From 66700787ea5be445db71d90d3b172df39d09161f Mon Sep 17 00:00:00 2001 From: bretfourbe Date: Wed, 9 Aug 2023 01:32:31 +0200 Subject: [PATCH] Add integration tests for https_redirect module --- tests/integration/docker-compose.setup.yml | 15 + tests/integration/run.sh | 1 + .../test_mod_https_redirect/Dockerfile | 21 + .../apache_conf/000-default.conf | 26 + .../assertions/check.sh | 1 + .../assertions/https_redirect_443_.json | 717 ++++++++++++++++++ .../assertions/https_redirect_8080_.json | 553 ++++++++++++++ .../assertions/https_redirect_80_.json | 553 ++++++++++++++ .../assertions/https_redirect_8443_.json | 511 +++++++++++++ .../php/src/401_error.php | 5 + .../php/src/500_error.php | 5 + .../php/src/http_redirect.php | 5 + .../php/src/https_redirect.php | 5 + .../test_mod_https_redirect/php/src/index.php | 18 + .../php/src/no_redirect.php | 9 + .../php/src/relative_redirect.php | 5 + tests/integration/wapiti/modules.json | 51 ++ .../integration/wapiti/templates_and_data.py | 21 +- 18 files changed, 2520 insertions(+), 2 deletions(-) create mode 100644 tests/integration/test_mod_https_redirect/Dockerfile create mode 100644 tests/integration/test_mod_https_redirect/apache_conf/000-default.conf create mode 120000 tests/integration/test_mod_https_redirect/assertions/check.sh create mode 100644 tests/integration/test_mod_https_redirect/assertions/https_redirect_443_.json create mode 100644 tests/integration/test_mod_https_redirect/assertions/https_redirect_8080_.json create mode 100644 tests/integration/test_mod_https_redirect/assertions/https_redirect_80_.json create mode 100644 tests/integration/test_mod_https_redirect/assertions/https_redirect_8443_.json create mode 100644 tests/integration/test_mod_https_redirect/php/src/401_error.php create mode 100644 tests/integration/test_mod_https_redirect/php/src/500_error.php create mode 100644 tests/integration/test_mod_https_redirect/php/src/http_redirect.php create mode 100644 tests/integration/test_mod_https_redirect/php/src/https_redirect.php create mode 100644 tests/integration/test_mod_https_redirect/php/src/index.php create mode 100644 tests/integration/test_mod_https_redirect/php/src/no_redirect.php create mode 100644 tests/integration/test_mod_https_redirect/php/src/relative_redirect.php diff --git a/tests/integration/docker-compose.setup.yml b/tests/integration/docker-compose.setup.yml index 122966f36..a6f839b2e 100644 --- a/tests/integration/docker-compose.setup.yml +++ b/tests/integration/docker-compose.setup.yml @@ -208,6 +208,19 @@ services: volumes: - drupal9_db_data:/var/lib/mysql + # Apache container for the https_redirect module + https_redirect: + build: + context: ./test_mod_https_redirect/ + dockerfile: Dockerfile + args: + PHP_HASH_TAG: ${PHP_HASH} + volumes: + - ./test_mod_https_redirect/php/src:/var/www/html + <<: *healthcheck_web + networks: + - test-network + # Apache container for the log4shell module log4shell: build: @@ -468,6 +481,8 @@ services: condition: service_healthy http_headers: condition: service_healthy + https_redirect: + condition: service_healthy csrf: condition: service_healthy wordpress: diff --git a/tests/integration/run.sh b/tests/integration/run.sh index 6cb2cf4df..449cd4ab2 100755 --- a/tests/integration/run.sh +++ b/tests/integration/run.sh @@ -13,6 +13,7 @@ test_mod_csrf \ test_mod_drupal_enum \ test_mod_htaccess \ test_mod_http_headers \ +test_mod_https_redirect \ test_mod_exec \ test_mod_file \ test_mod_log4shell \ diff --git a/tests/integration/test_mod_https_redirect/Dockerfile b/tests/integration/test_mod_https_redirect/Dockerfile new file mode 100644 index 000000000..65000b3b9 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/Dockerfile @@ -0,0 +1,21 @@ +ARG PHP_HASH_TAG=':8.1-apache' +FROM php${PHP_HASH_TAG} +EXPOSE 443 80 8443 8080 + +RUN apt-get -y update && \ + apt-get -y install openssl -y && \ + apt-get -y clean && \ + apt-get -y autoremove && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ + truncate -s 0 /var/log/*log + +RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ + -keyout /etc/apache2/server.key -out /etc/apache2/server.crt \ + -subj "/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=localhost" + +RUN /usr/sbin/a2enmod rewrite ssl + +COPY ./apache_conf/000-default.conf /etc/apache2/sites-available/000-default.conf + +# Start Apache +CMD ["apache2-foreground"] diff --git a/tests/integration/test_mod_https_redirect/apache_conf/000-default.conf b/tests/integration/test_mod_https_redirect/apache_conf/000-default.conf new file mode 100644 index 000000000..39283cb56 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/apache_conf/000-default.conf @@ -0,0 +1,26 @@ +Listen 8080 +NameVirtualHost *:8080 + +Listen 8443 https +NameVirtualHost *:8443 + + + ServerName https_redirect + DocumentRoot /var/www/html/ + + AllowOverride All + + + + + + ServerName https_redirect + DocumentRoot /var/www/html/ + + AllowOverride All + + + SSLEngine on + SSLCertificateFile /etc/apache2/server.crt + SSLCertificateKeyFile /etc/apache2/server.key + diff --git a/tests/integration/test_mod_https_redirect/assertions/check.sh b/tests/integration/test_mod_https_redirect/assertions/check.sh new file mode 120000 index 000000000..aa85f6fcd --- /dev/null +++ b/tests/integration/test_mod_https_redirect/assertions/check.sh @@ -0,0 +1 @@ +../../check.sh \ No newline at end of file diff --git a/tests/integration/test_mod_https_redirect/assertions/https_redirect_443_.json b/tests/integration/test_mod_https_redirect/assertions/https_redirect_443_.json new file mode 100644 index 000000000..1cc543ea1 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/assertions/https_redirect_443_.json @@ -0,0 +1,717 @@ +{ + "vulnerabilities": { + "Unencrypted Channels": [ + { + "method": "GET", + "path": "/", + "info": "No HTTPS redirection", + "parameter": "", + "http_request": "GET / HTTP/1.1\nhost: https_redirect\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 200, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + }, + { + "method": "GET", + "path": "/http_redirect.php", + "info": "Redirected to HTTP location : http://https_redirect:80/index.php", + "parameter": "", + "http_request": "GET /http_redirect.php HTTP/1.1\nhost: https_redirect\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 302, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "http://https_redirect:80/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + }, + { + "method": "GET", + "path": "/index.php", + "info": "No HTTPS redirection", + "parameter": "", + "http_request": "GET /index.php HTTP/1.1\nhost: https_redirect\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 200, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + }, + { + "method": "GET", + "path": "/no_redirect.php", + "info": "No HTTPS redirection", + "parameter": "", + "http_request": "GET /no_redirect.php HTTP/1.1\nhost: https_redirect\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 200, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "102" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + }, + { + "method": "GET", + "path": "/relative_redirect.php", + "info": "Redirected to HTTP location : /index.php", + "parameter": "", + "http_request": "GET /relative_redirect.php HTTP/1.1\nhost: https_redirect\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 302, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + } + ] + }, + "infos": { + "target": "https://https_redirect/", + "crawled_pages_nbr": 8, + "crawled_pages": [ + { + "request": { + "url": "https://https_redirect/", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/401_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 401, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/500_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 500, + "body": "", + "headers": [ + [ + "connection", + "close" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/http_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "http://https_redirect:80/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/https_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "https://https_redirect:443/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/index.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/no_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tNo redirect\n\n\n\t

