niubenaniu / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

Skipfish doesn't scan sites with 301 redirect #175

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
My site has permanent redirect from site.com to site.com/ru
When I try to:

skipfish -o /report site.com

it works 2 seconds and show me only 2 items in "Document type overview":
- http://www.site.com/ with 301 redirect
- http://www.site.com/sfi9876

that's all. Why?

Original issue reported on code.google.com by abruma...@gmail.com on 27 Mar 2013 at 6:57

GoogleCodeExporter commented 8 years ago

What does the redirect look like ? Is it on the same domain?  

Typically if a site redirect to another domain and if you additionally do not 
enable bruteforcing then the scan will not get far.  Btw, you can also check 
report/pivots.txt to see what requests were sent. 

Original comment by niels.he...@gmail.com on 27 Mar 2013 at 6:39

GoogleCodeExporter commented 8 years ago
Domain is the same.
Pivots.txt:
GET http://www.site.com/ name=http://www.site.com/ type=serv linked=yes 
browsers=0 browser_used=FAST dup=0 code=301 len=184 notes=4 sig=0x3638ac6e
GET http://www.site.com/ru/ name=ru type=dir linked=yes browsers=0 
browser_used=FAST dup=0 code=200 len=30789 notes=4 sig=0x839ec72d

Original comment by abruma...@gmail.com on 28 Mar 2013 at 11:09

GoogleCodeExporter commented 8 years ago
That's captured contant of http://www.site.com:

=== REQUEST ===

GET / HTTP/1.1
Host: www.site.com
Accept-Encoding: gzip
Connection: keep-alive
User-Agent: Mozilla/5.0 SF/2.10b
Range: bytes=0-399999
Referer: http://www.site.com/
Cookie: PHPSESSID=vjhb2g2gkub7hrogtjep1hcij4

=== RESPONSE ===

HTTP/1.1 301 Moved Permanently
Server: nginx/1.2.4
Date: Thu, 14 Mar 2013 13:14:28 GMT
Content-Type: text/html
Content-Length: 184
Location: http://www.site.com/ru/
Connection: keep-alive

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.2.4</center>
</body>
</html>

=== END OF DATA ===

Original comment by abruma...@gmail.com on 28 Mar 2013 at 11:11

GoogleCodeExporter commented 8 years ago
Cheers! Could you give me the full command-line and also tell me what the 
report says ? According to the pivots.txt file, there were 4 notes.

Cheers,
Niels

Original comment by niels.he...@gmail.com on 14 Apr 2013 at 2:52

GoogleCodeExporter commented 8 years ago
Hey, sorry but I need more data to explain the behavior.  Most useful would be 
to give me the debug output which is described here:

https://code.google.com/p/skipfish/wiki/SkipfishDoc#Oy!_Something_went_horribly_
wrong! 

Original comment by niels.he...@gmail.com on 20 Apr 2013 at 6:00