Reporting an vulnerability

Marco Eberl's Avatar

Marco Eberl

08 May, 2015 01:25 PM

I have a suggestion for you:
When reporting a vulnerability, the HTTP method is missing in the HTTP request.

What i see is

CONNECT example.com:443 HTTP/1.1
Host: example.com:443

What i'd like to see is

CONNECT example.com:443 HTTP/1.1
GET /index/start?id=1234&origin=abcd
Host: example.com:443

That would make manual verifying and repeating the attack very simpler.

  1. Support Staff 1 Posted by Tasos Laskos on 08 May, 2015 01:39 PM

    Tasos Laskos's Avatar

    That's the way it usually works, in you're case you're performing a scan on an HTTPS website via a proxy right?

  2. 2 Posted by Marco Eberl on 08 May, 2015 01:40 PM

    Marco Eberl's Avatar

    Yes, you're right

  3. Support Staff 3 Posted by Tasos Laskos on 08 May, 2015 01:43 PM

    Tasos Laskos's Avatar

    That's interesting, I'm pulling debugging info from libcurl for the raw HTTP traffic.
    I'll look into this, see if I can pull the actual request instead of the CONNECT one under those circumstances.

    Thanks for the feedback man, I'll keep you posted.

  4. Support Staff 4 Posted by Tasos Laskos on 08 May, 2015 04:30 PM

    Tasos Laskos's Avatar

    Looks like it's possible to extract the right data and loads more -- there could be a cool plugin somewhere in there.

    Anyways, I thought it best to ignore the proxy related stuff so the CONNECT calls won't be included.

    https://github.com/Arachni/arachni/commit/860515cec2ec7e1740e1038d6...

    Thanks for the feedback.

  5. Tasos Laskos closed this discussion on 08 May, 2015 04:30 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac