Class: Watobo::Gui::FuzzerCheck

Inherits:
ActiveCheck show all
Defined in:
lib/watobo/gui/fuzzer_gui.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary

Attributes inherited from ActiveCheck

#info, #numChecks

Instance Method Summary collapse

Methods inherited from ActiveCheck

#addFinding, #cancel, #checksRunning?, #continue, #disable, #do_test, #enable, #enabled=, #enabled?, #fileExists?, #getCheckCount, #maxChecks, #maxChecks=, #postParmNames, #resetCounters, #run_checks, #stop, #updateCounters, #urlParmNames, #waitLogin

Methods inherited from Session

#addProxy, #clearEvents, #doRequest, #getProxy, #get_settings, #notify, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache, #subscribe

Constructor Details

#initialize(project, fuzzer_list, filter_list, requestEditor, prefs = {}) ⇒ FuzzerCheck

Returns a new instance of FuzzerCheck.



30
31
32
33
34
35
36
 
# File 'lib/watobo/gui/fuzzer_gui.rb', line 30

def initialize(project, fuzzer_list, filter_list, requestEditor, prefs={} )
   super(project.object_id, prefs)
   @fuzzer_list = fuzzer_list
   @requestEditor = requestEditor
   @filter_list = filter_list
   @prefs = prefs
end

Instance Method Details

#fuzzels(fuzzers, index = 0, result = nil) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/watobo/gui/fuzzer_gui.rb', line 38

def fuzzels(fuzzers, index=0, result=nil)
   begin
      unless fuzzers[index].nil?
         fuzzers[index].run(result) do |fuzz|
            if index < fuzzers.length - 1
               fuzzels(fuzzers, index+1, fuzz) do |sr|
                  yield sr
               end
            else
               yield fuzz
            end
         end
      end
   rescue => bang
      puts bang
      puts bang.backtrace if $DEBUG
   end
end

#generateChecks(chat) ⇒ Object 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/watobo/gui/fuzzer_gui.rb', line 63

def generateChecks(chat)
   unless @fuzzer_list.empty?
      fuzzels(@fuzzer_list) do |fuzzle|
         checker = proc{
            test_fuzzle = Hash.new
            test_fuzzle.update fuzzle

            fuzz_request = @requestEditor.parseRequest(test_fuzzle)
            fuzz_request.extend Watobo::Mixin::Shaper::Web10
            fuzz_request.extend Watobo::Mixin::Parser::Web10
            fuzz_request.extend Watobo::Mixin::Parser::Url

            test_request, test_response = doRequest(fuzz_request, @prefs)

            notify(:fuzzer_match, test_fuzzle, test_request, test_response, test_response.join) if @filter_list.empty?

            @filter_list.each do |f|
               matches = f.func.call(test_response) if f.func.respond_to? :call
               matches.each do |match|
                  notify(:fuzzer_match, test_fuzzle, test_request, test_response, match)
               end
            end

            [ test_request, test_response ]
         }
         yield checker
      end
   end
end

#resetObject 



59
60
61
 
# File 'lib/watobo/gui/fuzzer_gui.rb', line 59

def reset()

end