watobo 0.9.12 → 0.9.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.yardopts +2 -2
- data/{CHANGELOG → CHANGELOG.md} +62 -0
- data/README.md +30 -0
- data/bin/nfq_server.rb +4 -3
- data/bin/watobo_gui.rb +1 -1
- data/config/ott_cache.yml +4 -0
- data/config/scanner.yml +1 -18
- data/config/sid_cache.yml +14 -0
- data/extras/private-hostspot.sh +17 -0
- data/extras/watobo-installer.sh +61 -0
- data/extras/watobo-transparent.sh +38 -0
- data/icons/BestPractice_16x16.ico +0 -0
- data/icons/BestPractice_24x24.ico +0 -0
- data/lib/watobo/adapters/data_store.rb +25 -3
- data/lib/watobo/adapters/file/file_store.rb +19 -11
- data/lib/watobo/adapters/session_store.rb +3 -2
- data/lib/watobo/adapters.rb +1 -1
- data/lib/watobo/ca.rb +1 -1
- data/lib/watobo/config.rb +17 -19
- data/lib/watobo/constants.rb +3 -2
- data/lib/watobo/core/active_check.rb +62 -40
- data/lib/watobo/core/active_checks.rb +73 -0
- data/lib/watobo/core/ca.rb +3 -2
- data/lib/watobo/core/cert_store.rb +3 -2
- data/lib/watobo/core/chat.rb +122 -0
- data/lib/watobo/core/chats.rb +301 -0
- data/lib/watobo/core/conversation.rb +71 -0
- data/lib/watobo/core/cookie.rb +9 -25
- data/lib/watobo/core/finding.rb +89 -0
- data/lib/watobo/core/findings.rb +132 -0
- data/lib/watobo/core/forwarding_proxy.rb +4 -2
- data/lib/watobo/core/fuzz_gen.rb +3 -2
- data/lib/watobo/core/intercept_carver.rb +24 -12
- data/lib/watobo/core/intercept_filter.rb +4 -3
- data/lib/watobo/core/interceptor.rb +9 -888
- data/lib/watobo/core/min_class.rb +27 -0
- data/lib/watobo/core/netfilter_queue.rb +3 -2
- data/lib/watobo/core/ott_cache.rb +156 -0
- data/lib/watobo/core/parameter.rb +66 -0
- data/lib/watobo/core/passive_check.rb +15 -22
- data/lib/watobo/core/passive_checks.rb +72 -0
- data/lib/watobo/core/passive_scanner.rb +69 -0
- data/lib/watobo/core/plugin.rb +33 -0
- data/lib/watobo/core/project.rb +40 -547
- data/lib/watobo/core/proxy.rb +7 -2
- data/lib/watobo/core/request.rb +95 -10
- data/lib/watobo/core/response.rb +44 -3
- data/lib/watobo/core/scanner.rb +6 -7
- data/lib/watobo/core/scanner3.rb +439 -0
- data/lib/watobo/core/scope.rb +106 -0
- data/lib/watobo/core/session.rb +106 -286
- data/lib/watobo/core/sid_cache.rb +121 -0
- data/lib/watobo/core/subscriber.rb +48 -0
- data/lib/watobo/core.rb +2 -2
- data/lib/watobo/defaults.rb +3 -2
- data/lib/watobo/external/diff/lcs/array.rb +1 -1
- data/lib/watobo/external/diff/lcs/block.rb +1 -1
- data/lib/watobo/external/diff/lcs/callbacks.rb +1 -1
- data/lib/watobo/external/diff/lcs/change.rb +1 -1
- data/lib/watobo/external/diff/lcs/hunk.rb +1 -1
- data/lib/watobo/external/diff/lcs/ldiff.rb +1 -1
- data/lib/watobo/external/diff/lcs/string.rb +1 -1
- data/lib/watobo/external/diff/lcs.rb +1 -1
- data/lib/watobo/external/ntlm/ntlm.rb +1 -1
- data/lib/watobo/externals.rb +1 -1
- data/lib/watobo/framework/create_project.rb +19 -12
- data/lib/watobo/framework/init.rb +4 -3
- data/lib/watobo/framework/init_modules.rb +32 -3
- data/lib/watobo/framework/license_text.rb +3 -2
- data/lib/watobo/framework/load_chat.rb +36 -0
- data/lib/watobo/framework.rb +2 -2
- data/lib/watobo/gui/about_watobo.rb +3 -2
- data/lib/watobo/gui/browser_preview.rb +4 -3
- data/lib/watobo/gui/certificate_dialog.rb +3 -2
- data/lib/watobo/gui/chat_diff.rb +6 -14
- data/lib/watobo/gui/chatviewer_frame.rb +30 -5
- data/lib/watobo/gui/checkboxtree.rb +13 -12
- data/lib/watobo/gui/checks_policy_frame.rb +8 -10
- data/lib/watobo/gui/client_cert_dialog.rb +8 -6
- data/lib/watobo/gui/confirm_scan_dialog.rb +5 -3
- data/lib/watobo/gui/conversation_table.rb +288 -51
- data/lib/watobo/gui/conversation_table_ctrl.rb +36 -3
- data/lib/watobo/gui/conversation_table_ctrl2.rb +416 -0
- data/lib/watobo/gui/csrf_token_dialog.rb +25 -33
- data/lib/watobo/gui/dashboard.rb +47 -45
- data/lib/watobo/gui/define_scope_frame.rb +27 -22
- data/lib/watobo/gui/differ_frame.rb +238 -0
- data/lib/watobo/gui/edit_comment.rb +3 -2
- data/lib/watobo/gui/edit_scope_dialog.rb +7 -6
- data/lib/watobo/gui/finding_info.rb +3 -2
- data/lib/watobo/gui/findings_tree.rb +101 -26
- data/lib/watobo/gui/full_scan_dialog.rb +5 -6
