watobo 0.9.8.677
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/watobo_gui.rb +39 -0
- data/certificates/cert.pem +19 -0
- data/certificates/privkey.pem +15 -0
- data/certificates/watobo_dh.key +5 -0
- data/config/datastore.yml +5 -0
- data/config/forwarding_proxy.yml +12 -0
- data/config/general.yml +4 -0
- data/config/gui.yml +23 -0
- data/config/interceptor.yml +16 -0
- data/config/scan_policy.yml +13 -0
- data/config/scanner.yml +34 -0
- data/icons/Add.ico +0 -0
- data/icons/Add_24x24.ico +0 -0
- data/icons/Bandwidth.ico +0 -0
- data/icons/Bandwidth_24x24.ico +0 -0
- data/icons/Mr. Bomb.ico +0 -0
- data/icons/Mr. Bomb_16x16.ico +0 -0
- data/icons/Mr. Bomb_24x24.ico +0 -0
- data/icons/Orange Ball.ico +0 -0
- data/icons/Orange Ball_16x16.ico +0 -0
- data/icons/Orange Ball_24x24.ico +0 -0
- data/icons/Pause.ico +0 -0
- data/icons/Play.ico +0 -0
- data/icons/Play_24x24.ico +0 -0
- data/icons/Red Ball.ico +0 -0
- data/icons/Red Ball_16x16.ico +0 -0
- data/icons/Red Ball_24x24.ico +0 -0
- data/icons/Run.ico +0 -0
- data/icons/Stop.ico +0 -0
- data/icons/Stop_24x24.ico +0 -0
- data/icons/Terminal.ico +0 -0
- data/icons/Transfer.ico +0 -0
- data/icons/Transfer_16x16.ico +0 -0
- data/icons/User.ico +0 -0
- data/icons/User_16x16.ico +0 -0
- data/icons/User_24x24.ico +0 -0
- data/icons/Web Browser.ico +0 -0
- data/icons/Web Browser_16x16.ico +0 -0
- data/icons/Write Document.ico +0 -0
- data/icons/Yellow Ball.ico +0 -0
- data/icons/Yellow Ball_16x16.ico +0 -0
- data/icons/Yellow Ball_24x24.ico +0 -0
- data/icons/advanced.ico +0 -0
- data/icons/advanced_16x16.ico +0 -0
- data/icons/advanced_24x24.ico +0 -0
- data/icons/applications.ico +0 -0
- data/icons/applications_16x16.ico +0 -0
- data/icons/applications_24x24.ico +0 -0
- data/icons/browser_16x16.ico +0 -0
- data/icons/browser_24x24.ico +0 -0
- data/icons/burn.ico +0 -0
- data/icons/burn_16x16.ico +0 -0
- data/icons/burn_24x24.ico +0 -0
- data/icons/calculator.ico +0 -0
- data/icons/calculator_24x24.ico +0 -0
- data/icons/cb_checked.ico +0 -0
- data/icons/cb_checked_orange.ico +0 -0
- data/icons/cb_unchecked.ico +0 -0
- data/icons/coin_24x24.ico +0 -0
- data/icons/conversation.ico +0 -0
- data/icons/conversation_24x24.ico +0 -0
- data/icons/engine.ico +0 -0
- data/icons/filter.ico +0 -0
- data/icons/folder.ico +0 -0
- data/icons/folder_16x16.ico +0 -0
- data/icons/fuzzer_16x16.ico +0 -0
- data/icons/fuzzer_24x24.ico +0 -0
- data/icons/go-down_16x16.png +0 -0
- data/icons/go-up_16x16.png +0 -0
- data/icons/help.ico +0 -0
- data/icons/help_16x16.ico +0 -0
- data/icons/help_24x24.ico +0 -0
- data/icons/iChat.ico +0 -0
- data/icons/iChat_16x16.ico +0 -0
- data/icons/iChat_24x24.ico +0 -0
- data/icons/icons.txt +3 -0
- data/icons/info.ico +0 -0
- data/icons/info_16x16.ico +0 -0
- data/icons/info_24x24.ico +0 -0
- data/icons/interceptor_24x24.ico +0 -0
- data/icons/lock.ico +0 -0
- data/icons/lock_12x12.ico +0 -0
- data/icons/lock_16x16.ico +0 -0
