arachni 1.0.2 → 1.0.3

data/lib/arachni/element/capabilities/analyzable/differential.rb

@@ -39,6 +39,10 @@ module Differential
         # element under audit.
         respect_method: true,
 
+        # Disable {Arachni::Options#audit_cookies_extensively}, there's little
+        # to be gained in this case and just causes interference.
+        extensively:    false,
+
         # Don't generate or submit any mutations with default or sample inputs.
         skip_original:  true,
 

data/lib/arachni/element/capabilities/analyzable/timeout.rb

@@ -299,6 +299,10 @@ module Timeout
             # any interference during timing attacks.
             skip_original:     true,
 
+            # Disable {Arachni::OptionGroups::Audit#cookies_extensively}, there's little
+            # to be gained in this case and just causes interference.
+            extensively:       false,
+
             # Intercept each element mutation prior to it being submitted and
             # replace the '__TIME__' stub with the actual delay value.
             each_mutation:     proc do |mutation|

data/lib/arachni/element/capabilities/auditable/dom.rb

@@ -6,6 +6,7 @@
     web site for more information on licensing and terms of use.
 =end
 
+require 'forwardable'
 require_relative '../with_node'
 
 module Arachni

data/lib/arachni/element/capabilities/mutable.rb

@@ -202,15 +202,6 @@ module Mutable
             end
         end
 
-        if !opts[:respect_method]
-            elem = switch_method
-            if !generated.include?( elem )
-                print_debug_mutation elem
-                yield elem
-            end
-            generated << elem
-        end
-
         nil
     end
 

data/lib/arachni/element/capabilities/with_auditor/output.rb

@@ -6,6 +6,8 @@
     web site for more information on licensing and terms of use.
 =end
 
+require 'forwardable'
+
 module Arachni
 module Element::Capabilities
 module WithAuditor

data/lib/arachni/element/cookie.rb

@@ -40,6 +40,8 @@ class Cookie < Base
         httponly:    false
     }
 
+    attr_reader :data
+
     # @param    [Hash]  options
     #   For options see {DEFAULT}, with the following extras:
     # @option   options [String]    :url
@@ -175,7 +177,7 @@ class Cookie < Base
     end
 
     # Overrides {Capabilities::Mutable#each_mutation} to handle cookie-specific
-    # limitations and the {Arachni::Options#audit_cookies_extensively} option.
+    # limitations and the {Arachni::OptionGroups::Audit#cookies_extensively} option.
     #
     # @param (see Capabilities::Mutable#each_mutation)
     # @return (see Capabilities::Mutable#each_mutation)
@@ -184,19 +186,22 @@ class Cookie < Base
     #
     # @see Capabilities::Mutable#each_mutation
     def each_mutation( payload, opts = {}, &block )
-        flip = opts.delete( :param_flip )
+        opts        = opts.dup
+        flip        = opts.delete( :param_flip )
+        extensively = opts[:extensively]
+        extensively = Arachni::Options.audit.cookies_extensively? if extensively.nil?
 
         super( payload, opts ) do |elem|
             yield elem
 
-            next if !Arachni::Options.audit.cookies_extensively?
+            next if !extensively
             elem.each_extensive_mutation( elem, &block )
         end
 
         return if !flip
 
         if !valid_input_name_data?( payload )
-            print_debug_level_2 'Payload not supported as input value by' <<
+            print_debug_level_2 'Payload not supported as input name by' <<
                                     " #{audit_id}: #{payload.inspect}"
             return
         end

data/lib/arachni/element/form.rb

@@ -375,8 +375,8 @@ class Form < Base
         # @param   [Arachni::HTTP::Response]    response
         #
         # @return   [Array<Form>]
-        def from_response( response )
-            from_document( response.url, response.body )
+        def from_response( response, ignore_scope = false )
+            from_document( response.url, response.body, ignore_scope )
         end
 
         # Extracts forms from an HTML document.
@@ -386,18 +386,18 @@ class Form < Base
         # @param    [String, Nokogiri::HTML::Document]    document
         #
         # @return   [Array<Form>]
-        def from_document( url, document )
+        def from_document( url, document, ignore_scope = false )
             document = Nokogiri::HTML( document.to_s ) if !document.is_a?( Nokogiri::HTML::Document )
             base_url = (document.search( '//base[@href]' )[0]['href'] rescue url)
 
             document.search( '//form' ).map do |node|
-                next if !(form = from_node( base_url, node ))
+                next if !(form = from_node( base_url, node, ignore_scope ))
                 form.url = url.freeze
                 form
             end.compact
         end
 
-        def from_node( url, node )
+        def from_node( url, node, ignore_scope = false )
             options          = attributes_to_hash( node.attributes )
             options[:url]    = url.freeze
             options[:action] = to_absolute( options[:action], url ).freeze
@@ -405,7 +405,7 @@ class Form < Base
             options[:html]   = node.to_html.freeze
 
             if (parsed_url = Arachni::URI( options[:action] ))
-                return if parsed_url.scope.out?
+                return if !ignore_scope && parsed_url.scope.out?
             end
 
