watobo 0.9.9.pre3 → 0.9.9
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +24 -0
- data/CHANGELOG +17 -7
- data/README +4 -60
- data/bin/nfq_server.rb +191 -0
- data/config/interceptor.yml +2 -6
- data/lib/watobo/adapters/data_store.rb +1 -1
- data/lib/watobo/adapters/file/file_store.rb +50 -33
- data/lib/watobo/ca.rb +22 -0
- data/lib/watobo/config.rb +6 -0
- data/lib/watobo/core/ca.rb +411 -0
- data/lib/watobo/core/cert_store.rb +56 -0
- data/lib/watobo/core/forwarding_proxy.rb +38 -0
- data/lib/watobo/core/http_socket.rb +18 -0
- data/lib/watobo/core/intercept_carver.rb +179 -0
- data/lib/watobo/core/intercept_filter.rb +257 -0
- data/lib/watobo/core/interceptor.rb +342 -79
- data/lib/watobo/core/netfilter_queue.rb +191 -0
- data/lib/watobo/core/project.rb +84 -138
- data/lib/watobo/core/proxy.rb +61 -0
- data/lib/watobo/core/request.rb +40 -0
- data/lib/watobo/core/response.rb +30 -0
- data/lib/watobo/core/scanner.rb +64 -58
- data/lib/watobo/core/session.rb +70 -77
- data/lib/watobo/core.rb +1 -1
- data/lib/watobo/framework/create_project.rb +25 -10
- data/lib/watobo/framework/init.rb +13 -0
- data/lib/watobo/gui/browser_preview.rb +5 -4
- data/lib/watobo/gui/checks_policy_frame.rb +1 -0
- data/lib/watobo/gui/client_cert_dialog.rb +11 -6
- data/lib/watobo/gui/conversation_table.rb +7 -4
- data/lib/watobo/gui/fuzzer_gui.rb +9 -11
- data/lib/watobo/gui/intercept_filter_dialog.rb +210 -0
- data/lib/watobo/gui/interceptor_gui.rb +59 -21
- data/lib/watobo/gui/interceptor_settings_dialog.rb +39 -5
- data/lib/watobo/gui/list_box.rb +2 -1
- data/lib/watobo/gui/log_viewer.rb +79 -5
- data/lib/watobo/gui/main_window.rb +159 -113
- data/lib/watobo/gui/manual_request_editor.rb +11 -5
- data/lib/watobo/gui/mixins/subscriber.rb +47 -0
- data/lib/watobo/gui/project_wizzard.rb +3 -3
- data/lib/watobo/gui/proxy_dialog.rb +17 -18
- data/lib/watobo/gui/request_editor.rb +1 -1
- data/lib/watobo/gui/rewrite_filters_dialog.rb +416 -0
- data/lib/watobo/gui/rewrite_rules_dialog.rb +394 -0
- data/lib/watobo/gui/scanner_settings_dialog.rb +9 -6
- data/lib/watobo/gui/session_management_dialog.rb +33 -23
- data/lib/watobo/gui/sites_tree.rb +5 -6
- data/lib/watobo/gui/status_bar.rb +101 -49
- data/lib/watobo/gui/table_editor.rb +1 -1
- data/lib/watobo/gui/templates/plugin2.rb +23 -27
- data/lib/watobo/gui/utils/save_default_settings.rb +9 -9
- data/lib/watobo/gui/utils/save_proxy_settings.rb +25 -9
- data/lib/watobo/gui/utils/save_scanner_settings.rb +10 -7
- data/lib/watobo/gui/utils/session_history.rb +1 -1
- data/lib/watobo/gui/www_auth_dialog.rb +25 -21
- data/lib/watobo/gui.rb +3 -1
- data/lib/watobo/mixins/httpparser.rb +47 -40
- data/lib/watobo/mixins/request_parser.rb +126 -41
