breach-https
old python script to demo breach-https vulnerbility
git clone https://9o.is/git/breach-https.git
main.scala
(1690B)
1 import unfiltered._
2 import unfiltered.request._
3 import unfiltered.response._
4
5 object Main {
6
7 def main(a: Array[String]) {
8 (new jetty.Http(8080, "0.0.0.0") with jetty.Ssl {
9 def sslPort = 8433
10 }).filter(Breach).run
11 }
12 }
13
14 object Breach extends unfiltered.filter.Plan {
15
16 def intent = unfiltered.kit.GZip {
17 case r @ Path(p) & Host(h) if(!r.isSecure) => Redirect(
18 "https://%s:8433%s" format(h.split(':')(0),p)
19 )
20 case r @ Path(p) & Host(h) & Params(q) =>
21 Html(
22 <html>
23 <head>
24 <title>BREACH PoC</title>
25 </head>
26 <body style="margin:30px">
27 <p>
28 This is just a basic example. The form below doesn't do anything, but contains a fake CSRF Token. Test the BREACH PoC on this webpage with HTTPS.
29 </p>
30 <p>
31 For more information, visit their offical site at <a href="http://breachattack.com/">http://breachattack.com/</a>.
32 </p>
33 <form>
34 <input id="referrer_id" type="hidden" name="referrer" value={h+p+"?"+q.map(f=> f._1+"="+f._2.mkString).mkString("&")}></input>
35 <input id="csrfToken_id" type="hidden" name="csrfToken" value="ajax:9485364423219012891"></input>
36 <input id="name_id" type="text" name="name" placeholder="Name"></input>
37 <input id="email_id" type="email" name="email" placeholder="Email"></input>
38 <input id="password_id" type="password" name="password" placeholder="Password"></input>
39 <input id="submit_id" type="submit" value="Submit"></input>
40 </form>
41 </body>
42 </html>
43 )
44 case _ => Pass
45 }
46 }