garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Browser::Actions (no specs)

Browse Source
This commit is contained in:
erwanlr
2013-04-09 17:43:15 +02:00
parent 2a45878a55
commit 3525fb87e2
23 changed files with 121 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@@ -1,6 +1,7 @@
source "https://rubygems.org" source "https://rubygems.org"
gem "typhoeus", ">=0.6.2" gem "typhoeus", ">=0.6.2"
gem "ethon", :git => "https://github.com/typhoeus/ethon.git"
gem "nokogiri" gem "nokogiri"
gem "json" gem "json"

42
lib/common/browser.rb
View File

@@ -1,8 +1,11 @@
# encoding: UTF-8 # encoding: UTF-8
require 'common/typhoeus_cache' require 'common/typhoeus_cache'
require 'common/browser/actions'
class Browser class Browser
extend Browser::Actions
@@instance = nil @@instance = nil
USER_AGENT_MODES = %w{ static semi-static random } USER_AGENT_MODES = %w{ static semi-static random }
@@ -122,26 +125,6 @@ class Browser
end end
end end
def get(url, params = {})
run_request(
forge_request(url, params.merge(method: :get))
)
end
def post(url, params = {})
run_request(
forge_request(url, params.merge(method: :post))
)
end
def get_and_follow_location(url, params = {})
params[:maxredirs] ||= 2
run_request(
forge_request(url, params.merge(method: :get, followlocation: true))
)
end
def forge_request(url, params = {}) def forge_request(url, params = {})
Typhoeus::Request.new( Typhoeus::Request.new(
url.to_s, url.to_s,
@@ -181,12 +164,19 @@ class Browser
params.merge!(ssl_verifypeer: false) params.merge!(ssl_verifypeer: false)
params.merge!(ssl_verifyhost: 0) params.merge!(ssl_verifyhost: 0)
params.merge!(cookie_jar: @cache_dir + '/cookie-jar') params.merge!(cookiejar: @cache_dir + '/cookie-jar')
params.merge!(cookie_file: @cache_dir + '/cookie-jar') params.merge!(cookiefile: @cache_dir + '/cookie-jar')
params params
end end
# return the response
def run_request(request)
@hydra.queue request
@hydra.run
request.response
end
private private
# return Array # return Array
@@ -199,13 +189,6 @@ class Browser
params params
end end
# return the response
def run_request(request)
@hydra.queue request
@hydra.run
request.response
end
# Override with the options if they are set # Override with the options if they are set
def override_config_with_options(options) def override_config_with_options(options)
options.each do |option, value| options.each do |option, value|
@@ -214,4 +197,5 @@ class Browser
end end
end end
end end
end end

49
lib/common/browser/actions.rb Normal file
View File

@@ -0,0 +1,49 @@
# encoding: UTF-8
class Browser
module Actions
# @param [ String ] url
# @param [ Hash ] params
#
# @return [ Typhoeus::Response ]
def get(url, params = {})
#Typhoeus.get(url, Browser.instance.merge_request_params(params))
process(url, params.merge(method: :get))
end
# @param [ String ] url
# @param [ Hash ] params
#
# @return [ Typhoeus::Response ]
def post(url, params = {})
#Typhoeus.post(url, Browser.instance.merge_request_params(params))
process(url, params.merge(method: :post))
end
# @param [ String ] url
# @param [ Hash ] params
#
# @return [ Typhoeus::Response ]
def get_and_follow_location(url, params = {})
params[:maxredirs] ||= 2
get(url, params.merge(followlocation: true))
end
protected
# @param [ String ] url
# @param [ Hash ] params
#
# @return [ Typhoeus::Response ]
def process(url, params)
browser = Browser.instance
browser.run_request(
browser.forge_request(url, params)
)
end
end
end

7
lib/common/browser/options.rb Normal file
View File

@@ -0,0 +1,7 @@
# encoding: UTF-8
class Browser
module Options
end
end

2
lib/common/collections/wp_items/detectable.rb
View File

@@ -67,7 +67,7 @@ class WpItems < Array
results = new results = new
item_class = self.item_class item_class = self.item_class
type = self.to_s.gsub(/Wp/, '').downcase type = self.to_s.gsub(/Wp/, '').downcase
response = Browser.instance.get(wp_target.url) response = Browser.get(wp_target.url)
item_options = { item_options = {
wp_content_dir: wp_target.wp_content_dir, wp_content_dir: wp_target.wp_content_dir,
wp_plugins_dir: wp_target.wp_plugins_dir, wp_plugins_dir: wp_target.wp_plugins_dir,

14
lib/common/hacks.rb
View File

@@ -47,20 +47,6 @@ module Typhoeus
end end
end end
module Ethon
class Easy
module Options
def cookie_jar=(value)
Curl.set_option(:cookiejar, value_for(value, :string), handle)
end
def cookie_file=(value)
Curl.set_option(:cookiefile, value_for(value, :string), handle)
end
end
end
end
# Override for puts to enable logging # Override for puts to enable logging
def puts(o = '') def puts(o = '')
# remove color for logging # remove color for logging

2
lib/common/models/wp_item/existable.rb
View File

@@ -13,7 +13,7 @@ class WpItem
# @return [ Boolean ] # @return [ Boolean ]
def exists?(options = {}, response = nil) def exists?(options = {}, response = nil)
unless response unless response
response = Browser.instance.get(url) response = Browser.get(url)
end end
exists_from_response?(response, options) exists_from_response?(response, options)
end end

8
lib/common/models/wp_item/infos.rb
View File

@@ -7,7 +7,7 @@ class WpItem
# @return [ Boolean ] # @return [ Boolean ]
def has_readme? def has_readme?
Browser.instance.get(readme_url).code == 200 ? true : false Browser.get(readme_url).code == 200 ? true : false
end end
# @return [ String ] The url to the readme file # @return [ String ] The url to the readme file
@@ -17,7 +17,7 @@ class WpItem
# @return [ Boolean ] # @return [ Boolean ]
def has_changelog? def has_changelog?
Browser.instance.get(changelog_url).code == 200 ? true : false Browser.get(changelog_url).code == 200 ? true : false
end end
# @return [ String ] The url to the changelog file # @return [ String ] The url to the changelog file
@@ -27,7 +27,7 @@ class WpItem
# @return [ Boolean ] # @return [ Boolean ]
def has_directory_listing? def has_directory_listing?
Browser.instance.get(@uri.to_s).body[%r{<title>Index of}] ? true : false Browser.get(@uri.to_s).body[%r{<title>Index of}] ? true : false
end end
# Discover any error_log files created by WordPress # Discover any error_log files created by WordPress
@@ -41,7 +41,7 @@ class WpItem
# #
# @return [ Boolean ] # @return [ Boolean ]
def has_error_log? def has_error_log?
response_body = Browser.instance.get(error_log_url, headers: {'range' => 'bytes=0-700'}).body response_body = Browser.get(error_log_url, headers: {'range' => 'bytes=0-700'}).body
response_body[%r{PHP Fatal error}i] ? true : false response_body[%r{PHP Fatal error}i] ? true : false
end end

2
lib/common/models/wp_item/versionable.rb
View File

@@ -10,7 +10,7 @@ class WpItem
# @return [ String ] The version number # @return [ String ] The version number
def version def version
unless @version unless @version
response = Browser.instance.get(readme_url) response = Browser.get(readme_url)
@version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1] @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
end end
@version @version

4
lib/common/models/wp_theme/findable.rb
View File

@@ -27,7 +27,7 @@ class WpTheme < WpItem
# #
# @return [ WpTheme ] # @return [ WpTheme ]
def find_from_css_link(target_uri) def find_from_css_link(target_uri)
response = Browser.instance.get_and_follow_location(target_uri.to_s) response = Browser.get_and_follow_location(target_uri.to_s)
# https + domain is optional because of relative links # https + domain is optional because of relative links
matches = %r{(?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css}i.match(response.body) matches = %r{(?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css}i.match(response.body)
@@ -49,7 +49,7 @@ class WpTheme < WpItem
# #
# @return [ WpTheme ] # @return [ WpTheme ]
def find_from_wooframework(target_uri) def find_from_wooframework(target_uri)
body = Browser.instance.get(target_uri.to_s).body body = Browser.get(target_uri.to_s).body
regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />} regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}

2
lib/common/models/wp_theme/versionable.rb
View File

@@ -5,7 +5,7 @@ class WpTheme < WpItem
def version def version
unless @version unless @version
@version = Browser.instance.get(style_url).body[%r{Version:\s([^\s]+)}i, 1] @version = Browser.get(style_url).body[%r{Version:\s([^\s]+)}i, 1]
# Get Version from readme.txt # Get Version from readme.txt
@version ||= super @version ||= super

2
lib/common/models/wp_timthumb/versionable.rb
View File

@@ -9,7 +9,7 @@ class WpTimthumb < WpItem
# @return [ String ] The version # @return [ String ] The version
def version def version
unless @version unless @version
response = Browser.instance.get(url) response = Browser.get(url)
@version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1] @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
end end
@version @version

2
lib/common/models/wp_user/existable.rb
View File

@@ -24,7 +24,7 @@ class WpUser < WpItem
@login = Existable.login_from_author_pattern(location) @login = Existable.login_from_author_pattern(location)
@display_name = Existable.display_name_from_body( @display_name = Existable.display_name_from_body(
Browser.instance.get(location).body Browser.get(location).body
) )
elsif response.code == 200 # login in body? elsif response.code == 200 # login in body?
@login = Existable.login_from_body(response.body) @login = Existable.login_from_body(response.body)

4
lib/common/models/wp_version/findable.rb
View File

@@ -45,7 +45,7 @@ class WpVersion < WpItem
# @return [ String ] # @return [ String ]
def scan_url(target_uri, pattern, path = nil) def scan_url(target_uri, pattern, path = nil)
url = path ? target_uri.merge(path).to_s : target_uri.to_s url = path ? target_uri.merge(path).to_s : target_uri.to_s
response = Browser.instance.get_and_follow_location(url) response = Browser.get_and_follow_location(url)
response.body[pattern, 1] response.body[pattern, 1]
end end
@@ -163,7 +163,7 @@ class WpVersion < WpItem
xml.xpath('//file').each do |node| xml.xpath('//file').each do |node|
wp_item.path = node.attribute('src').text wp_item.path = node.attribute('src').text
response = Browser.instance.get(wp_item.url) response = Browser.get(wp_item.url)
md5sum = Digest::MD5.hexdigest(response.body) md5sum = Digest::MD5.hexdigest(response.body)
node.search('hash').each do |hash| node.search('hash').each do |hash|

16
lib/wpscan/web_site.rb
View File

@@ -18,11 +18,11 @@ class WebSite
# Checks if the remote website is up. # Checks if the remote website is up.
def online? def online?
Browser.instance.get(@uri.to_s).code != 0 Browser.get(@uri.to_s).code != 0
end end
def has_basic_auth? def has_basic_auth?
Browser.instance.get(@uri.to_s).code == 401 Browser.get(@uri.to_s).code == 401
end end
def has_xml_rpc? def has_xml_rpc?
@@ -38,7 +38,7 @@ class WebSite
end end
def xml_rpc_url_from_headers def xml_rpc_url_from_headers
headers = Browser.instance.get(@uri.to_s).headers_hash headers = Browser.get(@uri.to_s).headers_hash
xmlrpc_url = nil xmlrpc_url = nil
unless headers.nil? unless headers.nil?
@@ -51,7 +51,7 @@ class WebSite
end end
def xml_rpc_url_from_body def xml_rpc_url_from_body
body = Browser.instance.get(@uri.to_s).body body = Browser.get(@uri.to_s).body
body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1] body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
end end
@@ -62,7 +62,7 @@ class WebSite
def redirection(url = nil) def redirection(url = nil)
redirection = nil redirection = nil
url ||= @uri.to_s url ||= @uri.to_s
response = Browser.instance.get(url) response = Browser.get(url)
if response.code == 301 || response.code == 302 if response.code == 301 || response.code == 302
redirection = response.headers_hash['location'] redirection = response.headers_hash['location']
@@ -78,7 +78,7 @@ class WebSite
# Return the MD5 hash of the page given by url # Return the MD5 hash of the page given by url
def self.page_hash(url) def self.page_hash(url)
Digest::MD5.hexdigest(Browser.instance.get(url).body) Digest::MD5.hexdigest(Browser.get(url).body)
end end
def homepage_hash def homepage_hash
@@ -100,13 +100,13 @@ class WebSite
# Will try to find the rss url in the homepage # Will try to find the rss url in the homepage
# Only the first one found iw returned # Only the first one found iw returned
def rss_url def rss_url
homepage_body = Browser.instance.get(@uri.to_s).body homepage_body = Browser.get(@uri.to_s).body
homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1] homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
end end
# Checks if a robots.txt file exists # Checks if a robots.txt file exists
def has_robots? def has_robots?
Browser.instance.get(robots_url).code == 200 Browser.get(robots_url).code == 200
end end
# Gets a robots.txt URL # Gets a robots.txt URL

26
lib/wpscan/wp_target.rb
View File

@@ -11,14 +11,14 @@ require 'wp_target/wp_custom_directories'
require 'wp_target/wp_full_path_disclosure' require 'wp_target/wp_full_path_disclosure'
class WpTarget < WebSite class WpTarget < WebSite
include Malwares include WpTarget::Malwares
include WpReadme include WpTarget::WpReadme
include BruteForce include WpTarget::BruteForce
include WpRegistrable include WpTarget::WpRegistrable
include WpConfigBackup include WpTarget::WpConfigBackup
include WpLoginProtection include WpTarget::WpLoginProtection
include WpCustomDirectories include WpTarget::WpCustomDirectories
include WpFullPathDisclosure include WpTarget::WpFullPathDisclosure
attr_reader :verbose attr_reader :verbose
@@ -38,17 +38,17 @@ class WpTarget < WebSite
def wordpress? def wordpress?
wordpress = false wordpress = false
response = Browser.instance.get_and_follow_location(@uri.to_s) response = Browser.get_and_follow_location(@uri.to_s)
if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
wordpress = true wordpress = true
else else
response = Browser.instance.get_and_follow_location(xml_rpc_url) response = Browser.get_and_follow_location(xml_rpc_url)
if response.body =~ %r{XML-RPC server accepts POST requests only}i if response.body =~ %r{XML-RPC server accepts POST requests only}i
wordpress = true wordpress = true
else else
response = Browser.instance.get_and_follow_location(login_url) response = Browser.get_and_follow_location(login_url)
if response.code == 200 && response.body =~ %r{WordPress}i if response.code == 200 && response.body =~ %r{WordPress}i
wordpress = true wordpress = true
@@ -104,7 +104,7 @@ class WpTarget < WebSite
def has_debug_log? def has_debug_log?
# We only get the first 700 bytes of the file to avoid loading huge file (like 2Go) # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
response_body = Browser.instance.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body response_body = Browser.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body
response_body[%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false response_body[%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
end end
@@ -120,7 +120,7 @@ class WpTarget < WebSite
end end
def search_replace_db_2_exists? def search_replace_db_2_exists?
resp = Browser.instance.get(search_replace_db_2_url) resp = Browser.get(search_replace_db_2_url)
resp.code == 200 && resp.body[%r{by interconnect}i] resp.code == 200 && resp.body[%r{by interconnect}i]
end end
end end

2
lib/wpscan/wp_target/malwares.rb
View File

@@ -17,7 +17,7 @@ class WpTarget < WebSite
unless @malwares unless @malwares
malwares_found = [] malwares_found = []
malwares_file = Malwares.malwares_file(malwares_file_path) malwares_file = Malwares.malwares_file(malwares_file_path)
index_page_body = Browser.instance.get(@uri.to_s).body index_page_body = Browser.get(@uri.to_s).body
File.open(malwares_file, 'r') do |file| File.open(malwares_file, 'r') do |file|
file.readlines.collect do |url| file.readlines.collect do |url|

6
lib/wpscan/wp_target/wp_custom_directories.rb
View File

@@ -6,7 +6,7 @@ class WpTarget < WebSite
# @return [ String ] The wp-content directory # @return [ String ] The wp-content directory
def wp_content_dir def wp_content_dir
unless @wp_content_dir unless @wp_content_dir
index_body = Browser.instance.get(@uri.to_s).body index_body = Browser.get(@uri.to_s).body
uri_path = @uri.path # Only use the path because domain can be text or an IP uri_path = @uri.path # Only use the path because domain can be text or an IP
if index_body[/\/wp-content\/(?:themes|plugins)\//i] || default_wp_content_dir_exists? if index_body[/\/wp-content\/(?:themes|plugins)\//i] || default_wp_content_dir_exists?
@@ -22,7 +22,7 @@ class WpTarget < WebSite
# @return [ Boolean ] # @return [ Boolean ]
def default_wp_content_dir_exists? def default_wp_content_dir_exists?
response = Browser.instance.get(@uri.merge('wp-content').to_s) response = Browser.get(@uri.merge('wp-content').to_s)
hash = Digest::MD5.hexdigest(response.body) hash = Digest::MD5.hexdigest(response.body)
if WpTarget.valid_response_codes.include?(response.code) if WpTarget.valid_response_codes.include?(response.code)
@@ -42,7 +42,7 @@ class WpTarget < WebSite
# @return [ Boolean ] # @return [ Boolean ]
def wp_plugins_dir_exists? def wp_plugins_dir_exists?
Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404 Browser.get(@uri.merge(wp_plugins_dir).to_s).code != 404
end end
end end

2
lib/wpscan/wp_target/wp_full_path_disclosure.rb
View File

@@ -7,7 +7,7 @@ class WpTarget < WebSite
# #
# @return [ Boolean ] # @return [ Boolean ]
def has_full_path_disclosure? def has_full_path_disclosure?
response = Browser.instance.get(full_path_disclosure_url()) response = Browser.get(full_path_disclosure_url())
response.body[%r{Fatal error}i] ? true : false response.body[%r{Fatal error}i] ? true : false
end end

14
lib/wpscan/wp_target/wp_login_protection.rb
View File

@@ -38,17 +38,17 @@ class WpTarget < WebSite
# Thanks to Alip Aswalid for providing this method. # Thanks to Alip Aswalid for providing this method.
# http://wordpress.org/extend/plugins/login-lockdown/ # http://wordpress.org/extend/plugins/login-lockdown/
def has_login_lockdown_protection? def has_login_lockdown_protection?
Browser.instance.get(login_url).body =~ %r{Login LockDown}i ? true : false Browser.get(login_url).body =~ %r{Login LockDown}i ? true : false
end end
# http://wordpress.org/extend/plugins/login-lock/ # http://wordpress.org/extend/plugins/login-lock/
def has_login_lock_protection? def has_login_lock_protection?
Browser.instance.get(login_url).body =~ %r{LOGIN LOCK} ? true : false Browser.get(login_url).body =~ %r{LOGIN LOCK} ? true : false
end end
# http://wordpress.org/extend/plugins/better-wp-security/ # http://wordpress.org/extend/plugins/better-wp-security/
def has_better_wp_security_protection? def has_better_wp_security_protection?
Browser.instance.get(better_wp_security_url).code != 404 Browser.get(better_wp_security_url).code != 404
end end
def plugin_url(plugin_name) def plugin_url(plugin_name)
@@ -66,7 +66,7 @@ class WpTarget < WebSite
# http://wordpress.org/extend/plugins/simple-login-lockdown/ # http://wordpress.org/extend/plugins/simple-login-lockdown/
def has_simple_login_lockdown_protection? def has_simple_login_lockdown_protection?
Browser.instance.get(simple_login_lockdown_url).code != 404 Browser.get(simple_login_lockdown_url).code != 404
end end
def simple_login_lockdown_url def simple_login_lockdown_url
@@ -75,7 +75,7 @@ class WpTarget < WebSite
# http://wordpress.org/extend/plugins/login-security-solution/ # http://wordpress.org/extend/plugins/login-security-solution/
def has_login_security_solution_protection? def has_login_security_solution_protection?
Browser.instance.get(login_security_solution_url()).code != 404 Browser.get(login_security_solution_url()).code != 404
end end
def login_security_solution_url def login_security_solution_url
@@ -84,7 +84,7 @@ class WpTarget < WebSite
# http://wordpress.org/extend/plugins/limit-login-attempts/ # http://wordpress.org/extend/plugins/limit-login-attempts/
def has_limit_login_attempts_protection? def has_limit_login_attempts_protection?
Browser.instance.get(limit_login_attempts_url).code != 404 Browser.get(limit_login_attempts_url).code != 404
end end
def limit_login_attempts_url def limit_login_attempts_url
@@ -93,7 +93,7 @@ class WpTarget < WebSite
# http://wordpress.org/extend/plugins/bluetrait-event-viewer/ # http://wordpress.org/extend/plugins/bluetrait-event-viewer/
def has_bluetrait_event_viewer_protection? def has_bluetrait_event_viewer_protection?
Browser.instance.get(bluetrait_event_viewer_url).code != 404 Browser.get(bluetrait_event_viewer_url).code != 404
end end
def bluetrait_event_viewer_url def bluetrait_event_viewer_url

2
lib/wpscan/wp_target/wp_readme.rb
View File

@@ -10,7 +10,7 @@ class WpTarget < WebSite
# #
# @return [ Boolean ] # @return [ Boolean ]
def has_readme? def has_readme?
response = Browser.instance.get(readme_url()) response = Browser.get(readme_url())
unless response.code == 404 unless response.code == 404
return response.body =~ %r{wordpress}i ? true : false return response.body =~ %r{wordpress}i ? true : false

5
lib/wpscan/wp_target/wp_registrable.rb
View File

@@ -7,7 +7,7 @@ class WpTarget < WebSite
# #
# @return [ Boolean ] # @return [ Boolean ]
def registration_enabled? def registration_enabled?
resp = Browser.instance.get(registration_url) resp = Browser.get(registration_url)
# redirect only on non multi sites # redirect only on non multi sites
if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/i if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/i
enabled = false enabled = false
@@ -34,8 +34,7 @@ class WpTarget < WebSite
unless @multisite unless @multisite
# when multi site, there is no redirection or a redirect to the site itself # when multi site, there is no redirection or a redirect to the site itself
# otherwise redirect to wp-login.php # otherwise redirect to wp-login.php
url = @uri.merge('wp-signup.php') resp = Browser.get(@uri.merge('wp-signup.php').to_s)
resp = Browser.instance.get(url)
if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/ if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
@multisite = false @multisite = false

2
wpscan.rb
View File

@@ -48,7 +48,7 @@ def main
end end
if wpscan_options.proxy if wpscan_options.proxy
proxy_response = Browser.instance.get(wp_target.url) proxy_response = Browser.get(wp_target.url)
unless WpTarget::valid_response_codes.include?(proxy_response.code) unless WpTarget::valid_response_codes.include?(proxy_response.code)
raise "Proxy Error :\r\n#{proxy_response.headers}" raise "Proxy Error :\r\n#{proxy_response.headers}"