Improvement regarding parsing HTTP requests through Tor HTTP proxy (i…

….e. `--tor` switch).

doc/CHANGELOG.md

@@ -1,4 +1,5 @@
 ## Version 3.9 (TBA)
+* Revised: Improvement regarding parsing HTTP requests through Tor HTTP proxy (i.e. `--tor` switch).
 * Added: New (hidden) option `--ignore-stdin` regarding ignoring STDIN input. (via @n00b-bot)
 * Revised: Minor improvement regarding successfully completing the scanning process (i.e. in case that parameters with anti-CSRF tokens are omitted). (via @xerxoria)
 * Revised: Minor improvement regarding Windows-based payloads for semiblind (i.e. "file-based") technique (i.e. command execution output).

src/core/injections/blind/techniques/time_based/tb_injector.py

@@ -25,7 +25,6 @@
 from src.utils import settings
 from src.utils import common
 from src.thirdparty.colorama import Fore, Back, Style, init
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests

src/core/injections/results_based/techniques/classic/cb_injector.py

@@ -24,7 +24,6 @@
 from src.utils import menu
 from src.utils import settings
 from src.thirdparty.colorama import Fore, Back, Style, init
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests

src/core/injections/results_based/techniques/eval_based/eb_injector.py

@@ -21,7 +21,6 @@
 import random
 from src.utils import menu
 from src.utils import settings
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests

src/core/injections/semiblind/techniques/file_based/fb_handler.py

@@ -22,7 +22,6 @@
 from src.utils import logs
 from src.utils import settings
 from src.utils import session_handler
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests
@@ -334,11 +333,8 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r
                 headers.do_check(request)
                 headers.check_http_traffic(request)
                 # Check if defined any HTTP Proxy (--proxy option).
-                if menu.options.proxy or menu.options.ignore_proxy: 
+                if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
                   response = proxy.use_proxy(request)
-                # Check if defined Tor (--tor option).
-                elif menu.options.tor:
-                  response = tor.use_tor(request)
                 else:
                   response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
 

src/core/injections/semiblind/techniques/file_based/fb_injector.py

@@ -22,7 +22,6 @@
 import base64
 from src.utils import menu
 from src.utils import settings
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests
@@ -327,11 +326,8 @@ def injection_results(url, OUTPUT_TEXTFILE, timesec):
   request = _urllib.request.Request(output)
   headers.do_check(request)
   # Check if defined any HTTP Proxy (--proxy option).
-  if menu.options.proxy or menu.options.ignore_proxy: 
+  if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
     response = proxy.use_proxy(request)
-  # Check if defined Tor (--tor option).
-  elif menu.options.tor:
-    response = tor.use_tor(request)
   else:
     response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
 

src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py

@@ -25,7 +25,6 @@
 from src.utils import settings
 from src.utils import common
 from src.thirdparty.colorama import Fore, Back, Style, init
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests

src/core/main.py

@@ -114,9 +114,6 @@ def examine_request(request, url):
     # Check if defined any HTTP Proxy (--proxy option).
     if menu.options.proxy or menu.options.ignore_proxy: 
       return proxy.use_proxy(request)
-    # Check if defined Tor (--tor option).
-    elif menu.options.tor:
-      return tor.use_tor(request)
     else:
       try:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
@@ -205,9 +202,6 @@ def url_response(url):
   # Check if http / https
   url = checks.check_http_s(url)
   settings.TARGET_URL = _urllib.parse.urlparse(url).hostname
-  # Check if defined Tor (--tor option).
-  if menu.options.tor and settings.TOR_CHECK_AGAIN:
-    tor.do_check()
   if settings.MULTI_TARGETS or settings.CRAWLING:
     settings.TOR_CHECK_AGAIN = False
     # initiate total of requests
@@ -649,10 +643,6 @@ def main(filename, url):
     if menu.options.answers:
       settings.ANSWERS = menu.options.answers
 
-    if not menu.options.proxy:
-      if _urllib.parse.urlparse(menu.options.url).hostname in ("localhost", "127.0.0.1") or menu.options.ignore_proxy:
-        menu.options.ignore_proxy = True
-
     # Check if defined "--proxy" option.
     if menu.options.proxy:
       if menu.options.tor:
@@ -677,6 +667,16 @@ def main(filename, url):
         print(settings.print_critical_msg(err_msg))
         raise SystemExit()
 
