watobo 0.9.9.pre3 → 0.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.yardopts +24 -0
- data/CHANGELOG +17 -7
- data/README +4 -60
- data/bin/nfq_server.rb +191 -0
- data/config/interceptor.yml +2 -6
- data/lib/watobo/adapters/data_store.rb +1 -1
- data/lib/watobo/adapters/file/file_store.rb +50 -33
- data/lib/watobo/ca.rb +22 -0
- data/lib/watobo/config.rb +6 -0
- data/lib/watobo/core/ca.rb +411 -0
- data/lib/watobo/core/cert_store.rb +56 -0
- data/lib/watobo/core/forwarding_proxy.rb +38 -0
- data/lib/watobo/core/http_socket.rb +18 -0
- data/lib/watobo/core/intercept_carver.rb +179 -0
- data/lib/watobo/core/intercept_filter.rb +257 -0
- data/lib/watobo/core/interceptor.rb +342 -79
- data/lib/watobo/core/netfilter_queue.rb +191 -0
- data/lib/watobo/core/project.rb +84 -138
- data/lib/watobo/core/proxy.rb +61 -0
- data/lib/watobo/core/request.rb +40 -0
- data/lib/watobo/core/response.rb +30 -0
- data/lib/watobo/core/scanner.rb +64 -58
- data/lib/watobo/core/session.rb +70 -77
- data/lib/watobo/core.rb +1 -1
- data/lib/watobo/framework/create_project.rb +25 -10
- data/lib/watobo/framework/init.rb +13 -0
- data/lib/watobo/gui/browser_preview.rb +5 -4
- data/lib/watobo/gui/checks_policy_frame.rb +1 -0
- data/lib/watobo/gui/client_cert_dialog.rb +11 -6
- data/lib/watobo/gui/conversation_table.rb +7 -4
- data/lib/watobo/gui/fuzzer_gui.rb +9 -11
- data/lib/watobo/gui/intercept_filter_dialog.rb +210 -0
- data/lib/watobo/gui/interceptor_gui.rb +59 -21
- data/lib/watobo/gui/interceptor_settings_dialog.rb +39 -5
- data/lib/watobo/gui/list_box.rb +2 -1
- data/lib/watobo/gui/log_viewer.rb +79 -5
- data/lib/watobo/gui/main_window.rb +159 -113
- data/lib/watobo/gui/manual_request_editor.rb +11 -5
- data/lib/watobo/gui/mixins/subscriber.rb +47 -0
- data/lib/watobo/gui/project_wizzard.rb +3 -3
- data/lib/watobo/gui/proxy_dialog.rb +17 -18
- data/lib/watobo/gui/request_editor.rb +1 -1
- data/lib/watobo/gui/rewrite_filters_dialog.rb +416 -0
- data/lib/watobo/gui/rewrite_rules_dialog.rb +394 -0
- data/lib/watobo/gui/scanner_settings_dialog.rb +9 -6
- data/lib/watobo/gui/session_management_dialog.rb +33 -23
- data/lib/watobo/gui/sites_tree.rb +5 -6
- data/lib/watobo/gui/status_bar.rb +101 -49
- data/lib/watobo/gui/table_editor.rb +1 -1
- data/lib/watobo/gui/templates/plugin2.rb +23 -27
- data/lib/watobo/gui/utils/save_default_settings.rb +9 -9
- data/lib/watobo/gui/utils/save_proxy_settings.rb +25 -9
- data/lib/watobo/gui/utils/save_scanner_settings.rb +10 -7
- data/lib/watobo/gui/utils/session_history.rb +1 -1
- data/lib/watobo/gui/www_auth_dialog.rb +25 -21
- data/lib/watobo/gui.rb +3 -1
- data/lib/watobo/mixins/httpparser.rb +47 -40
- data/lib/watobo/mixins/request_parser.rb +126 -41
- data/lib/watobo/mixins/shapers.rb +124 -15
- data/lib/watobo/utils/hexprint.rb +31 -0
- data/lib/watobo/utils/load_chat.rb +2 -0
- data/lib/watobo/utils/response_builder.rb +111 -0
- data/lib/watobo.rb +4 -1
- data/modules/active/discovery/http_methods.rb +6 -4
- data/modules/active/fileinclusion/lfi_simple.rb +3 -3
- data/modules/active/sqlinjection/sqli_timing.rb +6 -6
- data/modules/passive/redirectionz.rb +5 -6
- data/plugins/catalog/catalog.rb +240 -56
- data/plugins/catalog/db_tests +1 -6483
- data/plugins/catalog/db_variables +2 -29
- data/plugins/crawler/gui/auth_frame.rb +15 -3
- data/plugins/crawler/gui/crawler_gui.rb +24 -0
- data/plugins/crawler/gui/hooks_frame.rb +7 -2
- data/plugins/crawler/gui/settings_tabbook.rb +4 -0
- data/plugins/crawler/gui.rb +3 -3
- data/plugins/crawler/lib/engine.rb +1 -1
- data/plugins/filefinder/filefinder.rb +21 -17
- data/plugins/sqlmap/bin/test.rb +100 -0
- data/plugins/sqlmap/gui/main.rb +227 -0
- data/plugins/sqlmap/gui/options_frame.rb +119 -0
- data/plugins/sqlmap/gui.rb +27 -0
- data/plugins/sqlmap/icons/sqlmap.ico +0 -0
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +116 -0
- data/plugins/sqlmap/sqlmap.rb +26 -0
- data/plugins/sslchecker/gui/gui.rb +45 -30
- metadata +32 -9
- data/certificates/cert.pem +0 -19
- data/certificates/privkey.pem +0 -15
- data/certificates/watobo_dh.key +0 -5
- data/lib/watobo/core/simple_ca.rb +0 -393
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
# .
|
|
2
|
+
# netfilter_queue.rb
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
|
5
|
+
#
|
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
|
+
# http://watobo.sourceforge.com
|
|
8
|
+
#
|
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
|
12
|
+
#
|
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
+
# GNU General Public License for more details.
|
|
17
|
+
#
|
|
18
|
+
# You should have received a copy of the GNU General Public License
|
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
+
# .
|
|
22
|
+
module Watobo
|
|
23
|
+
module NFQueue
|
|
24
|
+
@ssl_requests = Hash.new
|
|
25
|
+
@cert_list = Hash.new
|
|
26
|
+
|
|
27
|
+
@netqueue_lock = Mutex.new
|
|
28
|
+
@t_nfqueue = nil
|
|
29
|
+
|
|
30
|
+
@nfq_present = false
|
|
31
|
+
|
|
32
|
+
begin
|
|
33
|
+
require "nfqueue"
|
|
34
|
+
@nfq_present = true
|
|
35
|
+
rescue LoadError
|
|
36
|
+
puts "NFQUEUE not available on this system"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.get_ip_string(raw_addr)
|
|
40
|
+
begin
|
|
41
|
+
ip = ""
|
|
42
|
+
raw_addr.length.times do |i|
|
|
43
|
+
ip << "." unless ip.empty?
|
|
44
|
+
ip << raw_addr[i].ord.to_s
|
|
45
|
+
end
|
|
46
|
+
rescue => bang
|
|
47
|
+
puts bang
|
|
48
|
+
puts bang.backtrace
|
|
49
|
+
end
|
|
50
|
+
ip
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def self.stop
|
|
54
|
+
@t_nfqueue.kill if @t_nfqueue.respond_to? :kill
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def self.start
|
|
58
|
+
# @t_nfqueue.raise unless @t_nfqueue.nil?
|
|
59
|
+
puts @t_nfqueue.status if @t_nfqueue.respond_to? :status
|
|
60
|
+
|
|
61
|
+
puts "starting netfilter_queue ..."
