Saturday, July 21, 2012

HTTP to HTTPS Proxy Tunnel using Python



From title you might think that its a useless piece of code.But let me tell you its not.I dint write this to timepass.A a pretty much good automated SQLi tool called Havij(Hope you guys are already familiar with) forced me to write this. Not exactly but its a kind of an external plugin for the tool Havij(Free Version).

Havij is an automated SQL Injection tool.No doubt its a great tool for doing automated SQL injection.But one problem with this tool is its not fully free! :(
The free version also has many great features but one problem I have faced while using this free version that is,it does not allows users to scan/run database enumeration on sites which uses SSL (https://) :(

So to overcome this limitation I have decided to write a proxy for it. But this proxy is not like most common http proxies. This proxy can be used to scan a ssl enabled site using Free Version of Havij.
Suppose you wanna try SQLi on "https://www.target.com/search.php?name=debasish" using Havij.So when you try to fire a scan using Havij you get an error like 
"Havij Free does not allow https://".blah blah ....

So to overcome this limitation what you have to do is :

  1. Configure your Havij Free to use a http proxy 127.0.0.1:8080 while scanning.
  2. Run this python script.(It will start a proxy server on port 127.0.0.1:8080)
  3. In the target field of Havij instead of entering "https://www.target.com.search.php?name=debasish" you need to add "http://www.target.com/search.php?name=debasish".So when you start scanning through havij the proxy script will do following:

       3.1. Take plain http request(SQLi request) from Havij.2
       3.2. Create a SSL connection to target.3
       3.3. Forward the same request received from Havij to target server.
       3.4. After receiving the response from server through secure shell it will feed the response to Havij.

This proxy is not suitable for web browsing. You will face some problems. Normal request/response generally used for SQLi it can handle. But one bad thing about this script is,it will make the speed of you SQLi process bit slower. It has the ability to handle gzip compressed response.

So here is the code: Enjoy SQLi on SSL sites using Havij Free!I dint test it much, so let me know if it is not working properly.

5 comments:

  1. looks interesting...will try..thanks for sharing debasish..:)

    ReplyDelete
  2. Working almost fine but bit slower than normal and some times its showing this error in console!


    Exception happened during processing of request from ('127.0.0.1', 56329)
    Traceback (most recent call last):
    File "/usr/lib/python2.7/SocketServer.py", line 284, in _handle_request_noblock
    self.process_request(request, client_address)
    File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
    self.finish_request(request, client_address)
    File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
    self.RequestHandlerClass(request, client_address, self)
    File "/usr/lib/python2.7/SocketServer.py", line 639, in __init__
    self.handle()
    File "havij-proxy.py", line 62, in handle
    self.request.sendall(all)
    File "/usr/lib/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
    error: [Errno 32] Broken pipe


    Any way thanks for sharing!

    ReplyDelete
    Replies
    1. thanks for your feedback! I will dfntly chk it n update the script if i can reproduce the issue with this script!

      Delete
  3. I have a best way to open any site just enter your site which is blocked in your location and click it
    Fenopy UK proxy

    ReplyDelete
  4. Digitized items can cross the fringe continuously, shoppers can shop 24 hours every day, seven days seven days, and firms are progressively looked with universal online competition. prywatnoscwsieci

    ReplyDelete