watobo 0.9.21 → 0.9.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +46 -1
- data/bin/nfq_server.rb +0 -9
- data/bin/watobo_gui.rb +3 -13
- data/custom-views/prettify-json.rb +9 -18
- data/icons/watobo.ico +0 -0
- data/icons/watobo.ico.old +0 -0
- data/lib/watobo.rb +10 -19
- data/lib/watobo/adapters.rb +5 -14
- data/lib/watobo/adapters/data_store.rb +50 -59
- data/lib/watobo/adapters/file/file_store.rb +287 -296
- data/lib/watobo/adapters/file/marshal_store.rb +293 -296
- data/lib/watobo/adapters/session_store.rb +5 -14
- data/lib/watobo/ca.rb +1 -10
- data/lib/watobo/config.rb +197 -206
- data/lib/watobo/constants.rb +0 -9
- data/lib/watobo/core.rb +3 -12
- data/lib/watobo/core/active_check.rb +72 -135
- data/lib/watobo/core/active_checks.rb +49 -58
- data/lib/watobo/core/ca.rb +369 -389
- data/lib/watobo/core/cert_store.rb +34 -43
- data/lib/watobo/core/chat.rb +92 -101
- data/lib/watobo/core/chats.rb +271 -280
- data/lib/watobo/core/client_cert_store.rb +106 -35
- data/lib/watobo/core/conversation.rb +48 -57
- data/lib/watobo/core/cookie.rb +23 -32
- data/lib/watobo/core/egress_handlers.rb +98 -0
- data/lib/watobo/core/finding.rb +66 -75
- data/lib/watobo/core/findings.rb +107 -114
- data/lib/watobo/core/forwarding_proxy.rb +13 -22
- data/lib/watobo/core/fuzz_gen.rb +0 -9
- data/lib/watobo/core/intercept_carver.rb +166 -177
- data/lib/watobo/core/intercept_filter.rb +235 -244
- data/lib/watobo/core/interceptor.rb +98 -107
- data/lib/watobo/core/min_class.rb +4 -13
- data/lib/watobo/core/netfilter_queue.rb +170 -179
- data/lib/watobo/core/ott_cache.rb +132 -141
- data/lib/watobo/core/parameter.rb +43 -52
- data/lib/watobo/core/passive_check.rb +103 -102
- data/lib/watobo/core/passive_checks.rb +48 -57
- data/lib/watobo/core/passive_scanner.rb +54 -55
- data/lib/watobo/core/plugin.rb +11 -20
- data/lib/watobo/core/project.rb +3 -9
- data/lib/watobo/core/proxy.rb +43 -52
- data/lib/watobo/core/request.rb +125 -123
- data/lib/watobo/core/response.rb +44 -53
- data/lib/watobo/core/scanner.rb +0 -9
- data/lib/watobo/core/scanner3.rb +405 -414
- data/lib/watobo/core/scope.rb +83 -92
- data/lib/watobo/core/session.rb +1043 -1026
- data/lib/watobo/core/sid_cache.rb +98 -107
- data/lib/watobo/core/subscriber.rb +25 -34
- data/lib/watobo/defaults.rb +21 -30
- data/lib/watobo/external/diff/lcs.rb +0 -9
- data/lib/watobo/external/diff/lcs/array.rb +0 -9
- data/lib/watobo/external/diff/lcs/block.rb +0 -9
- data/lib/watobo/external/diff/lcs/callbacks.rb +0 -9
- data/lib/watobo/external/diff/lcs/change.rb +0 -9
- data/lib/watobo/external/diff/lcs/hunk.rb +0 -9
- data/lib/watobo/external/diff/lcs/ldiff.rb +0 -9
- data/lib/watobo/external/diff/lcs/string.rb +0 -9
- data/lib/watobo/externals.rb +6 -15
- data/lib/watobo/framework.rb +4 -13
- data/lib/watobo/framework/create_project.rb +60 -69
- data/lib/watobo/framework/init.rb +0 -9
- data/lib/watobo/framework/init_modules.rb +0 -9
- data/lib/watobo/framework/license_text.rb +28 -37
- data/lib/watobo/framework/load_chat.rb +13 -22
- data/lib/watobo/gui.rb +132 -123
- data/lib/watobo/gui/about_watobo.rb +0 -9
- data/lib/watobo/gui/browser_preview.rb +0 -9
- data/lib/watobo/gui/certificate_dialog.rb +0 -9
- data/lib/watobo/gui/chat_diff.rb +0 -9
- data/lib/watobo/gui/chatviewer_frame.rb +73 -72
- data/lib/watobo/gui/checkboxtree.rb +0 -9
- data/lib/watobo/gui/checks_policy_frame.rb +0 -9
- data/lib/watobo/gui/client_cert_dialog.rb +96 -87
- data/lib/watobo/gui/confirm_scan_dialog.rb +0 -9
- data/lib/watobo/gui/conversation_table.rb +158 -164
- data/lib/watobo/gui/conversation_table_ctrl.rb +207 -216
- data/lib/watobo/gui/conversation_table_ctrl2.rb +373 -382
- data/lib/watobo/gui/csrf_token_dialog.rb +0 -9
- data/lib/watobo/gui/custom_viewer.rb +374 -383
- data/lib/watobo/gui/dashboard.rb +296 -303
- data/lib/watobo/gui/define_scope_frame.rb +0 -9
- data/lib/watobo/gui/differ_frame.rb +215 -224
- data/lib/watobo/gui/edit_comment.rb +0 -9
- data/lib/watobo/gui/edit_scope_dialog.rb +0 -9
- data/lib/watobo/gui/export_dialog.rb +104 -113
- data/lib/watobo/gui/finding_info.rb +0 -9
- data/lib/watobo/gui/findings_tree.rb +210 -217
- data/lib/watobo/gui/full_scan_dialog.rb +0 -9
- data/lib/watobo/gui/fuzzer_gui.rb +1295 -1313
- data/lib/watobo/gui/fxsave_thread.rb +14 -0
- data/lib/watobo/gui/goto_url_dialog.rb +70 -79
- data/lib/watobo/gui/hex_viewer.rb +0 -9
- data/lib/watobo/gui/html_viewer.rb +287 -296
- data/lib/watobo/gui/intercept_filter_dialog.rb +188 -197
- data/lib/watobo/gui/interceptor_gui.rb +1041 -1051
- data/lib/watobo/gui/interceptor_settings_dialog.rb +0 -9
- data/lib/watobo/gui/json_viewer.rb +287 -0
- data/lib/watobo/gui/list_box.rb +101 -110
- data/lib/watobo/gui/log_file_viewer.rb +32 -41
- data/lib/watobo/gui/log_viewer.rb +83 -88
- data/lib/watobo/gui/login_wizzard.rb +0 -9
- data/lib/watobo/gui/main_window.rb +587 -618
- data/lib/watobo/gui/manual_request_editor.rb +620 -565
- data/lib/watobo/gui/master_pw_dialog.rb +0 -9
- data/lib/watobo/gui/mixins/gui_settings.rb +29 -38
- data/lib/watobo/gui/page_tree.rb +217 -226
- data/lib/watobo/gui/password_policy_dialog.rb +0 -9
- data/lib/watobo/gui/plugin_board.rb +0 -9
- data/lib/watobo/gui/preferences_dialog.rb +0 -9
- data/lib/watobo/gui/progress_window.rb +17 -27
- data/lib/watobo/gui/project_wizzard.rb +0 -9
- data/lib/watobo/gui/proxy_dialog.rb +1 -10
- data/lib/watobo/gui/quick_scan_dialog.rb +0 -9
- data/lib/watobo/gui/request_builder_frame.rb +102 -111
- data/lib/watobo/gui/request_editor.rb +181 -137
- data/lib/watobo/gui/rewrite_filters_dialog.rb +394 -403
- data/lib/watobo/gui/rewrite_rules_dialog.rb +372 -381
- data/lib/watobo/gui/save_chat_dialog.rb +140 -149
- data/lib/watobo/gui/scanner_settings_dialog.rb +0 -9
- data/lib/watobo/gui/select_chat_dialog.rb +0 -9
- data/lib/watobo/gui/session_management_dialog.rb +0 -9
- data/lib/watobo/gui/sites_tree.rb +0 -9
- data/lib/watobo/gui/status_bar.rb +0 -9
- data/lib/watobo/gui/table_editor.rb +0 -9
- data/lib/watobo/gui/tagless_viewer.rb +0 -9
- data/lib/watobo/gui/templates/plugin.rb +0 -9
- data/lib/watobo/gui/templates/plugin2.rb +92 -100
- data/lib/watobo/gui/templates/plugin_base.rb +144 -153
- data/lib/watobo/gui/text_viewer.rb +0 -9
- data/lib/watobo/gui/transcoder_window.rb +0 -9
- data/lib/watobo/gui/utils/gui_utils.rb +0 -9
- data/lib/watobo/gui/utils/init_icons.rb +86 -95
- data/lib/watobo/gui/utils/load_icons.rb +33 -42
- data/lib/watobo/gui/utils/load_plugins.rb +116 -119
- data/lib/watobo/gui/utils/master_password.rb +68 -77
- data/lib/watobo/gui/utils/save_default_settings.rb +113 -122
- data/lib/watobo/gui/utils/save_project_settings.rb +0 -9
- data/lib/watobo/gui/utils/save_proxy_settings.rb +41 -50
- data/lib/watobo/gui/utils/save_scanner_settings.rb +18 -27
- data/lib/watobo/gui/utils/session_history.rb +112 -121
- data/lib/watobo/gui/workspace_dialog.rb +0 -9
- data/lib/watobo/gui/www_auth_dialog.rb +0 -9
- data/lib/watobo/gui/xml_viewer_frame.rb +0 -9
- data/lib/watobo/http.rb +4 -13
- data/lib/watobo/http/cookies/cookies.rb +26 -35
- data/lib/watobo/http/data/data.rb +45 -54
- data/lib/watobo/http/data/json.rb +47 -55
- data/lib/watobo/http/url/url.rb +38 -47
- data/lib/watobo/http/xml/xml.rb +124 -130
- data/lib/watobo/interceptor.rb +3 -12
- data/lib/watobo/interceptor/proxy.rb +742 -739
- data/lib/watobo/interceptor/transparent.rb +22 -24
- data/lib/watobo/mixins.rb +10 -19
- data/lib/watobo/mixins/check_info.rb +27 -36
- data/lib/watobo/mixins/httpparser.rb +613 -637
- data/lib/watobo/mixins/request_parser.rb +88 -97
- data/lib/watobo/mixins/shapers.rb +515 -529
- data/lib/watobo/mixins/transcoders.rb +3 -11
- data/lib/watobo/parser.rb +1 -10
- data/lib/watobo/parser/html.rb +83 -92
- data/lib/watobo/patch_fxruby_setfocus.rb +26 -0
- data/lib/watobo/sockets.rb +3 -12
- data/lib/watobo/sockets/agent.rb +828 -837
- data/lib/watobo/sockets/client_socket.rb +308 -312
- data/lib/watobo/sockets/connection.rb +401 -410
- data/lib/watobo/sockets/http_socket.rb +11 -13
- data/lib/watobo/sockets/ntlm_auth.rb +129 -138
- data/lib/watobo/utils.rb +10 -19
- data/lib/watobo/utils/check_regex.rb +0 -9
- data/lib/watobo/utils/copy_object.rb +0 -9
- data/lib/watobo/utils/crypto.rb +0 -9
- data/lib/watobo/utils/expand_range.rb +23 -32
- data/lib/watobo/utils/export_xml.rb +97 -106
- data/lib/watobo/utils/file_management.rb +9 -11
- data/lib/watobo/utils/hexprint.rb +9 -18
- data/lib/watobo/utils/load_chat.rb +0 -9
- data/lib/watobo/utils/load_icon.rb +0 -9
- data/lib/watobo/utils/ntlm.rb +866 -875
- data/lib/watobo/utils/print_debug.rb +12 -21
- data/lib/watobo/utils/response_builder.rb +90 -99
- data/lib/watobo/utils/response_hash.rb +0 -9
- data/lib/watobo/utils/secure_eval.rb +0 -9
- data/lib/watobo/utils/strings.rb +10 -19
- data/lib/watobo/utils/text2request.rb +0 -9
- data/lib/watobo/utils/url.rb +23 -32
- data/lib/watobo/utils/utf16.rb +11 -20
- data/modules/active/Apache/mod_status.rb +0 -9
- data/modules/active/Apache/multiview.rb +151 -160
- data/modules/active/Flash/crossdomain.rb +0 -9
- data/modules/active/JWT/jwt_oauth2_none.rb +111 -0
- data/modules/active/cq5/cq5_default_selectors.rb +106 -115
- data/modules/active/cq5/cqp_user_enumeration.rb +125 -134
- data/modules/active/directories/dirwalker.rb +0 -9
- data/modules/active/discovery/fileextensions.rb +0 -9
- data/modules/active/discovery/http_methods.rb +0 -9
- data/modules/active/discovery/jsmapfiles.rb +79 -0
- data/modules/active/domino/domino_db.rb +68 -76
- data/modules/active/dotNET/custom_errors.rb +102 -111
- data/modules/active/dotNET/dotnet_files.rb +90 -99
- data/modules/active/fileinclusion/lfi_simple.rb +0 -9
- data/modules/active/jboss/jboss_basic.rb +0 -9
- data/modules/active/sap/business_objects.rb +51 -60
- data/modules/active/sap/its_commands.rb +0 -9
- data/modules/active/sap/its_service_parameter.rb +0 -9
- data/modules/active/sap/its_services.rb +0 -9
- data/modules/active/sap/its_xss.rb +0 -9
- data/modules/active/shell_shock/shell_shock.rb +139 -148
- data/modules/active/siebel/siebel_apps.rb +160 -169
- data/modules/active/sqlinjection/sql_boolean.rb +0 -9
- data/modules/active/sqlinjection/sql_numerical.rb +198 -0
- data/modules/active/sqlinjection/sqli_error.rb +0 -9
- data/modules/active/sqlinjection/sqli_timing.rb +220 -229
- data/modules/active/struts2/default_handler_ognl.rb +106 -115
- data/modules/active/struts2/include_params_ognl.rb +105 -114
- data/modules/active/xml/xml_xxe.rb +112 -123
- data/modules/active/xss/xss_ng.rb +214 -223
- data/modules/active/xss/xss_simple.rb +0 -9
- data/modules/passive/ajax.rb +68 -77
- data/modules/passive/autocomplete.rb +56 -65
- data/modules/passive/cookie_options.rb +0 -9
- data/modules/passive/cookie_xss.rb +0 -9
- data/modules/passive/detect_code.rb +0 -9
- data/modules/passive/detect_fileupload.rb +0 -9
- data/modules/passive/detect_infrastructure.rb +0 -9
- data/modules/passive/detect_one_time_tokens.rb +0 -9
- data/modules/passive/dirindexing.rb +0 -9
- data/modules/passive/disclosure_domino.rb +55 -64
- data/modules/passive/disclosure_emails.rb +0 -9
- data/modules/passive/disclosure_ipaddr.rb +55 -53
- data/modules/passive/filename_as_parameter.rb +0 -9
- data/modules/passive/form_spotter.rb +0 -9
- data/modules/passive/hidden_fields.rb +50 -59
- data/modules/passive/hotspots.rb +0 -9
- data/modules/passive/in_script_parameter.rb +0 -9
- data/modules/passive/json_web_token.rb +93 -0
- data/modules/passive/multiple_server_headers.rb +0 -9
- data/modules/passive/possible_login.rb +0 -9
- data/modules/passive/redirect_url.rb +0 -9
- data/modules/passive/redirectionz.rb +0 -9
- data/modules/passive/sap-headers.rb +56 -65
- data/modules/passive/xss_dom.rb +0 -9
- data/plugins/aem/aem.rb +11 -20
- data/plugins/aem/gui/main.rb +118 -127
- data/plugins/aem/gui/tree_view.rb +171 -180
- data/plugins/aem/lib/agent.rb +130 -138
- data/plugins/aem/lib/dispatcher.rb +45 -51
- data/plugins/aem/lib/engine.rb +177 -186
- data/plugins/catalog/catalog.rb +345 -355
- data/plugins/crawler/crawler.rb +4 -13
- data/plugins/crawler/gui.rb +5 -14
- data/plugins/crawler/gui/auth_frame.rb +270 -279
- data/plugins/crawler/gui/crawler_gui.rb +271 -276
- data/plugins/crawler/gui/general_settings_frame.rb +96 -105
- data/plugins/crawler/gui/hooks_frame.rb +80 -89
- data/plugins/crawler/gui/scope_frame.rb +50 -59
- data/plugins/crawler/gui/settings_tabbook.rb +38 -47
- data/plugins/crawler/gui/status_frame.rb +59 -68
- data/plugins/crawler/lib/bags.rb +18 -27
- data/plugins/crawler/lib/constants.rb +11 -20
- data/plugins/crawler/lib/engine.rb +488 -497
- data/plugins/crawler/lib/grabber.rb +68 -77
- data/plugins/crawler/lib/status.rb +71 -80
- data/plugins/crawler/lib/uri_mp.rb +12 -21
- data/plugins/filefinder/filefinder.rb +326 -333
- data/plugins/sqlmap/bin/test.rb +78 -87
- data/plugins/sqlmap/gui.rb +4 -13
- data/plugins/sqlmap/gui/main.rb +218 -227
- data/plugins/sqlmap/gui/options_frame.rb +97 -106
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +90 -100
- data/plugins/sqlmap/sqlmap.rb +2 -11
- data/plugins/sslchecker/cli/sslchecker_cli.rb +0 -9
- data/plugins/sslchecker/gui/cipher_table.rb +246 -254
- data/plugins/sslchecker/gui/gui.rb +258 -264
- data/plugins/sslchecker/gui/sslchecker.rb +4 -13
- data/plugins/sslchecker/lib/check.rb +127 -133
- data/plugins/wshell/gui/main.rb +119 -117
- data/plugins/wshell/lib/core.rb +38 -88
- data/plugins/wshell/wshell.rb +11 -20
- metadata +170 -164
|
@@ -1,411 +1,402 @@
|
|
|
1
|
-
#.
|
|
2
|
-
# connection.rb
|
|
3
|
-
#.
|
|
4
|
-
# Copyright 2014 by siberas, http://www.siberas.de
|
|
5
|
-
# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
|
|
6
|
-
# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
|
|
7
|
-
# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
-
# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
9
|
-
|
|
10
1
|
# @private
|
|
11
|
-
module Watobo#:nodoc: all
|
|
12
|
-
module HTTPSocket
|
|
13
|
-
class Connection_UNUSED
|
|
14
|
-
|
|
15
|
-
include Watobo::Constants
|
|
16
|
-
extend Watobo::Subscriber
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
def initialize(request, prefs)
|
|
21
|
-
@request = request
|
|
22
|
-
@response = nil
|
|
23
|
-
|
|
24
|
-
@proxy = Watobo::ForwardingProxy.get(site)
|
|
25
|
-
|
|
26
|
-
unless @proxy.nil?
|
|
27
|
-
host = @proxy.host
|
|
28
|
-
port = @proxy.port
|
|
29
|
-
else
|
|
30
|
-
host = @request.host
|
|
31
|
-
port = @request.port
|
|
32
|
-
end
|
|
33
|
-
# check if hostname is valid and can be resolved
|
|
34
|
-
#hostip = IPSocket.getaddress(host)
|
|
35
|
-
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def read_body( prefs={} )
|
|
39
|
-
clen = @response.content_length
|
|
40
|
-
data = ""
|
|
41
|
-
|
|
42
|
-
begin
|
|
43
|
-
if @response.is_chunked?
|
|
44
|
-
Watobo::HTTPSocket.readChunkedBody(@socket) { |c|
|
|
45
|
-
data += c
|
|
46
|
-
}
|
|
47
|
-
elsif clen > 0
|
|
48
|
-
# puts "* read #{clen} bytes for body"
|
|
49
|
-
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen) { |c|
|
|
50
|
-
data += c
|
|
51
|
-
break if data.length == clen
|
|
52
|
-
}
|
|
53
|
-
elsif clen < 0
|
|
54
|
-
# puts "* no content-length information ... mmmmmpf"
|
|
55
|
-
# eofcount = 0
|
|
56
|
-
Watobo::HTTPSocket.read_body(@socket) do |c|
|
|
57
|
-
data += c
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
response.push data unless data.empty?
|
|
63
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
64
|
-
notify(:logout, self) if loggedOut?(response)
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
update_sids(request.host, response) if prefs[:update_sids] == true
|
|
68
|
-
return true
|
|
69
|
-
|
|
70
|
-
rescue => e
|
|
71
|
-
puts "! Could not read response"
|
|
72
|
-
puts e
|
|
73
|
-
# puts e.backtrace
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
return false
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
def read_header( prefs={} )
|
|
80
|
-
|
|
81
|
-
header = []
|
|
82
|
-
msg = nil
|
|
83
|
-
begin
|
|
84
|
-
Watobo::HTTPSocket.read_header(@socket) do |line|
|
|
85
|
-
#puts line
|
|
86
|
-
# puts line.unpack("H*")
|
|
87
|
-
header << line
|
|
88
|
-
end
|
|
89
|
-
rescue Errno::ECONNRESET
|
|
90
|
-
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Connection Reset By Peer</body></html>"
|
|
91
|
-
rescue Timeout::Error
|
|
92
|
-
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Timeout</body></html>"
|
|
93
|
-
rescue => bang
|
|
94
|
-
puts "!ERROR: read_header"
|
|
95
|
-
return nil
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
header = [ "HTTP/1.1 502 Bad Gateway\r\n", "Server: WATOBO\r\n", "Content-Length: #{msg.length.to_i}\r\n", "Content-Type: text/html\r\n", "\r\n", "#{msg}" ] unless msg.nil?
|
|
99
|
-
|
|
100
|
-
response = Watobo::Response.new header
|
|
101
|
-
# update_sids(header)
|
|
102
|
-
|
|
103
|
-
# update_sids(request.site, response) if prefs[:update_sids] == true
|
|
104
|
-
|
|
105
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
106
|
-
notify(:logout, self) if loggedOut?(response)
|
|
107
|
-
end
|
|
108
|
-
|
|
109
|
-
return response
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
def sslConnect(tcp_socket, current_prefs = {} )
|
|
113
|
-
begin
|
|
114
|
-
|
|
115
|
-
ctx = OpenSSL::SSL::SSLContext.new()
|
|
116
|
-
ctx.ciphers = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
|
|
117
|
-
|
|
118
|
-
if current_prefs.has_key? :ssl_client_cert and current_prefs.has_key? :ssl_client_key
|
|
119
|
-
|
|
120
|
-
ctx.cert = current_prefs[:ssl_client_cert]
|
|
121
|
-
ctx.key = current_prefs[:ssl_client_key]
|
|
122
|
-
if $DEBUG
|
|
123
|
-
puts "[SSLconnect] Client Certificates"
|
|
124
|
-
puts "= CERT ="
|
|
125
|
-
# puts @ctx.cert.methods.sort
|
|
126
|
-
puts ctx.cert.display
|
|
127
|
-
puts "---"
|
|
128
|
-
puts "= KEY ="
|
|
129
|
-
puts ctx.key.display
|
|
130
|
-
puts "---"
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
|
|
134
|
-
@socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
135
|
-
@socket.sync_close = true
|
|
136
|
-
|
|
137
|
-
@socket.connect
|
|
138
|
-
@socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
139
|
-
puts "[SSLconnect]: #{@socket.state}" if $DEBUG
|
|
140
|
-
return socket
|
|
141
|
-
rescue => bang
|
|
142
|
-
if current_prefs[:ssl_cipher].nil?
|
|
143
|
-
puts "[SSLconnect] ... gr#!..*peep*.. "
|
|
144
|
-
puts bang
|
|
145
|
-
puts bang.backtrace if $DEBUG
|
|
146
|
-
end
|
|
147
|
-
end
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
# SSLProxyConnect
|
|
151
|
-
# return SSLSocket, ResponseHeader of ConnectionSetup
|
|
152
|
-
# On error SSLSocket is nil
|
|
153
|
-
def sslProxyConnect( prefs )
|
|
154
|
-
begin
|
|
155
|
-
tcp_socket = nil
|
|
156
|
-
response_header = []
|
|
157
|
-
|
|
158
|
-
request = @request.copy
|
|
159
|
-
|
|
160
|
-
# timeout(6) do
|
|
161
|
-
|
|
162
|
-
tcp_socket = TCPSocket.new( @proxy.host, @proxy.port)
|
|
163
|
-
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
164
|
-
tcp_socket.sync = true
|
|
165
|
-
|
|
166
|
-
# setup request
|
|
167
|
-
dummy = "CONNECT #{request.host}:#{request.port} HTTP/1.0\r\n"
|
|
168
|
-
request.shift
|
|
169
|
-
request.unshift dummy
|
|
170
|
-
|
|
171
|
-
request.removeHeader("Proxy-Connection")
|
|
172
|
-
request.removeHeader("Connection")
|
|
173
|
-
request.removeHeader("Content-Length")
|
|
174
|
-
request.removeBody()
|
|
175
|
-
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
176
|
-
request.addHeader("Pragma", "no-cache")
|
|
177
|
-
|
|
178
|
-
# puts "=== sslProxyConnect ==="
|
|
179
|
-
# puts request
|
|
180
|
-
|
|
181
|
-
if proxy.has_login?
|
|
182
|
-
case proxy.auth_type
|
|
183
|
-
when AUTH_TYPE_NTLM
|
|
184
|
-
|
|
185
|
-
t1 = Watobo::NTLM::Message::Type1.new()
|
|
186
|
-
msg = "NTLM " + t1.encode64
|
|
187
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
188
|
-
|
|
189
|
-
if $DEBUG
|
|
190
|
-
puts "============= PROXY NTLM: T1 ======================="
|
|
191
|
-
puts request
|
|
192
|
-
puts "---"
|
|
193
|
-
end
|
|
194
|
-
data = request.join + "\r\n"
|
|
195
|
-
|
|
196
|
-
tcp_socket.print data
|
|
197
|
-
# puts "-----------------"
|
|
198
|
-
cl = 0
|
|
199
|
-
ntlm_challenge = nil
|
|
200
|
-
while (line = tcp_socket.gets)
|
|
201
|
-
response_header.push line
|
|
202
|
-
puts line if $DEBUG
|
|
203
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
204
|
-
rcode = $1.to_i
|
|
205
|
-
rmsg = $2
|
|
206
|
-
end
|
|
207
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
208
|
-
ntlm_challenge = $2
|
|
209
|
-
end
|
|
210
|
-
if line =~ /^Content-Length: (\d*)/i
|
|
211
|
-
cl = $1.to_i
|
|
212
|
-
end
|
|
213
|
-
break if line.strip.empty?
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
if cl > 0
|
|
218
|
-
Watobo::HTTPSocket.read_body(tcp_socket) { |d|
|
|
219
|
-
# puts d
|
|
220
|
-
}
|
|
221
|
-
end
|
|
222
|
-
|
|
223
|
-
if rcode == 200 # Ok
|
|
224
|
-
puts "* seems proxy doesn't require authentication"
|
|
225
|
-
socket = sslConnect(tcp_socket, prefs)
|
|
226
|
-
return socket, response_header
|
|
227
|
-
end
|
|
228
|
-
|
|
229
|
-
return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
230
|
-
|
|
231
|
-
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
232
|
-
t3 = t2.response( { :user => proxy.username,
|
|
233
|
-
:password => proxy.password,
|
|
234
|
-
:domain => proxy.domain },
|
|
235
|
-
{ :workstation => proxy.workstation, :ntlmv2 => true } )
|
|
236
|
-
request.removeHeader("Proxy-Authorization")
|
|
237
|
-
|
|
238
|
-
msg = "NTLM " + t3.encode64
|
|
239
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
240
|
-
|
|
241
|
-
data = request.join + "\r\n"
|
|
242
|
-
if $DEBUG
|
|
243
|
-
puts "============= T3 ======================="
|
|
244
|
-
puts data
|
|
245
|
-
puts "---"
|
|
246
|
-
end
|
|
247
|
-
|
|
248
|
-
tcp_socket.print data
|
|
249
|
-
# puts "-----------------"
|
|
250
|
-
|
|
251
|
-
response_header = []
|
|
252
|
-
rcode = 0
|
|
253
|
-
response_header = read_header(@socket)
|
|
254
|
-
rcode = response_header.status
|
|
255
|
-
if rcode =~/^200/ # Ok
|
|
256
|
-
puts "[ProxyAuth-NTLM] Authorization Successful" if $DEBUG
|
|
257
|
-
socket = sslConnect(tcp_socket, prefs)
|
|
258
|
-
return socket, response_header
|
|
259
|
-
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
260
|
-
# if rcode is still 407 authentication didn't work -> break
|
|
261
|
-
msg = "NTLM-Authentication failed!"
|
|
262
|
-
puts "[ProxyAuth-NTLM] #{msg}" if $DEBUG
|
|
263
|
-
return nil, msg
|
|
264
|
-
else
|
|
265
|
-
puts "[SSLconnect] NTLM Authentication"
|
|
266
|
-
puts "> #{rcode} <"
|
|
267
|
-
return nil, response_header
|
|
268
|
-
end
|
|
269
|
-
end
|
|
270
|
-
end # END OF PROXY AUTH
|
|
271
|
-
|
|
272
|
-
# Start ProxyConnect Without Authentication
|
|
273
|
-
data = request.join + "\r\n"
|
|
274
|
-
tcp_socket.print data
|
|
275
|
-
# puts "-----------------"
|
|
276
|
-
|
|
277
|
-
response_header = []
|
|
278
|
-
response_header = readHTTPHeader(@socket)
|
|
279
|
-
rcode = response_header.status
|
|
280
|
-
if rcode =~ /^200/ # Ok
|
|
281
|
-
# puts "* proxy connection successfull"
|
|
282
|
-
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
283
|
-
# if rcode is still 407 authentication didn't work -> break
|
|
284
|
-
|
|
285
|
-
else
|
|
286
|
-
puts "[SSLconnect] Response Status"
|
|
287
|
-
puts "> #{rcode} <"
|
|
288
|
-
end
|
|
289
|
-
|
|
290
|
-
socket = sslConnect(@socket, prefs)
|
|
291
|
-
return socket, response_header
|
|
292
|
-
rescue => bang
|
|
293
|
-
puts bang
|
|
294
|
-
return nil, error_response(bang)
|
|
295
|
-
end
|
|
296
|
-
# return nil, nil
|
|
297
|
-
end
|
|
298
|
-
|
|
299
|
-
# proxyAuthNTLM
|
|
300
|
-
# returns: ResponseHeaders
|
|
301
|
-
def proxyAuthNTLM()
|
|
302
|
-
|
|
303
|
-
request = @request.copy
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
request.removeHeader("Proxy-Authorization")
|
|
307
|
-
request.removeHeader("Proxy-Connection")
|
|
308
|
-
|
|
309
|
-
response_header = []
|
|
310
|
-
|
|
311
|
-
ntlm_challenge = nil
|
|
312
|
-
t1 = Watobo::NTLM::Message::Type1.new()
|
|
313
|
-
msg = "NTLM " + t1.encode64
|
|
314
|
-
|
|
315
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
316
|
-
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
317
|
-
|
|
318
|
-
# puts "============= T1 ======================="
|
|
319
|
-
# puts auth_request
|
|
320
|
-
data = request.join + "\r\n"
|
|
321
|
-
|
|
322
|
-
@socket.print data
|
|
323
|
-
# puts "-----------------"
|
|
324
|
-
response_header = readHTTPHeader(@socket)
|
|
325
|
-
rcode = nil
|
|
326
|
-
rmsg = nil
|
|
327
|
-
ntlm_challenge = nil
|
|
328
|
-
clen = 0
|
|
329
|
-
response_header.each do |line|
|
|
330
|
-
# puts line
|
|
331
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
332
|
-
rcode = $1.to_i
|
|
333
|
-
rmsg = $2
|
|
334
|
-
end
|
|
335
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
336
|
-
ntlm_challenge = $2
|
|
337
|
-
end
|
|
338
|
-
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
339
|
-
clen = $1.to_i
|
|
340
|
-
end
|
|
341
|
-
break if line.strip.empty?
|
|
342
|
-
end
|
|
343
|
-
|
|
344
|
-
#puts "* reading #{clen} bytes"
|
|
345
|
-
|
|
346
|
-
if rcode == 407 # ProxyAuthentication Required
|
|
347
|
-
return response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
348
|
-
else
|
|
349
|
-
puts "* no proxy authentication required!"
