Class: Watobo::Interceptor::Proxy

Inherits:

Object

• Object
• Watobo::Interceptor::Proxy

Defined in:

lib/watobo/interceptor/proxy.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary

• #client_certificates ⇒ Object

  Returns the value of attribute client_certificates.

• #contentLength ⇒ Object

  Returns the value of attribute contentLength.

• #contentTypes ⇒ Object

  Returns the value of attribute contentTypes.

• #port ⇒ Object readonly

  Returns the value of attribute port.

• #proxy_mode ⇒ Object

  Returns the value of attribute proxy_mode.

• #target ⇒ Object

  Returns the value of attribute target.

• #www_auth ⇒ Object readonly

  Returns the value of attribute www_auth.

Class Method Summary

• .start(settings = {}) ⇒ Object

  R U N.

• .transparent? ⇒ Boolean

Instance Method Summary

• #addPreview(response) ⇒ Object
• #clear_request_carvers ⇒ Object
• #clear_response_carvers ⇒ Object
• #clearEvents(event) ⇒ Object
• #getRequestFilter ⇒ Object
• #getResponseFilter ⇒ Object
• #initialize(settings = nil) ⇒ Proxy constructor

  A new instance of Proxy.

• #refresh_www_auth ⇒ Object
• #server ⇒ Object
• #setRequestFilter(new_settings) ⇒ Object
• #setResponseFilter(new_settings) ⇒ Object
• #start ⇒ Object
• #stop ⇒ Object
• #subscribe(event, &callback) ⇒ Object

Constructor Details

#initialize(settings = nil) ⇒ Proxy

Returns a new instance of Proxy.

# File 'lib/watobo/interceptor/proxy.rb', line 355

def initialize(settings=nil)
  @event_dispatcher_listeners = Hash.new
  begin

    puts
    puts "=== Initialize Interceptor/Proxy ==="
    #   @project = project
    #   @settings = settings
    # @port = @settings[:intercept_port]
    #   puts settings.to_yaml

    #  @proxy_mode = Watobo::Interceptor.proxy_mode

    #Watobo::Interceptor.proxy_mode = INTERCEPT_NONE

    init_instance_vars

    @awaiting_requests = 0
    @awaiting_responses = 0

    @request_filter_settings = {
    :site_in_scope => false,
    :method_filter => '(get|post|put)',
    :negate_method_filter => false,
    :negate_url_filter => false,
    :url_filter => '',
    :file_type_filter => '(jpg|gif|png|jpeg|bmp)',
    :negate_file_type_filter => true,

    :parms_filter => '',
    :negate_parms_filter => false
    #:regex_location => 0, # TODO: HEADER_LOCATION, BODY_LOCATION, ALL

  }

    @response_filter_settings = {
    :content_type_filter => '(text|script)',
    :negate_content_type_filter => false,
    :response_code_filter => '2\d{2}',
    :negate_response_code_filter => false,
    :request_intercepted => false,
    :content_printable => true,
    :enable_printable_check => false
  }

    @preview = Hash.new
    @preview['ProxyTest'] = ["HTTP/1.0 200 OK\r\nServer: Watobo-Interceptor\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<html><body>PROXY_OK</body></html>"]

    # p @settings[:certificate_path]
    # p @settings[:cert_file]
    # p @settings[:key_file]
    # crt_path = Watobo::Conf::Interceptor.certificate_path
    # crt_file = Watobo::Conf::Interceptor.cert_file
    # key_file = Watobo::Conf::Interceptor.key_file
    # dh_key_file = Watobo::Conf::Interceptor.dh_key_file

    # crt_filename = File.join(Watobo.base_directory, crt_path, crt_file)
    # key_filename = File.join(Watobo.base_directory, crt_path, key_file)

    #  @ctx = OpenSSL::SSL::SSLContext.new('SSLv23_server')
    # @cert = OpenSSL::X509::Certificate.new(File.read(crt_filename))
    # @key = OpenSSL::PKey::RSA.new(File.read(key_filename))

    #@dh_key = OpenSSL::PKey::DH.new(File.read(dh_filename))
    @dh_key = Watobo::CA.dh_key
    #  @ctx.ciphers = nil # ['TLSv1/SSLv3', 56, 56 ]

  rescue => bang
    puts "!!!could not read certificate files:"
    puts bang
    puts bang.backtrace if $DEBUG
  end

end

Instance Attribute Details

#client_certificates ⇒ Object

Returns the value of attribute client_certificates.

# File 'lib/watobo/interceptor/proxy.rb', line 38

def client_certificates
  @client_certificates
end

#contentLength ⇒ Object

Returns the value of attribute contentLength.

