Class: Arachni::Module::Trainer

Inherits:

Object

• Object
• Arachni::Module::Trainer

Includes:

ElementDB, Output

Defined in:

lib/module/trainer.rb

Overview

Trainer class

Analyzes all HTTP responses looking for new auditable elements.

<tasos.laskos@gmail.com>
<zapotek@segfault.gr>

@version: 0.2.1

Instance Attribute Summary

• #http ⇒ Object

  Returns the value of attribute http.

• #page ⇒ Page

  Returns an updated Parser::Page object or nil if there waere no updates.

• #parser ⇒ Object

  Returns the value of attribute parser.

Instance Method Summary

• #add_response(res, redir = false) ⇒ Object

  Passes the reponse to #analyze for analysis.

• #analyze(res) ⇒ Object

  Analyzes a response looking for new links, forms and cookies.

• #follow?(url) ⇒ Boolean
• #initialize ⇒ Trainer constructor

  A new instance of Trainer.

• #url_sanitize(url) ⇒ Object

  Decodes URLs to reverse multiple encodes and removes NULL characters.

Methods included from ElementDB

#init_cookies, #init_forms, #init_links, #update_cookies, #update_forms, #update_links

Methods included from Utilities

#exception_jail, #get_path, #normalize_url, #read_file, #seed

Methods included from Output

#o_print_debug, #o_print_error, #o_print_info, #o_print_line, #o_print_ok, #o_print_status, #o_print_verbose, #print_debug, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose

Methods included from UI::Output

#buffer, #debug!, #debug?, #flush_buffer, #mute!, #muted?, #only_positives!, #only_positives?, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, #unmute!, #verbose!, #verbose?

Constructor Details

#initialize ⇒ Trainer

Returns a new instance of Trainer.

# File 'lib/module/trainer.rb', line 35

def initialize
  @opts     = Options.instance
  @updated  = false
end

Instance Attribute Details

#http ⇒ Object

Returns the value of attribute http.

# File 'lib/module/trainer.rb', line 32

def http
  @http
end

#page ⇒ Page

Returns an updated Parser::Page object or nil if there waere no updates

Returns:

• (Page)

# File 'lib/module/trainer.rb', line 99

def page
    if( @updated  )
          @updated = false
          return  @page
      else
          return nil
    end
end

#parser ⇒ Object

Returns the value of attribute parser.

# File 'lib/module/trainer.rb', line 33

def parser
  @parser
end

Instance Method Details

#add_response(res, redir = false) ⇒ Object

Passes the reponse to #analyze for analysis

Parameters:

• res (Typhoeus::Response)
• redir (Bool) (defaults to: false) —

  was the response forcing a redirection?

# File 'lib/module/trainer.rb', line 46

def add_response( res, redir = false )

    # non text files won't contain any auditable elements
    type = @http.class.content_type( res.headers_hash )
    if type.is_a?( String) && !type.substring?( 'text' )
        return false
    end

    @parser = Parser.new( Options.instance, res )
    @parser.url = @page.url

    begin
        url = res.effective_url
        url = URI( to_absolute( url ) )

        return if !follow?(  url )
        return if ( redir && !follow?(  url ) )

        analyze( [ res, redir ] )

    rescue Exception => e
        print_error( "Invalid URL, probably broken redirection. Ignoring..." )
        raise e
    end

end

#analyze(res) ⇒ Object

Analyzes a response looking for new links, forms and cookies.

Parameters:

• res (Typhoeus::Response, Bool)

# File 'lib/module/trainer.rb', line 114

def analyze( res )

    print_debug( 'Started for response with request ID: #' +
      res[0].request.id.to_s )

    @parser.url = res[0].effective_url.clone

    train_cookies( res[0] )

    # if the response body is the same as the page body and
    # no new cookies have appeared there's no reason to analyze the page
    if( res[0].body == @page.html && !@updated )
        print_debug( 'Page hasn\'t changed, skipping...' )
        return
    end

    train_forms( res[0] )
    train_links( res[0], res[1] )

    if( @updated )
        @page.html = res[0].body.dup

        begin
            url           = res[0].request.url
            # prepare the page url
            @parser.url = to_absolute( url )
        rescue Exception => e
            print_error( "Invalid URL, probably broken redirection. Ignoring..." )
            # raise e
        end

        @page.response_headers    = res[0].headers_hash
        @page.query_vars = @parser.link_vars( @parser.url ).dup
        @page.url        = @parser.url.dup
        @page.code       = res[0].code
        @page.method     = res[0].request.method.to_s.upcase

    end

    print_debug( 'Training complete.' )
end

#follow?(url) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/module/trainer.rb', line 85

def follow?( url )
    @parser.url = @page.url

    return false if !@parser.in_domain?( url )
    return false if @parser.exclude?( url )
    return false if !@parser.include?( url )
    return true
end

#url_sanitize(url) ⇒ Object

Decodes URLs to reverse multiple encodes and removes NULL characters

# File 'lib/module/trainer.rb', line 76

def url_sanitize( url )

    while( url =~ /%/ )
        url = ( URI.decode( url ).to_s.unpack( 'A*' )[0] )
    end

    return URI.encode( url )
end