Class: Arachni::Checks::UnencryptedPasswordForms
- Inherits:
-
Arachni::Check::Base
- Object
- Arachni::Component::Base
- Arachni::Check::Base
- Arachni::Checks::UnencryptedPasswordForms
- Defined in:
- components/checks/passive/grep/unencrypted_password_forms.rb
Overview
Unencrypted password form
Looks for password inputs that don't submit data over an encrypted channel (HTTPS).
Constant Summary
Constants included from Arachni::Check::Auditor
Arachni::Check::Auditor::DOM_ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::FILE_SIGNATURES, Arachni::Check::Auditor::FILE_SIGNATURES_PER_PLATFORM, Arachni::Check::Auditor::Format, Arachni::Check::Auditor::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Arachni
BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes included from Arachni::Check::Auditor
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from Arachni::Check::Base
#browser_cluster, #clean_up, elements, exempt_platforms, has_exempt_platforms?, has_platforms?, #initialize, platforms, #plugins, prefer, #preferred, preferred, #prepare, #session, supports_platforms?
Methods included from Arachni::Check::Auditor
#audit, #audit_differential, #audit_signature, #audit_timeout, #audited, #audited?, #buffered_audit, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, #initialize, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, #preferred, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster
Methods inherited from Arachni::Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Arachni::Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Arachni::Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
This class inherits a constructor from Arachni::Check::Base
Class Method Details
.info ⇒ Object
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'components/checks/passive/grep/unencrypted_password_forms.rb', line 41 def self.info { name: 'Unencrypted password forms', description: %q{Looks for password inputs that don't submit data over an encrypted channel (HTTPS).}, elements: [ Element::Form ], author: 'Tasos "Zapotek" Laskos <[email protected]> ', version: '0.2.2', issue: { name: %q{Unencrypted password form}, description: %q{ The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private, and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer (SSL), or Transport Layer Security (TLS). When either of these encryption standards are used it is referred to as HTTPS. Cyber-criminals will often attempt to compromise credentials passed from the client to the server using HTTP. This can be conducted via various different Man-in-The-Middle (MiTM) attacks or through network packet captures. Arachni discovered that the affected page contains a `password` input, however, the value of the field is not sent to the server utilising HTTPS. Therefore it is possible that any submitted credential may become compromised. }, references: { 'OWASP Top 10 2010' => 'http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection' }, tags: %w(unencrypted password form), cwe: 319, severity: Severity::MEDIUM, remedy_guidance: %q{ The affected site should be secured utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2. While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled. } } } end |
Instance Method Details
#check_and_log(form) ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'components/checks/passive/grep/unencrypted_password_forms.rb', line 22 def check_and_log( form ) return if !check_form?( form ) form.inputs.each do |name, v| next if form.field_type_for( name ) != :password cform = form.dup cform.affected_input_name = name log( vector: cform, proof: form.source ) end audited form.id end |
#check_form?(form) ⇒ Boolean
36 37 38 39 |
# File 'components/checks/passive/grep/unencrypted_password_forms.rb', line 36 def check_form?( form ) uri_parse( form.action ).scheme == 'http' || audited?( form.id ) || !form.requires_password? end |
#run ⇒ Object
18 19 20 |
# File 'components/checks/passive/grep/unencrypted_password_forms.rb', line 18 def run page.forms.each { |form| check_and_log( form ) } end |