watobo 0.9.21 → 0.9.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +46 -1
- data/bin/nfq_server.rb +0 -9
- data/bin/watobo_gui.rb +3 -13
- data/custom-views/prettify-json.rb +9 -18
- data/icons/watobo.ico +0 -0
- data/icons/watobo.ico.old +0 -0
- data/lib/watobo.rb +10 -19
- data/lib/watobo/adapters.rb +5 -14
- data/lib/watobo/adapters/data_store.rb +50 -59
- data/lib/watobo/adapters/file/file_store.rb +287 -296
- data/lib/watobo/adapters/file/marshal_store.rb +293 -296
- data/lib/watobo/adapters/session_store.rb +5 -14
- data/lib/watobo/ca.rb +1 -10
- data/lib/watobo/config.rb +197 -206
- data/lib/watobo/constants.rb +0 -9
- data/lib/watobo/core.rb +3 -12
- data/lib/watobo/core/active_check.rb +72 -135
- data/lib/watobo/core/active_checks.rb +49 -58
- data/lib/watobo/core/ca.rb +369 -389
- data/lib/watobo/core/cert_store.rb +34 -43
- data/lib/watobo/core/chat.rb +92 -101
- data/lib/watobo/core/chats.rb +271 -280
- data/lib/watobo/core/client_cert_store.rb +106 -35
- data/lib/watobo/core/conversation.rb +48 -57
- data/lib/watobo/core/cookie.rb +23 -32
- data/lib/watobo/core/egress_handlers.rb +98 -0
- data/lib/watobo/core/finding.rb +66 -75
- data/lib/watobo/core/findings.rb +107 -114
- data/lib/watobo/core/forwarding_proxy.rb +13 -22
- data/lib/watobo/core/fuzz_gen.rb +0 -9
- data/lib/watobo/core/intercept_carver.rb +166 -177
- data/lib/watobo/core/intercept_filter.rb +235 -244
- data/lib/watobo/core/interceptor.rb +98 -107
- data/lib/watobo/core/min_class.rb +4 -13
- data/lib/watobo/core/netfilter_queue.rb +170 -179
- data/lib/watobo/core/ott_cache.rb +132 -141
- data/lib/watobo/core/parameter.rb +43 -52
- data/lib/watobo/core/passive_check.rb +103 -102
- data/lib/watobo/core/passive_checks.rb +48 -57
- data/lib/watobo/core/passive_scanner.rb +54 -55
- data/lib/watobo/core/plugin.rb +11 -20
- data/lib/watobo/core/project.rb +3 -9
- data/lib/watobo/core/proxy.rb +43 -52
- data/lib/watobo/core/request.rb +125 -123
- data/lib/watobo/core/response.rb +44 -53
- data/lib/watobo/core/scanner.rb +0 -9
- data/lib/watobo/core/scanner3.rb +405 -414
- data/lib/watobo/core/scope.rb +83 -92
- data/lib/watobo/core/session.rb +1043 -1026
- data/lib/watobo/core/sid_cache.rb +98 -107
- data/lib/watobo/core/subscriber.rb +25 -34
- data/lib/watobo/defaults.rb +21 -30
- data/lib/watobo/external/diff/lcs.rb +0 -9
- data/lib/watobo/external/diff/lcs/array.rb +0 -9
- data/lib/watobo/external/diff/lcs/block.rb +0 -9
- data/lib/watobo/external/diff/lcs/callbacks.rb +0 -9
- data/lib/watobo/external/diff/lcs/change.rb +0 -9
- data/lib/watobo/external/diff/lcs/hunk.rb +0 -9
- data/lib/watobo/external/diff/lcs/ldiff.rb +0 -9
- data/lib/watobo/external/diff/lcs/string.rb +0 -9
- data/lib/watobo/externals.rb +6 -15
- data/lib/watobo/framework.rb +4 -13
- data/lib/watobo/framework/create_project.rb +60 -69
- data/lib/watobo/framework/init.rb +0 -9
- data/lib/watobo/framework/init_modules.rb +0 -9
- data/lib/watobo/framework/license_text.rb +28 -37
- data/lib/watobo/framework/load_chat.rb +13 -22
- data/lib/watobo/gui.rb +132 -123
- data/lib/watobo/gui/about_watobo.rb +0 -9
- data/lib/watobo/gui/browser_preview.rb +0 -9
- data/lib/watobo/gui/certificate_dialog.rb +0 -9
- data/lib/watobo/gui/chat_diff.rb +0 -9
- data/lib/watobo/gui/chatviewer_frame.rb +73 -72
- data/lib/watobo/gui/checkboxtree.rb +0 -9
- data/lib/watobo/gui/checks_policy_frame.rb +0 -9
- data/lib/watobo/gui/client_cert_dialog.rb +96 -87
- data/lib/watobo/gui/confirm_scan_dialog.rb +0 -9
- data/lib/watobo/gui/conversation_table.rb +158 -164
- data/lib/watobo/gui/conversation_table_ctrl.rb +207 -216
- data/lib/watobo/gui/conversation_table_ctrl2.rb +373 -382
- data/lib/watobo/gui/csrf_token_dialog.rb +0 -9
- data/lib/watobo/gui/custom_viewer.rb +374 -383
- data/lib/watobo/gui/dashboard.rb +296 -303
- data/lib/watobo/gui/define_scope_frame.rb +0 -9
- data/lib/watobo/gui/differ_frame.rb +215 -224
- data/lib/watobo/gui/edit_comment.rb +0 -9
- data/lib/watobo/gui/edit_scope_dialog.rb +0 -9
- data/lib/watobo/gui/export_dialog.rb +104 -113
- data/lib/watobo/gui/finding_info.rb +0 -9
- data/lib/watobo/gui/findings_tree.rb +210 -217
- data/lib/watobo/gui/full_scan_dialog.rb +0 -9
- data/lib/watobo/gui/fuzzer_gui.rb +1295 -1313
- data/lib/watobo/gui/fxsave_thread.rb +14 -0
- data/lib/watobo/gui/goto_url_dialog.rb +70 -79
- data/lib/watobo/gui/hex_viewer.rb +0 -9
- data/lib/watobo/gui/html_viewer.rb +287 -296
- data/lib/watobo/gui/intercept_filter_dialog.rb +188 -197
- data/lib/watobo/gui/interceptor_gui.rb +1041 -1051
- data/lib/watobo/gui/interceptor_settings_dialog.rb +0 -9
- data/lib/watobo/gui/json_viewer.rb +287 -0
- data/lib/watobo/gui/list_box.rb +101 -110
- data/lib/watobo/gui/log_file_viewer.rb +32 -41
- data/lib/watobo/gui/log_viewer.rb +83 -88
- data/lib/watobo/gui/login_wizzard.rb +0 -9
- data/lib/watobo/gui/main_window.rb +587 -618
- data/lib/watobo/gui/manual_request_editor.rb +620 -565
- data/lib/watobo/gui/master_pw_dialog.rb +0 -9
- data/lib/watobo/gui/mixins/gui_settings.rb +29 -38
- data/lib/watobo/gui/page_tree.rb +217 -226
- data/lib/watobo/gui/password_policy_dialog.rb +0 -9
- data/lib/watobo/gui/plugin_board.rb +0 -9
- data/lib/watobo/gui/preferences_dialog.rb +0 -9
- data/lib/watobo/gui/progress_window.rb +17 -27
- data/lib/watobo/gui/project_wizzard.rb +0 -9
- data/lib/watobo/gui/proxy_dialog.rb +1 -10
- data/lib/watobo/gui/quick_scan_dialog.rb +0 -9
- data/lib/watobo/gui/request_builder_frame.rb +102 -111
- data/lib/watobo/gui/request_editor.rb +181 -137
- data/lib/watobo/gui/rewrite_filters_dialog.rb +394 -403
- data/lib/watobo/gui/rewrite_rules_dialog.rb +372 -381
- data/lib/watobo/gui/save_chat_dialog.rb +140 -149
- data/lib/watobo/gui/scanner_settings_dialog.rb +0 -9
- data/lib/watobo/gui/select_chat_dialog.rb +0 -9
- data/lib/watobo/gui/session_management_dialog.rb +0 -9
- data/lib/watobo/gui/sites_tree.rb +0 -9
- data/lib/watobo/gui/status_bar.rb +0 -9
- data/lib/watobo/gui/table_editor.rb +0 -9
- data/lib/watobo/gui/tagless_viewer.rb +0 -9
- data/lib/watobo/gui/templates/plugin.rb +0 -9
- data/lib/watobo/gui/templates/plugin2.rb +92 -100
- data/lib/watobo/gui/templates/plugin_base.rb +144 -153
- data/lib/watobo/gui/text_viewer.rb +0 -9
- data/lib/watobo/gui/transcoder_window.rb +0 -9
- data/lib/watobo/gui/utils/gui_utils.rb +0 -9
- data/lib/watobo/gui/utils/init_icons.rb +86 -95
- data/lib/watobo/gui/utils/load_icons.rb +33 -42
- data/lib/watobo/gui/utils/load_plugins.rb +116 -119
- data/lib/watobo/gui/utils/master_password.rb +68 -77
- data/lib/watobo/gui/utils/save_default_settings.rb +113 -122
- data/lib/watobo/gui/utils/save_project_settings.rb +0 -9
- data/lib/watobo/gui/utils/save_proxy_settings.rb +41 -50
- data/lib/watobo/gui/utils/save_scanner_settings.rb +18 -27
- data/lib/watobo/gui/utils/session_history.rb +112 -121
- data/lib/watobo/gui/workspace_dialog.rb +0 -9
- data/lib/watobo/gui/www_auth_dialog.rb +0 -9
- data/lib/watobo/gui/xml_viewer_frame.rb +0 -9
- data/lib/watobo/http.rb +4 -13
- data/lib/watobo/http/cookies/cookies.rb +26 -35
- data/lib/watobo/http/data/data.rb +45 -54
- data/lib/watobo/http/data/json.rb +47 -55
- data/lib/watobo/http/url/url.rb +38 -47
- data/lib/watobo/http/xml/xml.rb +124 -130
- data/lib/watobo/interceptor.rb +3 -12
- data/lib/watobo/interceptor/proxy.rb +742 -739
- data/lib/watobo/interceptor/transparent.rb +22 -24
- data/lib/watobo/mixins.rb +10 -19
- data/lib/watobo/mixins/check_info.rb +27 -36
- data/lib/watobo/mixins/httpparser.rb +613 -637
- data/lib/watobo/mixins/request_parser.rb +88 -97
- data/lib/watobo/mixins/shapers.rb +515 -529
- data/lib/watobo/mixins/transcoders.rb +3 -11
- data/lib/watobo/parser.rb +1 -10
- data/lib/watobo/parser/html.rb +83 -92
- data/lib/watobo/patch_fxruby_setfocus.rb +26 -0
- data/lib/watobo/sockets.rb +3 -12
- data/lib/watobo/sockets/agent.rb +828 -837
- data/lib/watobo/sockets/client_socket.rb +308 -312
- data/lib/watobo/sockets/connection.rb +401 -410
- data/lib/watobo/sockets/http_socket.rb +11 -13
- data/lib/watobo/sockets/ntlm_auth.rb +129 -138
- data/lib/watobo/utils.rb +10 -19
- data/lib/watobo/utils/check_regex.rb +0 -9
- data/lib/watobo/utils/copy_object.rb +0 -9
- data/lib/watobo/utils/crypto.rb +0 -9
- data/lib/watobo/utils/expand_range.rb +23 -32
- data/lib/watobo/utils/export_xml.rb +97 -106
- data/lib/watobo/utils/file_management.rb +9 -11
- data/lib/watobo/utils/hexprint.rb +9 -18
- data/lib/watobo/utils/load_chat.rb +0 -9
- data/lib/watobo/utils/load_icon.rb +0 -9
- data/lib/watobo/utils/ntlm.rb +866 -875
- data/lib/watobo/utils/print_debug.rb +12 -21
- data/lib/watobo/utils/response_builder.rb +90 -99
- data/lib/watobo/utils/response_hash.rb +0 -9
- data/lib/watobo/utils/secure_eval.rb +0 -9
- data/lib/watobo/utils/strings.rb +10 -19
- data/lib/watobo/utils/text2request.rb +0 -9
- data/lib/watobo/utils/url.rb +23 -32
- data/lib/watobo/utils/utf16.rb +11 -20
- data/modules/active/Apache/mod_status.rb +0 -9
- data/modules/active/Apache/multiview.rb +151 -160
- data/modules/active/Flash/crossdomain.rb +0 -9
- data/modules/active/JWT/jwt_oauth2_none.rb +111 -0
- data/modules/active/cq5/cq5_default_selectors.rb +106 -115
- data/modules/active/cq5/cqp_user_enumeration.rb +125 -134
- data/modules/active/directories/dirwalker.rb +0 -9
- data/modules/active/discovery/fileextensions.rb +0 -9
- data/modules/active/discovery/http_methods.rb +0 -9
- data/modules/active/discovery/jsmapfiles.rb +79 -0
- data/modules/active/domino/domino_db.rb +68 -76
- data/modules/active/dotNET/custom_errors.rb +102 -111
