/
http_proxy.go
52 lines (45 loc) · 1.31 KB
/
http_proxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package bruteutils
import (
"bytes"
"fmt"
"github.com/yaklang/yaklang/common/utils/lowhttp"
)
var ExampleChallengeContent = []byte("This domain is for use in illustrative examples in documents.")
func testHTTPProxy(host string, username string, password string) bool {
var proxy string
if username != "" || password != "" {
proxy = fmt.Sprintf("http://%s:%s@%s", username, password, host)
} else {
proxy = fmt.Sprintf("http://%s", host)
}
rspInst, err := lowhttp.HTTP(
lowhttp.WithPacketBytes(lowhttp.BasicRequest()),
lowhttp.WithProxy(proxy),
lowhttp.WithConnectTimeoutFloat(15),
lowhttp.WithTimeoutFloat(10),
)
if err == nil && len(rspInst.MultiResponseInstances) > 0 && rspInst.MultiResponseInstances[0].StatusCode == 200 && bytes.Contains(rspInst.RawPacket, ExampleChallengeContent) {
return true
}
return false
}
var httpProxyAuth = &DefaultServiceAuthInfo{
ServiceName: "http",
DefaultPorts: "80",
DefaultUsernames: []string{
"root", "admin",
},
DefaultPasswords: []string{
"root", "admin",
},
BrutePass: func(i *BruteItem) *BruteItemResult {
result := i.Result()
result.Ok = testHTTPProxy(i.Target, i.Username, i.Password)
return result
},
UnAuthVerify: func(i *BruteItem) *BruteItemResult {
result := i.Result()
result.Ok = testHTTPProxy(i.Target, "", "")
return result
},
}