watobo 0.9.9.pre3 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. data/.yardopts +24 -0
  2. data/CHANGELOG +17 -7
  3. data/README +4 -60
  4. data/bin/nfq_server.rb +191 -0
  5. data/config/interceptor.yml +2 -6
  6. data/lib/watobo/adapters/data_store.rb +1 -1
  7. data/lib/watobo/adapters/file/file_store.rb +50 -33
  8. data/lib/watobo/ca.rb +22 -0
  9. data/lib/watobo/config.rb +6 -0
  10. data/lib/watobo/core/ca.rb +411 -0
  11. data/lib/watobo/core/cert_store.rb +56 -0
  12. data/lib/watobo/core/forwarding_proxy.rb +38 -0
  13. data/lib/watobo/core/http_socket.rb +18 -0
  14. data/lib/watobo/core/intercept_carver.rb +179 -0
  15. data/lib/watobo/core/intercept_filter.rb +257 -0
  16. data/lib/watobo/core/interceptor.rb +342 -79
  17. data/lib/watobo/core/netfilter_queue.rb +191 -0
  18. data/lib/watobo/core/project.rb +84 -138
  19. data/lib/watobo/core/proxy.rb +61 -0
  20. data/lib/watobo/core/request.rb +40 -0
  21. data/lib/watobo/core/response.rb +30 -0
  22. data/lib/watobo/core/scanner.rb +64 -58
  23. data/lib/watobo/core/session.rb +70 -77
  24. data/lib/watobo/core.rb +1 -1
  25. data/lib/watobo/framework/create_project.rb +25 -10
  26. data/lib/watobo/framework/init.rb +13 -0
  27. data/lib/watobo/gui/browser_preview.rb +5 -4
  28. data/lib/watobo/gui/checks_policy_frame.rb +1 -0
  29. data/lib/watobo/gui/client_cert_dialog.rb +11 -6
  30. data/lib/watobo/gui/conversation_table.rb +7 -4
  31. data/lib/watobo/gui/fuzzer_gui.rb +9 -11
  32. data/lib/watobo/gui/intercept_filter_dialog.rb +210 -0
  33. data/lib/watobo/gui/interceptor_gui.rb +59 -21
  34. data/lib/watobo/gui/interceptor_settings_dialog.rb +39 -5
  35. data/lib/watobo/gui/list_box.rb +2 -1
  36. data/lib/watobo/gui/log_viewer.rb +79 -5
  37. data/lib/watobo/gui/main_window.rb +159 -113
  38. data/lib/watobo/gui/manual_request_editor.rb +11 -5
  39. data/lib/watobo/gui/mixins/subscriber.rb +47 -0
  40. data/lib/watobo/gui/project_wizzard.rb +3 -3
  41. data/lib/watobo/gui/proxy_dialog.rb +17 -18
  42. data/lib/watobo/gui/request_editor.rb +1 -1
  43. data/lib/watobo/gui/rewrite_filters_dialog.rb +416 -0
  44. data/lib/watobo/gui/rewrite_rules_dialog.rb +394 -0
  45. data/lib/watobo/gui/scanner_settings_dialog.rb +9 -6
  46. data/lib/watobo/gui/session_management_dialog.rb +33 -23
  47. data/lib/watobo/gui/sites_tree.rb +5 -6
  48. data/lib/watobo/gui/status_bar.rb +101 -49
  49. data/lib/watobo/gui/table_editor.rb +1 -1
  50. data/lib/watobo/gui/templates/plugin2.rb +23 -27
  51. data/lib/watobo/gui/utils/save_default_settings.rb +9 -9
  52. data/lib/watobo/gui/utils/save_proxy_settings.rb +25 -9
  53. data/lib/watobo/gui/utils/save_scanner_settings.rb +10 -7
  54. data/lib/watobo/gui/utils/session_history.rb +1 -1
  55. data/lib/watobo/gui/www_auth_dialog.rb +25 -21
  56. data/lib/watobo/gui.rb +3 -1
  57. data/lib/watobo/mixins/httpparser.rb +47 -40
  58. data/lib/watobo/mixins/request_parser.rb +126 -41
  59. data/lib/watobo/mixins/shapers.rb +124 -15
  60. data/lib/watobo/utils/hexprint.rb +31 -0
  61. data/lib/watobo/utils/load_chat.rb +2 -0
  62. data/lib/watobo/utils/response_builder.rb +111 -0
  63. data/lib/watobo.rb +4 -1
  64. data/modules/active/discovery/http_methods.rb +6 -4
  65. data/modules/active/fileinclusion/lfi_simple.rb +3 -3
  66. data/modules/active/sqlinjection/sqli_timing.rb +6 -6
  67. data/modules/passive/redirectionz.rb +5 -6
  68. data/plugins/catalog/catalog.rb +240 -56
  69. data/plugins/catalog/db_tests +1 -6483
  70. data/plugins/catalog/db_variables +2 -29
  71. data/plugins/crawler/gui/auth_frame.rb +15 -3
  72. data/plugins/crawler/gui/crawler_gui.rb +24 -0
  73. data/plugins/crawler/gui/hooks_frame.rb +7 -2
  74. data/plugins/crawler/gui/settings_tabbook.rb +4 -0
  75. data/plugins/crawler/gui.rb +3 -3
  76. data/plugins/crawler/lib/engine.rb +1 -1
  77. data/plugins/filefinder/filefinder.rb +21 -17
  78. data/plugins/sqlmap/bin/test.rb +100 -0
  79. data/plugins/sqlmap/gui/main.rb +227 -0
  80. data/plugins/sqlmap/gui/options_frame.rb +119 -0
  81. data/plugins/sqlmap/gui.rb +27 -0
  82. data/plugins/sqlmap/icons/sqlmap.ico +0 -0
  83. data/plugins/sqlmap/lib/sqlmap_ctrl.rb +116 -0
  84. data/plugins/sqlmap/sqlmap.rb +26 -0
  85. data/plugins/sslchecker/gui/gui.rb +45 -30
  86. metadata +32 -9
  87. data/certificates/cert.pem +0 -19
  88. data/certificates/privkey.pem +0 -15
  89. data/certificates/watobo_dh.key +0 -5
  90. data/lib/watobo/core/simple_ca.rb +0 -393
@@ -0,0 +1,257 @@
1
+ # .
2
+ # intercept_filter.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Interceptor
24
+ class Filter
25
+
26
+ attr :match_type, :flags, :pattern
27
+ def name
28
+ self.class.to_s.gsub(/.*::/,'')
29
+ end
30
+
31
+ def negated?
32
+ @negate
33
+ end
34
+
35
+ def negate=(state)
36
+ @negate = state
37
+ end
38
+
39
+ def match?(item, flags)
40
+
41
+ return !check?(item, flags) if @negate == true
42
+ return check?(item, flags)
43
+ end
44
+
45
+ def initialize(pattern, prefs={})
46
+ @flags = prefs.has_key?(:flags) ? prefs[:flags] : []
47
+ @match_type = prefs.has_key?(:match_type) ? prefs[:match_type] : :match
48
+ @negate = ( @match_type.to_s =~ /^not/ )
49
+ @pattern = pattern
50
+ end
51
+
52
+ end
53
+
54
+ class FlagFilter < Filter
55
+ def check?(item, flags=nil)
56
+ @flags.each do |f|
57
+ return false unless flags.include? f
58
+ end
59
+ return true
60
+ end
61
+ end
62
+
63
+ class UrlFilter < Filter
64
+ def check?(item, flags=nil)
65
+ return false unless item.respond_to? :url
66
+ return true if @pattern.empty?
67
+ match = false
68
+ match = true if item.url =~ /#{@pattern}/i
69
+ match
70
+ end
71
+
72
+ end
73
+
74
+ class HttpParmsFilter < Filter
75
+ def check?(item, flags=nil)
76
+ return false unless item.respond_to? :parms
77
+ return true if @pattern.empty?
78
+ match = request.parms.find {|x| x =~ /#{@pattern}/ }
79
+ match = !match_parms.nil?
80
+ match
81
+ end
82
+ end
83
+
84
+ class MethodFilter < Filter
85
+ def check?(item, flags=nil)
86
+ return false unless item.respond_to? :method
87
+ return true if @pattern.empty?
88
+ match = false
89
+ match = true if item.method =~ /#{@pattern}/i
90
+ match
91
+ end
92
+
93
+ end
94
+
95
+ class StatusFilter < Filter
96
+ def check?(item, flags=nil)
97
+ return false unless item.respond_to? :method
98
+ return true if @pattern.empty?
99
+ match = false
100
+ match = true if item.status =~ /#{@pattern}/i
101
+ match
102
+ end
103
+
104
+ end
105
+
106
+ class FilterChain
107
+ def match?(item, flags=nil)
108
+ @filters.each do |f|
109
+ return false unless f.match?( item, flags )
110
+ end
111
+ true
112
+ end
113
+
114
+ def add_filter(filter)
115
+ @filters << filter if filter.respond_to? :match?
116
+
117
+ end
118
+
119
+ def remove_filter(pos)
120
+
121
+ end
122
+
123
+ def set_filters(filter)
124
+ @filters = filter
125
+ end
126
+
127
+ def list
128
+ @filters
129
+ end
130
+
131
+ def clear
132
+ @filters.clear
133
+ end
134
+
135
+ def initialize
136
+ @filters = []
137
+ end
138
+ end
139
+
140
+ class RequestFilter
141
+ def match?(request)
142
+ match_url = true
143
+ # puts @request_filter_settings.to_yaml
144
+
145
+ if url_filter != ''
146
+ match_url = false
147
+ if request.url =~ /#{url_filter}/i
148
+ match_url = true
149
+ end
150
+ if negate_url_filter == true
151
+ match_url = ( match_url == true ) ? false : true
152
+ end
153
+ end
154
+
155
+ return false if match_url == false
156
+
157
+ match_method = true
158
+
159
+ if method_filter != ''
160
+ match_method = false
161
+ if request.method =~ /#{method_filter}/i
162
+ match_method = true
163
+ end
164
+
165
+ if negate_method_filter == true
166
+ match_method = ( match_method == true ) ? false : true
167
+ end
168
+ end
169
+
170
+ return false if match_method == false
171
+
172
+ match_ftype = true
173
+ ftype_filter = file_type_filter
174
+ if ftype_filter != ''
175
+ match_ftype = false
176
+ if request.doctype != '' and request.doctype =~ /#{ftype_filter}/i
177
+ match_ftype = true
178
+ end
179
+ if negate_file_type_filter == true
180
+ match_ftype = ( match_ftype == true ) ? false : true
181
+ end
182
+ end
183
+ return false if match_ftype == false
184
+
185
+ match_parms = true
186
+ # parms_filter = @request_filter_settings[:parms_filter]
187
+ if parms_filter != ''
188
+ # puts "!PARMS FILTER: #{parms_filter}"
189
+ match_parms = false
190
+ puts request.parms
191
+ match_parms = request.parms.find {|x| x =~ /#{parms_filter}/ }
192
+ match_parms = ( match_parms.nil? ) ? false : true
193
+ if negate_parms_filter == true
194
+ match_parms = ( match_parms == true ) ? false : true
195
+ end
196
+ end
197
+ return false if match_parms == false
198
+
199
+ true
200
+ end
201
+
202
+ def initialize(parms)
203
+ @settings = {
204
+ :site_in_scope => false,
205
+ :method_filter => '(get|post|put)',
206
+ :negate_method_filter => false,
207
+ :negate_url_filter => false,
208
+ :url_filter => '',
209
+ :file_type_filter => '(jpg|gif|png|jpeg|bmp)',
210
+ :negate_file_type_filter => true,
211
+
212
+ :parms_filter => '',
213
+ :negate_parms_filter => false
214
+ #:regex_location => 0, # TODO: HEADER_LOCATION, BODY_LOCATION, ALL
215
+
216
+ }
217
+ [ :site_in_scope, :method_filter,:negate_method_filter, :negate_url_filter,:url_filter, :file_type_filter,:negate_file_type_filter,:parms_filter,:negate_parms_filter].each do |k|
218
+ @settings[k] = parms[k]
219
+ end
220
+ #:regex_location => 0, # TODO: HEADER_LOCATION, BODY_LOCATION, ALL
221
+
222
+ end
223
+
224
+ private
225
+
226
+ def method_missing(name, *args, &block)
227
+ # puts "* instance method missing (#{name})"
228
+ @settings.has_key? name.to_sym || super
229
+ @settings[name.to_sym]
230
+ end
231
+ end
232
+
233
+ end
234
+ end
235
+
236
+ if $0 == __FILE__
237
+ inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "..","lib"))
238
+ $: << inc_path
239
+
240
+ require 'watobo'
241
+
242
+ r = Watobo.create_request("www.siberas.com")
243
+ puts r
244
+ fc = Watobo::Interceptor::FilterChain.new
245
+ fc.add_filter Watobo::Interceptor::UrlFilter.new("(www|\.de)")
246
+ fc.add_filter Watobo::Interceptor::MethodFilter.new("GeT")
247
+ m = fc.match? r
248
+ puts m
249
+
250
+ r = Watobo.create_request("sec.siberas.com")
251
+ r.method = "Post"
252
+ puts r
253
+
254
+ m = fc.match? r
255
+ puts m
256
+
257
+ end