Initial requests from ACSTIS ignoring the proxy settings
Closed this issue · 2 comments
I noticed that intial requests sent by the acstis do not obey the proxy settings mentioned in the extended.py file.
In order to demonstrate this I set my system proxy to Fiddler (localhost:8888) and entered the proxy settings in extended.py to Burpsuite (localhost:8080)
extended.py <proxy settings>
options.identity.proxies = {
# No authentication
'http': 'http://127.0.0.1:8080',
'https': 'http://127.0.0.1:8080',
}
On running acstis with proper Burp certificates I get the following output
PS C:\FooBar\Tools\Angular-CSTI-Scanner\> python extended.py -c -d "https://owaspjuiceshop221b.herokuapp.com/#/search" -tc "C:\Foobar\Path\To\Certificates\Burp_Cert.pem"
/$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$ /$$$$$$
/$$__ $$ /$$__ $$ /$$__ $$|__ $$__/|_ $$_/ /$$__ $$
| $$ \ $$| $$ \__/| $$ \__/ | $$ | $$ | $$ \__/
| $$$$$$$$| $$ | $$$$$$ | $$ | $$ | $$$$$$
| $$__ $$| $$ \____ $$ | $$ | $$ \____ $$
| $$ | $$| $$ $$ /$$ \ $$ | $$ | $$ /$$ \ $$
| $$ | $$| $$$$$$/| $$$$$$/ | $$ /$$$$$$| $$$$$$/
|__/ |__/ \______/ \______/ |__/ |______/ \______/
Version 3.0.1 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>
[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.5.11.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search
At this point before the first request is being sent to Burp the following requests are going via Fiddler (That shows that the acstis scanner is ignoring the proxy settings and using the system proxy settings).
Fiddler Requests log:
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
1 200 HTTP 127.0.0.1:64799 /wd/hub/session 533 application/json;charset=UTF-8 python:8548
2 200 HTTP 127.0.0.1:64799 /wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108/url 74 application/json;charset=UTF-8 python:8548
3 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
4 200 HTTPS owaspjuiceshop221b.herokuapp.com / 12,489 public, max-age=0 text/html; charset=UTF-8 win-2.1.1:8532
6 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/bootswatch/slate/bootstrap.min.css 142,322 public, max-age=0 text/css; charset=UTF-8 win-2.1.1:8532
7 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
8 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
9 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
10 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
11 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
12 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/fontawesome/css/font-awesome.min.css 31,000 public, max-age=0 text/css; charset=UTF-8 win-2.1.1:8532
13 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/flag-icon-css/css/flag-icon.min.css 33,481 public, max-age=0 text/css; charset=UTF-8 win-2.1.1:8532
14 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/github-fork-ribbon-css/gh-fork-ribbon.css 3,546 public, max-age=0 text/css; charset=UTF-8 win-2.1.1:8532
15 200 HTTPS owaspjuiceshop221b.herokuapp.com /css/app.css 460 public, max-age=0 text/css; charset=UTF-8 win-2.1.1:8532
16 200 HTTPS owaspjuiceshop221b.herokuapp.com /socket.io/socket.io.js 61,211 application/javascript win-2.1.1:8532
17 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/underscore/underscore.js 52,919 public, max-age=0 application/javascript win-2.1.1:8532
18 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/string/dist/string.min.js 27,717 public, max-age=0 application/javascript win-2.1.1:8532
19 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/moment/min/moment.min.js 51,465 public, max-age=0 application/javascript win-2.1.1:8532
20 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/jquery/dist/jquery.min.js 86,659 public, max-age=0 application/javascript win-2.1.1:8532
21 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/bootstrap/dist/js/bootstrap.min.js 37,045 public, max-age=0 application/javascript win-2.1.1:8532
22 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular/angular.min.js 163,188 public, max-age=0 application/javascript win-2.1.1:8532
23 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-translate/angular-translate.min.js 23,733 public, max-age=0 application/javascript win-2.1.1:8532
24 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js 1,371 public, max-age=0 application/javascript win-2.1.1:8532
