Initial requests from ACSTIS ignoring the proxy settings #7

jovyn · 2017-09-19T13:07:43Z

I noticed that intial requests sent by the acstis do not obey the proxy settings mentioned in the extended.py file.

In order to demonstrate this I set my system proxy to Fiddler (localhost:8888) and entered the proxy settings in extended.py to Burpsuite (localhost:8080)

extended.py  <proxy settings>
options.identity.proxies = {
    # No authentication
     'http': 'http://127.0.0.1:8080',
     'https': 'http://127.0.0.1:8080',
}

On running acstis with proper Burp certificates I get the following output

PS C:\FooBar\Tools\Angular-CSTI-Scanner\> python extended.py -c -d "https://owaspjuiceshop221b.herokuapp.com/#/search" -tc "C:\Foobar\Path\To\Certificates\Burp_Cert.pem"

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.1 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.5.11.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search

At this point before the first request is being sent to Burp the following requests are going via Fiddler (That shows that the acstis scanner is ignoring the proxy settings and using the system proxy settings).

Fiddler Requests log:

#	Result	Protocol	Host	URL	Body	Caching	Content-Type	Process	Comments	Custom	

1	200	HTTP	127.0.0.1:64799	/wd/hub/session	533		application/json;charset=UTF-8	python:8548			
2	200	HTTP	127.0.0.1:64799	/wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108/url	74		application/json;charset=UTF-8	python:8548			
3	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
4	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/	12,489	public, max-age=0	text/html; charset=UTF-8	win-2.1.1:8532			
6	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/bootswatch/slate/bootstrap.min.css	142,322	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
7	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
8	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
9	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
10	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
11	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
12	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/fontawesome/css/font-awesome.min.css	31,000	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
13	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/flag-icon-css/css/flag-icon.min.css	33,481	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
14	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css	3,546	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
15	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/css/app.css	460	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
16	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/socket.io.js	61,211		application/javascript	win-2.1.1:8532			
17	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/underscore/underscore.js	52,919	public, max-age=0	application/javascript	win-2.1.1:8532			
18	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/string/dist/string.min.js	27,717	public, max-age=0	application/javascript	win-2.1.1:8532			
19	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/moment/min/moment.min.js	51,465	public, max-age=0	application/javascript	win-2.1.1:8532			
20	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/jquery/dist/jquery.min.js	86,659	public, max-age=0	application/javascript	win-2.1.1:8532			
21	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/bootstrap/dist/js/bootstrap.min.js	37,045	public, max-age=0	application/javascript	win-2.1.1:8532			
22	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular/angular.min.js	163,188	public, max-age=0	application/javascript	win-2.1.1:8532			
23	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-translate/angular-translate.min.js	23,733	public, max-age=0	application/javascript	win-2.1.1:8532			
24	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js	1,371	public, max-age=0	application/javascript	win-2.1.1:8532			
25	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-route/angular-route.min.js	4,786	public, max-age=0	application/javascript	win-2.1.1:8532			
26	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-cookies/angular-cookies.min.js	1,448	public, max-age=0	application/javascript	win-2.1.1:8532			
27	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-touch/angular-touch.min.js	4,042	public, max-age=0	application/javascript	win-2.1.1:8532			
28	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-animate/angular-animate.min.js	25,722	public, max-age=0	application/javascript	win-2.1.1:8532			
29	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-bootstrap/ui-bootstrap.min.js	100,829	public, max-age=0	application/javascript	win-2.1.1:8532			
30	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js	122,900	public, max-age=0	application/javascript	win-2.1.1:8532			
31	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/ng-file-upload/ng-file-upload-shim.min.js	7,262	public, max-age=0	application/javascript	win-2.1.1:8532			
32	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/ng-file-upload/ng-file-upload.min.js	37,495	public, max-age=0	application/javascript	win-2.1.1:8532			
33	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-socket-io/socket.min.js	1,291	public, max-age=0	application/javascript	win-2.1.1:8532			
34	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/clipboard/dist/clipboard.min.js	10,286	public, max-age=0	application/javascript	win-2.1.1:8532			
35	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/ngclipboard/dist/ngclipboard.min.js	640	public, max-age=0	application/javascript	win-2.1.1:8532			
36	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-base64/angular-base64.js	5,844	public, max-age=0	application/javascript	win-2.1.1:8532			
37	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/qrcode-generator/js/qrcode.js	45,006	public, max-age=0	application/javascript	win-2.1.1:8532			
38	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-qrcode/angular-qrcode.js	5,267	public, max-age=0	application/javascript	win-2.1.1:8532			
39	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/dist/juice-shop.min.js	100,409	public, max-age=0	application/javascript	win-2.1.1:8532			
40	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/JuiceShop_Logo.png	99,456	public, max-age=0	image/png	win-2.1.1:8532			
41	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=polling&t=LwQ76v4	104		text/plain; charset=UTF-8	win-2.1.1:8532			
42	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/i18n/en.json	5,977	public, max-age=0	application/json	win-2.1.1:8532			
43	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/i18n/en_US.json	12,489	public, max-age=0	text/html; charset=UTF-8	win-2.1.1:8532			
44	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/rest/admin/application-version	19		application/json; charset=utf-8	win-2.1.1:8532			
45	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/rest/admin/application-configuration	5,894		application/json; charset=utf-8	win-2.1.1:8532			
46	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/rest/product/search?q=undefined	7,414		application/json; charset=utf-8	win-2.1.1:8532			
47	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/%7B%7Bproduct.image%7D%7D	12,489	public, max-age=0	text/html; charset=UTF-8	win-2.1.1:8532			
48	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
49	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/fontawesome/fonts/fontawesome-webfont.ttf?v=4.7.0	165,548	public, max-age=0	application/x-font-ttf	win-2.1.1:8532			
50	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=polling&t=LwQ76y_&sid=Fej1KnRWts7JTzq8AAAA	23		text/plain; charset=UTF-8	win-2.1.1:8532			
51	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/apple_juice.jpg	14,827	public, max-age=0	image/jpeg	win-2.1.1:8532			
52	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/apple_pressings.jpg	50,981	public, max-age=0	image/jpeg	win-2.1.1:8532			
53	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/banana_juice.jpg	11,276	public, max-age=0	image/jpeg	win-2.1.1:8532			
54	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/carrot_juice.jpeg	21,811	public, max-age=0	image/jpeg	win-2.1.1:8532			
55	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/eggfruit_juice.jpg	25,715	public, max-age=0	image/jpeg	win-2.1.1:8532			
56	101	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=websocket&sid=Fej1KnRWts7JTzq8AAAA	0			win-2.1.1:8532			
57	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/white_raffards.jpg	26,353	public, max-age=0	image/jpeg	win-2.1.1:8532			
58	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fruit_press.jpg	23,082	public, max-age=0	image/jpeg	win-2.1.1:8532			
59	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/green_smoothie.jpg	16,661	public, max-age=0	image/jpeg	win-2.1.1:8532			
60	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/artwork.jpg	634,687	public, max-age=0	image/jpeg	win-2.1.1:8532			
61	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/lemon_juice.jpg	14,393	public, max-age=0	image/jpeg	win-2.1.1:8532			
62	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/melon_bike.jpeg	36,673	public, max-age=0	image/jpeg	win-2.1.1:8532			
63	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_girlie.jpg	19,501	public, max-age=0	image/jpeg	win-2.1.1:8532			
64	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/ctf_sticker.png	25,877	public, max-age=0	image/png	win-2.1.1:8532			
65	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_hoodie.jpg	19,566	public, max-age=0	image/jpeg	win-2.1.1:8532			
66	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/3d_keychain.jpg	20,483	public, max-age=0	image/jpeg	win-2.1.1:8532			
67	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_mug.jpg	16,255	public, max-age=0	image/jpeg	win-2.1.1:8532			
68	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/sticker_facelift.png	30,851	public, max-age=0	image/png	win-2.1.1:8532			
69	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_shirt.jpg	14,682	public, max-age=0	image/jpeg	win-2.1.1:8532			
70	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/owasplogo.png	18,505	public, max-age=0	image/png	win-2.1.1:8532			
71	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/owasp_osaft.jpg	21,488	public, max-age=0	image/jpeg	win-2.1.1:8532			
72	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/orange_juice.jpg	37,636	public, max-age=0	image/jpeg	win-2.1.1:8532			
73	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/quince.jpg	18,711	public, max-age=0	image/jpeg	win-2.1.1:8532			
74	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/raspberry_juice.jpg	21,058	public, max-age=0	image/jpeg	win-2.1.1:8532			
75	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/strawberry_juice.jpeg	18,047	public, max-age=0	image/jpeg	win-2.1.1:8532			
76	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/woodruff_syrup.jpg	96,062	public, max-age=0	image/jpeg	win-2.1.1:8532			
77	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=polling&t=LwQ773s&sid=Fej1KnRWts7JTzq8AAAA	3		text/plain; charset=UTF-8	win-2.1.1:8532			
78	200	HTTP	127.0.0.1:64799	/wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108/execute	80		application/json;charset=UTF-8	python:8548			
79	200	HTTP	127.0.0.1:64799	/wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108	74		application/json;charset=UTF-8	python:8548

