Class: Watobo::Modules::Active::Flash::Crossdomain
- Inherits:
-
ActiveCheck
- Object
- Session
- ActiveCheck
- Watobo::Modules::Active::Flash::Crossdomain
- Defined in:
- modules/active/Flash/crossdomain.rb
Constant Summary
Constants included from Constants
Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED
Instance Attribute Summary
Attributes inherited from ActiveCheck
Instance Method Summary collapse
- #generateChecks(chat) ⇒ Object
-
#initialize(project, prefs = {}) ⇒ Crossdomain
constructor
A new instance of Crossdomain.
- #reset ⇒ Object
Methods inherited from ActiveCheck
#addFinding, #cancel, #checksRunning?, #continue, #disable, #do_test, #enable, #enabled=, #enabled?, #fileExists?, #getCheckCount, #log_console, #maxChecks, #maxChecks=, #postParmNames, #resetCounters, #run_checks, #stop, #updateCounters, #urlParmNames, #waitLogin
Methods inherited from Session
#addProxy, #clearEvents, #doRequest, #getProxy, #get_settings, #notify, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache, #subscribe
Constructor Details
#initialize(project, prefs = {}) ⇒ Crossdomain
Returns a new instance of Crossdomain.
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'modules/active/Flash/crossdomain.rb', line 34 def initialize(project, prefs={}) super(project, prefs) @info.update( :check_name => 'Crossdomain Policy', # name of check which briefly describes functionality, will be used for tree and progress views :description => "Check for crossdomain.xml weaknesses", # description of checkfunction :check_group => AC_GROUP_FLASH, :author => "Hans-Martin Muench", # author of check :version => "0.1" # check version ) @finding.update( :class => "Crossdomain.xml check", # vulnerability class, e.g. Stored XSS, SQL-Injection, ... :type => FINDING_TYPE_VULN # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN ) @checked_dirs = Hash.new end |
Instance Method Details
#generateChecks(chat) ⇒ Object
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'modules/active/Flash/crossdomain.rb', line 56 def generateChecks(chat) directory = chat.request.dir if not @checked_dirs.has_key?(directory) @checked_dirs[directory] = :checked checker = proc { test_request = nil test_response = nil path = directory + "/crossdomain.xml" # IMPORTANT!!! # use copyRequest(chat) for cloning the original request test = chat.copyRequest test.setDir(path) status, test_request, test_response = fileExists?(test, :default => true) if status == true # Do a simple match on the response to detect # if we have <allow-access-from domain="*"/> if test_response.join =~ /<allow-access-from\s+domain="\*"\s+/i then proof_pattern = $~ addFinding( test_request, test_response, :check_pattern => "<allow-access-from\\s+domain=\"*\"\\s+", :proof_pattern => proof_pattern.to_s, :test_item => "test-item", :chat => chat, :title => "Badly configured crossdomain.xml", :rating => VULN_RATING_CRITICAL, :threat => "The current crossdomain.xml policy allows cross domain access from everywhere", :measure => "Restrict the allowed hosts setting inside the policy", :class => "Flash security" ) end end [ test_request, test_response ] } yield checker end # end ifnot end |
#reset ⇒ Object
30 31 32 |
# File 'modules/active/Flash/crossdomain.rb', line 30 def reset() @checked_dirs.clear end |