watobo 0.9.19 → 0.9.20
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +104 -0
- data/bin/nfq_server.rb +8 -20
- data/bin/watobo_gui.rb +8 -20
- data/config/forwarding_proxy.yml +2 -2
- data/lib/watobo.rb +12 -22
- data/lib/watobo/adapters.rb +12 -24
- data/lib/watobo/adapters/data_store.rb +76 -66
- data/lib/watobo/adapters/file/file_store.rb +295 -307
- data/lib/watobo/adapters/session_store.rb +13 -25
- data/lib/watobo/ca.rb +9 -21
- data/lib/watobo/config.rb +205 -217
- data/lib/watobo/constants.rb +8 -20
- data/lib/watobo/core.rb +11 -23
- data/lib/watobo/core/active_check.rb +11 -21
- data/lib/watobo/core/active_checks.rb +57 -69
- data/lib/watobo/core/ca.rb +388 -398
- data/lib/watobo/core/cert_store.rb +42 -54
- data/lib/watobo/core/chat.rb +100 -112
- data/lib/watobo/core/chats.rb +271 -275
- data/lib/watobo/core/client_cert_store.rb +33 -45
- data/lib/watobo/core/conversation.rb +56 -68
- data/lib/watobo/core/cookie.rb +31 -43
- data/lib/watobo/core/finding.rb +74 -86
- data/lib/watobo/core/findings.rb +113 -125
- data/lib/watobo/core/forwarding_proxy.rb +44 -35
- data/lib/watobo/core/fuzz_gen.rb +8 -20
- data/lib/watobo/core/intercept_carver.rb +176 -188
- data/lib/watobo/core/intercept_filter.rb +243 -255
- data/lib/watobo/core/interceptor.rb +106 -118
- data/lib/watobo/core/min_class.rb +12 -24
- data/lib/watobo/core/netfilter_queue.rb +178 -190
- data/lib/watobo/core/ott_cache.rb +152 -148
- data/lib/watobo/core/parameter.rb +53 -58
- data/lib/watobo/core/passive_check.rb +8 -20
- data/lib/watobo/core/passive_checks.rb +56 -68
- data/lib/watobo/core/passive_scanner.rb +54 -66
- data/lib/watobo/core/plugin.rb +19 -31
- data/lib/watobo/core/project.rb +8 -20
- data/lib/watobo/core/proxy.rb +51 -63
- data/lib/watobo/core/request.rb +128 -120
- data/lib/watobo/core/response.rb +59 -61
- data/lib/watobo/core/scanner.rb +8 -20
- data/lib/watobo/core/scanner3.rb +413 -425
- data/lib/watobo/core/scope.rb +91 -103
- data/lib/watobo/core/session.rb +109 -87
- data/lib/watobo/core/sid_cache.rb +106 -118
- data/lib/watobo/core/subscriber.rb +33 -45
- data/lib/watobo/defaults.rb +29 -41
- data/lib/watobo/external/diff/lcs.rb +8 -20
- data/lib/watobo/external/diff/lcs/array.rb +8 -20
- data/lib/watobo/external/diff/lcs/block.rb +8 -20
- data/lib/watobo/external/diff/lcs/callbacks.rb +8 -20
- data/lib/watobo/external/diff/lcs/change.rb +8 -20
- data/lib/watobo/external/diff/lcs/hunk.rb +8 -20
- data/lib/watobo/external/diff/lcs/ldiff.rb +8 -20
- data/lib/watobo/external/diff/lcs/string.rb +8 -20
- data/lib/watobo/externals.rb +14 -26
- data/lib/watobo/framework.rb +12 -24
- data/lib/watobo/framework/create_project.rb +68 -80
- data/lib/watobo/framework/init.rb +8 -20
- data/lib/watobo/framework/init_modules.rb +8 -20
- data/lib/watobo/framework/license_text.rb +36 -48
- data/lib/watobo/framework/load_chat.rb +21 -33
- data/lib/watobo/gui.rb +121 -133
- data/lib/watobo/gui/about_watobo.rb +8 -20
- data/lib/watobo/gui/browser_preview.rb +8 -20
- data/lib/watobo/gui/certificate_dialog.rb +8 -20
- data/lib/watobo/gui/chat_diff.rb +11 -21
- data/lib/watobo/gui/chatviewer_frame.rb +10 -22
- data/lib/watobo/gui/checkboxtree.rb +8 -20
- data/lib/watobo/gui/checks_policy_frame.rb +8 -20
- data/lib/watobo/gui/client_cert_dialog.rb +10 -21
- data/lib/watobo/gui/confirm_scan_dialog.rb +8 -20
- data/lib/watobo/gui/conversation_table.rb +54 -44
- data/lib/watobo/gui/conversation_table_ctrl.rb +215 -227
- data/lib/watobo/gui/conversation_table_ctrl2.rb +385 -393
- data/lib/watobo/gui/csrf_token_dialog.rb +11 -25
- data/lib/watobo/gui/custom_viewer.rb +357 -369
- data/lib/watobo/gui/dashboard.rb +8 -20
- data/lib/watobo/gui/define_scope_frame.rb +8 -20
- data/lib/watobo/gui/differ_frame.rb +223 -235
- data/lib/watobo/gui/edit_comment.rb +8 -20
- data/lib/watobo/gui/edit_scope_dialog.rb +8 -20
- data/lib/watobo/gui/export_dialog.rb +114 -0
- data/lib/watobo/gui/finding_info.rb +9 -21
- data/lib/watobo/gui/findings_tree.rb +8 -20
- data/lib/watobo/gui/full_scan_dialog.rb +8 -20
- data/lib/watobo/gui/fuzzer_gui.rb +8 -20
- data/lib/watobo/gui/goto_url_dialog.rb +78 -90
- data/lib/watobo/gui/hex_viewer.rb +25 -27
- data/lib/watobo/gui/html_viewer.rb +295 -307
- data/lib/watobo/gui/intercept_filter_dialog.rb +196 -208
- data/lib/watobo/gui/interceptor_gui.rb +1046 -1041
- data/lib/watobo/gui/interceptor_settings_dialog.rb +8 -20
- data/lib/watobo/gui/list_box.rb +109 -121
- data/lib/watobo/gui/log_file_viewer.rb +40 -52
- data/lib/watobo/gui/log_viewer.rb +87 -99
- data/lib/watobo/gui/login_wizzard.rb +8 -20
- data/lib/watobo/gui/main_window.rb +34 -33
- data/lib/watobo/gui/manual_request_editor.rb +25 -35
- data/lib/watobo/gui/master_pw_dialog.rb +8 -20
- data/lib/watobo/gui/mixins/gui_settings.rb +37 -49
- data/lib/watobo/gui/page_tree.rb +225 -237
- data/lib/watobo/gui/password_policy_dialog.rb +8 -20
- data/lib/watobo/gui/plugin_board.rb +8 -20
- data/lib/watobo/gui/preferences_dialog.rb +8 -20
- data/lib/watobo/gui/progress_window.rb +8 -20
- data/lib/watobo/gui/project_wizzard.rb +8 -20
- data/lib/watobo/gui/proxy_dialog.rb +117 -85
- data/lib/watobo/gui/quick_scan_dialog.rb +8 -20
- data/lib/watobo/gui/request_builder_frame.rb +125 -122
- data/lib/watobo/gui/request_editor.rb +53 -28
- data/lib/watobo/gui/rewrite_filters_dialog.rb +402 -414
- data/lib/watobo/gui/rewrite_rules_dialog.rb +380 -392
- data/lib/watobo/gui/save_chat_dialog.rb +148 -160
- data/lib/watobo/gui/scanner_settings_dialog.rb +8 -20
- data/lib/watobo/gui/select_chat_dialog.rb +8 -20
- data/lib/watobo/gui/session_management_dialog.rb +8 -20
- data/lib/watobo/gui/sites_tree.rb +118 -22
- data/lib/watobo/gui/status_bar.rb +8 -20
- data/lib/watobo/gui/table_editor.rb +76 -53
- data/lib/watobo/gui/tagless_viewer.rb +10 -21
- data/lib/watobo/gui/templates/plugin.rb +8 -20
- data/lib/watobo/gui/templates/plugin2.rb +99 -111
- data/lib/watobo/gui/templates/plugin_base.rb +152 -164
- data/lib/watobo/gui/text_viewer.rb +8 -20
- data/lib/watobo/gui/transcoder_window.rb +15 -22
- data/lib/watobo/gui/utils/gui_utils.rb +8 -20
- data/lib/watobo/gui/utils/init_icons.rb +94 -106
- data/lib/watobo/gui/utils/load_icons.rb +41 -53
- data/lib/watobo/gui/utils/load_plugins.rb +118 -130
- data/lib/watobo/gui/utils/master_password.rb +76 -88
- data/lib/watobo/gui/utils/save_default_settings.rb +121 -133
- data/lib/watobo/gui/utils/save_project_settings.rb +8 -20
- data/lib/watobo/gui/utils/save_proxy_settings.rb +53 -21
- data/lib/watobo/gui/utils/save_scanner_settings.rb +26 -38
- data/lib/watobo/gui/utils/session_history.rb +120 -132
- data/lib/watobo/gui/workspace_dialog.rb +8 -20
- data/lib/watobo/gui/www_auth_dialog.rb +8 -20
- data/lib/watobo/gui/xml_viewer_frame.rb +8 -20
- data/lib/watobo/http.rb +12 -23
- data/lib/watobo/http/cookies/cookies.rb +63 -70
- data/lib/watobo/http/data/data.rb +56 -64
- data/lib/watobo/http/data/json.rb +51 -0
- data/lib/watobo/http/url/url.rb +46 -58
- data/lib/watobo/http/xml/xml.rb +129 -141
- data/lib/watobo/interceptor.rb +11 -23
- data/lib/watobo/interceptor/proxy.rb +624 -625
- data/lib/watobo/interceptor/transparent.rb +22 -34
- data/lib/watobo/mixins.rb +18 -30
- data/lib/watobo/mixins/check_info.rb +35 -47
- data/lib/watobo/mixins/httpparser.rb +42 -35
- data/lib/watobo/mixins/request_parser.rb +8 -20
- data/lib/watobo/mixins/shapers.rb +484 -477
- data/lib/watobo/mixins/transcoders.rb +8 -20
- data/lib/watobo/parser.rb +9 -21
- data/lib/watobo/parser/html.rb +91 -103
- data/lib/watobo/sockets.rb +11 -23
- data/lib/watobo/sockets/agent.rb +836 -848
- data/lib/watobo/sockets/client_socket.rb +283 -277
- data/lib/watobo/sockets/connection.rb +409 -421
- data/lib/watobo/sockets/http_socket.rb +16 -23
- data/lib/watobo/sockets/ntlm_auth.rb +137 -149
- data/lib/watobo/utils.rb +18 -30
- data/lib/watobo/utils/check_regex.rb +8 -20
- data/lib/watobo/utils/copy_object.rb +8 -20
- data/lib/watobo/utils/crypto.rb +8 -20
- data/lib/watobo/utils/expand_range.rb +31 -43
- data/lib/watobo/utils/export_xml.rb +108 -0
- data/lib/watobo/utils/file_management.rb +8 -20
- data/lib/watobo/utils/hexprint.rb +17 -29
- data/lib/watobo/utils/load_chat.rb +8 -20
- data/lib/watobo/utils/load_icon.rb +8 -20
- data/lib/watobo/{external/ntlm → utils}/ntlm.rb +874 -796
- data/lib/watobo/utils/print_debug.rb +20 -32
- data/lib/watobo/utils/response_builder.rb +98 -110
- data/lib/watobo/utils/response_hash.rb +9 -20
- data/lib/watobo/utils/secure_eval.rb +10 -22
- data/lib/watobo/utils/strings.rb +18 -30
- data/lib/watobo/utils/text2request.rb +12 -20
- data/lib/watobo/utils/url.rb +31 -43
- data/lib/watobo/utils/utf16.rb +22 -0
- data/modules/active/Apache/mod_status.rb +9 -0
- data/modules/active/Apache/multiview.rb +161 -0
- data/modules/active/Flash/crossdomain.rb +9 -0
- data/modules/active/directories/dirwalker.rb +8 -20
- data/modules/active/discovery/fileextensions.rb +10 -22
- data/modules/active/discovery/http_methods.rb +8 -20
- data/modules/active/domino/domino_db.rb +8 -20
- data/modules/active/dotNET/custom_errors.rb +110 -122
- data/modules/active/dotNET/dotnet_files.rb +98 -110
- data/modules/active/fileinclusion/lfi_simple.rb +8 -20
- data/modules/active/jboss/jboss_basic.rb +8 -20
- data/modules/active/sap/business_objects.rb +63 -0
- data/modules/active/sap/its_commands.rb +8 -20
- data/modules/active/sap/its_service_parameter.rb +8 -20
- data/modules/active/sap/its_services.rb +8 -20
- data/modules/active/sap/its_xss.rb +8 -20
- data/modules/active/shell_shock/shell_shock.rb +149 -0
- data/modules/active/siebel/siebel_apps.rb +168 -180
- data/modules/active/sqlinjection/sql_boolean.rb +9 -21
- data/modules/active/sqlinjection/sqli_error.rb +10 -22
- data/modules/active/sqlinjection/sqli_timing.rb +228 -240
- data/modules/active/struts2/default_handler_ognl.rb +114 -126
- data/modules/active/struts2/include_params_ognl.rb +113 -125
- data/modules/active/xml/xml_xxe.rb +122 -127
- data/modules/active/xss/xss_ng.rb +223 -234
- data/modules/active/xss/xss_simple.rb +8 -20
- data/modules/passive/ajax.rb +76 -84
- data/modules/passive/autocomplete.rb +64 -76
- data/modules/passive/cookie_options.rb +8 -20
- data/modules/passive/cookie_xss.rb +9 -21
- data/modules/passive/detect_code.rb +9 -21
- data/modules/passive/detect_fileupload.rb +11 -22
- data/modules/passive/detect_infrastructure.rb +23 -35
- data/modules/passive/detect_one_time_tokens.rb +8 -20
- data/modules/passive/dirindexing.rb +9 -21
- data/modules/passive/disclosure_domino.rb +66 -79
- data/modules/passive/disclosure_emails.rb +9 -21
- data/modules/passive/disclosure_ipaddr.rb +15 -23
- data/modules/passive/filename_as_parameter.rb +8 -20
- data/modules/passive/form_spotter.rb +15 -21
- data/modules/passive/hidden_fields.rb +64 -70
- data/modules/passive/hotspots.rb +13 -22
- data/modules/passive/in_script_parameter.rb +15 -24
- data/modules/passive/multiple_server_headers.rb +8 -20
- data/modules/passive/possible_login.rb +12 -23
- data/modules/passive/redirect_url.rb +10 -22
- data/modules/passive/redirectionz.rb +9 -21
- data/modules/passive/sap-headers.rb +64 -76
- data/modules/passive/xss_dom.rb +10 -21
- data/plugins/catalog/catalog.rb +17 -23
- data/plugins/crawler/crawler.rb +12 -24
- data/plugins/crawler/gui.rb +13 -25
- data/plugins/crawler/gui/auth_frame.rb +278 -290
- data/plugins/crawler/gui/crawler_gui.rb +302 -320
- data/plugins/crawler/gui/general_settings_frame.rb +104 -116
- data/plugins/crawler/gui/hooks_frame.rb +88 -100
- data/plugins/crawler/gui/scope_frame.rb +58 -70
- data/plugins/crawler/gui/settings_tabbook.rb +46 -58
- data/plugins/crawler/gui/status_frame.rb +67 -78
- data/plugins/crawler/lib/bags.rb +26 -38
- data/plugins/crawler/lib/constants.rb +19 -31
- data/plugins/crawler/lib/engine.rb +505 -508
- data/plugins/crawler/lib/grabber.rb +77 -87
- data/plugins/crawler/lib/status.rb +82 -0
- data/plugins/crawler/lib/uri_mp.rb +20 -32
- data/plugins/filefinder/dbs/siebel_paths.txt +1118 -0
- data/plugins/filefinder/dbs/subs-big.lst +31986 -0
- data/plugins/filefinder/filefinder.rb +13 -23
- data/plugins/sqlmap/bin/test.rb +86 -98
- data/plugins/sqlmap/gui.rb +12 -24
- data/plugins/sqlmap/gui/main.rb +226 -238
- data/plugins/sqlmap/gui/options_frame.rb +105 -117
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +103 -115
- data/plugins/sqlmap/sqlmap.rb +10 -22
- data/plugins/sslchecker/cli/sslchecker_cli.rb +8 -20
- data/plugins/sslchecker/gui/cipher_table.rb +252 -264
- data/plugins/sslchecker/gui/gui.rb +267 -276
- data/plugins/sslchecker/gui/sslchecker.rb +12 -24
- data/plugins/sslchecker/lib/check.rb +172 -80
- data/plugins/wshell/gui/main.rb +115 -127
- data/plugins/wshell/lib/core.rb +85 -97
- data/plugins/wshell/wshell.rb +19 -31
- metadata +14 -6
- data/.yardopts +0 -24
|
@@ -1,423 +1,411 @@
|
|
|
1
|
-
|
|
1
|
+
#.
