Class: Watobo::Gui::FuzzerCheck

Inherits:

ActiveCheck

• Object
• Session
• ActiveCheck
• Watobo::Gui::FuzzerCheck

Defined in:

lib/watobo/gui/fuzzer_gui.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary

Attributes inherited from ActiveCheck

#info, #numChecks

Instance Method Summary

• #fuzzels(fuzzers, index = 0, result = nil) ⇒ Object
• #generateChecks(chat) ⇒ Object
• #initialize(project, fuzzer_list, filter_list, requestEditor, prefs = {}) ⇒ FuzzerCheck constructor

  A new instance of FuzzerCheck.

• #reset ⇒ Object

Methods inherited from ActiveCheck

#addFinding, #cancel_UNUSED, #check_name, #checksRunning?, #continue_UNUSED, #disable, #enable, #enabled=, #enabled?, #fileExists?, #getCheckCount, inherited, #log_console, #maxChecks, #maxChecks=, #postParmNames, #resetCounters, #run_checks_UNUSED, #stop, #updateCounters, #urlParmNames, #waitLogin_UNUSED

Methods included from CheckInfoMixin

included

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Methods inherited from Session

#addProxy, #doRequest, #getProxy, #get_settings, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache

Methods included from Subscriber

#clearEvents, #notify, #subscribe

Constructor Details

#initialize(project, fuzzer_list, filter_list, requestEditor, prefs = {}) ⇒ FuzzerCheck

Returns a new instance of FuzzerCheck.

# File 'lib/watobo/gui/fuzzer_gui.rb', line 10

def initialize(project, fuzzer_list, filter_list, requestEditor, prefs={})
  super(project.object_id, prefs)
  @fuzzer_list = fuzzer_list
  @requestEditor = requestEditor
  @filter_list = filter_list
  @prefs = prefs
end

Instance Method Details

#fuzzels(fuzzers, index = 0, result = nil) ⇒ Object

# File 'lib/watobo/gui/fuzzer_gui.rb', line 18

def fuzzels(fuzzers, index=0, result=nil)
  begin
    unless fuzzers[index].nil?
      fuzzers[index].run(result) do |fuzz|
        if index < fuzzers.length - 1
          fuzzels(fuzzers, index+1, fuzz) do |sr|
            yield sr
          end
        else
          yield fuzz
        end
      end
    end
  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#generateChecks(chat) ⇒ Object

# File 'lib/watobo/gui/fuzzer_gui.rb', line 42

def generateChecks(chat)
  unless @fuzzer_list.empty?
    fuzzels(@fuzzer_list) do |fuzzle|
      test_fuzzle = Hash.new
      test_fuzzle.update YAML.load(YAML.dump(fuzzle))
      checker = proc {
        #puts test_fuzzle
        fuzz_request = @requestEditor.parseRequest(test_fuzzle)
        fuzz_request.extend Watobo::Mixin::Shaper::Web10
        fuzz_request.extend Watobo::Mixin::Parser::Web10
        fuzz_request.extend Watobo::Mixin::Parser::Url

        test_request, test_response = doRequest(fuzz_request, @prefs)

        notify(:stats, test_response)

        notify(:fuzzer_match, test_fuzzle, test_request, test_response, test_response.join) if @filter_list.empty?

        @filter_list.each do |f|
          matches = f.func.call(test_response) if f.func.respond_to? :call
          matches.each do |match|
            notify(:fuzzer_match, test_fuzzle, test_request, test_response, match)
          end
        end

        [test_request, test_response]
      }
      yield checker
    end
  end
end

#reset ⇒ Object

# File 'lib/watobo/gui/fuzzer_gui.rb', line 38

def reset()

end