- data/modules/active/dotNET/dotnet_files.rb +90 -99
- data/modules/active/fileinclusion/lfi_simple.rb +0 -9
- data/modules/active/jboss/jboss_basic.rb +0 -9
- data/modules/active/sap/business_objects.rb +51 -60
- data/modules/active/sap/its_commands.rb +0 -9
- data/modules/active/sap/its_service_parameter.rb +0 -9
- data/modules/active/sap/its_services.rb +0 -9
- data/modules/active/sap/its_xss.rb +0 -9
- data/modules/active/shell_shock/shell_shock.rb +139 -148
- data/modules/active/siebel/siebel_apps.rb +160 -169
- data/modules/active/sqlinjection/sql_boolean.rb +0 -9
- data/modules/active/sqlinjection/sql_numerical.rb +198 -0
- data/modules/active/sqlinjection/sqli_error.rb +0 -9
- data/modules/active/sqlinjection/sqli_timing.rb +220 -229
- data/modules/active/struts2/default_handler_ognl.rb +106 -115
- data/modules/active/struts2/include_params_ognl.rb +105 -114
- data/modules/active/xml/xml_xxe.rb +112 -123
- data/modules/active/xss/xss_ng.rb +214 -223
- data/modules/active/xss/xss_simple.rb +0 -9
- data/modules/passive/ajax.rb +68 -77
- data/modules/passive/autocomplete.rb +56 -65
- data/modules/passive/cookie_options.rb +0 -9
- data/modules/passive/cookie_xss.rb +0 -9
- data/modules/passive/detect_code.rb +0 -9
- data/modules/passive/detect_fileupload.rb +0 -9
- data/modules/passive/detect_infrastructure.rb +0 -9
- data/modules/passive/detect_one_time_tokens.rb +0 -9
- data/modules/passive/dirindexing.rb +0 -9
- data/modules/passive/disclosure_domino.rb +55 -64
- data/modules/passive/disclosure_emails.rb +0 -9
- data/modules/passive/disclosure_ipaddr.rb +55 -53
- data/modules/passive/filename_as_parameter.rb +0 -9
- data/modules/passive/form_spotter.rb +0 -9
- data/modules/passive/hidden_fields.rb +50 -59
- data/modules/passive/hotspots.rb +0 -9
- data/modules/passive/in_script_parameter.rb +0 -9
- data/modules/passive/json_web_token.rb +93 -0
- data/modules/passive/multiple_server_headers.rb +0 -9
- data/modules/passive/possible_login.rb +0 -9
- data/modules/passive/redirect_url.rb +0 -9
- data/modules/passive/redirectionz.rb +0 -9
- data/modules/passive/sap-headers.rb +56 -65
- data/modules/passive/xss_dom.rb +0 -9
- data/plugins/aem/aem.rb +11 -20
- data/plugins/aem/gui/main.rb +118 -127
- data/plugins/aem/gui/tree_view.rb +171 -180
- data/plugins/aem/lib/agent.rb +130 -138
- data/plugins/aem/lib/dispatcher.rb +45 -51
- data/plugins/aem/lib/engine.rb +177 -186
- data/plugins/catalog/catalog.rb +345 -355
- data/plugins/crawler/crawler.rb +4 -13
- data/plugins/crawler/gui.rb +5 -14
- data/plugins/crawler/gui/auth_frame.rb +270 -279
- data/plugins/crawler/gui/crawler_gui.rb +271 -276
- data/plugins/crawler/gui/general_settings_frame.rb +96 -105
- data/plugins/crawler/gui/hooks_frame.rb +80 -89
- data/plugins/crawler/gui/scope_frame.rb +50 -59
- data/plugins/crawler/gui/settings_tabbook.rb +38 -47
- data/plugins/crawler/gui/status_frame.rb +59 -68
- data/plugins/crawler/lib/bags.rb +18 -27
- data/plugins/crawler/lib/constants.rb +11 -20
- data/plugins/crawler/lib/engine.rb +488 -497
- data/plugins/crawler/lib/grabber.rb +68 -77
- data/plugins/crawler/lib/status.rb +71 -80
- data/plugins/crawler/lib/uri_mp.rb +12 -21
- data/plugins/filefinder/filefinder.rb +326 -333
- data/plugins/sqlmap/bin/test.rb +78 -87
- data/plugins/sqlmap/gui.rb +4 -13
- data/plugins/sqlmap/gui/main.rb +218 -227
- data/plugins/sqlmap/gui/options_frame.rb +97 -106
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +90 -100
- data/plugins/sqlmap/sqlmap.rb +2 -11
- data/plugins/sslchecker/cli/sslchecker_cli.rb +0 -9
- data/plugins/sslchecker/gui/cipher_table.rb +246 -254
- data/plugins/sslchecker/gui/gui.rb +258 -264
- data/plugins/sslchecker/gui/sslchecker.rb +4 -13
- data/plugins/sslchecker/lib/check.rb +127 -133
- data/plugins/wshell/gui/main.rb +119 -117
- data/plugins/wshell/lib/core.rb +38 -88
- data/plugins/wshell/wshell.rb +11 -20
- metadata +170 -164
|
@@ -1,411 +1,402 @@
|
|
|
1
|
-
#.
|
|
2
|
-
# connection.rb
|
|
3
|
-
#.
|
|
4
|
-
# Copyright 2014 by siberas, http://www.siberas.de
|
|
5
|
-
# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
|
|
6
|
-
# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
|
|
7
|
-
# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
-
# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
9
|
-
|
|
10
1
|
# @private
|
|
11
|
-
module Watobo#:nodoc: all
|
|
12
|
-
module HTTPSocket
|
|
13
|
-
class Connection_UNUSED
|
|
14
|
-
|
|
15
|
-
include Watobo::Constants
|
|
16
|
-
extend Watobo::Subscriber
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
def initialize(request, prefs)
|
|
21
|
-
@request = request
|
|
22
|
-
@response = nil
|
|
23
|
-
|
|
24
|
-
@proxy = Watobo::ForwardingProxy.get(site)
|
|
25
|
-
|
|
26
|
-
unless @proxy.nil?
|
|
27
|
-
host = @proxy.host
|
|
28
|
-
port = @proxy.port
|
|
29
|
-
else
|
|
30
|
-
host = @request.host
|
|
31
|
-
port = @request.port
|
|
32
|
-
end
|
|
33
|
-
# check if hostname is valid and can be resolved
|
|
34
|
-
#hostip = IPSocket.getaddress(host)
|
|
35
|
-
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def read_body( prefs={} )
|
|
39
|
-
clen = @response.content_length
|
|
40
|
-
data = ""
|
|
41
|
-
|
|
42
|
-
begin
|
|
43
|
-
if @response.is_chunked?
|
|
44
|
-
Watobo::HTTPSocket.readChunkedBody(@socket) { |c|
|
|
45
|
-
data += c
|
|
46
|
-
}
|
|
47
|
-
elsif clen > 0
|
|
48
|
-
# puts "* read #{clen} bytes for body"
|
|
49
|
-
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen) { |c|
|
|
50
|
-
data += c
|
|
51
|
-
break if data.length == clen
|
|
52
|
-
}
|
|
53
|
-
elsif clen < 0
|
|
54
|
-
# puts "* no content-length information ... mmmmmpf"
|
|
55
|
-
# eofcount = 0
|
|
56
|
-
Watobo::HTTPSocket.read_body(@socket) do |c|
|
|
57
|
-
data += c
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
response.push data unless data.empty?
|
|
63
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
64
|
-
notify(:logout, self) if loggedOut?(response)
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
update_sids(request.host, response) if prefs[:update_sids] == true
|
|
68
|
-
return true
|
|
69
|
-
|
|
70
|
-
rescue => e
|
|
71
|
-
puts "! Could not read response"
|
|
72
|
-
puts e
|
|
73
|
-
# puts e.backtrace
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
return false
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
def read_header( prefs={} )
|
|
80
|
-
|
|
81
|
-
header = []
|
|
82
|
-
msg = nil
|
|
83
|
-
begin
|
|
84
|
-
Watobo::HTTPSocket.read_header(@socket) do |line|
|
|
85
|
-
#puts line
|
|
86
|
-
# puts line.unpack("H*")
|
|
87
|
-
header << line
|
|
88
|
-
end
|
|
89
|
-
rescue Errno::ECONNRESET
|
|
90
|
-
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Connection Reset By Peer</body></html>"
|
|
91
|
-
rescue Timeout::Error
|
|
92
|
-
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Timeout</body></html>"
|
|
93
|
-
rescue => bang
|
|
94
|
-
puts "!ERROR: read_header"
|
|
95
|
-
return nil
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
header = [ "HTTP/1.1 502 Bad Gateway\r\n", "Server: WATOBO\r\n", "Content-Length: #{msg.length.to_i}\r\n", "Content-Type: text/html\r\n", "\r\n", "#{msg}" ] unless msg.nil?
|
|
99
|
-
|
|
100
|
-
response = Watobo::Response.new header
|
|
101
|
-
# update_sids(header)
|
|
102
|
-
|
|
103
|
-
# update_sids(request.site, response) if prefs[:update_sids] == true
|
|
104
|
-
|
|
105
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
106
|
-
notify(:logout, self) if loggedOut?(response)
|
|
107
|
-
end
|
|
108
|
-
|
|
109
|
-
return response
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
def sslConnect(tcp_socket, current_prefs = {} )
|
|
113
|
-
begin
|
|
114
|
-
|
|
115
|
-
ctx = OpenSSL::SSL::SSLContext.new()
|
|
116
|
-
ctx.ciphers = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
|
|
117
|
-
|
|
118
|
-
if current_prefs.has_key? :ssl_client_cert and current_prefs.has_key? :ssl_client_key
|
|
119
|
-
|
|
120
|
-
ctx.cert = current_prefs[:ssl_client_cert]
|
|
121
|
-
ctx.key = current_prefs[:ssl_client_key]
|
|
122
|
-
if $DEBUG
|
|
123
|
-
puts "[SSLconnect] Client Certificates"
|
|
124
|
-
puts "= CERT ="
|
|
125
|
-
# puts @ctx.cert.methods.sort
|
|
126
|
-
puts ctx.cert.display
|
|
127
|
-
puts "---"
|
|
128
|
-
puts "= KEY ="
|
|
129
|
-
puts ctx.key.display
|
|
130
|
-
puts "---"
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
|
|
134
|
-
@socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
135
|
-
@socket.sync_close = true
|
|
136
|
-
|
|
137
|
-
@socket.connect
|
|
138
|
-
@socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
139
|
-
puts "[SSLconnect]: #{@socket.state}" if $DEBUG
|
|
140
|
-
return socket
|
|
141
|
-
rescue => bang
|
|
142
|
-
if current_prefs[:ssl_cipher].nil?
|
|
143
|
-
puts "[SSLconnect] ... gr#!..*peep*.. "
|
|
144
|
-
puts bang
|
|
145
|
-
puts bang.backtrace if $DEBUG
|
|
146
|
-
end
|
|
147
|
-
end
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
# SSLProxyConnect
|
|
151
|
-
# return SSLSocket, ResponseHeader of ConnectionSetup
|
|
152
|
-
# On error SSLSocket is nil
|
|
153
|
-
def sslProxyConnect( prefs )
|
|
154
|
-
begin
|
|
155
|
-
tcp_socket = nil
|
|
156
|
-
response_header = []
|
|
157
|
-
|
|
158
|
-
request = @request.copy
|
|
159
|
-
|
|
160
|
-
# timeout(6) do
|
|
161
|
-
|
|
162
|
-
tcp_socket = TCPSocket.new( @proxy.host, @proxy.port)
|
|
163
|
-
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
164
|
-
tcp_socket.sync = true
|
|
165
|
-
|
|
166
|
-
# setup request
|
|
167
|
-
dummy = "CONNECT #{request.host}:#{request.port} HTTP/1.0\r\n"
|
|
168
|
-
request.shift
|
|
169
|
-
request.unshift dummy
|
|
170
|
-
|
|
171
|
-
request.removeHeader("Proxy-Connection")
|
|
172
|
-
request.removeHeader("Connection")
|
|
173
|
-
request.removeHeader("Content-Length")
|
|
174
|
-
request.removeBody()
|
|
175
|
-
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
176
|
-
request.addHeader("Pragma", "no-cache")
|
|
177
|
-
|
|
178
|
-
# puts "=== sslProxyConnect ==="
|
|
179
|
-
# puts request
|
|
180
|
-
|
|
181
|
-
if proxy.has_login?
