search

edoardottt / cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
https://edoardoottavianelli.it
GNU General Public License v3.0
1.52k stars 158 forks source link

Proxy issue #143

Closed Namoa0 closed 7 months ago

Namoa0 commented 7 months ago

I am trying to use the proxy but it does not establish a connection and they do not tunnel.

echo test.com | cariddi -proxy http://127.0.0.1:8080

For illustrative purposes, I create a port with netcat. But in tested in multiple ways.

nc -vvv -l -p 8080

No connection is established.

listening on [any] 8080 ...

Are proxies not implemented?

Thanks you.

edoardottt commented 7 months ago

Try with a working target

Namoa0 commented 7 months ago

test.com I gave it as an example. Obviously I have tried with target which works. For example: google.com

Same result.

Namoa0 commented 7 months ago

Can you fixed?

edoardottt commented 7 months ago

Got your point.

The problem is SetProxy sets a proxy for the collector. This method overrides the previously used http.Transport if the type of the transport is not http.RoundTripper. The proxy type is determined by the URL scheme. "http" and "socks5" are supported. If the scheme is empty, "http" is assumed., but then to skip insecure certificates cariddi uses http.Transport as transport.

I'll go deeper in this issue in the next days, however PRs are accepted. If you want you can submit a solution

edoardottt commented 7 months ago

Hi @Namoa0 , I've applied some changes to the devel branch in order to address this issue. You can find it here https://github.com/edoardottt/cariddi/tree/devel

Let me know if everything works for you (proxy ok, proxy not ok, http without TLS certificate crawled with proxy and without a proxy).

Sorry for my quick and maybe aggressive response Try with a working target, I wasn't getting your point...Sorry :/

If you need help or you have some doubts with the tests I'm here to provide assistance : )

edoardottt commented 7 months ago

Partially fixed in version 1.3.3.

Many targets work fine with new proxy settings, however there could be problems in certain types of target. e.g.:

Before this fix there was a clear problem with proxies, no target was working. After this fix a lot of targets can be crawled using a proxy.

If anyone has a better solution I'm all ears, just open an Issue / Pull Request