arachni 1.4 → 1.6.0

data/lib/arachni/http/client.rb

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -85,6 +85,8 @@ class Client
     # Default 1 minute timeout for HTTP requests.
     HTTP_TIMEOUT = 60_000
 
+    SEED_HEADER_NAME = 'X-Arachni-Scan-Seed'
+
     # @return   [String]
     #   Framework target URL, used as reference.
     attr_reader :url
@@ -129,12 +131,13 @@ class Client
 
         headers.clear
         headers.merge!(
-            'Accept'          => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
-            'User-Agent'      => Options.http.user_agent,
-            'Accept-Language' => 'en-US,en;q=0.8,he;q=0.6'
+            'Accept'              => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+            'User-Agent'          => Options.http.user_agent,
+            'Accept-Language'     => 'en-US,en;q=0.8,he;q=0.6',
+            SEED_HEADER_NAME      => Arachni::Utilities.random_seed
         )
         headers['From'] = Options.authorized_by if Options.authorized_by
-        headers.merge!( Options.http.request_headers )
+        headers.merge!( Options.http.request_headers, false )
     end
 
     # @return   [Arachni::HTTP]
@@ -358,14 +361,16 @@ class Client
         fail ArgumentError, 'URL cannot be empty.' if !url
 
         options     = options.dup
-        cookies     = options.delete( :cookies ) || {}
-        raw_cookies = []
+        cookies     = options.delete( :cookies )     || {}
+        raw_cookies = options.delete( :raw_cookies ) || []
+        raw_cookie_names = Set.new( raw_cookies.map(&:name) )
 
         exception_jail false do
             if !options.delete( :no_cookie_jar )
-                raw_cookies = begin
+                raw_cookies |= begin
                     cookie_jar.for_url( url ).reject do |c|
-                        cookies.include? c.name
+                        cookies.include?( c.name ) ||
+                            raw_cookie_names.include?( c.name )
                     end
                 rescue => e
                     print_error "Could not get cookies for URL '#{url}' from Cookiejar (#{e})."
@@ -374,13 +379,34 @@ class Client
                 end
             end
 
+            on_headers    = options.delete(:on_headers)
+            on_body       = options.delete(:on_body)
+            on_body_line  = options.delete(:on_body_line)
+            on_body_lines = options.delete(:on_body_lines)
+
             request = Request.new( options.merge(
                 url:         url,
-                headers:     headers.merge( options.delete( :headers ) || {} ),
+                headers:     headers.merge( options.delete( :headers ) || {}, false ),
                 cookies:     cookies,
                 raw_cookies: raw_cookies
             ))
 
+            if on_headers
+                request.on_headers( &on_headers )
+            end
+
+            if on_body
+                request.on_body( &on_body )
+            end
+
+            if on_body_line
+                request.on_body_line( &on_body_line )
+            end
+
+            if on_body_lines
+                request.on_body_lines( &on_body_lines )
+            end
+
             if block_given?
                 request.on_complete( &block )
             end
@@ -531,7 +557,8 @@ class Client
         end
 
         if add_callbacks
-            request.on_complete( &method(:global_on_complete) )
+            @global_on_complete ||= method(:global_on_complete)
+            request.on_complete( &@global_on_complete )
         end
 
         synchronize { @request_count += 1 }

data/lib/arachni/http/cookie_jar.rb

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -86,11 +86,7 @@ class CookieJar
 
             self << case c
                         when String
-                            begin
-                                Cookie.from_string( ::Arachni::Options.url.to_s, c )
-                            rescue
-                                Cookie.from_set_cookie( ::Arachni::Options.url.to_s, c )
-                            end
+                            Cookie.from_set_cookie( ::Arachni::Options.url.to_s, c )
 
                         when Hash
                             next if c.empty?
@@ -207,8 +203,17 @@ class CookieJar
     end
 
     def to_uri( url )
-        u = url.is_a?( ::URI ) || url.is_a?( ::Arachni::URI ) ? url : uri_parse( url.to_s )
-        fail ArgumentError, 'Complete absolute URL required.' if u.relative?
+        u = url.is_a?( Arachni::URI ) ? url : Arachni::URI( url.to_s )
+
+        if !u
+            fail "Failed to parse: #{url}"
+        end
+
+        if !u.absolute?
+            fail ArgumentError,
+                 "Complete absolute URL required, got: #{url} (#{u})"
+        end
+
         u
     end
 

data/lib/arachni/http/headers.rb

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -18,7 +18,7 @@ module HTTP
 # @author Tasos Laskos <tasos.laskos@arachni-scanner.com>
 class Headers < Hash
 
-    FORMATTED_NAMES_CACHE = Support::Cache::LeastRecentlyPushed.new( 10_000 )
+    FORMATTED_NAMES_CACHE = Support::Cache::LeastRecentlyPushed.new( 1_000 )
 
     CONTENT_TYPE = 'content-type'
     SET_COOKIE   = 'set-cookie'
@@ -29,11 +29,11 @@ class Headers < Hash
         merge!( headers || {} )
     end
 
-    def merge!( headers )
+    def merge!( headers, convert_to_array = true )
         headers.each do |k, v|
             # Handle headers with identical normalized names, like a mixture of
             # Set-Cookie and SET-COOKIE.
-            if include? k
+            if convert_to_array && include?( k )
                 self[k] = [self[k]].flatten
                 self[k] << v
             else
@@ -42,6 +42,12 @@ class Headers < Hash
         end
     end
 
+    def merge( headers, convert_to_array = true )
+        d = dup
+        d.merge! headers, convert_to_array
+        d
+    end
+
     # @note `field` will be capitalized appropriately before storing.
     #
     # @param    [String]  field
@@ -92,7 +98,7 @@ class Headers < Hash
     # @return   [String, nil]
     #   Value of the `Content-Type` field.
     def content_type
-        self[CONTENT_TYPE]
+        (ct = self[CONTENT_TYPE]).is_a?( Array ) ? ct.first : ct
     end
 
     # @return   [String, nil]

data/lib/arachni/http/message/scope.rb

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/http/message.rb

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -37,13 +37,16 @@ class Message
     # @option   options [String]    :body
     #   Body.
     def initialize( options = {} )
-        options = options.dup
+        update( options )
 
-        @normalize_url = options.delete( :normalize_url )
-        @normalize_url = true if @normalize_url.nil?
+        fail ArgumentError, 'Missing :url.' if url.to_s.empty?
+    end
+
+    def update( options )
+        @normalize_url = options[:normalize_url]
 
         # Headers are necessary for subsequent operations to set them first.
-        @headers = Headers.new( options.delete( :headers ) || {} )
+        @headers = Headers.new( options[:headers] || {} )
 
         options.each do |k, v|
             begin
@@ -52,8 +55,6 @@ class Message
                 instance_variable_set( "@#{k}".to_sym, v )
             end
         end
-
-        fail ArgumentError, 'Missing :url.' if url.to_s.empty?
     end
 
     def headers=( h )
@@ -71,8 +72,8 @@ class Message
     end
 
     def url=( url )
-        if @normalize_url
-            @url = URI.normalize_url( url ).to_s.freeze
+        if @normalize_url || @normalize_url.nil?
+            @url = URI.normalize( url ).to_s.freeze
         else
             @url = url.to_s.freeze
         end

data/lib/arachni/http/proxy_server/connection.rb

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -14,17 +14,19 @@ class Connection < Arachni::Reactor::Connection
     include Arachni::UI::Output
     personalize_output
 
-    SKIP_HEADERS = %w(transfer-encoding connection proxy-connection
-        content-encoding te trailers accept-encoding)
+    SKIP_HEADERS = %w(transfer-encoding connection proxy-connection keep-alive
+        content-encoding te trailers accept-encoding accept-ranges vary)
 
     attr_reader :parent
+    attr_reader :request
 
     def initialize( options = {} )
         @options = options
         @parent  = options[:parent]
 
