wikiZ
commented
2 years ago look your profile and RedGuard print info
Closed S3cur3Th1sSh1t closed 2 months ago
wikiZ
commented
2 years ago look your profile and RedGuard print info
S3cur3Th1sSh1t
commented
2 years ago Here you go. One full profile variane:
http-get "variant_5" {
set uri "/lv.js";
client {
header "Host" "hostname.example.com";
header "Connection" "close";
header "Accept-Language" "fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5";
metadata {
base64url;
base64;
prepend "woocommerce_cart_hash=";
header "Cookie";
}
}
server {
header "Connection" "close";
header "Content-Type" "text/html";
header "Server" "apache";
output {
base64url;
base64;
prepend "<!DOCTYPE html><html class='no-js' lang='en-US'> <head> <meta http-equiv='X-UA-Compatible' content='IE=EDGE' /> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1' /> <meta name='apple-itunes-app' conten$
print;
}
}
}And the result from RedGuard:
wikiZ
commented
2 years ago S3cur3Th1sSh1t
commented
2 years ago Ok. When changing http-get "variant_5" { to http-get { it works for the initial GET-Request. Seams, like your parser for the profile fails, when different http-get profile names are declared.
Also found another thing for http-post it does not parse the following correctly:
Non-Working example
http-post {
set uri "/af, /media, /da";
Some idea, why the parsing fails here?
wikiZ
commented
2 years ago Have a look your wireshark http request data,sir.
Hey,
I tried using RedGuard on a redirector Server today. Unfortunately it was not able to parse my MalleableC2 profile correctly.
For example the following was not parsed correctly:
As requests to the URL
/test.csswere not redirected but blocked.Is that a bug?
Greetings