watobo 0.9.9.pre3 → 0.9.9

data/lib/watobo/core/netfilter_queue.rb

@@ -0,0 +1,191 @@
+# .
+# netfilter_queue.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module NFQueue
+    @ssl_requests = Hash.new
+    @cert_list = Hash.new
+
+    @netqueue_lock = Mutex.new
+    @t_nfqueue = nil
+
+    @nfq_present = false
+
+    begin
+      require "nfqueue"
+      @nfq_present = true
+    rescue LoadError
+      puts "NFQUEUE not available on this system"
+    end
+
+    def self.get_ip_string(raw_addr)
+      begin
+        ip = ""
+        raw_addr.length.times do |i|
+          ip << "." unless ip.empty?
+          ip << raw_addr[i].ord.to_s
+        end
+      rescue => bang
+        puts bang
+        puts bang.backtrace
+      end
+      ip
+    end
+
+    def self.stop
+      @t_nfqueue.kill if @t_nfqueue.respond_to? :kill
+    end
+
+    def self.start
+      #  @t_nfqueue.raise unless @t_nfqueue.nil?
+      puts @t_nfqueue.status if @t_nfqueue.respond_to? :status
+
+      puts "starting netfilter_queue ..."
+      @t_nfqueue = Thread.new{
+       begin
+        Netfilter::Queue.create(0) do |p|
+          puts ">> Netfilter Packet #" + p.id.to_s
+        #  $stdout.flush
+          puts p.data.class
+          raw_src = p.data[12..15]
+          raw_dst = p.data[16..19]
+          src_port = p.data[20..21].unpack("H4")[0].hex
+          dst_port = p.data[22..24].unpack("H4")[0].hex
+         # if p.data.length > 47
+         # flags = p.data[47].unpack("H*")[0].hex
+         # puts flags.to_s
+         # if flags == 2
+          puts  "ADD SSL REQUEST"
+          puts "#{get_ip_string(raw_src)}:#{src_port} -> #{get_ip_string(raw_dst)}:#{dst_port}"
+           @netqueue_lock.synchronize do
+          if add_ssl_request(get_ip_string(raw_src), src_port, get_ip_string(raw_dst), dst_port)
+          puts "OK"
+          end
+          end
+          #end
+          #end
+          Netfilter::Packet::ACCEPT
+        end
+      rescue => bang
+       puts bang
+       puts bang.backtrace
+      # retry
+      rescue Netfilter::QueueError
+      puts "NetfilterERROR"
+      exit
+      end
+      }
+
+      @t_nfqueue
+    end
+
+    def self.add_ssl_request(c_host, c_port, s_host, s_port)
+      ck = "#{c_host}:#{c_port}"
+      sk = "#{s_host}:#{s_port}"
+
+      begin
+
+        unless @cert_list.has_key? sk
+          if cert = acquire_cert(s_host,s_port)
+          @ssl_requests[ck] = sk
+          @cert_list[sk] = cert
+          else
+          return false
+          end
+        else
+        @ssl_requests[ck] = sk
+        end
+
+        return true
+      rescue => bang
+        puts bang
+        puts bang.backtrace
+      end
+      return false
+
+    end
+
+    def self.get_connection_info(c_host,c_port)
+      begin
+        ck = "#{c_host}:#{c_port}"
+        target_site = nil
+        cert = nil
+        @netqueue_lock.synchronize do
+          if @ssl_requests.has_key? ck
+          target_site = @ssl_requests[ck]
+          cert = @cert_list[target_site] if @cert_list.has_key? target_site
+          end
+        end
+        return target_site, cert
+      rescue => bang
+        puts bang
+        puts bang.backtrace
+      end
+      return nil, nil
+    end
+
+    def self.acquire_cert(host, port)
+      puts "* acquire cert ... #{host}:#{port}"
+      begin
+        tcp_socket = TCPSocket.new( host, port )
+        tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
+        tcp_socket.sync = true
+        ctx = OpenSSL::SSL::SSLContext.new()
+
+        ctx.tmp_dh_callback = proc { |*args|
+          OpenSSL::PKey::DH.new(128)
+        }
+
+        socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
+
+        socket.connect
+        #socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
+        sk = "#{host}:#{port}"
+        cert = socket.peer_cert
+        @cert_list[sk] = cert
+        puts "PEER CERT SUBJECT: #{cert.subject}"
+        # puts cert.subject.methods.sort
+        return cert
+
+      rescue => bang
+        puts bang
+        puts bang.backtrace
+      end
+      return nil
+    end
+
+  end
+end
+
+if $0 == __FILE__
+  inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..","..","..", "lib")) # this is the same as rubygems would do
+  $: << inc_path
+
+  require 'watobo'
+  require 'nfqueue'
+
+  Watobo::Interceptor.proxy_mode = Watobo::Interceptor::MODE_TRANSPARENT
+  @iproxy = Watobo::InterceptProxy.new()
+  @iproxy.run
+  while 1
+    sleep 1
+  end
+end

