watobo 0.9.19 → 0.9.20

data/modules/active/xml/xml_xxe.rb

@@ -1,134 +1,129 @@
-# .
+#.
 # xml_xxe.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
-# @private 
-module Watobo#:nodoc: all
-  module Modules
-    module Active
-      module Xml
-        class Xml_xxe < Watobo::ActiveCheck
-          # This module checks if DTD is accepted
-          # The idea is to use regular parameters and convert them to entity
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+# @private
+module Watobo#:nodoc: all
+  module Modules
+    module Active
+      module Xml
+        class Xml_xxe < Watobo::ActiveCheck
+          # This module checks if DTD is accepted
+          # The idea is to use regular parameters and convert them to entity
           # if the result is the same, chances are good that XXE attacks will work
-          
-          @info.update(
-            :check_name => 'XML-XXE',    # name of check which briefly describes functionality, will be used for tree and progress views
-            :check_group => "XML",
-            :description => "XML eXternal Entity (XXE).",   # description of checkfunction
-            :author => "Andreas Schmidt", # author of check
-            :version => "0.9"   # check version
-            )
-            
-            threat = "https://www.owasp.org/index.php/Testing_for_XML_Injection_(OWASP-DV-008)"
-            
-            measure = "Disable external entities."
-            
-            @finding.update(
-            :threat => threat,        # thread of vulnerability, e.g. loss of information
-            :class => "External Entities",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
-            :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
-            :rating => VULN_RATING_CRITICAL,
-            :measure => measure
-            )
-          
-          def initialize(project, prefs={})
-            super(project, prefs)
-            
-          end
-          
-          def generateChecks(chat)
-            begin              
+          #
+          # Links:
+          # http://www.w3.org/TR/2004/REC-xml-20040204/#sec-external-ent
+          
+          @info.update(
+            :check_name => 'XML-XXE',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :check_group => "XML",
+            :description => "XML eXternal Entity (XXE).",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :version => "0.9"   # check version
+            )
+            
+            threat = "https://www.owasp.org/index.php/Testing_for_XML_Injection_(OWASP-DV-008)"
+            
+            measure = "Disable external entities."
+            
+            @finding.update(
+            :threat => threat,        # thread of vulnerability, e.g. loss of information
+            :class => "External Entities",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
+            :rating => VULN_RATING_CRITICAL,
+            :measure => measure
+            )
+          
+          def initialize(project, prefs={})
+            super(project, prefs)
+            
+          end
+          
+          def generateChecks(chat)
+            begin              
               if ( chat.request.content_type =~ /xml/ ) and chat.request.has_body?
-                # first we do a request with an
-                base = chat.copyRequest
-                base_request, base_response = doRequest(base)
+                puts "XXE-TEST"
+                # first we do a request with an
+                base = chat.copyRequest
+                base_request, base_response = doRequest(base)
                 return unless base_response.has_body?
+                puts " *create entity packets ..."
                 create_entity_packets(chat.request.body).each do |packet|
-                  checker = proc {
-                    begin                      
-                      test_request = nil
-                    test_response = nil
-                    test = chat.copyRequest
-                    test.setData packet.to_s
-                    test_request, test_response = doRequest(test)
-                    #puts test_response.status
-                    
-                    if test_response.has_body? and test_response.body == base_response.body
-                     
-                      addFinding(test_request,test_response,
-                      :test_item => "ENTITY",
-                      :check_pattern => "ENTITY",
-                      :chat => chat,
-                      :title => "[#{chat.request.path}] - ENTITY",
-                      :debug => true
-                      )
-                    end
-                    rescue => bang
-                      puts bang
-                      puts bang.backtrace if $DEBUG                      
-                    end
-                    [ test_request, test_response ]
-                  }
-                  yield checker
-                  
-                   end
-              end
-            rescue => bang
-              puts bang
-            end
-          end
-          
-          private
-          
-          def create_entity_packets(xml_string)
-  xml_packets = []
-
-  xmlbase = Nokogiri::XML(xml_string)
-  xmlbase.traverse do |node|
+                  puts packet
+                  checker = proc {
+                    begin                      
+                      test_request = nil
+                    test_response = nil
+                    test = chat.copyRequest
+                    test.setData packet.to_s
+                    test_request, test_response = doRequest(test)
+                    #puts test_response.status
+                    
+                    if test_response.has_body? and test_response.body == base_response.body
+                     
+                      addFinding(test_request,test_response,
+                      :test_item => "ENTITY",
+                      :check_pattern => "ENTITY",
+                      :chat => chat,
+                      :title => "[#{chat.request.path}] - ENTITY",
+                      :debug => true
+                      )
+                    end
+                    rescue => bang
+                      puts bang
+                      puts bang.backtrace if $DEBUG                      
+                    end
+                    [ test_request, test_response ]
+                  }
+                  yield checker
+                  
+                   end
+              end
+            rescue => bang
+              puts bang
+            end
+          end
+          
+          private
+          
+          def create_entity_packets(xml_string)
+  xml_packets = []
+
+  xmlbase = Nokogiri::XML(xml_string)
+  xmlbase.traverse do |node|
     if node.text?
-      unless node.text.strip.empty?
-        xml = Nokogiri::XML(xml_string)
-        xml.create_internal_subset("#{node.parent.name}", nil, nil)
-        node_name = ""
-        node_name << "#{node.parent.namespace.prefix}:" unless node.parent.namespace.prefix.nil?
-        node_name << "#{node.parent.name}"
-        add_entity(xml, "#{node_name}", "#{node.parent.name}", "#{node.text}")
-        xml_packets << xml
-
-      end
-    end
-  end
-  xml_packets
-end
-
-def add_entity(xml, node_name, entity_name, value)
-  xml.create_entity(entity_name, Nokogiri::XML::EntityDecl::INTERNAL_GENERAL, nil, nil, value)
-  entity = Nokogiri::XML::EntityReference.new xml, entity_name
-  nodeset = xml.xpath("//#{node_name}")  
-  nodeset.first.send(:native_content=, entity.to_s ) unless nodeset.empty?  
-end
-
-        end
-        # --> eo namespace    
-      end
-    end
-  end
+      #next if node.parent.namespace.nil?
+      unless node.text.strip.empty?
+        xml = Nokogiri::XML(xml_string)
+        xml.create_internal_subset("#{node.parent.name}", nil, nil)
+        node_name = ""
+        node_name << "#{node.parent.namespace.prefix}:" if node.parent.namespace.respond_to? :prefix
+        node_name << "#{node.parent.name}"
+        add_entity(xml, "#{node_name}", "#{node.parent.name}", "#{node.text}")
+        xml_packets << xml
+
+      end
+    end
+  end
+  xml_packets
+end
+
+def add_entity(xml, node_name, entity_name, value)
+  xml.create_entity(entity_name, Nokogiri::XML::EntityDecl::INTERNAL_GENERAL, nil, nil, value)
+  entity = Nokogiri::XML::EntityReference.new xml, entity_name
+  nodeset = xml.xpath("//#{node_name}")  
+  nodeset.first.send(:native_content=, entity.to_s ) unless nodeset.empty?  
+end
+
+        end
+        # --> eo namespace    
+      end
+    end
+  end
 end

data/modules/active/xss/xss_ng.rb

@@ -1,237 +1,226 @@
-# .
+#.
 # xss_ng.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
-# @private 
-module Watobo#:nodoc: all
-  module Modules
-    module Active
-      module Xss
-        
-        
-        class Xss_ng < Watobo::ActiveCheck
-          
-          threat =<<'EOF'
-Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. 
-A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser 
-within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to 
-VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
-
-When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the 
-hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible 
-by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another 
-location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially 
-compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content 
-from the file system may execute code under the local machine zone allowing for system compromise.
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
-Source: http://projects.webappsec.org/Cross-Site+Scripting
-EOF
-            
-            measure = "All user input should be filtered and/or escaped using a method appropriate for the output context"
-            
-            @info.update(
-                         :check_name => 'NextGeneration Cross Site Scripting Checks',    # name of check which briefly describes functionality, will be used for tree and progress views
-            :check_group => AC_GROUP_XSS,
-            :description => "XSS Checks with rating. Additional parameters are created by extracting input fields (name/value pairs) of the original response.",   # description of checkfunction
-            :author => "Andreas Schmidt", # author of check
-            :version => "1.0"   # check version
-            )
-            
-            @finding.update(
-                            :threat => threat,        # thread of vulnerability, e.g. loss of information
-                            :class => "Reflected XSS",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
-            :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
-            :rating => VULN_RATING_HIGH,
-            :measure => measure
-            )
-          
-          def initialize(project, prefs={})
-            super(project, prefs)
-            
-            
-            @envelop = "watobo"
-            @env_count = 0
-            @evasions = [ "%0a", "%00"]
-            @xss_chars= %w( < > ' " ) 
-            @escape_chars = ['\\']       
-            @additional_parms = []
-            
-            def reset
-              @additional_parms = []
-              @env_count = 0
-            end
-            
-            
-          end
-          
-          
-          def generateChecks(chat)    
-            begin   
-              # 
-              if chat.response.respond_to? :input_fields           
-              chat.response.input_fields do |field|                
-                @additional_parms << field.to_www_form_parm if chat.request.method_post?
+# @private 
+module Watobo#:nodoc: all
+  module Modules
+    module Active
+      module Xss
+        
+        
+        class Xss_ng < Watobo::ActiveCheck
+          
+          threat =<<'EOF'
+Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. 
+A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser 
+within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to 
+VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
+
+When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the 
+hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible 
+by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another 
+location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially 
+compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content 
+from the file system may execute code under the local machine zone allowing for system compromise.
+
+Source: http://projects.webappsec.org/Cross-Site+Scripting
+EOF
+            
+            measure = "All user input should be filtered and/or escaped using a method appropriate for the output context"
+            
+            @info.update(
+                         :check_name => 'NextGeneration Cross Site Scripting Checks',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :check_group => AC_GROUP_XSS,
+            :description => "XSS Checks with rating. Additional parameters are created by extracting input fields (name/value pairs) of the original response.",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :version => "1.0"   # check version
+            )
+            
+            @finding.update(
+                            :threat => threat,        # thread of vulnerability, e.g. loss of information
+                            :class => "Reflected XSS",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
+            :rating => VULN_RATING_HIGH,
+            :measure => measure
+            )
+          
+          def initialize(project, prefs={})
+            super(project, prefs)
+            
+            
+            @envelop = "watobo"
+            @env_count = 0
+            @evasions = [ "%0a", "%00"]
+            @xss_chars= %w( < > ' " ) 
+            @escape_chars = ['\\']       
+            @additional_parms = []
+            
+            def reset
+              @additional_parms = []
+              @env_count = 0
+            end
+            
+            
+          end
+          
+          
+          def generateChecks(chat)    
+            begin   
+              # 
+              if chat.response.respond_to? :input_fields           
+              chat.response.input_fields do |field|
+                             
+                @additional_parms << field.to_www_form_parm if chat.request.method_post?
                 @additional_parms << field.to_url_parm
-               
-              end
-              end
-              
-              @parm_list = chat.request.parameters(:data, :url)
-              @parm_list.concat @additional_parms
-              @parm_list.each do |parm|
-               #log_console( "#{parm.location} - #{parm.name} = #{parm.value}")
-               
-                checks = []
-                @xss_chars.each do |xss|
-                  @env_count += 1
-                  
-                  check_id = "#{@envelop}#{@env_count}"
-                   checks << [ xss.dup, "#{xss}", check_id ]
-                   checks << [xss.dup, "#{parm.value}#{xss}", check_id ]
-                   checks << [xss.dup, "#{xss}#{parm.value}", check_id ]
-                      
-                  end
-                  checker = proc {
-                    results = {}
-                    rating = 0
-                       test_request = nil
-                      test_response = nil
-                      
-                      # first we check, if parameter is injectable
-                      test = chat.copyRequest
-                     
-                      proof = "INJ#{Time.now.to_i.to_s}"
-                      parm.value = proof
-                      test.set parm
-                      
-                      test_request,test_response = doRequest(test)
-                      
-                      
-                      next [ test_request, test_response ] unless test_response.has_body?
-                                       
-                      next [ test_request, test_response ] unless test_response.body =~ /#{proof}/i
-                      
-                    
-                    checks.each do |xss, check, check_id|
-                     
-                     # accept only one (escape) char between check_id and check string
-                      proof = "#{check_id}([^#{Regexp.quote(check)}]?(#{Regexp.quote(check)}){1})"
-                      next if results.has_key? xss
-                      test = chat.copyRequest
-                     
-                      parm.value = check_id + CGI.escape(check)
-                      test.set parm
-                      
-                      test_request,test_response = doRequest(test)
-                                       
-                      if not test_response then
-                        if $DEBUG
-                        puts "[#{Module.nesting[0].name}] got no response :("
-                        puts test
-                        end
-                      elsif test_response.join =~ /#{proof}/i
-                        match = $1
-                      #puts "MATCH: [ #{match} ] / [ #{check} ]"
-                        if match == check
-                        results[xss] = { :match => :full, :check => check, :proof => proof }
-                        end
-                        
-                        unless results.has_key? xss
-                          @escape_chars.each do |ec|
-                            ep = Regexp.quote("#{ec}#{xss}")
-                          #  puts "Escaped: #{match} / #{ep}"
-                            results[xss] = { :match => :escaped, :check => check, :proof => proof, :escape_char => "#{ec}"} if match =~ /#{ep}/
-                          end
-                        end
-                        
-                      end
-                      
-                    end
-                    
-                   puts results.to_yaml if $DEBUG
-                    xss_combo = ""
-                    combo_patterns = []
-                   results.each do |k,v|
-                     mp = CGI.escape(k)
-                     rp = CGI.escape(@xss_chars.join)
-                     xss_combo += CGI.escape(k)
-                     #puts "[#{k}] - #{v}"
-                     case v[:match]
-                       
-                     when :full
-                         rating += 100/@xss_chars.length                         
-                         combo_patterns << k 
-                       when :escaped
-                          rating += 100/(@xss_chars.length*4)
-                          combo_patterns << Regexp.quote("#{v[:escape_char]}#{k}") 
-                       end
-                   end                   
-                    
-                    if rating > 0
-                      test = chat.copyRequest
-                      #puts "COMBO-REQUEST: #{xss_combo}"
-                      parm.value = "#{@envelop}#{@env_count}#{xss_combo}"
-                      pattern = "(#{@envelop}#{@env_count}(#{combo_patterns.join("|")})+)"
-                      test.set parm
-                        
-                      match = ""
-                      
-                      test_request,test_response = doRequest(test)
-                      if not test_response then
-                        puts "got no response :("
-                      elsif test_response.join =~ /#{pattern}/i
-                        match = $1
-                        #puts "MATCH: #{match}"
-                      end
-                     
-                     fclass = "Reflected XSS - #{rating}%"
-                     fclass = "Reflected XSS (POST) - #{rating}%" if parm.location == :data
-                      addFinding( test_request, test_response,
-                                 :check_pattern => xss_combo, 
-                      :proof_pattern => "#{match}", 
-                      :test_item => parm.name,
-                      :class => fclass, 
-                      :chat => chat,
-                      :title => "[#{parm.name}] - #{test_request.path}"
-                      )
-                    end
-                   
-                    [ test_request, test_response ]
-                  }
-                  yield checker
-               
-              end
-              
-            rescue => bang
-              puts bang
-              puts bang.backtrace if $DEBUG
-              puts "ERROR!! #{Module.nesting[0].name}"
-              raise
-              
-              
-            end
-          end
-          
-        end
-        
-      end
-    end
-  end
-end
+               
+              end
+              end
+              
+              @parm_list = chat.request.parameters(:data, :url, :json)
+              @parm_list.concat @additional_parms
+              @parm_list.each do |parm|
+               #log_console( "#{parm.location} - #{parm.name} = #{parm.value}")
+               
+                checks = []
+                @xss_chars.each do |xss|
+                  @env_count += 1
+                  
+                  check_id = "#{@envelop}#{@env_count}"
+                   checks << [ xss.dup, "#{xss}", check_id ]
+                   checks << [xss.dup, "#{parm.value}#{xss}", check_id ]
+                   checks << [xss.dup, "#{xss}#{parm.value}", check_id ]
+                      
+                  end
+                  checker = proc {
+                    results = {}
+                    rating = 0
+                       test_request = nil
+                      test_response = nil
+                      
+                      # first we check, if parameter is injectable
+                      test = chat.copyRequest
+                     
+                      proof = "INJ#{Time.now.to_i.to_s}"
+                      parm.value = proof
+                      test.set parm
+                      
+                      test_request,test_response = doRequest(test)
+                      
+                      
+                      next [ test_request, test_response ] unless test_response.has_body?