- data/lib/watobo/mixins/shapers.rb +124 -15
- data/lib/watobo/utils/hexprint.rb +31 -0
- data/lib/watobo/utils/load_chat.rb +2 -0
- data/lib/watobo/utils/response_builder.rb +111 -0
- data/lib/watobo.rb +4 -1
- data/modules/active/discovery/http_methods.rb +6 -4
- data/modules/active/fileinclusion/lfi_simple.rb +3 -3
- data/modules/active/sqlinjection/sqli_timing.rb +6 -6
- data/modules/passive/redirectionz.rb +5 -6
- data/plugins/catalog/catalog.rb +240 -56
- data/plugins/catalog/db_tests +1 -6483
- data/plugins/catalog/db_variables +2 -29
- data/plugins/crawler/gui/auth_frame.rb +15 -3
- data/plugins/crawler/gui/crawler_gui.rb +24 -0
- data/plugins/crawler/gui/hooks_frame.rb +7 -2
- data/plugins/crawler/gui/settings_tabbook.rb +4 -0
- data/plugins/crawler/gui.rb +3 -3
- data/plugins/crawler/lib/engine.rb +1 -1
- data/plugins/filefinder/filefinder.rb +21 -17
- data/plugins/sqlmap/bin/test.rb +100 -0
- data/plugins/sqlmap/gui/main.rb +227 -0
- data/plugins/sqlmap/gui/options_frame.rb +119 -0
- data/plugins/sqlmap/gui.rb +27 -0
- data/plugins/sqlmap/icons/sqlmap.ico +0 -0
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +116 -0
- data/plugins/sqlmap/sqlmap.rb +26 -0
- data/plugins/sslchecker/gui/gui.rb +45 -30
- metadata +32 -9
- data/certificates/cert.pem +0 -19
- data/certificates/privkey.pem +0 -15
- data/certificates/watobo_dh.key +0 -5
- data/lib/watobo/core/simple_ca.rb +0 -393
@@ -0,0 +1,119 @@
|
|
1
|
+
# .
|
2
|
+
# options_frame.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Plugin
|
24
|
+
class Sqlmap
|
25
|
+
class OptionsFrame < FXVerticalFrame
|
26
|
+
def to_h
|
27
|
+
|
28
|
+
end
|
29
|
+
|
30
|
+
def set(settings)
|
31
|
+
|
32
|
+
end
|
33
|
+
|
34
|
+
def request=(req)
|
35
|
+
@request_txt.text = req.join.gsub("\r",'')
|
36
|
+
end
|
37
|
+
|
38
|
+
def request
|
39
|
+
@request_txt.to_s
|
40
|
+
end
|
41
|
+
|
42
|
+
def level
|
43
|
+
@level_combo.getItemData(@level_combo.currentItem)
|
44
|
+
end
|
45
|
+
|
46
|
+
def risk
|
47
|
+
@risk_combo.getItemData(@risk_combo.currentItem)
|
48
|
+
end
|
49
|
+
|
50
|
+
def technique
|
51
|
+
return "BEUST" if @technique_combo.currentItem == 0
|
52
|
+
@technique_combo.getItemData(@technique_combo.currentItem)
|
53
|
+
end
|
54
|
+
|
55
|
+
def manual_options
|
56
|
+
"#{@manual_options_txt.text.strip}"
|
57
|
+
end
|
58
|
+
|
59
|
+
def initialize(owner, opts)
|
60
|
+
super(owner, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
|
61
|
+
|
62
|
+
self.extend Watobo::Gui::Subscriber
|
63
|
+
|
64
|
+
groupbox = FXGroupBox.new(self, "Request", FRAME_GROOVE|LAYOUT_FILL_Y|LAYOUT_FILL_X, 0, 0, 0, 0)
|
65
|
+
FXLabel.new(groupbox, "Enter a test request below or use 'SEND TO -> SQLMap' from the conversation-table menu (right-click).")
