter and indicate that "this host does not speak HTTP" or similar and avoid running all the tests afterwards.

This check might perhaps be best implemented as a basic "GET / HTTP/1.1" request that most HTTP sites should have no option other than accept :).

@ghost ghost assigned assem-ch Dec 10, 2013

@Sentient07

This comment has been minimized.

Show comment
Hide comment
@Sentient07

Sentient07 Feb 27, 2014

Contributor

@7a , can u please give one example test case ?

Contributor

Sentient07 commented Feb 27, 2014

@7a , can u please give one example test case ?

@7a

This comment has been minimized.

Show comment
Hide comment
@7a

7a Feb 27, 2014

Member

You can use any service that is not HTTP, for example ssh:

root@k:/owtf# netstat -evantupo|grep sshd
root@k:
/owtf# /usr/sbin/sshd
root@k:/owtf# netstat -evantupo|grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 2387705 3206/sshd off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN 0 2387707 3206/sshd off (0.00/0/0)
root@k:
/owtf# ./owtf.py -t semi_passive http://localhost:22

You can also experiment like this:

Terminal 1)
echo aaaaaaaaaa | sbd -c off -r1 -nlvp 1234

Terminal 2)
./owtf.py -f -t semi_passive http://localhost:1234
(this runs all the web tests despite the service not speaking http)

Member

7a commented Feb 27, 2014

You can use any service that is not HTTP, for example ssh:

root@k:/owtf# netstat -evantupo|grep sshd
root@k:
/owtf# /usr/sbin/sshd
root@k:/owtf# netstat -evantupo|grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 2387705 3206/sshd off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN 0 2387707 3206/sshd off (0.00/0/0)
root@k:
/owtf# ./owtf.py -t semi_passive http://localhost:22

You can also experiment like this:

Terminal 1)
echo aaaaaaaaaa | sbd -c off -r1 -nlvp 1234

Terminal 2)
./owtf.py -f -t semi_passive http://localhost:1234
(this runs all the web tests despite the service not speaking http)

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Jan 26, 2016

Member

I can confirm the "speaks" HTTPS check works now. Can you corroborate? @7a ?
Related to #442

Member

viyatb commented Jan 26, 2016

I can confirm the "speaks" HTTPS check works now. Can you corroborate? @7a ?
Related to #442

@viyatb viyatb added this to the OWTF Quality Release milestone Jan 30, 2016

@viyatb viyatb self-assigned this Jan 30, 2016

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Jan 30, 2016

Member

Double checked - the verify_ssl_cipher_check.sh script in scripts/ssl directory correctly runs, and restricts any ssl tests if the target doesn't "speak" HTTPS. I'll reopen if a new issue pops up. :)

Member

viyatb commented Jan 30, 2016

Double checked - the verify_ssl_cipher_check.sh script in scripts/ssl directory correctly runs, and restricts any ssl tests if the target doesn't "speak" HTTPS. I'll reopen if a new issue pops up. :)

@viyatb viyatb closed this Jan 30, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment