Class: Arachni::Checks::Xst

# File 'components/checks/passive/xst.rb', line 47

def self.info
    {
        name:        'XST',
        description: %q{Sends an HTTP TRACE request and checks if it succeeded.},
        elements:    [ Element::Server ],
        author:      'Tasos "Zapotek" Laskos <[email protected]>',
        version:     '0.1.8',

        issue:       {
            name:            %q{HTTP TRACE},
            description:     %q{
The `TRACE` HTTP method allows a client so send a request to the server, and
have the same request then send back in the server's response. This allows the
client to determine if the server is receiving the request as expected or if
specific parts of the request are not arriving as expected.
For example incorrect encoding or a load balancer has filtered or changed a value.
On many default installations the `TRACE` method is still enabled.

While not vulnerable by itself, it does provide a method for cyber-criminals to
bypass the `HTTPOnly` cookie flag, and therefore could allow a XSS attack to
successfully access a session token.

Arachni has discovered that the affected page permits the HTTP `TRACE` method.
},
            references:  {
                'CAPEC' => 'http://capec.mitre.org/data/definitions/107.html',
                'OWASP' => 'http://www.owasp.org/index.php/Cross_Site_Tracing'
            },
            tags:            %w(xst methods trace server),
            cwe:             693,
            severity:        Severity::MEDIUM,
            remedy_guidance: %q{
The HTTP `TRACE` method is normally not required within production sites and
should therefore be disabled.

Depending on the function being performed by the web application, the risk
level can start low and increase as more functionality is implemented.

The remediation is typically a very simple configuration change and in most cases
will not have any negative impact on the server or application.
}
        }
    }
end

.ran_for(proto) ⇒ `Object`



26
27
28

# File 'components/checks/passive/xst.rb', line 26

def self.ran_for( proto )
    RAN << proto
end

.ran_for?(proto) ⇒ `Boolean`

Returns:

(Boolean)



22
23
24

# File 'components/checks/passive/xst.rb', line 22

def self.ran_for?( proto )
    RAN.include? proto
end

Instance Method Details

#run ⇒ `Object`

# File 'components/checks/passive/xst.rb', line 30

def run
    return if self.class.ran_for?( page.parsed_url.scheme )
    self.class.ran_for( page.parsed_url.scheme )

    print_status 'Checking...'

    http.trace( page.url ) do |response|
        next if response.code != 200 || response.body.to_s.empty?

        log(
            vector:   Element::Server.new( response.url ),
            response: response,
            proof:    response.status_line
        )
    end
end

Class: Arachni::Checks::Xst

Overview

Constant Summary collapse

Constants included from Arachni::Check::Auditor

Constants included from Arachni

Instance Attribute Summary

Attributes included from Arachni::Check::Auditor

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Arachni::Check::Base

Methods included from Arachni::Check::Auditor

Methods inherited from Arachni::Component::Base

Methods included from Arachni::Component::Output

Methods included from UI::Output

Methods included from Arachni::Component::Utilities

Methods included from Utilities

Methods included from Arachni

Constructor Details

Class Method Details

.info ⇒ Object

.ran_for(proto) ⇒ Object

.ran_for?(proto) ⇒ Boolean

Instance Method Details

#run ⇒ Object

.info ⇒ `Object`

.ran_for(proto) ⇒ `Object`

.ran_for?(proto) ⇒ `Boolean`

#run ⇒ `Object`