watobo 0.9.14 → 0.9.15

data/lib/watobo/core/session.rb

@@ -102,18 +102,18 @@ module Watobo#:nodoc: all
           @sid_cache.update_request(request) if current_prefs[:update_session] == true
 
           #---------------------------------------
-          request.removeHeader("^Proxy-Connection") #if not use_proxy
-          #request.removeHeader("^Connection") #if not use_proxy
-          request.removeHeader("^Accept-Encoding")
+         # request.removeHeader("^Proxy-Connection") #if not use_proxy
+         # request.removeHeader("^Connection") #if not use_proxy
+          #request.removeHeader("^Accept-Encoding")
           # If-Modified-Since: Tue, 28 Oct 2008 11:06:43 GMT
           # If-None-Match: W/"3975-1225192003000"
-          request.removeHeader("^If-")
+          # request.removeHeader("^If-")
           #  puts
           #  request.each do |line|
           #  puts line.unpack("H*")
           #end
           #puts
-          if current_prefs[:update_contentlength] == true then
+          if current_prefs[:update_contentlength] == true and request.has_body? then
             request.fix_content_length()
           end
 
@@ -170,23 +170,30 @@ module Watobo#:nodoc: all
             #  timeout(6) do
             #puts "* no proxy - direct connection"
             tcp_socket = TCPSocket.new( host, port )
-            optval = [1, 5000].pack("I_2")
-            tcp_socket.setsockopt Socket::SOL_SOCKET, Socket::SO_RCVTIMEO, optval
-            tcp_socket.setsockopt Socket::SOL_SOCKET, Socket::SO_SNDTIMEO, optval    
+            #optval = [1, 5000].pack("I_2")
+            #tcp_socket.setsockopt Socket::SOL_SOCKET, Socket::SO_RCVTIMEO, optval
+            #tcp_socket.setsockopt Socket::SOL_SOCKET, Socket::SO_SNDTIMEO, optval    
             tcp_socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)    
-            tcp_socket.setsockopt Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1
+            #tcp_socket.setsockopt Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1
+            tcp_socket.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
+            
             tcp_socket.sync = true
 
             socket =  tcp_socket
             if request.is_ssl?
               ssl_prefs = {}
               ssl_prefs[:ssl_cipher] = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
-              if current_prefs.has_key? :client_certificates
-                if current_prefs[:client_certificates].has_key? request.site
-                  puts "* use ssl client certificate for site #{request.site}" if $DEBUG
-                  ssl_prefs[:ssl_client_cert] = current_prefs[:client_certificates][request.site][:ssl_client_cert] 
-                ssl_prefs[:ssl_client_key] = current_prefs[:client_certificates][request.site][:ssl_client_key]
-                end
+              #if current_prefs.has_key? :client_certificates
+              #  if current_prefs[:client_certificates].has_key? request.site
+              #    puts "* use ssl client certificate for site #{request.site}" if $DEBUG
+              #    ssl_prefs[:ssl_client_cert] = current_prefs[:client_certificates][request.site][:ssl_client_cert] 
+              #    ssl_prefs[:ssl_client_key] = current_prefs[:client_certificates][request.site][:ssl_client_key]
+              #  end              
+              #end
+              unless Watobo::ClientCertStore.get(site).nil?
+               # puts "* using client cert for site #{site}"
+                client_cert = Watobo::ClientCertStore.get(site)
+                ssl_prefs[:client_certificate] = client_cert
               end
               socket = sslConnect(tcp_socket, ssl_prefs)
             end
@@ -194,11 +201,10 @@ module Watobo#:nodoc: all
             # remove URI before sending request but cache it for restoring request
             uri_cache = nil
             uri_cache = request.removeURI #if proxy.nil?
-
-            
-           # request.addHeader("Proxy-Connection", "Close") unless proxy.nil?
-           # request.addHeader("Accept-Encoding", "gzip;q=0;identity; q=0.5, *;q=0") #don't want encoding
+            # request.addHeader("Proxy-Connection", "Close") unless proxy.nil?
+            # request.set_header("Accept-Encoding", "gzip;q=0;identity; q=0.5, *;q=0") #don't want encoding
             