|
66
|
+
frame = FXVerticalFrame.new(groupbox, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_THICK, :padding => 0)
|
67
|
+
|
68
|
+
@request_txt = FXText.new(frame, nil, 0, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
69
|
+
@request_txt.editable = true
|
70
|
+
@request_txt.connect(SEL_CHANGED){ notify(:request_changed) }
|
71
|
+
|
72
|
+
|
73
|
+
matrix = FXMatrix.new(self, 6, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X)
|
74
|
+
|
75
|
+
techniques = %w( All Time-based Error Boolean Union Stacked )
|
76
|
+
FXLabel.new(matrix, "Technique:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
77
|
+
@technique_combo = FXComboBox.new(matrix, 20, nil, 0, FRAME_SUNKEN|FRAME_THICK|LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
|
78
|
+
techniques.each do |t|
|
79
|
+
@technique_combo.appendItem(t, t[0])
|
80
|
+
@technique_combo.numVisible = @technique_combo.numItems
|
81
|
+
end
|
82
|
+
|
83
|
+
#dbs = %w( MySQL Oracle PostgreSQL )
|
84
|
+
#FXLabel.new(matrix, "DB:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
85
|
+
#@db_combo = FXComboBox.new(matrix, 20, nil, 0, FRAME_SUNKEN|FRAME_THICK|LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
|
86
|
+
#dbs.each do |t|
|
87
|
+
# @db_combo.appendItem(t, t[0])
|
88
|
+
# @db_combo.numVisible = @db_combo.numItems
|
89
|
+
#end
|
90
|
+
|
91
|
+
risks = %w( 1 2 3 )
|
92
|
+
FXLabel.new(matrix, "Risk:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
93
|
+
@risk_combo = FXComboBox.new(matrix, 20, nil, 0, FRAME_SUNKEN|FRAME_THICK|LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
|
94
|
+
risks.each do |r|
|
95
|
+
@risk_combo.appendItem(r, r)
|
96
|
+
@risk_combo.numVisible = @risk_combo.numItems
|
97
|
+
end
|
98
|
+
|
99
|
+
levels = (1..5)
|
100
|
+
FXLabel.new(matrix, "Level:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
101
|
+
@level_combo = FXComboBox.new(matrix, 20, nil, 0, FRAME_SUNKEN|FRAME_THICK|LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
|
102
|
+
levels.each do |l|
|
103
|
+
@level_combo.appendItem(l.to_s, l.to_s)
|
104
|
+
@level_combo.numVisible = @level_combo.numItems
|
105
|
+
end
|
106
|
+
|
107
|
+
frame = FXHorizontalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_TOP)
|
108
|
+
FXLabel.new(frame, "Manual Options:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
109
|
+
@manual_options_txt = FXTextField.new(frame, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
|
110
|
+
|
111
|
+
|
112
|
+
end
|
113
|
+
|
114
|
+
private
|
115
|
+
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# .
|
2
|
+
# gui.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
require File.join(File.expand_path(File.dirname(__FILE__)), "sqlmap")
|
23
|
+
|
24
|
+
gui_path = File.join(File.expand_path(File.dirname(__FILE__)), "gui")
|
25
|
+
%w( main options_frame ).each do |l|
|
26
|
+
require File.join(gui_path, l + ".rb")
|
27
|
+
end
|
Binary file
|
@@ -0,0 +1,116 @@
|
|
1
|
+
# .
|
2
|
+
# sqlmap_ctrl.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Plugin
|
24
|
+
class Sqlmap
|
25
|
+
@well_known_paths = [
|
26
|
+
"/pentest/database/sqlmap/", # BackTrack
|
27
|
+
"/usr/share/sqlmap/" # Samurai WTF
|
28
|
+
]
|
29
|
+
@binary_path = ''
|
30
|
+
@command = ""
|
31
|
+
@tmp_dir = nil
|
32
|
+
# set sqlmap binary path, leave it empty to check well-know-locaitons
|
33
|
+
# it returns the path if any or an empty string
|
34
|
+
def self.set_binary_path(path=nil)
|
35
|
+
binary_name = "sqlmap.py"
|
36
|
+
@binary_path = ""
|
37
|
+
if path.nil?
|
38
|
+
@well_known_paths.each do |p|
|
39
|
+
bp = File.join(p, binary_name)
|
40
|
+
if File.exist? bp
|
41
|
+
@binary_path = bp
|
42
|
+
break
|
43
|
+
end
|
44
|
+
end
|
45
|
+
else
|
46
|
+
@binary_path = path
|
47
|
+
end
|
48
|
+
|
49
|
+
save_config
|
50
|
+
|
51
|
+
@binary_path
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.method_missing(name, *args, &block)
|
55
|
+
iv_name = "@#{name}"
|
56
|
+
super unless instance_variable_defined? iv_name
|
57
|
+
|
58
|
+
v = instance_variable_get(iv_name)
|
59
|
+
end
|
60
|
+
|
61
|
+
def self.set_tmp_dir(dir=nil)
|
62
|
+
# get project path
|
63
|
+
if dir.nil?
|
64
|
+
@tmp_dir = File.join(Watobo.temp_directory,"sqlmap")
|
65
|
+
else
|
66
|
+
@tmp_dir = dir if File.exist? dir
|
67
|
+
end
|
68
|
+
save_config
|
69
|
+
@tmp_dir
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.run(request, opts)
|
73
|
+
|
74
|
+
end
|
75
|
+
|
76
|
+
def self.save_config()
|
77
|
+
wd = Watobo.working_directory
|
78
|
+
|
79
|
+
dir_name = Watobo::Utils.snakecase self.name.gsub(/.*::/,'')
|
80
|
+
path = File.join(wd, "conf", "plugins")
|
81
|
+
Dir.mkdir path unless File.exist? path
|
82
|
+
conf_dir = File.join(path, dir_name)
|
83
|
+
Dir.mkdir conf_dir unless File.exist? conf_dir
|
84
|
+
file = File.join(conf_dir, dir_name + "_config.yml")
|
85
|
+
config = {
|
86
|
+
:tmp_dir => @tmp_dir,
|
87
|
+
:binary_path => @binary_path
|
88
|
+
}
|
89
|
+
Watobo::Utils.save_settings(file, config)
|
90
|
+
end
|
91
|
+
|
92
|
+
def self.load_config()
|
93
|
+
wd = Watobo.working_directory
|
94
|
+
dir_name = Watobo::Utils.snakecase self.name.gsub(/.*::/,'')
|
95
|
+
path = File.join(wd, "conf", "plugins")
|
96
|
+
Dir.mkdir path unless File.exist? path
|
97
|
+
conf_dir = File.join(path, dir_name)
|
98
|
+
Dir.mkdir conf_dir unless File.exist? conf_dir
|
99
|
+
file = File.join(conf_dir, dir_name + "_config.yml")
|
100
|
+
config = Watobo::Utils.load_settings(file)
|
101
|
+
end
|
102
|
+
|
103
|
+
# set default values
|
104
|
+
config = load_config
|
105
|
+
puts config.class
|
106
|
+
unless config.nil?
|
107
|
+
set_binary_path config[:binary_path]
|
108
|
+
set_tmp_dir config[:tmp_dir]
|
109
|
+
else
|
110
|
+
set_binary_path
|
111
|
+
set_tmp_dir
|
112
|
+
end
|
113
|
+
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# .
|
2
|
+
# sqlmap.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
path = File.expand_path(File.dirname(__FILE__))
|
23
|
+
|
24
|
+
%w( sqlmap_ctrl ).each do |l|
|
25
|
+
require File.join(path, "lib", l)
|
26
|
+
end
|
@@ -59,25 +59,28 @@ module Watobo
|
|
59
59
|
|
60
60
|
end
|
61
61
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
62
|
+
def updateView()
|
63
|
+
#@project = project
|
64
|
+
@site = nil
|
65
|
+
@sites_combo.clearItems()
|
66
|
+
#@dir_combo.clearItems()
|
67
|
+
unless Watobo.project.nil? then
|
68
|
+
count = 0
|
69
|
+
Watobo.project.listSites(:ssl => true, :in_scope => Watobo.project.has_scope? ).each do |site|
|
70
|
+
#puts "Site: #{site}"
|
71
|
+
count += 1
|
72
|
+
@sites_combo.appendItem(site, site)
|
73
|
+
end
|
74
|
+
if @sites_combo.numItems > 0
|
75
|
+
@sites_combo.setCurrentItem(0)
|
76
|
+
@site = @sites_combo.getItemData(0)
|
77
|
+
@sites_combo.numVisible = ( @sites_combo.numItems > 15 ) ? 15 : @sites_combo.numItems
|
78
|
+
else
|
79
|
+
@log_viewer.log(LOG_INFO,"No SSL Sites available - you need to visit a SSL Site first!")