- data/icons/monitor.ico +0 -0
- data/icons/plugin.ico +0 -0
- data/icons/plugin_24x24.ico +0 -0
- data/icons/scan_16x16.png +0 -0
- data/icons/send.ico +0 -0
- data/icons/server.ico +0 -0
- data/icons/server_16x16.ico +0 -0
- data/icons/siberas_logo_x24.gif +0 -0
- data/icons/tag_blue_32x32.ico +0 -0
- data/icons/watobo-48x48.png +0 -0
- data/icons/watobo-logo.png +0 -0
- data/icons/watobo.ico +0 -0
- data/lib/watobo/adapters/data_store.rb +38 -0
- data/lib/watobo/adapters/file/file_store.rb +211 -0
- data/lib/watobo/adapters/session_store.rb +27 -0
- data/lib/watobo/adapters.rb +26 -0
- data/lib/watobo/config.rb +143 -0
- data/lib/watobo/constants.rb +92 -0
- data/lib/watobo/core/active_check.rb +404 -0
- data/lib/watobo/core/cookie.rb +69 -0
- data/lib/watobo/core/fuzz_gen.rb +160 -0
- data/lib/watobo/core/http_socket.rb +142 -0
- data/lib/watobo/core/interceptor.rb +729 -0
- data/lib/watobo/core/passive_check.rb +141 -0
- data/lib/watobo/core/project.rb +1058 -0
- data/lib/watobo/core/scanner.rb +396 -0
- data/lib/watobo/core/session.rb +1320 -0
- data/lib/watobo/core/simple_ca.rb +393 -0
- data/lib/watobo/core.rb +34 -0
- data/lib/watobo/defaults.rb +40 -0
- data/lib/watobo/external/diff/lcs/array.rb +42 -0
- data/lib/watobo/external/diff/lcs/block.rb +72 -0
- data/lib/watobo/external/diff/lcs/callbacks.rb +343 -0
- data/lib/watobo/external/diff/lcs/change.rb +190 -0
- data/lib/watobo/external/diff/lcs/hunk.rb +279 -0
- data/lib/watobo/external/diff/lcs/ldiff.rb +247 -0
- data/lib/watobo/external/diff/lcs/string.rb +40 -0
- data/lib/watobo/external/diff/lcs.rb +1124 -0
- data/lib/watobo/external/ntlm/ntlm.rb +797 -0
- data/lib/watobo/externals.rb +28 -0
- data/lib/watobo/framework/create_project.rb +55 -0
- data/lib/watobo/framework/init.rb +149 -0
- data/lib/watobo/framework/init_modules.rb +116 -0
- data/lib/watobo/framework/license_text.rb +50 -0
- data/lib/watobo/framework.rb +26 -0
- data/lib/watobo/gui/about_watobo.rb +68 -0
- data/lib/watobo/gui/browser_preview.rb +460 -0
- data/lib/watobo/gui/certificate_dialog.rb +132 -0
- data/lib/watobo/gui/chat_diff.rb +415 -0
- data/lib/watobo/gui/chatviewer_frame.rb +427 -0
- data/lib/watobo/gui/checkboxtree.rb +221 -0
- data/lib/watobo/gui/checks_policy_frame.rb +123 -0
- data/lib/watobo/gui/client_cert_dialog.rb +227 -0
- data/lib/watobo/gui/confirm_scan_dialog.rb +67 -0
- data/lib/watobo/gui/conversation_table.rb +386 -0
- data/lib/watobo/gui/conversation_table_ctrl.rb +175 -0
- data/lib/watobo/gui/csrf_token_dialog.rb +446 -0
- data/lib/watobo/gui/dashboard.rb +341 -0
- data/lib/watobo/gui/define_scope_frame.rb +380 -0
- data/lib/watobo/gui/edit_comment.rb +70 -0
- data/lib/watobo/gui/edit_scope_dialog.rb +69 -0
- data/lib/watobo/gui/finding_info.rb +212 -0
- data/lib/watobo/gui/findings_tree.rb +459 -0
- data/lib/watobo/gui/full_scan_dialog.rb +269 -0
- data/lib/watobo/gui/fuzzer_gui.rb +1522 -0
- data/lib/watobo/gui/hex_viewer.rb +106 -0
- data/lib/watobo/gui/interceptor_gui.rb +994 -0
