casper-proxy 1.0.0

data/.gitignore

@@ -0,0 +1,5 @@
+*.swp
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rvmrc

@@ -0,0 +1 @@
+rvm use 1.9.3@casper

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in casper.gemspec
+gemspec

data/README.md

@@ -0,0 +1,43 @@
+# Casper
+
+## Introduction
+
+casper is a transparent proxy designed to be used during a web application
+penetration test during a manual target link discovery step.
+
+Instead of just fireup a crawler, with casper you can have the link visited
+during a normal user session.
+
+This is ideal to understand the logic sequence steps and what's happening
+behind the woods.
+
+## Usage
+
+Running casper it is very easy:
+
+```
+$ casper 
+
+[2012-06-27 08:52:47] INFO  WEBrick 1.3.1
+[2012-06-27 08:52:47] INFO  ruby 1.9.3 (2012-04-20) [x86_64-darwin11.4.0]
+[2012-06-27 08:52:47] INFO  Casper::Proxy#start: pid=24323 port=8080
+``` 
+
+Now you can configure your browser to use http://localhost:8080 as proxy server
+and watching all requests reaching the target.
+
+If you don't want to be bothered by too much noise on screen, you can ask
+casper only to trace requests for the url you're interested to:
+
+```
+$ casper -T theapptotest.com
+``` 
+
+## Talking to the proxy server
+
+casper is configured to handle some signals and react accordingly:
+
+* SIGINT: shutdown the server 
+* SIGINFO: the server will put an informational string about how many requests were collected and how many unique hosts were discovered
+* SIGUSR1: the server will dump all the hosts you're browser communicated with
+* SIGUSR2: the server will dump all logged urls

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+task :test => :spec

data/bin/casper

@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+require "casper"
+require 'getoptlong'
+
+opts = GetoptLong.new(
+  [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
+  [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
+  [ '--trace', '-T', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--port', '-p', GetoptLong::REQUIRED_ARGUMENT ]
+)
+
+options = {:trace=>nil, :Port=>nil}
+opts.each do |opt, arg|
+  case opt
+  when '--help'
+    puts "casper - HTTP transparent proxy v#{Casper::Version.version}"
+    printf "usage: casper [arguments]\n"
+    printf "\n\t-T domain: log all requests make to the domain specified as argument discarding other\n"
+    printf "\t-p port: bind the proxy at the specified port number\n"
+    printf "\t-h: show this help\n"
+    printf "\t-v: show casper version\n"
+    exit 0
+  when '--version'
+    puts "#{Casper::Version.version}"
+    exit 0
+  when '--trace'
+    options[:trace] = arg
+  when '--port'
+    options[:Port] = arg
+  end
+end
+
+
+server = Casper::Proxy.new(options)
+trap("INT")  { server.shutdown }
+trap("INFO") { server.info }
+trap("USR1") { server.dump }
+trap("USR2") { server.get_urls }
+server.start

data/casper.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "casper/version"
+
+Gem::Specification.new do |s|
+  s.name        = "casper-proxy"
+  s.version     = Casper::Version.version
+  s.authors     = ["Paolo Perego"]
+  s.email       = ["thesp0nge@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{A transparent HTTP proxy useful in the preliminary recognize step for a web application security assessment}
+  s.description = %q{A transparent HTTP proxy useful in the preliminary recognize step for a web application security assessment}
+
+  s.rubyforge_project = "casper"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rspec"
+
+end

data/lib/casper.rb

@@ -0,0 +1,67 @@
+require "webrick"
+require "webrick/httpproxy"
+require "casper/version"
+
+module Casper
+  class Proxy < WEBrick::HTTPProxyServer
+    attr_reader :req_count
+    attr_reader :hosts
+
+    def initialize(config={})
+      @req_count = 0
+      @hosts=[]
+      @urls=[]
+      @trace_domain = ""
+      @trace_domain = config[:trace] if config[:trace] and ! config[:trace].empty?
+
+      config[:Port] = 8080 if ! config[:Port]
+      config[:AccessLog] = []
+      config[:ProxyContentHandler] = Proc.new do |req, res| 
+        log_requests(req, res) 
+      end
+
+      super(config)
+    end
+    
+    def info
+      $stdout.puts "[#{Time.now}] INFO #{@req_count} requests to #{@hosts.count} unique hosts"
+    end
+
+    def dump
+      $stdout.puts "Hosts we communicate with "
+      if (@hosts.count == 0)
+        $stdout.puts "None\n"
+
+      else
+        @hosts.each do |h|
+          $stdout.puts " >>> #{h}\n"
+        end
+      end
+    end
+
+    def get_urls
+      @urls.each do |u|
+        $stdout.puts "#{u}\n"
+      end
+    end
+
+    private 
+    def log_requests(req, res)
+      if (@trace_domain == "") or ( ! req.request_line.index(@trace_domain).nil?)
+        $stdout.puts "[#{Time.now}] #{req.request_line.chomp} => #{res.status}\n"
+        $stdout.puts "---> #{req.body} #{req.request_method}" if req.request_method == "POST"
+        if @urls.index(req.request_line.chomp).nil?
+          @urls << req.request_line.chomp
+        end
+        if @hosts.index(req.host).nil?
+          @hosts << req.host
+        end
+        inc_req_count
+      end
+    end
+
+    def inc_req_count
+      @req_count += 1
+    end
+  end
+end

data/lib/casper/version.rb

@@ -0,0 +1,16 @@
+module Casper
+  module Version
+    MAJOR = 1 
+    MINOR = 0
+    PATCH = 0
+    BUILD = ''
+
+    def self.version
+      if BUILD.empty?
+        return [MAJOR, MINOR, PATCH].compact.join('.')
+      else
+        return [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'casper'

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: casper-proxy
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Paolo Perego
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-06-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A transparent HTTP proxy useful in the preliminary recognize step for
+  a web application security assessment
+email:
+- thesp0nge@gmail.com
+executables:
+- casper
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- README.md
+- Rakefile
+- bin/casper
+- casper.gemspec
+- lib/casper.rb
+- lib/casper/version.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -379329322285311904
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -379329322285311904
+requirements: []
+rubyforge_project: casper
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: A transparent HTTP proxy useful in the preliminary recognize step for a web
+  application security assessment
+test_files:
+- spec/spec_helper.rb