+    if not menu.options.proxy:
+      if _urllib.parse.urlparse(menu.options.url).hostname in ("localhost", "127.0.0.1") or menu.options.ignore_proxy:
+        menu.options.ignore_proxy = True
+      # Check if defined Tor (--tor option).
+      elif menu.options.tor:
+        if menu.options.tor_port:
+          settings.TOR_HTTP_PROXY_PORT = menu.options.tor_port
+        menu.options.proxy = settings.TOR_HTTP_PROXY_IP + ":" + settings.TOR_HTTP_PROXY_PORT
+        tor.do_check()
+
     if menu.options.ignore_session and menu.options.flush_session:
       err_msg = "The '--ignore-session' option is unlikely to work combined with the '--flush-session' option."
       print(settings.print_critical_msg(err_msg))
@@ -757,14 +757,14 @@ def main(filename, url):
       settings.DELAY = menu.options.delay
 
     # Check if defined "--timesec" option.
-    if menu.options.timesec > 0:
+    if menu.options.timesec != 0:
       settings.TIMESEC = menu.options.timesec
-    else:
-      if menu.options.tor:
-        settings.TIMESEC = 10
-        warn_msg = "Increasing default value for option '--time-sec' to"
-        warn_msg += " " + str(settings.TIMESEC) + ", because switch '--tor' was provided."
-        print(settings.print_warning_msg(warn_msg))
+
+    if menu.options.tor:
+      settings.TIMESEC = settings.TIMESEC * 2
+      warn_msg = "Increasing default value for option '--time-sec' to"
+      warn_msg += " " + str(settings.TIMESEC) + ", because switch '--tor' was provided."
+      print(settings.print_warning_msg(warn_msg))
 
     # Local IP address
     if not menu.options.offline:

src/core/modules/shellshock/shellshock.py

@@ -12,7 +12,6 @@
 from src.utils import menu
 from src.utils import logs
 from src.utils import settings
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.thirdparty.colorama import Fore, Back, Style, init
 from src.core.shells import bind_tcp
@@ -313,11 +312,8 @@ def shellshock_handler(url, http_request_method, filename):
         log_http_headers.do_check(request)
         log_http_headers.check_http_traffic(request)
         # Check if defined any HTTP Proxy.
-        if menu.options.proxy or menu.options.ignore_proxy: 
+        if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
           response = proxy.use_proxy(request)
-        # Check if defined Tor.
-        elif menu.options.tor:
-          response = tor.use_tor(request)
         else:
           response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
         if check_header == "Cookie":
@@ -562,11 +558,8 @@ def check_for_shell(url, cmd, cve, check_header, filename):
       log_http_headers.do_check(request)
       log_http_headers.check_http_traffic(request)
       # Check if defined any HTTP Proxy.
-      if menu.options.proxy or menu.options.ignore_proxy: 
+      if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
         response = proxy.use_proxy(request)
-      # Check if defined Tor.
-      elif menu.options.tor:
-        response = tor.use_tor(request)
       else:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
       if check_header == "User-Agent":

src/core/requests/authentication.py

@@ -20,7 +20,6 @@
 from src.utils import menu
 from src.utils import settings
 from src.utils import session_handler
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.utils import common
@@ -175,11 +174,8 @@ def http_auth_cracker(url, realm):
           headers.do_check(request)
           headers.check_http_traffic(request)
           # Check if defined any HTTP Proxy (--proxy option).
-          if menu.options.proxy or menu.options.ignore_proxy: 
+          if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
             proxy.use_proxy(request)
-          # Check if defined Tor (--tor option).
-          elif menu.options.tor:
-            tor.use_tor(request)
           response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
           # Store valid results to session
           admin_panel = url

src/core/requests/proxy.py

@@ -33,6 +33,10 @@ def use_proxy(request):
       proxy = _urllib.request.ProxyHandler({})
       opener = _urllib.request.build_opener(proxy)
       _urllib.request.install_opener(opener)
+    elif menu.options.tor:
+      proxy = _urllib.request.ProxyHandler({settings.TOR_HTTP_PROXY_SCHEME:menu.options.proxy})
+      opener = _urllib.request.build_opener(proxy)
+      _urllib.request.install_opener(opener)
     else:
       request.set_proxy(menu.options.proxy, settings.SCHEME)
     return _urllib.request.urlopen(request, timeout=settings.TIMEOUT)

src/core/requests/requests.py

@@ -27,7 +27,6 @@
 _http_client._MAXLINE = 1 * 1024 * 1024
 from src.utils import common
 from src.utils import crawler
-from src.core.requests import tor
 from src.core.requests import proxy
 from src.core.requests import headers
 from src.core.requests import requests
@@ -52,10 +51,8 @@ def crawler_request(url):
       request = _urllib.request.Request(url)
     headers.do_check(request)
     headers.check_http_traffic(request)
-    if menu.options.proxy or menu.options.ignore_proxy: 
+    if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
       response = proxy.use_proxy(request)
-    elif menu.options.tor:
-      response = tor.use_tor(request)
     else:
       response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
     if type(response) is not bool and settings.FOLLOW_REDIRECT and response is not None:
@@ -278,7 +275,15 @@ def request_failed(err_msg):
     except IndexError:
       error_msg = str(err_msg)
 
