Closed larsks closed 2 months ago
@larsks Unsure if this has started happening after any recent commit or has this been always the case. Nevertheless, thanks for reporting this. Really appreciate it. I'll get this out fixed soon. Best.
I encountered the same problem and easily reproduced it.
Tracking https://github.com/abhinavsingh/proxy.py/blob/develop/proxy/http/proxy/auth.py#L30 The variables here,
The value of request.headers was found to be None, so the entire validation logic was skipped
if self.flags.auth_code and request.headers:
I'm not sure why the Boolean value of request.headers is determined here.
My guess is to avoid causing errors in the next line of code not in request. headers
.
A simple repair solution is to determine whether to perform authentication checks if the headers are not involved.
Example: https://github.com/dongfangtianyu/proxy.py/blob/develop/proxy/http/proxy/auth.py#L30
Thank you @dongfangtianyu for bringing my attention back to this. Do you want to send a PR for the same? Will be happy to review/merge. Best
Thank you @dongfangtianyu for bringing my attention back to this. Do you want to send a PR for the same? Will be happy to review/merge. Best
Sure, I'm happy to do it. I'm currently getting familiar with the contribution guidelines and test cases, and I will try to submit the PR later.
Thank you folks, closing this now
I'll cut a 2.4.4 soon, so that 2.4.3 is no longer the default install which contains this vulnerability.
Describe the bug
It is possible to bypass proxy authentication by sending an HTTP/1.0 request with no request headers.
To Reproduce Steps to reproduce the behavior:
proxy.py
asproxy --basic-auth user:secret
Run the following Python code:
You can reproduce this yourself like this:
Expected behavior
proxy.py should return a
407 Proxy Authentication Required
result.Version information
curl
, Pythonrequests
This problem also reproduces with the current
develop
branch (5e02436).