|
|
182
|
-
case proxy.auth_type
|
|
183
|
-
when AUTH_TYPE_NTLM
|
|
184
|
-
|
|
185
|
-
t1 = Watobo::NTLM::Message::Type1.new()
|
|
186
|
-
msg = "NTLM " + t1.encode64
|
|
187
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
188
|
-
|
|
189
|
-
if $DEBUG
|
|
190
|
-
puts "============= PROXY NTLM: T1 ======================="
|
|
191
|
-
puts request
|
|
192
|
-
puts "---"
|
|
193
|
-
end
|
|
194
|
-
data = request.join + "\r\n"
|
|
195
|
-
|
|
196
|
-
tcp_socket.print data
|
|
197
|
-
# puts "-----------------"
|
|
198
|
-
cl = 0
|
|
199
|
-
ntlm_challenge = nil
|
|
200
|
-
while (line = tcp_socket.gets)
|
|
201
|
-
response_header.push line
|
|
202
|
-
puts line if $DEBUG
|
|
203
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
204
|
-
rcode = $1.to_i
|
|
205
|
-
rmsg = $2
|
|
206
|
-
end
|
|
207
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
208
|
-
ntlm_challenge = $2
|
|
209
|
-
end
|
|
210
|
-
if line =~ /^Content-Length: (\d*)/i
|
|
211
|
-
cl = $1.to_i
|
|
212
|
-
end
|
|
213
|
-
break if line.strip.empty?
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
if cl > 0
|
|
218
|
-
Watobo::HTTPSocket.read_body(tcp_socket) { |d|
|
|
219
|
-
# puts d
|
|
220
|
-
}
|
|
221
|
-
end
|
|
222
|
-
|
|
223
|
-
if rcode == 200 # Ok
|
|
224
|
-
puts "* seems proxy doesn't require authentication"
|
|
225
|
-
socket = sslConnect(tcp_socket, prefs)
|
|
226
|
-
return socket, response_header
|
|
227
|
-
end
|
|
228
|
-
|
|
229
|
-
return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
230
|
-
|
|
231
|
-
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
232
|
-
t3 = t2.response( { :user => proxy.username,
|
|
233
|
-
:password => proxy.password,
|
|
234
|
-
:domain => proxy.domain },
|
|
235
|
-
{ :workstation => proxy.workstation, :ntlmv2 => true } )
|
|
236
|
-
request.removeHeader("Proxy-Authorization")
|
|
237
|
-
|
|
238
|
-
msg = "NTLM " + t3.encode64
|
|
239
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
240
|
-
|
|
241
|
-
data = request.join + "\r\n"
|
|
242
|
-
if $DEBUG
|
|
243
|
-
puts "============= T3 ======================="
|
|
244
|
-
puts data
|
|
245
|
-
puts "---"
|
|
246
|
-
end
|
|
247
|
-
|
|
248
|
-
tcp_socket.print data
|
|
249
|
-
# puts "-----------------"
|
|
250
|
-
|
|
251
|
-
response_header = []
|
|
252
|
-
rcode = 0
|
|
253
|
-
response_header = read_header(@socket)
|
|
254
|
-
rcode = response_header.status
|
|
255
|
-
if rcode =~/^200/ # Ok
|
|
256
|
-
puts "[ProxyAuth-NTLM] Authorization Successful" if $DEBUG
|
|
257
|
-
socket = sslConnect(tcp_socket, prefs)
|
|
258
|
-
return socket, response_header
|
|
259
|
-
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
260
|
-
# if rcode is still 407 authentication didn't work -> break
|
|
261
|
-
msg = "NTLM-Authentication failed!"
|
|
262
|
-
puts "[ProxyAuth-NTLM] #{msg}" if $DEBUG
|
|
263
|
-
return nil, msg
|
|
264
|
-
else
|
|
265
|
-
puts "[SSLconnect] NTLM Authentication"
|
|
266
|
-
puts "> #{rcode} <"
|
|
267
|
-
return nil, response_header
|
|
268
|
-
end
|
|
269
|
-
end
|
|
270
|
-
end # END OF PROXY AUTH
|
|
271
|
-
|
|
272
|
-
# Start ProxyConnect Without Authentication
|
|
273
|
-
data = request.join + "\r\n"
|
|
274
|
-
tcp_socket.print data
|
|
275
|
-
# puts "-----------------"
|
|
276
|
-
|
|
277
|
-
response_header = []
|
|
278
|
-
response_header = readHTTPHeader(@socket)
|
|
279
|
-
rcode = response_header.status
|
|
280
|
-
if rcode =~ /^200/ # Ok
|
|
281
|
-
# puts "* proxy connection successfull"
|
|
282
|
-
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
283
|
-
# if rcode is still 407 authentication didn't work -> break
|
|
284
|
-
|
|
285
|
-
else
|
|
286
|
-
puts "[SSLconnect] Response Status"
|
|
287
|
-
puts "> #{rcode} <"
|
|
288
|
-
end
|
|
289
|
-
|
|
290
|
-
socket = sslConnect(@socket, prefs)
|
|
291
|
-
return socket, response_header
|
|
292
|
-
rescue => bang
|
|
293
|
-
puts bang
|
|
294
|
-
return nil, error_response(bang)
|
|
295
|
-
end
|
|
296
|
-
# return nil, nil
|
|
297
|
-
end
|
|
298
|
-
|
|
299
|
-
# proxyAuthNTLM
|
|
300
|
-
# returns: ResponseHeaders
|
|
301
|
-
def proxyAuthNTLM()
|
|
302
|
-
|
|
303
|
-
request = @request.copy
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
request.removeHeader("Proxy-Authorization")
|
|
307
|
-
request.removeHeader("Proxy-Connection")
|
|
308
|
-
|
|
309
|
-
response_header = []
|
|
310
|
-
|
|
311
|
-
ntlm_challenge = nil
|
|
312
|
-
t1 = Watobo::NTLM::Message::Type1.new()
|
|
313
|
-
msg = "NTLM " + t1.encode64
|
|
314
|
-
|
|
315
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
316
|
-
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
317
|
-
|
|
318
|
-
# puts "============= T1 ======================="
|
|
319
|
-
# puts auth_request
|
|
320
|
-
data = request.join + "\r\n"
|
|
321
|
-
|
|
322
|
-
@socket.print data
|
|
323
|
-
# puts "-----------------"
|
|
324
|
-
response_header = readHTTPHeader(@socket)
|
|
325
|
-
rcode = nil
|
|
326
|
-
rmsg = nil
|
|
327
|
-
ntlm_challenge = nil
|
|
328
|
-
clen = 0
|
|
329
|
-
response_header.each do |line|
|
|
330
|
-
# puts line
|
|
331
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
332
|
-
rcode = $1.to_i
|
|
333
|
-
rmsg = $2
|
|
334
|
-
end
|
|
335
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
336
|
-
ntlm_challenge = $2
|
|
337
|
-
end
|
|
338
|
-
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
339
|
-
clen = $1.to_i
|
|
340
|
-
end
|
|
341
|
-
break if line.strip.empty?
