Class: Cross::Engine

Inherits:

Object

• Object
• Cross::Engine

Includes:

Singleton

Defined in:

lib/cross/engine.rb

Overview

Engine is the cross class using Mechanize to inject canary and check for output

Instance Attribute Summary

• #agent ⇒ Object readonly

  Returns the value of attribute agent.

• #options ⇒ Object

  Returns the value of attribute options.

• #results ⇒ Object readonly

  Returns the value of attribute results.

• #target ⇒ Object readonly

  Returns the value of attribute target.

Instance Method Summary

• #create_log_filename(target) ⇒ Object
• #inject ⇒ Object

  return :links=>links, :message=>” end.

• #start(options = {:exploit_url=>false, :debug=>false, :oneshot=>false, :sample_post=>"", :parameter_to_tamper=>"", :auth=>{:username=>nil, :password=>nil}, :target=>""}) ⇒ Object

  Starts the engine.

Instance Attribute Details

#agent ⇒ Object (readonly)

Returns the value of attribute agent.

# File 'lib/cross/engine.rb', line 13

def agent
  @agent
end

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/cross/engine.rb', line 14

def options
  @options
end

#results ⇒ Object (readonly)

Returns the value of attribute results.

# File 'lib/cross/engine.rb', line 15

def results
  @results
end

#target ⇒ Object (readonly)

Returns the value of attribute target.

# File 'lib/cross/engine.rb', line 16

def target
  @target
end

Instance Method Details

#create_log_filename(target) ⇒ Object

# File 'lib/cross/engine.rb', line 19

def create_log_filename(target)
  begin
    return "cross_#{URI.parse(target).hostname.gsub('.', '_')}_#{Time.now.strftime("%Y%m%d")}.log"
  rescue
    return "cross_#{Time.now.strftime("%Y%m%d")}.log"
  end
end

#inject ⇒ Object

return :links=>links, :message=>” end

# File 'lib/cross/engine.rb', line 59

def inject
  start if @agent.nil?

  $logger.log "Authenticating to the app using #{@options[:auth][:username]}:#{@options[:auth][:password]}" if debug? && authenticate?

  @agent.add_auth(@target, @options[:auth][:username], @options[:auth][:password]) if authenticate?

  if @options[:exploit_url]
    # You ask to exploit the url, so I won't check for form values

    theurl= Codesake::Core::Url.new(@target)

    attack_url(theurl, Cross::Attack::XSS.rand) if oneshot?

    if ! oneshot?
      Cross::Attack::XSS.each do |pattern|
        attack_url(theurl, pattern)
      end
    end

  else
    begin
      page = @agent.get(@target)
    rescue Mechanize::UnauthorizedError
      $logger.err 'Authentication failed. Giving up.'
      return false
    rescue Mechanize::ResponseCodeError
      $logger.err 'Server gave back 404. Giving up.'
      return false
    rescue Net::HTTP::Persistent::Error => e
      $logger.err e.message
      return false
    end

    
    if page.forms.size == 0
      $logger.log "no forms found, please try to exploit #{@target} with the -u flag"
      return false
    else
      $logger.log "#{page.forms.size} form(s) found" if debug?
    end
    attack_form(page, Cross::Attack::XSS.rand) if oneshot?

    if ! oneshot?
      Cross::Attack::XSS.each do |pattern|
        attack_form(page, pattern)
      end
    end
  end
  @results.empty?
end

#start(options = {:exploit_url=>false, :debug=>false, :oneshot=>false, :sample_post=>"", :parameter_to_tamper=>"", :auth=>{:username=>nil, :password=>nil}, :target=>""}) ⇒ Object

Starts the engine

# File 'lib/cross/engine.rb', line 28

def start(options = {:exploit_url=>false, :debug=>false, :oneshot=>false, :sample_post=>"", :parameter_to_tamper=>"", :auth=>{:username=>nil, :password=>nil}, :target=>""})
  @agent = Mechanize.new {|a| a.log = Logger.new(create_log_filename(options[:target]))}
  @agent.user_agent = "cross v#{Cross::VERSION}"
  @agent.agent.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  @options = options
  @target = options[:target]
  @results = []
end