github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-20 13:33:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: fixing CORS headers only if sslstrip is enabled (fixes #543)

Browse source
This commit is contained in:
evilsocket 2019-04-18 12:44:50 +02:00
commit 5f973629d3
No known key found for this signature in database
GPG key ID: 1564D7F30393A456
3 changed files with 23 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/http_proxy/http_proxy_base_sslstriper.go
View file

@ -283,11 +283,32 @@ func (s *SSLStripper) isMaxRedirs(hostname string) bool {
return false
}
func (s *SSLStripper) fixResponseHeaders(res *http.Response) {
res.Header.Del("Content-Security-Policy-Report-Only")
res.Header.Del("Content-Security-Policy")
res.Header.Del("Strict-Transport-Security")
res.Header.Del("Public-Key-Pins")
res.Header.Del("Public-Key-Pins-Report-Only")
res.Header.Del("X-Frame-Options")
res.Header.Del("X-Content-Type-Options")
res.Header.Del("X-WebKit-CSP")
res.Header.Del("X-Content-Security-Policy")
res.Header.Del("X-Download-Options")
res.Header.Del("X-Permitted-Cross-Domain-Policies")
res.Header.Del("X-Xss-Protection")
res.Header.Set("Allow-Access-From-Same-Origin", "*")
res.Header.Set("Access-Control-Allow-Origin", "*")
res.Header.Set("Access-Control-Allow-Methods", "*")
res.Header.Set("Access-Control-Allow-Headers", "*")
}
func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) {
if !s.enabled {
return
}
s.fixResponseHeaders(res)
// is the server redirecting us?
if res.StatusCode != 200 {
// extract Location header