Class: Watobo::Interceptor::Proxy

Inherits:

Object

• Object
• Watobo::Interceptor::Proxy

Defined in:

lib/watobo/interceptor/proxy.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary

• #client_certificates ⇒ Object

  attr :www_auth.

• #port ⇒ Object readonly

  Returns the value of attribute port.

• #proxy_mode ⇒ Object

  Returns the value of attribute proxy_mode.

• #target ⇒ Object

  attr_accessor :contentTypes.

Class Method Summary

• .start(settings = {}) ⇒ Object

  R U N.

• .transparent? ⇒ Boolean

Instance Method Summary

• #addPreview(response) ⇒ Object
• #clear_request_carvers ⇒ Object
• #clear_response_carvers ⇒ Object
• #clearEvents(event) ⇒ Object
• #getRequestFilter ⇒ Object
• #getResponseFilter ⇒ Object
• #initialize(settings = nil) ⇒ Proxy constructor

  A new instance of Proxy.

• #refresh_www_auth ⇒ Object
• #server ⇒ Object
• #setRequestFilter(new_settings) ⇒ Object
• #setResponseFilter(new_settings) ⇒ Object
• #start ⇒ Object
• #stop ⇒ Object
• #subscribe(event, &callback) ⇒ Object

Constructor Details

#initialize(settings = nil) ⇒ Proxy

Returns a new instance of Proxy.

# File 'lib/watobo/interceptor/proxy.rb', line 383

def initialize(settings=nil)
  @event_dispatcher_listeners = Hash.new
  begin

    puts
    puts "=== Initialize Interceptor/Proxy ==="

    #Watobo::Interceptor.proxy_mode = INTERCEPT_NONE

    init_instance_vars

    @awaiting_requests = 0
    @awaiting_responses = 0

    @request_filter_settings = {
    :site_in_scope => false,
    :method_filter => '(get|post|put)',
    :negate_method_filter => false,
    :negate_url_filter => false,
    :url_filter => '',
    :file_type_filter => '(jpg|gif|png|jpeg|bmp)',
    :negate_file_type_filter => true,

    :parms_filter => '',
    :negate_parms_filter => false
    #:regex_location => 0, # TODO: HEADER_LOCATION, BODY_LOCATION, ALL

  }

    @response_filter_settings = {
    :content_type_filter => '(text|script)',
    :negate_content_type_filter => false,
    :response_code_filter => '2\d{2}',
    :negate_response_code_filter => false,
    :request_intercepted => false,
    :content_printable => true,
    :enable_printable_check => false
  }

    @preview = Hash.new
    @preview['ProxyTest'] = ["HTTP/1.0 200 OK\r\nServer: Watobo-Interceptor\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<html><body>PROXY_OK</body></html>"]

    @dh_key = Watobo::CA.dh_key

  rescue => bang
    puts "!!!could not read certificate files:"
    puts bang
    puts bang.backtrace if $DEBUG
  end

end

Instance Attribute Details

#client_certificates ⇒ Object

attr :www_auth

# File 'lib/watobo/interceptor/proxy.rb', line 38

def client_certificates
  @client_certificates
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/watobo/interceptor/proxy.rb', line 30

def port
  @port
end

#proxy_mode ⇒ Object

Returns the value of attribute proxy_mode.

# File 'lib/watobo/interceptor/proxy.rb', line 32

def proxy_mode
  @proxy_mode
end

#target ⇒ Object

attr_accessor :contentTypes

# File 'lib/watobo/interceptor/proxy.rb', line 36

def target
  @target
end

Class Method Details

.start(settings = {}) ⇒ Object

R U N

# File 'lib/watobo/interceptor/proxy.rb', line 106

def self.start(settings = {})
  proxy = Proxy.new(settings)
  proxy.start
  proxy
end

.transparent? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/watobo/interceptor/proxy.rb', line 39

def self.transparent?
  return true if ( Watobo::Conf::Interceptor.proxy_mode & Watobo::Interceptor::MODE_TRANSPARENT ) > 0
  return false
end

Instance Method Details

#addPreview(response) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 82

def addPreview(response)
  preview_id = Digest::MD5.hexdigest(response.join)
  @preview[preview_id] = response
  return preview_id
end

#clear_request_carvers ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 73

def clear_request_carvers
  @request_carvers.clear unless @request_carvers.nil?

end

#clear_response_carvers ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 78

def clear_response_carvers
  @response_carvers.clear unless @response_carvers.nil?
end

#clearEvents(event) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 52

def clearEvents(event)
  @event_dispatcher_listener[event].clear
end

#getRequestFilter ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 60

def getRequestFilter()
  YAML.load(YAML.dump(@request_filter_settings))
end

#getResponseFilter ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 56

def getResponseFilter()
  YAML.load(YAML.dump(@response_filter_settings))
end

#refresh_www_auth ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 379

def refresh_www_auth
  @www_auth = Watobo::Conf::Scanner.www_auth
end

#server ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 44

def server
  @bind_addr
end

#setRequestFilter(new_settings) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 68

def setRequestFilter(new_settings)
  @request_filter_settings.update new_settings unless new_settings.nil?
# puts @request_filter_settings.to_yaml
end

#setResponseFilter(new_settings) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 64

def setResponseFilter(new_settings)
  @response_filter_settings.update new_settings unless new_settings.nil?
end

#start ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 112

def start()
  @wait_queue = Queue.new

  if transparent?
    Watobo::Interceptor::Transparent.start
  end

  begin
    @intercept_srv = TCPServer.new(@bind_addr, @port)
    @intercept_srv.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1 )

  rescue => bang
    puts "\n!!!Could not start InterceptProxy"
    puts bang
    return nil
  end
  puts "\n* Intercepor started on #{@bind_addr}:#{@port}"
  session_list = []
  puts "!!! TRANSPARENT MODE ENABLED !!!" if transparent?

  @t_server = Thread.new(@intercept_srv) { |server|
  while (new_session = server.accept)
    #  new_session.sync = true
    new_sender = Watobo::Session.new(@target)
    Thread.new(new_sender, new_session) { |sender, session|

      c_sock = Watobo::HTTPSocket::ClientSocket.connect(session)
      
      #puts "ClientSocket: #{c_sock}"
      Thread.exit if c_sock.nil?
      
      #
      # loop for reusing client connections
      
      max_loop = 0
      loop do
      flags = []
      begin
        
      # puts "#{c_sock} - read request"
       request = c_sock.request
      
       if request.nil? or request.empty? then
          print "c/"
          c_sock.close
          Thread.exit
        end
        
        url = ( request.url.to_s.length > 65 ) ? request.url.to_s.slice(0,65) + "..." : request.url.to_s
        puts "\n[I] #{url}"

      rescue => bang
        puts "!!! Error reading client request "
        puts bang
        puts bang.backtrace
       # puts request.class
       # puts request
       c_sock.close
       Thread.exit
      #break
      end

      # check if preview is requested
      if request.host =='watobo.localhost' or request.first =~ /WATOBOPreview/ then
        if request.first =~ /WATOBOPreview=([0-9a-zA-Z]*)/ then
          hashid = $1
          response = @preview[hashid]

          if response then
            c_sock.write response.join
            c_sock.close
          end
        end
      #next
      Thread.exit
      end

      request_intercepted = false
      # no preview, check if interception request is turned on
      if Watobo::Interceptor.rewrite_requests? then
        Interceptor::RequestCarver.shape(request, flags)
        puts "FLAGS >>"
        puts flags
      end

      if @target and Watobo::Interceptor.intercept_requests? then
        if matchRequestFilter(request)
          @awaiting_requests += 1
          request_intercepted = true

          if @target.respond_to? :addRequest
            Watobo.print_debug "send request to target"
            @target.addRequest(request, Thread.current)
            Thread.stop
          else
            p "! no target for editing request"
          end
        @awaiting_requests -= 1
        end
      end
     
     begin
       s_sock, req, resp = sender.sendHTTPRequest(request, :update_sids => true, 
                                                           :update_session => false, 
                                                           :update_contentlength => true, 
                                                           :www_auth => @www_auth 
                                                          # :client_certificates => @client_certificates
                                                           )
      if s_sock.nil? then
        puts "s_sock is nil! bye, bye, ..."
        puts request if $DEBUG
        c_sock.write resp.join unless resp.nil?
        c_sock.close
        Thread.exit
      end

      rescue => bang
        puts bang
        puts bang.backtrace if $DEBUG
        c_sock.close
        Thread.exit
      end

      # check if response should be passed throug
      #Thread.current.exit if isPassThrough?(req, resp, s_sock, c_sock)
      if isPassThrough?(req, resp, s_sock, c_sock)
        Watobo::HTTPSocket.close s_sock
        c_sock.close                
        Thread.exit
      end
      #p "no pass-through"

      begin
      # puts "* got response status: #{resp.status}"
        missing_credentials = false
        rs = resp.status
        auth_type = AUTH_TYPE_NONE
        if rs =~ /^(401|407)/ then
          
          missing_credentials = true
         
          resp.each do |rl|
            if rl =~ /^(Proxy|WWW)-Authenticate: Basic/i
              auth_type = AUTH_TYPE_BASIC
            break
            elsif rl =~ /^(Proxy|WWW)-Authenticate: NTLM/i
              auth_type = AUTH_TYPE_NTLM
            break
            end
          end
          # when auth type not basic assume it's ntlm -> ntlm credentials must be set in watobo
          unless auth_type == AUTH_TYPE_NONE
            if auth_type == AUTH_TYPE_NTLM
              if rs =~ /^401/ then
                resp.push "WATOBO: Server requires (NTLM) authorization, please set WWW_Auth Credentials!"
                resp.shift
                resp.unshift "HTTP/1.1 200 OK\r\n"
              else
                resp.push "WATOBO: Proxy requires (NTLM) authorization, please set Proxy Credentials!"
                resp.shift
                resp.unshift "HTTP/1.1 200 OK\r\n"
              end
            end
          #else

          #resp.push "WATOBO: Unknown authorization type.<br><br>\r\n" + resp.join("<br>\r\n")
          #resp.shift
          #resp.unshift "HTTP/1.1 200 OK\r\n"
          #resp.fix_content_length

          end
        end
        
        unless auth_type == AUTH_TYPE_UNKNOWN or req.method =~ /^head/i
          # don't try to read body if request method is HEAD
          sender.readHTTPBody(s_sock, resp, req, :update_sids => true)
          Watobo::HTTPSocket.close s_sock
        end
        
      rescue => bang
        puts "!!! could not send request !!!"
        puts bang
        puts bang.backtrace if $DEBUG
      #  puts "* Error sending request"
      end

      begin
        # Watobo::Response.create resp
        resp = Watobo::Response.new resp
       # puts "* unchunk response ..."
        resp.unchunk
        # puts "* unzip response ..."
        resp.unzip

        if Watobo::Interceptor.rewrite_responses? then
           Interceptor::ResponseCarver.shape(resp, flags)
        end

        if @target and Watobo::Interceptor.intercept_responses? then
          if matchResponseFilter(resp)
            #  if resp.content_type =~ /text/ or resp.content_type =~ /application\/javascript/ then
            if @target.respond_to? :modifyResponse
              @target.modifyResponse(resp, Thread.current)
              Thread.stop
            else
              p "! no target for editing response"
            end
          end
        end

       # puts ">> SEND TO CLIENT"
   #    puts ">>C<< - Close: #{request.connection_close?}"
       #request.headers("Connection"){ |h| puts h }
       
       if missing_credentials
         resp.set_header("Connection", "close")
       elsif request.connection_close? or resp.content_length < 0 or max_loop > 4
        # resp.set_header("Proxy-Connection","close")
         resp.set_header("Connection","close")
       else
         resp.set_header("Connection","keep-alive")
         resp.set_header("Keep-Alive", "max=4, timeout=120")
       end
       
       resp_data = resp.join
       c_sock.write resp_data
      
      # puts "---"
      # puts resp_data.unpack("H*")[0]
      # puts "==="
       
      rescue Errno::ECONNRESET
        print "x"
        #  puts "!!! ERROR (Reset): reading body"
        #  puts "* last data seen on socket: #{buf}"
        #return
      rescue Errno::ECONNABORTED
        print "x"
        #return
      rescue => bang
        puts "!!! Error (???) in Client Communication:"
        puts bang
        puts bang.class
        puts bang.backtrace #if $DEBUG
      #return
      end

     chat = Chat.new(request.copy, resp.copy, :source => CHAT_SOURCE_INTERCEPT)

     Watobo::Chats.add chat
     
     # TODO: place check into ClientSocket, because headers must be checked and changed too
     # e.g. if c_sock.open?
     if missing_credentials or request.connection_close? or resp.content_length < 0 or max_loop > 4
       c_sock.close
       Thread.exit
     end
     print "o"
     max_loop += 1

     end
    }

  end
}
end

#stop ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 88

def stop()
  begin
    puts "[#{self.class}] stop"
    if @t_server.respond_to? :status
      puts @t_server.status
      Thread.kill @t_server
    @intercept_srv.close
    end
  rescue IOError => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#subscribe(event, &callback) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 48

def subscribe(event, &callback)
  (@event_dispatcher_listeners[event] ||= []) << callback
end