|
80
|
+
end
|
77
81
|
end
|
78
|
-
end
|
79
82
|
|
80
|
-
|
83
|
+
end
|
81
84
|
|
82
85
|
def start(sender, sel, item)
|
83
86
|
unless @site.nil?
|
@@ -108,12 +111,22 @@ module Watobo
|
|
108
111
|
unless @project.getCurrentProxy().nil?
|
109
112
|
@log_viewer.log(LOG_INFO,"!!! WARNING FORWARDING PROXY IS SET !!! - SSL-Check running against proxy may not make sense!")
|
110
113
|
end
|
114
|
+
@status_lock.synchronize do
|
115
|
+
@status = :running
|
116
|
+
end
|
117
|
+
add_update_timer(50)
|
118
|
+
|
111
119
|
@log_viewer.log LOG_INFO, "Scan started ..."
|
112
120
|
@scan_thread = Thread.new(scanner) { |scan|
|
113
121
|
begin
|
114
122
|
|
115
123
|
scan.run(:default => true)
|
116
124
|
@log_viewer.log LOG_INFO, "Scan finished."
|
125
|
+
@status_lock.synchronize do
|
126
|
+
@status = :idle
|
127
|
+
end
|
128
|
+
sleep 1 # to let the update_timer finish its work
|
129
|
+
getApp().removeTimeout(@update_timer)
|
117
130
|
rescue => bang
|
118
131
|
puts bang
|
119
132
|
puts bang.backtrace if $DEBUG
|
@@ -134,6 +147,8 @@ module Watobo
|
|
134
147
|
|
135
148
|
@results = []
|
136
149
|
@results_lock = Mutex.new
|
150
|
+
@status_lock = Mutex.new
|
151
|
+
@status = :idle
|
137
152
|
|
138
153
|
@clipboard_text = ""
|
139
154
|
self.connect(SEL_CLIPBOARD_REQUEST) do
|
@@ -169,8 +184,6 @@ module Watobo
|
|
169
184
|
COMBOBOX_STATIC|FRAME_SUNKEN|FRAME_THICK|LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
|
170
185
|
#@filterCombo.width =200
|
171
186
|
|
172
|
-
num_ssl_sites = @project.listSites(:ssl => true).length
|
173
|
-
@sites_combo.numVisible = num_ssl_sites > 15 ? 15 : num_ssl_sites
|
174
187
|
@sites_combo.numColumns = 35
|
175
188
|
@sites_combo.editable = true
|
176
189
|
@sites_combo.connect(SEL_COMMAND, method(:onSiteSelect))
|
@@ -216,7 +229,7 @@ module Watobo
|
|
216
229
|
@log_viewer = LogViewer.new(log_text_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
217
230
|
|
218
231
|
updateView()
|
219
|
-
|
232
|
+
|
220
233
|
rescue => bang
|
221
234
|
puts bang
|
222
235
|
puts bang.backtrace if $DEBUG
|
@@ -228,17 +241,19 @@ module Watobo
|
|
228
241
|
|
229
242
|
def add_update_timer(ms)
|
230
243
|
@update_timer = FXApp.instance.addTimeout( ms, :repeat => true) do
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
244
|
+
@results_lock.synchronize do
|
245
|
+
@results.each do |r|
|
246
|
+
@cipher_table.add_cipher(r)
|
247
|
+
end
|
248
|
+
@results.clear
|
249
|
+
end
|
250
|
+
|
251
|
+
@status_lock.synchronize do
|
252
|
+
@pbar.barColor = 'grey' if @status == :idle
|
253
|
+
end
|
254
|
+
end
|
237
255
|
end
|
238
|
-
|
239
|
-
|
240
|
-
end
|
241
|
-
end
|
256
|
+
|
242
257
|
end
|
243
258
|
end
|
244
259
|
end
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: watobo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.9
|
5
|
-
prerelease:
|
4
|
+
version: 0.9.9
|
5
|
+
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Andreas Schmidt
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-08-16 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: mechanize
|
@@ -49,6 +49,7 @@ email: watobo@siberas.de
|
|
49
49
|
executables:
|
50
50
|
- watobo_gui.rb
|
51
51
|
- watobo
|
52
|
+
- nfq_server.rb
|
52
53
|
extensions: []
|
53
54
|
extra_rdoc_files: []
|
54
55
|
files:
|
@@ -56,18 +57,27 @@ files:
|
|
56
57
|
- lib/watobo/adapters/file/file_store.rb
|
57
58
|
- lib/watobo/adapters/session_store.rb
|
58
59
|
- lib/watobo/adapters.rb
|
60
|
+
- lib/watobo/ca.rb
|
59
61
|
- lib/watobo/config.rb
|
60
62
|
- lib/watobo/constants.rb
|
61
63
|
- lib/watobo/core/active_check.rb
|
64
|
+
- lib/watobo/core/ca.rb
|
65
|
+
- lib/watobo/core/cert_store.rb
|
62
66
|
- lib/watobo/core/cookie.rb
|
67
|
+
- lib/watobo/core/forwarding_proxy.rb
|
63
68
|
- lib/watobo/core/fuzz_gen.rb
|
64
69
|
- lib/watobo/core/http_socket.rb
|
65
70
|
- lib/watobo/core/interceptor.rb
|
71
|
+
- lib/watobo/core/intercept_carver.rb
|
72
|
+
- lib/watobo/core/intercept_filter.rb
|
73
|
+
- lib/watobo/core/netfilter_queue.rb
|
66
74
|
- lib/watobo/core/passive_check.rb
|
67
75
|
- lib/watobo/core/project.rb
|
76
|
+
- lib/watobo/core/proxy.rb
|
77
|
+
- lib/watobo/core/request.rb
|
78
|
+
- lib/watobo/core/response.rb
|
68
79
|
- lib/watobo/core/scanner.rb
|
69
80
|
- lib/watobo/core/session.rb
|
70
|
-
- lib/watobo/core/simple_ca.rb
|
71
81
|
- lib/watobo/core.rb
|
72
82
|
- lib/watobo/defaults.rb
|
73
83
|
- lib/watobo/external/diff/lcs/array.rb
|
@@ -108,12 +118,14 @@ files:
|
|
108
118
|
- lib/watobo/gui/hex_viewer.rb
|
109
119
|
- lib/watobo/gui/interceptor_gui.rb
|
110
120
|
- lib/watobo/gui/interceptor_settings_dialog.rb
|
121
|
+
- lib/watobo/gui/intercept_filter_dialog.rb
|
111
122
|
- lib/watobo/gui/list_box.rb
|
112
123
|
- lib/watobo/gui/login_wizzard.rb
|
113
124
|
- lib/watobo/gui/log_viewer.rb
|
114
125
|
- lib/watobo/gui/main_window.rb
|
115
126
|
- lib/watobo/gui/manual_request_editor.rb
|
116
127
|
- lib/watobo/gui/master_pw_dialog.rb
|
128
|
+
- lib/watobo/gui/mixins/subscriber.rb
|
117
129
|
- lib/watobo/gui/page_tree.rb
|
118
130
|
- lib/watobo/gui/password_policy_dialog.rb
|
119
131
|
- lib/watobo/gui/plugin/base.rb
|
@@ -124,6 +136,8 @@ files:
|
|
124
136
|
- lib/watobo/gui/proxy_dialog.rb
|
125
137
|
- lib/watobo/gui/quick_scan_dialog.rb