+                                       
+                      next [ test_request, test_response ] unless test_response.body =~ /#{proof}/i
+                      
+                    
+                    checks.each do |xss, check, check_id|
+                     
+                     # accept only one (escape) char between check_id and check string
+                      proof = "#{check_id}([^#{Regexp.quote(check)}]?(#{Regexp.quote(check)}){1})"
+                      next if results.has_key? xss
+                      test = chat.copyRequest
+                     
+                      parm.value = check_id + CGI.escape(check)
+                      test.set parm
+                      
+                      test_request,test_response = doRequest(test)
+                                       
+                      if not test_response then
+                        if $DEBUG
+                        puts "[#{Module.nesting[0].name}] got no response :("
+                        puts test
+                        end
+                      elsif test_response.join =~ /#{proof}/i
+                        match = $1
+                      #puts "MATCH: [ #{match} ] / [ #{check} ]"
+                        if match == check
+                        results[xss] = { :match => :full, :check => check, :proof => proof }
+                        end
+                        
+                        unless results.has_key? xss
+                          @escape_chars.each do |ec|
+                            ep = Regexp.quote("#{ec}#{xss}")
+                          #  puts "Escaped: #{match} / #{ep}"
+                            results[xss] = { :match => :escaped, :check => check, :proof => proof, :escape_char => "#{ec}"} if match =~ /#{ep}/
+                          end
+                        end
+                        
+                      end
+                      
+                    end
+                    
+                   puts results.to_yaml if $DEBUG
+                    xss_combo = ""
+                    combo_patterns = []
+                   results.each do |k,v|
+                     mp = CGI.escape(k)
+                     rp = CGI.escape(@xss_chars.join)
+                     xss_combo += CGI.escape(k)
+                     #puts "[#{k}] - #{v}"
+                     case v[:match]
+                       
+                     when :full
+                         rating += 100/@xss_chars.length                         
+                         combo_patterns << k 
+                       when :escaped
+                          rating += 100/(@xss_chars.length*4)
+                          combo_patterns << Regexp.quote("#{v[:escape_char]}#{k}") 
+                       end
+                   end                   
+                    
+                    if rating > 0
+                      test = chat.copyRequest
+                      #puts "COMBO-REQUEST: #{xss_combo}"
+                      parm.value = "#{@envelop}#{@env_count}#{xss_combo}"
+                      pattern = "(#{@envelop}#{@env_count}(#{combo_patterns.join("|")})+)"
+                      test.set parm
+                        
+                      match = ""
+                      
+                      test_request,test_response = doRequest(test)
+                      if not test_response then
+                        puts "got no response :("
+                      elsif test_response.join =~ /#{pattern}/i
+                        match = $1
+                        #puts "MATCH: #{match}"
+                      end
+                     
+                     fclass = "Reflected XSS - #{rating}%"
+                     fclass = "Reflected XSS (POST) - #{rating}%" if parm.location == :data
+                      addFinding( test_request, test_response,
+                                 :check_pattern => xss_combo, 
+                      :proof_pattern => "#{match}", 
+                      :test_item => parm.name,
+                      :class => fclass, 
+                      :chat => chat,
+                      :title => "[#{parm.name}] - #{test_request.path}"
+                      )
+                    end
+                   
+                    [ test_request, test_response ]
+                  }
+                  yield checker
+               
+              end
+              
+            rescue => bang
+              puts bang
+              puts bang.backtrace if $DEBUG
+              puts "ERROR!! #{Module.nesting[0].name}"
+              raise
+              
+              
+            end
+          end
+          
+        end
+        
+      end
+    end
+  end
+end