|
|
62
|
+
@t_nfqueue = Thread.new{
|
|
63
|
+
begin
|
|
64
|
+
Netfilter::Queue.create(0) do |p|
|
|
65
|
+
puts ">> Netfilter Packet #" + p.id.to_s
|
|
66
|
+
# $stdout.flush
|
|
67
|
+
puts p.data.class
|
|
68
|
+
raw_src = p.data[12..15]
|
|
69
|
+
raw_dst = p.data[16..19]
|
|
70
|
+
src_port = p.data[20..21].unpack("H4")[0].hex
|
|
71
|
+
dst_port = p.data[22..24].unpack("H4")[0].hex
|
|
72
|
+
# if p.data.length > 47
|
|
73
|
+
# flags = p.data[47].unpack("H*")[0].hex
|
|
74
|
+
# puts flags.to_s
|
|
75
|
+
# if flags == 2
|
|
76
|
+
puts "ADD SSL REQUEST"
|
|
77
|
+
puts "#{get_ip_string(raw_src)}:#{src_port} -> #{get_ip_string(raw_dst)}:#{dst_port}"
|
|
78
|
+
@netqueue_lock.synchronize do
|
|
79
|
+
if add_ssl_request(get_ip_string(raw_src), src_port, get_ip_string(raw_dst), dst_port)
|
|
80
|
+
puts "OK"
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
#end
|
|
84
|
+
#end
|
|
85
|
+
Netfilter::Packet::ACCEPT
|
|
86
|
+
end
|
|
87
|
+
rescue => bang
|
|
88
|
+
puts bang
|
|
89
|
+
puts bang.backtrace
|
|
90
|
+
# retry
|
|
91
|
+
rescue Netfilter::QueueError
|
|
92
|
+
puts "NetfilterERROR"
|
|
93
|
+
exit
|
|
94
|
+
end
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
@t_nfqueue
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def self.add_ssl_request(c_host, c_port, s_host, s_port)
|
|
101
|
+
ck = "#{c_host}:#{c_port}"
|
|
102
|
+
sk = "#{s_host}:#{s_port}"
|
|
103
|
+
|
|
104
|
+
begin
|
|
105
|
+
|
|
106
|
+
unless @cert_list.has_key? sk
|
|
107
|
+
if cert = acquire_cert(s_host,s_port)
|
|
108
|
+
@ssl_requests[ck] = sk
|
|
109
|
+
@cert_list[sk] = cert
|
|
110
|
+
else
|
|
111
|
+
return false
|
|
112
|
+
end
|
|
113
|
+
else
|
|
114
|
+
@ssl_requests[ck] = sk
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
return true
|
|
118
|
+
rescue => bang
|
|
119
|
+
puts bang
|
|
120
|
+
puts bang.backtrace
|
|
121
|
+
end
|
|
122
|
+
return false
|
|
123
|
+
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def self.get_connection_info(c_host,c_port)
|
|
127
|
+
begin
|
|
128
|
+
ck = "#{c_host}:#{c_port}"
|
|
129
|
+
target_site = nil
|
|
130
|
+
cert = nil
|
|
131
|
+
@netqueue_lock.synchronize do
|
|
132
|
+
if @ssl_requests.has_key? ck
|
|
133
|
+
target_site = @ssl_requests[ck]
|
|
134
|
+
cert = @cert_list[target_site] if @cert_list.has_key? target_site
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
return target_site, cert
|
|
138
|
+
rescue => bang
|
|
139
|
+
puts bang
|
|
140
|
+
puts bang.backtrace
|
|
141
|
+
end
|
|
142
|
+
return nil, nil
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
def self.acquire_cert(host, port)
|
|
146
|
+
puts "* acquire cert ... #{host}:#{port}"
|
|
147
|
+
begin
|
|
148
|
+
tcp_socket = TCPSocket.new( host, port )
|
|
149
|
+
tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
150
|
+
tcp_socket.sync = true
|
|
151
|
+
ctx = OpenSSL::SSL::SSLContext.new()
|
|
152
|
+
|
|
153
|
+
ctx.tmp_dh_callback = proc { |*args|
|
|
154
|
+
OpenSSL::PKey::DH.new(128)
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
|
|
158
|
+
|
|
159
|
+
socket.connect
|
|
160
|
+
#socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
|
|
161
|
+
sk = "#{host}:#{port}"
|
|
162
|
+
cert = socket.peer_cert
|
|
163
|
+
@cert_list[sk] = cert
|
|
164
|
+
puts "PEER CERT SUBJECT: #{cert.subject}"
|
|
165
|
+
# puts cert.subject.methods.sort
|
|
166
|
+
return cert
|
|
167
|
+
|
|
168
|
+
rescue => bang
|
|
169
|
+
puts bang
|
|
170
|
+
puts bang.backtrace
|
|
171
|
+
end
|
|
172
|
+
return nil
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
end
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
if $0 == __FILE__
|
|
179
|
+
inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..","..","..", "lib")) # this is the same as rubygems would do
|
|
180
|
+
$: << inc_path
|
|
181
|
+
|
|
182
|
+
require 'watobo'
|
|
183
|
+
require 'nfqueue'
|
|
184
|
+
|
|
185
|
+
Watobo::Interceptor.proxy_mode = Watobo::Interceptor::MODE_TRANSPARENT
|
|
186
|
+
@iproxy = Watobo::InterceptProxy.new()
|
|
187
|
+
@iproxy.run
|
|
188
|
+
while 1
|
|
189
|
+
sleep 1
|
|
190
|
+
end
|
|
191
|
+
end
|
data/lib/watobo/core/project.rb
CHANGED
|
@@ -34,31 +34,34 @@ module Watobo
|
|
|
34
34
|
# end
|
|
35
35
|
copy = Utils.copyObject(@request)
|
|
36
36
|
# now extend the new request with the Watobo mixins
|
|
37
|
-
copy.extend Watobo::Mixin::Parser::Url
|
|
38
|
-
copy.extend Watobo::Mixin::Parser::Web10
|
|
39
|
-
copy.extend Watobo::Mixin::Shaper::Web10
|
|
37
|
+
#copy.extend Watobo::Mixin::Parser::Url
|
|
38
|
+
#copy.extend Watobo::Mixin::Parser::Web10
|
|
39
|
+
#copy.extend Watobo::Mixin::Shaper::Web10
|
|
40
|
+
Watobo::Request.create copy
|
|
40
41
|
return copy
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
private
|
|
44
45
|
|
|
45
|
-
def extendRequest
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
end
|
|
46
|
+
# def extendRequest
|
|
47
|
+
# @request.extend Watobo::Mixin::Shaper::Web10
|
|
48
|
+
# @request.extend Watobo::Mixin::Parser::Web10
|
|
49
|
+
# @request.extend Watobo::Mixin::Parser::Url
|
|
50
|
+
# end
|
|
50
51
|
|
|
51
|
-
def extendResponse
|
|
52
|
-
|
|
53
|
-
end
|
|
52
|
+
# def extendResponse
|
|
53
|
+
# @response.extend Watobo::Mixin::Parser::Web10
|
|
54
|
+
# end
|
|
54
55
|
|
|
55
56
|
def initialize(request, response)
|
|
56
57
|
@request = request
|
|
57
58
|
@response = response
|
|
58
59
|
@file = nil
|
|
59
60
|
|
|
60
|
-
extendRequest()
|
|
61
|
-
extendResponse()
|
|
61
|
+
# extendRequest()
|
|
62
|
+
# extendResponse()
|
|
63
|
+
Watobo::Request.create @request
|
|
64
|
+
Watobo::Response.create @response
|
|
62
65
|
|
|
63
66
|
end
|
|
64
67
|
|
|
@@ -176,15 +179,15 @@ module Watobo
|
|
|
176
179
|
def id()
|
|
177
180
|
@details[:id]
|
|
178
181
|
end
|
|
179
|
-
|
|
182
|
+
|
|
180
183
|
def false_positive?
|
|
181
184
|
@details[:false_positive]
|
|
182
185
|
end
|
|
183
|
-
|
|
186
|
+
|
|
184
187
|
def set_false_positive
|
|
185
188
|
@details[:false_positive] = true
|
|
186
189
|
end
|
|
187
|
-
|
|
190
|
+
|
|
188
191
|
def unset_false_positive
|
|
189
192
|
@details[:false_positive] = false
|
|
190
193
|
end
|
|
@@ -210,15 +213,15 @@ module Watobo
|
|
|
210
213
|
@@numFindings += 1
|
|
211
214
|
|
|
212
215
|
}
|
|
213
|
-
|
|
214
|
-
|
|
216
|
+
# extendRequest()
|
|
217
|
+
# extendResponse()
|
|
215
218
|
|
|
216
219
|
end
|
|
217
220
|
|
|
218
221
|
end
|
|
219
222
|
|
|
220
223
|
class Project
|
|
221
|
-
|
|
224
|
+
|
|
222
225
|
attr :chats
|
|
223
226
|
attr_accessor :findings
|
|
224
227
|
attr :scan_settings
|
|
@@ -254,7 +257,7 @@ module Watobo
|
|
|
254
257
|
def projectSettingsFile
|
|
255
258
|
@project_file
|
|
256
259
|
end
|
|
257
|
-
|
|
260
|
+
|
|
258
261
|
def session_settings()
|
|
259
262
|
s = YAML.load(YAML.dump(scan_settings))
|
|
260
263
|
sf = [:logout_signatures, :non_unique_parms, :login_chat_ids, :excluded_chats, :csrf_request_ids, :scope ]
|
|
@@ -438,7 +441,7 @@ module Watobo
|
|
|
438
441
|
extend_request(request) unless request.respond_to? :site
|
|
439
442
|
hashbase = request.site + request.method + request.path
|
|
440
443
|
request.get_parm_names.sort.each do |p|
|
|
441
|
-
|
|
444
|
+
# puts "URL-Parm: #{p}"
|
|
442
445
|
if @scan_settings[:non_unique_parms].include?(p) then
|
|
443
446
|
hashbase += p + request.get_parm_value(p)
|
|
444
447
|
else
|
|
@@ -447,7 +450,7 @@ module Watobo
|
|
|
447
450
|
|
|
448
451
|
end
|
|
449
452
|
request.post_parm_names.sort.each do |p|
|
|
450
|
-
|
|
453
|
+
# puts "POST-Parm: #{p}"
|
|
451
454
|
if @scan_settings[:non_unique_parms].include?(p) then
|
|
452
455
|
hashbase += p + request.post_parm_value(p)
|
|
453
456
|
else
|
|
@@ -455,7 +458,7 @@ module Watobo
|
|
|
455
458
|
end
|
|
456
459
|
|
|
457
460
|
end
|
|
458
|
-
|
|
461
|
+
# puts hashbase
|
|
459
462
|
return Digest::MD5.hexdigest(hashbase)
|
|
460
463
|
rescue => bang
|
|
461
464
|
puts bang
|
|
@@ -492,7 +495,6 @@ module Watobo
|
|
|
492
495
|
@scan_settings.update new_settings
|
|
493
496
|
end
|
|
494
497
|
|
|
495
|
-
|
|
496
498
|
def findChats(site, opts={})
|
|
497
499
|
o = {
|
|
498
500
|
:dir => "",
|
|
@@ -549,33 +551,34 @@ module Watobo
|
|
|
549
551
|
end
|
|
550
552
|
|
|
551
553
|
def addChat(chat, prefs={})
|
|
552
|
-
@chats_lock.synchronize do
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
554
|
+
@chats_lock.synchronize do
|
|
555
|
+
begin
|
|
556
|
+
if chat.request.host then
|
|
557
|
+
chats.push chat
|
|
556
558
|
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
559
|
+
options = {
|
|
560
|
+
:run_passive_checks => true,
|
|
561
|
+
:notify => true
|
|
562
|
+
}
|
|
563
|
+
options.update prefs
|
|
562
564
|
|
|
563
|
-
|
|
565
|
+
runPassiveChecks(chat) if options[:run_passive_checks] == true
|
|
564
566
|
|
|
565
|
-
|
|
566
|
-
|
|
567
|
+
#@interface.addChat(self, chat) if @interface
|
|
568
|
+
notify(:new_chat, chat) if options[:notify] == true
|
|
567
569
|
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
570
|
+
if chat.id != 0 then
|
|
571
|
+
@session_store.add_chat(chat)
|
|
572
|
+
else
|
|
573
|
+
puts "!!! Could not add chat #{chat.id}"
|
|
574
|
+
end
|
|
572
575
|
end
|
|
576
|
+
|
|
577
|
+
# p "!P!"
|
|
578
|
+
rescue => bang
|
|
579
|
+
puts bang
|
|
580
|
+
puts bang.backtrace if $DEBUG
|
|
573
581
|
end
|
|
574
|
-
# p "!P!"
|
|
575
|
-
rescue => bang
|
|
576
|
-
puts bang
|
|
577
|
-
puts bang.backtrace if $DEBUG
|
|
578
|
-
end
|
|
579
582
|
end
|
|
580
583
|
end
|
|
581
584
|
|
|
@@ -583,8 +586,8 @@ module Watobo
|
|
|
583
586
|
@sessionMgr.runLogin(loginChats)
|
|
584
587
|
end
|
|
585
588
|
|
|
586
|
-
|
|
587
|
-
return false if @scan_settings[:scope].
|
|
589
|
+
def has_scope?()
|
|
590
|
+
return false if @scan_settings[:scope].empty?
|
|
588
591
|
@scan_settings[:scope].each_key do |k|
|
|
589
592
|
return true if @scan_settings[:scope][k][:enabled] == true
|
|
590
593
|
end
|
|
@@ -632,81 +635,72 @@ module Watobo
|
|
|
632
635
|
|
|
633
636
|
def addFinding(finding, opts={})
|
|
634
637
|
@findings_lock.synchronize do
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
638
|
+
options = {
|
|
639
|
+
:notify => true,
|
|
640
|
+
:save_finding => true
|
|
641
|
+
}
|
|
642
|
+
options.update opts
|
|
643
|
+
# puts "* add finding #{finding.details[:fid]}" if $DEBUG
|
|
644
|
+
|
|
645
|
+
@findings_count ||= Hash.new
|
|
646
|
+
@findings_count[finding.details[:class]] = 0 unless @findings_count.has_key? finding.details[:class]
|
|
647
|
+
|
|
648
|
+
unless @findings.has_key?(finding.details[:fid]) or @findings_count[finding.details[:class]] > 100
|
|
649
|
+
begin
|
|
650
|
+
@findings[finding.details[:fid]] = finding
|
|
651
|
+
@findings_count[finding.details[:class]] += 1
|
|
652
|
+
#@interface.addFinding(new_finding)
|
|
653
|
+
# puts "* new finding"
|
|
654
|
+
notify(:new_finding, finding) if options[:notify] == true
|
|
655
|
+
|
|
656
|
+
@session_store.add_finding(finding) if options[:save_finding] == true
|
|
657
|
+
rescue => bang
|
|
658
|
+
puts "!!!ERROR: #{Module.nesting[0].name}"
|
|
659
|
+
puts bang
|
|
660
|
+
puts bang.backtrace if $DEBUG
|
|
661
|
+
end
|
|
662
|
+
else
|
|
663
|
+
# puts "Skip finding <#{finding.details[:class]}>"
|
|
658
664
|
end
|
|
659
|
-
else
|
|
660
|
-
puts "Skip finding <#{finding.details[:class]}>"
|
|
661
|
-
end
|
|
662
665
|
end
|
|
663
666
|
|
|
664
667
|
end
|
|
665
|
-
|
|
668
|
+
|
|
666
669
|
def delete_finding(f)
|
|
667
670
|
@findings_lock.synchronize do
|
|
668
671
|
@session_store.delete_finding(f)
|
|
669
672
|
@findings.delete f.details[:fid]
|
|
670
673
|
end
|
|
671
674
|
end
|
|
672
|
-
|
|
675
|
+
|
|
673
676
|
def set_false_positive(finding)
|
|
674
677
|
@findings_lock.synchronize do
|
|
675
678
|
puts "Set Finding #{finding.id} / #{finding.details[:fid]} False-Positive" if $DEBUG
|
|
676
679
|
if @findings.has_key? finding.details[:fid]
|
|
677
680
|
@findings[finding.details[:fid]].set_false_positive
|
|
678
|
-
|
|
679
|
-
|
|
681
|
+
@session_store.update_finding(finding)
|
|
682
|
+
return true
|
|
680
683
|
end
|
|
681
684
|
return false
|
|
682
685
|
end
|
|
683
686
|
end
|
|
684
|
-
|
|
687
|
+
|
|
685
688
|
def unset_false_positive(finding)
|
|
686
689
|