- data/lib/watobo/gui/interceptor_settings_dialog.rb +201 -0
- data/lib/watobo/gui/log_viewer.rb +97 -0
- data/lib/watobo/gui/login_wizzard.rb +301 -0
- data/lib/watobo/gui/main_window.rb +1815 -0
- data/lib/watobo/gui/manual_request_editor.rb +1105 -0
- data/lib/watobo/gui/master_pw_dialog.rb +142 -0
- data/lib/watobo/gui/password_policy_dialog.rb +98 -0
- data/lib/watobo/gui/plugin/base.rb +82 -0
- data/lib/watobo/gui/plugin_board.rb +95 -0
- data/lib/watobo/gui/preferences_dialog.rb +116 -0
- data/lib/watobo/gui/progress_window.rb +102 -0
- data/lib/watobo/gui/project_wizzard.rb +369 -0
- data/lib/watobo/gui/proxy_dialog.rb +550 -0
- data/lib/watobo/gui/quick_scan_dialog.rb +242 -0
- data/lib/watobo/gui/request_editor.rb +480 -0
- data/lib/watobo/gui/save_chat_dialog.rb +158 -0
- data/lib/watobo/gui/scanner_settings_dialog.rb +360 -0
- data/lib/watobo/gui/select_chat_dialog.rb +169 -0
- data/lib/watobo/gui/session_management_dialog.rb +688 -0
- data/lib/watobo/gui/sites_tree.rb +347 -0
- data/lib/watobo/gui/status_bar.rb +88 -0
- data/lib/watobo/gui/table_editor.rb +445 -0
- data/lib/watobo/gui/tagless_viewer.rb +62 -0
- data/lib/watobo/gui/templates/plugin.rb +80 -0
- data/lib/watobo/gui/templates/plugin2.rb +103 -0
- data/lib/watobo/gui/text_viewer.rb +247 -0
- data/lib/watobo/gui/transcoder_window.rb +215 -0
- data/lib/watobo/gui/utils/gui_utils.rb +129 -0
- data/lib/watobo/gui/utils/init_icons.rb +106 -0
- data/lib/watobo/gui/utils/load_icons.rb +54 -0
- data/lib/watobo/gui/utils/load_plugins.rb +94 -0
- data/lib/watobo/gui/utils/master_password.rb +90 -0
- data/lib/watobo/gui/utils/save_default_settings.rb +99 -0
- data/lib/watobo/gui/utils/save_project_settings.rb +21 -0
- data/lib/watobo/gui/utils/save_proxy_settings.rb +45 -0
- data/lib/watobo/gui/utils/save_session_settings.rb +21 -0
- data/lib/watobo/gui/utils/session_history.rb +134 -0
- data/lib/watobo/gui/workspace_dialog.rb +89 -0
- data/lib/watobo/gui/www_auth_dialog.rb +348 -0
- data/lib/watobo/gui/xml_viewer_frame.rb +114 -0
- data/lib/watobo/gui.rb +139 -0
- data/lib/watobo/mixins/httpparser.rb +664 -0
- data/lib/watobo/mixins/request_parser.rb +210 -0
- data/lib/watobo/mixins/shapers.rb +345 -0
- data/lib/watobo/mixins/transcoders.rb +88 -0
- data/lib/watobo/mixins.rb +32 -0
- data/lib/watobo/utils/check_regex.rb +36 -0
- data/lib/watobo/utils/copy_object.rb +29 -0
- data/lib/watobo/utils/crypto.rb +74 -0
- data/lib/watobo/utils/expand_range.rb +45 -0
- data/lib/watobo/utils/file_management.rb +73 -0
- data/lib/watobo/utils/load_chat.rb +219 -0
- data/lib/watobo/utils/load_icon.rb +47 -0
- data/lib/watobo/utils/print_debug.rb +34 -0
- data/lib/watobo/utils/response_hash.rb +143 -0
- data/lib/watobo/utils/secure_eval.rb +57 -0
- data/lib/watobo/utils/text2request.rb +96 -0
- data/lib/watobo/utils.rb +32 -0
- data/lib/watobo.rb +76 -0
- data/modules/active/Apache/mod_status.rb +123 -0
- data/modules/active/Flash/crossdomain.rb +102 -0