Now in case if certain web-apps (Read: Client Apps) are only accessible through a certain proxy (eg. Client Proxy) and if its not possible to set this proxy as the system proxy. Then despite setting the proxy (Client Proxy) in extended.py we get the below error.

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.1 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[ERROR] Couldn't determine the AngularJS version (`angular.version.full` threw an exception).
[ERROR] If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument.

This error occurs as ACSTIS sends the intial requests to the target site via the system proxy and since the target site is not reachable it results in an error.

The text was updated successfully, but these errors were encountered:

tijme · 2017-09-19T13:21:20Z

@jovyn Thank you for reporting this issue. I'll try to look at it soon.

…ings)

tijme · 2017-09-19T16:38:06Z

Hi @jovyn, I fixed the issue on the develop branch. It will be released to the master branch when the other two issues are fixed.

tijme self-assigned this Sep 19, 2017

tijme added the Under investigation label Sep 19, 2017

tijme added Bug and removed Under investigation labels Sep 19, 2017

tijme added a commit that referenced this issue Sep 19, 2017

Fixed #7 (initial request from the scanner is ignoring the proxy sett…

ef831e7

…ings)

tijme closed this as completed Sep 19, 2017

tijme changed the title ~~[Bug] Initial Requests from ACSTIS ignoring the proxy settings.~~ Initial requests from ACSTIS ignoring the proxy settings Sep 19, 2017

jovyn mentioned this issue Sep 21, 2017

Initial requests sent from ACSTIS not appending the Cookies set in extended.py #8

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initial requests from ACSTIS ignoring the proxy settings #7

Initial requests from ACSTIS ignoring the proxy settings #7

jovyn commented Sep 19, 2017 •

edited

Loading

tijme commented Sep 19, 2017

tijme commented Sep 19, 2017

Initial requests from ACSTIS ignoring the proxy settings #7

Initial requests from ACSTIS ignoring the proxy settings #7

Comments

jovyn commented Sep 19, 2017 • edited Loading

tijme commented Sep 19, 2017

tijme commented Sep 19, 2017

jovyn commented Sep 19, 2017 •

edited

Loading