|
|
2
2
|
# connection.rb
|
|
3
|
-
|
|
4
|
-
# Copyright
|
|
5
|
-
#
|
|
6
|
-
#
|
|
7
|
-
#
|
|
8
|
-
#
|
|
9
|
-
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
-
# it under the terms of the GNU General Public License as published by
|
|
11
|
-
# the Free Software Foundation version 2 of the License.
|
|
12
|
-
#
|
|
13
|
-
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
-
# GNU General Public License for more details.
|
|
17
|
-
#
|
|
18
|
-
# You should have received a copy of the GNU General Public License
|
|
19
|
-
# along with WATOBO; if not, write to the Free Software
|
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
-
# .
|
|
22
|
-
# @private
|
|
23
|
-
module Watobo#:nodoc: all
|
|
24
|
-
module HTTPSocket
|
|
25
|
-
class Connection_UNUSED
|
|
26
|
-
|
|
27
|
-
include Watobo::Constants
|
|
28
|
-
extend Watobo::Subscriber
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
def initialize(request, prefs)
|
|
33
|
-
@request = request
|
|
34
|
-
@response = nil
|
|
35
|
-
|
|
36
|
-
@proxy = Watobo::ForwardingProxy.get(site)
|
|
37
|
-
|
|
38
|
-
unless @proxy.nil?
|
|
39
|
-
host = @proxy.host
|
|
40
|
-
port = @proxy.port
|
|
41
|
-
else
|
|
42
|
-
host = @request.host
|
|
43
|
-
port = @request.port
|
|
44
|
-
end
|
|
45
|
-
# check if hostname is valid and can be resolved
|
|
46
|
-
#hostip = IPSocket.getaddress(host)
|
|
47
|
-
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def read_body( prefs={} )
|
|
51
|
-
clen = @response.content_length
|
|
52
|
-
data = ""
|
|
53
|
-
|
|
54
|
-
begin
|
|
55
|
-
if @response.is_chunked?
|
|
56
|
-
Watobo::HTTPSocket.readChunkedBody(@socket) { |c|
|
|
57
|
-
data += c
|
|
58
|
-
}
|
|
59
|
-
elsif clen > 0
|
|
60
|
-
# puts "* read #{clen} bytes for body"
|
|
61
|
-
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen) { |c|
|
|
62
|
-
data += c
|
|
63
|
-
break if data.length == clen
|
|
64
|
-
}
|
|
65
|
-
elsif clen < 0
|
|
66
|
-
# puts "* no content-length information ... mmmmmpf"
|
|
67
|
-
# eofcount = 0
|
|
68
|
-
Watobo::HTTPSocket.read_body(@socket) do |c|
|
|
69
|
-
data += c
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
response.push data unless data.empty?
|
|
75
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
76
|
-
notify(:logout, self) if loggedOut?(response)
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
update_sids(request.host, response) if prefs[:update_sids] == true
|
|
80
|
-
return true
|
|
81
|
-
|
|
82
|
-
rescue => e
|
|
83
|
-
puts "! Could not read response"
|
|
84
|
-
puts e
|
|
85
|
-
# puts e.backtrace
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
return false
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
def read_header( prefs={} )
|
|
92
|
-
|
|
93
|
-
header = []
|
|
94
|
-
msg = nil
|
|
95
|
-
begin
|
|
96
|
-
Watobo::HTTPSocket.read_header(@socket) do |line|
|
|
97
|
-
#puts line
|
|
98
|
-
# puts line.unpack("H*")
|
|
99
|
-
header << line
|
|
100
|
-
end
|
|
101
|
-
rescue Errno::ECONNRESET
|
|
102
|
-
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Connection Reset By Peer</body></html>"
|
|
103
|
-
rescue Timeout::Error
|
|
104
|
-
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Timeout</body></html>"
|
|
105
|
-
rescue => bang
|
|
106
|
-
puts "!ERROR: read_header"
|
|
107
|
-
return nil
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
header = [ "HTTP/1.1 200 OK\r\n", "Server: WATOBO\r\n", "Content-Length: #{msg.length.to_i}\r\n", "Content-Type: text/html\r\n", "\r\n", "#{msg}" ] unless msg.nil?
|
|
111
|
-
|
|
112
|
-
response = Watobo::Response.new header
|
|
113
|
-
# update_sids(header)
|
|
114
|
-
|
|
115
|
-
# update_sids(request.site, response) if prefs[:update_sids] == true
|
|
116
|
-
|
|
117
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
118
|
-
notify(:logout, self) if loggedOut?(response)
|
|
119
|
-
end
|
|
120
|
-
|
|
121
|
-
return response
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
def sslConnect(tcp_socket, current_prefs = {} )
|
|
125
|
-
begin
|
|
126
|
-
|
|
127
|
-
ctx = OpenSSL::SSL::SSLContext.new()
|
|
128
|
-
ctx.ciphers = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
|
|
129
|
-
|
|
130
|
-
if current_prefs.has_key? :ssl_client_cert and current_prefs.has_key? :ssl_client_key
|
|
131
|
-
|
|
132
|
-
ctx.cert = current_prefs[:ssl_client_cert]
|
|
133
|
-
ctx.key = current_prefs[:ssl_client_key]
|
|
134
|
-
if $DEBUG
|
|
135
|
-
puts "[SSLconnect] Client Certificates"
|
|
136
|
-
puts "= CERT ="
|
|
137
|
-
# puts @ctx.cert.methods.sort
|
|
138
|
-
puts ctx.cert.display
|
|
139
|
-
puts "---"
|
|
140
|
-
puts "= KEY ="
|
|
141
|
-
puts ctx.key.display
|
|
142
|
-
puts "---"
|
|
143
|
-
end
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
@socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
147
|
-
@socket.sync_close = true
|
|
148
|
-
|
|
149
|
-
@socket.connect
|
|
150
|
-
@socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
151
|
-
puts "[SSLconnect]: #{@socket.state}" if $DEBUG
|
|
152
|
-
return socket
|
|
153
|
-
rescue => bang
|
|
154
|
-
if current_prefs[:ssl_cipher].nil?
|
|
155
|
-
puts "[SSLconnect] ... gr#!..*peep*.. "
|
|
156
|
-
puts bang
|
|
157
|
-
puts bang.backtrace if $DEBUG
|
|
158
|
-
end
|
|
159
|
-
end
|
|
160
|
-
end
|
|
161
|
-
|
|
162
|
-
# SSLProxyConnect
|
|
163
|
-
# return SSLSocket, ResponseHeader of ConnectionSetup
|
|
164
|
-
# On error SSLSocket is nil
|
|
165
|
-
def sslProxyConnect( prefs )
|
|
166
|
-
begin
|
|
167
|
-
tcp_socket = nil
|
|
168
|
-
response_header = []
|
|
169
|
-
|
|
170
|
-
request = @request.copy
|
|
171
|
-
|
|
172
|
-
# timeout(6) do
|
|
173
|
-
|
|
174
|
-
tcp_socket = TCPSocket.new( @proxy.host, @proxy.port)
|
|
175
|
-
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
176
|
-
tcp_socket.sync = true
|
|
177
|
-
|
|
178
|
-
# setup request
|
|
179
|
-
dummy = "CONNECT #{request.host}:#{request.port} HTTP/1.0\r\n"
|
|
180
|
-
request.shift
|
|
181
|
-
request.unshift dummy
|
|
182
|
-
|
|
183
|
-
request.removeHeader("Proxy-Connection")
|
|
184
|
-
request.removeHeader("Connection")
|
|
185
|
-
request.removeHeader("Content-Length")
|
|
186
|
-
request.removeBody()
|
|
187
|
-
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
188
|
-
request.addHeader("Pragma", "no-cache")
|
|
189
|
-
|
|
190
|
-
# puts "=== sslProxyConnect ==="
|
|
191
|
-
# puts request
|
|
192
|
-
|
|
193
|
-
if proxy.has_login?
|
|
194
|
-
case proxy.auth_type
|
|
195
|
-
when AUTH_TYPE_NTLM
|
|
196
|
-
|
|
197
|
-
t1 = Net::NTLM::Message::Type1.new()
|
|
198
|
-
msg = "NTLM " + t1.encode64
|
|
199
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
200
|
-
|
|
201
|
-
if $DEBUG
|
|
202
|
-
puts "============= PROXY NTLM: T1 ======================="
|
|
203
|
-
puts request
|
|
204
|
-
puts "---"
|
|
205
|
-
end
|
|
206
|
-
data = request.join + "\r\n"
|
|
207
|
-
|
|
208
|
-
tcp_socket.print data
|
|
209
|
-
# puts "-----------------"
|
|
210
|
-
cl = 0
|
|
211
|
-
ntlm_challenge = nil
|
|
212
|
-
while (line = tcp_socket.gets)
|
|
213
|
-
response_header.push line
|
|
214
|
-
puts line if $DEBUG
|
|
215
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
216
|
-
rcode = $1.to_i
|
|
217
|
-
rmsg = $2
|
|
218
|
-
end
|
|
219
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
220
|
-
ntlm_challenge = $2
|
|
221
|
-
end
|
|
222
|
-
if line =~ /^Content-Length: (\d*)/i
|
|
223
|
-
cl = $1.to_i
|
|
224
|
-
end
|
|
225
|
-
break if line.strip.empty?
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
if cl > 0
|
|
230
|
-
Watobo::HTTPSocket.read_body(tcp_socket) { |d|
|
|
231
|
-
# puts d
|
|
232
|
-
}
|
|
233
|
-
end
|
|
234
|
-
|
|
235
|
-
if rcode == 200 # Ok
|
|
236
|
-
puts "* seems proxy doesn't require authentication"
|
|
237
|
-
socket = sslConnect(tcp_socket, prefs)
|
|
238
|
-
return socket, response_header
|
|
239
|
-
end
|
|
240
|
-
|
|
241
|
-
return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
3
|
+
#.