- data/modules/active/directories/dirwalker.rb +89 -0
- data/modules/active/discovery/fileextensions.rb +151 -0
- data/modules/active/discovery/http_methods.rb +135 -0
- data/modules/active/domino/domino_db.lst +164 -0
- data/modules/active/domino/domino_db.rb +128 -0
- data/modules/active/fileinclusion/lfi_simple.rb +134 -0
- data/modules/active/jboss/jboss_basic.rb +119 -0
- data/modules/active/sap/business_objects.rb +73 -0
- data/modules/active/sap/its_commands.rb +101 -0
- data/modules/active/sap/its_service_parameter.rb +105 -0
- data/modules/active/sap/its_services.rb +103 -0
- data/modules/active/sap/its_xss.rb +98 -0
- data/modules/active/sqlinjection/sql_boolean.rb +262 -0
- data/modules/active/sqlinjection/sqli_simple.rb +205 -0
- data/modules/active/xss/xss_simple.rb +179 -0
- data/modules/passive/cookie_options.rb +97 -0
- data/modules/passive/cookie_xss.rb +85 -0
- data/modules/passive/detect_code.rb +89 -0
- data/modules/passive/detect_fileupload.rb +80 -0
- data/modules/passive/detect_infrastructure.rb +98 -0
- data/modules/passive/detect_one_time_tokens.rb +86 -0
- data/modules/passive/dirindexing.rb +81 -0
- data/modules/passive/disclosure_emails.rb +82 -0
- data/modules/passive/disclosure_ipaddr.rb +87 -0
- data/modules/passive/filename_as_parameter.rb +85 -0
- data/modules/passive/form_spotter.rb +75 -0
- data/modules/passive/hotspots.rb +86 -0
- data/modules/passive/in_script_parameter.rb +92 -0
- data/modules/passive/multiple_server_headers.rb +98 -0
- data/modules/passive/possible_login.rb +134 -0
- data/modules/passive/redirect_url.rb +88 -0
- data/modules/passive/redirectionz.rb +96 -0
- data/modules/passive/xss_dom.rb +91 -0
- data/plugins/catalog/catalog.ico +0 -0
- data/plugins/catalog/catalog.rb +726 -0
- data/plugins/catalog/db_tests +6483 -0
- data/plugins/catalog/db_variables +29 -0
- data/plugins/filefinder/dbs/hbci.db +12 -0
- data/plugins/filefinder/filefinder.rb +602 -0
- data/plugins/sslchecker/cli/sslchecker_cli.rb +21 -0
- data/plugins/sslchecker/gui/cipher_table.rb +260 -0
- data/plugins/sslchecker/gui/gui.rb +245 -0
- data/plugins/sslchecker/gui/sslchecker.rb +26 -0
- data/plugins/sslchecker/icons/green_16x16.ico +0 -0
- data/plugins/sslchecker/icons/grey_16x16.ico +0 -0
- data/plugins/sslchecker/icons/red_16x16.ico +0 -0
- data/plugins/sslchecker/icons/sslchecker.ico +0 -0
- data/plugins/sslchecker/lib/check.rb +117 -0
- metadata +317 -0
@@ -0,0 +1,98 @@
|
|
1
|
+
# .
|
2
|
+
# multiple_server_headers.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Modules
|
24
|
+
module Passive
|
25
|
+
|
26
|
+
class Multiple_server_headers < Watobo::PassiveCheck
|
27
|
+
|
28
|
+
def initialize(project)
|
29
|
+
@project = project
|
30
|
+
super(project)
|
31
|
+
|
32
|
+
@info.update(
|
33
|
+
:check_name => 'Collect Server Headers', # name of check which briefly describes functionality, will be used for tree and progress views
|
34
|
+