# File 'lib/watobo/interceptor/proxy.rb', line 34

def contentLength
  @contentLength
end

#contentTypes ⇒ Object

Returns the value of attribute contentTypes.

# File 'lib/watobo/interceptor/proxy.rb', line 35

def contentTypes
  @contentTypes
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/watobo/interceptor/proxy.rb', line 30

def port
  @port
end

#proxy_mode ⇒ Object

Returns the value of attribute proxy_mode.

# File 'lib/watobo/interceptor/proxy.rb', line 32

def proxy_mode
  @proxy_mode
end

#target ⇒ Object

Returns the value of attribute target.

# File 'lib/watobo/interceptor/proxy.rb', line 36

def target
  @target
end

#www_auth ⇒ Object (readonly)

Returns the value of attribute www_auth.

# File 'lib/watobo/interceptor/proxy.rb', line 37

def www_auth
  @www_auth
end

Class Method Details

.start(settings = {}) ⇒ Object

R U N

# File 'lib/watobo/interceptor/proxy.rb', line 107

def self.start(settings = {})
  proxy = Proxy.new(settings)
  proxy.start
  proxy
end

.transparent? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/watobo/interceptor/proxy.rb', line 40

def self.transparent?
  return true if ( Watobo::Conf::Interceptor.proxy_mode & Watobo::Interceptor::MODE_TRANSPARENT ) > 0
  return false
end

Instance Method Details

#addPreview(response) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 83

def addPreview(response)
  preview_id = Digest::MD5.hexdigest(response.join)
  @preview[preview_id] = response
  return preview_id
end

#clear_request_carvers ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 74

def clear_request_carvers
  @request_carvers.clear unless @request_carvers.nil?

end

#clear_response_carvers ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 79

def clear_response_carvers
  @response_carvers.clear unless @response_carvers.nil?
end

#clearEvents(event) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 53

def clearEvents(event)
  @event_dispatcher_listener[event].clear
end

#getRequestFilter ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 61

def getRequestFilter()
  YAML.load(YAML.dump(@request_filter_settings))
end

#getResponseFilter ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 57

def getResponseFilter()
  YAML.load(YAML.dump(@response_filter_settings))
end

#refresh_www_auth ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 351

def refresh_www_auth
  @www_auth = Watobo::Conf::Scanner.www_auth
end

#server ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 45

def server
  @bind_addr
end

#setRequestFilter(new_settings) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 69

def setRequestFilter(new_settings)
  @request_filter_settings.update new_settings unless new_settings.nil?
# puts @request_filter_settings.to_yaml
end

#setResponseFilter(new_settings) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 65

def setResponseFilter(new_settings)
  @response_filter_settings.update new_settings unless new_settings.nil?
end

#start ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 113

def start()

  if transparent?
    Watobo::Interceptor::Transparent.start
  end

  begin
    @intercept_srv = TCPServer.new(@bind_addr, @port)
    @intercept_srv.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1 )

  rescue => bang
    puts "\n!!!Could not start InterceptProxy"
    puts bang
    return nil
  end
  puts "\n* Intercepor started on #{@bind_addr}:#{@port}"
  session_list = []
  puts "!!! TRANSPARENT MODE ENABLED !!!" if transparent?

  @t_server = Thread.new(@intercept_srv) { |server|
  while (new_session = server.accept)
    #  new_session.sync = true
    Thread.new(new_session) { |session|

      c_sock = Watobo::HTTPSocket::ClientSocket.connect(session)
      Thread.exit if c_sock.nil?
      loop do
      flags = []
      begin

        request = c_sock.request

        if request.nil? or request.empty? then
          c_sock.close
          Thread.exit
        end
        puts "*[I] #{request.url}"

      rescue => bang
        puts "!!! Error reading client request "
        puts bang
        puts bang.backtrace
        puts request.class
       # puts request
       closeSocket(c_sock)
       Thread.exit
      #break
      end

      # check if preview is requested
      if request.host =='watobo.localhost' or request.first =~ /WATOBOPreview/ then
        if request.first =~ /WATOBOPreview=([0-9a-zA-Z]*)/ then

          puts "* preview requested ..."
          puts request.url

          hashid = $1
          response = @preview[hashid]

          if response then
            c_sock.write response.join
            closeSocket(c_sock)
          end
        end
      #next
      Thread.current.exit
      end

      request_intercepted = false
      # no preview, check if interception request is turned on
      if Watobo::Interceptor.rewrite_requests? then
        Interceptor::RequestCarver.shape(request, flags)
        puts "FLAGS >>"
        puts flags
      end

      if @target and Watobo::Interceptor.intercept_requests? then
        if matchRequestFilter(request)
          @awaiting_requests += 1
          request_intercepted = true

          if @target.respond_to? :addRequest
            #  puts "*INTERCEPT REQUEST"
            #  puts @target
            #notify(:modify_request, request, Thread.current)
            Watobo.print_debug "send request to target"
            @target.addRequest(request, Thread.current)
            puts "* stopping thread: #{Thread.current} ..."
            Thread.stop
            puts "* released thread: #{Thread.current}"
          else
            p "! no target for editing request"
          end
        @awaiting_requests -= 1
        end
      end
      # req, resp = @sender.sendRequest(request, :update_sids => false, :update_session => false, :update_contentlength => true)

