search

d0nutptr / sic

A tool to perform Sequential Import Chaining
https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
MIT License
254 stars 14 forks source link

Protocol Relative URL support #2

Open nbk2000 opened 5 years ago

nbk2000 commented 5 years ago

Hey d0nut,

In testing the use of Nginx to terminate HTTPs connections for sic I receive the following error:

thread 'tokio-runtime-worker-0' panicked at 'called `Result::unwrap()` on an `Err` value: RelativeUrlWithoutBase', src/libcore/result.rs:999:5

This happens when supplying a Protocol Relative URL as the Polling or Callback host like this:

./sic -p 3000 --ph "//a.pwnu.net" --ch "//b.pwnu.net" -t template_file

Using Protocol Relative URLs would allow sic payloads to work on both HTTP and HTTPs pages simultaneously.

BTW - Here's the example Nginx config I promised you.

Best, NBK

d0nutptr commented 5 years ago

Would it be fine if the tool only support HTTP but injected url relative protocols in the style sheet? I assume that's what you're asking

nbk2000 commented 5 years ago

Yeah, that's exactly right