watobo 0.9.14 → 0.9.15
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +29 -0
- data/config/interceptor.yml +1 -0
- data/lib/watobo/core/active_check.rb +1 -2
- data/lib/watobo/core/client_cert_store.rb +47 -0
- data/lib/watobo/core/scanner3.rb +124 -88
- data/lib/watobo/core/session.rb +52 -47
- data/lib/watobo/core.rb +1 -11
- data/lib/watobo/gui/chatviewer_frame.rb +5 -3
- data/lib/watobo/gui/checkboxtree.rb +59 -14
- data/lib/watobo/gui/checks_policy_frame.rb +1 -5
- data/lib/watobo/gui/client_cert_dialog.rb +260 -96
- data/lib/watobo/gui/conversation_table.rb +7 -1
- data/lib/watobo/gui/conversation_table_ctrl2.rb +14 -5
- data/lib/watobo/gui/edit_comment.rb +1 -1
- data/lib/watobo/gui/main_window.rb +40 -5
- data/lib/watobo/gui/manual_request_editor.rb +10 -8
- data/lib/watobo/gui/quick_scan_dialog.rb +8 -6
- data/lib/watobo/gui/scanner_settings_dialog.rb +1 -0
- data/lib/watobo/gui/text_viewer.rb +5 -3
- data/lib/watobo/http/cookies/cookies.rb +3 -1
- data/lib/watobo/http_socket/agent.rb +1 -1
- data/lib/watobo/http_socket/client_socket.rb +409 -98
- data/lib/watobo/http_socket/connection.rb +1 -1
- data/lib/watobo/http_socket/http_socket.rb +47 -39
- data/lib/watobo/interceptor/proxy.rb +41 -212
- data/lib/watobo/mixins/httpparser.rb +17 -16
- data/lib/watobo/mixins/shapers.rb +3 -7
- data/lib/watobo.rb +2 -1
- data/modules/active/domino/domino_db.rb +5 -7
- data/modules/active/struts2/default_handler_ognl.rb +128 -0
- data/modules/active/struts2/include_params_ognl.rb +127 -0
- data/modules/passive/ajax.rb +5 -3
- data/modules/passive/detect_infrastructure.rb +2 -3
- data/modules/passive/dirindexing.rb +8 -6
- data/modules/passive/disclosure_emails.rb +13 -14
- data/modules/passive/disclosure_ipaddr.rb +13 -13
- data/modules/passive/hotspots.rb +6 -4
- data/modules/passive/in_script_parameter.rb +25 -19
- data/modules/passive/redirectionz.rb +1 -1
- data/modules/passive/sap-headers.rb +78 -0
- data/modules/passive/xss_dom.rb +5 -3
- data/plugins/catalog/catalog.rb +7 -2
- data/plugins/crawler/gui/auth_frame.rb +20 -5
- data/plugins/crawler/gui/crawler_gui.rb +56 -9
- data/plugins/crawler/lib/engine.rb +12 -14
- data/plugins/filefinder/dbs/sap.db +157 -0
- metadata +23 -2
@@ -19,24 +19,252 @@
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
|
-
# @private
|
22
|
+
# @private
|
23
23
|
module Watobo#:nodoc: all
|
24
24
|
module Gui
|
25
25
|
class ClientCertDialog < FXDialogBox
|
26
|
+
class PEMFrame < FXVerticalFrame
|
27
|
+
def cert
|
28
|
+
client_cert = {}
|
29
|
+
|
30
|
+
begin
|
31
|
+
if File.exist?(@client_cert_dt.value)
|
32
|
+
client_cert[:ssl_client_cert] = OpenSSL::X509::Certificate.new(File.read(@client_cert_dt.value))
|
33
|
+
end
|
34
|
+
|
35
|
+
if File.exist?(@client_key_dt.value)
|
36
|
+
client_cert[:ssl_client_key] = OpenSSL::PKey::RSA.new(File.read(@client_key_dt.value), @password_dt.value)
|
37
|
+
end
|
38
|
+
|
39
|
+
return client_cert
|
40
|
+
rescue => bang
|
41
|
+
puts bang
|
42
|
+
puts bang.backtrace
|
43
|
+
end
|
44
|
+
return nil
|
45
|
+
end
|
46
|
+
|
47
|
+
def settings
|
48
|
+
s = {
|
49
|
+
:certificate_file => @client_cert_dt.value,
|
50
|
+
:password => @password_dt.value,
|
51
|
+
:key_file => @client_key_dt.value
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
def settings_valid?
|
56
|
+
unless @password_dt.value.empty?
|
57
|
+
puts "* password is set"
|
58
|
+
if @password_dt.value != @retype_dt.value
|
59
|
+
FXMessageBox.information(self, MBOX_OK, "Passwords", "Passwords don't match!")
|
60
|
+
return false
|
61
|
+
end
|
62
|
+
password = @password_dt.value
|
63
|
+
end
|
64
|
+
|
65
|
+
unless File.exist?(@client_cert_dt.value)
|
66
|
+
FXMessageBox.information(self, MBOX_OK, "File not found", "#{@client_cert_dt.value} does not exist!")
|
67
|
+
return false
|
68
|
+
end
|
69
|
+
|
70
|
+
unless File.exist?(@client_key_dt.value)
|
71
|
+
FXMessageBox.information(self, MBOX_OK, "File not found", "#{@client_key_dt.value} does not exist!")
|
72
|
+
return false
|
73
|
+
|
74
|
+
end
|
75
|
+
# last but not least check if private key can be accessed
|
76
|
+
begin
|
77
|
+
key = OpenSSL::PKey::RSA.new(File.open(@client_key_dt.value), password)
|
78
|
+
rescue => bang
|
79
|
+
FXMessageBox.information(self, MBOX_OK, "Wrong Password", "Could not open private key file. Wrong password?")
|
80
|
+
return false
|
81
|
+
end
|
82
|
+
true
|
83
|
+
end
|
84
|
+
|
85
|
+
def initialize(owner)
|
86
|
+
@client_cert_dt = FXDataTarget.new('')
|
87
|
+
@client_key_dt = FXDataTarget.new('')
|
88
|
+
@password_dt = FXDataTarget.new('')
|
89
|
+
@retype_dt = FXDataTarget.new('')
|
90
|
+
|
91
|
+
super owner, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED
|
92
|
+
matrix = FXMatrix.new(self, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
93
|
+
|
94
|
+
FXLabel.new(matrix, "Certificate File:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
95
|
+
@client_cert_txt = FXTextField.new(matrix, 25,
|
96
|
+
:target => @client_cert_dt, :selector => FXDataTarget::ID_VALUE,
|
97
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
98
|
+
|
99
|
+
FXButton.new(matrix, "Select").connect(SEL_COMMAND){ select_cert_file }
|
100
|
+
|
101
|
+
FXLabel.new(matrix, "Key File:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
102
|
+
@client_key_txt = FXTextField.new(matrix, 25,
|
103
|
+
:target => @client_key_dt, :selector => FXDataTarget::ID_VALUE,
|
104
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
105
|
+
FXButton.new(matrix, "Select").connect(SEL_COMMAND){ select_key_file }
|
106
|
+
|
107
|
+
# matrix = FXMatrix.new(main_frame, 2, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
108
|
+
FXLabel.new(matrix, "Password:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
109
|
+
@password_txt = FXTextField.new(matrix, 25,
|
110
|
+
:target => @password_dt, :selector => FXDataTarget::ID_VALUE,
|
111
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
112
|
+
|
113
|
+
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
114
|
+
|
115
|
+
FXLabel.new(matrix, "Retype:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
116
|
+
@retype_txt = FXTextField.new(matrix, 25,
|
117
|
+
:target => @retype_dt, :selector => FXDataTarget::ID_VALUE,
|
118
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
119
|
+
|
120
|
+
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
121
|
+
|
122
|
+
end
|
123
|
+
|
124
|
+
private
|
125
|
+
|
126
|
+
def select_cert_file()
|
127
|
+
cert_filename = FXFileDialog.getOpenFilename(self, "Select Certificate File", @cert_path, "*.pem\n*")
|
128
|
+
if cert_filename != "" then
|
129
|
+
if File.exists?(cert_filename) then
|
130
|
+
@client_cert_dt.value = cert_filename
|
131
|
+
@client_cert_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
132
|
+
@cert_path = File.dirname(cert_filename)
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
def select_key_file()
|
138
|
+
|
139
|
+
key_filename = FXFileDialog.getOpenFilename(self, "Select Key File", @cert_path, "*.key\n*")
|
140
|
+
if key_filename != "" then
|
141
|
+
if File.exists?(key_filename) then
|
142
|
+
@client_key_dt.value = key_filename
|
143
|
+
@client_key_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
144
|
+
@cert_path = File.dirname(key_filename)
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
148
|
+
|
149
|
+
end
|
150
|
+
|
151
|
+
class PKCS12Frame < FXVerticalFrame
|
152
|
+
def cert
|
153
|
+
client_cert = {}
|
154
|
+
password = @password_dt.value
|
155
|
+
|
156
|
+
begin
|
157
|
+
|
158
|
+
if File.exist?(@client_cert_dt.value)
|
159
|
+
p12_data = nil
|
160
|
+
File.open(@client_cert_dt.value, "rb"){|fh|
|
161
|
+
p12_data = fh.read
|
162
|
+
}
|
163
|
+
p12 = OpenSSL::PKCS12.new( p12_data, password)
|
164
|
+
client_cert[:ssl_client_cert] = p12.certificate
|
165
|
+
client_cert[:ssl_client_key] = p12.key
|
166
|
+
client_cert[:extra_chain_certs] = p12.ca_certs
|
167
|
+
|
168
|
+
end
|
169
|
+
|
170
|
+
return client_cert
|
171
|
+
rescue => bang
|
172
|
+
puts bang
|
173
|
+
puts bang.backtrace
|
174
|
+
end
|
175
|
+
return nil
|
176
|
+
end
|
177
|
+
|
178
|
+
def settings_valid?