-        @body   = ''
-        @parser = ::HTTP::Parser.new
+        @body     = ''
+        @parser   = ::HTTP::Parser.new
+        @raw_request = ''
 
         @parser.on_message_begin = proc do
             if @reused
@@ -50,26 +52,67 @@ class Connection < Arachni::Reactor::Connection
 
             print_debug_level_3 "Request received: #{@parser.http_method} #{@parser.request_url}"
 
+            if headers['upgrade']
+                handle_upgrade( headers )
+                next
+            end
+
             if method == :connect
                 handle_connect( headers )
                 next
             end
 
-            request_url = sanitize_url( @parser.request_url, headers )
-
-            handle_request(
-                Arachni::HTTP::Request.new(
-                    http_opts.merge(
-                        url:     request_url,
-                        method:  method,
-                        body:    @body,
-                        headers: headers
-                    )
-                )
-            )
+            if !@parent.has_available_request_tokens?
+                print_debug_level_3 'Waiting for a request token.'
+            end
+
+            @parent.get_request_token do |token|
+                print_debug_level_3 "Got request token ##{token}."
+
+                if closed?
+                    print_debug_level_3 'Connection closed while waiting for a request token.'
+                    @parent.return_request_token( token )
+                    print_debug_level_3 "Returned request token ##{token}."
+
+                    next
+                end
+
+                Thread.new do
+                    begin
+                        @request = Arachni::HTTP::Request.new(
+                            http_opts.merge(
+                                url:     sanitize_url( @parser.request_url, headers ),
+                                method:  method,
+                                body:    @body,
+                                headers: Arachni::HTTP::Client.headers.to_h.merge( headers )
+                            )
+                        )
+
+                        handle_request( @request )
+                    rescue => e
+                        close e
+                    ensure
+                        @parent.return_request_token( token )
+                        print_debug_level_3 "Returned request token ##{token}."
+                    end
+                end
+            end
         end
     end
 
+    def handle_upgrade( headers )
+        print_debug_level_3 'Preparing to upgrade.'
+
+        host = (headers['Host'] || @parser.request_url).split( ':', 2 ).first
+
+        @tunnel = reactor.connect( host, 80, Tunnel, @options.merge( client: self ) )
+
+        # This is our last HTTP message, from this point on we'll only be
+        # tunnelling to the origin server.
+        @last_http = true
+        @tunnel.write @raw_request
+    end
+
     def handle_connect( headers )
         print_debug_level_3 'Preparing to intercept.'
 
@@ -85,42 +128,35 @@ class Connection < Arachni::Reactor::Connection
     def handle_request( request )
         print_debug_level_3 'Processing request.'
 
-        Thread.new do
-            if @options[:request_handler]
-                print_debug_level_3 "-- Has special handler: #{@options[:request_handler]}"
-
-                # Provisional empty, response in case the request_handler wants us to
-                # skip performing the request.
-                response = Response.new( url: request.url )
-                response.request = request
-
-                # If the handler returns false then don't perform the HTTP request.
-                if @options[:request_handler].call( request, response )
-                    print_debug_level_3 '-- Handler approves, running...'
+        if @options[:request_handler]
+            print_debug_level_3 "-- Has special handler: #{@options[:request_handler]}"
 
-                    # Even though it's a blocking request, force it to go through
-                    # the HTTP::Client in order to handle cookie update and
-                    # fingerprinting handlers.
-                    HTTP::Client.queue( request )
-                    response = request.run
+            # Provisional empty, response in case the request_handler wants us to
+            # skip performing the request.
+            response = Response.new( url: request.url )
+            response.request = request
 
-                    print_debug_level_3 "-- ...completed in #{response.time}: #{response.status_line}"
-                else
-                    print_debug_level_3 '-- Handler did not approve, will not run.'
-                end
-            else
-                print_debug_level_3 '-- Running...'
+            # If the handler returns false then don't perform the HTTP request.
+            if @options[:request_handler].call( request, response )
+                print_debug_level_3 '-- Handler approves, running...'
 
-                HTTP::Client.queue( request )
                 response = request.run
 
                 print_debug_level_3 "-- ...completed in #{response.time}: #{response.status_line}"
+            else
+                print_debug_level_3 '-- Handler did not approve, will not run.'
             end
+        else
+            print_debug_level_3 '-- Running...'
 
-            print_debug_level_3 'Processed request.'
+            response = request.run
 
-            handle_response( response )
+            print_debug_level_3 "-- ...completed in #{response.time}: #{response.status_line}"
         end
+
+        print_debug_level_3 'Processed request.'
+
+        reactor.schedule { handle_response( response ) }
     end
 
     def http_version
@@ -152,6 +188,11 @@ class Connection < Arachni::Reactor::Connection
         headers = cleanup_response_headers( response.headers )
         headers['Content-Length'] = response.body.bytesize
 
+        if response.text? && headers.content_type
+            headers['Content-Type'] =
+                "#{headers.content_type.split( ';' ).first}; charset=utf-8"
+        end
+
         headers.each do |k, v|
             if v.is_a?( Array )
                 v.flatten.each do |h|
@@ -166,12 +207,9 @@ class Connection < Arachni::Reactor::Connection
 
         res << "\r\n"
 
-        print_debug_level_3 'Sending response.'
+        print_debug_level_3 "Sending response for: #{@request.url}"
 
         write (res << response.body)
-    rescue => e
-        ap e
-        ap e.backtrace
     end
 
     def on_close( reason = nil )
@@ -179,33 +217,35 @@ class Connection < Arachni::Reactor::Connection
 
         @parent.mark_connection_inactive self
 
-        return if !@ssl_tunnel
-
-        @ssl_interceptor.close_without_callback
-        @ssl_tunnel.close_without_callback
+        if @ssl_interceptor
+            @ssl_interceptor.close( reason )
+            @ssl_interceptor = nil
+        end
 
-        @ssl_tunnel      = nil
-        @ssl_interceptor = nil
+        if @tunnel
+            @tunnel.close_without_callback
+            @tunnel = nil
+        end
     end
 
     def on_flush
-        @body = ''
-        @parser.reset!
-
-        if !@ssl_tunnel || @last_http
+        if !@tunnel || @last_http
 
             if @last_http
                 print_debug_level_3 'Last response sent, switching to tunnel.'
-            else
-                print_debug_level_3 'Response sent.'
+            elsif @request
+                print_debug_level_3 "Response sent for: #{@request.url}"
             end
 
-            @parent.mark_connection_inactive self
             @last_http = false
         end
-    rescue => e
-        ap e
-        ap e.backtrace
+
+        @body        = ''
+        @raw_request = ''
+        @request     = nil
+
+        @parser.reset!
+        @parent.mark_connection_inactive self
     end
 
     def write( data )
@@ -214,8 +254,11 @@ class Connection < Arachni::Reactor::Connection
     end
 
     def on_read( data )
-        if @ssl_tunnel
-            @ssl_tunnel.write( data )
+        # We need this in case we need to establish a tunnel for an "Upgrade".
+        @raw_request << data
+
+        if @tunnel
+            @tunnel.write( data )
             return
         end
 
@@ -223,12 +266,6 @@ class Connection < Arachni::Reactor::Connection
         @parser << data
     rescue ::HTTP::Parser::Error => e
         close e
-
-    # TODO: While in dev only of course.
-    rescue => e
-        ap e
-        ap e.backtrace
-        close e
     end
 
     def start_interceptor( origin_host )
@@ -241,11 +278,10 @@ class Connection < Arachni::Reactor::Connection
             @options.merge( origin_host: origin_host )
         )
 
