Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add secrets, update Burp integration and tests #158

Merged
merged 7 commits into from
Jul 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 39 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ Installation 📡
----------

### Homebrew

```
brew install cariddi
```
Expand Down Expand Up @@ -180,7 +181,44 @@ Examples 💡
- use `powershell.exe -Command "cat urls | .\cariddi.exe"` inside the Command prompt
- or just `cat urls | cariddi.exe` using PowerShell

- To integrate cariddi with Burpsuite [follow these steps](https://github.com/edoardottt/cariddi/wiki/BurpSuite-Integration).
- To integrate cariddi with Burpsuite [follow these steps](https://github.com/edoardottt/cariddi/wiki/BurpSuite-Integration) or click the button below:

<details>
<summary>Integrate cariddi with Burpsuite</summary>

Normally you use Burpsuite within your browser, so you just have to trust the burpsuite's certificate in the browser and you're done.
In order to use cariddi with the BurpSuite proxy you should do some steps further.

If you try to use cariddi with the option `-proxy http://127.0.0.1:8080` you will find this error in the burpsuite error log section:

```bash
Received fatal alert: bad_certificate (or something similar related to the certificate).
```

To make cariddi working fine with Burpsuite you have also to trust the certificate within your entire pc, not just only the browser. These are the steps you have to follow:

Go to Proxy tab in Bupsuite, then Options. Click on the CA Certificate button and export Certificate in DER format

```bash
openssl x509 -in burp.der -inform DER -out burp.pem -outform PEM
sudo chown root:root burp.pem
sudo chmod 644 burp.pem
sudo cp burp.pem /usr/local/share/ca-certificates/
sudo c_rehash
cd /etc/ssl/certs/
sudo ln -s /usr/local/share/ca-certificates/burp.pem
sudo c_rehash .
```

Source: Trust Burp Proxy certificate in Debian/Ubuntu

After these steps, in order to use cariddi with Burpsuite you have to:

1. Open Burpsuite, making sure that the proxy is listening.
2. Use cariddi with the flag `-proxy http://127.0.0.1:8080`.
3. You will see that requests and responses will be logged in Burpsuite.

</details>

Changelog 📌
-------
Expand Down
25 changes: 24 additions & 1 deletion internal/slice/slice_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@ func TestRemoveDuplicateValues(t *testing.T) {
slice: nil,
want: []string{},
},
{
name: "one element",
slice: []string{"a"},
want: []string{"a"},
},
{
name: "withous duplicates",
slice: []string{"a", "b", "c"},
Expand Down Expand Up @@ -133,7 +138,7 @@ func TestCheckCookies(t *testing.T) {
},
},
{
name: "several paris",
name: "several pairs",
input: "name1:some_value@1;name_2:some$%_value@",
want: []*http.Cookie{
{
Expand All @@ -146,6 +151,24 @@ func TestCheckCookies(t *testing.T) {
},
},
},
{
name: "several pairs 2",
input: "name1:some_value@1;name_2:some$%_value@;name_3:somevalueeeeee",
want: []*http.Cookie{
{
Name: "name1",
Value: "some_value@1",
},
{
Name: "name_2",
Value: "some$%_value@",
},
{
Name: "name_3",
Value: "somevalueeeeee",
},
},
},
{
name: "some pairs are not valid",
input: "name1:value:_1;name;2:value2;name_3:value_3",
Expand Down
72 changes: 64 additions & 8 deletions pkg/crawler/useragents.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@ import (

// genOsString generates a random OS string for a User Agent.
func genOsString() string {
rand.Seed(time.Now().UnixNano())
source := rand.NewSource(time.Now().UnixNano())
rng := rand.New(source)

// Operating system.
var OsStrings = []string{
"Macintosh; Intel Mac OS X 10_10",
Expand All @@ -48,15 +50,43 @@ func genOsString() string {
"X11; Linux x86_64",
}

return OsStrings[rand.Intn(len(OsStrings))]
return OsStrings[rng.Intn(len(OsStrings))]
}

// genFirefoxUA generates a random Firefox User Agent.
func genFirefoxUA() string {
rand.Seed(time.Now().UnixNano())
source := rand.NewSource(time.Now().UnixNano())
rng := rand.New(source)

// Firefox versions.
var FirefoxVersions = []float32{
127.0,
126.0,
124.0,
123.0,
122.0,
121.0,
120.0,
119.0,
118.0,
117.0,
116.0,
115.0,
114.0,
113.0,
112.0,
111.0,
110.0,
109.0,
108.0,
107.0,
106.0,
105.0,
104.0,
103.0,
102.0,
101.0,
100.0,
58.0,
57.0,
56.0,
Expand All @@ -66,25 +96,50 @@ func genFirefoxUA() string {
35.0,
}

version := FirefoxVersions[rand.Intn(len(FirefoxVersions))]
version := FirefoxVersions[rng.Intn(len(FirefoxVersions))]

return fmt.Sprintf("Mozilla/5.0 (%s; rv:%.1f) Gecko/20100101 Firefox/%.1f", genOsString(), version, version)
}

// genChromeUA generates a random Chrome User Agent.
func genChromeUA() string {
rand.Seed(time.Now().UnixNano())
source := rand.NewSource(time.Now().UnixNano())
rng := rand.New(source)

// Chrome versions.
var ChromeVersions = []string{
"126.0.6478.126",
"124.0.6367.60",
"123.0.6312.105",
"121.0.6167.160",
"120.0.6099.199",
"119.0.6045.199",
"118.0.5993.70",
"117.0.5938.149",
"116.0.5845.140",
"115.0.5790.170",
"114.0.5735.90",
"113.0.5672.126",
"112.0.5615.137",
"111.0.5563.110",
"109.0.5414.119",
"108.0.5359.94",
"107.0.5304.62",
"106.0.5249.15",
"105.0.5195.51",
"104.0.5112.105",
"103.0.5060.2",
"102.0.5005.156",
"101.0.4951.69",
"100.0.4896.163",
"65.0.3325.146",
"64.0.3282.0",
"41.0.2228.0",
"40.0.2214.93",
"37.0.2062.124",
}

version := ChromeVersions[rand.Intn(len(ChromeVersions))]
version := ChromeVersions[rng.Intn(len(ChromeVersions))]

return fmt.Sprintf("Mozilla/5.0 (%s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/%s Safari/537.36",
genOsString(), version)
Expand All @@ -93,9 +148,10 @@ func genChromeUA() string {
// GenerateRandomUserAgent generates a random user agent
// (can be Chrome or Firefox).
func GenerateRandomUserAgent() string {
rand.Seed(time.Now().UnixNano())
source := rand.NewSource(time.Now().UnixNano())
rng := rand.New(source)

decision := rand.Intn(100)
decision := rng.Intn(100)

var ua string
if decision%2 == 0 {
Expand Down
Loading
Loading