             %w(textarea input select button).each do |attr|

data/lib/arachni/element/header.rb

@@ -46,7 +46,7 @@ class Header < Base
         return if !flip
 
         if !valid_input_name_data?( payload )
-            print_debug_level_2 'Payload not supported as input value by' <<
+            print_debug_level_2 'Payload not supported as input name by' <<
                                     " #{audit_id}: #{payload.inspect}"
             return
         end

data/lib/arachni/framework.rb

@@ -1017,6 +1017,7 @@ class Framework
         state.status = :scanning if !pausing?
 
         push_to_url_queue( options.url )
+        options.scope.extend_paths.each { |url| push_to_url_queue( url ) }
         options.scope.restrict_paths.each { |url| push_to_url_queue( url, true ) }
 
         # Initialize the BrowserCluster.

data/lib/arachni/http/client.rb

@@ -725,6 +725,7 @@ class Client
             print_debug_level_3 "Params: #{request.parameters}"
             print_debug_level_3 "Body: #{request.body}"
             print_debug_level_3 "Headers: #{request.headers}"
+            print_debug_level_3 "Cookies: #{request.cookies}"
             print_debug_level_3 "Train?: #{request.train?}"
             print_debug_level_3  '------------'
         end

data/lib/arachni/option_groups.rb

@@ -8,6 +8,9 @@
 
 require_relative 'option_group'
 
+# We need this to be available prior to loading the rest of the groups.
+require_relative 'option_groups/paths'
+
 Dir.glob( "#{File.dirname(__FILE__)}/option_groups/*.rb" ).each do |group|
     require group
 end

data/lib/arachni/option_groups/paths.rb

@@ -6,6 +6,8 @@
     web site for more information on licensing and terms of use.
 =end
 
+require 'fileutils'
+
 module Arachni::OptionGroups
 
 # Holds paths to the directories of various system components.
@@ -34,19 +36,29 @@ class Paths < Arachni::OptionGroup
         @root       = root_path
         @gfx        = @root + 'gfx/'
         @components = @root + 'components/'
-        @snapshots  = @root + 'snapshots/'
 
-        @logs = ENV['ARACHNI_FRAMEWORK_LOGDIR'] ?
-            "#{ENV['ARACHNI_FRAMEWORK_LOGDIR']}/" : @root + 'logs/'
+        if self.class.config['framework']['snapshots']
+            @snapshots  = self.class.config['framework']['snapshots']
+        else
+            @snapshots  = @root + 'snapshots/'
+        end
+
+        if ENV['ARACHNI_FRAMEWORK_LOGDIR']
+            @logs = "#{ENV['ARACHNI_FRAMEWORK_LOGDIR']}/"
+        elsif self.class.config['framework']['logs']
+            @logs = self.class.config['framework']['logs']
+        else
+            @logs = "#{@root}logs/"
+        end
 
         @checks          = @components + 'checks/'
         @reporters       = @components + 'reporters/'
         @plugins         = @components + 'plugins/'
-        @services   = @components + 'services/'
+        @services        = @components + 'services/'
         @path_extractors = @components + 'path_extractors/'
         @fingerprinters  = @components + 'fingerprinters/'
 
-        @lib     = @root + 'lib/arachni/'
+        @lib = @root + 'lib/arachni/'
 
         @executables = @lib + 'processes/executables/'
         @support     = @lib + 'support/'
@@ -54,10 +66,55 @@ class Paths < Arachni::OptionGroup
         @arachni     = @lib[0...-1]
     end
 
-    # @return   [String]    Root path of the framework.
     def root_path
+        self.class.root_path
+    end
+
+    # @return   [String]    Root path of the framework.
+    def self.root_path
         File.expand_path( File.dirname( __FILE__ ) + '/../../..' ) + '/'
     end
 
+    def config
+        self.class.config
+    end
+
+    def self.paths_config_file
+        "#{root_path}config/write_paths.yml"
+    end
+
+    def self.clear_config_cache
+        @config = nil
+    end
+
+    def self.config
+        return @config if @config
+
+        if !File.exist?( paths_config_file )
+            @config = {}
+        else
+            @config = YAML.load( IO.read( paths_config_file ) )
+        end
+
+        @config['framework'] ||= {}
+        @config['cli']       ||= {}
+
+        @config.dup.each do |category, config|
+            config.dup.each do |subcat, dir|
+                if dir.to_s.empty?
+                    @config[category].delete subcat
+                    next
+                end
+
+                dir.gsub!( '~', ENV['HOME'] )
+                dir << '/' if !dir.end_with?( '/' )
+
+                FileUtils.mkdir_p dir
+            end
+        end
+
+        @config
+    end
+
 end
 end

data/lib/arachni/option_groups/snapshot.rb

@@ -17,6 +17,10 @@ class Snapshot < Arachni::OptionGroup
     # @see Framework#suspend
     attr_accessor :save_path
 