|
|
4
|
+
# Copyright 2014 by siberas, http://www.siberas.de
|
|
5
|
+
# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
|
|
6
|
+
# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
|
|
7
|
+
# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
+
# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
242
9
|
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
puts
|
|
306
|
-
|
|
307
|
-
end
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
10
|
+
# @private
|
|
11
|
+
module Watobo#:nodoc: all
|
|
12
|
+
module HTTPSocket
|
|
13
|
+
class Connection_UNUSED
|
|
14
|
+
|
|
15
|
+
include Watobo::Constants
|
|
16
|
+
extend Watobo::Subscriber
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
def initialize(request, prefs)
|
|
21
|
+
@request = request
|
|
22
|
+
@response = nil
|
|
23
|
+
|
|
24
|
+
@proxy = Watobo::ForwardingProxy.get(site)
|
|
25
|
+
|
|
26
|
+
unless @proxy.nil?
|
|
27
|
+
host = @proxy.host
|
|
28
|
+
port = @proxy.port
|
|
29
|
+
else
|
|
30
|
+
host = @request.host
|
|
31
|
+
port = @request.port
|
|
32
|
+
end
|
|
33
|
+
# check if hostname is valid and can be resolved
|
|
34
|
+
#hostip = IPSocket.getaddress(host)
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def read_body( prefs={} )
|
|
39
|
+
clen = @response.content_length
|
|
40
|
+
data = ""
|
|
41
|
+
|
|
42
|
+
begin
|
|
43
|
+
if @response.is_chunked?
|
|
44
|
+
Watobo::HTTPSocket.readChunkedBody(@socket) { |c|
|
|
45
|
+
data += c
|
|
46
|
+
}
|
|
47
|
+
elsif clen > 0
|
|
48
|
+
# puts "* read #{clen} bytes for body"
|
|
49
|
+
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen) { |c|
|
|
50
|
+
data += c
|
|
51
|
+
break if data.length == clen
|
|
52
|
+
}
|
|
53
|
+
elsif clen < 0
|
|
54
|
+
# puts "* no content-length information ... mmmmmpf"
|
|
55
|
+
# eofcount = 0
|
|
56
|
+
Watobo::HTTPSocket.read_body(@socket) do |c|
|
|
57
|
+
data += c
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
response.push data unless data.empty?
|
|
63
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
64
|
+
notify(:logout, self) if loggedOut?(response)
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
update_sids(request.host, response) if prefs[:update_sids] == true
|
|
68
|
+
return true
|
|
69
|
+
|
|
70
|
+
rescue => e
|
|
71
|
+
puts "! Could not read response"
|
|
72
|
+
puts e
|
|
73
|
+
# puts e.backtrace
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
return false
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def read_header( prefs={} )
|
|
80
|
+
|
|
81
|
+
header = []
|
|
82
|
+
msg = nil
|
|
83
|
+
begin
|
|
84
|
+
Watobo::HTTPSocket.read_header(@socket) do |line|
|
|
85
|
+
#puts line
|
|
86
|
+
# puts line.unpack("H*")
|
|
87
|
+
header << line
|
|
88
|
+
end
|
|
89
|
+
rescue Errno::ECONNRESET
|
|
90
|
+
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Connection Reset By Peer</body></html>"
|
|
91
|
+
rescue Timeout::Error
|
|
92
|
+
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Timeout</body></html>"
|
|
93
|
+
rescue => bang
|
|
94
|
+
puts "!ERROR: read_header"
|
|
95
|
+
return nil
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
header = [ "HTTP/1.1 200 OK\r\n", "Server: WATOBO\r\n", "Content-Length: #{msg.length.to_i}\r\n", "Content-Type: text/html\r\n", "\r\n", "#{msg}" ] unless msg.nil?
|
|
99
|
+
|
|
100
|
+
response = Watobo::Response.new header
|
|
101
|
+
# update_sids(header)
|
|
102
|
+
|
|
103
|
+
# update_sids(request.site, response) if prefs[:update_sids] == true
|
|
104
|
+
|
|
105
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
106
|
+
notify(:logout, self) if loggedOut?(response)
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
return response
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
def sslConnect(tcp_socket, current_prefs = {} )
|
|
113
|
+
begin
|
|
114
|
+
|
|
115
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
|
116
|
+
ctx.ciphers = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
|
|
117
|
+
|
|
118
|
+
if current_prefs.has_key? :ssl_client_cert and current_prefs.has_key? :ssl_client_key
|
|
119
|
+
|
|
120
|
+
ctx.cert = current_prefs[:ssl_client_cert]
|
|
121
|
+
ctx.key = current_prefs[:ssl_client_key]
|
|
122
|
+
if $DEBUG
|
|
123
|
+
puts "[SSLconnect] Client Certificates"
|
|
124
|
+
puts "= CERT ="
|
|
125
|
+
# puts @ctx.cert.methods.sort
|
|
126
|
+
puts ctx.cert.display
|
|
127
|
+
puts "---"
|
|
128
|
+
puts "= KEY ="
|
|
129
|
+
puts ctx.key.display
|
|
130
|
+
puts "---"
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
@socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
135
|
+
@socket.sync_close = true
|
|
136
|
+
|
|
137
|
+
@socket.connect
|
|
138
|
+
@socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
139
|
+
puts "[SSLconnect]: #{@socket.state}" if $DEBUG
|
|
140
|
+
return socket
|
|
141
|
+
rescue => bang
|
|
142
|
+
if current_prefs[:ssl_cipher].nil?
