tag:support.arachni-scanner.com,2012-07-01:/discussions/suggestions/2073-reporting-an-vulnerabilityArachni: Discussion 2015-05-08T16:31:00Ztag:support.arachni-scanner.com,2012-07-01:Comment/367845472015-05-08T13:25:24Z2015-05-08T13:25:25ZReporting an vulnerability<div><p>I have a suggestion for you:<br>
When reporting a vulnerability, the HTTP method is missing in the
HTTP request.</p>
<p>What i see is<br></p>
<pre>
<code>CONNECT example.com:443 HTTP/1.1
Host: example.com:443</code>
</pre>
<p>What i'd like to see is<br></p>
<pre>
<code>CONNECT example.com:443 HTTP/1.1
GET /index/start?id=1234&origin=abcd
Host: example.com:443</code>
</pre>
<p>That would make manual verifying and repeating the attack very
simpler.</p></div>Marco Eberltag:support.arachni-scanner.com,2012-07-01:Comment/367845472015-05-08T13:39:27Z2015-05-08T13:39:27ZReporting an vulnerability<div><p>That's the way it usually works, in you're case you're
performing a scan on an HTTPS website via a proxy right?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/367845472015-05-08T13:40:43Z2015-05-08T13:40:44ZReporting an vulnerability<div><p>Yes, you're right</p></div>Marco Eberltag:support.arachni-scanner.com,2012-07-01:Comment/367845472015-05-08T13:43:49Z2015-05-08T13:43:49ZReporting an vulnerability<div><p>That's interesting, I'm pulling debugging info from
<code>libcurl</code> for the raw HTTP traffic.<br>
I'll look into this, see if I can pull the actual request instead
of the <code>CONNECT</code> one under those circumstances.</p>
<p>Thanks for the feedback man, I'll keep you posted.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/367845472015-05-08T16:30:59Z2015-05-08T16:30:59ZReporting an vulnerability<div><p>Looks like it's possible to extract the right data and loads
more -- there could be a cool plugin somewhere in there.</p>
<p>Anyways, I thought it best to ignore the proxy related stuff so
the <code>CONNECT</code> calls won't be included.</p>
<p><a href="https://github.com/Arachni/arachni/commit/860515cec2ec7e1740e1038d626e193631b771ce">
https://github.com/Arachni/arachni/commit/860515cec2ec7e1740e1038d6...</a></p>
<p>Thanks for the feedback.</p></div>Tasos Laskos