Page 1 of 1
What is URL Content Regular Expression Match ?
Posted: Fri Apr 22, 2016 3:37 pm
by dlukinski
URL Content Regular Expression Match
Monitors the URL to ensure the specified regular expression is found in the content of the web page. A content mismatch may indicate that your website has experienced a security breach or is not functioning correctly.
- what is it exactly to enter?
- say if we are using nagios.org page ?
Do we check content before or after login?
- would be a different message in this case
Re: What is URL Content Regular Expression Match ?
Posted: Sat Apr 23, 2016 6:37 pm
by rkennedy
Code: Select all
./check_http -H nagios.com -f follow -R 'Keep your network'
This looks at the web page nagios.com, and for the string 'Keep your network'. It will only work for a login that is basic auth and you would append it as
-a username:password.
Re: What is URL Content Regular Expression Match ?
Posted: Sun Apr 24, 2016 9:20 am
by eloyd
If you want to check content prior to logging in, don't pass the -a authentication information. If you want to check content after logging in, then use it.
Note that this will NOT work with "username" and "password" fields that are part of forms on a web page. For instance, a bank page login is typically an interface to a web application and the username/password information is entered as fields on a page. Unless you can pass that information as GET parameters on the URL (which is VERY insecure) then this plugin will not allow you to check for content that is behind an authentication wall.
Re: What is URL Content Regular Expression Match ?
Posted: Mon Apr 25, 2016 7:51 am
by dlukinski
eloyd wrote:If you want to check content prior to logging in, don't pass the -a authentication information. If you want to check content after logging in, then use it.
Note that this will NOT work with "username" and "password" fields that are part of forms on a web page. For instance, a bank page login is typically an interface to a web application and the username/password information is entered as fields on a page. Unless you can pass that information as GET parameters on the URL (which is VERY insecure) then this plugin will not allow you to check for content that is behind an authentication wall.
Is there any other way to pass authentication?
- specifically when Single-Sign-Ons are used?
Re: What is URL Content Regular Expression Match ?
Posted: Mon Apr 25, 2016 7:56 am
by eloyd
You may be able to use webinject to do what you need.
http://www.webinject.org/plugin.html
Re: What is URL Content Regular Expression Match ?
Posted: Mon Apr 25, 2016 10:36 am
by rkennedy
Thanks @eloyd!
@dlukinski - are we good to mark this thread as resolved?
Re: What is URL Content Regular Expression Match ?
Posted: Mon Apr 25, 2016 3:38 pm
by dlukinski
rkennedy wrote:Thanks @eloyd!
@dlukinski - are we good to mark this thread as resolved?
Thank you.
Problem is not resolved, but answers clarified some things for me.
Re: What is URL Content Regular Expression Match ?
Posted: Mon Apr 25, 2016 4:06 pm
by ssax
Is it okay if I lock this up? The webinject stuff will be what you're looking for and you have a few posts open on that.
Re: What is URL Content Regular Expression Match ?
Posted: Mon Apr 25, 2016 4:22 pm
by dlukinski
ssax wrote:Is it okay if I lock this up? The webinject stuff will be what you're looking for and you have a few posts open on that.
Yes please