Class: Arachni::Module::Trainer

Inherits:
Object
  • Object
show all
Includes:
ElementDB, Output, Utilities
Defined in:
lib/arachni/module/trainer.rb

Overview

Trainer class

Analyzes all HTTP responses looking for new auditable elements.

<[email protected]>
<[email protected]>

@version: 0.2.1

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utilities

#exception_jail, #get_path, #hash_keys_to_str, #normalize_url, #read_file, #seed, #uri_decode, #uri_encode, #uri_parse, #uri_parser, #url_sanitize

Methods included from ElementDB

#cookie_in_jar?, #init_cookies, #init_forms, #init_links, #update_cookies, #update_forms, #update_links

Methods included from Output

#o_print_bad, #o_print_debug, #o_print_error, #o_print_info, #o_print_line, #o_print_ok, #o_print_status, #o_print_verbose, #print_bad, #print_debug, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose

Methods included from UI::Output

#buffer, #debug!, #debug?, #flush_buffer, #mute!, #muted?, #only_positives!, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, #uncap_buffer!, #unmute!, #verbose!, #verbose?

Constructor Details

#initializeTrainer

Returns a new instance of Trainer.



36
37
38
39
40
41
 
# File 'lib/arachni/module/trainer.rb', line 36

def initialize
  @opts     = Options.instance
  @updated  = false

  @pages = []
end

Instance Attribute Details

#httpObject

Returns the value of attribute http.



33
34
35
 
# File 'lib/arachni/module/trainer.rb', line 33

def http
  @http
end

#pagePage

Returns an updated Parser::Page object or nil if there waere no updates

Returns:

  • (Page) 


89
90
91
92
93
94
95
96
 
# File 'lib/arachni/module/trainer.rb', line 89

def page
    if( @updated  )
          @updated = false
          return  @page
      else
          return nil
    end
end

#parserObject

Returns the value of attribute parser.



34
35
36
 
# File 'lib/arachni/module/trainer.rb', line 34

def parser
  @parser
end

Instance Method Details

#add_response(res, redir = false) ⇒ Object

Passes the reponse to #analyze for analysis

Parameters:

  • res (Typhoeus::Response)
  • redir (Bool) (defaults to: false)

    was the response forcing a redirection?



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/arachni/module/trainer.rb', line 53

def add_response( res, redir = false )

    # non text files won't contain any auditable elements
    type = @http.class.content_type( res.headers_hash )
    if type.is_a?( String) && !type.substring?( 'text' )
        return false
    end

    @parser = Parser.new( Options.instance, res )
    @parser.url = @page.url

    begin
        url = @parser.to_absolute( res.effective_url )

        return if !follow?( url )

        analyze( [ res, redir ] )

    rescue Exception => e
        print_error( "Invalid URL, probably broken redirection. Ignoring..." )
        print_error( "URL: #{res.effective_url}" )
        print_error_backtrace( e )
        raise e
    end

end

#analyze(res) ⇒ Object

Analyzes a response looking for new links, forms and cookies.

Parameters:



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/arachni/module/trainer.rb', line 104

def analyze( res )

    print_debug( 'Started for response with request ID: #' +
      res[0].request.id.to_s )

    @parser.url = @parser.to_absolute( url_sanitize( res[0].effective_url ) )

    train_cookies( res[0] )

    # if the response body is the same as the page body and
    # no new cookies have appeared there's no reason to analyze the page
    if( res[0].body == @page.html && !@updated )
        print_debug( 'Page hasn\'t changed, skipping...' )
        return
    end

    train_forms( res[0] )
    train_links( res[0], res[1] )

    if( @updated )

        begin
            url         = res[0].request.url
            # prepare the page url
            @parser.url = @parser.to_absolute( url )
        rescue Exception => e
            print_error( "Invalid URL, probably broken redirection. Ignoring..." )

            begin
                print_error( "URL: #{res[0].request.url}" )
            rescue
            end

            print_error_backtrace( e )
            return
        end

        @page.html = res[0].body.dup
        @page.response_headers    = res[0].headers_hash
        @page.query_vars = @parser.link_vars( @parser.url ).dup
        @page.url        = @parser.url.dup
        @page.code       = res[0].code
        @page.method     = res[0].request.method.to_s.upcase

        @page.forms      ||= []
        @page.links      ||= []
        @page.cookies    ||= []

        @pages << @page

        @updated = false
    end

    print_debug( 'Training complete.' )
end

#flush_pagesObject 



160
161
162
163
164
 
# File 'lib/arachni/module/trainer.rb', line 160

def flush_pages
    pages = @pages.dup
    @pages = []
    pages
end

#follow?(url) ⇒ Boolean

Returns:

  • (Boolean) 


80
81
82
 
# File 'lib/arachni/module/trainer.rb', line 80

def follow?( url )
    !@parser.skip?( url )
end

#set_page(page) ⇒ Object 



43
44
45
 
# File 'lib/arachni/module/trainer.rb', line 43

def set_page( page )
    @page = page.deep_clone
end