Closed jabra- closed 10 years ago
Thanks @jabra-, I'll work on this today and see what I can figure out.
Thanks Tom!
@jabra- All the routes are fixed, with some changes in the way you initiate a scan in /scan/active. The message body should be something like the following:
'{"host": "stacktitan.com", "port": 80, "useHttps": false, "request": "R0VUIC8gSFRUUC8xLjENCkhvc3Q6IHN0YWNrdGl0YW4uY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV2luNjQ7IHg2NDsgVHJpZGVudC81LjApDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
We had to move from using a byte array of octets to using base64 strings everywhere, which is actually quite a bit nicer, request
is the entire request. You'll see if you decode it.
For the sitemap after spidering, it's because there is no trailing /
in the url. If you make it "http://testasp.vulnweb.com/" it should work.
I'm going to test things out a bit more, update the documentation, and I will post a 2.0 version.
That sounds great. Thanks!
Ok everything fixed and a new release published. Also added a ton of polish that was lacking. Thank again!
Also better exception messages :)
Working with the API, I constructed several requests that always returned a 500 Internal Error. I've read the documentation so I think I'm doing things correctly. Increased verbose messages would be helpful as well.
request:
GET /sitemap HTTP/1.1 Host: 127.0.0.1:8001
response:
HTTP/1.1 500 Server Error Content-Type: text/html; charset=UTF-8 Content-Length: 53 Server: Jetty(9.0.z-SNAPSHOT)
500 Internal Error
request:
GET /proxyhistory HTTP/1.1 Host: 127.0.0.1:8001
response:
HTTP/1.1 500 Server Error Content-Type: text/html; charset=UTF-8 Content-Length: 53 Server: Jetty(9.0.z-SNAPSHOT)
500 Internal Error
request:
POST /scan/active HTTP/1.1 Accept: application/json Accept-Encoding: gzip, deflate Content-Type: application/json Content-Length: 552 Host: 127.0.0.1:8001
{"host":"testasp.vulnweb.com","port":80,"useHttps":false,"request":{"host":"testasp.vulnweb.com","port":80,"protocol":"http","url":"http://testasp.vulnweb.com//","path":"/","httpVersion":"HTTP/1.1","method":"GET","headers":{"Accept-Language":"en-US,en;q=0.5","Cookie":"","Host":"testasp.vulnweb.com","Accept-Encoding":"gzip, deflate","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0)\nGecko/20100101 Firefox/30.0","Connection":"keep-alive","Accept":"text/css,/;q=0.1"},"body":[],"comment":"","inScope":true,"messageType":"request"}}
response:
HTTP/1.1 500 Server Error Content-Type: text/html; charset=UTF-8 Content-Length: 53 Server: Jetty(9.0.z-SNAPSHOT)
500 Internal Error
Lastly, I was able to add a site to the scope and spider it properly. When I tried to retrieve the sitemap it did not return any data.
request GET /sitemap/aHR0cDovL3Rlc3Rhc3AudnVsbndlYi5jb20K HTTP/1.1 Host: 127.0.0.1:8001
response:
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Content-Length: 11 Server: Jetty(9.0.z-SNAPSHOT)
{"data":[]}