:description => "Identify Server Header Information, e.g. Apache 6.x ", # description of checkfunction
|
35
|
+
:author => "Andreas Schmidt", # author of check
|
36
|
+
:version => "0.9" # check version
|
37
|
+
)
|
38
|
+
|
39
|
+
@finding.update(
|
40
|
+
:threat => 'Information about the system maybe revealed', # thread of vulnerability, e.g. loss of information
|
41
|
+
:class => "Server Headers", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
42
|
+
:type => FINDING_TYPE_INFO # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
43
|
+
)
|
44
|
+
|
45
|
+
@server_list = []
|
46
|
+
end
|
47
|
+
|
48
|
+
def do_test(chat)
|
49
|
+
begin
|
50
|
+
|
51
|
+
chat.response.headers.each do |header|
|
52
|
+
if header =~ /^server: (.*)/i then
|
53
|
+
server_banner = $1.strip
|
54
|
+
#server_banner.gsub!(/^[ ]+/,"")
|
55
|
+
|
56
|
+
unless @server_list.include?(chat.request.site + server_banner)
|
57
|
+
#puts "found different server header"
|
58
|
+
@server_list.push chat.request.site + server_banner
|
59
|
+
# puts "[#{chat.id}]: #{server_banner}"
|
60
|
+
addFinding(
|
61
|
+
:proof_pattern => "Server: #{server_banner}",
|
62
|
+
:chat => chat,
|
63
|
+
:title => server_banner
|
64
|
+
)
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
if header =~ /X-Powered-By: (.*)/i then
|
70
|
+
match = $1.strip
|
71
|
+
unless @server_list.include?(chat.request.site + match)
|
72
|
+
#puts "found different server header"
|
73
|
+
@server_list.push chat.request.site + match
|
74
|
+
# puts "[#{chat.id}]: #{server_banner}"
|
75
|
+
addFinding(
|
76
|
+
:proof_pattern => "#{match}",
|
77
|
+
:chat => chat,
|
78
|
+
:title => "#{match}"
|
79
|
+
)
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
|
86
|
+
end
|
87
|
+
rescue => bang
|
88
|
+
puts "ERROR!! #{Module.nesting[0].name}"
|
89
|
+
puts bang
|
90
|
+
puts bang.backtrace if $DEBUG
|
91
|
+
puts chat.request.url
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -0,0 +1,134 @@
|
|
1
|
+
# .
|
2
|
+
# possible_login.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Modules
|
24
|
+
module Passive
|
25
|
+
|
26
|
+
|
27
|
+
class Possible_login < Watobo::PassiveCheck
|
28
|
+
|
29
|
+
|
30
|
+
def initialize(project)
|
31
|
+
@project = project
|
32
|
+
super(project)
|
33
|
+
|
34
|
+
@info.update(
|
35
|
+
:check_name => 'Detect Logins', # name of check which briefly describes functionality, will be used for tree and progress views
|
36
|
+
:description => "Detect possible and also unencrypted logins.", # description of checkfunction
|
37
|
+
:author => "Andreas Schmidt", # author of check
|
38
|
+
:version => "0.9" # check version
|
39
|
+
)
|
40
|
+
|
41
|
+
@finding.update(
|
42
|
+
:threat => 'If login credentials are sent over an unencrypted channel, an attacker may eavesdrop these information.' # thread of vulnerability, e.g. loss of information
|
43
|
+
|
44
|
+
)
|
45
|
+
|
46
|
+
@check_name = "Detect Logins"
|
47
|
+
@description = "maybe usefull?"