+    def initialize
+        @save_path = Paths.config['framework']['snapshots']
+    end
+
 end
 end
 

data/lib/arachni/session.rb

@@ -116,8 +116,6 @@ class Session
     #   Pages to look through.
     # @option opts [String] :url
     #   URL to fetch and look for forms.
-    # @option opts [Bool] :with_browser
-    #   Does the login form require a {Browser} environment?
     #
     # @param    [Block] block
     #   If a block and a :url are given, the request will run async and the
@@ -151,17 +149,19 @@ class Session
                     opts[:forms]
                 elsif (url = opts[:url])
                     http_opts = {
-                        precision: false,
-                        http:      {
-                            update_cookies:  true,
-                            follow_location: true
-                        }
+                        update_cookies:  true,
+                        follow_location: true
                     }
 
                     if async
-                        page_from_url( url, http_opts ) { |p| block.call find.call( p.forms ) }
+                        http.get( url, http_opts ) do |r|
+                            block.call find.call( forms_from_response( r, true ) )
+                        end
                     else
-                        page_from_url( url, http_opts ).forms
+                        forms_from_response(
+                            http.get( url, http_opts.merge( mode: :sync ) ),
+                            true
+                        )
                     end
                 end
 
@@ -212,25 +212,71 @@ class Session
     def login
         fail Error::NotConfigured, 'Please #configure the session first.' if !configured?
 
-        refresh_browser
+        if has_browser?
+            print_debug 'Logging in using browser.'
+        else
+            print_debug 'Logging in without browser.'
+        end
+
+        print_debug "Grabbing page at: #{configuration[:url]}"
+
+        # Revert to the Framework DOM Level 1 page handling if no browser
+        # is available.
+        page = refresh_browser ?
+            browser.load( configuration[:url], take_snapshot: false ).to_page :
+            Page.from_url( configuration[:url], precision: 1, http: {
+                update_cookies: true
+            })
+
+        print_debug "Got page with URL #{page.url}"
 
         form = find_login_form(
-            pages:  browser.load( configuration[:url] ).to_page,
+            # We need to reparse the body in order to override the scope
+            # and thus extract even out-of-scope forms in case we're dealing
+            # with a Single-Sign-On situation.
+            forms:  forms_from_document( page.url, page.body, true ),
             inputs: configuration[:inputs].keys
         )
 
         if !form
+            print_debug_level_2 page.body
             fail Error::FormNotFound,
                  "Login form could not be found with: #{configuration}"
         end
 
-        form.dom.update configuration[:inputs]
-        form.dom.auditor = self
+        print_debug "Found login form: #{form.id}"
+
+        form.page = page
+
+        # Use the form DOM to submit if a browser is available.
+        form = form.dom if has_browser?
+
+        form.update configuration[:inputs]
+        form.auditor = self
+
+        print_debug "Updated form inputs: #{form.inputs}"
 
         page = nil
-        form.dom.submit { |p| page = p }
+        if has_browser?
+            print_debug 'Submitting form.'
+            form.submit { |p| page = p }
+            print_debug 'Form submitted.'
 
-        http.update_cookies browser.cookies
+            http.update_cookies browser.cookies
+        else
+            page = form.submit(
+                mode:            :sync,
+                follow_location: false,
+                update_cookies:  true
+            ).to_page
+
+            if page.response.redirection?
+                url  = to_absolute( page.response.headers.location, page.url )
+                print_debug "Redirected to: #{url}"
+
+                page = Page.from_url( url, precision: 1, http: { update_cookies: true } )
+            end
+        end
 
         page
     end
@@ -256,7 +302,8 @@ class Session
         fail Error::NoLoginCheck if !has_login_check?
 
         http_options = http_options.merge(
-            mode: block_given? ? :async : :sync
+            mode:            block_given? ? :async : :sync,
+            follow_location: true
         )
 
         bool = nil
@@ -278,6 +325,10 @@ class Session
         HTTP::Client
     end
 
+    def has_browser?
+        Browser.has_executable? && Options.scope.dom_depth_limit > 0
+    end
+
     private
 
     def shutdown_browser
@@ -288,8 +339,13 @@ class Session
     end
 
     def refresh_browser
+        return if !has_browser?
+
         shutdown_browser
-        @browser = Browser.new
+
+        # The session handling browser needs to be able to roam free in order
+        # to support SSO.
+        @browser = Browser.new( store_pages: false, ignore_scope: true )
     end
 
 end

data/lib/arachni/state/audit.rb

@@ -6,6 +6,8 @@
     web site for more information on licensing and terms of use.
 =end
 
+require 'forwardable'
+
 module Arachni
 class State