|
126
138
|
- lib/watobo/gui/request_editor.rb
|
139
|
+
- lib/watobo/gui/rewrite_filters_dialog.rb
|
140
|
+
- lib/watobo/gui/rewrite_rules_dialog.rb
|
127
141
|
- lib/watobo/gui/save_chat_dialog.rb
|
128
142
|
- lib/watobo/gui/scanner_settings_dialog.rb
|
129
143
|
- lib/watobo/gui/select_chat_dialog.rb
|
@@ -160,9 +174,11 @@ files:
|
|
160
174
|
- lib/watobo/utils/crypto.rb
|
161
175
|
- lib/watobo/utils/expand_range.rb
|
162
176
|
- lib/watobo/utils/file_management.rb
|
177
|
+
- lib/watobo/utils/hexprint.rb
|
163
178
|
- lib/watobo/utils/load_chat.rb
|
164
179
|
- lib/watobo/utils/load_icon.rb
|
165
180
|
- lib/watobo/utils/print_debug.rb
|
181
|
+
- lib/watobo/utils/response_builder.rb
|
166
182
|
- lib/watobo/utils/response_hash.rb
|
167
183
|
- lib/watobo/utils/secure_eval.rb
|
168
184
|
- lib/watobo/utils/strings.rb
|
@@ -176,9 +192,6 @@ files:
|
|
176
192
|
- config/interceptor.yml
|
177
193
|
- config/scanner.yml
|
178
194
|
- config/scan_policy.yml
|
179
|
-
- certificates/cert.pem
|
180
|
-
- certificates/privkey.pem
|
181
|
-
- certificates/watobo_dh.key
|
182
195
|
- modules/active/Apache/mod_status.rb
|
183
196
|
- modules/active/directories/dirwalker.rb
|
184
197
|
- modules/active/discovery/fileextensions.rb
|
@@ -236,6 +249,13 @@ files:
|
|
236
249
|
- plugins/crawler/lib/uri_mp.rb
|
237
250
|
- plugins/filefinder/dbs/hbci.db
|
238
251
|
- plugins/filefinder/filefinder.rb
|
252
|
+
- plugins/sqlmap/bin/test.rb
|
253
|
+
- plugins/sqlmap/gui/main.rb
|
254
|
+
- plugins/sqlmap/gui/options_frame.rb
|
255
|
+
- plugins/sqlmap/gui.rb
|
256
|
+
- plugins/sqlmap/icons/sqlmap.ico
|
257
|
+
- plugins/sqlmap/lib/sqlmap_ctrl.rb
|
258
|
+
- plugins/sqlmap/sqlmap.rb
|
239
259
|
- plugins/sslchecker/cli/sslchecker_cli.rb
|
240
260
|
- plugins/sslchecker/gui/cipher_table.rb
|
241
261
|
- plugins/sslchecker/gui/gui.rb
|
@@ -331,8 +351,10 @@ files:
|
|
331
351
|
- icons/Yellow Ball_24x24.ico
|
332
352
|
- README
|
333
353
|
- CHANGELOG
|
354
|
+
- .yardopts
|
334
355
|
- bin/watobo_gui.rb
|
335
356
|
- bin/watobo
|
357
|
+
- bin/nfq_server.rb
|
336
358
|
homepage: http://watobo.sourceforge.net
|
337
359
|
licenses: []
|
338
360
|
post_install_message:
|
@@ -348,9 +370,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
348
370
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
349
371
|
none: false
|
350
372
|
requirements:
|
351
|
-
- - ! '
|
373
|
+
- - ! '>='
|
352
374
|
- !ruby/object:Gem::Version
|
353
|
-
version:
|
375
|
+
version: '0'
|
354
376
|
requirements: []
|
355
377
|
rubyforge_project:
|
356
378
|
rubygems_version: 1.8.24
|
@@ -358,3 +380,4 @@ signing_key:
|
|