|
48
|
+
|
49
|
+
|
50
|
+
@possible_login_patterns=%w[ (username) (password) (passwd) (pass) (uid) (userid) ]
|
51
|
+
end
|
52
|
+
|
53
|
+
def do_test(chat)
|
54
|
+
begin
|
55
|
+
# puts "running module: #{Module.nesting[0].name}"
|
56
|
+
all_parms = chat.request.post_parms
|
57
|
+
if all_parms
|
58
|
+
# puts all_parms
|
59
|
+
# resource = "/" + chat.request.resource
|
60
|
+
all_parms.each do |parm|
|
61
|
+
@possible_login_patterns.each do |pattern|
|
62
|
+
# puts "Testing pattern #{pattern} on postparms\r\n#{parm}"
|
63
|
+
if parm =~ /#{pattern}/i
|
64
|
+
match = $1
|
65
|
+
|
66
|
+
addFinding(
|
67
|
+
:class => "Logins", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
68
|
+
:type => FINDING_TYPE_HINT, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
69
|
+
:check_pattern => "#{parm}",
|
70
|
+
:chat => chat,
|
71
|
+
:title => "#{chat.request.path_ext}"
|
72
|
+
#:debug => true
|
73
|
+
)
|
74
|
+
# check for unecrypted transfer
|
75
|
+
|
76
|
+
if not chat.request.proto =~ /https/i
|
77
|
+
addFinding(
|
78
|
+
:class => "Unencrypted Logins", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
79
|
+
:type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
80
|
+
:check_pattern => "#{chat.request.proto}",
|
81
|
+
:chat => chat,
|
82
|
+
:rating => VULN_RATING_HIGH,
|
83
|
+
:title => "#{chat.request.path_ext}"
|
84
|
+
# :debug => true
|
85
|
+
)
|
86
|
+
end
|
87
|
+
|
88
|
+
# also check if session id has been redefined
|
89
|
+
puts "* check session managment"
|
90
|
+
old_cookies = chat.request.cookies.select do |rc|
|
91
|
+
cookie_old = true
|
92
|
+
chat.response.new_cookies do |nc|
|
93
|
+
if rc =~ /^#{nc.name}/
|
94
|
+
rc_name, rc_value = rc.split("=")
|
95
|
+
cookie_old = false unless rc_value == nc.value
|
96
|
+
end
|
97
|
+
puts ":#{rc} - #{nc.name} - #{cookie_old}"
|
98
|
+
end
|
99
|
+
puts ":#{rc} >> #{cookie_old}"
|
100
|
+
cookie_old
|
101
|
+
end
|
102
|
+
puts "old cookies (#{old_cookies.length})"
|
103
|
+
old_cookies.map do |c|
|
104
|
+
addFinding(
|
105
|
+
:class => "Session Managment", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
106
|
+
:type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
107
|
+
:check_pattern => "#{c}",
|
108
|
+
:chat => chat,
|
109
|
+
:rating => VULN_RATING_MEDIUM,
|
110
|
+
:title => "#{chat.request.path_ext}",
|
111
|
+
:threat => "Session Cookie has not been renewed after login. Session-Fixation attacks may be possible."
|
112
|
+
# :debug => true
|
113
|
+
)
|
114
|
+
end
|
115
|
+
|
116
|
+
return true
|
117
|
+
end
|
118
|
+
|
119
|
+
|
120
|
+
end
|
121
|
+
|
122
|
+
end
|
123
|
+
end
|
124
|
+
rescue => bang
|
125
|
+
puts "ERROR!! #{Module.nesting[0].name}"
