--- /usr/local/share/nmap/scripts/http-open-proxy.nse 2013-04-17 12:12:30.958089928 +0200 +++ /usr/local/share/nmap/scripts/http-open-proxy-anon.nse 2013-05-11 11:13:23.456681724 +0200 @@ -38,52 +38,11 @@ -- -- @usage -- nmap --script http-open-proxy.nse \ --- --script-args proxy.url=,proxy.pattern= author = "Arturo 'Buanzo' Busleiman" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"default", "discovery", "external", "safe"} ---- Performs the custom test, with user's arguments --- @param host The host table --- @param port The port table --- @param test_url The url te send the request --- @param pattern The pattern to check for valid result --- @return status (if any request was succeded --- @return response String with supported methods -function custom_test(host, port, test_url, pattern) - local lstatus = false - local response = "" - -- if pattern is not used, result for test is code check result. - -- otherwise it is pattern check result. - - -- strip hostname - if not string.match(test_url, "^http://.*") then - test_url = "http://" .. test_url - stdnse.print_debug("URL missing scheme. URL concatenated to http://") - end - local url_table = url.parse(test_url) - local hostname = url_table.host - - local get_status = proxy.test_get(host, port, "http", test_url, hostname, pattern) - local head_status = proxy.test_head(host, port, "http", test_url, hostname, pattern) - local conn_status = proxy.test_connect(host, port, "http", hostname) - if get_status then - lstatus = true - response = response .. " GET" - end - if head_status then - lstatus = true - response = response .. " HEAD" - end - if conn_status then - lstatus = true - response = response .. " CONNECTION" - end - if lstatus then response = "Methods supported: " .. response end - return lstatus, response -end - --- Performs the default test -- First: Default google request and checks for Server: gws -- Seconde: Request to wikipedia.org and checks for wikimedia pattern @@ -98,23 +57,25 @@ -- @param port The port table -- @return status (if any request was succeded -- @return response String with supported methods -function default_test(host, port) + +function anon_test(host, port) local fstatus = false local cstatus = false local response = "" - local get_status, head_status, conn_status + local get_status, head_status, conn_status, anon_status local get_r1, get_r2, get_r3 local get_cstatus, head_cstatus - -- Start test n1 -> google.com + -- Start test n1 -- making requests - local test_url = "http://www.google.com" - local hostname = "www.google.com" - local pattern = "^server: gws" + local test_url = "http://www.xxxx.net/ip.php" + local hostname = "www.xxxxx.net" + local pattern = "Your IP is" get_status, get_r1, get_cstatus = proxy.test_get(host, port, "http", test_url, hostname, pattern) local _ head_status, _, head_cstatus = proxy.test_head(host, port, "http", test_url, hostname, pattern) conn_status = proxy.test_connect(host, port, "http", hostname) + anon_status = string.match (get_r1, "Your IP is (%d+.%d+.%d+.%d+)") -- checking results -- conn_status use a different flag (cstatus) @@ -127,7 +88,8 @@ if get_status then fstatus = true; response = response .. " GET" end if head_status then fstatus = true; response = response .. " HEAD" end if conn_status then cstatus = true; response = response .. " CONNECTION" end - + if anon_status then fstatus = true; response = response .. " IP:" .. anon_status end + -- if proxy is open, return it! if fstatus then return fstatus, "Methods supported: " .. response end @@ -136,44 +98,7 @@ -- if we do not receive any valid status code, -- there is no reason to keep testing... the proxy is probably not open if not (get_cstatus or head_cstatus or conn_status) then return false, nil end - stdnse.print_debug("Test 1 - Google Web Server\nReceived valid status codes, but pattern does not match") - - test_url = "http://www.wikipedia.org" - hostname = "www.wikipedia.org" - pattern = "wikimedia" - get_status, get_r2, get_cstatus = proxy.test_get(host, port, "http", test_url, hostname, pattern) - head_status, _, head_cstatus = proxy.test_head(host, port, "http", test_url, hostname, pattern) - conn_status = proxy.test_connect(host, port, "http", hostname) - - if get_status then fstatus = true; response = response .. " GET" end - if head_status then fstatus = true; response = response .. " HEAD" end - if conn_status then - if not cstatus then response = response .. " CONNECTION" end - cstatus = true - end - - if fstatus then return fstatus, "Methods supported: " .. response end - - -- same valid code checking as above - if not (get_cstatus or head_cstatus or conn_status) then return false, nil end - stdnse.print_debug("Test 2 - Wikipedia.org\nReceived valid status codes, but pattern does not match") - - test_url = "http://www.computerhistory.org" - hostname = "www.computerhistory.org" - pattern = "museum" - get_status, get_r3, get_cstatus = proxy.test_get(host, port, "http", test_url, hostname, pattern) - conn_status = proxy.test_connect(host, port, "http", hostname) - - if get_status then fstatus = true; response = response .. " GET" end - if conn_status then - if not cstatus then response = response .. " CONNECTION" end - cstatus = true - end - - if fstatus then return fstatus, "Methods supported:" .. response end - if not get_cstatus then - stdnse.print_debug("Test 3 - Computer History\nReceived valid status codes, but pattern does not match") - end + stdnse.print_debug("Received valid but something goes bad") -- Check if GET is being redirected if proxy.redirectCheck(get_r1, get_r2) and proxy.redirectCheck(get_r2, get_r3) then @@ -192,18 +117,12 @@ action = function(host, port) local supported_methods = "\nMethods successfully tested: " local fstatus = false - local def_test = true local test_url, pattern test_url, pattern = proxy.return_args() - if(test_url) then def_test = false end if(pattern) then pattern = ".*" .. pattern .. ".*" end - - if def_test - then fstatus, supported_methods = default_test(host, port) - else fstatus, supported_methods = custom_test(host, port, test_url, pattern); - end + fstatus, supported_methods = anon_test(host, port); -- If any of the tests were OK, then the proxy is potentially open if fstatus then