Module: Watobo::Mixin::Parser::Web10

Includes:
Constants
Defined in:
lib/watobo/mixins/httpparser.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Instance Method Details

#__connection_close?Boolean

Returns:

  • (Boolean) 


580
581
582
583
584
585
 
# File 'lib/watobo/mixins/httpparser.rb', line 580

def __connection_close?
  headers("Connection") do |h|
    return true if h =~ /close/i
  end
  return false
end

#bodyObject 



602
603
604
605
606
607
608
609
610
 
# File 'lib/watobo/mixins/httpparser.rb', line 602

def body
  begin
    return nil if self.nil? or self.length < 3
    return "#{self.last}" if self[-2].strip.empty?
  rescue
    return nil
  end
  nil
end

#body_encodedObject 



647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
 
# File 'lib/watobo/mixins/httpparser.rb', line 647

def body_encoded
  b = self.body
  return nil if b.nil?

  cs = self.charset
  return b.unpack("C*").pack("C*") if cs.nil?

  begin
    # not sure if this is a good idea???
    #return  b.encode(cs, :invalid => :replace, :undef => :replace, :replace => '').unpack("C*").pack("C*")
  rescue => bang
    if $DEBUG
      puts bang
      puts bang.backtrace
    end
  end
  return b.unpack("C*").pack("C*")
end

#charsetObject 



708
709
710
711
712
713
714
715
716
717
718
 
# File 'lib/watobo/mixins/httpparser.rb', line 708

def charset
  cs = nil
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Type: .*charset=([^;]*)/i then
      cs = $1.strip
      break
    end
  end
  return cs
end

#connection_close?Boolean

Returns:

  • (Boolean) 


587
588
589
590
591
592
 
# File 'lib/watobo/mixins/httpparser.rb', line 587

def connection_close?
  headers("Connection") do |h|
    return false if h =~ /keep\-alive/i
  end
  return true
end

#content_encodingObject 



485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
 
# File 'lib/watobo/mixins/httpparser.rb', line 485

def content_encoding
  te = TE_NONE
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Encoding:(.*)/i then
      dummy = $1.strip
      #  puts "Content-Encoding => #{dummy}"
      te = case dummy
             when /chunked/i
               TE_CHUNKED
             when /compress/i
               TE_COMPRESS
             when /zip/i
               TE_GZIP
             when /deflate/i
               TE_DEFLATE
             when /identity/i
               TE_IDENTITY
             else
               TE_NONE
           end
      break
    end
  end
  return te
end

#content_lengthObject 



471
472
473
474
475
476
477
478
479
480
481
482
483
 
# File 'lib/watobo/mixins/httpparser.rb', line 471

def content_length
  # Note: Calculate Chunk-Encoded Content-Length
  # this is only possible if the whole body is loaded???
  ct = -1
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Length:(.*)/i then
      ct = $1.strip.to_i
      break
    end
  end
  return ct
end

#content_type(default_ct = 'undefined') ⇒ Object 



435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
 
# File 'lib/watobo/mixins/httpparser.rb', line 435

def content_type(default_ct='undefined')
  ct = default_ct
  self.each do |line|
    begin
      break if line.strip.empty?
      #cl = line.encode('ASCII', :invalid => :replace, :undef => :replace)
      cl = line.force_encoding('ASCII-8BIT')
      if cl =~ /^Content-Type:([^;]*);?/i then
        ct = $1
        break
      end
    rescue => bang
      puts "! could not parse content_type !"
      puts bang
      puts cl
#            puts cl.gsub(/[^[:print:]]/, '.')

    end
  end
  return ct.strip
end

#content_type_ex(default_ct = 'undefined') ⇒ Object 



457
458
459
460
461
462
463
464
465
466
467
468
469
 
# File 'lib/watobo/mixins/httpparser.rb', line 457

def content_type_ex(default_ct='undefined')
  ct = default_ct
  self.each do |line|
    break if line.strip.empty?
    # cl = line.encode('ASCII', :invalid => :replace, :undef => :replace)
    cl = line.force_encoding('ASCII-8BIT')
    if cl =~ /^Content-Type:(.*)/i then
      ct = $1.strip
      break
    end
  end
  return ct.strip
end

#contentMD5Object 



541
542
543
544
545
 
# File 'lib/watobo/mixins/httpparser.rb', line 541

def contentMD5
  b = self.body.nil? ? "" : self.body
  hash = Digest::MD5.hexdigest(b)
  return hash
end

#has_body?Boolean

Returns:

  • (Boolean) 


576
577
578
 
# File 'lib/watobo/mixins/httpparser.rb', line 576

def has_body?
  self.body.nil? ? false : true
end

#has_header?(name) ⇒ Boolean

Returns:

  • (Boolean) 


594
595
596
597
598
599
600
 
# File 'lib/watobo/mixins/httpparser.rb', line 594

def has_header?(name)
  self.each do |l|
    return false if l.strip.empty?
    return true if l =~ /^#{name}:/i
  end
  return false
end

#header_value(header_name) ⇒ Object 



417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
 
# File 'lib/watobo/mixins/httpparser.rb', line 417

def header_value(header_name)
  header_values =[]
  self.headers.each do |header|
    begin
      if header =~ /^#{header_name}/i then
        vstart = header.index ':'
        unless vstart.nil?
          header_values.push header[vstart+1..-1].strip
        end
      end
    rescue => bang
      puts bang
      puts bang.backtrace if $DEBUG
    end
  end
  return header_values
end

#headers(filter = nil, &b) ⇒ Object 



720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
 
# File 'lib/watobo/mixins/httpparser.rb', line 720

def headers(filter=nil, &b)
  begin
    filter = '.*' if filter.nil?
    header_list=[]
    self.each do |line|
      cl = line.force_encoding('ASCII-8BIT')
      return header_list if cl.strip.empty?
      if cl =~ /#{filter}/
        yield line if block_given?
        header_list.push line
      end
    end
    return header_list
  rescue => bang
    puts bang
    puts bang.backtrace
    if $DEBUG
      puts bang.backtrace
      puts self.to_yaml
    end
    return nil
  end
end

#is_json?Boolean

Returns:

  • (Boolean) 


629
630
631
632
633
 
# File 'lib/watobo/mixins/httpparser.rb', line 629

def is_json?
  ct = self.content_type
  return true if ct =~ /\/json/i
  return false
end

#is_multipart?Boolean

Returns:

  • (Boolean) 


641
642
643
644
645
 
# File 'lib/watobo/mixins/httpparser.rb', line 641

def is_multipart?
  ct = self.content_type
  return true if ct =~ /^multipart/i
  return false
end

#is_text?Boolean

Returns:

  • (Boolean) 


612
613
614
615
616
617
618
619
620
621
 
# File 'lib/watobo/mixins/httpparser.rb', line 612

def is_text?
  ct = self.content_type(nil)
  if ct.nil?
    return true if self.body_encoded.ascii_only?
    return false
  else
    return true if ct =~ /text/i
    return false
  end
end

#is_wwwform?Boolean

Returns:

  • (Boolean) 


623
624
625
626
627
 
# File 'lib/watobo/mixins/httpparser.rb', line 623

def is_wwwform?
  ct = self.content_type
  return true if ct =~ /form/i
  return false
end

#is_xml?Boolean

Returns:

  • (Boolean) 


635
636
637
638
639
 
# File 'lib/watobo/mixins/httpparser.rb', line 635

def is_xml?
  ct = self.content_type
  return true if ct =~ /xml/i
  return false
end

#new_cookies(&b) ⇒ Object

returns array of new cookies Set-Cookie: mycookie=b41dc9e55d6163f78321996b10c940edcec1b4e55a76464c4e9d25e160ac0ec5b769806b; Path=/



678
679
680
681
682
683
684
685
686
 
# File 'lib/watobo/mixins/httpparser.rb', line 678

def new_cookies(&b)
  nc = []
  headers("Set-Cookie") do |h|
    cookie = Watobo::Cookie.new(h)
    yield cookie if block_given?
    nc << cookie
  end
  nc
end