|
179
|
+
unless @password_dt.value.empty?
|
180
|
+
puts "* password is set"
|
181
|
+
if @password_dt.value != @retype_dt.value
|
182
|
+
FXMessageBox.information(self, MBOX_OK, "Passwords", "Passwords don't match!")
|
183
|
+
return false
|
184
|
+
end
|
185
|
+
password = @password_dt.value
|
186
|
+
end
|
187
|
+
|
188
|
+
unless File.exist?(@client_cert_dt.value)
|
189
|
+
FXMessageBox.information(self, MBOX_OK, "File not found", "#{@client_cert_dt.value} does not exist!")
|
190
|
+
return false
|
191
|
+
end
|
192
|
+
|
193
|
+
true
|
194
|
+
end
|
195
|
+
|
196
|
+
def settings
|
197
|
+
s = {
|
198
|
+
:certificate_file => @client_cert_dt.value,
|
199
|
+
:password => @password_dt.value
|
200
|
+
}
|
201
|
+
end
|
202
|
+
|
203
|
+
def initialize(owner)
|
204
|
+
@client_cert_dt = FXDataTarget.new('')
|
205
|
+
@client_key_dt = FXDataTarget.new('')
|
206
|
+
@password_dt = FXDataTarget.new('')
|
207
|
+
@retype_dt = FXDataTarget.new('')
|
208
|
+
|
209
|
+
super owner, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED
|
210
|
+
matrix = FXMatrix.new(self, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
211
|
+
|
212
|
+
FXLabel.new(matrix, "PKCS12 File:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
213
|
+
@client_cert_txt = FXTextField.new(matrix, 25,
|
214
|
+
:target => @client_cert_dt, :selector => FXDataTarget::ID_VALUE,
|
215
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
216
|
+
|
217
|
+
FXButton.new(matrix, "Select").connect(SEL_COMMAND){ select_cert_file }
|
218
|
+
|
219
|
+
FXLabel.new(matrix, "Password:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
220
|
+
@password_txt = FXTextField.new(matrix, 25,
|
221
|
+
:target => @password_dt, :selector => FXDataTarget::ID_VALUE,
|
222
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
223
|
+
|
224
|
+
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
225
|
+
|
226
|
+
FXLabel.new(matrix, "Retype:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
227
|
+
@retype_txt = FXTextField.new(matrix, 25,
|
228
|
+
:target => @retype_dt, :selector => FXDataTarget::ID_VALUE,
|
229
|
+
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
230
|
+
|
231
|
+
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
232
|
+
|
233
|
+
end
|
234
|
+
|
235
|
+
private
|
236
|
+
|
237
|
+
def select_cert_file()
|
238
|
+
cert_filename = FXFileDialog.getOpenFilename(self, "Select Certificate File", @cert_path, "*.p12,*.pfx\n*")
|
239
|
+
if cert_filename != "" then
|
240
|
+
if File.exists?(cert_filename) then
|
241
|
+
@client_cert_dt.value = cert_filename
|
242
|
+
@client_cert_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
243
|
+
@cert_path = File.dirname(cert_filename)
|
244
|
+
end
|
245
|
+
end
|
246
|
+
end
|
247
|
+
|
248
|
+
end
|
249
|
+
|
250
|
+
class StoreFrame < FXVerticalFrame
|
251
|
+
|
252
|
+
end
|
26
253
|
|
27
254
|
NO_SELECTION = "no site selected"
|
28
255
|
|
29
256
|
attr :client_certificates
|
257
|
+
|
30
258
|
def savePasswords?()
|
31
259
|
return false
|
32
|
-
|
260
|
+
#@save_pws_cbt.checked?
|
33
261
|
end
|
34
262
|
|
35
263
|
include Responder
|
36
264
|
|
37
265
|
def initialize(owner, prefs={})
|
38
266
|
|
39
|
-
super(owner, "Client Certificates", :opts => DECOR_ALL)
|
267
|
+
super(owner, "Client Certificates", :opts => DECOR_ALL)
|
40
268
|
FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
|
41
269
|
|
42
270
|
@password_policy = {
|
@@ -45,17 +273,13 @@ module Watobo#:nodoc: all
|
|
45
273
|
|
46
274
|
@cert_path = nil
|
47
275
|
@client_certificates = {}
|
48
|
-
|
276
|
+
|
49
277
|
current_certs = Watobo.project.getClientCertificates
|
50
278
|
@client_certificates = current_certs unless current_certs.nil?
|
51
|
-
|
279
|
+
|
52
280
|
@password_policy.update prefs[:password_policy] if prefs.has_key? :password_policy
|
53
281
|
|
54
282
|
@site_dt = FXDataTarget.new('')
|
55
|
-
@client_cert_dt = FXDataTarget.new('')
|
56
|
-
@client_key_dt = FXDataTarget.new('')
|
57
|
-
@password_dt = FXDataTarget.new('')
|
58
|
-
@retype_dt = FXDataTarget.new('')
|
59
283
|
|
60
284
|
main_frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
|
61
285
|
|
@@ -75,40 +299,18 @@ module Watobo#:nodoc: all
|
|
75
299
|
updateSitesCombo()
|
76
300
|
|
77
301
|
@sites_combo.connect(SEL_COMMAND, method(:update_fields))
|
78
|
-
matrix = FXMatrix.new(main_frame, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
79
|
-
|
80
|
-
FXLabel.new(matrix, "Certificate File:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
81
|
-
@client_cert_txt = FXTextField.new(matrix, 25,
|
82
|
-
:target => @client_cert_dt, :selector => FXDataTarget::ID_VALUE,
|
83
|
-
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
84
|
-
|
85
|
-
FXButton.new(matrix, "Select").connect(SEL_COMMAND){ select_cert_file }
|
86
|
-
|
87
|
-
FXLabel.new(matrix, "Key File:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
88
|
-
@client_key_txt = FXTextField.new(matrix, 25,
|
89
|
-
:target => @client_key_dt, :selector => FXDataTarget::ID_VALUE,
|
90
|
-
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
91
|
-
FXButton.new(matrix, "Select").connect(SEL_COMMAND){ select_key_file }
|
92
302
|
|
93
|
-
|
94
|
-
|
95
|
-
@
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
FXLabel.new(matrix, "Retype:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
102
|
-
@retype_txt = FXTextField.new(matrix, 25,
|
103
|
-
:target => @retype_dt, :selector => FXDataTarget::ID_VALUE,
|
104
|
-
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
105
|
-
|
106
|
-
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
303
|
+
# @save_pws_cbt = FXCheckButton.new(matrix, "save passwords")
|
304
|
+
# @save_pws_cbt.checkState = false
|
305
|
+
# @save_pws_cbt.checkState = true if @password_policy[:save_passwords] == true
|
306
|
+
# note_label = FXLabel.new(matrix, "This setting affects all passwords!!!")
|
307
|
+
@cert_settings = []
|
308
|
+
@tabBook = FXTabBook.new(main_frame, nil, 0, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
|
309
|
+
res_tab = FXTabItem.new(@tabBook, "PEM", nil)
|
310
|
+
@cert_settings << PEMFrame.new(@tabBook)
|
107
311
|
|
108
|
-
|
109
|
-
|
110
|
-
# @save_pws_cbt.checkState = true if @password_policy[:save_passwords] == true
|
111
|
-
# note_label = FXLabel.new(matrix, "This setting affects all passwords!!!")
|
312
|
+
res_tab = FXTabItem.new(@tabBook, "PKCS12", nil)
|
313
|
+
@cert_settings << PKCS12Frame.new(@tabBook)
|
112
314
|
|
113
315
|
buttons = FXHorizontalFrame.new(main_frame, :opts => LAYOUT_SIDE_BOTTOM|LAYOUT_FILL_X|PACK_UNIFORM_WIDTH,
|
114
316
|
:padLeft => 40, :padRight => 40, :padTop => 20, :padBottom => 20)
|
@@ -128,7 +330,7 @@ module Watobo#:nodoc: all
|
|
128
330
|
@sites_combo.appendItem(NO_SELECTION, nil)
|
129
331
|
@site_dt.value = NO_SELECTION
|
130
332
|
Watobo::Chats.sites(:in_scope => @scope_only_cb.checked? ){ |site|
|
131
|
-
|
333
|
+
#puts "Site: #{site}"
|
132
334
|
@sites_combo.appendItem(site, site)
|
133
335
|
}
|
134
336
|
@sites_combo.numVisible = @sites_combo.numItems >= 20 ? 20 : @sites_combo.numItems
|
@@ -148,18 +350,6 @@ module Watobo#:nodoc: all
|
|
148
350
|
end
|
149
351
|
end
|
150
352
|
|
151
|
-
def select_key_file()
|
152
|
-
|
153
|
-
key_filename = FXFileDialog.getOpenFilename(self, "Select Key File", @cert_path)
|
154
|
-
if key_filename != "" then
|
155
|
-
if File.exists?(key_filename) then
|
156
|
-
@client_key_dt.value = key_filename
|
157
|
-
@client_key_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
158
|
-
@cert_path = File.dirname(key_filename)
|
159
|
-
end
|
160
|
-
end
|
161
|
-
end
|
162
|
-
|
163
353
|
def updateFields()
|
164
354
|
# @sites_combo.handle(self, FXSEL(SEL_UPDATE, 1), nil)
|
165
355
|
@client_cert_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
@@ -169,16 +359,16 @@ module Watobo#:nodoc: all
|
|
169
359
|
def update_fields(sender, sel, item)
|
170
360
|
@site_dt.value = item
|
171
361
|
if @client_certificates.has_key? item
|
172
|
-
puts "* certs found"
|
173
|
-
c = @client_certificates[item]
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
362
|
+
#puts "* certs found"
|
363
|
+
#c = @client_certificates[item]
|
364
|
+
# @client_cert_dt.value = c[:certificate_file]
|
365
|
+
# @client_key_dt.value = c[:key_file]
|
366
|
+
# @password_dt.value = c[:password]
|
367
|
+
# @retype_dt.value = c[:password]
|
368
|
+
# @client_cert_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
369
|
+
# @client_key_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
370
|
+
# @password_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
371
|
+
# @retype_txt.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
182
372
|
end
|
183
373
|
end
|
184
374
|
|
@@ -187,47 +377,21 @@ module Watobo#:nodoc: all
|
|
187
377
|
password = nil
|
188
378
|
if @site_dt.value.empty? or @site_dt.value == NO_SELECTION
|
189
379
|
FXMessageBox.information(self, MBOX_OK, "No Site Selected", "You must select a site from the drop down list.")
|
190
|
-
|
191
|
-
end
|
192
|
-
|
193
|
-
unless @password_dt.value.empty?
|
194
|
-
puts "* password is set"
|
195
|
-
if @password_dt.value != @retype_dt.value
|
196
|
-
FXMessageBox.information(self, MBOX_OK, "Passwords", "Passwords don't match!")
|
197
|
-
return 0
|
198
|
-
end
|
199
|
-
password = @password_dt.value
|
380
|
+
return 0
|
200
381
|
end
|
201
382
|
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
383
|
+
index = @tabBook.current
|
384
|
+
unless @cert_settings[index].settings_valid?
|
385
|
+
puts "Wrong settings"
|
386
|
+
return 0
|
206
387
|
end
|
207
|
-
unless File.exist?(@client_key_dt.value)
|
208
|
-
FXMessageBox.information(self, MBOX_OK, "File not found", "#{@client_key_dt.value} does not exist!")
|
209
|
-
return 0
|
210
388
|
|
211
|
-
|
212
|
-
# last but not least check if private key can be accessed
|
213
|
-
begin
|
214
|
-
key = OpenSSL::PKey::RSA.new(File.open(@client_key_dt.value), password)
|
215
|
-
rescue => bang
|
216
|
-
FXMessageBox.information(self, MBOX_OK, "Wrong Password", "Could not open private key file. Wrong password?")
