search

w-digital-scanner / w13scan

Passive Security Scanner (被动式安全扫描器)
GNU General Public License v2.0
1.9k stars 360 forks source link

do_CONNECT filter is not working #517

Open osxtest opened 2 years ago

osxtest commented 2 years ago

Hi, I noticed that at code https://github.com/w-digital-scanner/w13scan/blob/master/W13SCAN/lib/proxy/baseproxy.py#L423-L450 you are trying to relay some HTTPS requests directly accroding to the extension in the CONNECT request, but it looks like it will not going to work, because the CONNECT request does not contain any extension information.

reproduce

  1. run python3 w13scan.py -s 127.0.0.1:8081
  2. use 127.0.0.1:8081 proxy at your browser
  3. visit https://www.baidu.com/favicon.ico
  4. check the browser certificate
  5. you will see W13scan cert instead baidu cert