Module: Watobo::Mixin::Parser::Url

Defined in:
lib/watobo/mixins/httpparser.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Instance Method Details

#dirObject



147
148
149
150
151
152
153
# File 'lib/watobo/mixins/httpparser.rb', line 147

def dir
  if self.first =~ /^[^[:space:]]{1,} https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}\/([^\?]*)\/.* HTTP/i then
    return $1
  else
    return ""
  end
end

#doctypeObject



186
187
188
189
190
191
192
193
194
195
196
197
198
199
# File 'lib/watobo/mixins/httpparser.rb', line 186

def doctype
  /.*\/.*?\.(\w{2,4})(\?| )/.match(self.first)
  #   puts $1
  return $1 unless $1.nil?
  return ''
  #dummy = self.first.gsub(/\?+/,"?")
  #parts = dummy.split('?')
  #parts[0].gsub!(/ HTTP\/(.*)/i,"")
  #if parts[0] =~ /(.*\.)(\w{2,3})$/i then
  #  return $2
  #else
  #  return ''
  #end
end

#elementObject



175
176
177
178
179
180
181
182
183
184
# File 'lib/watobo/mixins/httpparser.rb', line 175

def element
  cl = self.first.gsub(/\?+/,"?")
  cl.gsub!(/ HTTP.*/, '')
  dummy = cl.split('?').first
  if dummy =~ /^[^[:space:]]{1,} (https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}).*\/(.*)/i then
    return $2
  else
    return ""
  end
end

#fileObject



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/watobo/mixins/httpparser.rb', line 53

def file
  #@file ||= nil
  #return @file unless @file.nil?
  if self.first =~ /^[^[:space:]]{1,} https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}[^\?]*\/(.*) HTTP.*/
    tmp = $1
    end_of_file_index = tmp.index(/\?/)

    if end_of_file_index.nil?
      @file = tmp
    elsif end_of_file_index == 0
      @file = ""
    else
      @file = tmp[0..end_of_file_index-1]
    end

  else
    @file = ""
  end
end

#file_extObject



73
74
75
76
77
78
79
80
81
# File 'lib/watobo/mixins/httpparser.rb', line 73

def file_ext
  #@file_ext ||= nil
  #return @file_ext unless @file_ext.nil?
  if self.first =~ /^[^[:space:]]{1,} https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}[^\?]*\/(.*) HTTP.*/
    @file_ext = $1
  else
    @file_ext = ''
  end
end

#get_parm_names(&block) ⇒ Object

doubles



319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
# File 'lib/watobo/mixins/httpparser.rb', line 319

def get_parm_names(&block)

  parm_names=[]
  parmlist=[]
  parmlist.concat(get_parms)

  parmlist.each do |p|
    if p then
      p.gsub!(/=.*/,'')
      yield p if block_given?
      parm_names.push p            
    end
  end

  return parm_names

end

#get_parm_value(parm_name) ⇒ Object



337
338
339
340
341
342
343
344
345
346
347
348
349
# File 'lib/watobo/mixins/httpparser.rb', line 337

def get_parm_value(parm_name)
  parm_value = ""
  self.get_parms.each do |parm|
    if parm =~ /^#{Regexp.quote(parm_name)}=/i then
      dummy = parm.split(/=/)
      if dummy.length > 1 then
        #  parm_value=dummy[1].gsub(/^[ ]*/,"")
        parm_value=dummy[1].strip
      end
    end
  end
  return parm_value
end

#get_parmsObject

get_parms returns an array of parm=value



291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
# File 'lib/watobo/mixins/httpparser.rb', line 291

def get_parms
  begin
    off = self.first.index('?')
    return [] if off.nil?
    eop = self.first.index(' HTTP/')
    return [] if eop.nil?
    parms = self.first[off+1..eop-1].split('&').select {|x| x =~ /=/ }
    #   puts parms
    return parms
  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
  return []
  #parmlist=[]
  #if self.first =~ /^[^[:space:]]{1,} (https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}).*\/.*(\?.*=.*) HTTP/i then
  #  dummy = $2.gsub!(/\?+/,"?").split('?')
  # remove left part of ? from url
  #  dummy.shift

  #  parmlist=dummy.join.split(/\&/)
  #end
  #return parmlist

end

#hostObject



251
252
253
254
255
256
257
258
259
260
# File 'lib/watobo/mixins/httpparser.rb', line 251

def host
  #@host ||= nil
  #return @host unless @host.nil?
  if self.first =~ /^[^[:space:]]{1,} https?:\/\/([\-0-9a-zA-Z.]*)[:0-9]{0,6}/i then
    @host = $1
  else
    @host = ''
  end
  @host
end

#is_chunked?Boolean

Returns:

  • (Boolean)


215
216
217
218
219
220
221
# File 'lib/watobo/mixins/httpparser.rb', line 215

def is_chunked?
  self.each do |h|
    return true if h =~ /^Transfer-Encoding.*chunked/i
    break if h.strip.empty?
  end
  return false
end

#is_ssl?Boolean

Returns:

  • (Boolean)


210
211
212
213
# File 'lib/watobo/mixins/httpparser.rb', line 210

def is_ssl?
  return true if self.first =~ /^[^[:space:]]{1,} https/i
  return false
end

#methodObject



100
101
102
103
104
105
106
# File 'lib/watobo/mixins/httpparser.rb', line 100

def method
  if self.first =~ /(^[^[:space:]]{1,}) http/i then
    return $1
  else
    return nil
  end
end

#method_get?Boolean

Returns:

  • (Boolean)


108
109
110
111
112
# File 'lib/watobo/mixins/httpparser.rb', line 108

def method_get?
  return false if method.nil?
  return true if method =~ /^get$/i
  return false
end

#method_post?Boolean

Returns:

  • (Boolean)


114
115
116
117
118
# File 'lib/watobo/mixins/httpparser.rb', line 114

def method_post?
  return false if method.nil?
  return true if method =~ /^post$/i
  return false
end

#pathObject



130
131
132
133
134
135
136
# File 'lib/watobo/mixins/httpparser.rb', line 130

def path
  if self.first =~ /^[^[:space:]]{1,} https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}\/([^\?]*).* HTTP/i then
    return $1
  else
    return ""
  end
end

#path_extObject

path_ext = “my/path/show.php?p=aaa&debug=true”



139
140
141
142
143
144
145
# File 'lib/watobo/mixins/httpparser.rb', line 139

def path_ext
  if self.first =~ /^[^[:space:]]{1,} https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}\/(.*) HTTP\//i then
    return $1
  else
    return ""
  end
end

#portObject



273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
# File 'lib/watobo/mixins/httpparser.rb', line 273

def port
  return nil if self.first.nil?
  dummy = self.first
  portnum = nil
  parts = dummy.split('?')

  if parts[0] =~ /^[^[:space:]]{1,} https:\/\//i then
    portnum = 443
  elsif parts[0] =~ /^[^[:space:]]{1,} http:\/\//i
    portnum = 80
  end
  if parts[0] =~ /^[^[:space:]]{1,} https?:\/\/[\-0-9a-zA-Z.]*:([0-9]{0,6})/i then
    portnum = $1
  end
  return portnum
end

#post_parm_value(parm_name) ⇒ Object



351
352
353
354
355
356
357
358
359
360
361
362
363
364
# File 'lib/watobo/mixins/httpparser.rb', line 351

def post_parm_value(parm_name)
  parm_value=""
  self.post_parms.each do |parm|
    if parm =~ /#{Regexp.quote(parm_name)}/i then
      dummy = parm.split(/=/)
      if dummy.length > 1 then
        parm_value = dummy[1].strip
      else
        # puts "Uhhhh ... need parameter value from '#{parm}''"
      end
    end
  end
  return parm_value
end

#protoObject



201
202
203
204
205
206
207
208
# File 'lib/watobo/mixins/httpparser.rb', line 201

def proto
 # @proto ||= nil
 # return @proto unless @proto.nil?
  @proto = "http" if self.first =~ /^[^[:space:]]{1,} http:\/\//i
  #  puts dummy
  @proto = "https" if self.first =~ /^[^[:space:]]{1,} https:\/\//i
  @proto
end

#queryObject



155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# File 'lib/watobo/mixins/httpparser.rb', line 155

def query
  begin
    q = nil
    if self.first =~ /^[^[:space:]]{1,} (.*) HTTP.*/ then
      uri = $1
    end
    off = uri.index('?')
    #parts.shift
    # puts "HTTPParser.query: #{parts.join('?')}"
    return "" if off.nil?
    return uri[off+1..-1]
  rescue => bang
    puts "!!! Could not parse query !!!"
    puts bang
    puts bang.backtrace if $DEBUG
  end
  return ''

end

#siteObject



232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
# File 'lib/watobo/mixins/httpparser.rb', line 232

def site
  #@site ||= nil
  #return @site unless @site.nil?
  if self.first =~ /^[^[:space:]]{1,} (https?):\/\/([\-0-9a-zA-Z.]*)([:0-9]{0,6})/i then
    host = $2
    port_extension = $3
    proto = $1
    s = host + port_extension
    if port_extension == ''
      s = host + ":" + DEFAULT_PORT_HTTPS.to_s if  proto =~ /^https$/i
      s = host + ":" + DEFAULT_PORT_HTTP.to_s if  proto =~ /^http$/i
    end
    @site = s
  else
    @site = nil
  end
  @site
end

#subDirsObject

returns all subdir combinations www.company.com/this/is/my/path.php returns:

“/this”, “/this/is”, “/this/is/my”


266
267
268
269
270
271
# File 'lib/watobo/mixins/httpparser.rb', line 266

def subDirs
  sub_dirs = self.dir.split(/\//)
  dir = ""
  sub_dirs.map! do |d| dir += "/" + d ; end
  return sub_dirs
end

#url_stringObject



223
224
225
226
227
228
229
230
# File 'lib/watobo/mixins/httpparser.rb', line 223

def url_string
  url = ''        
  #return @url unless @url.nil?
  if self.first =~ /^[^[:space:]]{1,} (https?:\/\/[\-0-9a-zA-Z.]*[:0-9]{0,6}.*) HTTP\//i then
    url = $1
  end
  url
end

#urlparmsObject

returns a string containing all urlparms e.g. “parm1=first&parm2=second”



85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'lib/watobo/mixins/httpparser.rb', line 85

def urlparms
  begin
    off = self.first.index('?')
    return nil if off.nil?
    eop = self.first.index(' HTTP/')
    return nil if eop.nil?
    parms = self.first[off+1..eop-1]
    return parms
  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
  return nil
end