|
|
342
|
-
end
|
|
343
|
-
|
|
344
|
-
#puts "* reading #{clen} bytes"
|
|
345
|
-
|
|
346
|
-
if rcode == 407 # ProxyAuthentication Required
|
|
347
|
-
return response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
348
|
-
else
|
|
349
|
-
puts "* no proxy authentication required!"
|
|
350
|
-
return response_header
|
|
351
|
-
end
|
|
352
|
-
|
|
353
|
-
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen){ |d|
|
|
354
|
-
#puts d
|
|
355
|
-
}
|
|
356
|
-
|
|
357
|
-
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
358
|
-
t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
|
|
359
|
-
request.removeHeader("Proxy-Authorization")
|
|
360
|
-
# request.removeHeader("Proxy-Connection")
|
|
361
|
-
|
|
362
|
-
# request.addHeader("Proxy-Connection", "Close")
|
|
363
|
-
# request.addHeader("Pragma", "no-cache")
|
|
364
|
-
msg = "NTLM " + t3.encode64
|
|
365
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
366
|
-
# puts "============= T3 ======================="
|
|
367
|
-
# puts request
|
|
368
|
-
# puts "------------------------"
|
|
369
|
-
data = request.join + "\r\n"
|
|
370
|
-
@socket.print data
|
|
371
|
-
|
|
372
|
-
response_header = readHTTPHeader(@socket)
|
|
373
|
-
response_header.each do |line|
|
|
374
|
-
# puts line
|
|
375
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
376
|
-
rcode = $1.to_i
|
|
377
|
-
rmsg = $2
|
|
378
|
-
end
|
|
379
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
380
|
-
ntlm_challenge = $2
|
|
381
|
-
end
|
|
382
|
-
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
383
|
-
clen = $1.to_i
|
|
384
|
-
end
|
|
385
|
-
break if line.strip.empty?
|
|
386
|
-
end
|
|
387
|
-
# Watobo::HTTPSocket.read_body(tcp_socket, :max_bytes => clen){ |d|
|
|
388
|
-
#puts d
|
|
389
|
-
# }
|
|
390
|
-
return response_header
|
|
391
|
-
end
|
|
392
|
-
|
|
393
|
-
#
|
|
394
|
-
# doProxyAuth
|
|
395
|
-
#
|
|
396
|
-
def doProxyAuth()
|
|
397
|
-
# puts "DO PROXY AUTH"
|
|
398
|
-
# puts proxy.to_yaml
|
|
399
|
-
response_headers = nil
|
|
400
|
-
case @proxy.auth_type
|
|
401
|
-
when AUTH_TYPE_NTLM
|
|
402
|
-
return proxyAuthNTLM()
|
|
403
|
-
|
|
404
|
-
end # END OF NTLM
|
|
405
|
-
|
|
406
|
-
end
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
end
|
|
410
|
-
end
|
|
411
|
-
end
|
|
2
|
+
module Watobo#:nodoc: all
|
|
3
|
+
module HTTPSocket
|
|
4
|
+
class Connection_UNUSED
|
|
5
|
+
|
|
6
|
+
include Watobo::Constants
|
|
7
|
+
extend Watobo::Subscriber
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
def initialize(request, prefs)
|
|
12
|
+
@request = request
|
|
13
|
+
@response = nil
|
|
14
|
+
|
|
15
|
+
@proxy = Watobo::ForwardingProxy.get(site)
|
|
16
|
+
|
|
17
|
+
unless @proxy.nil?
|
|
18
|
+
host = @proxy.host
|
|
19
|
+
port = @proxy.port
|
|
20
|
+
else
|
|
21
|
+
host = @request.host
|
|
22
|
+
port = @request.port
|
|
23
|
+
end
|
|
24
|
+
# check if hostname is valid and can be resolved
|
|
25
|
+
#hostip = IPSocket.getaddress(host)
|
|
26
|
+
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def read_body( prefs={} )
|
|
30
|
+
clen = @response.content_length
|
|
31
|
+
data = ""
|
|
32
|
+
|
|
33
|
+
begin
|
|
34
|
+
if @response.is_chunked?
|
|
35
|
+
Watobo::HTTPSocket.readChunkedBody(@socket) { |c|
|
|
36
|
+
data += c
|
|
37
|
+
}
|
|
38
|
+
elsif clen > 0
|
|
39
|
+
# puts "* read #{clen} bytes for body"
|
|
40
|
+
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen) { |c|
|
|
41
|
+
data += c
|
|
42
|
+
break if data.length == clen
|
|
43
|
+
}
|
|
44
|
+
elsif clen < 0
|
|
45
|
+
# puts "* no content-length information ... mmmmmpf"
|
|
46
|
+
# eofcount = 0
|
|
47
|
+
Watobo::HTTPSocket.read_body(@socket) do |c|
|
|
48
|
+
data += c
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
response.push data unless data.empty?
|
|
54
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
55
|
+
notify(:logout, self) if loggedOut?(response)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
update_sids(request.host, response) if prefs[:update_sids] == true
|
|
59
|
+
return true
|
|
60
|
+
|
|
61
|
+
rescue => e
|
|
62
|
+
puts "! Could not read response"
|
|
63
|
+
puts e
|
|
64
|
+
# puts e.backtrace
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
return false
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def read_header( prefs={} )
|
|
71
|
+
|
|
72
|
+
header = []
|
|
73
|
+
msg = nil
|
|
74
|
+
begin
|
|
75
|
+
Watobo::HTTPSocket.read_header(@socket) do |line|
|
|
76
|
+
#puts line
|
|
77
|
+
# puts line.unpack("H*")
|
|
78
|
+
header << line
|
|
79
|
+
end
|
|
80
|
+
rescue Errno::ECONNRESET
|
|
81
|
+
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Connection Reset By Peer</body></html>"
|
|
82
|
+
rescue Timeout::Error
|
|
83
|
+
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Timeout</body></html>"
|
|
84
|
+
rescue => bang
|
|
85
|
+
puts "!ERROR: read_header"
|
|
86
|
+
return nil
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
header = [ "HTTP/1.1 502 Bad Gateway\r\n", "Server: WATOBO\r\n", "Content-Length: #{msg.length.to_i}\r\n", "Content-Type: text/html\r\n", "\r\n", "#{msg}" ] unless msg.nil?