data/lib/watobo/core/project.rb

@@ -34,31 +34,34 @@ module Watobo
       # end
       copy = Utils.copyObject(@request)
       # now extend the new request with the Watobo mixins
-      copy.extend Watobo::Mixin::Parser::Url
-      copy.extend Watobo::Mixin::Parser::Web10
-      copy.extend Watobo::Mixin::Shaper::Web10
+      #copy.extend Watobo::Mixin::Parser::Url
+      #copy.extend Watobo::Mixin::Parser::Web10
+      #copy.extend Watobo::Mixin::Shaper::Web10
+      Watobo::Request.create copy
       return copy
     end
 
     private
 
-    def extendRequest
-      @request.extend Watobo::Mixin::Shaper::Web10
-      @request.extend Watobo::Mixin::Parser::Web10
-      @request.extend Watobo::Mixin::Parser::Url
-    end
+    # def extendRequest
+    #   @request.extend Watobo::Mixin::Shaper::Web10
+    #   @request.extend Watobo::Mixin::Parser::Web10
+    #   @request.extend Watobo::Mixin::Parser::Url
+    # end
 
-    def extendResponse
-      @response.extend Watobo::Mixin::Parser::Web10
-    end
+    # def extendResponse
+    #   @response.extend Watobo::Mixin::Parser::Web10
+    # end
 
     def initialize(request, response)
       @request = request
       @response = response
       @file = nil
 
-      extendRequest()
-      extendResponse()
+      #  extendRequest()
+      #  extendResponse()
+      Watobo::Request.create @request
+      Watobo::Response.create @response
 
     end
 
@@ -176,15 +179,15 @@ module Watobo
     def id()
       @details[:id]
     end
-    
+
     def false_positive?
       @details[:false_positive]
     end
-    
+
     def set_false_positive
       @details[:false_positive] = true
     end
-    
+
     def unset_false_positive
       @details[:false_positive] = false
     end
@@ -210,15 +213,15 @@ module Watobo
         @@numFindings += 1
 
       }
-      extendRequest()
-      extendResponse()
+    #  extendRequest()
+    #  extendResponse()
 
     end
 
   end
 
   class Project
-    
+
     attr :chats
     attr_accessor :findings
     attr :scan_settings
@@ -254,7 +257,7 @@ module Watobo
     def projectSettingsFile
       @project_file
     end
-    
+
     def session_settings()
       s = YAML.load(YAML.dump(scan_settings))
       sf =  [:logout_signatures, :non_unique_parms, :login_chat_ids, :excluded_chats, :csrf_request_ids, :scope ]
@@ -438,7 +441,7 @@ module Watobo
         extend_request(request) unless request.respond_to? :site
         hashbase = request.site + request.method + request.path
         request.get_parm_names.sort.each do |p|
-         # puts "URL-Parm: #{p}"
+        # puts "URL-Parm: #{p}"
           if @scan_settings[:non_unique_parms].include?(p) then
           hashbase += p + request.get_parm_value(p)
           else
@@ -447,7 +450,7 @@ module Watobo
 
         end
         request.post_parm_names.sort.each do |p|
-         # puts "POST-Parm: #{p}"
+        # puts "POST-Parm: #{p}"
           if @scan_settings[:non_unique_parms].include?(p) then
           hashbase += p + request.post_parm_value(p)
           else
@@ -455,7 +458,7 @@ module Watobo
           end
 
         end
-       # puts hashbase
+        # puts hashbase
         return Digest::MD5.hexdigest(hashbase)
       rescue => bang
         puts bang
@@ -492,7 +495,6 @@ module Watobo
       @scan_settings.update new_settings
     end
 
-    
     def findChats(site, opts={})
       o = {
         :dir => "",
@@ -549,33 +551,34 @@ module Watobo
     end
 
     def addChat(chat, prefs={})
-      @chats_lock.synchronize do 
-      begin
-        if chat.request.host then
-          chats.push chat
+      @chats_lock.synchronize do
+        begin
+          if chat.request.host then
+            chats.push chat
 