25 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-route/angular-route.min.js 4,786 public, max-age=0 application/javascript win-2.1.1:8532
26 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-cookies/angular-cookies.min.js 1,448 public, max-age=0 application/javascript win-2.1.1:8532
27 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-touch/angular-touch.min.js 4,042 public, max-age=0 application/javascript win-2.1.1:8532
28 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-animate/angular-animate.min.js 25,722 public, max-age=0 application/javascript win-2.1.1:8532
29 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-bootstrap/ui-bootstrap.min.js 100,829 public, max-age=0 application/javascript win-2.1.1:8532
30 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js 122,900 public, max-age=0 application/javascript win-2.1.1:8532
31 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/ng-file-upload/ng-file-upload-shim.min.js 7,262 public, max-age=0 application/javascript win-2.1.1:8532
32 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/ng-file-upload/ng-file-upload.min.js 37,495 public, max-age=0 application/javascript win-2.1.1:8532
33 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-socket-io/socket.min.js 1,291 public, max-age=0 application/javascript win-2.1.1:8532
34 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/clipboard/dist/clipboard.min.js 10,286 public, max-age=0 application/javascript win-2.1.1:8532
35 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/ngclipboard/dist/ngclipboard.min.js 640 public, max-age=0 application/javascript win-2.1.1:8532
36 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-base64/angular-base64.js 5,844 public, max-age=0 application/javascript win-2.1.1:8532
37 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/qrcode-generator/js/qrcode.js 45,006 public, max-age=0 application/javascript win-2.1.1:8532
38 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/angular-qrcode/angular-qrcode.js 5,267 public, max-age=0 application/javascript win-2.1.1:8532
39 200 HTTPS owaspjuiceshop221b.herokuapp.com /dist/juice-shop.min.js 100,409 public, max-age=0 application/javascript win-2.1.1:8532
40 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/JuiceShop_Logo.png 99,456 public, max-age=0 image/png win-2.1.1:8532
41 200 HTTPS owaspjuiceshop221b.herokuapp.com /socket.io/?EIO=3&transport=polling&t=LwQ76v4 104 text/plain; charset=UTF-8 win-2.1.1:8532
42 200 HTTPS owaspjuiceshop221b.herokuapp.com /i18n/en.json 5,977 public, max-age=0 application/json win-2.1.1:8532
43 200 HTTPS owaspjuiceshop221b.herokuapp.com /i18n/en_US.json 12,489 public, max-age=0 text/html; charset=UTF-8 win-2.1.1:8532
44 200 HTTPS owaspjuiceshop221b.herokuapp.com /rest/admin/application-version 19 application/json; charset=utf-8 win-2.1.1:8532
45 200 HTTPS owaspjuiceshop221b.herokuapp.com /rest/admin/application-configuration 5,894 application/json; charset=utf-8 win-2.1.1:8532
46 200 HTTPS owaspjuiceshop221b.herokuapp.com /rest/product/search?q=undefined 7,414 application/json; charset=utf-8 win-2.1.1:8532
47 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/%7B%7Bproduct.image%7D%7D 12,489 public, max-age=0 text/html; charset=UTF-8 win-2.1.1:8532
48 200 HTTP Tunnel to owaspjuiceshop221b.herokuapp.com:443 0 win-2.1.1:8532
49 200 HTTPS owaspjuiceshop221b.herokuapp.com /bower_components/fontawesome/fonts/fontawesome-webfont.ttf?v=4.7.0 165,548 public, max-age=0 application/x-font-ttf win-2.1.1:8532
50 200 HTTPS owaspjuiceshop221b.herokuapp.com /socket.io/?EIO=3&transport=polling&t=LwQ76y_&sid=Fej1KnRWts7JTzq8AAAA 23 text/plain; charset=UTF-8 win-2.1.1:8532
51 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/apple_juice.jpg 14,827 public, max-age=0 image/jpeg win-2.1.1:8532
52 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/apple_pressings.jpg 50,981 public, max-age=0 image/jpeg win-2.1.1:8532
53 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/banana_juice.jpg 11,276 public, max-age=0 image/jpeg win-2.1.1:8532
54 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/carrot_juice.jpeg 21,811 public, max-age=0 image/jpeg win-2.1.1:8532
55 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/eggfruit_juice.jpg 25,715 public, max-age=0 image/jpeg win-2.1.1:8532
56 101 HTTPS owaspjuiceshop221b.herokuapp.com /socket.io/?EIO=3&transport=websocket&sid=Fej1KnRWts7JTzq8AAAA 0 win-2.1.1:8532
57 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/white_raffards.jpg 26,353 public, max-age=0 image/jpeg win-2.1.1:8532
58 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/fruit_press.jpg 23,082 public, max-age=0 image/jpeg win-2.1.1:8532
59 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/green_smoothie.jpg 16,661 public, max-age=0 image/jpeg win-2.1.1:8532
60 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/artwork.jpg 634,687 public, max-age=0 image/jpeg win-2.1.1:8532
61 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/lemon_juice.jpg 14,393 public, max-age=0 image/jpeg win-2.1.1:8532
62 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/melon_bike.jpeg 36,673 public, max-age=0 image/jpeg win-2.1.1:8532
63 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/fan_girlie.jpg 19,501 public, max-age=0 image/jpeg win-2.1.1:8532
64 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/ctf_sticker.png 25,877 public, max-age=0 image/png win-2.1.1:8532
65 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/fan_hoodie.jpg 19,566 public, max-age=0 image/jpeg win-2.1.1:8532
66 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/3d_keychain.jpg 20,483 public, max-age=0 image/jpeg win-2.1.1:8532
67 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/fan_mug.jpg 16,255 public, max-age=0 image/jpeg win-2.1.1:8532
68 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/sticker_facelift.png 30,851 public, max-age=0 image/png win-2.1.1:8532
69 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/fan_shirt.jpg 14,682 public, max-age=0 image/jpeg win-2.1.1:8532
70 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/owasplogo.png 18,505 public, max-age=0 image/png win-2.1.1:8532
71 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/owasp_osaft.jpg 21,488 public, max-age=0 image/jpeg win-2.1.1:8532
72 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/orange_juice.jpg 37,636 public, max-age=0 image/jpeg win-2.1.1:8532
73 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/quince.jpg 18,711 public, max-age=0 image/jpeg win-2.1.1:8532
74 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/raspberry_juice.jpg 21,058 public, max-age=0 image/jpeg win-2.1.1:8532
75 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/strawberry_juice.jpeg 18,047 public, max-age=0 image/jpeg win-2.1.1:8532
76 200 HTTPS owaspjuiceshop221b.herokuapp.com /public/images/products/woodruff_syrup.jpg 96,062 public, max-age=0 image/jpeg win-2.1.1:8532
77 200 HTTPS owaspjuiceshop221b.herokuapp.com /socket.io/?EIO=3&transport=polling&t=LwQ773s&sid=Fej1KnRWts7JTzq8AAAA 3 text/plain; charset=UTF-8 win-2.1.1:8532
78 200 HTTP 127.0.0.1:64799 /wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108/execute 80 application/json;charset=UTF-8 python:8548
79 200 HTTP 127.0.0.1:64799 /wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108 74 application/json;charset=UTF-8 python:8548
Now in case if certain web-apps (Read: Client Apps) are only accessible through a certain proxy (eg. Client Proxy) and if its not possible to set this proxy as the system proxy. Then despite setting the proxy (Client Proxy) in extended.py we get the below error.
/$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$ /$$$$$$
/$$__ $$ /$$__ $$ /$$__ $$|__ $$__/|_ $$_/ /$$__ $$
| $$ \ $$| $$ \__/| $$ \__/ | $$ | $$ | $$ \__/
| $$$$$$$$| $$ | $$$$$$ | $$ | $$ | $$$$$$
| $$__ $$| $$ \____ $$ | $$ | $$ \____ $$
| $$ | $$| $$ $$ /$$ \ $$ | $$ | $$ /$$ \ $$
| $$ | $$| $$$$$$/| $$$$$$/ | $$ /$$$$$$| $$$$$$/
|__/ |__/ \______/ \______/ |__/ |______/ \______/
Version 3.0.1 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>
[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[ERROR] Couldn't determine the AngularJS version (`angular.version.full` threw an exception).
[ERROR] If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument.
This error occurs as ACSTIS sends the intial requests to the target site via the system proxy and since the target site is not reachable it results in an error.