|
|
350
|
-
return response_header
|
|
351
|
-
end
|
|
352
|
-
|
|
353
|
-
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen){ |d|
|
|
354
|
-
#puts d
|
|
355
|
-
}
|
|
356
|
-
|
|
357
|
-
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
358
|
-
t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
|
|
359
|
-
request.removeHeader("Proxy-Authorization")
|
|
360
|
-
# request.removeHeader("Proxy-Connection")
|
|
361
|
-
|
|
362
|
-
# request.addHeader("Proxy-Connection", "Close")
|
|
363
|
-
# request.addHeader("Pragma", "no-cache")
|
|
364
|
-
msg = "NTLM " + t3.encode64
|
|
365
|
-
request.addHeader("Proxy-Authorization", msg)
|
|
366
|
-
# puts "============= T3 ======================="
|
|
367
|
-
# puts request
|
|
368
|
-
# puts "------------------------"
|
|
369
|
-
data = request.join + "\r\n"
|
|
370
|
-
@socket.print data
|
|
371
|
-
|
|
372
|
-
response_header = readHTTPHeader(@socket)
|
|
373
|
-
response_header.each do |line|
|
|
374
|
-
# puts line
|
|
375
|
-
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
376
|
-
rcode = $1.to_i
|
|
377
|
-
rmsg = $2
|
|
378
|
-
end
|
|
379
|
-
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
380
|
-
ntlm_challenge = $2
|
|
381
|
-
end
|
|
382
|
-
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
383
|
-
clen = $1.to_i
|
|
384
|
-
end
|
|
385
|
-
break if line.strip.empty?
|
|
386
|
-
end
|
|
387
|
-
# Watobo::HTTPSocket.read_body(tcp_socket, :max_bytes => clen){ |d|
|
|
388
|
-
#puts d
|
|
389
|
-
# }
|
|
390
|
-
return response_header
|
|
391
|
-
end
|
|
392
|
-
|
|
393
|
-
#
|
|
394
|
-
# doProxyAuth
|
|
395
|
-
#
|
|
396
|
-
def doProxyAuth()
|
|
397
|
-
# puts "DO PROXY AUTH"
|
|
398
|
-
# puts proxy.to_yaml
|
|
399
|
-
response_headers = nil
|
|
400
|
-
case @proxy.auth_type
|
|
401
|
-
when AUTH_TYPE_NTLM
|
|
402
|
-
return proxyAuthNTLM()
|
|
403
|
-
|
|
404
|
-
end # END OF NTLM
|
|
405
|
-
|
|
406
|
-
end
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
end
|
|
410
|
-
end
|
|
411
|
-
end
|
|
2
|
+
module Watobo#:nodoc: all
|
|
3
|
+
module HTTPSocket
|
|
4
|
+
class Connection_UNUSED
|
|
5
|
+
|
|
6
|
+
include Watobo::Constants
|
|
7
|
+
extend Watobo::Subscriber
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
def initialize(request, prefs)
|
|
12
|
+
@request = request
|
|
13
|
+
@response = nil
|
|
14
|
+
|
|
15
|
+
@proxy = Watobo::ForwardingProxy.get(site)
|
|
16
|
+
|
|
17
|
+
unless @proxy.nil?
|
|
18
|
+
host = @proxy.host
|
|
19
|
+
port = @proxy.port
|
|
20
|
+
else
|
|
21
|
+
host = @request.host
|
|
22
|
+
port = @request.port
|
|
23
|
+
end
|
|
24
|
+
# check if hostname is valid and can be resolved
|
|
25
|
+
#hostip = IPSocket.getaddress(host)
|
|
26
|
+
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def read_body( prefs={} )
|
|
30
|
+
clen = @response.content_length
|
|
31
|
+
data = ""
|
|
32
|
+
|
|
33
|
+
begin
|
|
34
|
+
if @response.is_chunked?
|
|
35
|
+
Watobo::HTTPSocket.readChunkedBody(@socket) { |c|
|
|
36
|
+
data += c
|
|
37
|
+
}
|
|
38
|
+
elsif clen > 0
|
|
39
|
+
# puts "* read #{clen} bytes for body"
|
|
40
|
+
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen) { |c|
|
|
41
|
+
data += c
|
|
42
|
+
break if data.length == clen
|
|
43
|
+
}
|
|
44
|
+
elsif clen < 0
|
|
45
|
+
# puts "* no content-length information ... mmmmmpf"
|
|
46
|
+
# eofcount = 0
|
|
47
|
+
Watobo::HTTPSocket.read_body(@socket) do |c|
|
|
48
|
+
data += c
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
response.push data unless data.empty?
|
|
54
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
55
|
+
notify(:logout, self) if loggedOut?(response)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
update_sids(request.host, response) if prefs[:update_sids] == true
|
|
59
|
+
return true
|
|
60
|
+
|
|
61
|
+
rescue => e
|
|
62
|
+
puts "! Could not read response"
|
|
63
|
+
puts e
|
|
64
|
+
# puts e.backtrace
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
return false
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def read_header( prefs={} )
|
|
71
|
+
|
|
72
|
+
header = []
|
|
73
|
+
msg = nil
|
|
74
|
+
begin
|
|
75
|
+
Watobo::HTTPSocket.read_header(@socket) do |line|
|
|
76
|
+
#puts line
|
|
77
|
+
# puts line.unpack("H*")
|
|
78
|
+
header << line
|
|
79
|
+
end
|
|
80
|
+
rescue Errno::ECONNRESET
|
|
81
|
+
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Connection Reset By Peer</body></html>"
|
|
82
|
+
rescue Timeout::Error
|
|
83
|
+
msg = "<html><head><title>WATOBO</title></head><body>WATOBO: Timeout</body></html>"
|
|
84
|
+
rescue => bang
|
|
85
|
+
puts "!ERROR: read_header"
|
|
86
|
+
return nil
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
header = [ "HTTP/1.1 502 Bad Gateway\r\n", "Server: WATOBO\r\n", "Content-Length: #{msg.length.to_i}\r\n", "Content-Type: text/html\r\n", "\r\n", "#{msg}" ] unless msg.nil?
