Class: Watobo::Modules::Passive::Possible_login

Inherits:
PassiveCheck
  • Object
show all
Defined in:
modules/passive/possible_login.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Constructor Details

#initialize(project) ⇒ Possible_login

Returns a new instance of Possible_login.


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'modules/passive/possible_login.rb', line 31

def initialize(project)
  @project = project
  super(project)
  
  @info.update(
               :check_name => 'Detect Logins',    # name of check which briefly describes functionality, will be used for tree and progress views
  :description => "Detect possible and also unencrypted logins.",   # description of checkfunction
  :author => "Andreas Schmidt", # author of check
  :version => "0.9"   # check version
  )
  
  @finding.update(
                  :threat => 'If login credentials are sent over an unencrypted channel, an attacker may eavesdrop these information.'        # thread of vulnerability, e.g. loss of information
  
  )
  
  @check_name = "Detect Logins"
  @description = "maybe usefull?"
  
  
  @possible_login_patterns=%w[ (username) (password) (passwd) (pass) (uid) (userid) ]
end

Instance Method Details

#do_test(chat) ⇒ Object


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'modules/passive/possible_login.rb', line 54

def do_test(chat)
  begin
    #  puts "running module: #{Module.nesting[0].name}"
    all_parms = chat.request.post_parms
    if all_parms
      # puts all_parms
    #  resource = "/" + chat.request.resource
      all_parms.each do |parm|
        @possible_login_patterns.each do |pattern|
          #  puts "Testing pattern #{pattern} on postparms\r\n#{parm}"
          if parm =~ /#{pattern}/i
            match = $1
            
            addFinding(
                       :class => "Logins",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
            :type => FINDING_TYPE_HINT,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
            :check_pattern => "#{parm}", 
            :chat => chat,
            :title => "#{chat.request.path_ext}"
            #:debug => true
            )
            # check for unecrypted transfer
            
            if not chat.request.proto =~ /https/i
              addFinding(
                         :class => "Unencrypted Logins",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
              :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
              :check_pattern => "#{chat.request.proto}",
              :chat => chat,
              :rating => VULN_RATING_HIGH,
              :title => "#{chat.request.path_ext}"
             # :debug => true
              )
            end
            
            # also check if session id has been redefined
            puts "* check session managment"
            old_cookies = chat.request.cookies.select do |rc|
              cookie_old = true
              chat.response.new_cookies do |nc|
                if rc =~ /^#{nc.name}/
                  rc_name, rc_value = rc.split("=") 
                  cookie_old = false unless rc_value == nc.value
                end
                 puts ":#{rc} - #{nc.name} - #{cookie_old}"                        
              end
              puts ":#{rc} >> #{cookie_old}"     
              cookie_old
            end
            puts "old cookies (#{old_cookies.length})"
            old_cookies.map do |c|
              addFinding(
                         :class => "Session Managment",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
              :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
              :check_pattern => "#{c}",
              :chat => chat,
              :rating => VULN_RATING_MEDIUM,
              :title => "#{chat.request.path_ext}",
              :threat => "Session Cookie has not been renewed after login. Session-Fixation attacks may be possible."
             # :debug => true
              )
            end
            
            return true
          end
          
          
        end
        
      end
    end
  rescue => bang
    puts "ERROR!! #{Module.nesting[0].name}"
    puts bang
    puts bang.backtrace if $DEBUG
  end
end