Nmap Development mailing list archives
[NSE] NSE script to detect web apps vulnerable to HTTPoxy
From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 22 Jul 2016 15:43:29 -0500
Hey list, Can you help me test this script? It seems to detect correctly the two scenarios I’ve tried (One of them is https://github.com/httpoxy/php-fpm-httpoxy-poc) but more testing will be great before committing. Cheers. http-httpoxy.nse: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/http-httpoxy.nse description=[[ Attempts to detect web applications vulnerable to "httpoxy" (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-1000109, CVE-2016-1000110). The script attempts to detect this vulnerability by measuring the response time when assigning a non-existing proxy to the headers. In theory, vulnerable applications will try to connect to the bad proxy increasing the response time. To reduce false positives we run the test several times and we expect the response time from the request with the bad proxy to always be greater than normal responses. References: * https://httpoxy.org ]] -- @usage -- nmap -p80 --script http-httpoxy --script-args iterations=5 <target> -- nmap -sV --script http-httpoxy <target> -- -- @args http-httpoxy.path Path. Default: / -- @args http-httpoxy.iterations Number of requests to measure response time. Default: 10 -- @args http-httpoxy.tests Number of comparison test to run. Default: 3 -- -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack ttl 64 -- | http-httpoxy: -- | VULNERABLE: -- | HTTPoxy -- | State: VULNERABLE -- | This web application might be affected by the vulnerability known as HTTPoxy. It seems the -- | application is reading an arbitrary proxy value from the request headers. -- | -- | Disclosure date: 2016-07-18 -- | Extra information: -- | Avg response:0.003057 Avg response with bad proxy:0.008315 -- | References: -- |_ https://httpoxy.org
Attachment:
http-httpoxy.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] NSE script to detect web apps vulnerable to HTTPoxy Paulino Calderon (Jul 22)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy nnposter (Jul 26)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy Daniel Miller (Aug 22)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy Paulino Calderon (Aug 22)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy Paulino Calderon (Sep 11)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy Daniel Miller (Sep 12)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy Paulino Calderon (Sep 12)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy Daniel Miller (Aug 22)
- Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy nnposter (Jul 26)