358
380
|
specification_version: 3
|
359
381
|
summary: WATOBO - Web Application Toolbox
|
360
382
|
test_files: []
|
383
|
+
has_rdoc:
|
data/certificates/cert.pem
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDEjCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJERTEV
|
3
|
-
MBMGA1UECgwMd2F0b2JvLmxvY2FsMQ8wDQYDVQQLDAZXQVRPQk8xCzAJBgNVBAMM
|
4
|
-
AkNBMB4XDTEwMDMxMTE1MDQ1NVoXDTExMDMxMTE1MDQ1NVowUzELMAkGA1UEBhMC
|
5
|
-
REUxFTATBgNVBAoMDHdhdG9iby5sb2NhbDEPMA0GA1UECwwGV0FUT0JPMQswCQYD
|
6
|
-
VQQLDAJDQTEPMA0GA1UEAwwGV0FUT0JPMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
|
7
|
-
iQKBgQDHRpPBqG+nXn4KBP4H2Mn4OQ7dkxkyIEfOf7+0NLxkxPdCNuA1xdJrfsw3
|
8
|
-
kt+pGq+L6IxplXcGffiK2iCLwmNEa0E+RWDyA79MKCswyIvtzb/2R/pOsQNBjtp+
|
9
|
-
hJdfro1lqVIi4lZtidXnXfLJGbRtmI3rRZ/WV7z95vVxcrd+qwIDAQABo4GFMIGC
|
10
|
-
MAwGA1UdEwEB/wQCMAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5l
|
11
|
-
cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEGaqp0fDnY0REtlFm7E/yXJwlHi
|
12
|
-
MAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF
|
13
|
-
AAOCAQEABJyfIruQ/6TiF5D0DC9GQm1sy0lLWAEdpsRCZcuwPpS1IkGGQ+HRJgu8
|
14
|
-
9IfUsGSZhtPV0drmxzdVmRl2R2zmmn3XUwGxW3HNMF9vdgxAvw11zh03dkj3gFHB
|
15
|
-
kjpdWZr55XbT7r3O77ffL2flQcOITmYNetafUTDvOXb6xOF1Rj9KjkCbM/+OZaXF
|
16
|
-
jZNBzx+SMIBb72AtC37VTjxJm9VDq/mw1E9Zt26GJXezieKKAvjai730fu26DkjH
|
17
|
-
2O/82fSveN8Q7Q0JoAgv6VDupyFwlpagqUZK2XPV93KjKyTzCK7prthMoy1r8Dat
|
18
|
-
7KVHZ6MJ3V4XGpIQ6ShBnYFYUTgXYA==
|
19
|
-
-----END CERTIFICATE-----
|
data/certificates/privkey.pem
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
-----BEGIN RSA PRIVATE KEY-----
|
2
|
-
MIICXQIBAAKBgQDHRpPBqG+nXn4KBP4H2Mn4OQ7dkxkyIEfOf7+0NLxkxPdCNuA1
|
3
|
-
xdJrfsw3kt+pGq+L6IxplXcGffiK2iCLwmNEa0E+RWDyA79MKCswyIvtzb/2R/pO
|
4
|
-
sQNBjtp+hJdfro1lqVIi4lZtidXnXfLJGbRtmI3rRZ/WV7z95vVxcrd+qwIDAQAB
|
5
|
-
AoGBAKKGun3I7X+Y/r0XQ0SNGHS9vJUUowkR8N7HrEfCdyDM0EkNzqGsvSh1GwP8
|
6
|
-
YzRdkm1Odi6q+4+s8Cf3LXIvUZuKuAiYMMU4sDtTIJjtSPZeUtcxOGaehhiGl9Yg
|
7
|
-
c0+V8KKs5EVe3Dn9LQVCvtwmU9M7A3NYH/2jA0Ge2RtCIU5BAkEA+DtXbEWXKYU1
|
8
|
-
ZIrttdyYesmHYLHiTRbQxlTg7gpfDKgrDOKwT897mYEijhr14qIOreHVMPp2yCV4
|
9
|
-
LdPuDZap4QJBAM2DCKViTvGXpoMy7bYjowMZC0JNoVosde70lVMvcNLcjWYQ4juL
|
10
|
-
Gl/B2wpvuPG2GEml8I/wUwM4CYSu4eiYcgsCQQCSWPoLvWOHeR+nbTkEVVAYZCRK
|
11
|
-
X9WZuW/Q3k3WSYsMPUFUUXm9NAgc0kN7IG4C9aRN46z7OU86ZMzbx+y7Wi5BAkAf
|
12
|
-
512qPw6+VqqU540bn4Co9HRZALAxzYEpbXLZDR5YvcB9vdVBJSEdCH02q41siLZQ
|
13
|
-
iKBF2Csq7sIbhQKxFyltAkBTenvTKpGBeACzfdEbI9U2sMeeoKFLY2D/RdM4t7nn
|
14
|
-
9QDcP+cMvHGx5ROCOSkddmO2ZMBuQn29ks6jRcF9vOts
|
15
|
-
-----END RSA PRIVATE KEY-----
|
data/certificates/watobo_dh.key
DELETED