Full power of pathoc

mkagenius · July 31, 2017, 11:40am

After reading http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html.
I wanted to do
$ pathoc google.com get:@tester.com

But I get an error as below. It seems we cannot start a path with ‘@’ symbol. Or Am I doing something wrong. Pathoc seems really powerful feature to test HTTP protocol/servers but this seems to not work.

(venv) mitmproxy manish $ pathoc google.com get:@tester.com
Error parsing request spec: Expected {{‘wf’ Suppress:([":"]) [{Suppress:([":"]) {{Suppress:(“c”) {‘binary’ | ‘text’ | ‘ping’ | ‘continue’ | ‘close’ | ‘pong’ | integer}} | {Suppress:(“l”) integer} | {["-"] Suppress:(“fin”)} | {["-"] Suppress:(“rsv1”)} | {["-"] Suppress:(“rsv2”)} | {["-"] Suppress:(“rsv3”)} | {["-"] Suppress:(“mask”)} | {Suppress:(“p”) {integer | “r” | “a”} Suppress:(",") {integer | “f”}} | {Suppress:(“d”) {integer | “r” | “a”}} | {Suppress:(“i”) {integer | “r” | “a”} Suppress:(",") {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}} | ‘knone’ | {Suppress:(“k”) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}}} | {Suppress:(“x”) integer} | {Suppress:(“b”) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}}} | {Suppress:(“r”) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}}} | {Suppress:(“f”) {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}}}]…} ^ {{{‘ws’ [{Suppress:([":"]) {‘GET’ | ‘HEAD’ | ‘POST’ | ‘PUT’ | ‘DELETE’ | ‘OPTIONS’ | ‘TRACE’ | ‘CONNECT’ | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}}]} | {‘GET’ | ‘HEAD’ | ‘POST’ | ‘PUT’ | ‘DELETE’ | ‘OPTIONS’ | ‘TRACE’ | ‘CONNECT’ | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}} Suppress:([":"]) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} [{Suppress:([":"]) {{Suppress:(“h”) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}} Suppress:("=") {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}} | {Suppress:(“c”) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}}} | {Suppress:(“u”) {‘a’ | ‘l’ | ‘b’ | ‘c’ | ‘f’ | ‘g’ | ‘i’ | ‘p’ | ‘h’ | ‘s’ | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}} | ‘r’ | {Suppress:(“s”) {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}} | {Suppress:(“b”) {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}}} | {Suppress:(“x”) integer} | {Suppress:(“p”) {integer | “r” | “a”} Suppress:(",") {integer | “f”}} | {Suppress:(“d”) {integer | “r” | “a”}} | {Suppress:(“i”) {integer | “r” | “a”} Suppress:(",") {{{Suppress:("@") integer} [{“k” | “b” | “m” | “t” | “g”}] [{Suppress:(",") {“digits” | “ascii_lowercase” | “whitespace” | “ascii_letters” | “punctuation” | “bytes” | “hexdigits” | “ascii_uppercase” | “ascii” | “octdigits”}}]} | {Suppress:("<") {quoted string, starting with " ending with " | quoted string, starting with ’ ending with ’ | W:(0123…)}} | {quoted string, starting with " ending with " | quoted string, starting with ’ ending with '}}}}}]…}}
get:@tester.com
^

mkagenius · August 1, 2017, 8:08am

I realized it is due to ‘@100’ type of feature. Maybe we should add a flag to disable the interpretation of ‘@’ or such symbols. While at it, we can perhaps support any text in place of GET method.

EDIT: created a feature request: https://github.com/mitmproxy/mitmproxy/issues/2497

Topic		Replies	Views
Can't get mitmproxy to work with badly configured site help	6	4114	January 11, 2017
Unable to change hosts if SSL is involved help	4	1556	August 2, 2016
Error: 0407006A: rsa routines: RSA_padding_check_PKCS1_type_1: block type is not 01 help	1	3947	July 1, 2019
CA (.p12) import to Burp for proxy chaining help	6	3799	April 14, 2017
[INVALID] Invalid signatures for the generated certificates help	2	1238	April 18, 2017

Full power of pathoc

Related Topics