|
|
143
|
+
puts "[SSLconnect] ... gr#!..*peep*.. "
|
|
144
|
+
puts bang
|
|
145
|
+
puts bang.backtrace if $DEBUG
|
|
146
|
+
end
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
# SSLProxyConnect
|
|
151
|
+
# return SSLSocket, ResponseHeader of ConnectionSetup
|
|
152
|
+
# On error SSLSocket is nil
|
|
153
|
+
def sslProxyConnect( prefs )
|
|
154
|
+
begin
|
|
155
|
+
tcp_socket = nil
|
|
156
|
+
response_header = []
|
|
157
|
+
|
|
158
|
+
request = @request.copy
|
|
159
|
+
|
|
160
|
+
# timeout(6) do
|
|
161
|
+
|
|
162
|
+
tcp_socket = TCPSocket.new( @proxy.host, @proxy.port)
|
|
163
|
+
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
164
|
+
tcp_socket.sync = true
|
|
165
|
+
|
|
166
|
+
# setup request
|
|
167
|
+
dummy = "CONNECT #{request.host}:#{request.port} HTTP/1.0\r\n"
|
|
168
|
+
request.shift
|
|
169
|
+
request.unshift dummy
|
|
170
|
+
|
|
171
|
+
request.removeHeader("Proxy-Connection")
|
|
172
|
+
request.removeHeader("Connection")
|
|
173
|
+
request.removeHeader("Content-Length")
|
|
174
|
+
request.removeBody()
|
|
175
|
+
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
176
|
+
request.addHeader("Pragma", "no-cache")
|
|
177
|
+
|
|
178
|
+
# puts "=== sslProxyConnect ==="
|
|
179
|
+
# puts request
|
|
180
|
+
|
|
181
|
+
if proxy.has_login?
|
|
182
|
+
case proxy.auth_type
|
|
183
|
+
when AUTH_TYPE_NTLM
|
|
184
|
+
|
|
185
|
+
t1 = Watobo::NTLM::Message::Type1.new()
|
|
186
|
+
msg = "NTLM " + t1.encode64
|
|
187
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
188
|
+
|
|
189
|
+
if $DEBUG
|
|
190
|
+
puts "============= PROXY NTLM: T1 ======================="
|
|
191
|
+
puts request
|
|
192
|
+
puts "---"
|
|
193
|
+
end
|
|
194
|
+
data = request.join + "\r\n"
|
|
195
|
+
|
|
196
|
+
tcp_socket.print data
|
|
197
|
+
# puts "-----------------"
|
|
198
|
+
cl = 0
|
|
199
|
+
ntlm_challenge = nil
|
|
200
|
+
while (line = tcp_socket.gets)
|
|
201
|
+
response_header.push line
|
|
202
|
+
puts line if $DEBUG
|
|
203
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
204
|
+
rcode = $1.to_i
|
|
205
|
+
rmsg = $2
|
|
206
|
+
end
|
|
207
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
208
|
+
ntlm_challenge = $2
|
|
209
|
+
end
|
|
210
|
+
if line =~ /^Content-Length: (\d*)/i
|
|
211
|
+
cl = $1.to_i
|
|
212
|
+
end
|
|
213
|
+
break if line.strip.empty?
|
|
214
|
+
end
|
|
215
|
+
|
|
216
|
+
|
|
217
|
+
if cl > 0
|
|
218
|
+
Watobo::HTTPSocket.read_body(tcp_socket) { |d|
|
|
219
|
+
# puts d
|
|
220
|
+
}
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
if rcode == 200 # Ok
|
|
224
|
+
puts "* seems proxy doesn't require authentication"
|
|
225
|
+
socket = sslConnect(tcp_socket, prefs)
|
|
226
|
+
return socket, response_header
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
230
|
+
|
|
231
|
+
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
232
|
+
t3 = t2.response( { :user => proxy.username,
|
|
233
|
+
:password => proxy.password,
|
|
234
|
+
:domain => proxy.domain },
|
|
235
|
+
{ :workstation => proxy.workstation, :ntlmv2 => true } )
|
|
236
|
+
request.removeHeader("Proxy-Authorization")
|
|
237
|
+
|
|
238
|
+
msg = "NTLM " + t3.encode64
|
|
239
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
240
|
+
|
|
241
|
+
data = request.join + "\r\n"
|
|
242
|
+
if $DEBUG
|
|
243
|
+
puts "============= T3 ======================="
|
|
244
|
+
puts data
|
|
245
|
+
puts "---"
|
|
246
|
+
end
|
|
247
|
+
|
|
248
|
+
tcp_socket.print data
|
|
249
|
+
# puts "-----------------"
|
|
250
|
+
|
|
251
|
+
response_header = []
|
|
252
|
+
rcode = 0
|
|
253
|
+
response_header = read_header(@socket)
|
|
254
|
+
rcode = response_header.status
|
|
255
|
+
if rcode =~/^200/ # Ok
|
|
256
|
+
puts "[ProxyAuth-NTLM] Authorization Successful" if $DEBUG
|
|
257
|
+
socket = sslConnect(tcp_socket, prefs)
|
|
258
|
+
return socket, response_header
|
|
259
|
+
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
260
|
+
# if rcode is still 407 authentication didn't work -> break
|
|
261
|
+
msg = "NTLM-Authentication failed!"