Lorem ipsum

\n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "102" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect/relative_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + ] + } +} \ No newline at end of file diff --git a/tests/integration/test_mod_https_redirect/assertions/https_redirect_8080_.json b/tests/integration/test_mod_https_redirect/assertions/https_redirect_8080_.json new file mode 100644 index 000000000..92a62c298 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/assertions/https_redirect_8080_.json @@ -0,0 +1,553 @@ +{ + "vulnerabilities": { + "Unencrypted Channels": [ + { + "method": "GET", + "path": "/", + "info": "No HTTPS redirection", + "parameter": "", + "http_request": "GET / HTTP/1.1\nhost: https_redirect:8080\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 200, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + } + ] + }, + "infos": { + "target": "http://https_redirect:8080/", + "crawled_pages_nbr": 8, + "crawled_pages": [ + { + "request": { + "url": "http://https_redirect:8080/", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/401_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 401, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/500_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 500, + "body": "", + "headers": [ + [ + "connection", + "close" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/http_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "http://https_redirect:80/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/https_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "https://https_redirect:443/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/index.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/no_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tNo redirect\n\n\n\t

Lorem ipsum

\n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "102" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect:8080/relative_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8080" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + ] + } +} \ No newline at end of file diff --git a/tests/integration/test_mod_https_redirect/assertions/https_redirect_80_.json b/tests/integration/test_mod_https_redirect/assertions/https_redirect_80_.json new file mode 100644 index 000000000..c500d7d98 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/assertions/https_redirect_80_.json @@ -0,0 +1,553 @@ +{ + "vulnerabilities": { + "Unencrypted Channels": [ + { + "method": "GET", + "path": "/", + "info": "No HTTPS redirection", + "parameter": "", + "http_request": "GET / HTTP/1.1\nhost: https_redirect\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "wstg": [ + "WSTG-CRYP-03" + ], + "detail": { + "response": { + "status_code": 200, + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + } + ] + }, + "infos": { + "target": "http://https_redirect/", + "crawled_pages_nbr": 8, + "crawled_pages": [ + { + "request": { + "url": "http://https_redirect/", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/401_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 401, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/500_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 500, + "body": "", + "headers": [ + [ + "connection", + "close" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/http_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "http://https_redirect:80/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/https_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "https://https_redirect:443/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/index.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/no_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tNo redirect\n\n\n\t

Lorem ipsum

\n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "102" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "http://https_redirect/relative_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + ] + } +} \ No newline at end of file diff --git a/tests/integration/test_mod_https_redirect/assertions/https_redirect_8443_.json b/tests/integration/test_mod_https_redirect/assertions/https_redirect_8443_.json new file mode 100644 index 000000000..54ae2a540 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/assertions/https_redirect_8443_.json @@ -0,0 +1,511 @@ +{ + "vulnerabilities": { + "Unencrypted Channels": [] + }, + "infos": { + "target": "https://https_redirect:8443/", + "crawled_pages_nbr": 8, + "crawled_pages": [ + { + "request": { + "url": "https://https_redirect:8443/", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/401_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 401, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/500_error.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 500, + "body": "", + "headers": [ + [ + "connection", + "close" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/http_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "http://https_redirect:80/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/https_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "https://https_redirect:443/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/index.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tIndex\n\n\n\t

Index

\n\t

This is a simple PHP web page.

\n \n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "220" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/no_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 200, + "body": "\n\n\n\tNo redirect\n\n\n\t

Lorem ipsum

\n\n\n", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-encoding", + "gzip" + ], + [ + "content-length", + "102" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "vary", + "Accept-Encoding" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + }, + { + "request": { + "url": "https://https_redirect:8443/relative_redirect.php", + "method": "GET", + "headers": [ + [ + "accept", + "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" + ], + [ + "accept-encoding", + "gzip, deflate, br" + ], + [ + "accept-language", + "en-US" + ], + [ + "connection", + "keep-alive" + ], + [ + "host", + "https_redirect:8443" + ], + [ + "user-agent", + "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" + ] + ] + }, + "response": { + "status_code": 302, + "body": "", + "headers": [ + [ + "connection", + "Keep-Alive" + ], + [ + "content-length", + "0" + ], + [ + "content-type", + "text/html; charset=UTF-8" + ], + [ + "location", + "/index.php" + ], + [ + "server", + "Apache/2.4.56 (Debian)" + ], + [ + "x-powered-by", + "PHP/8.1.18" + ] + ] + } + } + ] + } +} \ No newline at end of file diff --git a/tests/integration/test_mod_https_redirect/php/src/401_error.php b/tests/integration/test_mod_https_redirect/php/src/401_error.php new file mode 100644 index 000000000..474575575 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/401_error.php @@ -0,0 +1,5 @@ + diff --git a/tests/integration/test_mod_https_redirect/php/src/500_error.php b/tests/integration/test_mod_https_redirect/php/src/500_error.php new file mode 100644 index 000000000..b1d9ca825 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/500_error.php @@ -0,0 +1,5 @@ + diff --git a/tests/integration/test_mod_https_redirect/php/src/http_redirect.php b/tests/integration/test_mod_https_redirect/php/src/http_redirect.php new file mode 100644 index 000000000..a0db4cef0 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/http_redirect.php @@ -0,0 +1,5 @@ + diff --git a/tests/integration/test_mod_https_redirect/php/src/https_redirect.php b/tests/integration/test_mod_https_redirect/php/src/https_redirect.php new file mode 100644 index 000000000..4088baa39 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/https_redirect.php @@ -0,0 +1,5 @@ + diff --git a/tests/integration/test_mod_https_redirect/php/src/index.php b/tests/integration/test_mod_https_redirect/php/src/index.php new file mode 100644 index 000000000..b622a327e --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/index.php @@ -0,0 +1,18 @@ + + + + Index + + +

