Home → Suggestions →

Reporting an vulnerability

• Edit

Marco Eberl

08 May, 2015 01:25 PM

I have a suggestion for you:
When reporting a vulnerability, the HTTP method is missing in the HTTP request.

What i see is

CONNECT example.com:443 HTTP/1.1
Host: example.com:443

What i'd like to see is

CONNECT example.com:443 HTTP/1.1
GET /index/start?id=1234&origin=abcd
Host: example.com:443

That would make manual verifying and repeating the attack very simpler.

1. Support Staff 1 Posted by Tasos Laskos on 08 May, 2015 01:39 PM

   

   That's the way it usually works, in you're case you're performing a scan on an HTTPS website via a proxy right?

   • Edit

2. 2 Posted by Marco Eberl on 08 May, 2015 01:40 PM

   

   Yes, you're right

   • Edit

3. Support Staff 3 Posted by Tasos Laskos on 08 May, 2015 01:43 PM

   

   That's interesting, I'm pulling debugging info from libcurl for the raw HTTP traffic.
   I'll look into this, see if I can pull the actual request instead of the CONNECT one under those circumstances.

   Thanks for the feedback man, I'll keep you posted.

   • Edit

4. Support Staff 4 Posted by Tasos Laskos on 08 May, 2015 04:30 PM

   

   Looks like it's possible to extract the right data and loads more -- there could be a cool plugin somewhere in there.

   Anyways, I thought it best to ignore the proxy related stuff so the CONNECT calls won't be included.

   https://github.com/Arachni/arachni/commit/860515cec2ec7e1740e1038d6...

   Thanks for the feedback.

   • Edit

5. Tasos Laskos closed this discussion on 08 May, 2015 04:30 PM.