- data/lib/watobo/gui/fuzzer_gui.rb +51 -18
- data/lib/watobo/gui/goto_url_dialog.rb +92 -0
- data/lib/watobo/gui/hex_viewer.rb +16 -5
- data/lib/watobo/gui/html_viewer.rb +309 -0
- data/lib/watobo/gui/intercept_filter_dialog.rb +3 -2
- data/lib/watobo/gui/interceptor_gui.rb +5 -4
- data/lib/watobo/gui/interceptor_settings_dialog.rb +4 -3
- data/lib/watobo/gui/list_box.rb +4 -3
- data/lib/watobo/gui/log_file_viewer.rb +55 -0
- data/lib/watobo/gui/log_viewer.rb +3 -82
- data/lib/watobo/gui/login_wizzard.rb +3 -3
- data/lib/watobo/gui/main_window.rb +183 -164
- data/lib/watobo/gui/manual_request_editor.rb +157 -642
- data/lib/watobo/gui/master_pw_dialog.rb +3 -2
- data/lib/watobo/gui/mixins/gui_settings.rb +3 -2
- data/lib/watobo/gui/page_tree.rb +3 -2
- data/lib/watobo/gui/password_policy_dialog.rb +3 -2
- data/lib/watobo/gui/plugin_board.rb +103 -73
- data/lib/watobo/gui/preferences_dialog.rb +3 -2
- data/lib/watobo/gui/progress_window.rb +3 -2
- data/lib/watobo/gui/project_wizzard.rb +3 -2
- data/lib/watobo/gui/proxy_dialog.rb +3 -2
- data/lib/watobo/gui/quick_scan_dialog.rb +17 -32
- data/lib/watobo/gui/request_builder_frame.rb +134 -0
- data/lib/watobo/gui/request_editor.rb +14 -9
- data/lib/watobo/gui/rewrite_filters_dialog.rb +4 -3
- data/lib/watobo/gui/rewrite_rules_dialog.rb +4 -3
- data/lib/watobo/gui/save_chat_dialog.rb +7 -3
- data/lib/watobo/gui/scanner_settings_dialog.rb +4 -3
- data/lib/watobo/gui/select_chat_dialog.rb +15 -25
- data/lib/watobo/gui/session_management_dialog.rb +21 -25
- data/lib/watobo/gui/sites_tree.rb +5 -4
- data/lib/watobo/gui/status_bar.rb +3 -2
- data/lib/watobo/gui/table_editor.rb +398 -386
- data/lib/watobo/gui/tagless_viewer.rb +3 -2
- data/lib/watobo/gui/templates/plugin.rb +3 -2
- data/lib/watobo/gui/templates/plugin2.rb +4 -3
- data/lib/watobo/gui/templates/plugin_base.rb +168 -0
- data/lib/watobo/gui/text_viewer.rb +49 -3
- data/lib/watobo/gui/transcoder_window.rb +3 -2
- data/lib/watobo/gui/utils/gui_utils.rb +5 -4
- data/lib/watobo/gui/utils/init_icons.rb +5 -2
- data/lib/watobo/gui/utils/load_icons.rb +3 -2
- data/lib/watobo/gui/utils/load_plugins.rb +22 -5
- data/lib/watobo/gui/utils/master_password.rb +3 -2
- data/lib/watobo/gui/utils/save_default_settings.rb +7 -5
- data/lib/watobo/gui/utils/save_project_settings.rb +1 -1
- data/lib/watobo/gui/utils/save_proxy_settings.rb +4 -3
- data/lib/watobo/gui/utils/save_scanner_settings.rb +5 -4
- data/lib/watobo/gui/utils/session_history.rb +3 -2
- data/lib/watobo/gui/workspace_dialog.rb +3 -2
- data/lib/watobo/gui/www_auth_dialog.rb +4 -3
- data/lib/watobo/gui/xml_viewer_frame.rb +3 -2
- data/lib/watobo/gui.rb +6 -3
- data/lib/watobo/http/cookies/cookies.rb +66 -0
- data/lib/watobo/http/data/data.rb +68 -0
- data/lib/watobo/{gui/mixins/subscriber.rb → http/url/url.rb} +33 -19
- data/lib/watobo/http_socket/agent.rb +851 -0
- data/lib/watobo/http_socket/client_socket.rb +290 -0
- data/lib/watobo/http_socket/connection.rb +423 -0
- data/lib/watobo/http_socket/http_socket.rb +273 -0
- data/lib/watobo/http_socket/ntlm_auth.rb +152 -0
- data/lib/watobo/http_socket/proxy.rb +31 -0
- data/lib/watobo/http_socket.rb +25 -0
- data/lib/watobo/interceptor/proxy.rb +883 -0
- data/lib/watobo/interceptor/transparent.rb +37 -0
- data/lib/watobo/interceptor.rb +25 -0
- data/lib/watobo/mixins/check_info.rb +50 -0
- data/lib/watobo/mixins/httpparser.rb +92 -20
- data/lib/watobo/mixins/request_parser.rb +103 -88
- data/lib/watobo/mixins/shapers.rb +42 -11
- data/lib/watobo/mixins/transcoders.rb +61 -57
- data/lib/watobo/mixins.rb +3 -2
- data/lib/watobo/parser/html.rb +106 -0
- data/lib/watobo/parser.rb +22 -0
- data/lib/watobo/utils/check_regex.rb +3 -2
- data/lib/watobo/utils/copy_object.rb +3 -2
- data/lib/watobo/utils/crypto.rb +3 -2
- data/lib/watobo/utils/expand_range.rb +3 -2
- data/lib/watobo/utils/file_management.rb +7 -3
- data/lib/watobo/utils/hexprint.rb +3 -2
- data/lib/watobo/utils/load_chat.rb +4 -3
- data/lib/watobo/utils/load_icon.rb +3 -2
- data/lib/watobo/utils/print_debug.rb +3 -2
- data/lib/watobo/utils/response_builder.rb +6 -4
- data/lib/watobo/utils/response_hash.rb +66 -49
- data/lib/watobo/utils/secure_eval.rb +3 -2
- data/lib/watobo/utils/strings.rb +3 -2
- data/lib/watobo/utils/text2request.rb +4 -5
- data/lib/watobo/utils/url.rb +46 -0
- data/lib/watobo/utils.rb +3 -2
- data/lib/watobo.rb +13 -3
- data/modules/active/Apache/mod_status.rb +15 -11
- data/modules/active/Flash/crossdomain.rb +17 -14
- data/modules/active/RoR/cve_2013_015x.rb +21 -0
- data/modules/active/directories/dirwalker.rb +10 -16
- data/modules/active/discovery/fileextensions.rb +10 -7
- data/modules/active/discovery/http_methods.rb +8 -9
- data/modules/active/domino/domino_db.rb +10 -11
- data/modules/active/dotNET/custom_errors.rb +124 -0
- data/modules/active/dotNET/dotnet_files.rb +112 -0
- data/modules/active/fileinclusion/lfi_simple.rb +9 -7
- data/modules/active/jboss/jboss_basic.rb +12 -9
- data/modules/active/sap/its_commands.rb +10 -9
- data/modules/active/sap/its_service_parameter.rb +10 -9
- data/modules/active/sap/its_services.rb +10 -9
- data/modules/active/sap/its_xss.rb +11 -10
- data/modules/active/siebel/siebel_apps.rb +14 -16
- data/modules/active/sqlinjection/sql_boolean.rb +139 -75
- data/modules/active/sqlinjection/sqli_error.rb +9 -6
- data/modules/active/sqlinjection/sqli_timing.rb +13 -11
- data/modules/active/xml/xml_xxe.rb +134 -0
- data/modules/active/xss/{xss_rated.rb → xss_ng.rb} +89 -56
- data/modules/active/xss/xss_simple.rb +9 -6
- data/modules/passive/ajax.rb +85 -0
- data/modules/passive/autocomplete.rb +78 -0
- data/modules/passive/cookie_options.rb +3 -2
- data/modules/passive/cookie_xss.rb +3 -2
- data/modules/passive/detect_code.rb +7 -4
- data/modules/passive/detect_fileupload.rb +3 -2
- data/modules/passive/detect_infrastructure.rb +7 -4
- data/modules/passive/detect_one_time_tokens.rb +3 -2
- data/modules/passive/dirindexing.rb +3 -2
- data/modules/passive/disclosure_domino.rb +3 -2
- data/modules/passive/disclosure_emails.rb +3 -2
- data/modules/passive/disclosure_ipaddr.rb +3 -2
- data/modules/passive/filename_as_parameter.rb +3 -2
- data/modules/passive/form_spotter.rb +10 -7
- data/modules/passive/hidden_fields.rb +73 -0
- data/modules/passive/hotspots.rb +7 -4
- data/modules/passive/in_script_parameter.rb +3 -2
- data/modules/passive/multiple_server_headers.rb +4 -3
- data/modules/passive/possible_login.rb +3 -2
- data/modules/passive/redirect_url.rb +3 -2
- data/modules/passive/redirectionz.rb +6 -3
- data/modules/passive/xss_dom.rb +16 -9
- data/plugins/catalog/catalog.rb +119 -193
- data/plugins/crawler/crawler.rb +4 -3
- data/plugins/crawler/gui/auth_frame.rb +3 -2
- data/plugins/crawler/gui/crawler_gui.rb +3 -2
- data/plugins/crawler/gui/general_settings_frame.rb +3 -2
- data/plugins/crawler/gui/hooks_frame.rb +3 -2
- data/plugins/crawler/gui/scope_frame.rb +3 -2
- data/plugins/crawler/gui/settings_tabbook.rb +3 -2
- data/plugins/crawler/gui/status_frame.rb +3 -2
- data/plugins/crawler/gui.rb +3 -2
- data/plugins/crawler/lib/bags.rb +3 -2
- data/plugins/crawler/lib/constants.rb +3 -2
- data/plugins/crawler/lib/engine.rb +3 -2
- data/plugins/crawler/lib/grabber.rb +3 -2
- data/plugins/crawler/lib/uri_mp.rb +1 -1
- data/plugins/filefinder/filefinder.rb +92 -70
- data/plugins/sqlmap/bin/test.rb +3 -2
- data/plugins/sqlmap/gui/main.rb +3 -2
- data/plugins/sqlmap/gui/options_frame.rb +4 -3
- data/plugins/sqlmap/gui.rb +1 -1
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +3 -2
- data/plugins/sqlmap/sqlmap.rb +1 -1
- data/plugins/sslchecker/cli/sslchecker_cli.rb +1 -1
- data/plugins/sslchecker/gui/cipher_table.rb +17 -10
- data/plugins/sslchecker/gui/gui.rb +59 -56
- data/plugins/sslchecker/gui/sslchecker.rb +1 -1
- data/plugins/sslchecker/lib/check.rb +43 -18
- data/plugins/wshell/gui/main.rb +130 -0
- data/plugins/wshell/icons/wsh.ico +0 -0
- data/plugins/wshell/lib/core.rb +99 -0
- data/plugins/wshell/wshell.rb +33 -0
- metadata +80 -8
- data/README +0 -26
- data/lib/watobo/core/http_socket.rb +0 -161
- data/lib/watobo/gui/plugin/base.rb +0 -82
data/.yardopts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# .
|
|
2
2
|
# .yardopts
|
|
3
3
|
#
|
|
4
|
-
# Copyright
|
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
5
5
|
#
|
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
7
|
# http://watobo.sourceforge.com
|
|
@@ -21,4 +21,4 @@
|
|
|
21
21
|
# .
|
|
22
22
|
--no-private
|
|
23
23
|
*.xxx
|
|
24
|
-
|
|
24
|
+
--files CHANGELOG.md
|
data/{CHANGELOG → CHANGELOG.md}
RENAMED
|
@@ -1,3 +1,65 @@
|
|
|
1
|
+
Version 0.9.13
|
|
2
|
+
===
|
|
3
|
+
News
|
|
4
|
+
---
|
|
5
|
+
**Core**
|
|
6
|
+
|
|
7
|
+
* Faster socket communication!! Now client sockets are reused
|
|
8
|
+
* Big big changes on core modules, e.g. Watobo::Chats or Watobo::Findings.
|
|
9
|
+
* PassiveScanner - passive checks now run in background
|
|
10
|
+
* New DSL-like Plugin Style - digging into Metaprogramming ... check out WShell Plugin!
|
|
11
|
+
|
|
12
|
+
**Modules**
|
|
13
|
+
|
|
14
|
+
* XSS-NG supports "Parameter Prefetching" - using form fields of response as test parameters
|
|
15
|
+
* Hidden Field Spotter
|
|
16
|
+
* Improved boolean SQLi detection
|
|
17
|
+
* added some .NET Checks for well-known files, e.g. Trace.adx and Error Pages /w Stack-Trace
|
|
18
|
+
* XXE (Xml eXternal Entity) check
|
|
19
|
+
* Check html password fields for autocomplete attribute
|
|
20
|
+
|
|
21
|
+
**Plugins**
|
|
22
|
+
|
|
23
|
+
* SSL Checker now also shows the tested method (SSLv3, TLS, ..)
|
|
24
|
+
* WShell - Watobo Shell; With WShell you can execute ruby commands in the context of WATOBO. Very useful for advanced analysis, debugging purposes or simply to explore WATOBO.
|
|
25
|
+
|
|
26
|
+
**GUI**
|
|
27
|
+
|
|
28
|
+
* Parameter names in Table view are now automatically en-/decoded
|
|
29
|
+
* Right-Click on a plugin to get some information about it - only works on new plugins at the moment ...
|
|
30
|
+
* Introduced a new chat viewer with HTML highlighting (based on FXScintilla)
|
|
31
|
+
* ConversationTable: added 'space' hotkey to open "Edit Comment" dialog
|
|
32
|
+
* ConversationTable: added hotkeys for "goto url" navigation
|
|
33
|
+
* ChatViewer: xml/html content gets prettyfied for text- and html-viewer
|
|
34
|
+
* FindingsTree: added counter to finding class
|
|
35
|
+
* FindingsTree: memorize expanded nodes
|
|
36
|
+
* Conversation table filter now opens as a dialog and displays more information
|
|
37
|
+
|
|
38
|
+
Fixes
|
|
39
|
+
---
|
|
40
|
+
**Core**
|
|
41
|
+
|
|
42
|
+
* Bug in parsing multipart requests caused by incorrect boundary handling
|
|
43
|
+
* conversation text filter now works on responses without content-type header
|
|
44
|
+
|
|
45
|
+
**Fuzzer**
|
|
46
|
+
|
|
47
|
+
* fixed generator in fuzzer engine
|
|
48
|
+
|
|
49
|
+
**GUI**
|
|
50
|
+
|
|
51
|
+
* crash after selecting client certs
|
|
52
|
+
* no more swallowing a space-char at the end of a string when b64decoding with short-cuts
|
|
53
|
+
|
|
54
|
+
**Plugins**
|
|
55
|
+
|
|
56
|
+
* Catalog-Scanner: now all placeholders will be replaced
|
|
57
|
+
* SSLChecker now supports more methods and ciphers, incl. SSLv2
|
|
58
|
+
|
|
59
|
+
**Passive Modules**
|
|
60
|
+
|
|
61
|
+
* FormSpotter: now using nokogiri for parsing/extracting <form> information
|
|
62
|
+
|
|
1
63
|
= Version 0.9.12
|
|
2
64
|
== NEW
|
|
3
65
|
* [Module] Siebel Checks: Enumeration of default apps and files, e.g. base.txt
|
data/README.md
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
WATOBO - THE Web Application Toolbox
|
|
2
|
+
===
|
|
3
|
+
WATOBO is a security tool for web applications. It is intended to enable security professionals to perform efficient (semi-automated) web application security audits.
|
|
4
|
+
|
|
5
|
+
Most important features:
|
|
6
|
+
|
|
7
|
+
* WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
|
|
8
|
+
* WATOB can act as a transparent proxy (requires nfqueue)
|
|
9
|
+
* WATOBO can perform vulnerability checks out of the box
|
|
10
|
+
* WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens
|
|
11
|
+
* WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
|
|
12
|
+
* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
|
|
13
|
+
* WATOBO is written in (FX)Ruby and enables you to easily define your own checks
|
|
14
|
+
* WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
|
|
15
|
+
* WATOBO is free software ( licensed under the GNU General Public License Version 2)
|
|
16
|
+
* It’s by siberas ;)
|
|
17
|
+
|
|
18
|
+
Documentation
|
|
19
|
+
---
|
|
20
|
+
Check out the online documentation and video tutorials at http://watobo.sourceforge.net
|
|
21
|
+
|
|
22
|
+
Tips & Tricks
|
|
23
|
+
---
|
|
24
|
+
* On Linux you should use RVM to install Ruby (http://beginrescueend.com/rvm/install/)
|
|
25
|
+
* Use FoxyProxy or SwitchProxy to easily change your proxy settings
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
|
data/bin/nfq_server.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# .
|
|
3
3
|
# nfq_server.rb
|
|
4
4
|
#
|
|
5
|
-
# Copyright
|
|
5
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
6
6
|
#
|
|
7
7
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
8
8
|
# http://watobo.sourceforge.com
|
|
@@ -32,7 +32,8 @@ rescue LoadError
|
|
|
32
32
|
exit
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
|
|
35
|
+
# @private
|
|
36
|
+
module Watobo#:nodoc: all
|
|
36
37
|
module NFQ
|
|
37
38
|
class Connections
|
|
38
39
|
attr :nfqueue
|
|
@@ -185,7 +186,7 @@ module Watobo
|
|
|
185
186
|
end
|
|
186
187
|
end
|
|
187
188
|
|
|
188
|
-
DRb.start_service "druby://127.0.0.1:
|
|
189
|
+
DRb.start_service "druby://127.0.0.1:9090", Watobo::NFQ::Connections.new
|
|
189
190
|
#puts DRb.uri
|
|
190
191
|
DRb.thread.join
|
|
191
192
|
|
data/bin/watobo_gui.rb
CHANGED
data/config/scanner.yml
CHANGED
|
@@ -1,17 +1,3 @@
|
|
|
1
|
-
:sid_patterns:
|
|
2
|
-
- name="(sessid)" value="([0-9a-zA-Z!-]*)"
|
|
3
|
-
- (sessid)=([-0-9a-zA-Z_:]*)(;|&)?
|
|
4
|
-
- (SESSIONID)=([-0-9a-zA-Z_:\.\(\)]*)(;|&)?
|
|
5
|
-
- (PHPSESSID)=([0-9a-zA-Z]*)(;|&)?
|
|
6
|
-
- (ASPSESSIONID)\w*=([0-9a-zA-Z]*)(;|&)?
|
|
7
|
-
- (MYSAPSSO2)=([0-9a-zA-Z.=%]*)(;|&)?
|
|
8
|
-
- (ELEXIRSID)=([0-9a-zA-Z!-]*)(;|&)?
|
|
9
|
-
- (SLSID)=([0-9a-zA-Z!-]*)(;|&)?
|
|
10
|
-
- (sid)=([0-9a-z]*)(')?
|
|
11
|
-
- (saplb_\*)=([-0-9a-zA-Z_:\(\)]*)(;|&)?
|
|
12
|
-
- (DomAuthSessId)=([0-9a-zA-Z]*)(;|&)?
|
|
13
|
-
- (wgate)\/([\w]{4,}\/[\w=~]*)(;|&|'|")?
|
|
14
|
-
- (session)=([-0-9a-zA-Z_:\.]*)(;|&)?
|
|
15
1
|
:logout_signatures:
|
|
16
2
|
- ^Location.*login
|
|
17
3
|
:smart_scan: true
|
|
@@ -27,8 +13,5 @@
|
|
|
27
13
|
:scope: {}
|
|
28
14
|
:run_passive_checks: false
|
|
29
15
|
:client_certificates: {}
|
|
30
|
-
:
|
|
31
|
-
- name="(token)" value="([0-9a-zA-Z!-]*)"
|
|
32
|
-
- (token)=([-0-9a-zA-Z_:]*)(;|&)?
|
|
33
|
-
|
|
16
|
+
:auto_login: true
|
|
34
17
|
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
:patterns:
|
|
2
|
+
- name="(sessid)" value="([0-9a-zA-Z!-]*)"
|
|
3
|
+
- (sessid)=([-0-9a-zA-Z_:]*)(;|&)?
|
|
4
|
+
- (SESSIONID)=([-0-9a-zA-Z_:\.\(\)]*)(;|&)?
|
|
5
|
+
- (PHPSESSID)=([0-9a-zA-Z]*)(;|&)?
|
|
6
|
+
- (ASPSESSIONID)\w*=([0-9a-zA-Z]*)(;|&)?
|
|
7
|
+
- (MYSAPSSO2)=([0-9a-zA-Z.=%]*)(;|&)?
|
|
8
|
+
- (ELEXIRSID)=([0-9a-zA-Z!-]*)(;|&)?
|
|
9
|
+
- (SLSID)=([0-9a-zA-Z!-]*)(;|&)?
|
|
10
|
+
- (sid)=([0-9a-z]*)(')?
|
|
11
|
+
- (saplb_\*)=([-0-9a-zA-Z_:\(\)]*)(;|&)?
|
|
12
|
+
- (DomAuthSessId)=([0-9a-zA-Z]*)(;|&)?
|
|
13
|
+
- (wgate)\/([\w]{4,}\/[\w=~]*)(;|&|'|")?
|
|
14
|
+
- (session)=([-0-9a-zA-Z_:\.]*)(;|&)?
