RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/http/client/dynamic_404_handler.rb CHANGED

@@ -161,16 +161,14 @@ class Dynamic404Handler
             current_signature = (preliminary_signatures_for( url )[i] ||= {})
             PRECISION.times do
-                Client.get( generator.call,
-                            # This is important, helps us reduce waiting callers.
-                            high_priority:   true,
-                            performer:       self
-                ) do |c_res|
+                request( generator.call ) do |c_res|
                     next if corrupted
+                    print_debug "#{__method__} [gathering]: #{c_res.request.url} #{c_res.url} #{c_res.code} #{block}"
                     # Well, bad luck, bail out to avoid FPs.
-                    if c_res.code == 0
-                        print_debug "#{__method__} [corrupted]: #{url} #{block}"
+                    if corrupted_response?( c_res )
+                        print_debug "#{__method__} [corrupted]: #{url} #{c_res.code} #{block}"
                         corrupted = true
                         next clear_data_for( url )
                     end
@@ -217,15 +215,13 @@ class Dynamic404Handler
             current_signature = (advanced_signatures_for( url )[i] ||= {})
             PRECISION.times do
-                Client.get( generator.call,
-                            # This is important, helps us reduce waiting callers.
-                            high_priority:   true,
-                            performer:       self
-                ) do |c_res|
+                request( generator.call ) do |c_res|
                     next if corrupted
+                    print_debug "#{__method__} [gathering]: #{c_res.request.url} #{c_res.url} #{c_res.code} #{block}"
                     # Well, bad luck, bail out to avoid FPs.
-                    if c_res.code == 0
+                    if corrupted_response?( c_res )
                         print_debug "#{__method__} [corrupted]: #{url} #{block}"
                         corrupted = true
                         next clear_data_for( url )
@@ -305,7 +301,20 @@ class Dynamic404Handler
     def needs_advanced_analysis?( url )
         uri = uri_parse( url )
         resource_name = uri.resource_name.to_s.split('.').tap(&:pop).join('.')
-        !!(!resource_name.empty? || uri.resource_extension)
+        !!(
+            !resource_name.empty? ||
+            uri.resource_extension ||
+            uri.resource_name.to_s.include?( '~' )
+        )
+    end
+    # If this is neither a regular 404 nor a 202 the server probably freaked out
+    # -- 500 errors under stress and the like.
+    #
+    # In that case we should bail out to avoid corrupted signatures which can
+    # lead to FPs.
+    def corrupted_response?( response )
+        response.code != 404 && response.code != 200
     end
     def url_for( url )
@@ -387,9 +396,32 @@ class Dynamic404Handler
             probes << proc { up_to_path + random_string + '.' + resource_extension }
         end
+        if uri.resource_name.include?( '~' )
+            probes << proc {
+                up_to_path.sub(
+                    uri.resource_name,
+                    resource_name.gsub( '~', '~~' )
+                )
+            }
+        end
         probes
     end
+    def request( url, &block )
+        Client.get( url,
+            # This is important, helps us reduce waiting callers.
+            high_priority: true,
+            # We're going to be checking for a lot of non-existent resources,
+            # don't bother fingerprinting them
+            fingerprint:   false,
+            performer:     self,
+            &block
+        )
+    end
     def data_for( url )
         @signatures[url_for( url )] ||= signature_prototype
     end

data/lib/arachni/http/headers.rb CHANGED

@@ -18,13 +18,28 @@ module HTTP
 # @author Tasos Laskos <tasos.laskos@arachni-scanner.com>
 class Headers < Hash
+    FORMATTED_NAMES_CACHE = Support::Cache::LeastRecentlyPushed.new( 100 )
+    CONTENT_TYPE = 'content-type'
+    SET_COOKIE   = 'set-cookie'
+    LOCATION     = 'location'
     # @param  [Headers, Hash] headers
     def initialize( headers = {} )
         merge!( headers || {} )
     end
     def merge!( headers )
-        headers.each { |k, v| self[k] = v }
+        headers.each do |k, v|
+            # Handle headers with identical normalized names, like a mixture of
+            # Set-Cookie and SET-COOKIE.
+            if include? k
+                self[k] = [self[k]].flatten
+                self[k] << v
+            else
+                self[k] = v
+            end
+        end
     end
     # @note `field` will be capitalized appropriately before storing.
@@ -77,20 +92,20 @@ class Headers < Hash
     # @return   [String, nil]
     #   Value of the `Content-Type` field.
     def content_type
-        self['content-type']
+        self[CONTENT_TYPE]
     end
     # @return   [String, nil]
     #   Value of the `Location` field.
     def location
-        self['location']
+        self[LOCATION]
     end
     # @return   [Array<String>]
     #   Set-cookie strings.
     def set_cookie
-        return [] if self['set-cookie'].to_s.empty?
-        [self['set-cookie']].flatten
+        return [] if self[SET_COOKIE].to_s.empty?
+        [self[SET_COOKIE]].flatten
     end
     # @return   [Array<Hash>]
@@ -119,15 +134,12 @@ class Headers < Hash
     end
     def self.format_field_name( field )
-        # return field
         # If there's a '--' somewhere in there then skip it, it probably is an
         # audit payload.
         return field if field.include?( '--' )
-        @formatted ||= Hash.new
-        @formatted[field.downcase.hash] ||=
-            field.to_s.split( '-' ).map( &:capitalize ).join( '-' )
+        FORMATTED_NAMES_CACHE[field] ||=
+            field.split( '-' ).map( &:capitalize ).join( '-' )
     end
 end

data/lib/arachni/http/proxy_server.rb CHANGED

@@ -21,11 +21,17 @@ module HTTP
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class ProxyServer < WEBrick::HTTPProxyServer
-    INTERCEPTOR_CERTIFICATE =
-        File.dirname( __FILE__ ) + '/proxy_server/ssl-interceptor-cert.pem'
+    CACHE = {
+        format_field_name: Support::Cache::LeastRecentlyPushed.new( 100 )
+    }
-    INTERCEPTOR_PRIVATE_KEY =
-        File.dirname( __FILE__ ) + '/proxy_server/ssl-interceptor-pkey.pem'
+    SKIP_HEADERS = Set.new( HopByHop | ['content-encoding'] )
+    INTERCEPTOR_CA_CERTIFICATE =
+        File.dirname( __FILE__ ) + '/proxy_server/ssl-interceptor-cacert.pem'
+    INTERCEPTOR_CA_KEY =
+        File.dirname( __FILE__ ) + '/proxy_server/ssl-interceptor-cakey.pem'
     # @param   [Hash]  options
     # @option options   [String]    :address    ('0.0.0.0')
@@ -168,8 +174,12 @@ class ProxyServer < WEBrick::HTTPProxyServer
     # @see #service
     # @see Webrick::HTTPProxyServer#service
     def do_CONNECT( req, res )
+        host = req.unparsed_uri.split(':').first
         req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port}" )
-        start_ssl_interceptor
+        start_ssl_interceptor( host )
         super( req, res )
     end
@@ -177,8 +187,10 @@ class ProxyServer < WEBrick::HTTPProxyServer
     #   Merges the given HTTP options with some default ones.
     def http_opts( options = {} )
         options.merge(
+            performer:         self,
             # Don't follow redirects, the client should handle this.
-            follow_location: false,
+            follow_location:   false,
             # Set the HTTP request timeout.
             timeout:           @options[:timeout],
@@ -198,18 +210,54 @@ class ProxyServer < WEBrick::HTTPProxyServer
     # Starts the SSL interceptor proxy server.
     #
     # The interceptor will listen on {#interceptor_port}.
-    def start_ssl_interceptor
+    def start_ssl_interceptor( host )
         return @interceptor if @interceptor
+        ca     = OpenSSL::X509::Certificate.new( File.read( INTERCEPTOR_CA_CERTIFICATE ) )
+        ca_key = OpenSSL::PKey::RSA.new( File.read( INTERCEPTOR_CA_KEY ) )
+        keypair = OpenSSL::PKey::RSA.new( 4096 )
+        req            = OpenSSL::X509::Request.new
+        req.version    = 0
+        req.subject    = OpenSSL::X509::Name.parse(
+            "CN=#{host}/subjectAltName=#{host}/O=Arachni/OU=Proxy/L=Athens/ST=Attika/C=GR"
+        )
+        req.public_key = keypair.public_key
+        req.sign( keypair, OpenSSL::Digest::SHA1.new )
+        cert            = OpenSSL::X509::Certificate.new
+        cert.version    = 2
+        cert.serial     = rand( 999999 )
+        cert.not_before = Time.new
+        cert.not_after  = cert.not_before + (60 * 60 * 24 * 365)
+        cert.public_key = req.public_key
+        cert.subject    = req.subject
+        cert.issuer     = ca.subject
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate  = ca
+        cert.extensions = [
+            ef.create_extension( 'basicConstraints', 'CA:FALSE', true ),
+            ef.create_extension( 'extendedKeyUsage', 'serverAuth', false ),
+            ef.create_extension( 'subjectKeyIdentifier', 'hash' ),
+            ef.create_extension( 'authorityKeyIdentifier', 'keyid:always,issuer:always' ),
+            ef.create_extension( 'keyUsage',
+                'nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment',
+                true
+            )
+        ]
+        cert.sign( ca_key, OpenSSL::Digest::SHA1.new )
         # The interceptor is only used for SSL decryption/encryption, the actual
         # proxy functionality is forwarded to the plain proxy server.
         @interceptor = self.class.new(
             address:        '127.0.0.1',
             port:            interceptor_port,
-            ssl_certificate:
-                OpenSSL::X509::Certificate.new( File.read( INTERCEPTOR_CERTIFICATE ) ),
-            ssl_private_key:
-                OpenSSL::PKey::RSA.new( File.read( INTERCEPTOR_PRIVATE_KEY ) ),
+            ssl_certificate: cert,
+            ssl_private_key: keypair,
             service_handler: method( :proxy_service )
         )
@@ -283,24 +331,21 @@ class ProxyServer < WEBrick::HTTPProxyServer
     # @param    [#[]=]    dst
     #   Headers of the forwarded/proxy response.
     def choose_header( src, dst )
-        connections = split_field( [src['connection']].flatten.first )
+        connections = Set.new( split_field( [src['connection']].flatten.first ) )
         src.each do |key, value|
             key = key.downcase
+            next if SKIP_HEADERS.include?( key ) || connections.include?( key )
-            if HopByHop.member?( key )          || # RFC2616: 13.5.1
-                connections.member?( key )      || # RFC2616: 14.10
-                key == 'content-encoding'
-                @logger.debug( "choose_header: `#{key}: #{value}'" )
-                next
-            end
-            field = key.to_s.split( /_|-/ ).
-                map { |segment| segment.capitalize }.join( '-' )
-            dst[field] = value
+            dst[self.class.format_field_name( key )] = value
         end
     end
+    def self.format_field_name( field )
+        CACHE[:format_field_name][field] ||=
+            field.split( /_|-/ ).map( &:capitalize ).join( '-' )
+    end
 end
 end
 end

data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem ADDED

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCR1Ix
+DzANBgNVBAgMBkF0dGlrYTEPMA0GA1UEBwwGQXRoZW5zMRAwDgYDVQQKDAdBcmFj
+aG5pMQ4wDAYDVQQLDAVQcm94eTEQMA4GA1UEAwwHQXJhY2huaTEqMCgGCSqGSIb3
+DQEJARYbYXJhY2huaUBhcmFjaG5pLXNjYW5uZXIuY29tMB4XDTE1MDYxNDAyMDgz
+MVoXDTI1MDYxMTAyMDgzMVowgY8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRp
+a2ExDzANBgNVBAcMBkF0aGVuczEQMA4GA1UECgwHQXJhY2huaTEOMAwGA1UECwwF
+UHJveHkxEDAOBgNVBAMMB0FyYWNobmkxKjAoBgkqhkiG9w0BCQEWG2FyYWNobmlA
+YXJhY2huaS1zY2FubmVyLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAKfH1iQiuG8zYS514F8zZLp8//00gPIML7+wcJn4cw2iN+yEix6RuZEIzqva
+TfC4H6lZTyUhsoGZCeYAzzH9BMri/9uHJF+4worPfVKYIsm3TnMOVYoIC1kP1/Gj
+Y1ih8KI/3baw0pddtJJeQ5/GjDaxx4+ynY4ZxrNcFmbTYXSrPcd62V/D4+edVnLi
+uQsUezWYx7gNFiAuPRtlgJVBwzRoPV+Fh7Es2/SfmNSfGBCCYOpj4Fh0GOv7pSV0
+9TeF1W/XqDoq/eZ7RzLXoFK0Rz70/22MnFWAIdEUHZqwh3ktndNEK2QHq9FRGUx8
+cUlXVAJgYv8tTErYVBltKIi2qgbnkh0Rb+rT2OkgmSL9lg0PwpXChMeSo6o6riC7
+5a8PQi6OmIseY742QYmBXApXDHtSzaY8onHUvqgxFrFpP0Bmca3AoF6kWQfXfRwS
+ClMLwfBBDVeb+Tt97MO1G4m2VEW6c7o9H1t4td55LGslUzfJrmFe99vjAtdRTVqG
+t3qDjbYi5VpE9kIyKcPHZkSKelMQ4VO1qB14CdaK/3ufqHTk7Ro2hKgstKDqnTCF
+R7Qb9yXFsb1QyNtW8898T5mQm0HWQxdkaxcodizVjY5inHgqNwPa7A469EYFm5in
+dLSOQtdPOV4q+y5lfhA2MkE3pRdSZPpnTqCEkSVVoKfdVlftAgMBAAGjUDBOMB0G
+A1UdDgQWBBRvmR7gGqIfTQB0GygwgI22Kyr1bDAfBgNVHSMEGDAWgBRvmR7gGqIf
+TQB0GygwgI22Kyr1bDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAx
+g+ZjxJZXW1dYkc9ItXwAZba7oQJapLPu1iWCFy5cU13gck2MwDqfaDApNdr+erHg
+WN7N+smMO+x3+lZZptzTfc6g/hBthBBAnetj8CUehjnWCo3aBGgVLE/mIEyHyFym
+JX6xgcNYpvEzHT2o3Kmu/dAHCqY/3P9NtGJMhf7fy/Zz72tGY+ZTlthFSGWOjIEV
+KXTtYnRUKmIRBLMacZmrJKIZCp/qGVSnFh9yjxHTWPNXXngGMxF9ItsFbdakjefn
+hi2sHqns6/YbMaD2wK42dRQH1wH66DCGbyDPQO2j8iGK1q4Ggps+mGNYNBzMSAO/
+ybdGRLQNq8ag7RXr/tNp/jYHopS/Ga0+3bOnCKf6MXNOolknSZhsOo16BWKDRd+d
+m9ZTlro9AQr9+jdychG41IQNHXySrC5F1jLtzpEE5CJZIXkEFNYRcO9HMByJ3qwG
+759oYcMklwhU+NSC5qXpD2Z9KGf5rc0HmoO6OyD4T8hnQXkuAqoIN/NBg6YSNisN
+H2C2gbl+taRLt0/RVCiacylo5pl3XSZuQxtGaQl55gRXQDPnlfB2CtIrV44gHZOJ
+88s+Ld9h44aoT2rWbLld6dU5ElZXWEJOim+aYKJewxX7PwEHn4iCpvMLu+4jXH3j
+OkDTHheVJkxyhTDQ43ebg3/qi4yFaQyAHk3bQItwCw==
+-----END CERTIFICATE-----

data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem ADDED

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAp8fWJCK4bzNhLnXgXzNkunz//TSA8gwvv7BwmfhzDaI37ISL
+HpG5kQjOq9pN8LgfqVlPJSGygZkJ5gDPMf0EyuL/24ckX7jCis99UpgiybdOcw5V
+iggLWQ/X8aNjWKHwoj/dtrDSl120kl5Dn8aMNrHHj7KdjhnGs1wWZtNhdKs9x3rZ
+X8Pj551WcuK5CxR7NZjHuA0WIC49G2WAlUHDNGg9X4WHsSzb9J+Y1J8YEIJg6mPg
+WHQY6/ulJXT1N4XVb9eoOir95ntHMtegUrRHPvT/bYycVYAh0RQdmrCHeS2d00Qr
+ZAer0VEZTHxxSVdUAmBi/y1MSthUGW0oiLaqBueSHRFv6tPY6SCZIv2WDQ/ClcKE
+x5KjqjquILvlrw9CLo6Yix5jvjZBiYFcClcMe1LNpjyicdS+qDEWsWk/QGZxrcCg
+XqRZB9d9HBIKUwvB8EENV5v5O33sw7UbibZURbpzuj0fW3i13nksayVTN8muYV73
+2+MC11FNWoa3eoONtiLlWkT2QjIpw8dmRIp6UxDhU7WoHXgJ1or/e5+odOTtGjaE
+qCy0oOqdMIVHtBv3JcWxvVDI21bzz3xPmZCbQdZDF2RrFyh2LNWNjmKceCo3A9rs
+Djr0RgWbmKd0tI5C1085Xir7LmV+EDYyQTelF1Jk+mdOoISRJVWgp91WV+0CAwEA
+AQKCAgAo/qXvDGC+IvKy1HBvMnKBMnul1YdQHPQpxSWuKUuLYECD1NrdLEQIEPvW
+d6+lioeJ7F1vOC2Sht8pSLdXgngCTravX/TeQpmeKxZ28N9HJDfR2wXBhTeomjts
+OjzS8jaGnk5BDjFWdLnjLY8eYffugT++d6kRiHDJcE208B8Wz6R3siecw5NTC1mN
+FqKZ93YnYV4jNWdbk5CwuftR/NCCZJniVhESlGBmA/zmrrzFg+XEP4UYd72DI2h1
+n38vAs9k1W+wTsLc5vA9lvwAWTYzRs+GZ93m8jjRCjY1jr57OE8gyL5FYa50pXkl
+/B3+Co1nSz/FE79ZZkQeNlK6HM+sHM5K0UILW+lKcDci+ABGH9mwkEtJwvg6XkhZ
+2iGyBaXtEObzaDugZoNuttAURbA32r9kRJNtPXP/Q0/fkQHTpd70iq9ax0Ztdh3H
+hatt9VxN3h+NVl4xfZrBJdQYUrxb6wrraABnz7QUmRpHMulgaSnAIXe4MvZEleKe
+tAZg9sIRzzYy1bkQLdwgwTHuNNUm6usiK7HRBv94R4PycPsXTAq8CSGp0FheSW+S
+QmFCeJhaEaNGRC5mp5Wk7sycVrKDu63ch8cABdFewTuB7LZCnviY/9CGdfu+LFgD
+bQGEqq+OxHXOr6xb5c7W5LY7oxWafab6OohHPOulcxEIOF3NzQKCAQEA2gvN9i97
++ntPXg4q4uk3rq6QpLke+q6MjM289xaNgkN2fQthxAzo3bK7yc7+zKbmKXIxrb0n
+GWWY/xTci6NS8W44YxdwZNB0LORa6gkpH3znsYLa4HsOYQTtLDu/6rOwE+EUwPA/
+UUp1TaseD0+eV8Jrz8whqdU33wUSs2mi6R7kYcb8J9PXnlHz9qw3TuPPug2Tt7Q8
+AmydJ/XiniEN2gF0DS3+99cbqLb2C7CeX7W+E8sxYRs2tQliWIMYr1iXDkKRi2Qb
+KnUQWD/N4WwNYQ6mwYKwc6J1T37Ucp5FWYwVBqa5vV1KbrXb4JLJCWqwsy+mpE+i
+wlfVVKgIi/j7ywKCAQEAxPwv8GBx84amUVBLPAUo5LPFhTOvZmHGNMNvYjVdk5Ud
+B37M3XbQMiTKQoeDII4Rr1cnkLUDm4eqgROkmlBAJZB9QLIrc87Hre8jW3eucU8y
+kVc90yUprc7WmvOcF1zilvjcNbt2gsVlmhbWuyqqn1aWfzvxjzqUXW6Xju0jD0wi
+a5qeMOVhJXrSTdy0gjZ7qg4BVWr01rIAuqifBKt7En9ynxqI4XEyzK9RYpex3ek1
+yJzVAW3fn/HN1pKpBLS6QOsUtqWQDQKGZM6zYDR49mnUuTWYkhh3pXeHQ3uNsJwR
+wS+FPu8YaiodGLXclwTmLZz093D7eChsoAjDvvB0JwKCAQEAtOVkOyFL5xQUVYDF
+fblkk8yJfc+DbxAO1OX/JrMUNYUIsVcXBhJ7wyn8d8H+TAUPIEV4B57M6FoMo1tI
+WaTnNBtwNm2Etm7mYzQUZOOytUfn5LIeKmyNElqG9dKgNvRaWTO8BxGKRkPSq9wS
+NTulr0NCNIQzTXXyQ1kvGZ/DI0qYyLHQEq7CzLtK/lQEErQXa1DGQ3sI6i339+Yb
+23qqxjm8cQ6+4Bka/k7ENBCUY+0gw8Uos1pjebBOYgZpHVgPAiqiGxWzH/c81yog
+ASumseX43MQy5cxbLNeZI3pBKLh53SnHIN5b2RuRTnAYz3IvJImc4+aZrkg2WWSK
+qq2nHwKCAQAaqR8743HIygKcosdr+i7MtWAYZSRqMPWIkqLyodJmdRoWt5y2pKwM
+/Vm6o2il8VSHbL5YIYe5dyUmjygKEq575xBsvzCOXgA8lE8uxAYCI/vuG+asOy1m
+7sWw9yO7LcElOc1kIFkr3deggVLSxjWNl0SLN+u7vOvzsVIl8AZ8vYszERwz9feu
+AO+RxjtQHFukanzXuMAmhrT+jm/nS+Y+XK2AxzCbgpyjg176fxl9tWCoJEHYDazk
+ku+PCQ6DKorC2o5VIhdbC2pxHmC8tp1gjHZUEuLxcwpOhNzzzzcgHh9xDCN2nxmo
+1MZXX9XZQrp8le+5xbrjSmVZS5Zis1ylAoIBADOMSmu//rdDwCwptRByopmLiE+S
+2AayD1Xk7X9YjkotXNYttOfnnnXq6pyEj4X0c0ISL9MkyADJ6+mx5GWH6yQlWIjo
+T00AcL5//IreAIRGluUhkFeI45QvgFfinKRiIN9YzAqhNHCEM7lEYGhMygD0OK0Y
+ZluvUvYshFLXbZA7+rYCzLM5FgeY2dxMJ4lIiXZwC5cbE95mf6bGlGb8/deBp0eW
+iGVyOSoY/Eh6qDDrQV4FOFRVFg7+9CKr8VDNizKTE6/JZFOb/F85QLwzx1zaJD1A
+FmGleWRh50XEaSAB0lA4LPWUl/m6r45bB03d9A6mx4axgl7ttjaIz6Vw9WQ=
+-----END RSA PRIVATE KEY-----

data/lib/arachni/http/request.rb CHANGED

@@ -101,9 +101,6 @@ class Request < Message
     #   Maximum HTTP response size to accept, in bytes.
     attr_accessor :response_max_size
-    # @private
-    attr_accessor :root_redirect_id
     # @param  [Hash]  options
     #   Request options.
     # @option options [String] :url
@@ -129,6 +126,7 @@ class Request < Message
         super( options )
         @train           = false if @train.nil?
+        @fingerprint     = true  if @fingerprint.nil?
         @update_cookies  = false if @update_cookies.nil?
         @follow_location = false if @follow_location.nil?
         @max_redirects   = (Options.http.request_redirect_limit || REDIRECT_LIMIT)
@@ -265,6 +263,13 @@ class Request < Message
         !!@follow_location
     end
+    # @return   [Bool]
+    #   `true` if the {Response} should be {Platform::Manager.fingerprint fingerprinted}
+    #   for platforms, `false` otherwise.