|
|
90
|
+
|
|
91
|
+
response = Watobo::Response.new header
|
|
92
|
+
# update_sids(header)
|
|
93
|
+
|
|
94
|
+
# update_sids(request.site, response) if prefs[:update_sids] == true
|
|
95
|
+
|
|
96
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
|
97
|
+
notify(:logout, self) if loggedOut?(response)
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
return response
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
def sslConnect(tcp_socket, current_prefs = {} )
|
|
104
|
+
begin
|
|
105
|
+
|
|
106
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
|
107
|
+
ctx.ciphers = current_prefs[:ssl_cipher] if current_prefs.has_key? :ssl_cipher
|
|
108
|
+
|
|
109
|
+
if current_prefs.has_key? :ssl_client_cert and current_prefs.has_key? :ssl_client_key
|
|
110
|
+
|
|
111
|
+
ctx.cert = current_prefs[:ssl_client_cert]
|
|
112
|
+
ctx.key = current_prefs[:ssl_client_key]
|
|
113
|
+
if $DEBUG
|
|
114
|
+
puts "[SSLconnect] Client Certificates"
|
|
115
|
+
puts "= CERT ="
|
|
116
|
+
# puts @ctx.cert.methods.sort
|
|
117
|
+
puts ctx.cert.display
|
|
118
|
+
puts "---"
|
|
119
|
+
puts "= KEY ="
|
|
120
|
+
puts ctx.key.display
|
|
121
|
+
puts "---"
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
@socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
126
|
+
@socket.sync_close = true
|
|
127
|
+
|
|
128
|
+
@socket.connect
|
|
129
|
+
@socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
130
|
+
puts "[SSLconnect]: #{@socket.state}" if $DEBUG
|
|
131
|
+
return socket
|
|
132
|
+
rescue => bang
|
|
133
|
+
if current_prefs[:ssl_cipher].nil?
|
|
134
|
+
puts "[SSLconnect] ... gr#!..*peep*.. "
|
|
135
|
+
puts bang
|
|
136
|
+
puts bang.backtrace if $DEBUG
|
|
137
|
+
end
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
# SSLProxyConnect
|
|
142
|
+
# return SSLSocket, ResponseHeader of ConnectionSetup
|
|
143
|
+
# On error SSLSocket is nil
|
|
144
|
+
def sslProxyConnect( prefs )
|
|
145
|
+
begin
|
|
146
|
+
tcp_socket = nil
|
|
147
|
+
response_header = []
|
|
148
|
+
|
|
149
|
+
request = @request.copy
|
|
150
|
+
|
|
151
|
+
# timeout(6) do
|
|
152
|
+
|
|
153
|
+
tcp_socket = TCPSocket.new( @proxy.host, @proxy.port)
|
|
154
|
+
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
155
|
+
tcp_socket.sync = true
|
|
156
|
+
|
|
157
|
+
# setup request
|
|
158
|
+
dummy = "CONNECT #{request.host}:#{request.port} HTTP/1.0\r\n"
|
|
159
|
+
request.shift
|
|
160
|
+
request.unshift dummy
|
|
161
|
+
|
|
162
|
+
request.removeHeader("Proxy-Connection")
|
|
163
|
+
request.removeHeader("Connection")
|
|
164
|
+
request.removeHeader("Content-Length")
|
|
165
|
+
request.removeBody()
|
|
166
|
+
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
167
|
+
request.addHeader("Pragma", "no-cache")
|
|
168
|
+
|
|
169
|
+
# puts "=== sslProxyConnect ==="
|
|
170
|
+
# puts request
|
|
171
|
+
|
|
172
|
+
if proxy.has_login?
|
|
173
|
+
case proxy.auth_type
|
|
174
|
+
when AUTH_TYPE_NTLM
|
|
175
|
+
|
|
176
|
+
t1 = Watobo::NTLM::Message::Type1.new()
|
|
177
|
+
msg = "NTLM " + t1.encode64
|
|
178
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
179
|
+
|
|
180
|
+
if $DEBUG
|
|
181
|
+
puts "============= PROXY NTLM: T1 ======================="
|
|
182
|
+
puts request
|
|
183
|
+
puts "---"
|
|
184
|
+
end
|
|
185
|
+
data = request.join + "\r\n"
|
|
186
|
+
|
|
187
|
+
tcp_socket.print data
|
|
188
|
+
# puts "-----------------"
|
|
189
|
+
cl = 0
|
|
190
|
+
ntlm_challenge = nil
|
|
191
|
+
while (line = tcp_socket.gets)
|
|
192
|
+
response_header.push line
|
|
193
|
+
puts line if $DEBUG
|
|
194
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
195
|
+
rcode = $1.to_i
|
|
196
|
+
rmsg = $2
|
|
197
|
+
end
|
|
198
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
199
|
+
ntlm_challenge = $2
|
|
200
|
+
end
|
|
201
|
+
if line =~ /^Content-Length: (\d*)/i
|
|
202
|
+
cl = $1.to_i
|
|
203
|
+
end
|
|
204
|
+
break if line.strip.empty?
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
|
|
208
|
+
if cl > 0
|
|
209
|
+
Watobo::HTTPSocket.read_body(tcp_socket) { |d|
|
|
210
|
+
# puts d
|
|
211
|
+
}
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
if rcode == 200 # Ok
|
|
215
|
+
puts "* seems proxy doesn't require authentication"
|
|
216
|
+
socket = sslConnect(tcp_socket, prefs)
|
|
217
|
+
return socket, response_header
|
|
218
|
+
end
|
|
219
|
+
|
|
220
|
+
return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
221
|
+
|
|
222
|
+
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
223
|
+
t3 = t2.response( { :user => proxy.username,
|
|
224
|
+
:password => proxy.password,
|
|
225
|
+
:domain => proxy.domain },
|
|
226
|
+
{ :workstation => proxy.workstation, :ntlmv2 => true } )
|
|
227
|
+
request.removeHeader("Proxy-Authorization")
|
|
228
|
+
|
|
229
|
+
msg = "NTLM " + t3.encode64
|
|
230
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
231
|
+
|
|
232
|
+
data = request.join + "\r\n"
|
|
233
|
+
if $DEBUG
|
|
234
|
+
puts "============= T3 ======================="
|
|
235
|
+
puts data
|
|
236
|
+
puts "---"
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
tcp_socket.print data
|
|
240
|
+
# puts "-----------------"
|
|
241
|
+
|
|
242
|
+
response_header = []
|
|
243
|
+
rcode = 0
|
|
244
|
+
response_header = read_header(@socket)
|
|
245
|
+
rcode = response_header.status
|
|
246
|
+
if rcode =~/^200/ # Ok
|
|
247
|
+
puts "[ProxyAuth-NTLM] Authorization Successful" if $DEBUG
|
|
248
|
+
socket = sslConnect(tcp_socket, prefs)
|
|
249
|
+
return socket, response_header
|
|
250
|
+
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
251
|
+
# if rcode is still 407 authentication didn't work -> break
|
|
252
|
+
msg = "NTLM-Authentication failed!"
