From 382d5f37447974838128cfc2e439ac09d8ffeb63 Mon Sep 17 00:00:00 2001 From: Damian Bednarczyk Date: Wed, 29 Nov 2023 15:03:30 -0600 Subject: [PATCH] ignore unused params --- proxychain/proxychain.go | 15 +++++++++------ .../responsemodifers/modify_incoming_cookies.go | 4 +++- .../rewriters/html_token_url_rewriter.go | 8 +++++++- .../rewriters/script_injector_rewriter.go | 3 ++- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/proxychain/proxychain.go b/proxychain/proxychain.go index ad5da59..afc2e53 100644 --- a/proxychain/proxychain.go +++ b/proxychain/proxychain.go @@ -5,6 +5,9 @@ import ( "fmt" "io" "log" + "net/url" + "strings" + //"time" //"net/http" @@ -12,10 +15,8 @@ import ( //http "github.com/Danny-Dasilva/fhttp" http "github.com/bogdanfinn/fhttp" tls_client "github.com/bogdanfinn/tls-client" - //"github.com/bogdanfinn/tls-client/profiles" - "net/url" - "strings" + //"github.com/bogdanfinn/tls-client/profiles" "ladder/pkg/ruleset" @@ -122,7 +123,7 @@ type HTTPClient interface { SetCookies(u *url.URL, cookies []*http.Cookie) SetCookieJar(jar http.CookieJar) GetCookieJar() http.CookieJar - SetProxy(proxyUrl string) error + SetProxy(proxyURL string) error GetProxy() string SetFollowRedirect(followRedirect bool) GetFollowRedirect() bool @@ -184,7 +185,7 @@ func (chain *ProxyChain) AddRuleset(rs *ruleset.RuleSet) *ProxyChain { return chain } -func (chain *ProxyChain) _initialize_request() (*http.Request, error) { +func (chain *ProxyChain) _initializeRequest() (*http.Request, error) { if chain.Context == nil { chain.abortErr = chain.abort(errors.New("no context set")) return nil, chain.abortErr @@ -264,9 +265,11 @@ func preventRecursiveProxyRequest(urlQuery *url.URL, baseProxyURL string) *url.U // is a relative path, it reconstructs the full URL using the referer header. func (chain *ProxyChain) extractURL() (*url.URL, error) { reqURL := chain.Context.Params("*") + fmt.Println("XXXXXXXXXXXXXXXX") fmt.Println(reqURL) fmt.Println(chain._apiPrefix) + reqURL = strings.TrimPrefix(reqURL, chain._apiPrefix) // sometimes client requests doubleroot '//' @@ -318,7 +321,7 @@ func (chain *ProxyChain) SetFiberCtx(ctx *fiber.Ctx) *ProxyChain { chain.Context = ctx // initialize the request and prepare it for modification - req, err := chain._initialize_request() + req, err := chain._initializeRequest() if err != nil { chain.abortErr = chain.abort(err) } diff --git a/proxychain/responsemodifers/modify_incoming_cookies.go b/proxychain/responsemodifers/modify_incoming_cookies.go index e317124..5a83830 100644 --- a/proxychain/responsemodifers/modify_incoming_cookies.go +++ b/proxychain/responsemodifers/modify_incoming_cookies.go @@ -2,6 +2,7 @@ package responsemodifers import ( "fmt" + http "github.com/bogdanfinn/fhttp" //"net/http" //http "github.com/Danny-Dasilva/fhttp" @@ -11,7 +12,7 @@ import ( // DeleteIncomingCookies prevents ALL cookies from being sent from the proxy server // back down to the client. -func DeleteIncomingCookies(whitelist ...string) proxychain.ResponseModification { +func DeleteIncomingCookies(_ ...string) proxychain.ResponseModification { return func(px *proxychain.ProxyChain) error { px.Response.Header.Del("Set-Cookie") return nil @@ -37,6 +38,7 @@ func DeleteIncomingCookiesExcept(whitelist ...string) proxychain.ResponseModific filteredCookies := []string{} for _, cookieStr := range px.Response.Header["Set-Cookie"] { cookie := parseCookie(cookieStr) + if _, found := whitelistMap[cookie.Name]; found { filteredCookies = append(filteredCookies, cookieStr) } diff --git a/proxychain/responsemodifers/rewriters/html_token_url_rewriter.go b/proxychain/responsemodifers/rewriters/html_token_url_rewriter.go index 8f0e328..5489a78 100644 --- a/proxychain/responsemodifers/rewriters/html_token_url_rewriter.go +++ b/proxychain/responsemodifers/rewriters/html_token_url_rewriter.go @@ -111,6 +111,7 @@ func (r *HTMLTokenURLRewriter) ShouldModify(token *html.Token) bool { func (r *HTMLTokenURLRewriter) ModifyToken(token *html.Token) (string, string) { for i := range token.Attr { attr := &token.Attr[i] + switch { // don't touch tag/attributes that don't contain URIs case !rewriteAttrs[token.Data][attr.Key]: @@ -192,9 +193,11 @@ func handleRootRelativePath(attr *html.Attribute, baseURL *url.URL) { // Document-relative URLs: These are relative to the current document's path and don't start with a "/". func handleDocumentRelativePath(attr *html.Attribute, baseURL *url.URL) { log.Printf("PROCESSING: key: %s val: %s\n", attr.Key, attr.Val) + if strings.HasPrefix(attr.Val, "#") { return } + relativePath := path.Join(strings.Trim(baseURL.RawPath, "/"), strings.Trim(attr.Val, "/")) attr.Val = fmt.Sprintf( "%s://%s/%s", @@ -204,13 +207,15 @@ func handleDocumentRelativePath(attr *html.Attribute, baseURL *url.URL) { ) attr.Val = escape(attr.Val) attr.Val = fmt.Sprintf("/%s", attr.Val) + log.Printf("doc rel url rewritten-> '%s'='%s'", attr.Key, attr.Val) } // full URIs beginning with https?://proxiedsite.com -func handleAbsolutePath(attr *html.Attribute, baseURL *url.URL) { +func handleAbsolutePath(attr *html.Attribute, _ *url.URL) { // check if valid URL log.Printf("PROCESSING: key: %s val: %s\n", attr.Key, attr.Val) + u, err := url.Parse(attr.Val) if err != nil { return @@ -218,6 +223,7 @@ func handleAbsolutePath(attr *html.Attribute, baseURL *url.URL) { if !(u.Scheme == "http" || u.Scheme == "https") { return } + attr.Val = fmt.Sprintf("/%s", escape(strings.TrimPrefix(attr.Val, "/"))) //attr.Val = fmt.Sprintf("/%s", escape(attr.Val)) diff --git a/proxychain/responsemodifers/rewriters/script_injector_rewriter.go b/proxychain/responsemodifers/rewriters/script_injector_rewriter.go index 0ff0d7e..d6e63b5 100644 --- a/proxychain/responsemodifers/rewriters/script_injector_rewriter.go +++ b/proxychain/responsemodifers/rewriters/script_injector_rewriter.go @@ -34,7 +34,7 @@ func (r *ScriptInjectorRewriter) ShouldModify(token *html.Token) bool { //go:embed after_dom_idle_script_injector.js var afterDomIdleScriptInjector string -func (r *ScriptInjectorRewriter) ModifyToken(token *html.Token) (string, string) { +func (r *ScriptInjectorRewriter) ModifyToken(_ *html.Token) (string, string) { switch { case r.execTime == BeforeDOMContentLoaded: return "", fmt.Sprintf("\n\n", r.script) @@ -58,6 +58,7 @@ func (r *ScriptInjectorRewriter) applyParams(params map[string]string) { for key := range params { keys = append(keys, key) } + sort.Slice(keys, func(i, j int) bool { return len(keys[i]) > len(keys[j]) })