Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Http Error 401 - Server dint respond #88

Closed
amkhullar opened this issue Aug 6, 2019 · 3 comments · Fixed by #94
Closed

Http Error 401 - Server dint respond #88

amkhullar opened this issue Aug 6, 2019 · 3 comments · Fixed by #94

Comments

@amkhullar
Copy link

amkhullar commented Aug 6, 2019

What's the problem (or question)?

We are trying to to a hit a box for Web App Attack through nosqlmap but it gives 401 error. Though we can access the same url from the browser and it works with a response

Do you have an idea for a solution?

No idea

How can we reproduce the issue?


| | |/ |/ _ | | | / | _ _ __
| . / _ \__ \ (_) | |__| |\/| / _ | '

|
|__
//___|| |_,| .__/
v0.7 codingo@protonmail.com |_|
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 3

Web App Attacks (GET)
===============
Checking to see if site at qa.orrc.com:443/v1/entity/info/5d2f10c252faff0001b865ef is up...
https://qa.orrc.com:443/v1/entity/info/5d2f10c252faff0001b865ef
HTTP Error 401:
Looks like the server didn't respond.  Check your options.
Press enter to continue...

What are the running context details?

  • Installation method (e.g. pip, apt-get, git clone or zip/tar.gz): zip
  • Client OS (e.g. Microsoft Windows 10) Windows 10
  • Program version (python sqlmap.py --version or sqlmap --version depending on installation): 0.7
  • Target DBMS (e.g. Mongo): Mongo
  • Detected WAF/IDS/IPS protection (e.g. ModSecurity or unknown):
  • Results of manual target assessment
  • Relevant console output (if any):
  • Exception traceback (if any):
@amkhullar
Copy link
Author

amkhullar commented Aug 7, 2019

I am doing some debugging by printing the code variables to see where the issue might be it seems the headers are not getting set properly.
Below is the option i use and the value i am setting, let me know if the format is wrong.

Select an option: h
Enter HTTP Request Header data in a comma separated list (i.e. header name 1,value1,header name 2,value2)
Authorization,eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiJ2bXAuYWRtaW5AbWFya2l0LmNvbSIsInNvbHV0aW9ucyI6WyJWTVAiXSwicm9sZXMiOlsiU09MVVRJT05fQURNSU4iXX0.I2-GBOUjulshJGAXCsV9yd0X9PflA5Q13r6aXD1AjuA

and when i am trying to print the variable

if https == "OFF":
        appURL = "http://" + str(victim).strip() + ":" + str(webPort).strip() + str(uri).strip()
        print(appURL)
    elif https == "ON":
        appURL = "https://" + str(victim).strip() + ":" + str(webPort).strip() + str(uri).strip()
        print(appURL)
	print(requestHeaders)
    try:
        req = urllib2.Request(appURL, None, requestHeaders)
        appRespCode = urllib2.urlopen(req).getcode()

i get {} as output for requestHeaders

This can be fixed with below code:

elif select == "h":
            reqHeadersIn = raw_input("Enter HTTP Request Header data in a comma separated list (i.e. header name 1,value1,header name 2,value2)\n")
            requestHeaders = build_request_headers(reqHeadersIn)

@codingo
Copy link
Owner

codingo commented Aug 7, 2019

@amkhullar saw you closed this, are you planning on submitting a pull request or this wasn't correct in the end?

@amkhullar
Copy link
Author

amkhullar commented Aug 7, 2019 via email

augustd added a commit to augustd/NoSQLMap that referenced this issue Nov 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants