Class: Watobo::Plugin::Sslchecker::Check

Inherits:
ActiveCheck
  • Object
show all
Defined in:
plugins/sslchecker/lib/check.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project) ⇒ Check

Returns a new instance of Check.


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'plugins/sslchecker/lib/check.rb', line 44

def initialize(project)
  super(project)

  @result = Hash.new
  @cipherlist = Array.new
  
  
  OpenSSL::SSL::SSLContext::METHODS.each do |method|
    next if method =~ /(client|server)/
    next if method =~ /23/
  #%w( TLSv1_server SSLv2_server SSLv3_server ).each do |method|
    puts ">> #{method}"
    begin
  ctx = OpenSSL::SSL::SSLContext.new(method)
  ctx.ciphers="ALL::COMPLEMENTOFALL::eNull"
  ctx.ciphers.each do |c|
    @cipherlist.push [ method, c[0]]
  end
  #ctx.ciphers="eNULL" # because ALL don't include Null-Ciphers!!!
  #ctx.ciphers.each do |c|
  #  @cipherlist.push [ method, c[0]]
  #end

  
  rescue => bang
    puts bang
  end
  
  end
 # puts @cipherlist.to_yaml
end

Instance Attribute Details

#cipherlistObject (readonly)

Returns the value of attribute cipherlist


27
28
29
# File 'plugins/sslchecker/lib/check.rb', line 27

def cipherlist
  @cipherlist
end

Instance Method Details

#generateChecks(chat) ⇒ Object


80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# File 'plugins/sslchecker/lib/check.rb', line 80

def generateChecks(chat)
  begin
    @cipherlist.each do |method, c|
    checker = proc {

      test_request = nil
      test_response = nil
      # !!! ATTENTION !!!
      # MAKE COPY BEFORE MODIFIYING REQUEST
      request = chat.copyRequest

      
        ctx = OpenSSL::SSL::SSLContext.new(method)
        ctx.ciphers = c
        cypher = ctx.ciphers.first
        bits = cypher[2].to_i
        algo = cypher[0]
      
        test_request, test_response = doRequest( request, :ssl_cipher => c )
        result = {
            :method => method, 
            :algo => algo, 
            :bits => bits, 
            :support => true
          }
      
        if test_request and test_response
          
      
          notify( :cipher_checked, result)
          if bits < 128

          addFinding(  test_request, test_response,
          :test_item => "#{algo}#{bits}",
          #:proof_pattern => "#{match}",
          :chat => chat,
          :title => "[#{algo}] - #{bits} Bit"
          )
          end
        else
          result[:support] = false
        notify(:cipher_checked, result)
        #              puts "!!! ERROR: #{c}"
        end
      
      [ test_request, test_response ]

    }
    yield checker
    end
  rescue => bang
  puts "!error in module #{Module.nesting[0].name}"
  puts bang
  end
end

#resetObject


76
77
78
# File 'plugins/sslchecker/lib/check.rb', line 76

def reset()
  @result.clear
end