|
|
253
|
+
puts "[ProxyAuth-NTLM] #{msg}" if $DEBUG
|
|
254
|
+
return nil, msg
|
|
255
|
+
else
|
|
256
|
+
puts "[SSLconnect] NTLM Authentication"
|
|
257
|
+
puts "> #{rcode} <"
|
|
258
|
+
return nil, response_header
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
end # END OF PROXY AUTH
|
|
262
|
+
|
|
263
|
+
# Start ProxyConnect Without Authentication
|
|
264
|
+
data = request.join + "\r\n"
|
|
265
|
+
tcp_socket.print data
|
|
266
|
+
# puts "-----------------"
|
|
267
|
+
|
|
268
|
+
response_header = []
|
|
269
|
+
response_header = readHTTPHeader(@socket)
|
|
270
|
+
rcode = response_header.status
|
|
271
|
+
if rcode =~ /^200/ # Ok
|
|
272
|
+
# puts "* proxy connection successfull"
|
|
273
|
+
elsif rcode =~ /^407/ # ProxyAuthentication Required
|
|
274
|
+
# if rcode is still 407 authentication didn't work -> break
|
|
275
|
+
|
|
276
|
+
else
|
|
277
|
+
puts "[SSLconnect] Response Status"
|
|
278
|
+
puts "> #{rcode} <"
|
|
279
|
+
end
|
|
280
|
+
|
|
281
|
+
socket = sslConnect(@socket, prefs)
|
|
282
|
+
return socket, response_header
|
|
283
|
+
rescue => bang
|
|
284
|
+
puts bang
|
|
285
|
+
return nil, error_response(bang)
|
|
286
|
+
end
|
|
287
|
+
# return nil, nil
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
# proxyAuthNTLM
|
|
291
|
+
# returns: ResponseHeaders
|
|
292
|
+
def proxyAuthNTLM()
|
|
293
|
+
|
|
294
|
+
request = @request.copy
|
|
295
|
+
|
|
296
|
+
|
|
297
|
+
request.removeHeader("Proxy-Authorization")
|
|
298
|
+
request.removeHeader("Proxy-Connection")
|
|
299
|
+
|
|
300
|
+
response_header = []
|
|
301
|
+
|
|
302
|
+
ntlm_challenge = nil
|
|
303
|
+
t1 = Watobo::NTLM::Message::Type1.new()
|
|
304
|
+
msg = "NTLM " + t1.encode64
|
|
305
|
+
|
|
306
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
307
|
+
request.addHeader("Proxy-Connection", "Keep-Alive")
|
|
308
|
+
|
|
309
|
+
# puts "============= T1 ======================="
|
|
310
|
+
# puts auth_request
|
|
311
|
+
data = request.join + "\r\n"
|
|
312
|
+
|
|
313
|
+
@socket.print data
|
|
314
|
+
# puts "-----------------"
|
|
315
|
+
response_header = readHTTPHeader(@socket)
|
|
316
|
+
rcode = nil
|
|
317
|
+
rmsg = nil
|
|
318
|
+
ntlm_challenge = nil
|
|
319
|
+
clen = 0
|
|
320
|
+
response_header.each do |line|
|
|
321
|
+
# puts line
|
|
322
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
323
|
+
rcode = $1.to_i
|
|
324
|
+
rmsg = $2
|
|
325
|
+
end
|
|
326
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
327
|
+
ntlm_challenge = $2
|
|
328
|
+
end
|
|
329
|
+
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
330
|
+
clen = $1.to_i
|
|
331
|
+
end
|
|
332
|
+
break if line.strip.empty?
|
|
333
|
+
end
|
|
334
|
+
|
|
335
|
+
#puts "* reading #{clen} bytes"
|
|
336
|
+
|
|
337
|
+
if rcode == 407 # ProxyAuthentication Required
|
|
338
|
+
return response_header if ntlm_challenge.nil? or ntlm_challenge == ""
|
|
339
|
+
else
|
|
340
|
+
puts "* no proxy authentication required!"
|
|
341
|
+
return response_header
|
|
342
|
+
end
|
|
343
|
+
|
|
344
|
+
Watobo::HTTPSocket.read_body(@socket, :max_bytes => clen){ |d|
|
|
345
|
+
#puts d
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
|
|
349
|
+
t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
|
|
350
|
+
request.removeHeader("Proxy-Authorization")
|
|
351
|
+
# request.removeHeader("Proxy-Connection")
|
|
352
|
+
|
|
353
|
+
# request.addHeader("Proxy-Connection", "Close")
|
|
354
|
+
# request.addHeader("Pragma", "no-cache")
|
|
355
|
+
msg = "NTLM " + t3.encode64
|
|
356
|
+
request.addHeader("Proxy-Authorization", msg)
|
|
357
|
+
# puts "============= T3 ======================="
|
|
358
|
+
# puts request
|
|
359
|
+
# puts "------------------------"
|
|
360
|
+
data = request.join + "\r\n"
|
|
361
|
+
@socket.print data
|
|
362
|
+
|
|
363
|
+
response_header = readHTTPHeader(@socket)
|
|
364
|
+
response_header.each do |line|
|
|
365
|
+
# puts line
|
|
366
|
+
if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
|
|
367
|
+
rcode = $1.to_i
|
|
368
|
+
rmsg = $2
|
|
369
|
+
end
|
|
370
|
+
if line =~ /^Proxy-Authenticate: (NTLM) (.+)\r\n/
|
|
371
|
+
ntlm_challenge = $2
|
|
372
|
+
end
|
|
373
|
+
if line =~ /^Content-Length: (\d{1,})\r\n/
|
|
374
|
+
clen = $1.to_i
|
|
375
|
+
end
|
|
376
|
+
break if line.strip.empty?
|
|
377
|
+
end
|
|
378
|
+
# Watobo::HTTPSocket.read_body(tcp_socket, :max_bytes => clen){ |d|
|
|
379
|
+
#puts d
|
|
380
|
+
# }
|
|
381
|
+
return response_header
|
|
382
|
+
end
|
|
383
|
+
|
|
384
|
+
#
|
|
385
|
+
# doProxyAuth
|
|
386
|
+
#
|
|
387
|
+
def doProxyAuth()
|
|
388
|
+
# puts "DO PROXY AUTH"
|
|
389
|
+
# puts proxy.to_yaml
|
|
390
|
+
response_headers = nil
|
|
391
|
+
case @proxy.auth_type
|
|
392
|
+
when AUTH_TYPE_NTLM
|
|
393
|
+
return proxyAuthNTLM()
|
|
394
|
+
|
|
395
|
+
end # END OF NTLM
|
|
396
|
+
|
|
397
|
+
end
|
|
398
|
+
|
|
399
|
+
|
|
400
|
+
end
|
|
401
|
+
end
|
|
402
|
+
end
|