Save the trouble to open the burpsuite...# Environment
## In Python Environment(3.10)
``` python3.10
# It's strongly recommended to use the virtual environment)
pip3 install baseproxy
# python3.10 will raise an AttributeError if the version of pyOpenSSL(downloaded with baseproxy) is too low. Reinstalling the latest version will fix it.
pip3 uninstall pyOpenSSL
pip3 install pyOpenSSL
# run
python3 Sophos-poc.py
```
## In Docker
``` bash
docker pull keithdockerhub/cve-2022-1040:latest # or build yourself
docker run -it -p 8788:8788 keithdockerhub/cve-2022-1040:latest
```
# How to use
1. Make sure your browser use the http proxy: http://127.0.0.1:8788.
2. Fill in username and password with literally any contents.(It doesn't matter)
3. Click login.
---
The principle is the same as the burpsuite.
It sets up a https mitm(man in the middle) and change the http body in a specific post request then we can get access to the web admin of Sophos Firewall without authentication.
<font size=3 color=red>***Please do not use it for illegal purposes.***</font>
# Reference
[https://github.com/qiyeboy/BaseProxy](https://github.com/qiyeboy/BaseProxy)
[https://github.com/APTIRAN/CVE-2022-1040](https://github.com/APTIRAN/CVE-2022-1040)
[4.0K] /data/pocs/4a25b40d602b9d018e2c926259c476e7c8d27d9a
├── [4.0K] Docker
│ ├── [ 171] Dockerfile
│ └── [1.6K] Sophos-poc.py
├── [1.2K] README.md
└── [1.6K] Sophos-poc.py
1 directory, 4 files