Index

+

This is a simple PHP web page.

+ + + diff --git a/tests/integration/test_mod_https_redirect/php/src/no_redirect.php b/tests/integration/test_mod_https_redirect/php/src/no_redirect.php new file mode 100644 index 000000000..a70bf27ba --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/no_redirect.php @@ -0,0 +1,9 @@ + + + + No redirect + + +

Lorem ipsum

+ + diff --git a/tests/integration/test_mod_https_redirect/php/src/relative_redirect.php b/tests/integration/test_mod_https_redirect/php/src/relative_redirect.php new file mode 100644 index 000000000..045280162 --- /dev/null +++ b/tests/integration/test_mod_https_redirect/php/src/relative_redirect.php @@ -0,0 +1,5 @@ + diff --git a/tests/integration/wapiti/modules.json b/tests/integration/wapiti/modules.json index ed9ec70b3..b8a995681 100644 --- a/tests/integration/wapiti/modules.json +++ b/tests/integration/wapiti/modules.json @@ -130,6 +130,57 @@ } ] }, + "test_mod_https_redirect": { + "modules": "https_redirect", + "report_filter_tree": { + "vulnerabilities": { + "Unencrypted Channels": [ + { + "method": "", + "path": "", + "info": "", + "parameter": "", + "http_request": "", + "wstg": [], + "detail": { + "response": { + "status_code": 0, + "headers": [] + } + } + } + ] + }, + "infos": { + "target": "", + "crawled_pages_nbr": 0, + "crawled_pages": [ + { + "request": { + "url": "", + "method": "", + "headers": "" + }, + "response": {} + } + ] + } + }, + "targets": [ + { + "name": "http://https_redirect:80/" + }, + { + "name": "http://https_redirect:8080/" + }, + { + "name": "https://https_redirect:443/" + }, + { + "name": "https://https_redirect:8443/" + } + ] + }, "test_mod_ssrf": { "modules": "ssrf", "supplementary_argument": "--endpoint http://endpoint/", diff --git a/tests/integration/wapiti/templates_and_data.py b/tests/integration/wapiti/templates_and_data.py index 3f1bb9813..c7fe5a976 100644 --- a/tests/integration/wapiti/templates_and_data.py +++ b/tests/integration/wapiti/templates_and_data.py @@ -12,8 +12,8 @@ "csrf", "drupal_enum", "exec", "file", "htaccess", "htp", - "http_headers", "log4shell", - "methods", "nikto", + "http_headers", "https_redirect", + "log4shell", "methods", "nikto", "permanentxss", "redirect", "shellshock", "sql", "ssl", "ssrf", @@ -399,6 +399,23 @@ 'path': '', 'referer': '', 'wstg': []}], + 'Unencrypted Channels': [{'curl_command': '', + 'detail': { + 'response': { + 'body': '', + 'headers': [], + 'status_code': 0 + } + }, + 'http_request': '', + 'info': '', + 'level': 0, + 'method': '', + 'module': '', + 'parameter': '', + 'path': '', + 'referer': '', + 'wstg': []}], 'Weak credentials': [{'curl_command': '', 'detail': { 'response': {