|
217
|
-
return 0
|
218
|
-
end
|
219
|
-
# puts @auth_table.settings.to_yaml
|
220
|
-
@client_certificates[@site_dt.value] = {
|
221
|
-
:certificate_file => @client_cert_dt.value,
|
222
|
-
:key_file => @client_key_dt.value,
|
223
|
-
:password => password.nil? ? "" : password
|
224
|
-
}
|
389
|
+
Watobo::ClientCertStore.set(@site_dt.value, @cert_settings[index].cert)
|
225
390
|
|
226
391
|
getApp().stopModal(self, 1)
|
227
392
|
self.hide()
|
228
393
|
return 1
|
229
394
|
end
|
230
395
|
end
|
231
|
-
|
232
396
|
end
|
233
397
|
end
|
@@ -518,7 +518,8 @@ module Watobo#:nodoc: all
|
|
518
518
|
FXMenuSeparator.new(menu_pane)
|
519
519
|
[ "G - Goto",
|
520
520
|
"<ctrl-n> - Goto Next",
|
521
|
-
"<ctrl-N> - Goto Prev"
|
521
|
+
"<ctrl-N> - Goto Prev",
|
522
|
+
"<space> - Edit Comment"
|
522
523
|
].each do |hk|
|
523
524
|
FXMenuCaption.new(menu_pane, hk).backColor = 'yellow'
|
524
525
|
end
|
@@ -544,6 +545,8 @@ module Watobo#:nodoc: all
|
|
544
545
|
show_next
|
545
546
|
when KEY_N
|
546
547
|
show_prev
|
548
|
+
when KEY_f
|
549
|
+
notify(:open_filter_dlg)
|
547
550
|
end
|
548
551
|
cont = false
|
549
552
|
end
|
@@ -571,6 +574,7 @@ module Watobo#:nodoc: all
|
|
571
574
|
if i >= 0
|
572
575
|
selectRow(i, false)
|
573
576
|
setCurrentItem(i, 2)
|
577
|
+
makePositionVisible(i,2)
|
574
578
|
end
|
575
579
|
end
|
576
580
|
|
@@ -579,6 +583,7 @@ module Watobo#:nodoc: all
|
|
579
583
|
if i >= 0
|
580
584
|
selectRow(i, false)
|
581
585
|
setCurrentItem(i, 2)
|
586
|
+
makePositionVisible(i,2)
|
582
587
|
end
|
583
588
|
end
|
584
589
|
|
@@ -601,6 +606,7 @@ module Watobo#:nodoc: all
|
|
601
606
|
selectRow(sel, false)
|
602
607
|
|
603
608
|
setCurrentItem(sel, 2)
|
609
|
+
makePositionVisible(i,2)
|
604
610
|
|
605
611
|
end
|
606
612
|
false
|
@@ -172,6 +172,15 @@ module Watobo#:nodoc: all
|
|
172
172
|
|
173
173
|
|
174
174
|
@text_filter = FXTextField.new(pattern_frame, 40, nil, 0, FRAME_SUNKEN|FRAME_THICK|LAYOUT_FILL_X)
|
175
|
+
@text_filter.setFocus()
|
176
|
+
@text_filter.setDefault()
|
177
|
+
|
178
|
+
@text_filter.connect(SEL_COMMAND){
|
179
|
+
@accept_btn.setFocus()
|
180
|
+
@accept_btn.setDefault()
|
181
|
+
# self.handle(self, FXSEL(SEL_COMMAND, ID_ACCEPT), nil)
|
182
|
+
true
|
183
|
+
}
|
175
184
|
|
176
185
|
[ :url_pattern, :request_pattern, :response_pattern ].each do |k|
|
177
186
|
if filter.has_key? k
|
@@ -179,23 +188,23 @@ module Watobo#:nodoc: all
|
|
179
188
|
end
|
180
189
|
end
|
181
190
|
# filterOptionsFrame =FXHorizontalFrame.new(fbox, LAYOUT_FILL_X)
|
182
|
-
@foption_url = FXCheckButton.new(pattern_frame, "URL", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
|
191
|
+
@foption_url = FXCheckButton.new(pattern_frame, "&URL", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
|
183
192
|
state = ( filter.has_key?(:url_pattern) and not filter[:url_pattern].empty? )
|
184
193
|
@foption_url.setCheck(state)
|
185
194
|
# @foption_url.connect(SEL_COMMAND){ update_text_filter }
|
186
|
-
@foption_req = FXCheckButton.new(pattern_frame, "
|
195
|
+
@foption_req = FXCheckButton.new(pattern_frame, "Re&quest", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
|
187
196
|
state = ( filter.has_key?(:request_pattern) and not filter[:request_pattern].empty? )
|
188
197
|
@foption_req.setCheck state
|
189
198
|
# @foption_req .connect(SEL_COMMAND){ update_text_filter }
|