-        @ssl_tunnel = reactor.connect(
+        @tunnel = reactor.connect(
             @options[:address], @interceptor_port, Tunnel,
             @options.merge( client: self )
         )
-
     end
 
     def cleanup_request_headers( headers )
@@ -255,21 +291,13 @@ class Connection < Arachni::Reactor::Connection
             headers.delete name
         end
 
-        headers
+        headers.to_h
     end
 
     def cleanup_response_headers( headers )
         SKIP_HEADERS.each do |name|
             headers.delete name
         end
-
-        # headers['Connection']       = 'close'
-
-        # Keep alive is on by default for HTTP/1.1 but leave this here as a
-        # reminder.
-        #
-        # headers['Connection']       = 'keep-alive'
-        # headers['Proxy-Connection'] = 'keep-alive'
         headers
     end
 

data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem

@@ -1,34 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIF6zCCA9OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCR1Ix
-DzANBgNVBAgMBkF0dGlrYTEPMA0GA1UEBwwGQXRoZW5zMRAwDgYDVQQKDAdBcmFj
-aG5pMQ4wDAYDVQQLDAVQcm94eTEQMA4GA1UEAwwHQXJhY2huaTEqMCgGCSqGSIb3
-DQEJARYbYXJhY2huaUBhcmFjaG5pLXNjYW5uZXIuY29tMB4XDTE1MDYxNDAyMDgz
-MVoXDTI1MDYxMTAyMDgzMVowgY8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRp
-a2ExDzANBgNVBAcMBkF0aGVuczEQMA4GA1UECgwHQXJhY2huaTEOMAwGA1UECwwF
-UHJveHkxEDAOBgNVBAMMB0FyYWNobmkxKjAoBgkqhkiG9w0BCQEWG2FyYWNobmlA
-YXJhY2huaS1zY2FubmVyLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAKfH1iQiuG8zYS514F8zZLp8//00gPIML7+wcJn4cw2iN+yEix6RuZEIzqva
-TfC4H6lZTyUhsoGZCeYAzzH9BMri/9uHJF+4worPfVKYIsm3TnMOVYoIC1kP1/Gj
-Y1ih8KI/3baw0pddtJJeQ5/GjDaxx4+ynY4ZxrNcFmbTYXSrPcd62V/D4+edVnLi
-uQsUezWYx7gNFiAuPRtlgJVBwzRoPV+Fh7Es2/SfmNSfGBCCYOpj4Fh0GOv7pSV0
-9TeF1W/XqDoq/eZ7RzLXoFK0Rz70/22MnFWAIdEUHZqwh3ktndNEK2QHq9FRGUx8
-cUlXVAJgYv8tTErYVBltKIi2qgbnkh0Rb+rT2OkgmSL9lg0PwpXChMeSo6o6riC7
-5a8PQi6OmIseY742QYmBXApXDHtSzaY8onHUvqgxFrFpP0Bmca3AoF6kWQfXfRwS
-ClMLwfBBDVeb+Tt97MO1G4m2VEW6c7o9H1t4td55LGslUzfJrmFe99vjAtdRTVqG
-t3qDjbYi5VpE9kIyKcPHZkSKelMQ4VO1qB14CdaK/3ufqHTk7Ro2hKgstKDqnTCF