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
iptables -F
|
|
3
|
+
iptables -X
|
|
4
|
+
iptables -t nat -F
|
|
5
|
+
iptables -t nat -X
|
|
6
|
+
iptables -t mangle -F
|
|
7
|
+
iptables -t mangle -X
|
|
8
|
+
iptables -P INPUT ACCEPT
|
|
9
|
+
iptables -P FORWARD ACCEPT
|
|
10
|
+
iptables -P OUTPUT ACCEPT
|
|
11
|
+
|
|
12
|
+
echo "Turning on Natting"
|
|
13
|
+
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
14
|
+
|
|
15
|
+
echo "Allowing ip forwarding"
|
|
16
|
+
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
17
|
+
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
#===========================
|
|
3
|
+
# WATOBO-Installer for Linux
|
|
4
|
+
#---------------------------
|
|
5
|
+
# Tested on BackTrack 5R2
|
|
6
|
+
#===========================
|
|
7
|
+
# Date: 06.08.2012
|
|
8
|
+
# Author: Andreas Schmidt
|
|
9
|
+
Version=1.1
|
|
10
|
+
#---
|
|
11
|
+
# Version 1.1
|
|
12
|
+
# added libnetfilter-queue-dev package & gem
|
|
13
|
+
# added platform detection
|
|
14
|
+
#---
|
|
15
|
+
|
|
16
|
+
info() {
|
|
17
|
+
printf "\033[36m$*\033[0m\n"
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
head() {
|
|
21
|
+
printf "\033[31m$*\033[0m\n"
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
head "##############################################"
|
|
25
|
+
head "# W A T O B O - I N S T A L L E R #"
|
|
26
|
+
head "##############################################"
|
|
27
|
+
info "Version: $Version"
|
|
28
|
+
gem_opts=""
|
|
29
|
+
platform="Generic"
|
|
30
|
+
file=/etc/issue
|
|
31
|
+
if grep -q "BackTrack" $file
|
|
32
|
+
then
|
|
33
|
+
platform="BackTrack"
|
|
34
|
+
gem_opts="--user-install"
|
|
35
|
+
fi
|
|
36
|
+
|
|
37
|
+
info "Platform: $platform"
|
|
38
|
+
|
|
39
|
+
if [ "$platform" == "BackTrack" ]
|
|
40
|
+
then
|
|
41
|
+
echo "Adding /root/.gem/ruby/1.9.2/bin/ to your PATH .."
|
|
42
|
+
echo 'export PATH=$PATH:/root/.gem/ruby/1.9.2/bin' >> /root/.bashrc
|
|
43
|
+
export PATH=$PATH:/root/.gem/ruby/1.9.2/bin
|
|
44
|
+
#. /root/.bashrc
|
|
45
|
+
fi
|
|
46
|
+
|
|
47
|
+
echo "Installing required gems ..."
|
|
48
|
+
for G in ffi multi_json childprocess selenium-webdriver mechanize fxruby net-http-digest_auth net-http-persistent nokogiri domain_name unf webrobots ntlm-http net-http-pipeline nfqueue watobo
|
|
49
|
+
do
|
|
50
|
+
info ">> $G"
|
|
51
|
+
gem install $gem_opts $G
|
|
52
|
+
done
|
|
53
|
+
|
|
54
|
+
echo "Install libnetfilter for transparent proxy mode"
|
|
55
|
+
apt-get install libnetfilter-queue-dev
|
|
56
|
+
|
|
57
|
+
info "Installation finished."
|
|
58
|
+
echo "Open a new shell and type watobo_gui.rb to start WATOBO."
|
|
59
|
+
echo "For manuals/videos and general information about WATOBO please check:"
|
|
60
|
+
echo "* http://watobo.sourceforge.net/"
|
|
61
|
+
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# configure your interfaces here
|
|
3
|
+
INT_IN=wlan0
|
|
4
|
+
INT_OUT=eth0
|
|
5
|
+
|
|
6
|
+
echo "= Interface Configuration ="
|
|
7
|
+
echo "Incoming Interface: $INT_IN"
|
|
8
|
+
echo "Outgoing Interface: $INT_OUT"
|
|
9
|
+
|
|
10
|
+
echo "Resetting IPTables ..."
|
|
11
|
+
iptables -F
|
|
12
|
+
iptables -X
|
|
13
|
+
iptables -t nat -F
|
|
14
|
+
iptables -t nat -X
|
|
15
|
+
iptables -t mangle -F
|
|
16
|
+
iptables -t mangle -X
|
|
17
|
+
iptables -P INPUT ACCEPT
|
|
18
|
+
iptables -P FORWARD ACCEPT
|
|
19
|
+
iptables -P OUTPUT ACCEPT
|
|
20
|
+
|
|
21
|
+
echo "Restarting DHCP ..."
|
|
22
|
+
/etc/init.d/dhcp3-server restart
|
|
23
|
+
|
|
24
|
+
echo "Restarting DNS ..."
|
|
25
|
+
/etc/init.d/bind9 restart
|
|
26
|
+
|
|
27
|
+
echo "Enable IP Forwarding ..."
|
|
28
|
+
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
29
|
+
|
|
30
|
+
echo "Send Packets To NFQUEUE ..."
|
|
31
|
+
iptables -t mangle -A PREROUTING -p tcp -m state --dport 443 --state NEW -j NFQUEUE --queue-num 0
|
|
32
|
+
|
|
33
|
+
echo "Redirect Traffic to WATOBO ..."
|
|
34
|
+
iptables -t nat -A PREROUTING -i $INT_IN -p tcp -m tcp -j REDIRECT --dport 443 --to-ports 8081
|
|
35
|
+
iptables -t nat -A PREROUTING -i $INT_IN -p tcp -m tcp -j REDIRECT --dport 80 --to-ports 8081
|
|
36
|
+
|
|
37
|
+
echo "Turn on Natting ..."
|
|
38
|
+
iptables -t nat -A POSTROUTING -o $INT_OUT -j MASQUERADE
|
|
Binary file
|
|
Binary file
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# .
