Skip to content

1N3/HTTPoxyScan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
cgi_list.txt
cgi_list.txt
 
 
httpoxyscan.py
httpoxyscan.py
 
 
listener.sh
listener.sh
 
 

Repository files navigation

HTTPoxy Exploit Scanner

by 1N3 @CrowdShield (https://crowdshield.com) Last Updated: 20160720

ABOUT:

PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org.

REQUIREMENTS:

Requires ncat to establish reverse session

USAGE:

./httpoxyscan.py https://target.com cgi_list.txt 10.1.2.243 3000

This will scan https://target.com with a list of common CGI files while injecting a Proxy header back to a given IP:PORT. A reverse listener will catch the incoming connection to confirm the remote site is vulnerable.

DISCLAIMER:

I take no responsibility for wrong doing or misuse of this exploit.

About

HTTPoxy Exploit Scanner by 1N3 @CrowdShield

Resources

Readme
Activity

Stars

104 stars

Watchers

10 watching

Forks

50 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages