watobo 0.9.9.pre3 → 0.9.9

data/lib/watobo/mixins/request_parser.rb

@@ -30,6 +30,7 @@ module Watobo
       # Possible prefs:
       #
       # :code_dlmtr [String] - set ruby code delimiter
+      
       def parse_code(prefs={})
         cprefs = { :code_dlmtr => '%%' } # default delimiter for ruby code
         cprefs.update(prefs)
@@ -41,25 +42,20 @@ module Watobo
           # puts new_request
           expr = ''
           new_request = ''
-          request.split(/\n/).each do |line|
-            #puts line.unpack("H*")
-            new_line = line
-            parsed_line = ''
-            pos = 0
-            off = 0
-            while pos >= 0 and pos < line.length
-              /#{pattern}/.match(line[pos..-1])
-              match = $1
-              break if match.nil?
-              #new_line = parsed_line
-              expr = match.gsub(/%%/,"")
+          pos = 0
+          off = 0
+          while pos >= 0 and pos < request.length
+             code_offset = request.index(/#{pattern}/, pos)
+          unless code_offset.nil?
+            expression = request.match(/#{pattern}/, code_offset)[0]
+              new_request << request[pos..code_offset-1]
+              expr = expression.gsub(/%%/,"")
               puts "DEBUG: executing: #{expr}" if $DEBUG
               result = eval(expr)
               puts "DEBUG: got #{result.class}" if $DEBUG
               if result.is_a? File
                 data = result.read
                 result.close
-
               elsif result.is_a? String
                 data = result
               elsif result.is_a? Array
@@ -67,42 +63,22 @@ module Watobo
               else
                 log("!!!WATOBO - expression must return String or File !!!",'')
               end
-              start = line.index(match)
-
-              parsed_line += line[off..start-1] if start > 0
-              parsed_line += data
-              pos = start + match.length
-              off = pos
-            end
-
-            unless parsed_line.empty?
-              parsed_line += line[off..-1]
-              new_request += "#{parsed_line}\n"
+              new_request << data
+              pos = code_offset + expression.length
             else
-              new_request += "#{new_line}\n"
+              new_request << request[pos..-1]
+              pos = request.length
             end
-            #puts new_request
           end
-
           return new_request
 
         rescue SyntaxError, LocalJumpError, NameError => e
           raise SyntaxError, "SyntaxError in '#{expr}'"
-          #rescue LocalJumpError => e
-          #  raise LocalJumpError, "(#{expr}) LocalJumpError!"
-          #rescue NameError => e
-          #  raise NameError, "(#{expr}) NameError!"
-          #rescue => e
-          #  puts e
-          #  raise e, "(#{expr}) Not a valid expression!"
         end
-
-        #   puts new_request
         return nil
-
       end
 
-      def unchunked( opts = {} )
+      def unchunked_UNUSED( opts = {} )
         options = { :update_content_length => false }
         options.update opts
         begin
@@ -149,9 +125,88 @@ module Watobo
             result.push "#{h}\r\n"
           end
 
-          result.extend Watobo::Mixin::Parser::Url
-          result.extend Watobo::Mixin::Parser::Web10
-          result.extend Watobo::Mixin::Shaper::Web10
+         # result.extend Watobo::Mixin::Parser::Url
+         # result.extend Watobo::Mixin::Parser::Web10
+         # result.extend Watobo::Mixin::Shaper::Web10
+         Watobo::Request.create result
+
+          ct = result.content_type
+          # last line is without "\r\n" if text has a body
+          if ct =~ /multipart\/form/ and body then
+            #Content-Type: multipart/form-data; boundary=---------------------------3035221901842
+            if ct =~ /boundary=([\-\w]+)/
+              boundary = $1.strip
+              chunks = body.split(boundary)
+              e = chunks.pop # remove "--"
+              new_body = []
+              chunks.each do |c|
+                new_chunk = ''
+                c.gsub!(/[\-]+$/,'')
+                next if c.nil?
+                next if c.strip.empty?
+                c.strip!
+                if c =~ /\n\n/
+                  ctmp = c.split(/\n\n/)
+                  cheader = ctmp.shift.split(/\n/)
+                  cbody = ctmp.join("\n\n")
+                else
+                  cheader = c.split(/\n/)
+                  cbody = nil
+                end
+                new_chunk = cheader.join("\r\n")
+                new_chunk +=  "\r\n\r\n"
+                new_chunk += cbody.strip + "\r\n" if cbody
+
+                # puts cbody
+                new_body.push new_chunk
+
+              end
+              body = "--#{boundary}\r\n"
+              body += new_body.join("--#{boundary}\r\n")
+              body += "--#{boundary}--"
+            end
+            #  body.gsub!(/\n/, "\r\n") if body
+
+          end
+
+          if body then
+            result.push "\r\n"
+            result.push body.strip
+          end
+
+          result.fixupContentLength() if options[:update_content_length] == true
+          return result
+        rescue
+          raise
+        end
+        #return nil
+      end
+
+
+      def to_request_UNUSED(opts={})
+        options = { :update_content_length => false }
+        options.update opts
+        begin
+          text = parse_code
+          result = []
+
+          if text =~ /\n\n/
+            dummy = text.split(/\n\n/)
+            header = dummy.shift.split(/\n/)
+            body = dummy.join("\n\n")
+          else
+            header = text.split(/\n/)
+            body = nil
+          end
+
+          header.each do |h|
+            result.push "#{h}\r\n"
+          end
+
+         # result.extend Watobo::Mixin::Parser::Url
+         # result.extend Watobo::Mixin::Parser::Web10
+         # result.extend Watobo::Mixin::Shaper::Web10
+         Watobo::Request.create result
 
           ct = result.content_type
           # last line is without "\r\n" if text has a body
@@ -207,4 +262,34 @@ module Watobo
 
     end
   end
+end
+
+if $0 == __FILE__
+  inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "..","lib"))
+  $: << inc_path
+
+  require 'watobo'
+  
+text =<<'EOF'
+%%"GET"%% http://www.siberas.de/ HTTP/1.1
+Content-Type: text/html
+%%"x"*10%%Vary: Accept-Encoding
+Expires: Thu, 19 Jul 2012 06:57:20 GMT
+Cache-Control: max-age=0, no-cache, no-store
+Pragma: no-cache
+Date: Thu, 19 Jul 2012 06:57:20 GMT
+Content-Length: 203
+Connection: close%%"XXXX"%%
+
+<html></html>
+EOF
+
+text.strip!
+puts text
+puts 
+puts "==="
+puts 
+text.extend Watobo::Mixins::RequestParser
+puts text.to_request
+Watobo::Utils.hexprint text
 end

data/lib/watobo/mixins/shapers.rb

@@ -137,6 +137,33 @@ module Watobo
           self.pop if self[-2].strip.empty?
         end
 
+        def set_header(header, value)
+          self.each do |h|
+            break if h.strip.empty?
+            if h =~ /^#{header}:/
+              h.replace "#{header}: #{value}\r\n"             
+            end
+          end
+        end
+
+        def set_body(content)
+          if self[-2].strip.empty?
+          self.pop
+          else
+            self << "\r\n"
+          end
+          self << content
+        end
+
+        def rewrite_body(pattern, content)
+          if self[-2].strip.empty?
+            puts "rewrite_body ... #{pattern} - #{content}"
+            b = self.pop
+            b.gsub!(/#{pattern}/i, content)
+          self << b
+          end
+        end
+
         def restoreURI(uri)
           if self.first =~ /(^[^[:space:]]{1,}) \/(.*) (HTTP\/.*)/ then
             method = $1
@@ -230,23 +257,24 @@ module Watobo
 
         def fix_content_length
           return false if self.body.nil?
-          eoh_index = self.length - 2
-          self.map!{ |x|
-            x.gsub!(/^(Content-Length: )(\d+)/, "\\1#{self.body.length.to_s}") if self.index(x) <= eoh_index
-            x
-          }
+          set_header("Content-Length" , body.length.to_s )
+        #          eoh_index = self.length - 2
+        #          self.map!{ |x|
+        #            x.gsub!(/^(Content-Length: )(\d+)/, "\\1#{self.body.length.to_s}") if self.index(x) <= eoh_index
+        #            x
+        #          }
         end
 
-        def fixupContentLength
+        def fixupContentLength_UNUSED
           te = self.transferEncoding
           if te == TE_CHUNKED then
             # puts "Transfer-Encoding = TE_CHUNKED"
             # puts self.body
             self.removeHeader("Transfer-Encoding")
             self.addHeader("Content-Length", "0")
-            new = []
-            new.concat self.headers
-            new.push "\r\n"
+            new_r = []
+            new_r.concat self.headers
+            new_r.push "\r\n"
 
             bytes_to_read = 0
             body = []
@@ -273,8 +301,8 @@ module Watobo
               off = chunk_end + 2
             end
 
-          new.push new_body
-          self.replace(new)
+          new_r.push new_body
+          self.replace(new_r)
           self.fix_content_length
           # puts "= FIXED ="
           # puts self.headers
@@ -284,16 +312,21 @@ module Watobo
 
         end
 
+        def fixupContentLength
+          self.unchunk
+          self.fix_content_length
+        end
+
         def setRawQueryParms(parm_string)
           return nil if parm_string.nil?
           return nil if parm_string == ''
-          new = ""
+          new_r = ""
           path = Regexp.quote(self.path)
           #puts path
           if self.first =~ /(.*#{path})/ then
-            new = $1 << "?" << parm_string
+            new_r = $1 << "?" << parm_string
           end
-          self.first.gsub!(/(.*) (HTTP\/.*)/, "#{new} \\2")
+          self.first.gsub!(/(.*) (HTTP\/.*)/, "#{new_r} \\2")
         end
 
         def appendQueryParms(parms)
@@ -340,7 +373,83 @@ module Watobo
           self.first.gsub!(/HTTP\/(.*)$/, "HTTP\/#{version}")
         #  puts "HTTPVersion fixed: #{self.first}"
         end
+
+        alias :method= :setMethod
+      end
+
+      module HttpResponse
+        include Watobo::Constants
+        def unchunk
+          if self.transfer_encoding == TE_CHUNKED then
+            self.removeHeader("Transfer-Encoding")
+            self.addHeader("Content-Length", "0")
+            new_r = []
+            new_r.concat self.headers
+            new_r.push "\r\n"
+
+            bytes_to_read = 20
+            body = []
+            is_new_chunk = false
+
+            off = 0
+            new_body = ''
+
+            body_orig = self.body
+            # puts body_orig.class
+            puts body_orig.length
+            pattern = '[0-9a-fA-F]{1,6}\r?\n'
+            while off >= 0 and off < body_orig.length
+              chunk_pos  = body_orig.index(/(#{pattern})/, off)
+              len_raw = $1
+              unless chunk_pos.nil?
+                #len_raw = body_orig.match(/#{pattern}/, chunk_pos)[0]
+                # puts "ChunkLen: #{len_raw} (#{len_raw.strip.hex})"
+                len = len_raw.strip.hex
+
+                chunk_start = chunk_pos + len_raw.length
+                chunk_end = chunk_start + len
+
+                break if len == 0
+
+                #new_body.chomp!
+                chunk = "#{body_orig[chunk_start..chunk_end]}"
+              new_body += chunk.chomp!
+
+              off = chunk_end
+              end
+            end
+          new_r.push new_body
+          self.replace(new_r)
+          self.fix_content_length
+          # puts "="
+          # self.headers.each {|h| puts h}
+          # puts "="
+          end
+
+        end
+
+        def unzip
+
+          if self.content_encoding == TE_GZIP or self.transfer_encoding == TE_GZIP
+            begin
+              if self.has_body?
+                gziped = self.pop
+                gz = Zlib::GzipReader.new( StringIO.new( gziped ) )
+                data = gz.read
+                #puts data
+                self << data
+                self.removeHeader("Transfer-Encoding") if self.transfer_encoding == TE_GZIP
+                self.removeHeader("Content-Encoding") if self.content_encoding == TE_GZIP
+              self.fix_content_length
+              end
+
+            rescue => bang
+              puts bang
+            end
+          end
+        end
+
       end
     end
   end
-end
+end

data/lib/watobo/utils/hexprint.rb

@@ -0,0 +1,31 @@
+# .
+# hexprint.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Utils
+    def self.hexprint(data)
+      data.length.times do |i|
+        print "%02X" % data[i].ord
+        puts if data[i] == "\n"
+      end
+    end
+  end
+end

data/lib/watobo/utils/load_chat.rb

@@ -68,6 +68,8 @@ module Watobo
           puts "* file #{file} not found"
           return nil
         end
+      rescue Psych::SyntaxError
+        puts "!!! Malformed File #{file}"
       rescue => bang
         puts "! could not load chat from file #{file}"
         puts cdata

data/lib/watobo/utils/response_builder.rb

@@ -0,0 +1,111 @@
+# .
+# response_builder.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Utils
+      def self.string2response( text, opts = {} )
+        options = { :update_content_length => false }
+        options.update opts
+        begin
+          hb_sep = "\r\n\r\n"
+          eoh = text.index(hb_sep)
+          if eoh.nil?
+            hb_sep = "\n\n"
+            eoh = text.index(hb_sep)
+          end
+          unless eoh.nil?
+          raw_header = text[0..eoh-1]
+          raw_body = text[eoh+hb_sep.length..-1]
+          puts ">> RawBody: #{raw_body}"
+          else
+            raw_header = text
+            raw_body = nil
+          end
+
+          response = raw_header.split("\n")
+          response.map!{|r| "#{r.strip}\r\n" }
+          Watobo::Response.create response
+          unless raw_body.nil?
+          response << "\r\n"
+          response << raw_body unless raw_body.strip.empty?
+          end
+          return response
+
+        rescue => bang
+          puts bang
+          puts bang.backtrace
+        end
+        return nil
+    end
+  end
+end
+
+if $0 == __FILE__
+  inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", ".."))
+  $: << inc_path
+
+  require 'watobo'
+  
+text =<<'EOF'
+HTTP/1.1 200 OK
+Content-Type: text/html
+Vary: Accept-Encoding
+Expires: Thu, 19 Jul 2012 06:57:20 GMT
+Cache-Control: max-age=0, no-cache, no-store
+Pragma: no-cache
+Date: Thu, 19 Jul 2012 06:57:20 GMT
+Content-Length: 203
+Connection: close
+
+<html></html>
+EOF
+
+text2 ="HTTP/1.1 200 OK\r\n" +
+"Content-Type: text/html\r\n" +
+"Vary: Accept-Encoding\r\n" +
+"Expires: Thu, 19 Jul 2012 06:57:20 GMT\r\n" +
+"Cache-Control: max-age=0, no-cache, no-store\r\n" +
+"Pragma: no-cache\r\n" +
+"Date: Thu, 19 Jul 2012 06:57:20 GMT\r\n" +
+"Content-Length: 203\r\n" +
+"Connection: close\r\n\r\n" +
+"<html></html>\r\n"
+
+unless ARGV[0].nil?
+if File.exist? ARGV[0]
+  text = File.open(ARGV[0],"rb").read
+end
+end
+r = Watobo::Utils.string2response text
+puts r.class
+puts r.status
+puts r.content_type
+puts r
+puts
+puts "="
+puts 
+r = Watobo::Utils.string2response text2
+puts r.class
+puts r.status
+puts r.content_type
+puts r
+
+end

data/lib/watobo.rb

@@ -32,8 +32,10 @@ require 'digest/md5'
 require 'zlib'
 require 'base64'
 require 'cgi'
+require 'uri'
 require 'pathname'
 require 'net/ntlm'
+require 'drb'
 
 require 'watobo/constants'
 require 'watobo/utils'
@@ -47,7 +49,7 @@ require 'watobo/framework'
 
 module Watobo
 
-  VERSION = "0.9.9.pre3"
+  VERSION = "0.9.9"
 
   def self.base_directory
     @base_directory ||= ""
@@ -86,3 +88,4 @@ end
 
 Watobo.init_framework
 
+require 'watobo/ca'

data/modules/active/discovery/http_methods.rb

@@ -27,6 +27,7 @@ module Watobo
         
         class Http_methods < Watobo::ActiveCheck
            @@tested_directories = []
+           
           def initialize(project, prefs={})
             @project = project
             super(project, prefs)
@@ -73,6 +74,7 @@ module Watobo
                   #sleep(1)
                   checker = proc{
                   begin
+                    result = nil
                     test_request = nil
                     test_response = nil
                     test_method = "#{method}"
@@ -85,8 +87,7 @@ module Watobo
                    
                     result_request, result_response = doRequest(test_request, :default => true)
                     is_vuln = true
-                    if result_response.status then
-                      
+                    if result_response.status then                      
                       @not_allowed_response.each do |nar|
                         if result_response.status =~ /#{nar}/i then 
                           is_vuln = false                        
@@ -104,12 +105,13 @@ module Watobo
                         )
                       end
                     end
-                    [ result_request, result_response ] 
+                    result = [ result_request, result_response ] 
                   rescue => bang
                     puts bang
                     puts bang.backtrace if $DEBUG
-                    [ nil, nil ]
+                    result = [ nil, nil ]
                     end
+                    result
                   }
                   yield checker
                 end    

data/modules/active/fileinclusion/lfi_simple.rb

@@ -84,8 +84,8 @@ module Watobo
                         :rating => VULN_RATING_HIGH,
                         :title => "[#{parm}] - #{test_request.file}"
                         )
-                        [ test_request, test_response ]
                       end
+                      [ test_request, test_response ]
                     }
                     yield checker
                   end
@@ -109,9 +109,9 @@ module Watobo
                         :chat => chat,
                         :rating => VULN_RATING_HIGH,
                         :title => "[#{parm}] - #{file}"
-                        )
-                        [ test_request, test_response ]
+                        )                        
                       end
+                      [ test_request, test_response ]
                     }
                     yield checker
                   end

data/modules/active/sqlinjection/sqli_timing.rb

@@ -133,11 +133,11 @@ EOF
                       # now calculate the average time
                       average_t = rtimes.inject(:+) / rtimes.length
                       max_t = rtimes.max > 5 ? rtimes.max : 5
-                      puts "Analyzing timing behaviour ..."
-                      rtimes.each do |t|
-                        puts t.to_s
-                      end
-                      puts "Average Response Time: #{average_t}s (max #{max_t}s)"                     
+                     # puts "Analyzing timing behaviour ..."
+                     # rtimes.each do |t|
+                     #   puts t.to_s
+                     # end
+                     # puts "Average Response Time: #{average_t}s (max #{max_t}s)"                     
                       
                  #     time_to_sleep = 4 * max_t
                       time_to_sleep = max_t
@@ -200,7 +200,7 @@ EOF
                          
                          
                          duration = sqli_stop - sqli_start
-                         puts duration
+                       #  puts duration
                          if ( duration >= time_to_sleep )
                            puts "Found time-based SQLi in parameter #{parm} !!!"
                            puts "after #{duration}s / time-to-sleep #{time_to_sleep}s)"