|
|
2
2
|
# data_store.rb
|
|
3
3
|
#
|
|
4
|
-
# Copyright
|
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
5
5
|
#
|
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
7
|
# http://watobo.sourceforge.com
|
|
@@ -19,7 +19,8 @@
|
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
21
|
# .
|
|
22
|
-
|
|
22
|
+
# @private
|
|
23
|
+
module Watobo#:nodoc: all
|
|
23
24
|
class DataStore
|
|
24
25
|
|
|
25
26
|
@engine = nil
|
|
@@ -28,7 +29,7 @@ module Watobo
|
|
|
28
29
|
@engine
|
|
29
30
|
end
|
|
30
31
|
|
|
31
|
-
def self.
|
|
32
|
+
def self.connect(project_name, session_name)
|
|
32
33
|
a = Watobo::Conf::Datastore.adapter
|
|
33
34
|
store = case
|
|
34
35
|
when 'file'
|
|
@@ -40,10 +41,31 @@ module Watobo
|
|
|
40
41
|
store
|
|
41
42
|
end
|
|
42
43
|
|
|
44
|
+
def self.method_missing(name, *args, &block)
|
|
45
|
+
super unless @engine.respond_to? name
|
|
46
|
+
@engine.send name, *args, &block
|
|
47
|
+
end
|
|
48
|
+
|
|
43
49
|
|
|
44
50
|
end
|
|
45
51
|
|
|
52
|
+
def self.logs
|
|
53
|
+
return "" if DataStore.engine.nil?
|
|
54
|
+
DataStore.engine.logs
|
|
55
|
+
end
|
|
56
|
+
|
|
46
57
|
def self.log(message, prefs={})
|
|
58
|
+
|
|
59
|
+
text = message
|
|
60
|
+
if message.is_a? Array
|
|
61
|
+
text = message.join("\n| ")
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
#clean up sender's name
|
|
65
|
+
if prefs.has_key? :sender
|
|
66
|
+
prefs[:sender].gsub!(/.*::/,'')
|
|
67
|
+
end
|
|
68
|
+
|
|
47
69
|
if DataStore.engine.respond_to? :logger
|
|
48
70
|
DataStore.engine.logger message, prefs
|
|
49
71
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# .
|
|
2
2
|
# file_store.rb
|
|
3
3
|
#
|
|
4
|
-
# Copyright
|
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
5
5
|
#
|
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
7
|
# http://watobo.sourceforge.com
|
|
@@ -19,7 +19,8 @@
|
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
21
|
# .
|
|
22
|
-
|
|
22
|
+
# @private
|
|
23
|
+
module Watobo#:nodoc: all
|
|
23
24
|
class FileSessionStore < SessionStore
|
|
24
25
|
def num_chats
|
|
25
26
|
get_file_list(@conversation_path, "*-chat*").length
|
|
@@ -149,10 +150,10 @@ module Watobo
|
|
|
149
150
|
wsp = Watobo.workspace_path
|
|
150
151
|
return false unless File.exist? wsp
|
|
151
152
|
puts "* using workspace path: #{wsp}" if $DEBUG
|
|
152
|
-
|
|
153
|
+
|
|
153
154
|
@log_file = nil
|
|
154
155
|
@log_lock = Mutex.new
|
|
155
|
-
|
|
156
|
+
|
|
156
157
|
@project_path = File.join(wsp, project_name)
|
|
157
158
|
unless File.exist? @project_path
|
|
158
159
|
puts "* create project path: #{@project_path}" if $DEBUG
|
|
@@ -197,7 +198,7 @@ module Watobo
|
|
|
197
198
|
end
|
|
198
199
|
end
|
|
199
200
|
end
|
|
200
|
-
|
|
201
|
+
|
|
201
202
|
@log_file = File.join(@log_path, session_name + ".log")
|
|
202
203
|
|
|
203
204
|
# @chat_files = get_file_list(@conversation_path, "*-chat")
|
|
@@ -255,21 +256,29 @@ module Watobo
|
|
|
255
256
|
s
|
|
256
257
|
|
|
257
258
|
end
|
|
258
|
-
|
|
259
|
+
|
|
260
|
+
def logs
|
|
261
|
+
l = ''
|
|
262
|
+
@log_lock.synchronize do
|
|
263
|
+
l = File.open(@log_file).read
|
|
264
|
+
end
|
|
265
|
+
l
|
|
266
|
+
end
|
|
267
|
+
|
|
259
268
|
def logger( message, prefs = {} )
|
|
260
269
|
opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
|
|
261
270
|
opts.update prefs
|
|
262
271
|
return false if @log_file.nil?
|
|
263
272
|
begin
|
|
264
|
-
|
|
273
|
+
t = Time.now
|
|
265
274
|
now = t.strftime("%m/%d/%Y @ %H:%M:%S")
|
|
266
275
|
log_message = [ now ]
|
|
267
276
|
log_message << "#{opts[:sender]}"
|
|
268
277
|
if message.is_a? Array
|
|
269
278
|
log_message << message.join("\n| ")
|
|
270
279
|
log_message << "\n-"
|
|
271
|
-
else
|
|
272
|
-
|
|
280
|
+
else
|
|
281
|
+
log_message << message
|
|
273
282
|
end
|
|
274
283
|
@log_lock.synchronize do
|
|
275
284
|
File.open(@log_file,"a") do |lfh|
|
|
@@ -279,8 +288,7 @@ module Watobo
|
|
|
279
288
|
rescue => bang
|
|
280
289
|
puts bang
|
|
281
290
|
end
|
|
282
|
-
|
|
283
|
-
|
|
291
|
+
|
|
284
292
|
end
|
|
285
293
|
|
|
286
294
|
private
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# .
