miketracy-wwmd 0.2.12 → 0.2.14

data/lib/wwmd.rb

@@ -15,7 +15,7 @@ require 'rexml/document'
 module WWMD
 
   # :stopdoc:
-  VERSION = "0.2.12"
+  VERSION = "0.2.14"
   PARSER = :nokogiri  # :nokogiri || :hpricot
   LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
   PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR

data/lib/wwmd/mixins.rb

@@ -1,3 +1,5 @@
+require 'htmlentities'
+
 =begin rdoc
 mixins all around
 =end
@@ -50,6 +52,10 @@ class String
 
   @@he = HTMLEntities.new
 
+  def strip_up
+    self.gsub(/[^\x20-\x7e,\n]/,"").gsub(/^\n/,"")
+  end
+
   # ip address to int
   def ip_to_int
     self.split('.').inject(0) { |a,e| (a << 8) + e.to_i }

data/lib/wwmd/nokogiri_html2text.rb

@@ -36,6 +36,7 @@ module WWMD
         ret += s
       end
       ret.gsub(/\n+/) { "\n" }
+      ret.gsub(/[^\x20-\x7e,\n]/,"").gsub(/^\n/,"")
     end
   end
 end

data/lib/wwmd/page.rb

@@ -122,7 +122,7 @@ module WWMD
       rescue => e
         @last_error = e
         putw "WARN: #{e.class}" if e.class =~ /Curl::Err/
-        self.logged_in = false
+#        self.logged_in = false
       end
       self.set_data
       return [self.code,self.page_status,self.body_data.size]
@@ -139,9 +139,7 @@ module WWMD
     #
     # returns: <tt>array [ code, body_data.size ]</tt>
     def submit(iform=nil,reg=WWMD::ESCAPE[:default])
-=begin
-  this is just getting worse and worse
-=end
+##### this is just getting worse and worse
       if iform.class == "Symbol"
         reg = iform
         iform = nil
@@ -191,15 +189,8 @@ module WWMD
     #
     # returns: <tt>array [ code, body_data.size ]</tt>
     def get(url=nil,parse=true)
-      if url && parse
+      if !(url =~ /[a-z]+:\/\//) && parse
         self.url = @urlparse.parse(self.opts[:base_url],url).to_s if url
-=begin
-        base = url.clip
-        args = url.clop
-        base = @urlparse.parse(self.opts[:base_url],base).to_s
-        self.url = base
-        self.url += ("?" + args) if args
-=end
       elsif url
         self.url = url
       end
@@ -220,174 +211,14 @@ module WWMD
       self.submit(form)
     end
 
-    def furl(url)
-      self.url = @urlparse.parse(self.opts[:base_url],url).to_s
-    end
-
-#:section: Reporting helper methods
-# These are methods that generate data for a parsed page
-
-    # return text representation of page code
-    #
-    # override with specific statuses in helper depending on page text
-    # etc to include statuses outside 200 = OK and other = ERR
-    def page_status
-      return "ERR" if self.response_code != 200
-      return "OK"
-    end
-
-    alias_method :status, :page_status#:nodoc:
-
-    # return value of @logged_in
-    def logged_in?
-      return @logged_in
-    end
-
-    # return a string of flags:
-    # Ll links
-    # Jj javascript includes
-    # Ff forms
-    # Cc comments
-    def report_flags
-      self.has_links?      ? ret  = "L" : ret  = "l"
-      self.has_jlinks?     ? ret += "J" : ret += "j"
-      self.has_form?       ? ret += "F" : ret += "f"
-      self.has_comments?   ? ret += "C" : ret += "c"
-      return ret
-    end
-
-    def has_links?;    return !@links.empty?;     end
-    def has_jlinks?;   return !@jlinks.empty?;    end
-    def has_form?;     return !(@forms.size < 1); end
-    def has_comments?; return !@comments.empty?;  end
-
-    # return page size in bytes
-    def size
-      return self.body_data.size
-    end
-
-#:section: Other methods
-
-    def all_tags#:nodoc:
-      return self.search("*").map { |x| x.name }
-    end
-
-    # return MD5 for DOM fingerprint
-    # take all tag names in page.to_s.md5
-    def fingerprint
-      self.all_tags.to_s.md5
-    end
-    alias_method :fp, :fingerprint #:nodoc:
-
-    # set link using an integer link from self.report
-    #--
-    # NOTE: I always use page.get(page.l(1)) anyway.
-    #++
-    def set_link(index)
-      self.url = @links[index]
-    end
-
-    # return link at index from @links array
-    def get_link(index)
-      @links[index]
-    end
-
-    alias_method :link, :get_link #:nodoc:
-    alias_method :l, :get_link #:nodoc:
-
-    # alias_method for body_data
-    def raw
-      self.body_data
-    end
-
-    # alias_method for last_effective_url
-    def current_url
-      self.last_effective_url
-    end
-
-    alias_method :current, :current_url
-    alias_method :cur, :current_url
-
-    # the last http response code
-    def code
-      self.response_code # .to_s
-    end
-
-#:section: Parsing convenience methods
-# methods that help parse and find information on a page including
-# access to forms etc.
-
-    # grep for regexp and remove leading whitespace
-    def grep(reg)
-      self.body_data.grep(reg).map { |i| i.gsub(/^\s+/, "") }
-    end
-
-    # return this page's form (at index id) as a FormArray
-    def get_form(id=nil)
-      id = 0 if not id
-      return nil if forms.empty?
-      @forms[id].to_form_array
-    end
-
-    # return the complete url to the form action on this page
-    def action(id=nil)
-      id = 0 if not id
-      act = self.forms[id].action
-      return self.last_effective_url if (act.nil? || act.empty?)
-      return @urlparse.parse(self.last_effective_url,act).to_s
-    end
-
-    # return an array of Element objects for an xpath search
-    def search(xpath)
-      self.scrape.hdoc.search(xpath)
-    end
-
-    # return an array of inner_html for each <script> tag encountered
-    def dump_scripts
-      self.get_tags("//script").map { |s| s.inner_html if s.inner_html.strip != '' }
-    end
-
-    alias_method :scripts, :dump_scripts
-
-#:section: Input and Output Helpers
-
-    # set self.opts[:base_url]
-    def setbase(url=nil)
-      return nil if not url
-      self.opts[:base_url] = url
-      self.base_url = url
-    end
-
-    # return md5sum for self.body_data
-    def md5
-      return self.body_data.md5
-    end
-
-    # write self.body_data to file
-    def write(filename)
-      File.write(filename,self.body_data)
-      return "wrote to " + filename
-    end
-
-    # read self.body_data from file
-    def read(filename)
-      self.body_data = File.read(filename)
+    # send arbitrary verb (only works with patch to taf2-curb
+    def verb(verb)
+      return false if !@curl_object.respond_to?(:http_verb)
+      self.clear_data
+      self.headers["Referer"] = self.cur if self.use_referer
+      self.http_verb(verb)
       self.set_data
-    end
-
-    # does this response have SET-COOKIE headers?
-    def set_cookies?
-      ret = []
-      self.header_data.each do |x|
-        if x[0].upcase == "SET-COOKIE"
-          ret << x[1]
-        end
-      end
-      return ret
-    end
-
-    def time
-      self.total_time
+      return [self.code, self.body_data.size]
     end
 
 #:section: Data callbacks and method_missing

data/lib/wwmd/{form_array.rb → page/form_array.rb}

@@ -234,12 +234,12 @@ module WWMD
     alias_method :squeeze_keys!, :remove_null_keys!
 
     # dump a web page containing a csrf example of the current FormArray
-    def to_csrf(action)
+    def to_csrf(action,unescval=false)
       ret = ""
       ret << "<html><body>\n"
       ret << "<form method='post' id='wwmdtest' name='wwmdtest' action='#{action}'>\n"
       self.each do |key,val|
-        val = val.unescape.gsub(/'/) { %q[\'] }
+        val = val.unescape.gsub(/'/) { %q[\'] } if unescval
             ret << "<input name='#{key.to_s.unescape}' type='hidden' value='#{val}' />\n"
 #            ret << "<input name='#{key.to_s.unescape}' type='hidden' value='#{val.to_s.unescape.gsub(/'/,"\\'")}' />\n"
       end

data/lib/wwmd/page/parsing_convenience.rb

@@ -0,0 +1,87 @@
+module WWMD
+  class Page
+#:section: Parsing convenience methods
+# methods that help parse and find information on a page including
+# access to forms etc.
+
+    # grep for regexp and remove leading whitespace
+    def grep(reg)
+      self.body_data.grep(reg).map { |i| i.gsub(/^\s+/, "") }
+    end
+
+    # return this page's form (at index id) as a FormArray
+    def get_form(id=nil)
+      id = 0 if not id
+      return nil if forms.empty?
+      @forms[id].to_form_array
+    end
+
+    # return the complete url to the form action on this page
+    def action(id=nil)
+      id = 0 if not id
+      act = self.forms[id].action
+      return self.last_effective_url if (act.nil? || act.empty?)
+      return @urlparse.parse(self.last_effective_url,act).to_s
+    end
+
+    # return an array of Element objects for an xpath search
+    def search(xpath)
+      self.scrape.hdoc.search(xpath)
+    end
+
+    # return an array of inner_html for each <script> tag encountered
+    def dump_scripts
+      self.get_tags("//script").map { |s| s.inner_html if s.inner_html.strip != '' }
+    end
+
+    alias_method :scripts, :dump_scripts
+
+    # set link using an integer link from self.report
+    #--
+    # NOTE: I always use page.get(page.l(1)) anyway.
+    #++
+    def set_link(index)
+      self.url = @links[index]
+    end
+
+    # return link at index from @links array
+    def get_link(index)
+      @links[index]
+    end
+
+    alias_method :link, :get_link #:nodoc:
+    alias_method :l, :get_link #:nodoc:
+
+    def all_tags#:nodoc:
+      return self.search("*").map { |x| x.name }
+    end                                        
+
+    def furl(url)
+      self.url = @urlparse.parse(self.opts[:base_url],url).to_s
+    end
+
+    # set self.opts[:base_url]
+    def setbase(url=nil)
+      return nil if not url
+      self.opts[:base_url] = url
+      self.base_url = url
+    end
+
+    # write self.body_data to file
+    def write(filename)
+      File.write(filename,self.body_data)
+      return "wrote to " + filename
+    end
+
+    # read self.body_data from file
+    def read(filename)
+      self.body_data = File.read(filename)
+      self.set_data
+    end
+
+    # alias_method for body_data 
+    def raw 
+      self.body_data
+    end
+  end
+end

data/lib/wwmd/page/reporting_helpers.rb

@@ -0,0 +1,86 @@
+module WWMD
+  class Page
+#:section: Reporting helper methods
+# These are methods that generate data for a parsed page
+
+    # return text representation of page code
+    #
+    # override with specific statuses in helper depending on page text
+    # etc to include statuses outside 200 = OK and other = ERR
+    def page_status
+      return "ERR" if self.response_code != 200
+      return "OK"
+    end
+
+    alias_method :status, :page_status#:nodoc:
+
+    # return value of @logged_in
+    def logged_in?
+      return @logged_in
+    end
+
+    # return a string of flags:
+    # Ll links
+    # Jj javascript includes
+    # Ff forms
+    # Cc comments
+    def report_flags
+      self.has_links?      ? ret  = "L" : ret  = "l"
+      self.has_jlinks?     ? ret += "J" : ret += "j"
+      self.has_form?       ? ret += "F" : ret += "f"
+      self.has_comments?   ? ret += "C" : ret += "c"
+      return ret
+    end
+
+    def has_links?;    return !@links.empty?;     end
+    def has_jlinks?;   return !@jlinks.empty?;    end
+    def has_form?;     return !(@forms.size < 1); end
+    def has_comments?; return !@comments.empty?;  end
+
+    # return page size in bytes
+    def size
+      return self.body_data.size
+    end
+
+    # return md5sum for self.body_data
+    def md5
+      return self.body_data.md5
+    end
+
+    # does this response have SET-COOKIE headers?
+    def set_cookies?
+      ret = []
+      self.header_data.each do |x|
+        if x[0].upcase == "SET-COOKIE"
+          ret << x[1]
+        end
+      end
+      return ret
+    end
+
+    def time
+      self.total_time
+    end
+
+    # return MD5 for DOM fingerprint
+    # take all tag names in page.to_s.md5
+    def fingerprint
+      self.all_tags.to_s.md5
+    end
+    alias_method :fp, :fingerprint #:nodoc:
+
+    # alias_method for last_effective_url
+    def current_url
+      self.last_effective_url
+    end
+
+    alias_method :current, :current_url
+    alias_method :cur, :current_url
+
+    # the last http response code
+    def code
+      self.response_code # .to_s
+    end
+
+  end
+end