|
126
|
+
puts bang
|
127
|
+
puts bang.backtrace if $DEBUG
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
end
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
@@ -0,0 +1,88 @@
|
|
1
|
+
# .
|
2
|
+
# redirect_url.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Modules
|
24
|
+
module Passive
|
25
|
+
|
26
|
+
|
27
|
+
class Redirect_url < Watobo::PassiveCheck
|
28
|
+
|
29
|
+
def initialize(project)
|
30
|
+
@project = project
|
31
|
+
super(project)
|
32
|
+
|
33
|
+
@info.update(
|
34
|
+
:check_name => 'Detect Redirect Parameters', # name of check which briefly describes functionality, will be used for tree and progress views
|
35
|
+
:description => "Checks parameters for suspicious names like 'url' or 'goto'.", # description of checkfunction
|
36
|
+
:author => "Andreas Schmidt", # author of check
|
37
|
+
:version => "0.9" # check version
|
38
|
+
)
|
39
|
+
|
40
|
+
@finding.update(
|
41
|
+
:threat => 'Redirect functionalities can be exploited by an attacker redirect a user to an malicious site (Drive By Attacks).', # thread of vulnerability, e.g. loss of information
|
42
|
+
:class => "Redirect Parameters", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
43
|
+
:type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
44
|
+
)
|
45
|
+
|
46
|
+
@suspicious_names = ['url', 'extern', 'goto']
|
47
|
+
end
|
48
|
+
|
49
|
+
def do_test(chat)
|
50
|
+
begin
|
51
|
+
chat.request.get_parm_names.each do |parm|
|
52
|
+
@suspicious_names.each do |sn|
|
53
|
+
# puts "#{parm} : #{sn}"
|
54
|
+
if parm =~ /(#{sn})/i then
|
55
|
+
|
56
|
+
addFinding(
|
57
|
+
:check_pattern => "#{parm}=",
|
58
|
+
:proof_pattern =>"#{parm}=",
|
59
|
+
:chat => chat,
|
60
|
+
:title => parm
|
61
|
+
)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
chat.request.post_parm_names.each do |parm|
|
67
|
+
@suspicious_names.each do |sn|
|
68
|
+
if parm =~ /(#{sn})/i then
|
69
|
+
addFinding(
|
70
|
+
:check_pattern => "#{parm}=",
|
71
|
+
:proof_pattern =>"#{parm}=",
|
72
|
+
:chat => chat,
|
73
|
+
:title => parm
|
74
|
+
)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
rescue => bang
|
79
|
+
raise
|
80
|
+
puts "ERROR!! #{Module.nesting[0].name}"
|
81
|
+
puts bang
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
@@ -0,0 +1,96 @@
|
|
1
|
+
# .
|
2
|
+
# redirectionz.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Modules
|
24
|
+
module Passive
|
25
|
+
|
26
|
+
|
27
|
+
class Redirectionz < Watobo::PassiveCheck
|
28
|
+
|
29
|
+
def initialize(project)
|
30
|
+
@project = project
|
31
|
+
super(project)
|
32
|
+
|
33
|
+
@info.update(
|
34
|
+
:check_name => 'Redirections By Value', # name of check which briefly describes functionality, will be used for tree and progress views
|
35
|
+
:description => "Checks if parameter values are used in location header.", # description of checkfunction
|
36
|
+
:author => "Andreas Schmidt", # author of check
|
37
|
+
:version => "0.9" # check version
|
38
|
+
)
|
39
|
+
|
40
|
+
@finding.update(
|
41
|
+
:threat => 'Redirect functionalities can be exploited by an attacker redirect a user to an malicious site (Drive By Attacks).', # thread of vulnerability, e.g. loss of information
|
42
|
+
:class => "Redirect Parameters", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
43
|
+
:type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
44
|
+
)
|
45
|
+
|
46
|
+
end
|
47
|
+
|
48
|
+
def showError(chatid, message)
|
49
|
+
puts "!!! Error"
|
50
|
+