|
|
2
2
|
# session_store.rb
|
|
3
3
|
#
|
|
4
|
-
# Copyright
|
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
5
5
|
#
|
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
7
|
# http://watobo.sourceforge.com
|
|
@@ -19,7 +19,8 @@
|
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
21
|
# .
|
|
22
|
-
|
|
22
|
+
# @private
|
|
23
|
+
module Watobo#:nodoc: all
|
|
23
24
|
class SessionStore
|
|
24
25
|
|
|
25
26
|
# TODO: Define default methods here
|
data/lib/watobo/adapters.rb
CHANGED
data/lib/watobo/ca.rb
CHANGED
data/lib/watobo/config.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# .
|
|
2
2
|
# config.rb
|
|
3
3
|
#
|
|
4
|
-
# Copyright
|
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
5
5
|
#
|
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
7
|
# http://watobo.sourceforge.com
|
|
@@ -19,7 +19,8 @@
|
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
21
|
# .
|
|
22
|
-
|
|
22
|
+
# @private
|
|
23
|
+
module Watobo#:nodoc: all
|
|
23
24
|
module Conf
|
|
24
25
|
|
|
25
26
|
@@settings = Hash.new
|
|
@@ -33,15 +34,15 @@ module Watobo
|
|
|
33
34
|
@@modules.length
|
|
34
35
|
end
|
|
35
36
|
|
|
36
|
-
def self.load_project_settings(
|
|
37
|
+
def self.load_project_settings()
|
|
37
38
|
@@modules.each do |m|
|
|
38
|
-
m.load_project(
|
|
39
|
+
m.load_project()
|
|
39
40
|
end
|
|
40
41
|
end
|
|
41
42
|
|
|
42
|
-
def self.load_session_settings(
|
|
43
|
+
def self.load_session_settings()
|
|
43
44
|
@@modules.each do |m|
|
|
44
|
-
m.load_session(
|
|
45
|
+
m.load_session()
|
|
45
46
|
end
|
|
46
47
|
end
|
|
47
48
|
|
|
@@ -80,29 +81,28 @@ module Watobo
|
|
|
80
81
|
@settings = YAML.load(YAML.dump(settings))
|
|
81
82
|
end
|
|
82
83
|
|
|
83
|
-
def self.save_session(
|
|
84
|
-
raise ArgumentError, "Need a valid Watobo::DataStore" unless data_store.respond_to? :save_project_settings
|
|
84
|
+
def self.save_session( *filter, &b)
|
|
85
|
+
#raise ArgumentError, "Need a valid Watobo::DataStore" unless data_store.respond_to? :save_project_settings
|
|
85
86
|
s = filter_settings filter
|
|
86
87
|
yield s if block_given?
|
|
87
88
|
# puts group_name
|
|
88
|
-
|
|
89
|
+
Watobo::DataStore.save_session_settings( group_name, s )
|
|
89
90
|
end
|
|
90
91
|
|
|
91
|
-
def self.save_project(
|
|
92
|
-
|
|
92
|
+
def self.save_project( *filter, &b)
|
|
93
|
+
# raise ArgumentError, "Need a valid Watobo::DataStore" unless data_store.respond_to? :save_project_settings
|
|
93
94
|
s = filter_settings filter
|
|
94
95
|
# puts @settings.to_yaml
|
|
95
96
|
# puts s.to_yaml
|
|
96
|
-
|
|
97
|
+
Watobo::DataStore.save_project_settings(group_name, s)
|
|
97
98
|
end
|
|
98
99
|
|
|
99
|
-
def self.load_session(
|
|
100
|
-
raise ArgumentError, "Need a valid Watobo::DataStore" unless data_store.respond_to? :load_project_settings
|
|
100
|
+
def self.load_session(prefs={}, &b)
|
|
101
101
|
|
|
102
102
|
p = { :update => true }
|
|
103
103
|
p.update prefs
|
|
104
104
|
|
|
105
|
-
s =
|
|
105
|
+
s = Watobo::DataStore.load_session_settings(group_name)
|
|
106
106
|
return false if s.nil?
|
|
107
107
|
|
|
108
108
|
if p[:update] == true
|
|
@@ -112,13 +112,11 @@ module Watobo
|
|
|
112
112
|
end
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
-
def self.load_project(
|
|
116
|
-
raise ArgumentError, "Need a valid Watobo::DataStore" unless data_store.respond_to? :load_project_settings
|
|
117
|
-
|
|
115
|
+
def self.load_project(prefs={}, &b)
|
|
118
116
|
p = { :update => true }
|
|
119
117
|
p.update prefs
|
|
120
118
|
|
|
121
|
-
s =
|
|
119
|
+
s = Watobo::DataStore.load_project_settings(group_name)
|
|
122
120
|
return false if s.nil?
|
|
123
121
|
|
|
124
122
|
if p[:update] == true
|
data/lib/watobo/constants.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# .
|
|
2
2
|
# constants.rb
|
|
3
3
|
#
|
|
4
|
-
# Copyright
|
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
|
5
5
|
#
|
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
7
|
# http://watobo.sourceforge.com
|
|
@@ -24,7 +24,8 @@ $debug_active_check = false
|
|
|
24
24
|
$debug_scanner = false
|
|
25
25
|
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
# @private
|
|
28
|
+
module Watobo#:nodoc: all
|
|
28
29
|
module Constants
|
|
29
30
|
CHAT_SOURCE_UNDEF = 0x00
|
|
30
31
|
CHAT_SOURCE_INTERCEPT = 0x01
|