Module: HTTP_FINGERPRINT

Defined in:
lib/audit/lib/http_fingerprint.rb

Overview

Contains code to take responses to revealing HTTP requests. This code needs Ruby 1.9 for the timeout module.

Constant Summary collapse

HTTP_REQUEST_TIMEOUT =

HTTP request timeout in seconds

10

Class Method Summary collapse

Class Method Details

.fingerprint(host, port = 80, useragent = "(KHTML, like Gecko) " + "Ubuntu/10.04 Chromium/8.0.552.224 Chrome/8.0.552.224" + " Safari/534.10") ⇒ Object 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/audit/lib/http_fingerprint.rb', line 60

def self.fingerprint(host, port = 80, useragent = "(KHTML, like Gecko) " + 
             "Ubuntu/10.04 Chromium/8.0.552.224 Chrome/8.0.552.224" + 
               " Safari/534.10")
	header_lines = ["User-Agent: " + useragent  + "\r\n",
               "Host: " + host + "\r\n",
                 "Connection: Close\r\n",
                 "Cache-Control: no-cache\r\n",
                 "\r\n"]
	http_fingerprints= {
			:scan_targethost => host,
			:scan_targetport => port,
			:scan_targetsecure => 0,
			:scan_timestamp => Time.now}
#				[
#			"<scan_targethost>\n",
#			host + "\n",
#			"</scan_targethost>\n",
#			"<scan_targetport>\n",
#			port.to_s + "\n",
#			"</scan_targetport>\n",
#			"<scan_targetsecure>\n",
#			"0\n",
#			"</scan_targetsecure>\n",
#			"<scan_date>\n",
#			Time.now.strftime("%d.%m.%Y") + "\n",
#			"</scan_date>\n",
#			"<scan_time>\n",
#			Time.now.strftime("%H:%M:%S") + "\n",
#			"</scan_time>\n"]
	
	@http_methods.each do|method|
		http_fingerprints[method[1]] = []
#			http_fingerprints << ("<" + method[1] + ">\n")
		begin
			timeout(HTTP_REQUEST_TIMEOUT) do
				socket = TCPSocket.new(host, port)
				socket.puts method[0]
				header_lines.each do|hdr_line|
					socket.puts hdr_line
				end

				received = socket.readlines
				for i in 0 .. received.length
					if received[i] == "\r\n" || received[i] == "\n" then
						break
					end
					http_fingerprints[method[1]] << received[i]
				end
			end
		rescue Timeout::Error
			http_fingerprints[method[1]] = :TIMEOUT
		end
#			http_fingerprints << ("</" + method[1] + ">\n")
	end
	return http_fingerprints
end

.fingerprint_to_xml(fingerprint) ⇒ Object 



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/audit/lib/http_fingerprint.rb', line 33

def self.fingerprint_to_xml(fingerprint)
	xml = [
		"<scan_targethost>\n",
		fingerprint[:scan_targethost] + "\n",
		"</scan_targethost>\n",
		"<scan_targetport>\n",
		fingerprint[:scan_targetport].to_s + "\n",
		"</scan_targetport>\n",
		"<scan_targetsecure>\n",
		fingerprint[:scan_targetsecure].to_s + "\n",
		"</scan_targetsecure>\n",
		"<scan_date>\n",
		fingerprint[:scan_timestamp].strftime("%d.%m.%Y") + "\n",
		"</scan_date>\n",
		"<scan_time>\n",
		fingerprint[:scan_timestamp].strftime("%H:%M:%S") + "\n",
		"</scan_time>\n"]
	@http_methods.each do|method|
		xml << ("<" + method[1].to_s + ">\n")
		fingerprint[method[1]].each {|l| xml << l}
		xml << ("</" + method[1].to_s + ">\n")
	end
	
	return xml.join
end

.repeat_character(x, y) ⇒ Object 



12
13
14
15
16
17
18
 
# File 'lib/audit/lib/http_fingerprint.rb', line 12

def self.repeat_character(x, y)
	if y == 0 then
		return ""
	else
		return x + repeat_character(x, y - 1)
	end
end