-          options = {
-            :run_passive_checks => true,
-            :notify => true
-          }
-          options.update prefs
+            options = {
+              :run_passive_checks => true,
+              :notify => true
+            }
+            options.update prefs
 
-          runPassiveChecks(chat) if options[:run_passive_checks] == true
+            runPassiveChecks(chat) if options[:run_passive_checks] == true
 
-          #@interface.addChat(self, chat) if @interface
-          notify(:new_chat, chat) if options[:notify] == true
+            #@interface.addChat(self, chat) if @interface
+            notify(:new_chat, chat) if options[:notify] == true
 
-          if chat.id != 0 then
-          @session_store.add_chat(chat)
-          else
-            puts "!!! Could not add chat #{chat.id}"
+            if chat.id != 0 then
+            @session_store.add_chat(chat)
+            else
+              puts "!!! Could not add chat #{chat.id}"
+            end
           end
+
+          # p "!P!"
+        rescue => bang
+          puts bang
+          puts bang.backtrace if $DEBUG
         end
-        # p "!P!"
-      rescue => bang
-        puts bang
-        puts bang.backtrace if $DEBUG
-      end
       end
     end
 
@@ -583,8 +586,8 @@ module Watobo
       @sessionMgr.runLogin(loginChats)
     end
 
-   def has_scope?()
-      return false if @scan_settings[:scope].nil?
+    def has_scope?()
+      return false if @scan_settings[:scope].empty?
       @scan_settings[:scope].each_key do |k|
         return true if @scan_settings[:scope][k][:enabled] == true
       end
@@ -632,81 +635,72 @@ module Watobo
 
     def addFinding(finding, opts={})
       @findings_lock.synchronize do
-      options = {
-        :notify => true,
-        :save_finding => true
-      }
-      options.update opts
-      #  puts "* add finding #{finding.details[:fid]}" if $DEBUG
-      
-      @findings_count ||= Hash.new
-      @findings_count[finding.details[:class]] = 0 unless @findings_count.has_key? finding.details[:class]
-
-      unless @findings.has_key?(finding.details[:fid]) or @findings_count[finding.details[:class]] > 100
-        begin
-          @findings[finding.details[:fid]] = finding
-          @findings_count[finding.details[:class]] += 1
-          #@interface.addFinding(new_finding)
-          #   puts "* new finding"
-          notify(:new_finding, finding) if options[:notify] == true
-
-          @session_store.add_finding(finding) if options[:save_finding] == true
-        rescue => bang
-          puts "!!!ERROR: #{Module.nesting[0].name}"
-          puts bang
-          puts bang.backtrace if $DEBUG
+        options = {
+          :notify => true,
+          :save_finding => true
+        }
+        options.update opts
+        #  puts "* add finding #{finding.details[:fid]}" if $DEBUG
+
+        @findings_count ||= Hash.new
+        @findings_count[finding.details[:class]] = 0 unless @findings_count.has_key? finding.details[:class]
+
+        unless @findings.has_key?(finding.details[:fid]) or @findings_count[finding.details[:class]] > 100
+          begin
+            @findings[finding.details[:fid]] = finding
+            @findings_count[finding.details[:class]] += 1
+            #@interface.addFinding(new_finding)
+            #   puts "* new finding"
+            notify(:new_finding, finding) if options[:notify] == true
+
+            @session_store.add_finding(finding) if options[:save_finding] == true
+          rescue => bang
+            puts "!!!ERROR: #{Module.nesting[0].name}"
+            puts bang
+            puts bang.backtrace if $DEBUG
+          end
+        else
+        # puts "Skip finding <#{finding.details[:class]}>"
         end
-      else
-        puts "Skip finding <#{finding.details[:class]}>"
-      end
       end
 
     end
-    
+
     def delete_finding(f)
       @findings_lock.synchronize do
         @session_store.delete_finding(f)
         @findings.delete f.details[:fid]
       end
     end
-    
+
     def set_false_positive(finding)
       @findings_lock.synchronize do
         puts "Set Finding #{finding.id} / #{finding.details[:fid]} False-Positive" if $DEBUG
         if @findings.has_key? finding.details[:fid]
           @findings[finding.details[:fid]].set_false_positive
-          @session_store.update_finding(finding)
-          return true
+        @session_store.update_finding(finding)
+        return true
         end
         return false
       end
     end
-    
+
     def unset_false_positive(finding)
       @findings_lock.synchronize do
         if @findings.has_key? finding.id
-          @findings[finding.id].unset_false_positive
-          @session_store.update_finding(finding)
-          return true
+        @findings[finding.id].unset_false_positive
+        @session_store.update_finding(finding)
+        return true
         end
         return false
       end
     end
 
