watobo 0.9.8.677 → 0.9.8.680

data/.yardopts

@@ -0,0 +1,3 @@
+--no-private
+*.xxx
+- CHANGELOG

data/CHANGELOG

@@ -0,0 +1,141 @@
+= Version 0.9.8
+== NEW
+* Ruby 1.9 Support - no more 1.8 don't even try it ;)
+* WATOBO available as a Gem
+* Reorganisation of WATOBO settings files.
+* Reorganisation of WATOBO project.
+* Introduced Framework capabilities
+* Changed version numbering for Gem compatibility
+* SSLChecker-Plugin: nicer gui, now you can scan a site which is not already in conversation list
+* Conversation-Table: better search features, e.g. URL, Request or Response
+* Chat-Viewer: added a 'save'-button to save the response's body to a file, e.g. save a flash file for further investigations
+* Scanner: now follows 302-redirects - this option is only available via QuickScan
+* GUI: purge (multiple) findings is possibel via FindingsTree
+
+== Fixes
+* lib/mixin/request_parser.rb: fixed file handling
+* fixed pattern for detecting file upload fields
+* optimized "tagless" view
+* optimized lots of threading stuff, e.g. progress bars, log-windows, ...
+* lib/qGui: changed progress_window 
+
+= Version 0.9.7 Revision 534
+== NEW
+* MasterPassword for encrypting Proxy- and WWW-Auth-Passwords
+* Hotkey-Help: Press F1 to view all Hotkeys for the focused widget!!! Works in ManualRequestEditor, Interceptor, ChatViewers
+* Interceptor: Intercept Filters, Editor, Hotkeys - almost complete rewrite!!!
+* Passive Module: 'DOM XSS' - checks for javascript code which manipulates DOM and may be misused for XSS
+* Passive Module: 'Detect One-Time-Tokens' - checks for parameters which may be used to prevent CSRF-Attacks
+* ManualRequest Following Redirects Automatically (optional)
+* ManualRequest: Added Hotkeys for 'send' (ctrl-enter) and transcoding ctrl-[shift]-b (base64), ctrl-[shift]-u (url)
+* ManualRequest: new Transform 'Get -> Post'
+* TableEditor: Added Hotkeys; ctrl-[shift]-b (base64), ctrl-[shift]-u (url), ctrl-enter (send request)
+* Passive Module: 'Detect Code' - Now also checks for ASP-Snippets
+* ConversationTable: added SSL-Icon
+* TextView: added Match-Navigation for 'Highlight'- and 'Grep'-Filter
+* One-Time-Token-Dialog: Target chat is also visible for OTT-pattern creation.
+* WATOBO-Logo: watobo-48x48.png for nice desktop shortcuts/launchers ;)
+
+== Fixes
+* FullScan-Wizzard: Empty Scanlist
+* Fixed Typo in lib/utils/response_hash.rb (SmartHash)
+* Manual Request Editor: Add Parameter in TableView
+* ConversationTable: Fixed Error Cutting Of Last Char On Copy
+* ConversationTable: Now update 'comment' immediately in table 
+* Required BasicAuth will now be sent to browser
+* Module SQL_Boolean: Adding a Finding produced an error
+* FileFinder & CatalogScanner: 'Custom Error Patterns' are recognized
+* TableEditor: Fixed Parsing Problem - appended parms instead of replacing
+* Interceptor: Fixed handling of chunk-encoded server responses 
+* SmartHash: Fixed Reduction -> much faster and less false-positives on blindSQLi 
+
+
+= Version 0.9.6 Build 271
+== Fixes
+* Scanner: Scanner works without proxy 
+ 
+= Version 0.9.6 Build 270
+== Fixes
+* ProxyDialog: AddProxy-Crash
+* Scanner: No Probe For Target If Proxy Is Set
+* Session: Fixed NTLM-Authentication
+
+= Version 0.9.6
+  !! NOTE !!
+  Due to the import fix you can't import older WATOBO sessions!
+
+== NEW
+* General: Supports One-Time-Tokens (e.g. Anti-CSRF-Tokens)
+* General: NTLM Authentication (Server and Proxy)
+* New Plugin: FileFinder
+* GUI: switch the icon and text size for lower screen resolution
+* Manual Request Editor: Table-View for easier parameter manipulation
+
+== !!! CONTRIBUTIONS !!! :))
+  Hans-Martin Muench contributed two active-check modules:
+* modstatus.rb:
+* crossdomain.rb:
+
+== Minor Changes
+* slightly improved SQL-Injection (Simple)
+* now you can hide 404 and 302 in Sites Tree
+
+== Fixes
+* General: Fixed Import Problem ('inspect' data before YAML'izing)
+* General: Fixed "limitation" of forwarding proxy port length 4 -> 5, wtf???
+* General: Fixed EOF handling on socket operation 
+* Catalog Scan: now use forwarding proxy
+* Interceptor: Fixed Drop and Discard 
+
+== Minor Fixes
+* General: switched to unix style line breaks again * got lost somewhere ...
+* General: fixed path reference for already tested directories in HTTP-Methods and Dir-Walker (reported by Hans-Martin Muench)
+* General: fixed HashBang line in start_watobo.rb (reported by Achim Hoffmann)
+* GUI: changed appearance of History
+* Sites Tree: workaround for FXTreeList.findItem (bug?)
+* GUI: now counters get reset when new project is started   
+
+
+= Version 0.9.5
+== New
+* PassThrough for large responses or special content-types (Interceptor/Proxy)
+* Introduced Plugins
+* Introduced Full logging of Scans
+* Introduced Target-Scope
+* Introduced Quick-Filter in Sites-Tree-View
+* Introduced Scope-Filter-Option for conversation table
+* Introduced Request-Transform (POST->GET) for Manual Requests
+* New Plugin: Catalog-Scan
+* New Plugin: SSL-Check
+
+== Improvements/Bugfixes
+* using YAML for saving settings 
+* speedup of session-import
+* request/response-viewer: auto-reset on grep
+* fixed hash-calculation for findings in passive checks
+* fixed autoscroll not disable-able
+* fixed passive module "cookie-options"
+* fixed numRequests calculation in FuzzFile-Generator
+* fixed url-shaping if parameter contains /https?/
+* fixed button behaviour @interceptor
+
+= Version 0.9.2
+* NEW: History navigation (for Manual Requests Editor)
+* NEW: Fuzzer Engine
+* NEW: Differ usability improved
+* NEW: WATOBO now can run on Windows, Linux and MAC
+* FIX: fixed table-right-click crash
+* MISC: Redesign of chat-table-menu
+* MISC: Improved checks for recognizing proxy settings
+
+= Version 0.9.1-96
+* load fox16 problem fixed - hope not too many user were hit by this!
+* auto-save of proxy settings 
+* fixed some issues with the fuzzer
+
+= Version 0.9.1-95
+* fixed hash calculation for better blind-sql checks
+* added Differ for diffing chats (very nice)
+* added HexViewer (no editor yet)
+* open session/project by double clicking 
+* response get cut off after 

data/README

@@ -0,0 +1,79 @@
+
+= WATOBO - THE Web Application Toolbox
+WATOBO is a security tool for web applications. WATOBO is intended to enable security professionals to perform efficient (semi-automated) web application security audits.
+
+Most important features:
+* WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out. 
+* WATOBO can perform vulnerability checks out of the box. 
+* WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click. 
+* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily. 
+* WATOBO is written in (FX)Ruby and enables you to easiely define your own checks 
+* WATOBO is free software ( licensed under the GNU General Public License Version 2) 
+* It’s by siberas ;) 
+
+== Installation
+Please install Ruby 1.9.2+ first before you continue.
+
+Note: Ruby 1.8 is no longer supported!
+
+Note: WATOBO will not run under Ruby 1.8 anymore!
+
+Note: Please upgrade Ruby to 1.9.2+, because WATOBO will not run under Ruby 1.8!
+
+Note: Ruby 1.8 is crap, so get rid of it!
+
+... just want to be sure ;)
+
+=== Windows 7/Vista/XP
+  gem install watobo
+  
+=== BackTrack 5
+  gem install selenium-webdriver
+  gem install watobo
+
+=== Generic Linux (with APT)
+* Install Ruby via RVM
+* Setting up a build environment for linux
+Based on Lyle Johnsons tutorial https://github.com/lylejohnson/fxruby/wiki/Setting-Up-a-Linux-Build-Environment
+  apt-get -y install ruby-full
+  apt-get -y install install zlib1g-dev libbz2-dev libpng12-dev libjpeg62-dev libtiff4-dev
+  apt-get -y install zlib1g-dev libbz2-dev libpng12-dev libjpeg62-dev libtiff4-dev
+  apt-get -y install libx11-dev libglu1-xorg-dev libxcursor-dev libxext-dev libxrandr-dev libxft2-dev
+  apt-get -y install g++
+
+* Install the Fox-Toolkit libs
+Use version 1.6.44 only. The 1.7 branch is incompatible with fxruby!
+You can download it from the fox-tookit homepage http://www.fox-toolkit.org/
+  wget http://ftp.fox-toolkit.org/pub/fox-1.6.44.tar.gz
+  tar xzvf fox-1.6.44.tar.gz
+  cd fox-1.6.44
+  ./configure
+  make
+  make install
+  cd .. 
+
+* Install the Gems
+First install the selenium-webdriver gem which is necessary on xnix platforms for the browser preview feature of watobo.
+  gem install selenium-webdriver
+Finally install the watobo gem.
+  gem install watobo
+
+== Usage
+In your command prompt start WATOBO with the command:
+  watobo_gui.rb
+
+After starting WATOBO the interception proxy is listening on localhost:8081.
+     
+Configure your browser to use WATOBO as its proxy and visit the site you want to audit.
+       
+== Documentation
+Check the online (video) tutorials at http://watobo.sourceforge.net
+
+== Tips & Tricks
+* On Linux you should use RVM to install Ruby (http://beginrescueend.com/rvm/install/)
+* Use FoxyProxy or SwitchProxy to easily change your proxy settings
+
+	
+
+
+