|
|
90
|
+
|
|
91
|
+
response = Watobo::Response.new header
|
|
92
|
+
# update_sids(header)
|
|
93
|
+
|
|
94
|
+
# update_sids(request.site, response) if prefs[:update_sids] == true
|
|
95
|
+
|
|
96
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
97
|
+
notify(:logout, self) if loggedOut?(response)
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
return response
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
def sslConnect(tcp_socket, current_prefs = {} )
|
|
104
|
+
begin
|
|
105
|
+
|
|
106
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
|
107
|
+
ctx.ciphers = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
|
|
108
|
+
|
|
109
|
+
if current_prefs.has_key? :ssl_client_cert and current_prefs.has_key? :ssl_client_key
|
|
110
|
+
|
|
111
|
+
ctx.cert = current_prefs[:ssl_client_cert]
|
|
112
|
+
ctx.key = current_prefs[:ssl_client_key]
|
|
113
|
+
if $DEBUG
|
|
114
|
+
puts "[SSLconnect] Client Certificates"
|
|
115
|
+
puts "= CERT ="
|
|
116
|
+
# puts @ctx.cert.methods.sort
|
|
117
|
+
puts ctx.cert.display
|
|
118
|
+
puts "---"
|
|
119
|
+
puts "= KEY ="
|
|
120
|
+
puts ctx.key.display
|
|
121
|
+
puts "---"
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
@socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
126
|
+
@socket.sync_close = true
|
|
127
|
+
|
|
128
|
+
@socket.connect
|
|
129
|
+
@socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
130
|
+
puts "[SSLconnect]: #{@socket.state}" if $DEBUG
|
|
131
|
+
return socket
|
|
132
|
+
rescue => bang
|
|
133
|
+
if current_prefs[:ssl_cipher].nil?
|
|
134
|
+
puts "[SSLconnect] ... gr#!..*peep*.. "
|
|
135
|
+
puts bang
|
|
136
|
+
puts bang.backtrace if $DEBUG
|
|
137
|
+
end
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
# SSLProxyConnect
|
|
142
|
+
# return SSLSocket, ResponseHeader of ConnectionSetup
|
|
143
|
+
# On error SSLSocket is nil
|
|
144
|
+
def sslProxyConnect( prefs )
|
|
145
|
+
begin
|
|
146
|
+
tcp_socket = nil
|
|
147
|
+
response_header = []
|
|
148
|
+
|
|
149
|
+
request = @request.copy
|
|
150
|
+
|
|
151
|
+
# timeout(6) do
|
|
152
|
+
|
|
153
|
+
tcp_socket = TCPSocket.new( @proxy.host, @proxy.port)
|
|
154
|
+
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
155
|
+
tcp_socket.sync = true
|
|
156
|
+
|
|
157
|
+
# setup request
|
|
158
|
+
dummy = "CONNECT #{request.host}:#{request.port} HTTP/1.0\r\n"
|
|
159
|
+
request.shift
|
|
160
|
+
request.unshift dummy
|
|
161
|
+
|
|
162
|
+
request.removeHeader("Proxy-Connection")
|
|
163
|
+
request.removeHeader("Connection")
|
|
164
|
+
request.removeHeader("Content-Length")
|
|
165
|
+
request.removeBody()
|
|
166
|
+
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
167
|
+
request.addHeader("Pragma", "no-cache")
|
|
168
|
+
|
|
169
|
+
# puts "=== sslProxyConnect ==="
|
|
170
|
+
# puts request
|
|
171
|
+
|
|
172
|
+
if proxy.has_login?
|
|
173
|
+
case proxy.auth_type
|
|
174
|
+
when AUTH_TYPE_NTLM
|
|
175
|
+
|
|
176
|
+
t1 = Watobo::NTLM::Message::Type1.new()
|
|
177
|
+
msg = "NTLM " + t1.encode64
|
|
178
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
179
|
+
|
|
180
|
+
if $DEBUG
|
|
181
|
+
puts "============= PROXY NTLM: T1 ======================="
|
|
182
|
+
puts request
|
|
183
|
+
puts "---"
|
|
184
|
+
end
|
|
185
|
+
data = request.join + "\r\n"
|
|
186
|
+
|
|
187
|
+
tcp_socket.print data
|
|
188
|
+
# puts "-----------------"
|
|
189
|
+
cl = 0
|
|
190
|
+
ntlm_challenge = nil
|
|
191
|
+
while (line = tcp_socket.gets)
|
|
192
|
+
response_header.push line
|
|
193
|
+
puts line if $DEBUG
|
|
194
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
195
|
+
rcode = $1.to_i
|
|
196
|
+
rmsg = $2
|
|
197
|
+
end
|
|
198
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
199
|
+
ntlm_challenge = $2
|
|
200
|
+
end
|
|
201
|
+
if line =~ /^Content-Length: (\d*)/i
|
|
202
|
+
cl = $1.to_i
|
|
203
|
+
end
|
|
204
|
+
break if line.strip.empty?
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
|
|
208
|
+
if cl > 0
|
|
209
|
+
Watobo::HTTPSocket.read_body(tcp_socket) { |d|
|
|
210
|
+
# puts d
|
|
211
|
+
}
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
if rcode == 200 # Ok
|
|
215
|
+
puts "* seems proxy doesn't require authentication"
|
|
216
|
+
socket = sslConnect(tcp_socket, prefs)
|
|
217
|
+
return socket, response_header
|
|
218
|
+
end
|
|
219
|
+
|
|
220
|
+
return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
221
|
+
|
|
222
|
+
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
223
|
+
t3 = t2.response( { :user => proxy.username,
|
|
224
|
+
:password => proxy.password,
|
|
225
|
+
:domain => proxy.domain },
|
|
226
|
+
{ :workstation => proxy.workstation, :ntlmv2 => true } )
|
|
227
|
+
request.removeHeader("Proxy-Authorization")
|
|
228
|
+
|
|
229
|
+
msg = "NTLM " + t3.encode64
|
|
230
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
231
|
+
|
|
232
|
+
data = request.join + "\r\n"
|
|
233
|
+
if $DEBUG
|
|
234
|
+
puts "============= T3 ======================="
|
|
235
|
+
puts data
|
|
236
|
+
puts "---"
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
tcp_socket.print data
|
|
240
|
+
# puts "-----------------"
|
|
241
|
+
|
|
242
|
+
response_header = []
|
|
243
|
+
rcode = 0
|
|
244
|
+
response_header = read_header(@socket)
|
|
245
|
+
rcode = response_header.status
|
|
246
|
+
if rcode =~/^200/ # Ok
|
|
247
|
+
puts "[ProxyAuth-NTLM] Authorization Successful" if $DEBUG
|
|
248
|
+
socket = sslConnect(tcp_socket, prefs)
|
|
249
|
+
return socket, response_header
|
|
250
|
+
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
251
|
+
# if rcode is still 407 authentication didn't work -> break
|
|
252
|
+
msg = "NTLM-Authentication failed!"
