Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Kyobot PHP Proxy
Posted by: Kyo
Date: April 27, 2008 08:07AM

Hey everyone, I've been semi-active here quite some time ago, but I seem to have misplaced my account, making this my first post again

a few days ago I finally sat down and semi-finished the version 2 of my kyobot PHP proxy

http://wocares.com/kyobot2.php

custom cookies/post aren't implemented yet (and I think there's a bug in the real proxy function)

So, slackers, I ask you to test it, report any bugs you find and suggest some features I should fix/implement before officially releasing version 2.

thanks!

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: DoctorDan
Date: April 27, 2008 09:26PM

How about proxying URLs in CSS?
I worked on a PHP proxy for a while. There are a bunch of weird cases that make it a real pain. What route did you go down for switching every single URL to being proxied? I've wondered about a DOM-based way of doing this (injecting JavaScript into the page).

-Dan

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: Kyo
Date: April 30, 2008 06:22AM

I've been thinking about proxying both the urls in CSS and Javascript, but it's just so much work to get everything proxied (like what if an url would be 'Http://urlstuff.com/asd.php?a='+Variable)
it'd mess up the javascript. CSS is easier, I suppose. I'll definitely try to implement that in some time

I'm at school right now, but once I come home I'll show you how I switched the urls (it's preg_match_all plus regex)

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: DoctorDan
Date: May 02, 2008 11:49PM

I feel like getting a hold of the DOM would make all the parsing much easier (in terms of changing URLs). So, now how could we change the DOM before the element we are changing is used to make a request (such as an image)? I don't know if it's possible, doesn't sound promising, but it would be GREAT. I bet theres a PHP class somewhere out there to help.

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: moubik
Date: May 28, 2008 05:18AM

http://wocares.com/kyobot2.php?load=1&autosetc=1&url=websecurity.ro?.intl=us

path disclosure
-----------
Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/wocares/public_html/kyobot2.php on line 100

Warning: fsockopen() [function.fsockopen]: unable to connect to websecurity.ro?.intl=us:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known) in /home/wocares/public_html/kyobot2.php on line 100
Error:
php_network_getaddresses: getaddrinfo failed: Name or service not known (0)
-----------

xss
-----------
http://wocares.com/kyobot2.php?load=1&autosetc=1&url=websecurity.ro/');</script><script>alert(1)</script><h1>
-----------

there are a lot of path disclosures...



Edited 2 time(s). Last edit at 05/28/2008 05:25AM by moubik.

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: birdie
Date: June 05, 2008 05:53PM

Yes and your point is?

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: moubik
Date: June 13, 2008 03:48AM

Kyo Wrote:
-------------------------------------------------------

> So, slackers, I ask you to test it, report any
> bugs you find and suggest some features I should
> fix/implement before officially releasing version
> 2.
>
> thanks!

my point is testing and reporting. why do you ask ?

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: Anonymous User
Date: June 13, 2008 04:57AM

"This Account Has Been Suspended" okay?

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: Kyo
Date: June 13, 2008 10:21AM

I don't know why I've been suspended, as I'm being hosted by a friend. Thanks for all the reports, I'll fix them before the official release.

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: moubik
Date: June 24, 2008 02:11AM

.mario, Kyo just said something and probably read what i wrote. That might have helped him.
If you lose some of your aggressiveness and some of your ego you might be a nicer person :)

Options: ReplyQuote
Re: Kyobot PHP Proxy
Date: June 24, 2008 09:09AM

moubik Wrote:
-------------------------------------------------------
> .mario, Kyo just said something and probably read
> what i wrote. That might have helped him.
> If you lose some of your aggressiveness and some
> of your ego you might be a nicer person :)

Did you mean to reply to birdie? .mario only pointed out the account had been suspended. By the way I was too lazy to reply before, but when the account was suspended it was most likely due to its CPU usage.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: Anonymous User
Date: June 28, 2008 07:52AM

@moubik: Yep - me not get your point. But thanks for your advice of becoming a nicer person - if i'd only known that trick earlier...

Options: ReplyQuote
Re: Kyobot PHP Proxy
Posted by: iota
Date: June 28, 2008 10:22AM

Keep up with good work!

Please increment development towards full features like PHPProxy and CGIProxy.

Options: ReplyQuote


Sorry, only registered users may post in this forum.