-
     def setupProject(progress_window=nil)
       begin
         puts "DEBUG: Setup Project" if $DEBUG and $debug_project
         importSession()
-=begin
-        importSession(progress_window)
-
-        init_active_modules(progress_window)
 
-        init_passive_modules(progress_window)
-
-        initPlugins(progress_window)
-=end
       rescue => bang
         puts bang
         puts bang.backtrace if $DEBUG
@@ -913,55 +907,7 @@ module Watobo
         notify(:update_progress, :increment =>1, :job => "finding #{f.id}" )
         addFinding(f, :notify => true, :save_finding => false ) if f
       end
-=begin
-    puts "* Import Session:"
-    puts "+ Conversation Path:\n>> #{File.expand_path(@conversations_path)}"
-
-    puts
-    chatIds = listChatIds(@conversations_path, "chat")
-    findingIds = listChatIds(@findings_path, "finding")
-
-    numChats = chatIds.length
-    numFindings = findingIds.length
-    numImports = numChats + numFindings
-    pc = 0
 
-    notify(:update_progress, :total => numImports, :task => "Import Conversation")
-
-    begin
-    chatIds.each_with_index do |id, index|
-
-    notify(:update_progress, :increment =>1, :job => "chat #{index}/#{numChats}" )
-
-    fname = File.join(@conversations_path, "#{id}-chat")
-    chat = Watobo::Utils.loadChatYAML(fname)
-    addChat(chat, :run_passive_checks => false, :notify => false ) if chat
-    end
-    rescue => bang
-    puts "!!!ERROR: Could not import conversations"
-    puts bang
-    puts bang.backtrace if $DEBUG
-    end
-
-    puts "+ Findings Path:\n>> #{File.expand_path(@findings_path)}"
-
-    notify(:update_progress, :task => "Import Findings")
-    begin
-    findingIds.each_with_index do |id, index|
-    notify(:update_progress, :increment => 1, :job => "Finding #{index}/#{numFindings}")
-
-    fname = File.join(@findings_path, "#{id}-finding")
-    finding = Watobo::Utils.loadFindingYAML(fname)
-
-    addFinding(finding, :notify => false) if finding
-
-    end
-    rescue => bang
-    puts "!!!ERROR: Could not import finding [#{id}]"
-    puts bang
-
-    end
-=end
     end
 
     def setDefaults_UNUSED()

data/lib/watobo/core/proxy.rb

@@ -0,0 +1,61 @@
+# .
+# proxy.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  class Proxy
+      include Watobo::Constants
+      
+      attr :login
+      
+      def method_missing(name, *args, &block)
+          # puts "* instance method missing (#{name})"
+          if @settings.has_key? name.to_sym
+            return @settings[name.to_sym]
+          else
+            super
+          end
+        end
+
+
+      def has_login?
+       # puts @settings.to_yaml
+        return false if @settings[:auth_type] == AUTH_TYPE_NONE
+        return true
+      end
+
+      def initialize(prefs)
+        @login = nil
+        raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :host
+        raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :port
+        raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :name
+        
+        @settings = { 
+          :auth_type => AUTH_TYPE_NONE, 
+          :username => '', 
+          :password => '',
+          :domain => '',
+          :workstation => ''}
+        
+        @settings.update prefs
+
+      end
+    end
+end

data/lib/watobo/core/request.rb

@@ -0,0 +1,40 @@
+# .
+# request.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  def self.create_request(url, prefs={})
+    u = "http://" unless url =~ /^http/
+    u << url
+    uri = URI.parse u
+     r = "GET #{uri.to_s} HTTP/1.0\r\n"
+     r << "Host: #{uri.host}" 
+     r.extend Watobo::Mixins::RequestParser
+     r.to_request
+  end
+  
+  module Request
+    def self.create request
+      request.extend Watobo::Mixin::Parser::Url
+      request.extend Watobo::Mixin::Parser::Web10
+      request.extend Watobo::Mixin::Shaper::Web10
+    end
+  end
+end

data/lib/watobo/core/response.rb

@@ -0,0 +1,30 @@
+# .
+# response.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Response
+    def self.create( response )
+      response.extend Watobo::Mixin::Parser::Web10
+      response.extend Watobo::Mixin::Shaper::Web10
+      response.extend Watobo::Mixin::Shaper::HttpResponse
+    end
+  end
+end