watobo 0.9.9.pre3 → 0.9.9
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +24 -0
- data/CHANGELOG +17 -7
- data/README +4 -60
- data/bin/nfq_server.rb +191 -0
- data/config/interceptor.yml +2 -6
- data/lib/watobo/adapters/data_store.rb +1 -1
- data/lib/watobo/adapters/file/file_store.rb +50 -33
- data/lib/watobo/ca.rb +22 -0
- data/lib/watobo/config.rb +6 -0
- data/lib/watobo/core/ca.rb +411 -0
- data/lib/watobo/core/cert_store.rb +56 -0
- data/lib/watobo/core/forwarding_proxy.rb +38 -0
- data/lib/watobo/core/http_socket.rb +18 -0
- data/lib/watobo/core/intercept_carver.rb +179 -0
- data/lib/watobo/core/intercept_filter.rb +257 -0
- data/lib/watobo/core/interceptor.rb +342 -79
- data/lib/watobo/core/netfilter_queue.rb +191 -0
- data/lib/watobo/core/project.rb +84 -138
- data/lib/watobo/core/proxy.rb +61 -0
- data/lib/watobo/core/request.rb +40 -0
- data/lib/watobo/core/response.rb +30 -0
- data/lib/watobo/core/scanner.rb +64 -58
- data/lib/watobo/core/session.rb +70 -77
- data/lib/watobo/core.rb +1 -1
- data/lib/watobo/framework/create_project.rb +25 -10
- data/lib/watobo/framework/init.rb +13 -0
- data/lib/watobo/gui/browser_preview.rb +5 -4
- data/lib/watobo/gui/checks_policy_frame.rb +1 -0
- data/lib/watobo/gui/client_cert_dialog.rb +11 -6
- data/lib/watobo/gui/conversation_table.rb +7 -4
- data/lib/watobo/gui/fuzzer_gui.rb +9 -11
- data/lib/watobo/gui/intercept_filter_dialog.rb +210 -0
- data/lib/watobo/gui/interceptor_gui.rb +59 -21
- data/lib/watobo/gui/interceptor_settings_dialog.rb +39 -5
- data/lib/watobo/gui/list_box.rb +2 -1
- data/lib/watobo/gui/log_viewer.rb +79 -5
- data/lib/watobo/gui/main_window.rb +159 -113
- data/lib/watobo/gui/manual_request_editor.rb +11 -5
- data/lib/watobo/gui/mixins/subscriber.rb +47 -0
- data/lib/watobo/gui/project_wizzard.rb +3 -3
- data/lib/watobo/gui/proxy_dialog.rb +17 -18
- data/lib/watobo/gui/request_editor.rb +1 -1
- data/lib/watobo/gui/rewrite_filters_dialog.rb +416 -0
- data/lib/watobo/gui/rewrite_rules_dialog.rb +394 -0
- data/lib/watobo/gui/scanner_settings_dialog.rb +9 -6
- data/lib/watobo/gui/session_management_dialog.rb +33 -23
- data/lib/watobo/gui/sites_tree.rb +5 -6
- data/lib/watobo/gui/status_bar.rb +101 -49
- data/lib/watobo/gui/table_editor.rb +1 -1
- data/lib/watobo/gui/templates/plugin2.rb +23 -27
- data/lib/watobo/gui/utils/save_default_settings.rb +9 -9
- data/lib/watobo/gui/utils/save_proxy_settings.rb +25 -9
- data/lib/watobo/gui/utils/save_scanner_settings.rb +10 -7
- data/lib/watobo/gui/utils/session_history.rb +1 -1
- data/lib/watobo/gui/www_auth_dialog.rb +25 -21
- data/lib/watobo/gui.rb +3 -1
- data/lib/watobo/mixins/httpparser.rb +47 -40
- data/lib/watobo/mixins/request_parser.rb +126 -41
- data/lib/watobo/mixins/shapers.rb +124 -15
- data/lib/watobo/utils/hexprint.rb +31 -0
- data/lib/watobo/utils/load_chat.rb +2 -0
- data/lib/watobo/utils/response_builder.rb +111 -0
- data/lib/watobo.rb +4 -1
- data/modules/active/discovery/http_methods.rb +6 -4
- data/modules/active/fileinclusion/lfi_simple.rb +3 -3
- data/modules/active/sqlinjection/sqli_timing.rb +6 -6
- data/modules/passive/redirectionz.rb +5 -6
- data/plugins/catalog/catalog.rb +240 -56
- data/plugins/catalog/db_tests +1 -6483
- data/plugins/catalog/db_variables +2 -29
- data/plugins/crawler/gui/auth_frame.rb +15 -3
- data/plugins/crawler/gui/crawler_gui.rb +24 -0
- data/plugins/crawler/gui/hooks_frame.rb +7 -2
- data/plugins/crawler/gui/settings_tabbook.rb +4 -0
- data/plugins/crawler/gui.rb +3 -3
- data/plugins/crawler/lib/engine.rb +1 -1
- data/plugins/filefinder/filefinder.rb +21 -17
- data/plugins/sqlmap/bin/test.rb +100 -0
- data/plugins/sqlmap/gui/main.rb +227 -0
- data/plugins/sqlmap/gui/options_frame.rb +119 -0
- data/plugins/sqlmap/gui.rb +27 -0
- data/plugins/sqlmap/icons/sqlmap.ico +0 -0
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +116 -0
- data/plugins/sqlmap/sqlmap.rb +26 -0
- data/plugins/sslchecker/gui/gui.rb +45 -30
- metadata +32 -9
- data/certificates/cert.pem +0 -19
- data/certificates/privkey.pem +0 -15
- data/certificates/watobo_dh.key +0 -5
- data/lib/watobo/core/simple_ca.rb +0 -393
data/lib/watobo/core/scanner.rb
CHANGED
@@ -197,75 +197,80 @@ module Watobo
|
|
197
197
|
notify(:logger, LOG_INFO, msg )
|
198
198
|
puts msg
|
199
199
|
#scan_session = Time.now.to_i
|
200
|
-
|
201
|
-
|
200
|
+
|
202
201
|
@active_checks.uniq.each do |mod|
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
202
|
+
check = mod
|
203
|
+
#check = mod.new(@prefs[:scan_session], @prefs ) if mod.respond_to? :new
|
204
|
+
puts "* subscribe for logout" if $DEBUG
|
205
|
+
check.subscribe(:logout) { |m|
|
206
|
+
next if @login_count > @max_login_count or @prefs[:auto_login] == false
|
207
|
+
if @login_mutex.try_lock
|
208
|
+
begin
|
209
|
+
m.waitLogin(true)
|
210
|
+
Watobo.print_debug("LOGOUT DETECTED") if $DEBUG
|
211
|
+
@login_count += 1
|
212
|
+
m.runLogin(@prefs[:login_chats])
|
213
|
+
|
214
|
+
m.waitLogin(false) if m
|
215
|
+
rescue => bang
|
216
|
+
Watobo.print_debug("Could not relogin") if $DEBUG
|
217
|
+
puts bang
|
218
|
+
puts bang.backtrace if $DEBUG
|
219
|
+
ensure
|
220
|
+
|
221
|
+
end
|
222
|
+
@login_mutex.unlock
|
223
|
+
end
|
225
224
|
|
226
225
|
}
|
227
226
|
|
228
227
|
puts "* subscribe for :check_finished" if $DEBUG
|
229
228
|
check.clearEvents(:check_finished)
|
229
|
+
|
230
230
|
check.subscribe(:check_finished) do |m, request, response|
|
231
231
|
# update progress
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
end
|
241
|
-
end
|
232
|
+
@check_count ||= 0
|
233
|
+
@check_count += 1
|
234
|
+
puts "CheckCount: #{@check_count}" if $DEBUG
|
235
|
+
notify( :progress, m )
|
236
|
+
unless @prefs[:scanlog_name].nil?
|
237
|
+
if @prefs[:session_store].respond_to? :add_scan_log
|
238
|
+
chat = Chat.new(request, response, :id => 0, :chat_source => @prefs[:chat_source])
|
239
|
+
@prefs[:session_store].add_scan_log(chat, @prefs[:scanlog_name])
|
242
240
|
end
|
241
|
+
end
|
242
|
+
end
|
243
243
|
|
244
|
-
puts "* subscribe for :new_finding" if $DEBUG
|
245
|
-
check.clearEvents(:new_finding)
|
244
|
+
puts "* subscribe for :new_finding" if $DEBUG
|
245
|
+
check.clearEvents(:new_finding)
|
246
246
|
check.subscribe(:new_finding) do |f|
|
247
|
-
|
248
|
-
|
249
|
-
|
247
|
+
# p "* NEW FINDING"
|
248
|
+
# p f.details[:module]
|
249
|
+
notify(:new_finding, f)
|
250
250
|
end
|
251
|
-
|
252
|
-
end
|
253
|
-
|
251
|
+
|
252
|
+
end
|
253
|
+
|
254
254
|
tlist = []
|
255
255
|
@filtered_chat_list.uniq.each do |chat|
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
256
|
+
# puts "CHAT --> #{chat.id}"
|
257
|
+
@active_checks.uniq.each do |mod|
|
258
|
+
# puts "MOD"
|
259
|
+
print "---> #{mod.class}"
|
260
|
+
# accept Class- and Check-Types
|
261
|
+
check = mod
|
262
|
+
|
263
|
+
# reset check counters and variables
|
264
|
+
check.reset()
|
265
|
+
if @prefs[:online_check] == false or siteAlive?(chat) then
|
266
|
+
@check_list << Thread.new(check, chat, check_prefs){|m, c, p|
|
267
|
+
m_name = m.class.to_s.gsub(/.*::/,'')
|
268
|
+
notify(:module_started, m_name)
|
269
|
+
m.run_checks(c,p)
|
270
|
+
notify(:logger, LOG_INFO, "finished checks: #{m.class} on chat #{c.id}")
|
271
|
+
notify(:module_finished, m_name)
|
272
|
+
}
|
273
|
+
end
|
269
274
|
end
|
270
275
|
end
|
271
276
|
|
@@ -300,9 +305,9 @@ module Watobo
|
|
300
305
|
@status = :stopped
|
301
306
|
|
302
307
|
# @onlineCheck = OnlineCheck.new(@project)
|
303
|
-
|
304
|
-
notify(:logger, LOG_INFO,
|
305
|
-
puts
|
308
|
+
msg = "Initializing Scanner ..."
|
309
|
+
notify(:logger, LOG_INFO, msg)
|
310
|
+
puts msg
|
306
311
|
|
307
312
|
@prefs = {
|
308
313
|
#:root_path => [],
|
@@ -330,6 +335,7 @@ module Watobo
|
|
330
335
|
puts @prefs.to_yaml if $DEBUG
|
331
336
|
|
332
337
|
@filtered_chat_list = filteredChats(@chat_list, @prefs)
|
338
|
+
puts "#ActiveChecks: #{@active_checks.length}"
|
333
339
|
|
334
340
|
@active_checks.uniq.each do |m|
|
335
341
|
puts m.class
|
data/lib/watobo/core/session.rb
CHANGED
@@ -20,44 +20,7 @@
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
22
|
module Watobo
|
23
|
-
|
24
|
-
include Watobo::Constants
|
25
|
-
|
26
|
-
attr :login
|
27
|
-
|
28
|
-
def method_missing(name, *args, &block)
|
29
|
-
# puts "* instance method missing (#{name})"
|
30
|
-
if @settings.has_key? name.to_sym
|
31
|
-
return @settings[name.to_sym]
|
32
|
-
else
|
33
|
-
super
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
|
38
|
-
def has_login?
|
39
|
-
# puts @settings.to_yaml
|
40
|
-
return false if @settings[:auth_type] == AUTH_TYPE_NONE
|
41
|
-
return true
|
42
|
-
end
|
43
|
-
|
44
|
-
def initialize(prefs)
|
45
|
-
@login = nil
|
46
|
-
raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :host
|
47
|
-
raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :port
|
48
|
-
raise ArgumentError, "Proxy needs host, port and name" unless prefs.has_key? :name
|
49
|
-
|
50
|
-
@settings = {
|
51
|
-
:auth_type => AUTH_TYPE_NONE,
|
52
|
-
:username => '',
|
53
|
-
:password => '',
|
54
|
-
:domain => '',
|
55
|
-
:workstation => ''}
|
56
|
-
|
57
|
-
@settings.update prefs
|
58
|
-
|
59
|
-
end
|
60
|
-
end
|
23
|
+
|
61
24
|
|
62
25
|
class Session
|
63
26
|
|
@@ -136,8 +99,12 @@ include Watobo::Constants
|
|
136
99
|
begin
|
137
100
|
@lasterror = nil
|
138
101
|
response_header = nil
|
102
|
+
|
103
|
+
|
104
|
+
|
139
105
|
site = request.site
|
140
|
-
|
106
|
+
# proxy = getProxy(site)
|
107
|
+
proxy = Watobo::ForwardingProxy.get(site)
|
141
108
|
|
142
109
|
unless proxy.nil?
|
143
110
|
host = proxy.host
|
@@ -183,7 +150,7 @@ include Watobo::Constants
|
|
183
150
|
puts bang
|
184
151
|
puts bang.backtrace if $DEBUG
|
185
152
|
end
|
186
|
-
|
153
|
+
|
187
154
|
begin
|
188
155
|
unless proxy.nil?
|
189
156
|
# connection requires proxy
|
@@ -192,21 +159,22 @@ include Watobo::Constants
|
|
192
159
|
# check for regular proxy authentication
|
193
160
|
if request.is_ssl?
|
194
161
|
socket, response_header = sslProxyConnect(request, proxy, current_prefs)
|
195
|
-
return socket, response_header, error_response("Could
|
162
|
+
return socket, response_header, error_response("Could Not Connect To Proxy: #{proxy.name} (#{proxy.host}:#{proxy.port})\n", "#{response_header}") if socket.nil?
|
196
163
|
|
197
164
|
if current_prefs[:www_auth].has_key?(site)
|
198
165
|
case current_prefs[:www_auth][site][:type]
|
199
|
-
|
166
|
+
when AUTH_TYPE_NTLM
|
200
167
|
# puts "* found NTLM credentials for site #{site}"
|
201
|
-
|
168
|
+
socket, response_header = wwwAuthNTLM(socket, request, current_prefs[:www_auth][site])
|
202
169
|
|
203
|
-
|
204
|
-
|
170
|
+
response_header.extend Watobo::Mixin::Parser::Url
|
171
|
+
response_header.extend Watobo::Mixin::Parser::Web10
|
205
172
|
|
206
|
-
|
207
|
-
|
208
|
-
|
173
|
+
else
|
174
|
+
puts "* Unknown Authentication Type: #{current_prefs[:www_auth][site][:type]}"
|
175
|
+
end
|
209
176
|
else
|
177
|
+
|
210
178
|
data = request.join + "\r\n"
|
211
179
|
unless socket.nil?
|
212
180
|
socket.print data
|
@@ -218,7 +186,7 @@ include Watobo::Constants
|
|
218
186
|
# puts "* doProxyRequest"
|
219
187
|
socket, response_header = doProxyRequest(request, proxy, current_prefs)
|
220
188
|
# puts socket.class
|
221
|
-
#
|
189
|
+
return socket, response_header, error_response("Could Not Connect To Proxy: #{proxy.name} (#{proxy.host}:#{proxy.port})\n", "#{response_header}") if socket.nil?
|
222
190
|
|
223
191
|
return socket, request, response_header
|
224
192
|
else
|
@@ -249,9 +217,10 @@ include Watobo::Constants
|
|
249
217
|
uri_cache = request.removeURI #if proxy.nil?
|
250
218
|
|
251
219
|
# puts "========== Add Headers"
|
252
|
-
|
253
|
-
request.addHeader("Proxy-Connection", "Close")
|
254
|
-
|
220
|
+
# request.addHeader("Connection", "Close") #if not use_proxy
|
221
|
+
request.addHeader("Proxy-Connection", "Close") unless proxy.nil?
|
222
|
+
# request.addHeader("Accept-Encoding", "gzip;q=0;identity; q=0.5, *;q=0") #don't want encoding
|
223
|
+
|
255
224
|
|
256
225
|
if current_prefs[:www_auth].has_key?(site)
|
257
226
|
case current_prefs[:www_auth][site][:type]
|
@@ -267,10 +236,16 @@ include Watobo::Constants
|
|
267
236
|
end
|
268
237
|
else
|
269
238
|
|
270
|
-
data = request.join
|
271
|
-
|
272
|
-
|
239
|
+
data = request.join
|
240
|
+
data << "\r\n" unless request.has_body?
|
241
|
+
|
242
|
+
unless socket.nil?
|
273
243
|
socket.print data
|
244
|
+
# if socket.is_a? OpenSSL::SSL::SSLSocket
|
245
|
+
# socket.io.shutdown(0)
|
246
|
+
# else
|
247
|
+
# socket.shutdown(0)
|
248
|
+
# end
|
274
249
|
response_header = readHTTPHeader(socket, current_prefs)
|
275
250
|
end
|
276
251
|
# RESTORE URI FOR HISTORY/LOG
|
@@ -282,6 +257,7 @@ include Watobo::Constants
|
|
282
257
|
|
283
258
|
rescue Errno::ECONNREFUSED
|
284
259
|
response = error_response "connection refused (#{host}:#{port})"
|
260
|
+
puts response
|
285
261
|
socket = nil
|
286
262
|
rescue Errno::ECONNRESET
|
287
263
|
response = error_response "connection reset (#{host}:#{port})"
|
@@ -311,7 +287,7 @@ include Watobo::Constants
|
|
311
287
|
puts bang
|
312
288
|
puts bang.backtrace if $DEBUG
|
313
289
|
end
|
314
|
-
|
290
|
+
puts response
|
315
291
|
return socket, request, response
|
316
292
|
end
|
317
293
|
|
@@ -520,7 +496,7 @@ end
|
|
520
496
|
def readHTTPBody(socket, response, request, prefs={})
|
521
497
|
clen = response.content_length
|
522
498
|
data = ""
|
523
|
-
|
499
|
+
|
524
500
|
begin
|
525
501
|
if response.is_chunked?
|
526
502
|
Watobo::HTTP.readChunkedBody(socket) { |c|
|
@@ -532,28 +508,30 @@ end
|
|
532
508
|
data += c
|
533
509
|
break if data.length == clen
|
534
510
|
}
|
535
|
-
|
511
|
+
elsif clen < 0
|
536
512
|
# puts "* no content-length information ... mmmmmpf"
|
537
|
-
|
513
|
+
# eofcount = 0
|
538
514
|
Watobo::HTTP.read_body(socket) do |c|
|
539
515
|
data += c
|
540
516
|
end
|
541
517
|
|
542
518
|
end
|
519
|
+
|
520
|
+
response.push data unless data.empty?
|
521
|
+
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
522
|
+
notify(:logout, self) if loggedOut?(response)
|
523
|
+
end
|
524
|
+
|
525
|
+
update_sids(request.host, response) if prefs[:update_sids] == true
|
526
|
+
return true
|
527
|
+
|
543
528
|
rescue => e
|
544
529
|
puts "! Could not read response"
|
545
530
|
puts e
|
546
531
|
# puts e.backtrace
|
547
532
|
end
|
548
|
-
# end
|
549
|
-
|
550
|
-
response.push data
|
551
|
-
unless prefs[:ignore_logout]==true or @session[:logout_signatures].empty?
|
552
|
-
notify(:logout, self) if loggedOut?(response)
|
553
|
-
end
|
554
|
-
|
555
|
-
update_sids(request.host, response) if prefs[:update_sids] == true
|
556
533
|
|
534
|
+
return false
|
557
535
|
end
|
558
536
|
|
559
537
|
private
|
@@ -1087,12 +1065,14 @@ end
|
|
1087
1065
|
def error_response(msg, comment=nil)
|
1088
1066
|
er = []
|
1089
1067
|
er << "HTTP/1.1 504 Gateway Timeout\r\n"
|
1090
|
-
er << "WATOBO: #{msg}\r\n"
|
1068
|
+
er << "WATOBO: #{msg.gsub(/\r?\n/," ").strip}\r\n"
|
1091
1069
|
er << "Content-Length: 0\r\n"
|
1092
1070
|
er << "Connection: close\r\n"
|
1093
1071
|
er << "\r\n"
|
1094
|
-
|
1095
|
-
|
1072
|
+
unless comment.nil?
|
1073
|
+
body = "<H1>#{msg}</H1></br><H2>#{comment.gsub(/\r?\n/,"</br>")}</H2>"
|
1074
|
+
er << body
|
1075
|
+
end
|
1096
1076
|
er.extend Watobo::Mixin::Parser::Url
|
1097
1077
|
er.extend Watobo::Mixin::Parser::Web10
|
1098
1078
|
er.extend Watobo::Mixin::Shaper::Web10
|
@@ -1101,10 +1081,19 @@ end
|
|
1101
1081
|
end
|
1102
1082
|
|
1103
1083
|
def readHTTPHeader(socket, prefs={})
|
1084
|
+
|
1104
1085
|
header = []
|
1105
1086
|
msg = nil
|
1106
1087
|
begin
|
1088
|
+
# signal finished sending before reading
|
1089
|
+
if socket.is_a? OpenSSL::SSL::SSLSocket
|
1090
|
+
# socket.io.close_write
|
1091
|
+
else
|
1092
|
+
socket.close_write
|
1093
|
+
end
|
1094
|
+
|
1107
1095
|
Watobo::HTTP.read_header(socket) do |line|
|
1096
|
+
#puts line
|
1108
1097
|
# puts line.unpack("H*")
|
1109
1098
|
header.push line
|
1110
1099
|
end
|
@@ -1210,15 +1199,17 @@ end
|
|
1210
1199
|
#puts socket.class
|
1211
1200
|
#if socket.class.to_s =~ /SSLSocket/
|
1212
1201
|
if socket.is_a? OpenSSL::SSL::SSLSocket
|
1213
|
-
|
1202
|
+
# socket.io.shutdown(2)
|
1203
|
+
socket.sysclose
|
1214
1204
|
else
|
1215
1205
|
socket.shutdown(2)
|
1216
1206
|
end
|
1217
|
-
socket.close
|
1207
|
+
socket.close if socket.respond_to? :close
|
1218
1208
|
rescue => bang
|
1219
1209
|
puts bang
|
1220
|
-
puts bang.backtrace if $DEBUG
|
1210
|
+
puts bang.backtrace if $DEBUG
|
1221
1211
|
end
|
1212
|
+
|
1222
1213
|
end
|
1223
1214
|
|
1224
1215
|
def updateSessionSettings(settings={})
|
@@ -1245,7 +1236,8 @@ end
|
|
1245
1236
|
def updateSession(request)
|
1246
1237
|
@@session_lock.synchronize do
|
1247
1238
|
if @session[:valid_sids].has_key?(request.host)
|
1248
|
-
|
1239
|
+
valid_sids = @session[:valid_sids][request.host]
|
1240
|
+
puts "* found sid for site: #{request.site}" if $DEBUG
|
1249
1241
|
request.map!{ |line|
|
1250
1242
|
res = line
|
1251
1243
|
@session[:sid_patterns].each do |pat|
|
@@ -1255,12 +1247,13 @@ end
|
|
1255
1247
|
sid_key = Regexp.quote($1.upcase)
|
1256
1248
|
old_value = $2
|
1257
1249
|
|
1258
|
-
if
|
1250
|
+
if valid_sids.has_key?(sid_key) then
|
1259
1251
|
if not old_value =~ /#{@session[:valid_sids][request.host][sid_key]}/ then # sid value has changed and needs update
|
1260
1252
|
Watobo.print_debug("update session", "#{old_value} - #{@session[:valid_sids][request.host][sid_key]}") if $DEBUG
|
1261
1253
|
|
1262
|
-
|
1263
|
-
|
1254
|
+
unless old_value.empty?
|
1255
|
+
res = line.gsub!(/#{Regexp.quote(old_value)}/, valid_sids[sid_key])
|
1256
|
+
end
|
1264
1257
|
if not res then puts "!!!could not update sid (#{sid_key})"; end
|
1265
1258
|
|
1266
1259
|
end
|
data/lib/watobo/core.rb
CHANGED
@@ -29,6 +29,6 @@
|
|
29
29
|
|
30
30
|
end
|
31
31
|
=end
|
32
|
-
%w( project scanner session fuzz_gen http_socket interceptor passive_check active_check
|
32
|
+
%w( project scanner proxy session fuzz_gen http_socket interceptor passive_check active_check cookie request response intercept_filter intercept_carver forwarding_proxy cert_store netfilter_queue ).each do |lib|
|
33
33
|
require File.join( "watobo", "core", lib)
|
34
34
|
end
|
@@ -20,29 +20,44 @@
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
22
|
module Watobo
|
23
|
+
@project_name = ''
|
24
|
+
@session_name = ''
|
25
|
+
@project = nil
|
26
|
+
|
27
|
+
def self.project_name
|
28
|
+
@project_name
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.session_name
|
32
|
+
@session_name
|
33
|
+
end
|
34
|
+
|
23
35
|
def self.project
|
24
36
|
@project
|
25
37
|
end
|
38
|
+
|
26
39
|
# create_project is a wrapper function to create a new project
|
27
40
|
# you can either create a project by giving a URL (:url),
|
28
41
|
# or by giving a :project_name AND a :session_name
|
29
42
|
def self.create_project(prefs={})
|
30
43
|
project_settings = Hash.new
|
31
|
-
|
44
|
+
# project_settings.update @settings
|
32
45
|
|
33
46
|
if prefs.has_key? :url
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
47
|
+
#TODO: create project_settings from url
|
48
|
+
else
|
49
|
+
project_settings[:project_name] = prefs[:project_name]
|
50
|
+
project_settings[:session_name] = prefs[:session_name]
|
38
51
|
end
|
39
52
|
|
40
|
-
ds = Watobo::DataStore.
|
41
|
-
|
53
|
+
ds = Watobo::DataStore.acquire(project_settings[:project_name], project_settings[:session_name])
|
54
|
+
@project_name = project_settings[:project_name]
|
55
|
+
@session_name = project_settings[:session_name]
|
56
|
+
|
42
57
|
# updating settings
|
43
58
|
Watobo::Conf.load_project_settings(ds)
|
44
59
|
Watobo::Conf.load_session_settings(ds)
|
45
|
-
|
60
|
+
|
46
61
|
project_settings[:session_store] = ds
|
47
62
|
|
48
63
|
puts "= initialize passive checks ="
|
@@ -59,7 +74,7 @@ module Watobo
|
|
59
74
|
project = Project.new(project_settings)
|
60
75
|
#@running_projects << project
|
61
76
|
@project = project
|
62
|
-
|
77
|
+
|
63
78
|
end
|
64
|
-
|
79
|
+
|
65
80
|
end
|
@@ -25,6 +25,8 @@ module Watobo
|
|
25
25
|
@passive_checks = []
|
26
26
|
@running_projects = []
|
27
27
|
|
28
|
+
@tmp_dir
|
29
|
+
|
28
30
|
def self.running_projects
|
29
31
|
@running_projects
|
30
32
|
end
|
@@ -49,6 +51,10 @@ module Watobo
|
|
49
51
|
init_passive_modules
|
50
52
|
end
|
51
53
|
|
54
|
+
def self.temp_directory
|
55
|
+
@tmp_dir
|
56
|
+
end
|
57
|
+
|
52
58
|
def self.working_directory
|
53
59
|
# puts "Method Obsolet! use Watobo::Conf::General.working_directory instead."
|
54
60
|
Watobo::Conf::General.working_directory
|
@@ -143,6 +149,13 @@ module Watobo
|
|
143
149
|
Dir.mkdir(cfg_dir)
|
144
150
|
print "OK\n"
|
145
151
|
end
|
152
|
+
|
153
|
+
@tmp_dir = File.join(Conf::General.working_directory, "tmp")
|
154
|
+
unless File.exist? @tmp_dir
|
155
|
+
puts "* create temp directory '#{@tmp_dir}' ..."
|
156
|
+
Dir.mkdir(@tmp_dir)
|
157
|
+
print "OK\n"
|
158
|
+
end
|
146
159
|
end
|
147
160
|
end
|
148
161
|
end
|
@@ -201,6 +201,7 @@ module Watobo
|
|
201
201
|
url = request.url
|
202
202
|
url += request.query != '' ? '&' : '?'
|
203
203
|
url += "WATOBOPreview=#{hashid}"
|
204
|
+
puts "PreviewURL: #{url}"
|
204
205
|
@browser.navigate(url) if hashid
|
205
206
|
return url
|
206
207
|
else
|
@@ -232,7 +233,7 @@ module Watobo
|
|
232
233
|
|
233
234
|
def watoboProxy?
|
234
235
|
|
235
|
-
|
236
|
+
acquireBrowser()
|
236
237
|
|
237
238
|
begin
|
238
239
|
#@browser.visible = false
|
@@ -253,7 +254,7 @@ module Watobo
|
|
253
254
|
puts "!!! Could not connect to proxy."
|
254
255
|
puts bang
|
255
256
|
puts bang.backtrace if $DEBUG
|
256
|
-
|
257
|
+
acquireBrowser(true)
|
257
258
|
retry
|
258
259
|
end
|
259
260
|
# @browser.close
|
@@ -262,7 +263,7 @@ module Watobo
|
|
262
263
|
|
263
264
|
end
|
264
265
|
|
265
|
-
def
|
266
|
+
def acquireBrowser( force = false )
|
266
267
|
if @browser.nil? or force == true then
|
267
268
|
# TODO: initialize a global GUI function on startup to check if necessary gems are installed
|
268
269
|
case RUBY_PLATFORM
|
@@ -283,7 +284,7 @@ module Watobo
|
|
283
284
|
end
|
284
285
|
|
285
286
|
else # cygwin|java
|
286
|
-
puts "!!! Could not
|
287
|
+
puts "!!! Could not acquire browser control for preview (unsupported OS) !!!"
|
287
288
|
end
|
288
289
|
elsif not @browser.ready?
|
289
290
|
puts
|
@@ -27,7 +27,8 @@ module Watobo
|
|
27
27
|
|
28
28
|
attr :client_certificates
|
29
29
|
def savePasswords?()
|
30
|
-
|
30
|
+
return false
|
31
|
+
#@save_pws_cbt.checked?
|
31
32
|
end
|
32
33
|
|
33
34
|
include Responder
|
@@ -87,21 +88,25 @@ module Watobo
|
|
87
88
|
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
88
89
|
FXButton.new(matrix, "Select").connect(SEL_COMMAND){ select_key_file }
|
89
90
|
|
90
|
-
|
91
|
+
# matrix = FXMatrix.new(main_frame, 2, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
91
92
|
FXLabel.new(matrix, "Password:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
92
93
|
@password_txt = FXTextField.new(matrix, 25,
|
93
94
|
:target => @password_dt, :selector => FXDataTarget::ID_VALUE,
|
94
95
|
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
96
|
+
|
97
|
+
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
95
98
|
|
96
99
|
FXLabel.new(matrix, "Retype:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
97
100
|
@retype_txt = FXTextField.new(matrix, 25,
|
98
101
|
:target => @retype_dt, :selector => FXDataTarget::ID_VALUE,
|
99
102
|
:opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
103
|
+
|
104
|
+
FXButton.new(matrix, "", :opts=>FRAME_NONE).disable
|
100
105
|
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
106
|
+
# @save_pws_cbt = FXCheckButton.new(matrix, "save passwords")
|
107
|
+
# @save_pws_cbt.checkState = false
|
108
|
+
# @save_pws_cbt.checkState = true if @password_policy[:save_passwords] == true
|
109
|
+
# note_label = FXLabel.new(matrix, "This setting affects all passwords!!!")
|
105
110
|
|
106
111
|
buttons = FXHorizontalFrame.new(main_frame, :opts => LAYOUT_SIDE_BOTTOM|LAYOUT_FILL_X|PACK_UNIFORM_WIDTH,
|
107
112
|
:padLeft => 40, :padRight => 40, :padTop => 20, :padBottom => 20)
|
@@ -121,7 +121,7 @@ module Watobo
|
|
121
121
|
|
122
122
|
return true if @filter[:request] and chat.request.join =~ /#{@filter[:text]}/i
|
123
123
|
|
124
|
-
if chat.response.content_type =~ /(text|javascript)/
|
124
|
+
if chat.response.content_type =~ /(text|javascript|xml)/
|
125
125
|
return true if @filter[:response] and chat.response.join.unpack("C*").pack("C*") =~ /#{@filter[:text]}/i
|
126
126
|
end
|
127
127
|
|
@@ -330,11 +330,14 @@ module Watobo
|
|
330
330
|
rup = chat.request.urlparms
|
331
331
|
unless rup.nil?
|
332
332
|
ps << rup
|
333
|
-
end
|
333
|
+
end
|
334
|
+
|
335
|
+
post_parms_string = ''
|
336
|
+
post_parms_string << chat.request.post_parms.join("&")
|
334
337
|
|
335
|
-
if chat.request.method =~ /POST/ then
|
338
|
+
if chat.request.method =~ /POST/ and !post_parms_string.empty? then
|
336
339
|
ps << "&&" unless ps.empty?
|
337
|
-
ps <<
|
340
|
+
ps << post_parms_string
|
338
341
|
end
|
339
342
|
|
340
343
|
|