data/lib/wwmd/{page/urlparse.rb → urlparse.rb}

@@ -1,10 +1,14 @@
+require 'htmlentities'
+require 'wwmd/mixins'
+require 'wwmd/mixins_extends'
 module WWMD
+
   # yay for experiments in re-inventing the wheel
   class URLParse
     HANDLERS = [:https,:http,:ftp,:file]
     attr_reader :proto,:location,:path,:script,:rpath,:params,:base_url,:fqpath
 
-    def initialize()
+    def initialize(*args)
       # nothing to see here, move along
     end
 
@@ -26,7 +30,7 @@ module WWMD
 # does this work for http://location/?  probably not
       @base += "/" if (!@base.has_ext? || @base.split("/").size == 3)
       @rpath = make_me_path.join("/")
-      @params = @rpath.clop
+      @rpath += "?#{@params}" if @params
       @path = "/" + @rpath
       if @rpath.has_ext?
         @path = "/" + @rpath.dirname
@@ -41,12 +45,18 @@ module WWMD
     def make_me_path
       @proto,tpath = @base.split(":",2)
       tpath ||= ""
+      @params = tpath.clop
+      tpath = tpath.clip
       if @actual.empty?
         a_path = tpath.split("/").reject { |x| x.empty? }
       else
         a_path = tpath.dirname.split("/").reject { |x| x.empty? }
       end
       @location = a_path.shift
+      if @actual.clop
+        @params = @actual.clop
+        @actual = @actual.clip
+      end
       a_path = [] if (@actual =~ (/^\//))
       b_path = @actual.split("/").reject { |x| x.empty? }
       a_path.pop if (a_path[-1] =~ /^\?/).kind_of?(Fixnum) && !b_path.empty?
@@ -54,7 +64,7 @@ module WWMD
       d_path = []
       c_path.each do |x|
         (d_path.pop;next) if x == ".."
-        next if x == "."
+        next if (x == "." || x =~ /^\?/)
         d_path << x
       end
       return d_path

data/lib/wwmd/viewstate.rb

@@ -5,8 +5,8 @@ module WWMD
 end
 require 'rubygems'
 require 'nokogiri'
-require 'htmlentities'
 require 'rexml/document'
+require 'htmlentities'
 require 'wwmd/mixins'
 require 'wwmd/mixins_extends'
 require 'wwmd/mixins_external'
@@ -59,6 +59,7 @@ module WWMD
       @indexed_strings = []
       @mac = nil
       @debug = false
+      self.deserialize if b64
     end
 