|
|
262
|
+
puts "[ProxyAuth-NTLM] #{msg}" if $DEBUG
|
|
263
|
+
return nil, msg
|
|
264
|
+
else
|
|
265
|
+
puts "[SSLconnect] NTLM Authentication"
|
|
266
|
+
puts "> #{rcode} <"
|
|
267
|
+
return nil, response_header
|
|
268
|
+
end
|
|
269
|
+
end
|
|
270
|
+
end # END OF PROXY AUTH
|
|
271
|
+
|
|
272
|
+
# Start ProxyConnect Without Authentication
|
|
273
|
+
data = request.join + "\r\n"
|
|
274
|
+
tcp_socket.print data
|
|
275
|
+
# puts "-----------------"
|
|
276
|
+
|
|
277
|
+
response_header = []
|
|
278
|
+
response_header = readHTTPHeader(@socket)
|
|
279
|
+
rcode = response_header.status
|
|
280
|
+
if rcode =~ /^200/ # Ok
|
|
281
|
+
# puts "* proxy connection successfull"
|
|
282
|
+
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
283
|
+
# if rcode is still 407 authentication didn't work -> break
|
|
284
|
+
|
|
285
|
+
else
|
|
286
|
+
puts "[SSLconnect] Response Status"
|
|
287
|
+
puts "> #{rcode} <"
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
socket = sslConnect(@socket, prefs)
|
|
291
|
+
return socket, response_header
|
|
292
|
+
rescue => bang
|
|
293
|
+
puts bang
|
|
294
|
+
return nil, error_response(bang)
|
|
295
|
+
end
|
|
296
|
+
# return nil, nil
|
|
297
|
+
end
|
|
298
|
+
|
|
299
|
+
# proxyAuthNTLM
|
|
300
|
+
# returns: ResponseHeaders
|
|
301
|
+
def proxyAuthNTLM()
|
|
302
|
+
|
|
303
|
+
request = @request.copy
|
|
304
|
+
|
|
305
|
+
|
|
306
|
+
request.removeHeader("Proxy-Authorization")
|
|
307
|
+
request.removeHeader("Proxy-Connection")
|
|
308
|
+
|
|
309
|
+
response_header = []
|
|
310
|
+
|
|
311
|
+
ntlm_challenge = nil
|
|
312
|
+
t1 = Watobo::NTLM::Message::Type1.new()
|
|
313
|
+
msg = "NTLM " + t1.encode64
|
|
314
|
+
|
|
315
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
316
|
+
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
317
|
+
|
|
318
|
+
# puts "============= T1 ======================="
|
|
319
|
+
# puts auth_request
|
|
320
|
+
data = request.join + "\r\n"
|
|
321
|
+
|
|
322
|
+
@socket.print data
|
|
323
|
+
# puts "-----------------"
|
|
324
|
+
response_header = readHTTPHeader(@socket)
|
|
325
|
+
rcode = nil
|
|
326
|
+
rmsg = nil
|
|
327
|
+
ntlm_challenge = nil
|
|
328
|
+
clen = 0
|
|
329
|
+
response_header.each do |line|
|
|
330
|
+
# puts line
|
|
331
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
332
|
+
rcode = $1.to_i
|
|
333
|
+
rmsg = $2
|
|
334
|
+
end
|
|
335
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
336
|
+
ntlm_challenge = $2
|
|
337
|
+
end
|
|
338
|
+
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
339
|
+
clen = $1.to_i
|
|
340
|
+
end
|
|
341
|
+
break if line.strip.empty?
|
|
342
|
+
end
|
|
343
|
+
|
|
344
|
+
#puts "* reading #{clen} bytes"
|
|
345
|
+
|
|
346
|
+
if rcode == 407 # ProxyAuthentication Required
|
|
347
|
+
return response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
348
|
+
else
|
|
349
|
+
puts "* no proxy authentication required!"
|
|
350
|
+
return response_header
|
|
351
|
+
end
|
|
352
|
+
|
|
353
|
+
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen){ |d|
|
|
354
|
+
#puts d
|
|
355
|
+
}
|
|
356
|
+
|
|
357
|
+
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
358
|
+
t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
|
|
359
|
+
request.removeHeader("Proxy-Authorization")
|
|
360
|
+
# request.removeHeader("Proxy-Connection")
|
|
361
|
+
|
|
362
|
+
# request.addHeader("Proxy-Connection", "Close")
|
|
363
|
+
# request.addHeader("Pragma", "no-cache")
|
|
364
|
+
msg = "NTLM " + t3.encode64
|
|
365
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
366
|
+
# puts "============= T3 ======================="
|
|
367
|
+
# puts request
|
|
368
|
+
# puts "------------------------"
|
|
369
|
+
data = request.join + "\r\n"
|
|
370
|
+
@socket.print data
|
|
371
|
+
|
|
372
|
+
response_header = readHTTPHeader(@socket)
|
|
373
|
+
response_header.each do |line|
|
|
374
|
+
# puts line
|
|
375
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
376
|
+
rcode = $1.to_i
|
|
377
|
+
rmsg = $2
|
|
378
|
+
end
|
|
379
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
380
|
+
ntlm_challenge = $2
|
|
381
|
+
end
|
|
382
|
+
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
383
|
+
clen = $1.to_i
|
|
384
|
+
end
|
|
385
|
+
break if line.strip.empty?
|
|
386
|
+
end
|
|
387
|
+
# Watobo::HTTPSocket.read_body(tcp_socket, :max_bytes => clen){ |d|
|
|
388
|
+
#puts d
|
|
389
|
+
# }
|
|
390
|
+
return response_header
|
|
391
|
+
end
|
|
392
|
+
|
|
393
|
+
#
|
|
394
|
+
# doProxyAuth
|
|
395
|
+
#
|
|
396
|
+
def doProxyAuth()
|
|
397
|
+
# puts "DO PROXY AUTH"
|
|
398
|
+
# puts proxy.to_yaml
|
|
399
|
+
response_headers = nil
|
|
400
|
+
case @proxy.auth_type
|
|
401
|
+
when AUTH_TYPE_NTLM
|
|
402
|
+
return proxyAuthNTLM()
|
|
403
|
+
|
|
404
|
+
end # END OF NTLM
|
|
405
|
+
|
|
406
|
+
end
|
|
407
|
+
|
|
408
|
+
|
|
409
|
+
end
|
|
410
|
+
end
|
|
411
|
+
end
|