-  if any(x in str(error_msg).lower() for x in ["wrong version number", "ssl", "https"]):
+  if "Tunnel connection failed" in str(error_msg) and menu.options.tor:
+      err_msg = "Can't establish connection with the Tor network. "  
+      err_msg += "Please make sure that you have "
+      err_msg += "Tor bundle (https://www.torproject.org/download/) or Tor and Privoxy installed and setup "
+      err_msg += "so you could be able to successfully use switch '--tor'."
+      print(settings.print_critical_msg(err_msg))
+      raise SystemExit()
+
+  elif any(x in str(error_msg).lower() for x in ["wrong version number", "ssl", "https"]):
     settings.MAX_RETRIES = 1
     error_msg = "Can't establish SSL connection. "
     if settings.MULTI_TARGETS or settings.CRAWLING:
@@ -292,9 +297,15 @@ def request_failed(err_msg):
   elif any(x in str(error_msg).lower() for x in ["connection refused", "timeout"]):
     settings.MAX_RETRIES = 1
     err = "Unable to connect to the target URL"
-    if menu.options.proxy or menu.options.ignore_proxy: 
+    if menu.options.tor:
+      err += " or Tor HTTP proxy."
+    elif menu.options.proxy or menu.options.ignore_proxy: 
       err += " or proxy"
     err = err + " (Reason: " + str(error_msg)  + "). "
+    if menu.options.tor:
+      err += "Please make sure that you have "
+      err += "Tor bundle (https://www.torproject.org/download/) or Tor and Privoxy installed and setup "
+      err += "so you could be able to successfully use switch '--tor'."
     if settings.MULTI_TARGETS or settings.CRAWLING:
       err = err + "Skipping to the next target."
     error_msg = err
@@ -393,16 +404,11 @@ def request_failed(err_msg):
 def get_request_response(request):
 
   headers.check_http_traffic(request)
-  if menu.options.proxy or menu.options.ignore_proxy: 
+  if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
     try:
       response = proxy.use_proxy(request)
     except Exception as err_msg:
       response = request_failed(err_msg)
-  elif menu.options.tor:
-    try:
-      response = tor.use_tor(request)
-    except Exception as err_msg:
-      response = request_failed(err_msg)
   else:
     try:
       response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
@@ -437,11 +443,8 @@ def inject_cookie(url, vuln_parameter, payload):
       request.add_header('Cookie', menu.options.cookie.replace(settings.INJECT_TAG, payload))
     try:
       headers.check_http_traffic(request)
-      if menu.options.proxy or menu.options.ignore_proxy: 
+      if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
         response = proxy.use_proxy(request)
-      # Check if defined Tor (--tor option).
-      elif menu.options.tor:
-        response = tor.use_tor(request)
       else:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
       return response
@@ -484,11 +487,8 @@ def inject_user_agent(url, vuln_parameter, payload):
     request.add_header('User-Agent', payload)
     try:
       headers.check_http_traffic(request)
-      if menu.options.proxy or menu.options.ignore_proxy: 
+      if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
         response = proxy.use_proxy(request)
-      # Check if defined Tor (--tor option).
-      elif menu.options.tor:
-        response = tor.use_tor(request)
       else:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
       return response
@@ -531,11 +531,8 @@ def inject_referer(url, vuln_parameter, payload):
     request.add_header('Referer', payload)
     try:
       headers.check_http_traffic(request)
-      if menu.options.proxy or menu.options.ignore_proxy: 
+      if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
         response = proxy.use_proxy(request)
-      # Check if defined Tor (--tor option).
-      elif menu.options.tor:
-        response = tor.use_tor(request)
       else:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
       return response
@@ -586,11 +583,8 @@ def inject_host(url, vuln_parameter, payload):
     request.add_header('Host', payload)
     try:
       headers.check_http_traffic(request)
-      if menu.options.proxy or menu.options.ignore_proxy: 
+      if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
         response = proxy.use_proxy(request)
-      # Check if defined Tor (--tor option).
-      elif menu.options.tor:
-        response = tor.use_tor(request)
       else:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
       return response
@@ -636,11 +630,8 @@ def inject_custom_header(url, vuln_parameter, payload):
       request.add_header(settings.CUSTOM_HEADER_NAME, settings.CUSTOM_HEADER_VALUE + payload)
     try:
       headers.check_http_traffic(request)
-      if menu.options.proxy or menu.options.ignore_proxy: 
+      if menu.options.proxy or menu.options.ignore_proxy or menu.options.tor: 
         response = proxy.use_proxy(request)
-      # Check if defined Tor (--tor option).
-      elif menu.options.tor:
-        response = tor.use_tor(request)
       else:
         response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
       return response