|
|
253
|
+
puts "[ProxyAuth-NTLM] #{msg}" if $DEBUG
|
|
254
|
+
return nil, msg
|
|
255
|
+
else
|
|
256
|
+
puts "[SSLconnect] NTLM Authentication"
|
|
257
|
+
puts "> #{rcode} <"
|
|
258
|
+
return nil, response_header
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
end # END OF PROXY AUTH
|
|
262
|
+
|
|
263
|
+
# Start ProxyConnect Without Authentication
|
|
264
|
+
data = request.join + "\r\n"
|
|
265
|
+
tcp_socket.print data
|
|
266
|
+
# puts "-----------------"
|
|
267
|
+
|
|
268
|
+
response_header = []
|
|
269
|
+
response_header = readHTTPHeader(@socket)
|
|
270
|
+
rcode = response_header.status
|
|
271
|
+
if rcode =~ /^200/ # Ok
|
|
272
|
+
# puts "* proxy connection successfull"
|
|
273
|
+
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
274
|
+
# if rcode is still 407 authentication didn't work -> break
|
|
275
|
+
|
|
276
|
+
else
|
|
277
|
+
puts "[SSLconnect] Response Status"
|
|
278
|
+
puts "> #{rcode} <"
|
|
279
|
+
end
|
|
280
|
+
|
|
281
|
+
socket = sslConnect(@socket, prefs)
|
|
282
|
+
return socket, response_header
|
|
283
|
+
rescue => bang
|
|
284
|
+
puts bang
|
|
285
|
+
return nil, error_response(bang)
|
|
286
|
+
end
|
|
287
|
+
# return nil, nil
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
# proxyAuthNTLM
|
|
291
|
+
# returns: ResponseHeaders
|
|
292
|
+
def proxyAuthNTLM()
|
|
293
|
+
|
|
294
|
+
request = @request.copy
|
|
295
|
+
|
|
296
|
+
|
|
297
|
+
request.removeHeader("Proxy-Authorization")
|
|
298
|
+
request.removeHeader("Proxy-Connection")
|
|
299
|
+
|
|
300
|
+
response_header = []
|
|
301
|
+
|
|
302
|
+
ntlm_challenge = nil
|
|
303
|
+
t1 = Watobo::NTLM::Message::Type1.new()
|
|
304
|
+
msg = "NTLM " + t1.encode64
|
|
305
|
+
|
|
306
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
307
|
+
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
308
|
+
|
|
309
|
+
# puts "============= T1 ======================="
|
|
310
|
+
# puts auth_request
|
|
311
|
+
data = request.join + "\r\n"
|
|
312
|
+
|
|
313
|
+
@socket.print data
|
|
314
|
+
# puts "-----------------"
|
|
315
|
+
response_header = readHTTPHeader(@socket)
|
|
316
|
+
rcode = nil
|
|
317
|
+
rmsg = nil
|
|
318
|
+
ntlm_challenge = nil
|
|
319
|
+
clen = 0
|
|
320
|
+
response_header.each do |line|
|
|
321
|
+
# puts line
|
|
322
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
323
|
+
rcode = $1.to_i
|
|
324
|
+
rmsg = $2
|
|
325
|
+
end
|
|
326
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
327
|
+
ntlm_challenge = $2
|
|
328
|
+
end
|
|
329
|
+
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
330
|
+
clen = $1.to_i
|
|
331
|
+
end
|
|
332
|
+
break if line.strip.empty?
|
|
333
|
+
end
|
|
334
|
+
|
|
335
|
+
#puts "* reading #{clen} bytes"
|
|
336
|
+
|
|
337
|
+
if rcode == 407 # ProxyAuthentication Required
|
|
338
|
+
return response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
339
|
+
else
|
|
340
|
+
puts "* no proxy authentication required!"
|
|
341
|
+
return response_header
|
|
342
|
+
end
|
|
343
|
+
|
|
344
|
+
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen){ |d|
|
|
345
|
+
#puts d
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
349
|
+
t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
|
|
350
|
+
request.removeHeader("Proxy-Authorization")
|
|
351
|
+
# request.removeHeader("Proxy-Connection")
|
|
352
|
+
|
|
353
|
+
# request.addHeader("Proxy-Connection", "Close")
|
|
354
|
+
# request.addHeader("Pragma", "no-cache")
|
|
355
|
+
msg = "NTLM " + t3.encode64
|
|
356
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
357
|
+
# puts "============= T3 ======================="
|
|
358
|
+
# puts request
|
|
359
|
+
# puts "------------------------"
|
|
360
|
+
data = request.join + "\r\n"
|
|
361
|
+
@socket.print data
|
|
362
|
+
|
|
363
|
+
response_header = readHTTPHeader(@socket)
|
|
364
|
+
response_header.each do |line|
|
|
365
|
+
# puts line
|
|
366
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
367
|
+
rcode = $1.to_i
|
|
368
|
+
rmsg = $2
|
|
369
|
+
end
|
|
370
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
371
|
+
ntlm_challenge = $2
|
|
372
|
+
end
|
|
373
|
+
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
374
|
+
clen = $1.to_i
|
|
375
|
+
end
|
|
376
|
+
break if line.strip.empty?
|
|
377
|
+
end
|
|
378
|
+
# Watobo::HTTPSocket.read_body(tcp_socket, :max_bytes => clen){ |d|
|
|
379
|
+
#puts d
|
|
380
|
+
# }
|
|
381
|
+
return response_header
|
|
382
|
+
end
|
|
383
|
+
|
|
384
|
+
#
|
|
385
|
+
# doProxyAuth
|
|
386
|
+
#
|
|
387
|
+
def doProxyAuth()
|
|
388
|
+
# puts "DO PROXY AUTH"
|
|
389
|
+
# puts proxy.to_yaml
|
|
390
|
+
response_headers = nil
|
|
391
|
+
case @proxy.auth_type
|
|
392
|
+
when AUTH_TYPE_NTLM
|
|
393
|
+
return proxyAuthNTLM()
|
|
394
|
+
|
|
395
|
+
end # END OF NTLM
|
|
396
|
+
|
|
397
|
+
end
|
|
398
|
+
|
|
399
|
+
|
|
400
|
+
end
|
|
401
|
+
end
|
|
402
|
+
end
|