Self-Improvement

재미로 작성한 hsts bypass check Python 코드 본문

프로그래밍/Python

재미로 작성한 hsts bypass check Python 코드

JoGeun 2020. 3. 18. 10:57
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import requests
import sys
 
####ssl-warnings InsecureRequestWarning EXCEPT CASE 1
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 
proxies={
    'http':'http://localhost:8080',
    'https':'https://localhost:8080'
}
 
# Packet Request
def packet(domain):
        try:
                s = requests.Session()
                https_check=Https_Check(domain,s)
                
                url='%s://%s' %(https_check, domain)
                
                resp=s.get(url,timeout=3, verify=False)
                if 'includeSubdomains' in resp.headers['Strict-Transport-Security']:
                        print domain+", Secure"
                else:
                        print domain+", Not Secure"
                        
        except:
                print domain+", Not Secure"
                pass
 
def Https_Check(domain,s):
        try:
                s.get('http://'+domain)
                return 'http'
        
        except requests.exceptions.ConnectionError as e:
                return 'https'
            
        except:
                return 'http'
                
        
 
# MAIN
if __name__ == "__main__":
    if len(sys.argv) is not 2:
        print(" [-] Example: python hsts_check.py www.***.com")
        sys.exit(1)
    else:
        packet(sys.argv[1])
 
        
 
By. Jo
cs

User-Agent에 따라 결과가 다를 수 있다. (Chrome, Firefox 등)

이상한 점이나 부족한 점이 있다면 태클은 언제나 환영입니다.