@findings_lock.synchronize do
|
|
687
690
|
if @findings.has_key? finding.id
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
+
@findings[finding.id].unset_false_positive
|
|
692
|
+
@session_store.update_finding(finding)
|
|
693
|
+
return true
|
|
691
694
|
end
|
|
692
695
|
return false
|
|
693
696
|
end
|
|
694
697
|
end
|
|
695
698
|
|
|
696
|
-
|
|
697
699
|
def setupProject(progress_window=nil)
|
|
698
700
|
begin
|
|
699
701
|
puts "DEBUG: Setup Project" if $DEBUG and $debug_project
|
|
700
702
|
importSession()
|
|
701
|
-
=begin
|
|
702
|
-
importSession(progress_window)
|
|
703
|
-
|
|
704
|
-
init_active_modules(progress_window)
|
|
705
703
|
|
|
706
|
-
init_passive_modules(progress_window)
|
|
707
|
-
|
|
708
|
-
initPlugins(progress_window)
|
|
709
|
-
=end
|
|
710
704
|
rescue => bang
|
|
711
705
|
puts bang
|
|
712
706
|
puts bang.backtrace if $DEBUG
|
|
@@ -913,55 +907,7 @@ module Watobo
|
|
|
913
907
|
notify(:update_progress, :increment =>1, :job => "finding #{f.id}" )
|
|
914
908
|
addFinding(f, :notify => true, :save_finding => false ) if f
|
|
915
909
|
end
|
|
916
|
-
=begin
|
|
917
|
-
puts "* Import Session:"
|
|
918
|
-
puts "+ Conversation Path:\n>> #{File.expand_path(@conversations_path)}"
|
|
919
|
-
|
|
920
|
-
puts
|
|
921
|
-
chatIds = listChatIds(@conversations_path, "chat")
|
|
922
|
-
findingIds = listChatIds(@findings_path, "finding")
|
|
923
|
-
|
|
924
|
-
numChats = chatIds.length
|
|
925
|
-
numFindings = findingIds.length
|
|
926
|
-
numImports = numChats + numFindings
|
|
927
|
-
pc = 0
|
|
928
910
|
|
|
929
|
-
notify(:update_progress, :total => numImports, :task => "Import Conversation")
|
|
930
|
-
|
|
931
|
-
begin
|
|
932
|
-
chatIds.each_with_index do |id, index|
|
|
933
|
-
|
|
934
|
-
notify(:update_progress, :increment =>1, :job => "chat #{index}/#{numChats}" )
|
|
935
|
-
|
|
936
|
-
fname = File.join(@conversations_path, "#{id}-chat")
|
|
937
|
-
chat = Watobo::Utils.loadChatYAML(fname)
|
|
938
|
-
addChat(chat, :run_passive_checks => false, :notify => false ) if chat
|
|
939
|
-
end
|
|
940
|
-
rescue => bang
|
|
941
|
-
puts "!!!ERROR: Could not import conversations"
|
|
942
|
-
puts bang
|
|
943
|
-
puts bang.backtrace if $DEBUG
|
|
944
|
-
end
|
|
945
|
-
|
|
946
|
-
puts "+ Findings Path:\n>> #{File.expand_path(@findings_path)}"
|
|
947
|
-
|
|
948
|
-
notify(:update_progress, :task => "Import Findings")
|
|
949
|
-
begin
|
|
950
|
-
findingIds.each_with_index do |id, index|
|
|
951
|
-
notify(:update_progress, :increment => 1, :job => "Finding #{index}/#{numFindings}")
|
|
952
|
-
|
|
953
|
-
fname = File.join(@findings_path, "#{id}-finding")
|
|
954
|
-
finding = Watobo::Utils.loadFindingYAML(fname)
|
|
955
|
-
|
|
956
|
-
addFinding(finding, :notify => false) if finding
|
|
957
|
-
|
|
958
|
-
end
|
|
959
|
-
rescue => bang
|
|
960
|
-
puts "!!!ERROR: Could not import finding [#{id}]"
|
|
961
|
-
puts bang
|
|
962
|
-
|
|
963
|
-
end
|
|
964
|
-
=end
|
|
965
911
|
end
|
|
966
912
|
|
|
967
913
|
def setDefaults_UNUSED()
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# .
|
|
2
|
+
# proxy.rb
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
|
5
|
+
#
|
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
|
+
# http://watobo.sourceforge.com
|
|
8
|
+
#
|
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
|
12
|
+
#
|
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
+
# GNU General Public License for more details.
|
|
17
|
+
#
|
|
18
|
+
# You should have received a copy of the GNU General Public License
|
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
+
# .
|
|
22
|
+
module Watobo
|
|
23
|
+
class Proxy
|
|
24
|
+
include Watobo::Constants
|
|
25
|
+
|
|
26
|
+
attr :login
|
|
27
|
+
|
|
28
|
+
def method_missing(name, *args, &block)
|
|
29
|
+
# puts "* instance method missing (#{name})"
|
|
30
|
+
if @settings.has_key? name.to_sym
|
|
31
|
+
return @settings[name.to_sym]
|
|
32
|
+
else
|
|
33
|
+
super
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
|
|
38
|
+
def has_login?
|
|
39
|
+
# puts @settings.to_yaml
|
|
40
|
+
return false if @settings[:auth_type] == AUTH_TYPE_NONE
|
|
41
|
+
return true
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def initialize(prefs)
|
|
45
|
+
@login = nil
|
|
46
|
+
raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :host
|
|
47
|
+
raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :port
|
|
48
|
+
raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :name
|
|
49
|
+
|
|
50
|
+
@settings = {
|
|
51
|
+
:auth_type => AUTH_TYPE_NONE,
|
|
52
|
+
:username => '',
|
|
53
|
+
:password => '',
|
|
54
|
+
:domain => '',
|
|
55
|
+
:workstation => ''}
|
|
56
|
+
|
|
57
|
+
@settings.update prefs
|
|
58
|
+
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# .
|
|
2
|
+
# request.rb
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
|
5
|
+
#
|
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
|
+
# http://watobo.sourceforge.com
|
|
8
|
+
#
|
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
|
12
|
+
#
|
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
+
# GNU General Public License for more details.
|
|
17
|
+
#
|
|
18
|
+
# You should have received a copy of the GNU General Public License
|
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
+
# .
|
|
22
|
+
module Watobo
|
|
23
|
+
def self.create_request(url, prefs={})
|
|
24
|
+
u = "http://" unless url =~ /^http/
|
|
25
|
+
u << url
|
|
26
|
+
uri = URI.parse u
|
|
27
|
+
r = "GET #{uri.to_s} HTTP/1.0\r\n"
|
|
28
|
+
r << "Host: #{uri.host}"
|
|
29
|
+
r.extend Watobo::Mixins::RequestParser
|
|
30
|
+
r.to_request
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
module Request
|
|
34
|
+
def self.create request
|
|
35
|
+
request.extend Watobo::Mixin::Parser::Url
|
|
36
|
+
request.extend Watobo::Mixin::Parser::Web10
|
|
37
|
+
request.extend Watobo::Mixin::Shaper::Web10
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# .
|
|
2
|
+
# response.rb
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
|
5
|
+
#
|
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
|
+
# http://watobo.sourceforge.com
|
|
8
|
+
#
|
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
|
12
|
+
#
|
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
+
# GNU General Public License for more details.
|
|
17
|
+
#
|
|
18
|
+
# You should have received a copy of the GNU General Public License
|
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
+
# .
|
|
22
|
+
module Watobo
|
|
23
|
+
module Response
|
|
24
|
+
def self.create( response )
|
|
25
|
+
response.extend Watobo::Mixin::Parser::Web10
|
|
26
|
+
response.extend Watobo::Mixin::Shaper::Web10
|
|
27
|
+
response.extend Watobo::Mixin::Shaper::HttpResponse
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|