-R7Qb9yXFsb1QyNtW8898T5mQm0HWQxdkaxcodizVjY5inHgqNwPa7A469EYFm5in
-dLSOQtdPOV4q+y5lfhA2MkE3pRdSZPpnTqCEkSVVoKfdVlftAgMBAAGjUDBOMB0G
-A1UdDgQWBBRvmR7gGqIfTQB0GygwgI22Kyr1bDAfBgNVHSMEGDAWgBRvmR7gGqIf
-TQB0GygwgI22Kyr1bDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAx
-g+ZjxJZXW1dYkc9ItXwAZba7oQJapLPu1iWCFy5cU13gck2MwDqfaDApNdr+erHg
-WN7N+smMO+x3+lZZptzTfc6g/hBthBBAnetj8CUehjnWCo3aBGgVLE/mIEyHyFym
-JX6xgcNYpvEzHT2o3Kmu/dAHCqY/3P9NtGJMhf7fy/Zz72tGY+ZTlthFSGWOjIEV
-KXTtYnRUKmIRBLMacZmrJKIZCp/qGVSnFh9yjxHTWPNXXngGMxF9ItsFbdakjefn
-hi2sHqns6/YbMaD2wK42dRQH1wH66DCGbyDPQO2j8iGK1q4Ggps+mGNYNBzMSAO/
-ybdGRLQNq8ag7RXr/tNp/jYHopS/Ga0+3bOnCKf6MXNOolknSZhsOo16BWKDRd+d
-m9ZTlro9AQr9+jdychG41IQNHXySrC5F1jLtzpEE5CJZIXkEFNYRcO9HMByJ3qwG
-759oYcMklwhU+NSC5qXpD2Z9KGf5rc0HmoO6OyD4T8hnQXkuAqoIN/NBg6YSNisN
-H2C2gbl+taRLt0/RVCiacylo5pl3XSZuQxtGaQl55gRXQDPnlfB2CtIrV44gHZOJ
-88s+Ld9h44aoT2rWbLld6dU5ElZXWEJOim+aYKJewxX7PwEHn4iCpvMLu+4jXH3j
-OkDTHheVJkxyhTDQ43ebg3/qi4yFaQyAHk3bQItwCw==
+MIIDSzCCAjOgAwIBAgIUYcNQxDuiU4HcgTPTRe8+r4QM87YwDQYJKoZIhvcNAQEN
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTI0MDkzODI1WhcNMzEx
+MTIyMDkzODI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMXSNkRqFHAwBxiC8bgiQNDKQxeJq68NGd7ofq4z
++vDziB0XnAiR6cWMmRVXRO0kSTNUMpum+uDPD0zvlgMgu/I0MBckck9hmoWQaq5N
+mzAHiweFIhI283HzPaDb3Ucmkv9HMXOH60gzD3d+Bft2f661F/xzdhDpwMr+HG3x
+hcVr7jJEFNFgZkzXHYPJgRq9SF7Tb/hMJDcwZaOwp62/vdvniDLI+lXnPtpWUVtG
+IdQJdVk27NW0mRKaYPp7GlpOjHezyfTaUzh+e8KHD+A/2JWSgkeh2FhO8nsxH6Rj
+nB97hJdsR6Bq+IH7z6BA1/mm2GWPwzvycMNwKRQpJzgH2uUCAwEAAaOBkDCBjTAd
+BgNVHQ4EFgQUizexcP6110RDXbXGDUZEMwnbkM0wUQYDVR0jBEowSIAUizexcP61
+10RDXbXGDUZEMwnbkM2hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRhw1DE
+O6JTgdyBM9NF7z6vhAzztjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQ0FAAOCAQEACPb7DedEorHyfPuCiF0yXCKWZlKSsb4IzBooIxsRjrCG
+RKjbix3PEiRZTEwEFgalq4kL9C954io2/4CzfxPcvNv9xNd176UaFTW7t8zRP43m
+vNY3aEO5l52GvDc+i3OZ2CDT4d2oQt10ZeYCHzHBJwu4+v0nqhgMBFXeclrnDf/h
+wI1A6ijk0VYBDI0mJx8pSiLsJrDIM7Rd2jDwgkH3YbhKTYctdzraYVBQl9itqHNc
+wQ9u8+OqsKuYkvSuUiGts4UWuMN1B8ePa/pjpareuoFiQDqZGZh2hUxBc41Mmc7o
+5aSOBcR4JGItYbkzU/KSUskfhWpFWJSBbHDKeqKXaA==
 -----END CERTIFICATE-----