190
|
-
@foption_res = FXCheckButton.new(pattern_frame, "
|
199
|
+
@foption_res = FXCheckButton.new(pattern_frame, "Res&ponse", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
|
191
200
|
state = ( filter.has_key?(:response_pattern) and not filter[:response_pattern].empty? )
|
192
201
|
@foption_res.setCheck state
|
193
202
|
# @foption_res.connect(SEL_COMMAND){ update_text_filter }
|
194
203
|
|
195
204
|
buttons = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
|
196
|
-
|
205
|
+
@accept_btn = FXButton.new(buttons, "&Apply", nil, self, ID_ACCEPT,
|
197
206
|
FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
|
198
|
-
|
207
|
+
@accept_btn.enable
|
199
208
|
# Cancel
|
200
209
|
FXButton.new(buttons, "&Cancel", nil, self, ID_CANCEL,
|
201
210
|
FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
|
@@ -29,7 +29,7 @@ module Watobo#:nodoc: all
|
|
29
29
|
|
30
30
|
def initialize(owner, chat)
|
31
31
|
#super(owner, "Edit Target Scope", DECOR_TITLE|DECOR_BORDER, :width => 300, :height => 425)
|
32
|
-
super(owner, "Edit Comment", DECOR_ALL, :width => 300, :height => 150)
|
32
|
+
super(owner, "Edit Comment - Chat #{chat.id}", DECOR_ALL, :width => 300, :height => 150)
|
33
33
|
|
34
34
|
base_frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
35
35
|
|
@@ -450,9 +450,9 @@ module Watobo#:nodoc: all
|
|
450
450
|
#puts @project.getWwwAuthentication().to_yaml
|
451
451
|
#@settings[:password_policy][:save_passwords] = ccdlg.savePasswords?
|
452
452
|
puts "* got client certificate settings"
|
453
|
-
puts ccdlg.
|
454
|
-
|
455
|
-
|
453
|
+
#puts ccdlg.client_cert_settings.to_yaml
|
454
|
+
# Watobo.project.client_certificates = ccdlg.client_certificates
|
455
|
+
# Watobo::Interceptor.proxy.client_certificates = ccdlg.client_certificates
|
456
456
|
# saveProjectSettings(@project)
|
457
457
|
Watobo::Gui.save_settings()
|
458
458
|
# Watobo::Gui.save_default_settings(@project)
|
@@ -504,6 +504,17 @@ module Watobo#:nodoc: all
|
|
504
504
|
puts bang
|
505
505
|
end
|
506
506
|
end
|
507
|
+
|
508
|
+
def open_plugin_crawler(chat)
|
509
|
+
begin
|
510
|
+
plugin = Watobo::Plugin::Crawler::Gui.new(FXApp.instance, @project, chat)
|
511
|
+
plugin.create
|
512
|
+
plugin.show(Fox::PLACEMENT_SCREEN)
|
513
|
+
rescue => bang
|
514
|
+
puts "!!! could not open fuzzer"
|
515
|
+
puts bang
|
516
|
+
end
|
517
|
+
end
|
507
518
|
|
508
519
|
def addChat(chat)
|
509
520
|
# addChatToTable(chat) if chatIsFiltered?(chat) == false
|
@@ -1146,6 +1157,7 @@ module Watobo#:nodoc: all
|
|
1146
1157
|
super(app, "WATOBO by siberas (Version: #{Watobo.version})", :opts => DECOR_ALL, :width => 1000, :height => 600)
|
1147
1158
|
#FXToolTip.new(app)
|
1148
1159
|
#app.disableThreads
|
1160
|
+
@app = app
|
1149
1161
|
|
1150
1162
|
self.icon = ICON_WATOBO
|
1151
1163
|
self.show(PLACEMENT_MAXIMIZED)
|
@@ -1481,6 +1493,23 @@ request_splitter.connect(SEL_COMMAND){
|
|
1481
1493
|
end
|
1482
1494
|
|
1483
1495
|
}
|
1496
|
+
|
1497
|
+
@chatTable.subscribe(:open_filter_dlg){|chat|
|
1498
|
+
puts "#{self} Open Filter Dialog"
|
1499
|
+
dlg = Watobo::Gui::ConversationFilterDialog.new(self, @conversation_table_ctrl.filter)
|
1500
|
+
if dlg.execute != 0
|
1501
|
+
#puts dlg.filter_settings.to_yaml
|
1502
|
+
filter = dlg.filter_settings
|
1503
|
+
|
1504
|
+
unless @chatTable.nil?