puts "Chat: [#{chatid}]"
|
51
|
+
puts message
|
52
|
+
end
|
53
|
+
|
54
|
+
def do_test(chat)
|
55
|
+
begin
|
56
|
+
chat.request.get_parm_names.each do |parm|
|
57
|
+
parm_value=Regexp.quote(chat.request.get_parm_value(parm))
|
58
|
+
if parm_value.length > 5 then # check for minimum parameter length (False Positive Reduction)
|
59
|
+
chat.response.headers.each do |header|
|
60
|
+
if header =~ /Location.*#{parm_value}.*/i then
|
61
|
+
addFinding(
|
62
|
+
:check_pattern => "#{parm_value}",
|
63
|
+
:proof_pattern => "#{parm_value}",
|
64
|
+
:chat=>chat,
|
65
|
+
:title => parm_value
|
66
|
+
)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
#puts ""
|
71
|
+
chat.request.post_parm_names.each do |parm|
|
72
|
+
parm_value=chat.request.post_parm_value(parm)
|
73
|
+
if parm_value.length > 5 then # check for minimum parameter length (False Positive Reduction)
|
74
|
+
chat.response.headers.each do |header|
|
75
|
+
if header =~ /Location.*#{parm_value}.*/i then
|
76
|
+
addFinding(
|
77
|
+
:check_pattern => "#{parm_value}",
|
78
|
+
:proof_pattern => "#{parm_value}",
|
79
|
+
:chat=>chat,
|
80
|
+
:title => parm_value
|
81
|
+
)
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
rescue => bang
|
88
|
+
# raise
|
89
|
+
showError(chat.id, bang)
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
# .
|
2
|
+
# xss_dom.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
require 'cgi'
|
23
|
+
|
24
|
+
module Watobo
|
25
|
+
module Modules
|
26
|
+
module Passive
|
27
|
+
|
28
|
+
|
29
|
+
class Xss_dom < Watobo::PassiveCheck
|
30
|
+
|
31
|
+
def initialize(project)
|
32
|
+
@project = project
|
33
|
+
super(project)
|
34
|
+
|
35
|
+
@info.update(
|
36
|
+
:check_name => 'DOM XSS', # name of check which briefly describes functionality, will be used for tree and progress views
|
37
|
+
:description => "Checks for suspcious javascript functions which manipulate the Browsers DOM and may be misused for Cross-Site-Scripting-Attacks.", # description of checkfunction
|
38
|
+
:author => "Andreas Schmidt", # author of check
|
39
|
+
:version => "0.9" # check version
|
40
|
+
)
|
41
|
+
|
42
|
+
@finding.update(
|
43
|
+
:threat => 'Parameter value may be exploitable for XSS.', # thread of vulnerability, e.g. loss of information
|
44
|
+
:class => "DOM XSS", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
45
|
+
:type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
46
|
+
)
|
47
|
+
|
48
|
+
@dom_functions = [ 'document\.write',
|
49
|
+
'document\.body',
|
50
|
+
'document\.location',
|
51
|
+
'document\.execCommand',
|
52
|
+
'document\.attachEvent',
|
53
|
+
'eval\(',
|
54
|
+
'window\.open',
|
55
|
+
'window\.location',
|
56
|
+
'document\.create']
|
57
|
+
end
|
58
|
+
|
59
|
+
def showError(chatid, message)
|
60
|
+
puts "!!! Error"
|
61
|
+
puts "Chat: [#{chatid}]"
|
62
|
+
puts message
|
63
|
+
end
|
64
|
+
|
65
|
+
def do_test(chat)
|
66
|
+
begin
|
67
|
+
|
68
|
+
return true unless chat.response.content_type =~ /(text|script)/
|
69
|
+
|
70
|
+
@dom_functions.each do |pattern|
|
71
|
+
if chat.response.body =~ /#{pattern}/i then
|
72
|
+
|
73
|
+
addFinding(
|
74
|
+
:check_pattern => "#{pattern}",
|
75
|
+
:proof_pattern => "#{pattern}",
|
76
|
+
:chat=>chat,
|
77
|
+
:title =>"[#{pattern}] - #{chat.request.path}"
|
78
|
+
)
|
79
|
+
|
80
|
+
end
|
81
|
+
end
|
82
|
+
rescue => bang
|
83
|
+
# raise
|
84
|
+
showError(chat.id, bang)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
Binary file
|