#parm_namesObject 



383
384
385
386
387
388
389
390
391
392
393
394
395
 
# File 'lib/watobo/mixins/httpparser.rb', line 383

def parm_names
  parm_names=[]
  parmlist=[]
  parmlist.concat(get_parms)
  parmlist.concat(post_parms)
  parmlist.each do |p|
    p.gsub!(/=.*/, '')
    parm_names.push p
  end

  return parm_names

end

#parmsObject 



375
376
377
378
379
380
381
 
# File 'lib/watobo/mixins/httpparser.rb', line 375

def parms
  parmlist=[]
  parmlist.concat(get_parms)
  parmlist.concat(post_parms)

  return parmlist
end

#post_parm_names(&block) ⇒ Object 



397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
 
# File 'lib/watobo/mixins/httpparser.rb', line 397

def post_parm_names(&block)

  parm_names=[]
  parmlist=[]

  parmlist.concat(post_parms)
  parmlist.each do |p|
    if p then
      p.gsub!(/=.*/, '')
      p.strip!
      yield p if block_given?
      parm_names << p
    end
  end

  return parm_names

end

#post_parm_value(parm_name) ⇒ Object

def get_parm_value(parm_name)

  parm_value = ""
  self.get_parms.each do |parm|
    if parm =~ /^#{Regexp.quote(parm_name)}=/i then
      dummy = parm.split(/=/)
      if dummy.length > 1 then
        #  parm_value=dummy[1].gsub(/^[ ]*/,"")
        parm_value=dummy[1].strip
      end
    end
  end
  return parm_value
end



561
562
563
564
565
566
567
568
569
570
571
572
573
574
 
# File 'lib/watobo/mixins/httpparser.rb', line 561

def post_parm_value(parm_name)
  parm_value=""
  self.post_parms.each do |parm|
    if parm =~ /#{Regexp.quote(parm_name)}/i then
      dummy = parm.split(/=/)
      if dummy.length > 1 then
        parm_value = dummy[1].strip
      else
        # puts "Uhhhh ... need parameter value from '#{parm}''"
      end
    end
  end
  return parm_value
end

#post_parmsObject 



355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
 
# File 'lib/watobo/mixins/httpparser.rb', line 355

def post_parms
  parmlist=[]
  return parmlist unless has_body?
  begin
    if self.last =~ /\=.*\&?/i
      parmlist = self.last.split(/\&/)
      parmlist.map! { |p| x = p.strip.empty? ? nil : p }
      parmlist.compact!
    end
  rescue => bang
    # puts self.last.unpack("C*").pack("C*").gsub(/[^[:print:]]/,".")
    if $DEBUG
      puts bang
      puts bang.backtrace

    end
  end
  return parmlist
end

#statusObject 



688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
 
# File 'lib/watobo/mixins/httpparser.rb', line 688

def status
  begin
    # Filter bad utf-8 chars
    dummy = self.first.nil? ? '' : self.first.unpack("C*").pack("C*")

    if dummy =~ /^HTTP\/1\.\d{1,2} (.*)/i then
      return $1.chomp
    else
      return ''
    end
  rescue => bang
    if $DEBUG
      puts "! No Status Available !".upcase
      puts bang
      puts bang.backtrace
    end
    return nil
  end
end

#status_codeObject Also known as: responseCode 



666
667
668
669
670
671
672
 
# File 'lib/watobo/mixins/httpparser.rb', line 666

def status_code
  if self.first =~ /^HTTP\/... (\d+) /
    return $1
  else
    return nil
  end
end

#transferEncodingObject Also known as: transfer_encoding 



512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
 
# File 'lib/watobo/mixins/httpparser.rb', line 512

def transferEncoding
  te = TE_NONE
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Transfer-Encoding:(.*)/i then
      dummy = $1.strip
      # puts dummy
      te = case dummy
             when 'chunked'
               TE_CHUNKED
             when 'compress'
               TE_COMPRESS
             when 'zip'
               TE_GZIP
             when 'deflate'
               TE_DEFLATE
             when 'identity'
               TE_IDENTITY
             else
               TE_NONE
           end
      break
    end
  end
  return te
end