arachni 0.4.0.4 → 0.4.1

data/plugins/http_dicattack.rb

@@ -1,125 +1,111 @@
 =begin
-                  Arachni
-  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
 
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
 
-=end
+        http://www.apache.org/licenses/LICENSE-2.0
 
-module Arachni
-module Plugins
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
 
 #
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+#
+# @version 0.1.2
 #
-class HTTPDicattack < Arachni::Plugin::Base
+class Arachni::Plugins::HTTPDicattack < Arachni::Plugin::Base
 
     def prepare
-
         # disable spidering and the subsequent audit
         # @framework.opts.link_count_limit = 0
 
         # don't scan the website just yet
-        @framework.pause!
-        print_info( "System paused." )
+        framework.pause
+        print_info "System paused."
+
+        @url = framework.opts.url.to_s
 
-        @url     = @framework.opts.url.to_s
-        @users   = File.read( @options['username_list'] ).split( "\n" )
-        @passwds = File.read( @options['password_list'] ).split( "\n" )
+        @users   = File.read( options['username_list'] ).split( "\n" )
+        @passwds = File.read( options['password_list'] ).split( "\n" )
 
         @found = false
     end
 
     def run
-
         if !protected?( @url )
-            print_info( "The URL you provided doesn't seem to be protected." )
-            print_info( "Aborting..." )
+            print_info "The URL you provided doesn't seem to be protected."
+            print_info "Aborting..."
             return
         end
 
-        url = URI( @url )
+        url = uri_parse( @url )
 
-        print_status( "Building the request queue..." )
+        print_status "Building the request queue..."
 
         total_req = @users.size * @passwds.size
-        print_status( "Number of requests to be transmitted: #{total_req}" )
-
-        @users.each {
-            |user|
+        print_status "Maximum number of requests to be transmitted: #{total_req}"
 
+        @users.each do |user|
             url.user = user
-            @passwds.each {
-                |pass|
 
-                url.password = pass
-                @framework.http.get( url.to_s ).on_complete {
-                    |res|
+            @passwds.each do |pass|
+                url.password = pass.strip
 
+                http.get( url.to_s ).on_complete do |res|
                     next if @found
 
-                    print_status( "Username: '#{user}' -- Password: '#{pass}'" )
+                    print_status "Username: '#{user}' -- Password: '#{pass}'"
                     next if res.code != 200
 
                     @found = true
 
-                    print_ok( "Found a match. Username: '#{user}' -- Password: '#{pass}'" )
-                    print_info( "URL: #{res.effective_url}" )
+                    print_ok "Found a match. Username: '#{user}' -- Password: '#{pass}'"
+                    print_info "URL: #{res.effective_url}"
 
-                    @framework.opts.url = res.effective_url
+                    framework.opts.url = res.effective_url
 
                     # register our findings...
-                    register_results( { :username => user, :password => pass } )
-                    clean_up
-
-                    raise "Stopping the attack."
-
-                }
+                    register_results( username: user, password: pass )
+                    http.abort
+                end
 
-            }
-        }
-
-        print_status( "Waiting for the requests to complete..." )
-        @framework.http.run
-        print_bad( "Couldn't find a match." )
+            end
+        end
 
+        print_status "Waiting for the requests to complete..."
+        http_run
+        print_bad "Couldn't find a match."
     end
 
     def clean_up
-        # abort the rest of the queued requests
-        @framework.http.abort
-
         # continue with the scan
-        @framework.resume!
+        framework.resume
     end
 
-
     def protected?( url )
-        @framework.http.get( url, :async => false ).response.code == 401
+        http.get( url, async: false ).response.code == 401
     end
 
     def self.info
         {
-            :name           => 'HTTP dictionary attacker',
-            :description    => %q{Uses wordlists to crack password protected directories.
+            name:        'HTTP dictionary attacker',
+            description: %q{Uses wordlists to crack password protected directories.
                 If the cracking process is successful the found credentials will be set
                 framework-wide and used for the duration of the audit.
                 If that's not what you want set the crawler's link-count limit to "0".},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            :version        => '0.1',
-            :options        => [
-                Arachni::OptPath.new( 'username_list', [ true, 'File with a list of usernames (newline separated).' ] ),
-                Arachni::OptPath.new( 'password_list', [ true, 'File with a list of passwords (newline separated).' ] )
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            version:     '0.1.2',
+            options:     [
+                Options::Path.new( 'username_list', [true, 'File with a list of usernames (newline separated).'] ),
+                Options::Path.new( 'password_list', [true, 'File with a list of passwords (newline separated).'] )
             ]
         }
     end
 
 end
-
-end
-end

data/plugins/libnotify.rb

@@ -1,42 +1,42 @@
 =begin
-                  Arachni
-  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
 
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
 
-=end
+        http://www.apache.org/licenses/LICENSE-2.0
 
-module Arachni
-module Plugins
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
 
 #
 # Uses the libnotify library to send notifications for each discovered issue
 # and a summary at the end on the scan.
 #
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 #
-class LibNotify < Arachni::Plugin::Base
+# @version 0.1.1
+#
+class Arachni::Plugins::LibNotify < Arachni::Plugin::Base
 
     def prepare
-        return if !@options['for_every_issue']
+        return if !options['for_every_issue']
 
-        Arachni::Module::Manager.on_register_results {
-            |issues|
-            issues.each {
-                |issue|
+        Arachni::Module::Manager.on_register_results do |issues|
+            issues.each do |issue|
                 notify(
-                    :summary   => "Found #{issue.name}",
-                    :body      => "In #{issue.elem} variable" +
+                    summary: "Found #{issue.name}",
+                    body:    "In #{issue.elem} variable" +
                         " '#{issue.var}' (Severity: #{issue.severity})\n" +
                         "At #{issue.url}"
                 )
-            }
-        }
+            end
+        end
     end
 
     def run
@@ -44,21 +44,21 @@ class LibNotify < Arachni::Plugin::Base
     end
 
     def clean_up
-        issue_cnt = @framework.audit_store.issues.size
-        time      = @framework.audit_store.delta_time
-        url       = @framework.opts.url
+        issue_cnt = framework.audit_store.issues.size
+        time      = framework.audit_store.delta_time
+        url       = framework.opts.url
 
         notify(
-            :summary   => "Scan finished in #{time}",
-            :body      => "Found #{issue_cnt} unique issues for #{url}."
+           summary: "Scan finished in #{time}",
+           body:    "Found #{issue_cnt} unique issues for #{url}."
         )
     end
 
     def notify( opts )
         Libnotify.show({
-            :icon_path => @framework.opts.dir['gfx'] + "spider.png",
-            :timeout   => 2.5,
-            :append    => true
+            icon_path: framework.opts.dir['gfx'] + "spider.png",
+            timeout:   2.5,
+            append:    true
         }.merge( opts ))
     end
 
@@ -68,19 +68,15 @@ class LibNotify < Arachni::Plugin::Base
 
     def self.info
         {
-            :name           => 'libnotify',
-            :description    => %q{Uses the libnotify library to send notifications for each discovered issue
+            name:        'libnotify',
+            description: %q{Uses the libnotify library to send notifications for each discovered issue
                 and a summary at the end of the scan.},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            :version        => '0.1',
-            :options        => [
-                Arachni::OptBool.new( 'for_every_issue', [ false, 'Show every issue.', true ] ),
-            ]
-
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            version:     '0.1.1',
+            options:     [
+                 Options::Bool.new( 'for_every_issue', [false, 'Show every issue.', true] )
+             ]
         }
     end
 
 end
-
-end
-end

data/plugins/proxy.rb

@@ -1,34 +1,152 @@
 =begin
-                  Arachni
-  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
 
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
 
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
 =end
 
-module Arachni
-module Plugins
+require 'erb'
+require 'ostruct'
 
 #
 # Passive proxy.
 #
 # Will gather data based on user actions and exchanged HTTP traffic and push that
-# data to the {Framework#push_to_page_queue} to be audited.
+# data to {Framework#push_to_page_queue} to be audited.
+#
+# Supports SSL interception.
+#
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 #
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1.2
+# @version 0.2
 #
-class Proxy < Arachni::Plugin::Base
+class Arachni::Plugins::Proxy < Arachni::Plugin::Base
+
+    BASEDIR  = "#{File.dirname( __FILE__ )}/proxy/"
+    BASE_URL = 'http://arachni.proxy.'
+
+    class TemplateScope
+        include Arachni::Utilities
+
+        PANEL_BASEDIR  = "#{Arachni::Plugins::Proxy::BASEDIR}panel/"
+        PANEL_TEMPLATE = "#{PANEL_BASEDIR}panel.html.erb"
+        PANEL_URL      = "#{Arachni::Plugins::Proxy::BASE_URL}panel/"
+
+        def initialize( params = {} )
+            update( params )
+        end
+
+        def self.new( *args )
+            @self ||= super( *args )
+        end
+
+        def self.get
+            new
+        end
+
+        def root_url
+            PANEL_URL
+        end
+
+        def js_url
+            "#{root_url}js/"
+        end
+
+        def css_url
+            "#{root_url}css/"
+        end
+
+        def img_url
+            "#{root_url}img/"
+        end
+
+        def inspect_url
+            "#{root_url}inspect"
+        end
+
+        def shutdown_url
+            url_for :shutdown
+        end
+
+        def url_for( *args )
+            Arachni::Plugins::Proxy.url_for( *args )
+        end
+
+        def update( params )
+            params.each { |name, value| set( name, value ) }
+            self
+        end
+
+        def set( name, value )
+            self.class.send( :attr_accessor, name )
+            instance_variable_set( "@#{name.to_s}", value )
+            self
+        end
+
+        def content_for?( ivar )
+            !!instance_variable_get( "@#{ivar.to_s}" )
+        end
+
+        def content_for( name, value = :nil )
+            if value == :nil
+                instance_variable_get( "@#{name.to_s}" )
+            else
+                set( name, html_encode( value.to_s ) )
+                nil
+            end
+        end
+
+        def erb( tpl, params = {} )
+            params = params.dup
+            params[:params] ||= {}
+
+            with_layout = true
+            with_layout = !!params.delete( :layout ) if params.include?( :layout )
+
+            update( params )
+
+            tpl = tpl.to_s + '.html.erb' if tpl.is_a?( Symbol )
+
+            path = File.exist?( tpl ) ? tpl : PANEL_BASEDIR + tpl
+
+            evaled = ERB.new( IO.read( path ) ).result( get_binding )
+            with_layout ? layout { evaled } : evaled
+        end
+
+        def render( tpl, opts )
+            erb tpl, opts.merge( layout: false )
+        end
+
+        def layout
+            ERB.new( IO.read( PANEL_BASEDIR + 'layout.html.erb' ) ).result( binding )
+        end
+
+        def panel
+            erb :panel
+        end
+
+        def get_binding
+            binding
+        end
+
+        def clear
+            instance_variables.each { |v| instance_variable_set( v, nil ) }
+        end
+    end
 
-    SHUTDOWN_URL = 'http://arachni.proxy.shutdown/'
 
     MSG_SHUTDOWN = 'Shutting down the Arachni proxy plug-in...'
 
-    MSG_DISALOWED = "You can't access this resource via the Arachni " +
+    MSG_DISALLOWED = "You can't access this resource via the Arachni " +
                     "proxy plug-in for the following reasons:"
 
     MSG_NOT_IN_DOMAIN = 'This resource is on a domain or subdomain' +
@@ -40,200 +158,337 @@ class Proxy < Arachni::Plugin::Base
 
     def prepare
         # don't let the framework run just yet
-        @framework.pause!
-        print_info( "System paused." )
-
-        require @framework.opts.dir['plugins'] + '/proxy/server.rb'
+        framework.pause
+        print_info 'System paused.'
 
-        # foo initialization, we just need it to verify URLs
-        @parser = Arachni::Parser.new( @framework.opts,
-            Typhoeus::Response.new(
-                :effective_url => @framework.opts.url.to_s,
-                :body          => '',
-                :headers_hash  => {}
-            )
-        )
+        require "#{File.dirname( __FILE__ )}/proxy/server"
 
         @server = Server.new(
-            :BindAddress    => @options['bind_address'],
-            :Port           => @options['port'],
-            :ProxyVia       => false,
-            :ProxyContentHandler => method( :handler ),
-            :ProxyURITest   => method( :allowed? ),
-            :AccessLog      => [],
-            :Logger         => WEBrick::Log::new( "/dev/null", 7 )
+             BindAddress:         options['bind_address'],
+             Port:                options['port'],
+             ProxyVia:            false,
+             ProxyContentHandler: method( :response_handler ),
+             ProxyRequestHandler: method( :request_handler ),
+             AccessLog:           [],
+             #Logger:              WEBrick::Log::new( '/dev/null', 7 ),
+             Timeout:             options['timeout']
         )
-    end
-
-    def run
-        print_status( "Listening on: " +
-            "http://#{@server[:BindAddress]}:#{@server[:Port]}" )
 
-        print_status( "Shutdown URL: #{SHUTDOWN_URL}" )
-        print_info( "The scan will resume once you visit the shutdown URL." )
-        @server.start
+        @pages = Set.new
+        @login_sequence = []
     end
 
-    #
-    # Called by the proxy to process each page
-    #
-    def handler( req, res )
+    def run
+        print_status "Listening on: http://#{@server[:BindAddress]}:#{@server[:Port]}"
 
-        if( res.header['content-encoding'] == 'gzip' )
-            res.header.delete( 'content-encoding' )
-            res.body = Zlib::GzipReader.new( StringIO.new( res.body ) ).read
-        end
+        print_status "Shutdown URL: #{url_for( :shutdown )}"
+        print_info 'The scan will resume once you visit the shutdown URL.'
 
-        headers = {}
-        headers.merge!( res.header.dup )     if res.header
-        headers['set-cookie'] = res.cookies if !res.cookies.empty?
+        print_info
+        print_info '*' * 82
+        print_info '* You need to clear your browser\'s cookies for this site before using the proxy! *'
+        print_info '*' * 82
+        print_info
 
-        # proper initialization in order to parse the response into a page
-        @parser = Arachni::Parser.new( @framework.opts,
-            Typhoeus::Response.new(
-                :effective_url => req.unparsed_uri,
-                :body          => res.body,
-                :headers_hash  => headers
-            )
-        )
+        def @server.service( req, res )
+            if req.request_method.downcase == 'connect'
+                super( req, res )
+                return
+            end
 
-        page = @parser.run
-        page = update_forms( page, req ) if req.body
-        page.method = res.request_method
-        page.code   = res.status
+            super( req, res ) if @config[:ProxyRequestHandler].call( req, res )
+        end
 
-        print_info " *  #{page.forms.size} forms"
-        print_info " *  #{page.links.size} links"
-        print_info " *  #{page.cookies.size} cookies"
+        TemplateScope.get.set :params, {}
+        @server.start
+    end
 
-        update_framework_cookies( page, req )
-        @framework.push_to_page_queue( page.dup )
+    def clean_up
+        @pages.each { |p| framework.push_to_page_queue( p ) }
+        framework.resume
+    end
 
-        return res
+    def prepare_pages_for_inspection
+        @pages.select { |p| (p.forms.any? || p.links.any? || p.cookies.any?) && p.text? }
     end
 
-    def update_framework_cookies( page, req )
+    def request_handler( req, res )
+        url    = req.unparsed_uri
+        params = parse_request_body( req.body.to_s ).merge( parse_query( url ) ) || {}
+
+        TemplateScope.get.clear
+        TemplateScope.get.set :page_count, prepare_pages_for_inspection.size
+        TemplateScope.get.set :recording, recording?
 
-        print_debug( 'Updating framework cookies...' )
+        print_status "Requesting #{url}"
 
-        cookies = {}
+        if shutdown?( url )
+            print_status 'Shutting down...'
+            set_response_body( res, erb( :shutdown_message ) )
+            @server.shutdown
+            return
+        end
 
-        if req['Cookie']
-            req['Cookie'].split( ';' ).each{
-                |cookie|
-                k, v = cookie.split( '=', 2 )
-                cookies[k.strip] = v.strip
-            }
+        reasons = []
+        if !system_url?( url )
+            reasons << MSG_NOT_IN_DOMAIN if !path_in_domain?( url )
+            reasons << MSG_EXCLUDED      if exclude_path?( url )
+            reasons << MSG_NOT_INCLUDED  if !include_path?( url )
         end
 
-        page.cookies.each {
-            |cookie|
-            cookies.merge!( cookie.simple )
-        }
+        if reasons.any?
+            print_info MSG_DISALLOWED
+            reasons.each { |reason| print_info "  * #{reason}" }
 
-        if cookies.empty?
-            print_debug( 'Could not extract cookies...' )
+            # forbidden
+            res.status = 403
+            set_response_body( res, erb( '403_forbidden'.to_sym, { reasons: reasons } ) )
             return
-        else
-            print_debug( 'Extracted cookies:' )
-            cookies.each{
-                |k, v|
-                print_debug( "  * #{k} => #{v}" )
-            }
         end
 
-        @framework.http.update_cookies( cookies )
+        @login_sequence << req if recording?
+
+        if url.start_with? url_for( :panel )
+            body =  case res.request_uri.path
+                        when '/'
+                            erb :panel
+
+                        when '/inspect'
+                            erb :inspect,
+                                pages: prepare_pages_for_inspection
+
+                        when '/help'
+                            erb :help
+
+                        when '/record/start'
+                            record_start
+                            erb :panel
+
+                        when '/record/stop'
+                            record_stop
+                            erb :verify_login_check, verify_fail: false, params: {
+                                'url'     => session.opts.login_check_url,
+                                'pattern' => session.opts.login_check_pattern
+                            }
+
+                        when '/verify/login_check'
+
+                            if req.request_method != 'POST'
+                                erb :verify_login_check, verify_fail: false
+                            else
+                                session.set_login_check( params['url'], params['pattern'] )
+
+                                if !session.logged_in?
+                                    erb :verify_login_check, verify_fail: true
+                                else
+                                    erb :verify_login_sequence,
+                                        params: params,
+                                        form:   find_login_form
+                                end
+
+                            end
+
+                        when '/verify/login_sequence'
+
+                            session.login_form = find_login_form
+
+                            logged_in = false
+                            framework.http.sandbox do |http|
+                                http.cookie_jar.clear
+                                session.login
+                                logged_in = session.logged_in?
+                            end
+
+                            erb :verify_login_final, ok: logged_in
+
+                        else
+                            begin
+                                IO.read TemplateScope::PANEL_BASEDIR + res.request_uri.path
+                            rescue Errno::ENOENT
+                                # forbidden
+                                res.status = 404
+                                erb '404_not_found'.to_sym
+                            end
+                        end.to_s
+            set_response_body( res, body )
+            return
+        end
 
+        true
     end
 
-    def update_forms( page, req )
-        params = {}
+    def recording?
+        @record ||= false
+    end
 
-        uri_decode( req.body ).split( '&' ).each {
-            |param|
-            k,v = param.split( '=', 2 )
-            params[k] = v
-        }
+    def record_start
+        @login_sequence = []
+        @record = true
+    end
+    def record_stop
+        @record = false
+    end
 
-        raw = {
-            'attrs' => {
-                'action' => req.unparsed_uri,
-                'method' => req.request_method,
-            }
-        }
+    #
+    # Tries to determine which form is the login one from the logged requests in
+    # the recorded login sequence.
+    #
+    # @return   [Array<Arachni::Element::Form>]
+    #
+    def find_login_form
+        @login_sequence.each do |r|
+            form = find_login_form_from_request( r )
+            return form if form
+        end
+        nil
+    end
 
-        form = ::Arachni::Parser::Element::Form.new( req.unparsed_uri, raw )
-        form.auditable = params
+    #
+    # Goes through all forms which contain password fields and tries to match
+    # them to the given request.
+    #
+    # @param    [WEBrick::HTTPRequest]  request
+    #
+    # @return   [Array<Arachni::Element::Form>]
+    #
+    # @see #forms_with_password
+    #
+    def find_login_form_from_request( request )
+        return if (params = parse_request_body( request.body )).empty?
 
-        page.forms << form
+        f = session.find_login_form( pages:  @pages.to_a,
+                                     action: normalize_url( request.unparsed_uri ),
+                                     inputs: params.keys )
 
-        return page
+        return if !f
+        f.update( params )
     end
 
     #
-    # Checks if the URL is allowed.
+    # Goes through the logged pages and returns all forms which contain password fields
     #
-    # URLs outside the scope of the scan are not allowed.
+    # @return   [Array<Arachni::Element::Form>]
     #
-    def allowed?( uri )
+    def forms_with_password
+        @pages.map { |p| p.forms.select { |f| f.requires_password? } }.flatten
+    end
 
-        url = URI( uri )
+    #
+    # Called by the proxy for each response.
+    #
+    def response_handler( req, res )
+        return res if res.request_method.to_s.downcase == 'connect'
 
-        print_status( 'Requesting: ' + url.to_s )
+        headers = {}
+        headers.merge!( res.header.dup )    if res.header
+        headers['set-cookie'] = res.cookies if !res.cookies.empty?
 
-        # if !(url.to_s =~ /http(s):\/\//)
-        #     url = URI( @framework.opts.url.scheme + '://' + url.to_s )
-        # end
+        page = page_from_response( Typhoeus::Response.new(
+                effective_url: res.request_uri.to_s,
+                body:          res.body,
+                headers_hash:  headers,
+                method:        res.request_method,
+                code:          res.status.to_i
+            )
+        )
+        page = update_forms( page, req, res ) if req.body
 
-        reasons = []
+        print_info " *  #{page.forms.size} forms"
+        print_info " *  #{page.links.size} links"
+        print_info " *  #{page.cookies.size} cookies"
 
-        if shutdown?( url )
-            print_status( 'Shutting down...' )
-            @server.shutdown
-            reasons << MSG_SHUTDOWN
-            return reasons
-        end
+        @pages << page.dup
+        inject_panel( res )
+    end
 
-        @parser.url = @framework.opts.url
+    def inject_panel( res )
+        return res if !res.header['content-type'].to_s.start_with?( 'text/html' )
 
-        reasons << MSG_NOT_IN_DOMAIN if !@parser.in_domain?( url )
-        reasons << MSG_EXCLUDED      if @parser.exclude?( url )
-        reasons << MSG_NOT_INCLUDED  if !@parser.include?( url )
+        body_tag = res.body.match( /<(\s*)body(.*)>/i )
+        res.body.gsub!( body_tag.to_s, "#{body_tag}#{panel_iframe}" )
+        res.header['content-length'] = res.body.size.to_s
+        res
+    end
 
-        if !reasons.empty?
-            print_info( "#{MSG_DISALOWED}" )
-            reasons.each{ |msg| print_info " *  #{msg}" }
-            reasons << MSG_DISALOWED
-        end
+    def panel_iframe
+        <<-HTML
+            <style type='text/css'>
+                .panel {
+                    left:   0px;
+                    top:    0px;
+                    margin: 0px;
+                    width:  100%;
+                    height: 50px;
+                    border: 0px;
+                    position:fixed;
+                }
+                body {
+                    padding-top: 40px;
+                }
+            </style>
+            <iframe class='panel' src='#{TemplateScope::PANEL_URL}'></iframe>
+        HTML
+    end
+
+    def erb( *args )
+        TemplateScope.get.erb( *args )
+    end
+
+    def update_forms( page, req, res )
+        page.forms << Form.new( res.request_uri.to_s,
+            action: res.request_uri.to_s,
+            method: req.request_method,
+            inputs: form_parse_request_body( req.body )
+        )
+        page
+    end
 
-        return reasons
+    def system_url?( url )
+        url.start_with? BASE_URL
     end
 
     def shutdown?( url )
-        return url.to_s == SHUTDOWN_URL
+        url.to_s.start_with? url_for( :shutdown )
     end
 
-    def clean_up
-        @framework.resume!
+    def set_response_body( res, body )
+        res.body = body
+        res.header['content-length'] = res.body.size.to_s
+        res.header['content-type'] = 'text/html' if body =~ /<(\s)*html(\s*)(.*?)>/i
+        res
+    end
+
+    def self.url_for( type )
+        {
+            shutdown: "#{BASE_URL}shutdown",
+            panel:    "#{BASE_URL}panel",
+            inspect:  "#{BASE_URL}panel/inspect",
+        }[type]
+    end
+    def url_for( *args )
+        self.class.url_for( *args )
     end
 
     def self.info
         {
-            :name           => 'Proxy',
-            :description    => %q{Gathers data based on user actions and exchanged HTTP
-                traffic and pushes that data to the framework's page-queue to be audited.
-                It also updates the framework cookies with the cookies of the HTTP requests and
-                responses, thus it can also be used to login to a web application.},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            :version        => '0.1.2',
-            :options        => [
-                Arachni::OptPort.new( 'port', [ false, 'Port to bind to.', 8282 ] ),
-                Arachni::OptAddress.new( 'bind_address', [ false, 'IP address to bind to.', '0.0.0.0' ] )
-            ]
+            name:        'Proxy',
+            description: %q{
+                * Gathers data based on user actions and exchanged HTTP
+                    traffic and pushes that data to the framework's page-queue to be audited.
+                * Updates the framework cookies with the cookies of the HTTP requests and
+                    responses, thus it can also be used to login to a web application.
+                * Supports SSL interception.
+
+                To skip crawling and only audit elements discovered by using the proxy
+                set '--link-count=0'.},
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            version:     '0.2',
+            options:     [
+                 Options::Port.new( 'port', [false, 'Port to bind to.', 8282] ),
+                 Options::Address.new( 'bind_address', [false, 'IP address to bind to.', '0.0.0.0'] ),
+                 Options::Int.new( 'timeout', [false, 'How long to wait for a request to complete, in milliseconds.', 20000] )
+             ]
         }
     end
 
 end
-
-end
-end