     # mac_enabled?

data/lib/wwmd/viewstate/viewstate_class_helpers.rb

@@ -1,5 +1,6 @@
 module WWMD
   class VSClassHelpers < ViewStateUtils
+
     def to_sym
       self.class.to_s.split(":").last.gsub(/[A-Z]+/,'\1_\0').downcase[1..-1].gsub(/\Avs/,"").to_sym
     end

data/lib/wwmd/viewstate/viewstate_deserializer_methods.rb

@@ -13,21 +13,21 @@ module WWMD
 
     def type(t=nil)
       typeref,typeval = self.deserialize_type
-      dlog(t,"typeref = #{typeref} typeval = #{typeval}")
+      dlog(t,"typeref = 0x#{typeref.to_s(16)} typeval = #{typeval}")
       VSType.new(typeref,typeval)
     end
 
     def string_formatted(t=nil)
       typeref,typeval = self.deserialize_type
       str = self.read_string
-      dlog(t,"typeref = #{typeref} typeval = #{typeval} string = #{str}")
+      dlog(t,"typeref = 0x#{typeref.to_s(16)} typeval = #{typeval} string = #{str}")
       VSStringFormatted.new(typeref,typeval,str)
     end
 
     def int_enum(t=nil)
       typeref,typeval = self.deserialize_type
       index = self.read_7bit_encoded_int
-      dlog(t,"typeref = #{typeref} typeval = #{typeval} index = #{index}")
+      dlog(t,"typeref = 0x#{typeref.to_s(16)} typeval = #{typeval} index = #{index}")
       VSIntEnum.new(typeref,typeval,index)
     end
 
@@ -44,7 +44,7 @@ module WWMD
       typeref,typeval = self.deserialize_type
       size  = read_7bit_encoded_int
       elems = read_7bit_encoded_int
-      dlog(t,"typeref = #{typeref} typeval = #{typeval} size = #{size} elems = #{elems}")
+      dlog(t,"typeref = 0x#{typeref.to_s(16)} typeval = #{typeval} size = #{size} elems = #{elems}")
       me = VSSparseArray.new(typeref,typeval,size,elems)
       if elems > size
         raise "Invalid sparse_array"
@@ -79,7 +79,7 @@ module WWMD
     def array(t=nil)
       typeref,typeval = self.deserialize_type
       len = read_7bit_encoded_int
-      dlog(t,"typeref = #{typeref} typeval = #{typeval} len = #{len}")
+      dlog(t,"typeref = 0x#{typeref.to_s(16)} typeval = #{typeval} len = #{len}")
       me = VSArray.new(typeref,typeval)
       (1..len).each do |i|
         me.add(self.deserialize_value)
@@ -203,7 +203,11 @@ module WWMD
     def deserialize_value
       @last_offset = self.offset
       token = self.read_byte # self.read_raw_byte
-      raise "Invalid Type #{token.hexify} at #{last_offset}" if not (tsym = VIEWSTATE_TYPES[token])
+      if not (tsym = VIEWSTATE_TYPES[token])
+        puts "TOKEN: [0x#{token.to_s(16)}] at #{last_offset}"
+        puts @bufarr.slice(0..31).join("").hexdump
+        raise "Invalid Type [0x#{token.to_s(16)}] at #{last_offset}" if not (tsym = VIEWSTATE_TYPES[token])
+      end
       nobj = self.send(tsym,token)
       raise "Invalid Class Returned #{nobj.class}" if not VIEWSTATE_TYPES.include?(nobj.opcode)
       return nobj

data/lib/wwmd/viewstate/viewstate_types.rb

@@ -49,3 +49,7 @@ module WWMD
   } unless defined?(VIEWSTATE_TYPES)
 
 end
+
+if __FILE__ == $0
+  puts "size: #{WWMD::VIEWSTATE_TYPES.size}"
+end

data/spec/urlparse_test.spec

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
-require 'wwmd'
+require 'wwmd/urlparse'
 include WWMD
 require 'spec'
 
@@ -34,6 +34,11 @@ describe URLParse do
     @up.script.should == "test.php"
   end
 
