Class: Watobo::Interceptor::Proxy

Inherits:
Object
  • Object
show all
Defined in:
lib/watobo/interceptor/proxy.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(settings = nil) ⇒ Proxy

Returns a new instance of Proxy.


355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/watobo/interceptor/proxy.rb', line 355

def initialize(settings=nil)
  @event_dispatcher_listeners = Hash.new
  begin

    puts
    puts "=== Initialize Interceptor/Proxy ==="
    #   @project = project
    #   @settings = settings
    # @port = @settings[:intercept_port]
    #   puts settings.to_yaml

    #  @proxy_mode = Watobo::Interceptor.proxy_mode

    #Watobo::Interceptor.proxy_mode = INTERCEPT_NONE

    init_instance_vars

    @awaiting_requests = 0
    @awaiting_responses = 0

    @request_filter_settings = {
    :site_in_scope => false,
    :method_filter => '(get|post|put)',
    :negate_method_filter => false,
    :negate_url_filter => false,
    :url_filter => '',
    :file_type_filter => '(jpg|gif|png|jpeg|bmp)',
    :negate_file_type_filter => true,

    :parms_filter => '',
    :negate_parms_filter => false
    #:regex_location => 0, # TODO: HEADER_LOCATION, BODY_LOCATION, ALL

  }

    @response_filter_settings = {
    :content_type_filter => '(text|script)',
    :negate_content_type_filter => false,
    :response_code_filter => '2\d{2}',
    :negate_response_code_filter => false,
    :request_intercepted => false,
    :content_printable => true,
    :enable_printable_check => false
  }

    @preview = Hash.new
    @preview['ProxyTest'] = ["HTTP/1.0 200 OK\r\nServer: Watobo-Interceptor\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<html><body>PROXY_OK</body></html>"]

    # p @settings[:certificate_path]
    # p @settings[:cert_file]
    # p @settings[:key_file]
    # crt_path = Watobo::Conf::Interceptor.certificate_path
    # crt_file = Watobo::Conf::Interceptor.cert_file
    # key_file = Watobo::Conf::Interceptor.key_file
    # dh_key_file = Watobo::Conf::Interceptor.dh_key_file

    # crt_filename = File.join(Watobo.base_directory, crt_path, crt_file)
    # key_filename = File.join(Watobo.base_directory, crt_path, key_file)

    #  @ctx = OpenSSL::SSL::SSLContext.new('SSLv23_server')
    # @cert = OpenSSL::X509::Certificate.new(File.read(crt_filename))
    # @key = OpenSSL::PKey::RSA.new(File.read(key_filename))

    #@dh_key = OpenSSL::PKey::DH.new(File.read(dh_filename))
    @dh_key = Watobo::CA.dh_key
    #  @ctx.ciphers = nil # ['TLSv1/SSLv3', 56, 56 ]

  rescue => bang
    puts "!!!could not read certificate files:"
    puts bang
    puts bang.backtrace if $DEBUG
  end

end

Instance Attribute Details

#client_certificatesObject

Returns the value of attribute client_certificates


38
39
40
# File 'lib/watobo/interceptor/proxy.rb', line 38

def client_certificates
  @client_certificates
end

#contentLengthObject

Returns the value of attribute contentLength


34
35
36
# File 'lib/watobo/interceptor/proxy.rb', line 34

def contentLength
  @contentLength
end

#contentTypesObject

Returns the value of attribute contentTypes


35
36
37
# File 'lib/watobo/interceptor/proxy.rb', line 35

def contentTypes
  @contentTypes
end

#portObject (readonly)

Returns the value of attribute port


30
31
32
# File 'lib/watobo/interceptor/proxy.rb', line 30

def port
  @port
end

#proxy_modeObject

Returns the value of attribute proxy_mode


32
33
34
# File 'lib/watobo/interceptor/proxy.rb', line 32

def proxy_mode
  @proxy_mode
end

#targetObject

Returns the value of attribute target


36
37
38
# File 'lib/watobo/interceptor/proxy.rb', line 36

def target
  @target
end

#www_authObject (readonly)

Returns the value of attribute www_auth


37
38
39
# File 'lib/watobo/interceptor/proxy.rb', line 37

def www_auth
  @www_auth
end

Class Method Details

.start(settings = {}) ⇒ Object

R U N


107
108
109
110
111
# File 'lib/watobo/interceptor/proxy.rb', line 107

def self.start(settings = {})
  proxy = Proxy.new(settings)
  proxy.start
  proxy
end

.transparent?Boolean

Returns:

  • (Boolean)

40
41
42
43
# File 'lib/watobo/interceptor/proxy.rb', line 40

def self.transparent?
  return true if ( Watobo::Conf::Interceptor.proxy_mode & Watobo::Interceptor::MODE_TRANSPARENT ) > 0
  return false
end

Instance Method Details

#addPreview(response) ⇒ Object


83
84
85
86
87
# File 'lib/watobo/interceptor/proxy.rb', line 83

def addPreview(response)
  preview_id = Digest::MD5.hexdigest(response.join)
  @preview[preview_id] = response
  return preview_id
end

#clear_request_carversObject


74
75
76
77
# File 'lib/watobo/interceptor/proxy.rb', line 74

def clear_request_carvers
  @request_carvers.clear unless @request_carvers.nil?

end

#clear_response_carversObject


79
80
81
# File 'lib/watobo/interceptor/proxy.rb', line 79

def clear_response_carvers
  @response_carvers.clear unless @response_carvers.nil?
end

#clearEvents(event) ⇒ Object


53
54
55
# File 'lib/watobo/interceptor/proxy.rb', line 53

def clearEvents(event)
  @event_dispatcher_listener[event].clear
end

#getRequestFilterObject


61
62
63
# File 'lib/watobo/interceptor/proxy.rb', line 61

def getRequestFilter()
  YAML.load(YAML.dump(@request_filter_settings))
end

#getResponseFilterObject


57
58
59
# File 'lib/watobo/interceptor/proxy.rb', line 57

def getResponseFilter()
  YAML.load(YAML.dump(@response_filter_settings))
end

#refresh_www_authObject


351
352
353
# File 'lib/watobo/interceptor/proxy.rb', line 351

def refresh_www_auth
  @www_auth = Watobo::Conf::Scanner.www_auth
end

#serverObject


45
46
47
# File 'lib/watobo/interceptor/proxy.rb', line 45

def server
  @bind_addr
end

#setRequestFilter(new_settings) ⇒ Object


69
70
71
72
# File 'lib/watobo/interceptor/proxy.rb', line 69

def setRequestFilter(new_settings)
  @request_filter_settings.update new_settings unless new_settings.nil?
# puts @request_filter_settings.to_yaml
end

#setResponseFilter(new_settings) ⇒ Object


65
66
67
# File 'lib/watobo/interceptor/proxy.rb', line 65

def setResponseFilter(new_settings)
  @response_filter_settings.update new_settings unless new_settings.nil?
end

#startObject


113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
# File 'lib/watobo/interceptor/proxy.rb', line 113

def start()

  if transparent?
    Watobo::Interceptor::Transparent.start
  end

  begin
    @intercept_srv = TCPServer.new(@bind_addr, @port)
    @intercept_srv.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1 )

  rescue => bang
    puts "\n!!!Could not start InterceptProxy"
    puts bang
    return nil
  end
  puts "\n* Intercepor started on #{@bind_addr}:#{@port}"
  session_list = []
  puts "!!! TRANSPARENT MODE ENABLED !!!" if transparent?

  @t_server = Thread.new(@intercept_srv) { |server|
  while (new_session = server.accept)
    #  new_session.sync = true
    Thread.new(new_session) { |session|

      c_sock = Watobo::HTTPSocket::ClientSocket.connect(session)
      Thread.exit if c_sock.nil?
      loop do
      flags = []
      begin

        request = c_sock.request

        if request.nil? or request.empty? then
          c_sock.close
          Thread.exit
        end
        puts "*[I] #{request.url}"

      rescue => bang
        puts "!!! Error reading client request "
        puts bang
        puts bang.backtrace
        puts request.class
       # puts request
       closeSocket(c_sock)
       Thread.exit
      #break
      end

      # check if preview is requested
      if request.host =='watobo.localhost' or request.first =~ /WATOBOPreview/ then
        if request.first =~ /WATOBOPreview=([0-9a-zA-Z]*)/ then

          puts "* preview requested ..."
          puts request.url

          hashid = $1
          response = @preview[hashid]

          if response then
            c_sock.write response.join
            closeSocket(c_sock)
          end
        end
      #next
      Thread.current.exit
      end

      request_intercepted = false
      # no preview, check if interception request is turned on
      if Watobo::Interceptor.rewrite_requests? then
        Interceptor::RequestCarver.shape(request, flags)
        puts "FLAGS >>"
        puts flags
      end

      if @target and Watobo::Interceptor.intercept_requests? then
        if matchRequestFilter(request)
          @awaiting_requests += 1
          request_intercepted = true

          if @target.respond_to? :addRequest
            #  puts "*INTERCEPT REQUEST"
            #  puts @target
            #notify(:modify_request, request, Thread.current)
            Watobo.print_debug "send request to target"
            @target.addRequest(request, Thread.current)
            puts "* stopping thread: #{Thread.current} ..."
            Thread.stop
            puts "* released thread: #{Thread.current}"
          else
            p "! no target for editing request"
          end
        @awaiting_requests -= 1
        end
      end
      # req, resp = @sender.sendRequest(request, :update_sids => false, :update_session => false, :update_contentlength => true)

      #p "getHTTPHeader"
      #s_sock, req, resp = @sender.getHTTPHeader(request, :update_sids => true, :update_session => false, :update_contentlength => true)
      begin

      s_sock, req, resp = @sender.sendHTTPRequest(request, :update_sids => true, :update_session => false, :update_contentlength => true, :www_auth => @www_auth, :client_certificates => @client_certificates)
      if s_sock.nil? then
        puts request if $DEBUG
        c_sock.write resp.join unless resp.nil?
        c_sock.close
      #Thread.kill Thread.current
      Thread.exit
      next
      end

      rescue => bang
        puts bang
        puts bang.backtrace if $DEBUG
        c_sock.close
        #Thread.kill Thread.current
        Thread.exit
      end

      # check if response should be passed throug
      #Thread.current.exit if isPassThrough?(req, resp, s_sock, c_sock)
      #p "no pass-through"

      begin
      # puts "* got response status: #{resp.status}"
        missing_credentials = false
        rs = resp.status
        if rs =~ /^(401|407)/ then
          missing_credentials = true

          auth_type = AUTH_TYPE_NONE
          resp.each do |rl|
            if rl =~ /^(Proxy|WWW)-Authenticate: Basic/i
              auth_type = AUTH_TYPE_BASIC
            break
            elsif rl =~ /^(Proxy|WWW)-Authenticate: NTLM/i
              auth_type = AUTH_TYPE_NTLM
            break
            end
          end
          # when auth type not basic assume it's ntlm -> ntlm credentials must be set in watobo
          unless auth_type == AUTH_TYPE_NONE
            if auth_type == AUTH_TYPE_NTLM
              if rs =~ /^401/ then
                resp.push "WATOBO: Server requires (NTLM) authorization, please set WWW_Auth Credentials!"
                resp.shift
                resp.unshift "HTTP/1.1 200 OK\r\n"
              else
                resp.push "WATOBO: Proxy requires (NTLM) authorization, please set Proxy Credentials!"
                resp.shift
                resp.unshift "HTTP/1.1 200 OK\r\n"
              end
            end
          else

            resp.push "WATOBO: Unknown authorization type.<br><br>\r\n" + resp.join("<br>\r\n")
            resp.shift
            resp.unshift "HTTP/1.1 200 OK\r\n"
          resp.fix_content_length

          end
        else
          # don't try to read body if request method is HEAD
          unless req.method =~ /^head/i
          @sender.readHTTPBody(s_sock, resp, req, :update_sids => true)
           end
        end
      rescue => bang
        puts "!!! could not send request !!!"
        puts bang
        puts bang.backtrace if $DEBUG
      #  puts "* Error sending request"
      end

      begin
        # Watobo::Response.create resp
        resp = Watobo::Response.new resp
       # puts "* unchunk response ..."
        resp.unchunk
        # puts "* unzip response ..."
        resp.unzip

        if Watobo::Interceptor.rewrite_responses? then
           Interceptor::ResponseCarver.shape(resp, flags)
        end

        if @target and Watobo::Interceptor.intercept_responses? then
          if matchResponseFilter(resp)
            #  if resp.content_type =~ /text/ or resp.content_type =~ /application\/javascript/ then
            if @target.respond_to? :modifyResponse
              @target.modifyResponse(resp, Thread.current)
              Thread.stop
            else
              p "! no target for editing response"
            end
          end
        end

       # puts ">> SEND TO CLIENT"
       if missing_credentials
         resp.set_header("Connection", "close")
          c_sock.write resp.join
          c_sock.close
       else
        c_sock.write resp.join
        end
       # puts resp.join
       # puts "-----"
       # closeSocket(c_sock)

      rescue Errno::ECONNRESET
        print "x"
        #  puts "!!! ERROR (Reset): reading body"
        #  puts "* last data seen on socket: #{buf}"
        #return
      rescue Errno::ECONNABORTED
        print "x"
        #return
      rescue => bang
        puts "!!! Error (???) in Client Communication:"
        puts bang
        puts bang.class
        puts bang.backtrace #if $DEBUG
      #return
      end

      chat = Chat.new(request.copy, resp.copy, :source => CHAT_SOURCE_INTERCEPT)
     # notify(:new_interception, chat)
     Watobo::Chats.add chat
     Thread.current.exit if missing_credentials
end
    }

  end
}
end

#stopObject


89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/watobo/interceptor/proxy.rb', line 89

def stop()
  begin
    puts "[#{self.class}] stop"
    if @t_server.respond_to? :status
      puts @t_server.status
    Thread.kill @t_server
    @intercept_srv.close
    end
  rescue IOError => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#subscribe(event, &callback) ⇒ Object


49
50
51
# File 'lib/watobo/interceptor/proxy.rb', line 49

def subscribe(event, &callback)
  (@event_dispatcher_listeners[event] ||= []) << callback
end