kkovar / ratproxy

Automatically exported from code.google.com/p/ratproxy
0 stars 0 forks source link

Hardcoded web-server ports #40

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
When tests web-server on not standart ports like 80 and 443 you will see
such warning:
"[!] WARNING: Access to this port denied."

Please provide any additional information below.
Problem in http.c. Patch you can see below.

diff -u http.c.orig http.c
--- http.c.orig 2009-05-13 23:41:01.000000000 +0400
+++ http.c  2010-03-25 14:09:19.175346738 +0300
@@ -496,8 +496,8 @@
     if (!ret->port || ret->port > 65535) 
       http_error(client,"Illegal port specification",1);

-    if (ret->port < 1024 && ret->port != 80 && ret->port != 443)
-      http_error(client,"Access to this port denied",1);
+/*    if (ret->port < 1024 && ret->port != 80 && ret->port != 443)*/
+      /*http_error(client,"Access to this port denied",1);*/

     *x = 0; 

Original issue reported on code.google.com by naplan...@gmail.com on 25 Mar 2010 at 11:25

GoogleCodeExporter commented 9 years ago
It's by design, for security reasons. You can put this behind a command-line 
flag, 
though.

Original comment by lcam...@gmail.com on 25 Mar 2010 at 5:43

GoogleCodeExporter commented 9 years ago
Hmmm, what are these security reasons?

Original comment by naplan...@gmail.com on 25 Mar 2010 at 8:19

GoogleCodeExporter commented 9 years ago
Limiting the ability for proxy users to port scan or send input to non-HTTP 
services;
roughly the same restrictions are present in most other browsers and proxies,
although usually a bit more fine-grained (e.g., a list of few hundred 
blacklisted ports).

Original comment by lcam...@google.com on 25 Mar 2010 at 8:42

GoogleCodeExporter commented 9 years ago
Yep, I agree. But ratproxy usually used as local proxy, isn't it?
So it will be great to have some command line param to control this case.

Original comment by naplan...@gmail.com on 25 Mar 2010 at 8:51

GoogleCodeExporter commented 9 years ago
Yeah, I will put it behind a switch.

Original comment by lcam...@gmail.com on 25 Mar 2010 at 8:53