+    def fingerprint?
+        @fingerprint
+    end
     # @return   [Bool]
     #   `true` if the {Response} should be analyzed by the {Trainer}
     #   for new elements, `false` otherwise.
@@ -343,6 +348,10 @@ class Request < Message
             accept_encoding: 'gzip, deflate',
             nosignal:        true,
+            # If Content-Length is missing this option will have no effect, so
+            # we'll also stream the body to make sure that we can at least abort
+            # the reading of the response body if it exceeds this limit.
             maxfilesize:     max_size,
             # Don't keep the socket alive if this is a blocking request because
@@ -384,17 +393,25 @@ class Request < Message
             end
         end
-        curl = parsed_url.query ? url.gsub( "?#{parsed_url.query}", '' ) : url
-        r = Typhoeus::Request.new( curl, options )
+        curl             = parsed_url.query ? url.gsub( "?#{parsed_url.query}", '' ) : url
+        typhoeus_request = Typhoeus::Request.new( curl, options )
         if @on_complete.any?
-            r.on_complete do |typhoeus_response|
+            response_body_buffer = ''
+            set_body_reader( typhoeus_request, response_body_buffer )
+            typhoeus_request.on_complete do |typhoeus_response|
+                if typhoeus_request.options[:maxfilesize]
+                    typhoeus_response.options[:response_body] =
+                        response_body_buffer
+                end
                 fill_in_data_from_typhoeus_response typhoeus_response
                 handle_response Response.from_typhoeus( typhoeus_response )
             end
         end
-        r
+        typhoeus_request
     end
     def to_h
@@ -480,33 +497,69 @@ class Request < Message
                 h
             end
         end
+        def encode( string )
+            @easy ||= Ethon::Easy.new( url: 'www.example.com' )
+            @easy.escape string
+        end
     end
     def prepare_headers
-        headers['Cookie'] = effective_cookies.
-            map { |k, v| "#{Cookie.encode( k )}=#{Cookie.encode( v )}" }.
-            join( ';' )
-        headers.delete( 'Cookie' ) if headers['Cookie'].empty?
         headers['User-Agent'] ||= Options.http.user_agent
         headers['Accept']     ||= 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
         headers['From']       ||= Options.authorized_by if Options.authorized_by
         headers.each { |k, v| headers[k] = Header.encode( v ) if v }
+        headers['Cookie'] = effective_cookies.
+            map { |k, v| "#{Cookie.encode( k )}=#{Cookie.encode( v )}" }.
+            join( ';' )
+        headers.delete( 'Cookie' ) if headers['Cookie'].empty?
+        headers
     end
     private
+    def client_run
+        typhoeus_request = to_typhoeus
+        response_body_buffer = ''
+        set_body_reader( typhoeus_request, response_body_buffer )
+        typhoeus_response = typhoeus_request.run
+        if typhoeus_request.options[:maxfilesize]
+            typhoeus_response.options[:response_body] = response_body_buffer
+        end
+        fill_in_data_from_typhoeus_response typhoeus_response
+        Response.from_typhoeus( typhoeus_response )
+    end
     def fill_in_data_from_typhoeus_response( response )
-        @headers_string = response.debug_info.header_out.first
-        @effective_body = response.debug_info.data_out.first
+        # Only grab the last data.
+        # In case of CONNECT calls for HTTPS via proxy the first data will be
+        # the proxy-related stuff.
+        @headers_string = response.debug_info.header_out.last
+        @effective_body = response.debug_info.data_out.last
     end
-    def client_run
-        response = to_typhoeus.run
-        fill_in_data_from_typhoeus_response response
+    def set_body_reader( typhoeus_request, buffer )
+        return if !typhoeus_request.options[:maxfilesize]
-        Response.from_typhoeus( response )
+        aborted = nil
+        typhoeus_request.on_body do |chunk|
+            next aborted if aborted
+            if buffer.size >= typhoeus_request.options[:maxfilesize]
+                buffer.clear
+                next aborted = :abort
+            end
+            buffer << chunk
+        end
     end
 end