+            # request.set_header("Connection", "close") unless request.has_header?("Upgrade") 
 
             if current_prefs[:www_auth].has_key?(site)
               case current_prefs[:www_auth][site][:type]
@@ -212,25 +218,20 @@ module Watobo#:nodoc: all
               end
             else
               # puts "========== Add Headers"
-             # request.addHeader("Connection", "Close") #if not use_proxy
+             
+              request.addHeader("Connection", "Close") #if not use_proxy
 
               data = request.join
               unless request.has_body? 
                 data << "\r\n" unless data =~ /\r\n\r\n$/ 
               end
-           #  puts "= SESSION ="
-           #  puts data
+            # puts "= SESSION ="
+            # puts data
            #  puts data.unpack("H*")[0]#.gsub(/0d0a/,"0d0a\n")
-              
+             # puts "---"
               unless socket.nil?                
                 socket.print data
                 socket.flush
-                # tell finished sending data
-                if socket.is_a? OpenSSL::SSL::SSLSocket
-                  socket.io.shutdown(Socket::SHUT_WR)
-                else
-                  socket.shutdown(Socket::SHUT_WR)
-                end
                 response_header = readHTTPHeader(socket, current_prefs)
               end
               # RESTORE URI FOR HISTORY/LOG
@@ -297,6 +298,7 @@ module Watobo#:nodoc: all
           # unless @session[:csrf_requests].empty? or @session[:csrf_patterns].empty?
           unless Watobo::OTTCache.requests(request).empty? or @session[:update_otts] == false
             Watobo::OTTCache.requests(request).each do |req|
+              
               copy = Watobo::Request.new YAML.load(YAML.dump(req))
 
               #updateCSRFToken(csrf_cache, copy)
@@ -338,8 +340,8 @@ module Watobo#:nodoc: all
           if @session[:follow_redirect]
  # puts response.status
   if response.status =~ /^302/
-    response.extend Watobo::Mixin::Parser::Web10
-    request.extend Watobo::Mixin::Shaper::Web10
+    #response.extend Watobo::Mixin::Parser::Web10
+    #request.extend Watobo::Mixin::Shaper::Web10
 
     loc_header = response.headers("Location:").first
     new_location = loc_header.gsub(/^[^:]*:/,'').strip
@@ -597,10 +599,10 @@ end
           {:workstation => ntlm_credentials[:workstation], :ntlmv2 => true})
 
           #     puts "* NTLM-Credentials: #{ntlm_credentials[:username]},#{ntlm_credentials[:password]}, #{ntlm_credentials[:domain]}, #{ntlm_credentials[:workstation]}"
-          auth_request.removeHeader("Authorization")
-          auth_request.removeHeader("Connection")
+          #auth_request.removeHeader("Authorization")
+          #auth_request.removeHeader("Connection")
 
-          auth_request.addHeader("Connection", "Close")
+          auth_request.set_header("Connection", "Close")
 
           msg = "NTLM " + t3.encode64
           auth_request.addHeader("Authorization", msg)
@@ -666,19 +668,24 @@ end
                         puts "= KEY ="
                         puts ctx.key.display
                         puts "---"
-                      end    
-              
+                      end                 
 
           end
           # @ctx.tmp_dh_callback = proc { |*args|
           #  OpenSSL::PKey::DH.new(128)
           #}
+          if current_prefs.has_key? :client_certificate
+             ccp = current_prefs[:client_certificate]
+             ctx.cert = ccp[:ssl_client_cert]
+            ctx.key = ccp[:ssl_client_key]
+            ctx.extra_chain_cert = ccp[:extra_chain_certs] if ccp.has_key?(:extra_chain_certs)
+          end
 
           socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
           socket.sync_close = true
 
           socket.connect
-          socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
+          #socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
           puts "[SSLconnect]: #{socket.state}" if $DEBUG
           return socket
         rescue => bang
@@ -705,7 +712,9 @@ end
           #  timeout(6) do
 
           tcp_socket = TCPSocket.new( proxy.host, proxy.port)
-          tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
+          tcp_socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)    
+          #tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
+          tcp_socket.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
           tcp_socket.sync = true
           #  end
           #  puts "* sslProxyConnect"
@@ -907,7 +916,7 @@ end
 
         t2 = Net::NTLM::Message.decode64(ntlm_challenge)
         t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
-        request.removeHeader("Proxy-Authorization")
+        #request.removeHeader("Proxy-Authorization")
         #  request.removeHeader("Proxy-Connection")
 
         #  request.addHeader("Proxy-Connection", "Close")
@@ -974,6 +983,8 @@ end
 
           tcp_socket = TCPSocket.new( proxy.host, proxy.port)
           tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
+          tcp_socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+          tcp_socket.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)    
           tcp_socket.sync = true
           #  end
 
@@ -1060,15 +1071,9 @@ end
         header = []
         msg = nil
         begin
-          # signal finished sending before reading
-         # if socket.is_a? OpenSSL::SSL::SSLSocket
-            # socket.io.close_write
-         # else
-         #    socket.close_write
-         # end                
-                
+
           Watobo::HTTPSocket.read_header(socket) do |line|
-            #puts line
+           # puts line
             # puts line.unpack("H*")
             header.push line
           end

data/lib/watobo/core.rb

@@ -19,16 +19,6 @@
 # along with WATOBO; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 # .
-=begin
-    lib_folder = "core"
-    path = File.expand_path(File.join(File.dirname(__FILE__), lib_folder))
-    puts "* loading #{lib_folder}"
-    Dir.glob("#{path}/*.rb").each do |cf|
-      puts "+ #{cf}" if $DEBUG
-      require cf
-
-    end
-=end
-%w( subscriber sid_cache ott_cache parameter conversation chat findings chats active_checks passive_checks scope passive_scanner scanner3 finding project scanner proxy session fuzz_gen interceptor passive_check active_check cookie request response intercept_filter intercept_carver plugin forwarding_proxy cert_store netfilter_queue ).each do |lib|
+%w( subscriber client_cert_store sid_cache ott_cache parameter conversation chat findings chats active_checks passive_checks scope passive_scanner scanner3 finding project scanner proxy session fuzz_gen interceptor passive_check active_check cookie request response intercept_filter intercept_carver plugin forwarding_proxy cert_store netfilter_queue ).each do |lib|
   require File.join( "watobo", "core", lib)
 end

data/lib/watobo/gui/chatviewer_frame.rb

@@ -37,11 +37,12 @@ module Watobo#:nodoc: all
       end
 
       def setText(text, prefs={})
+        
         normalized_text = text
         if text.is_a? String
            normalized_text = text.gsub(/[^[:print:]]/,".")
         elsif text.respond_to? :has_body?
-          if text.content_type =~ /(html|xml)/
+          if text.content_type =~ /(xml)/
             doc = Nokogiri::XML(text.body, &:noblanks)
             fbody = doc.to_xhtml( indent:3, indent_text:" ")
             normalized_text = text.headers.map{|h| h.strip }.join("\n")
@@ -54,10 +55,10 @@ module Watobo#:nodoc: all
           end
         end
         
-         @text = normalized_text
+        @text = normalized_text
         #@text = text
         @simple_text_view.max_len = @max_len
-        @simple_text_view.setText(@text, prefs)
+        @simple_text_view.setText(text, prefs)
         @match_pos_label.text = "0/0"
         @match_pos_label.textColor = 'grey'
 
@@ -420,6 +421,7 @@ module Watobo#:nodoc: all
         textviewer_tab = FXTabItem.new(@tabBook, "Text", nil)
         tab_frame = FXVerticalFrame.new(@tabBook, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
         @textviewer = TextViewer.new( tab_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
+       # @textviewer = TextView2.new( tab_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
 
