Skip to content

Commit df165bb

Browse files
drwetterdrwetter
committed
change HTTP HEAD function as wget ...
... doesn't accept LFs in header - introducing http_header_printf, way easier - updates anyway to http_get
1 parent 949811e commit df165bb

1 file changed

Lines changed: 58 additions & 14 deletions

File tree

testssl.sh

Lines changed: 58 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1863,44 +1863,46 @@ http_get() {
18631863
}
18641864

18651865
# Outputs the headers when downloading any URL (arg1) via HTTP 1.1 GET from port 80.
1866+
# arg2 is optional and could be a http_header
1867+
#
18661868
# Only works if curl or wget is available.
1867-
# There the environment variable is used automatically
1868-
# Currently it is being used by check_pwnedkeys() and run_opossum()
1869+
# The proxy environment variable is used automatically.
1870+
# Currently it is being used by check_pwnedkeys(), only
18691871
#
18701872
http_get_header() {
18711873
local proto
18721874
local node="" query=""
18731875
local request_header="$2"
18741876
local useragent="$UA_STD"
1875-
local jsonID="http_get_header"
1876-
local response_headers
1877+
local response_headers=""
1878+
local xtra_params=""
18771879
local -i ret
18781880

18791881
"$SNEAKY" && useragent="$UA_SNEAKY"
18801882

18811883
if type -p curl &>/dev/null; then
1882-
timeout="--connect-timeout $HEADER_MAXSLEEP"
1884+
xtra_params="--connect-timeout $HEADER_MAXSLEEP --head -s"
18831885
if [[ -z "$PROXY" ]]; then
1884-
response_headers="$(curl --head -s $timeout --noproxy '*' -H $''"$request_header"'' -A $''"$useragent"'' "$1")"
1886+
response_headers="$(curl $xtra_params --noproxy '*' -H $''"$request_header"'' -A $''"$useragent"'' "$1")"
18851887
else
18861888
# for the sake of simplicity assume the proxy is using http
1887-
response_headers="$(curl --head -s $timeout -x $PROXYIP:$PROXYPORT -H $''"$request_header"'' -A $''"$useragent"'' "$1")"
1889+
response_headers="$(curl $xtra_params -x $PROXYIP:$PROXYPORT -H $''"$request_header"'' -A $''"$useragent"'' "$1")"
18881890
fi
18891891
ret=$?
18901892
tm_out "$response_headers"
18911893
return $ret
18921894
elif type -p wget &>/dev/null; then
1893-
timeout="--timeout=$HEADER_MAXSLEEP --tries=1"
1895+
xtra_params="--timeout=$HEADER_MAXSLEEP --tries=1 --content-on-error --cache=off"
18941896
# wget has no proxy command line. We need to use http_proxy instead. And for the sake of simplicity
18951897
# assume the GET protocol we query is using http -- http_proxy is the $ENV not for the connection TO
18961898
# the proxy, but for the protocol we query THROUGH the proxy
18971899
if [[ -z "$PROXY" ]]; then
1898-
response_headers="$(wget --no-proxy -q -S $timeout --header $''"$request_header"'' -U $''"$useragent"'' -O /dev/null "$1" 2>&1)"
1900+
response_headers="$(wget --no-proxy -q -S $xtra_params --header $''"$request_header"'' -U $''"$useragent"'' -O /dev/null "$1" 2>&1)"
18991901
else
19001902
if [[ -z "$http_proxy" ]]; then
1901-
response_headers="$(http_proxy=http://$PROXYIP:$PROXYPORT wget -q -S $timeout --header $''"$request_header"'' -U $''"$useragent"'' -O /dev/null "$1" 2>&1)"
1903+
response_headers="$(http_proxy=http://$PROXYIP:$PROXYPORT wget -q -S $xtra_params --header $''"$request_header"'' -U $''"$useragent"'' -O /dev/null "$1" 2>&1)"
19021904
else
1903-
response_headers="$(wget -q -S $timeout --header $''"$request_header"'' -U $''"$useragent"'' -O /dev/null "$1" 2>&1)"
1905+
response_headers="$(wget -q -S $xtra_params --header $''"$request_header"'' -U $''"$useragent"'' -O /dev/null "$1" 2>&1)"
19041906
fi
19051907
fi
19061908
ret=$?
@@ -1914,6 +1916,48 @@ http_get_header() {
19141916
fi
19151917
}
19161918

1919+
# does a simple http head via printf with no proxy, only used by do_opossum
1920+
# arg1: URL
1921+
# arg2: extra http header
1922+
#
1923+
http_header_printf() {
1924+
local request_header="$2"
1925+
local useragent="$UA_STD"
1926+
local tmpfile=$TEMPDIR/$NODE.$NODEIP.http_header_printf.log
1927+
local errfile=$TEMPDIR/$NODE.$NODEIP.http_header_printf-err.log
1928+
local - ret=0
1929+
1930+
[[ $DEBUG -eq 0 ]] && errfile=/dev/null
1931+
1932+
IFS=/ read -r proto foo node query <<< "$1"
1933+
echo $proto
1934+
echo $foo
1935+
echo $node
1936+
echo $query
1937+
1938+
exec 33<>/dev/tcp/$node/80
1939+
printf -- "%b" "HEAD ${proto}//${node}/${query} HTTP/1.1\r\nUser-Agent: ${useragent}\r\nHost: ${node}\r\n${request_header}\r\nAccept: */*\r\n\r\n\r\n" >&33 2>$errfile &
1940+
wait_kill $! $HEADER_MAXSLEEP
1941+
if [[ $? -ne 0 ]]; then
1942+
# not killed
1943+
if [[ -n "$PROXY" ]]; then
1944+
ret=3
1945+
fi
1946+
ret=1
1947+
else
1948+
ret=0
1949+
fi
1950+
if [[ $DEBUG -eq 0 ]] ; then
1951+
cat <&33
1952+
else
1953+
cat <&33 >$tmpfile
1954+
cat $tmpfile
1955+
fi
1956+
exec 33<&-
1957+
exec 33>&-
1958+
return $ret
1959+
}
1960+
19171961

19181962
ldap_get() {
19191963
local ldif
@@ -17640,7 +17684,7 @@ run_opossum() {
1764017684
local cwe="CWE-74"
1764117685
local -i ret=0
1764217686
# we need to talk http here!
17643-
local uri=${URI/https/http}
17687+
local uri=$URI
1764417688
local service="$SERVICE"
1764517689

1764617690
[[ -n "$STARTTLS" ]] && return 0
@@ -17652,10 +17696,10 @@ run_opossum() {
1765217696
[[ $uri =~ ^http ]] && service=HTTP # https provided as target/URL
1765317697
[[ "$CLIENT_AUTH" == required ]] && service=HTTP # also try when client auth is requested (we dont use it over cleartext)
1765417698
fi
17655-
1765617699
case $service in
1765717700
HTTP)
17658-
response=$(http_get_header $uri 'Upgrade: TLS/1.0\r\n\r\nClose\r\n')
17701+
uri=${URI/https:\/\//}
17702+
response=$(http_header_printf http://${uri} 'Upgrade: TLS/1.0\r\n\r\nClose\r\n')
1765917703
case $? in
1766017704
0) ret=0 ;;
1766117705
*) ret=7 ;;

0 commit comments

Comments
 (0)