+  it "should parse GET params correctly" do
+    @up.parse(@base,"http://www.location.com/test.php?foo=bar&baz=eep").to_s.should \
+      == "http://www.location.com/test.php?foo=bar&baz=eep"
+  end
+
   it "should return the path if the path is fully qualified" do
     @up.parse(@base,"http://www.location.com/").to_s.should == "http://www.location.com/"
     @up.parse(@base,"http://www.location.com").to_s.should  == "http://www.location.com/"
@@ -86,4 +91,11 @@ describe URLParse do
     @up.parse("http://www.example.com:8888/foobar/barBaz.do?logFile=../../../../../../../../../../../../etc/passwd&foo=foobar.log&bazeep=false").to_s.should \
       == "http://www.example.com:8888/foobar/barBaz.do?logFile=../../../../../../../../../../../../etc/passwd&foo=foobar.log&bazeep=false"
   end
+
+  it "should not remove directory traversal params 2" do
+    @up.parse("http://www.example.com:8888", "/foobar/barBaz.do?logFile=../../../../../../../../../../../../etc/passwd&foo=foobar.log&bazeep=false").to_s.should \
+      == "http://www.example.com:8888/foobar/barBaz.do?logFile=../../../../../../../../../../../../etc/passwd&foo=foobar.log&bazeep=false"
+  end
+
 end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: miketracy-wwmd
 version: !ruby/object:Gem::Version 
-  version: 0.2.12
+  version: 0.2.14
 platform: ruby
 authors: 
 - Michael L. Tracy
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-21 00:00:00 -07:00
+date: 2009-06-02 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -30,7 +30,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.3.4
+        version: 0.2.8.0
     version: 
 - !ruby/object:Gem::Dependency 
   name: nokogiri
@@ -50,7 +50,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 2.5.0
+        version: 2.5.1
     version: 
 description: WWMD was originally intended to provide a console helper tool for  conducting web application security assessments (which is something I  find myself doing alot of).  I've spent alot of time and had alot of  success writing application specific fuzzers + scrapers to test with.   WWMD provides a base of useful code to help you work with web sites both  in IRB and by writing scripts that can be as generic or as application  specific as you choose.  There's alot of helpful stuff crammed in here and its usage has evolved  alot.  It's not intended to replace, remove or be better than any of the  tools you currently use.  In fact, WWMD works best *with* the tools you  currently use to get stuff done.  You get convenience methods for  getting, scraping, spidering, decoding, decrypting and munging user  inputs, pages and web applications.  It doesn't try to be smart.  That's up to you.  What's here is the basic framework for getting started.  There's a raft  of cookbook scripts and examples that are coming soon so make sure you  check the wiki regularly.
 email: mtracy@matasano.com
@@ -70,8 +70,6 @@ files:
 - examples/wwmd_example.rb
 - lib/wwmd.rb
 - lib/wwmd/encoding.rb
-- lib/wwmd/form.rb
-- lib/wwmd/form_array.rb
 - lib/wwmd/guid.rb
 - lib/wwmd/hpricot_html2text.rb
 - lib/wwmd/mixins.rb
@@ -80,15 +78,17 @@ files:
 - lib/wwmd/nokogiri_html2text.rb
 - lib/wwmd/page.rb
 - lib/wwmd/page/auth.rb
-- lib/wwmd/page/config.rb
 - lib/wwmd/page/constants.rb
+- lib/wwmd/page/form.rb
+- lib/wwmd/page/form_array.rb
 - lib/wwmd/page/headers.rb
 - lib/wwmd/page/inputs.rb
 - lib/wwmd/page/irb_helpers.rb
+- lib/wwmd/page/parsing_convenience.rb
+- lib/wwmd/page/reporting_helpers.rb
 - lib/wwmd/page/scrape.rb
 - lib/wwmd/page/spider.rb
-- lib/wwmd/page/urlparse.rb
-- lib/wwmd/page/utils.rb
+- lib/wwmd/urlparse.rb
 - lib/wwmd/viewstate.rb
 - lib/wwmd/viewstate/viewstate_class_helpers.rb
 - lib/wwmd/viewstate/viewstate_deserializer_methods.rb
@@ -115,6 +115,8 @@ files:
 - lib/wwmd/viewstate/vs_type.rb
 - lib/wwmd/viewstate/vs_unit.rb
 - lib/wwmd/viewstate/vs_value.rb
+- lib/wwmd/wwmd_config.rb
+- lib/wwmd/wwmd_utils.rb
 - spec/README
 - spec/form_array.spec
 - spec/spider_csrf_test.spec