         @textviewer.style = 2
         @textviewer.editable = false

data/lib/watobo/gui/checkboxtree.rb

@@ -36,6 +36,51 @@ end
 # @private 
 module Watobo#:nodoc: all
   module Gui
+    
+    module CheckboxMixin
+      include Watobo::Gui::Icons
+      
+      def check
+        begin
+          @checked ||= true
+          self.setOpenIcon(ICON_CB_CHECKED)
+          self.setClosedIcon(ICON_CB_CHECKED)
+          # opened = true
+        rescue => bang
+          puts "!!!ERROR: could not check item"
+          puts bang
+          puts bang.backtrace
+        end
+      end
+      
+      def checked
+        @checked ||= false
+      end
+
+      def uncheck
+        begin
+          @checked ||= false
+          self.setOpenIcon(ICON_CB_UNCHECKED)
+          self.setClosedIcon(ICON_CB_UNCHECKED)
+          #opened = false
+        rescue => bang
+          puts "!!!ERROR: could not uncheck item"
+          puts bang
+          puts bang.backtrace
+        end
+      end
+
+      def toggle
+        @checked ||= false
+        if @checked
+          uncheck
+        else
+          check
+        end
+      end
+      
+    end
+    
     class CheckBoxTreeItem < FXTreeItem
       attr_accessor :checked
 
@@ -70,7 +115,7 @@ module Watobo#:nodoc: all
         end
       end
 
-      def initialize(item_text, item_status, item_data)
+      def initialize(item_text, item_status )
         super item_text
         @checked = item_status
         #icon = ICON_CB_CHECKED
@@ -97,19 +142,22 @@ module Watobo#:nodoc: all
       #                   }, {..} ]
       def elements=(elements)
         self.clearItems()
+        #return false if elements.length > 0
         elements.each do |e|
 
         # puts icon.class.to_s
           node = nil
           levels = e[:name].split('|')
+          begin
         #  puts "Processing: #{e[:name]} > #{e[:data].class}" if $DEBUG
           levels.each_with_index do |l,i|
             #puts "#{l} - #{l.class}"
             item = self.findItem(l, node, SEARCH_FORWARD|SEARCH_IGNORECASE)
 
             if item.nil? then
-              # new_item = CheckBoxTreeItem.new(l, e[:enabled], nil)
-              new_item = CheckBoxTreeItem.new(l, e[:enabled], :none)
+              # new_item = FXTreeItem.new(l, ICON_CB_CHECKED, ICON_CB_CHECKED)
+              # new_item.extend CheckboxMixin
+              new_item = CheckBoxTreeItem.new(l, e[:enabled] )
             # item = self.appendItem(node, l, ICON_CB_CHECKED, ICON_CB_CHECKED)
             item = self.appendItem(node, new_item)
             #  if e[:enabled] then
@@ -125,6 +173,10 @@ module Watobo#:nodoc: all
             end
 
           end
+          rescue => bang
+            puts bang
+            puts bang.backtrace
+          end
         end
       end
 
@@ -277,12 +329,13 @@ module Watobo#:nodoc: all
 
       @application ||= FXApp.new('LayoutTester', 'FoxTest')
       class TestGui < FXMainWindow
+       
         class TreeDlg < FXDialogBox
 
-          include Responder
+       #   include Responder
           def initialize(parent, project=nil, prefs={} )
             super(parent, "CheckBox Dialog", DECOR_ALL, :width => 300, :height => 400)
-            FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
+           # FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
             frame = FXVerticalFrame.new(self, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
             elements = []
             num_root_nodes = 4
@@ -299,15 +352,7 @@ module Watobo#:nodoc: all
             @cbtree.elements = elements
 
           end
-          private
-
-          def onAccept(sender, sel, event)
-            puts "#{self} closed"
-
-            getApp().stopModal(self, 1)
-            self.hide()
-            return 1
-          end
+                    
         end
 
         def leave

data/lib/watobo/gui/checks_policy_frame.rb

@@ -30,11 +30,6 @@ module Watobo#:nodoc: all
         applyPolicy(policy)
       end
 
-      def isElementChecked_UNUSED(data)
-        item = @tree.findItemByData(data)
-        item.checked
-      end
-
       def applyPolicy(policy=nil)
         #return false if policy.nil?
         tree_elements = []
@@ -65,6 +60,7 @@ module Watobo#:nodoc: all
             :enabled => false,
             :data => check
           }
+          puts a[:name]
           tree_elements.push a
         end