data/lib/watobo/core/active_check.rb

@@ -298,11 +298,7 @@ module Watobo
       # puts chat.request.site
       tlist = []
       @inner_pool = []
-      dummy = Hash.new
       generateChecks(chat) do |check|
-        dummy[chat.id] ||= 0
-        dummy[chat.id] += 1
-        puts dummy.to_yaml
         unless @@status == :stopped
           @@pool_mutex.synchronize do
             while  @@check_count > @@max_checks or @@login_in_progress

data/lib/watobo/core/session.rb

@@ -65,8 +65,6 @@ include Watobo::Constants
       @@login_in_progress = false
       def subscribe(event, &callback)
         (@event_dispatcher_listeners[event] ||= []) << callback
-        #puts callback.class_
-        puts callback.object_id
       end
 
       def clearEvents(event)

data/lib/watobo/gui/conversation_table.rb

@@ -37,8 +37,6 @@ module Watobo
       
        def subscribe(event, &callback)
         (@event_dispatcher_listeners[event] ||= []) << callback
-        #puts callback.class_
-        puts callback.object_id
       end
 
       def clearEvents(event)

data/lib/watobo/gui/main_window.rb

@@ -367,8 +367,8 @@ module Watobo
           #puts @active_project.getWwwAuthentication().to_yaml
           Watobo::Conf::General.save_passwords = w3adlg.savePasswords?
           saveProjectSettings(@active_project)
-          save_default_settings(@active_project)
-          @iproxy.www_auth = @active_project.settings[:www_auth]
+          Watobo::Gui.save_default_settings(@active_project)
+          @iproxy.www_auth = @active_project.getWwwAuthentication()
           end
         puts "* new www_auth settings"
         # puts YAML.dump(@active_project.settings[:www_auth])

data/lib/watobo/gui/utils/save_session_settings.rb

@@ -19,3 +19,11 @@
 # along with WATOBO; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 # .
+module Watobo
+  module Gui
+    def self.save_session_settings()
+      puts "TODO: SAVE_SESSION_SETTINGS"
+      puts __FILE__
+    end
+  end
+end

data/lib/watobo/gui.rb

@@ -94,7 +94,6 @@ module Watobo
     end
     
     def self.active_project=(project)
-      puts "[GUI] Active Project; project.object_id"
       @active_project = project
     end
     

data/lib/watobo.rb

@@ -44,7 +44,7 @@ require 'watobo/framework'
 
 module Watobo
 
-  VERSION = "0.9.8.677"
+  VERSION = "0.9.8-680"
 
   def self.base_directory
     @base_directory ||= ""

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: watobo
 version: !ruby/object:Gem::Version
-  version: 0.9.8.677
+  version: 0.9.8.680
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-09 00:00:00.000000000Z
+date: 2012-04-10 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fxruby
-  requirement: &29516256 !ruby/object:Gem::Requirement
+  requirement: &24308700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *29516256
+  version_requirements: *24308700
 description: WATOBO is intended to enable security professionals to perform efficient
   (semi-automated ) web application security audits. It works like a local web proxy.
 email: watobo@siberas.de
@@ -288,6 +288,9 @@ files:
 - icons/Yellow Ball.ico
 - icons/Yellow Ball_16x16.ico
 - icons/Yellow Ball_24x24.ico
+- README
+- CHANGELOG
+- .yardopts
 - bin/watobo_gui.rb
 homepage: http://watobo.sourceforge.net
 licenses: []