XXE Injections
Abusing XML Parsers
openssl req -newkey rsa:2048 -nodes -keyout donkey.key -x509 -days 362 -out donkey.crt"
openssl req -newkey rsa:2048 -nodes -keyout donkey.key -x509 -days 362 -out donkey.crt -subj "/C=xx/ST=xx/L=xx/O=xx/CN=xx"
Finally we can create the PEM file with:
cat donkey.key donkey.crt > donkey.pem
-req
: initiate a new certificate signing request-newkey
: generate a new private key-rsa:2048
: use RSA encryption with a 2,048-bit key length.-nodes
: store the private key without passphrase protection-keyout
: save the key to a file-x509
: output a self-signed certificate instead of a certificate request-days
: set validity period in days-out
: save the certificate to a fileHere is a simple test server that supports https connections.
import http.server, ssl, argparse
parser = argparse.ArgumentParser()
parser.add_argument('--host', help='IP to Listen On', required=True)
parser.add_argument('--port', help='Port to Listen on', required=True)
parser.add_argument('--cert', help='cert file (PEM file)', required=True)
args = parser.parse_args()
print(F"Serving HTTPS on {args.host} port {args.port} (http://{args.host}:{args.port}/) ...")
httpd = http.server.HTTPServer((args.host,int(args.port)), http.server.SimpleHTTPRequestHandler)
sslctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
sslctx.check_hostname = False # If set to True, only the hostname that matches the certificate will be accepted
sslctx.load_cert_chain(certfile=F'{args.cert}') # we would also suple the keyfile here
httpd.socket = sslctx.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()