Class: Watobo::Plugin::Sslchecker::Check

Inherits:
ActiveCheck show all
Defined in:
plugins/sslchecker/lib/check.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary collapse

Attributes inherited from ActiveCheck

#info, #numChecks

Instance Method Summary collapse

Methods inherited from ActiveCheck

#addFinding, #cancel, #checksRunning?, #continue, #disable, #do_test, #enable, #enabled=, #enabled?, #fileExists?, #getCheckCount, #log_console, #maxChecks, #maxChecks=, #postParmNames, #resetCounters, #run_checks, #stop, #updateCounters, #urlParmNames, #waitLogin

Methods inherited from Session

#addProxy, #clearEvents, #doRequest, #getProxy, #get_settings, #notify, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache, #subscribe

Constructor Details

#initialize(project) ⇒ Check

Returns a new instance of Check.



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'plugins/sslchecker/lib/check.rb', line 27

def initialize(project)
  super(project)

  @result = Hash.new

  @info.update(
  :check_name => 'SSL-Checker',    # name of check which briefly describes functionality, will be used for tree and progress views
  :description => "Test applikation for supportes SSL Ciphers.",   # description of checkfunction
  :author => "Andreas Schmidt", # author of check
  :version => "0.9"   # check version
  )

  @finding.update(
  :threat => 'Attacks on weak encryption ciphers which may lead loss of privacy',        # thread of vulnerability, e.g. loss of information
  :class => "SSL Ciphers",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
  :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
  :rating => VULN_RATING_LOW
  )

  ctx = OpenSSL::SSL::SSLContext.new()
  @cipherlist = Array.new
  ctx.ciphers="eNULL" # because ALL don't include Null-Ciphers!!!
  ctx.ciphers.each do |c|
    @cipherlist.push c[0]
  end

  ctx.ciphers="ALL"
  ctx.ciphers.each do |c|
    @cipherlist.push c[0]
  end
end

Instance Attribute Details

#cipherlistObject (readonly)

Returns the value of attribute cipherlist.



26
27
28
 
# File 'plugins/sslchecker/lib/check.rb', line 26

def cipherlist
  @cipherlist
end

Instance Method Details

#generateChecks(chat) ⇒ Object 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'plugins/sslchecker/lib/check.rb', line 63

def generateChecks(chat)
  begin
    @cipherlist.each do |c|
    checker = proc {

      test_request = nil
      test_response = nil
      # !!! ATTENTION !!!
      # MAKE COPY BEFORE MODIFIYING REQUEST
      request = chat.copyRequest

      
        ctx = OpenSSL::SSL::SSLContext.new()
        ctx.ciphers = c
        cypher = ctx.ciphers.first
        bits = cypher[2].to_i
        algo = cypher[0]
      
        test_request, test_response = doRequest( request, :ssl_cipher => c )
      
        if test_request and test_response
      
          notify( :cipher_checked, algo, bits, true)
          if bits < 128

          addFinding(  test_request, test_response,
          :test_item => "#{algo}#{bits}",
          #:proof_pattern => "#{match}",
          :chat => chat,
          :title => "[#{algo}] - #{bits} Bit"
          )
          end
        else
        notify(:cipher_checked, algo, bits, false)
        #              puts "!!! ERROR: #{c}"
        end
      
      [ test_request, test_response ]

    }
    yield checker
    end
  rescue => bang
  puts "!error in module #{Module.nesting[0].name}"
  puts bang
  end
end

#resetObject 



59
60
61
 
# File 'plugins/sslchecker/lib/check.rb', line 59

def reset()
  @result.clear
end