|
1505
|
+
getApp().beginWaitCursor do
|
1506
|
+
@chatTable.apply_filter(filter)
|
1507
|
+
end
|
1508
|
+
end
|
1509
|
+
|
1510
|
+
end
|
1511
|
+
|
1512
|
+
}
|
1484
1513
|
|
1485
1514
|
@chatTable.connect(SEL_RIGHTBUTTONRELEASE) do |sender, sel, event|
|
1486
1515
|
@findings_tree.killSelection()
|
@@ -1515,6 +1544,10 @@ request_splitter.connect(SEL_COMMAND){
|
|
1515
1544
|
target.connect(SEL_COMMAND) {
|
1516
1545
|
open_plugin_sqlmap(chat)
|
1517
1546
|
}
|
1547
|
+
target = FXMenuCommand.new(sendto_menu, "Crawler..." )
|
1548
|
+
target.connect(SEL_COMMAND) {
|
1549
|
+
open_plugin_crawler(chat)
|
1550
|
+
}
|
1518
1551
|
|
1519
1552
|
end
|
1520
1553
|
FXMenuCascade.new(menu_pane, "Send to", nil, submenu)
|
@@ -1849,9 +1882,11 @@ request_splitter.connect(SEL_COMMAND){
|
|
1849
1882
|
# puts "! #{Thread.list.length} Threads running"
|
1850
1883
|
response = FXMessageBox.question(self, MBOX_YES_NO, "Finished?", "Are you sure?")
|
1851
1884
|
if response == MBOX_CLICKED_YES
|
1852
|
-
|
1885
|
+
@app.handleTimeouts
|
1886
|
+
# puts "Num. Threads: #{Thread.list.length}"
|
1887
|
+
getApp().exit(0)
|
1853
1888
|
else
|
1854
|
-
|
1889
|
+
1
|
1855
1890
|
end
|
1856
1891
|
end
|
1857
1892
|
|
@@ -145,7 +145,6 @@ module Watobo#:nodoc: all
|
|
145
145
|
end
|
146
146
|
|
147
147
|
if dlg.execute != 0 then
|
148
|
-
puts "* Dialog Finished"
|
149
148
|
scan_modules = []
|
150
149
|
sender.text = "Cancel"
|
151
150
|
quick_scan_options = dlg.options
|
@@ -210,8 +209,13 @@ module Watobo#:nodoc: all
|
|
210
209
|
csrf_requests = []
|
211
210
|
|
212
211
|
if quick_scan_options[:update_csrf_tokens] == true
|
212
|
+
unless csrf_requests.empty?
|
213
213
|
csrf_requests = Watobo::OTTCache.requests(req)
|
214
|
-
|
214
|
+
else
|
215
|
+
puts "* No CSRF requests defined for request:"
|
216
|
+
puts request
|
217
|
+
puts "---"
|
218
|
+
end
|
215
219
|
end
|
216
220
|
|
217
221
|
run_prefs = {
|
@@ -482,6 +486,7 @@ module Watobo#:nodoc: all
|
|
482
486
|
|
483
487
|
req_tab = FXTabItem.new(@tabBook, "Request", nil)
|
484
488
|
@request_viewer = Watobo::Gui::RequestViewer.new(@tabBook, FRAME_THICK|FRAME_RAISED|LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
489
|
+
|
485
490
|
|
486
491
|
diff_tab = FXTabItem.new(@tabBook, "Differ", nil)
|
487
492
|
|
@@ -493,7 +498,7 @@ module Watobo#:nodoc: all
|
|
493
498
|
|
494
499
|
@btn_send.connect(SEL_COMMAND, method(:onBtnSendClick))
|
495
500
|
|
496
|
-
add_update_timer(
|
501
|
+
add_update_timer(250)
|
497
502
|
|
498
503
|
rescue => bang
|
499
504
|
puts bang
|
@@ -510,11 +515,7 @@ module Watobo#:nodoc: all
|
|
510
515
|
@scan_status_lock.synchronize do
|
511
516
|
|
512
517
|
if @pbar.total > 0
|
513
|
-
|
514
|
-
@scanner.progress.each_value do |v|
|
515
|
-
sum_progress += v[:progress]
|
516
|
-
end
|
517
|
-
@pbar.progress = sum_progress
|
518
|
+
@pbar.progress = @scanner.sum_progress
|
518
519
|
end
|
519
520
|
|
520
521
|
if @scanner.finished?
|
@@ -578,6 +579,7 @@ module Watobo#:nodoc: all
|
|
578
579
|
prefs = Watobo::Conf::Scanner.to_h
|
579
580
|
# puts "= SCANNER PREFS ="
|
580
581
|
# puts prefs[:csrf_patterns]
|
582
|
+
puts prefs.to_yaml
|
581
583
|
|
582
584
|
|
583
585
|
current_prefs = {:run_login => @updateSession.checked? ? @runLogin.checked? : false,
|