Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paths not properly constructed from .info Files #39

Open
er4z0r opened this issue Nov 3, 2023 · 1 comment
Open

Paths not properly constructed from .info Files #39

er4z0r opened this issue Nov 3, 2023 · 1 comment

Comments

@er4z0r
Copy link

er4z0r commented Nov 3, 2023
edited

Steps to reproduce

  1. Download 0.0.4 release
  2. Install
  3. Use the commands from README.md
root@satellite-ja3-testing:~# echo '<h1>It worked!</h1>' > /var/www/html/index.html
root@satellite-ja3-testing:~# echo -e "authorized_useragents:\n- ayyylmao" > /var/www/html/index.html.info
root@satellite-ja3-testing:~# cp  satellite/examples/options/useragent* /var/www/html/
root@satellite-ja3-testing:~# tree /var/www/html/
/var/www/html/
├── index.html
├── index.html.info
├── useragent
└── useragent.info

Manually start satellite:

root@satellite-ja3-testing:~# satellite
DEBU[0000] Using config file /etc/satellite/config.yml  
DEBU[0000] Using server path /var/www/html              
DEBU[0000] Loaded 0 path(s)                             
WARN[0000] Use not_found handlers for opsec             
INFO[0000] Listening HTTPS on port :443

Not the line that says Loaded 0 path(s)

As a result index.html will always be served irrespective of the User-Agent:

user@pentest:~/projects/internal$ curl -k -A ayyylmao https://XX.XX.XX.XX/
<h1>It worked!</h1>
user@pentest:~/projects/internal$ curl -k https://XX.XX.XX.XX/
<h1>It worked!</h1>
user@pentest:~/projects/internal$ curl -k -A 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' https://XX.XX.XX.XX/useragent
Correct User-Agent!
user@pentest:~/projects/internal$ curl -k https://XX.XX.XX.XX/useragent
Correct User-Agent!
@er4z0r
Copy link
Author

er4z0r commented Nov 3, 2023

We talked this through on Slack and it seems there is a problem with .info file parsing. As @t94j0 pointed out, you can still get this to work using a pathList.yml

root@satellite-ja3-testing:~# cat /var/www/html/pathList.yml 
- path: /index.html
  hosted_file: index.html
- path: /useragent
  hosted_file: useragent
  authorized_useragents:
    - "Mozilla.*"

Start satellite again:

root@satellite-ja3-testing:~# satellite
DEBU[0000] Using config file /etc/satellite/config.yml  
DEBU[0000] Using server path /var/www/html              
DEBU[0000] Loaded 2 path(s)                             
WARN[0000] Use not_found handlers for opsec             
INFO[0000] Listening HTTPS on port :443

Now the useragent example works correctly:

user@pentest:~/projects/internal$ curl -k https://XX.XX.XX.XX/useragent
404
user@pentest:~/projects/internal$ curl -k -A 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' https://XX.XX.XX.XX/useragent
Correct User-Agent!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@er4z0r