Below we have 2 codes.
First will get all HTTP OPTIONS (if this is possible).
Second one, will try to send TRACE (could be used to XST vulnerabilities).
Here we go:
#!/usr/bin/env python
# try_options.py
#
import httplib
import sys
import string
url = sys.argv[1]
conn = httplib.HTTPConnection(url)
conn.request('OPTIONS','/')
resp = conn.getresponse()
page_respone = resp.read()
#print page_respone
print resp.status, resp.reason
full_answer = resp.getheaders()
#print 'What we have here:\n', full_answer
print '-----------------------------------------------'
i=0
while i < len(full_answer):
print ' -> '.join(full_answer[i])
i=i+1
(Code is at pastebin too).
Next stage is to try if we can use TRACE (if test before will show us this method available):
#!/usr/bin/env python
# try_trace.py
# more at http://hauntit.blogspot.com
#
import httplib
import sys
import string
url = sys.argv[1]
conn = httplib.HTTPConnection(url)
#conn.request('TRACE','/w0rkin')
conn.request('TRACE','/<script>alert(/w0rkin/)</script>')
resp = conn.getresponse()
page_response = resp.read()
#print page_response
print
print 'try TRACE for: ', url
print 'Status: ',resp.status, resp.reason
full_answer = resp.getheaders()
print '\nWhat we have here:\n'#, full_answer
print '-----------------------------------------------'
i=0
if resp.status == 200:
while i < len(full_answer):
print ' with value: '.join(full_answer[i])
i=i+1
print '-----------------------------------------------'
print 'Response:\n', page_response
else:
print 'No TRACE, or other problem :C' # try manually or add debug here
(and pastebin-version).
Enjoy ;)
No comments:
Post a Comment
What do You think...?