Simple PHP Script For Checking HTTP TRACK And TRACE
Web server support for TRACK and TRACE may make it vulnerable to attacks. I came across Chris Mahns’s script while searching for tools to check web servers. The script is written in Perl but I cannot run it on my machine because of missing Perl libraries. Since I have PHP and CURL installed, I ported the script into PHP. This is what I have done,
#!/usr/bin/php
<?php
#===============================================================================
#
# FILE: test4trace.php
#
# USAGE: ./test4trace.php <host> <port>
#
# DESCRIPTION: Test for the existence of the TRACE method on a web site.
# Adapted from http://bit.ly/qIvvVK. Original Perl version
# written by Chris Mahns.
#
# OPTIONS: ---
# REQUIREMENTS: PHP 5, CURL
# BUGS: None Found Yet
# NOTES: ---
# AUTHOR: Leong Hean Hong (https://about.me/hongster)
# COMPANY: Stream Media Pte Ltd
# VERSION: 0.3
# CREATED: 2011-08-24 17:08:00
# REVISION: ---
#===============================================================================
$help = "Usage: {$argv[0]} <hostname> <port>";
$host = isset($argv[1]) ? trim($argv[1]) : FALSE;
if ($host === FALSE) {
echo "$help\n";
exit;
}
$port = isset($argv[2]) ? (int)$argv[2] : 80;
$scheme = ($port == 443) ? 'https' : 'http';
echo "First we test for Trace...\n";
test($scheme, $host, $port, "TRACE");
echo "Now we test for Track...\n";
test($scheme, $host, $port, "TRACK");
function test($scheme, $host, $port, $method) {
$url = "$scheme://$host:$port/";
$ch = curl_init();
$options = array(
CURLOPT_URL => $url,
CURLOPT_SSL_VERIFYPEER => FALSE, // Skip SSL cert check
CURLOPT_RETURNTRANSFER => 1,
CURLINFO_HEADER_OUT => 1, // To get the request header
CURLOPT_TIMEOUT => 10,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_USERAGENT => "test4trace-pci-auditor/v0.3",
CURLOPT_HTTPHEADER => array(
$method,
"Test",
),
);
curl_setopt_array($ch, $options);
curl_exec($ch);
$response = curl_getinfo($ch, CURLINFO_HEADER_OUT);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (curl_errno($ch)) {
echo "Curl error: ".curl_error($ch)."\n";
curl_close($ch);
return;
}
curl_close($ch);
switch ($http_code) {
case 200:
echo "======this is what you sent======\n";
echo $response;
echo "=================================\n";
echo "$method is working\n";
break;
case 403:
echo "403: Forbidden\n";
break;
case 404:
echo "404: Not Found\n";
break;
case 405:
echo "405: Method Not Allowed\n";
break;
case 501:
echo "501: Not Implemented\n";
break;
default:
echo "Response code: $http_code\n";
break;
}
}
?>
Posted in Tao Of Programming by Ah Hong at August 24th, 2011.
Tags: apache, check, http, php, security, trace, track, vulnerable
Tags: apache, check, http, php, security, trace, track, vulnerable