      #p "getHTTPHeader"
      #s_sock, req, resp = @sender.getHTTPHeader(request, :update_sids => true, :update_session => false, :update_contentlength => true)
      begin

      s_sock, req, resp = @sender.sendHTTPRequest(request, :update_sids => true, :update_session => false, :update_contentlength => true, :www_auth => @www_auth, :client_certificates => @client_certificates)
      if s_sock.nil? then
        puts request if $DEBUG
        c_sock.write resp.join unless resp.nil?
        c_sock.close
      #Thread.kill Thread.current
      Thread.exit
      next
      end

      rescue => bang
        puts bang
        puts bang.backtrace if $DEBUG
        c_sock.close
        #Thread.kill Thread.current
        Thread.exit
      end

      # check if response should be passed throug
      #Thread.current.exit if isPassThrough?(req, resp, s_sock, c_sock)
      #p "no pass-through"

      begin
      # puts "* got response status: #{resp.status}"
        missing_credentials = false
        rs = resp.status
        if rs =~ /^(401|407)/ then
          missing_credentials = true

          auth_type = AUTH_TYPE_NONE
          resp.each do |rl|
            if rl =~ /^(Proxy|WWW)-Authenticate: Basic/i
              auth_type = AUTH_TYPE_BASIC
            break
            elsif rl =~ /^(Proxy|WWW)-Authenticate: NTLM/i
              auth_type = AUTH_TYPE_NTLM
            break
            end
          end
          # when auth type not basic assume it's ntlm -> ntlm credentials must be set in watobo
          unless auth_type == AUTH_TYPE_NONE
            if auth_type == AUTH_TYPE_NTLM
              if rs =~ /^401/ then
                resp.push "WATOBO: Server requires (NTLM) authorization, please set WWW_Auth Credentials!"
                resp.shift
                resp.unshift "HTTP/1.1 200 OK\r\n"
              else
                resp.push "WATOBO: Proxy requires (NTLM) authorization, please set Proxy Credentials!"
                resp.shift
                resp.unshift "HTTP/1.1 200 OK\r\n"
              end
            end
          else

            resp.push "WATOBO: Unknown authorization type.<br><br>\r\n" + resp.join("<br>\r\n")
            resp.shift
            resp.unshift "HTTP/1.1 200 OK\r\n"
          resp.fix_content_length

          end
        else
          # don't try to read body if request method is HEAD
          unless req.method =~ /^head/i
          @sender.readHTTPBody(s_sock, resp, req, :update_sids => true)
           end
        end
      rescue => bang
        puts "!!! could not send request !!!"
        puts bang
        puts bang.backtrace if $DEBUG
      #  puts "* Error sending request"
      end

      begin
        # Watobo::Response.create resp
        resp = Watobo::Response.new resp
       # puts "* unchunk response ..."
        resp.unchunk
        # puts "* unzip response ..."
        resp.unzip

        if Watobo::Interceptor.rewrite_responses? then
           Interceptor::ResponseCarver.shape(resp, flags)
        end

        if @target and Watobo::Interceptor.intercept_responses? then
          if matchResponseFilter(resp)
            #  if resp.content_type =~ /text/ or resp.content_type =~ /application\/javascript/ then
            if @target.respond_to? :modifyResponse
              @target.modifyResponse(resp, Thread.current)
              Thread.stop
            else
              p "! no target for editing response"
            end
          end
        end

       # puts ">> SEND TO CLIENT"
       if missing_credentials
         resp.set_header("Connection", "close")
          c_sock.write resp.join
          c_sock.close
       else
        c_sock.write resp.join
        end
       # puts resp.join
       # puts "-----"
       # closeSocket(c_sock)

      rescue Errno::ECONNRESET
        print "x"
        #  puts "!!! ERROR (Reset): reading body"
        #  puts "* last data seen on socket: #{buf}"
        #return
      rescue Errno::ECONNABORTED
        print "x"
        #return
      rescue => bang
        puts "!!! Error (???) in Client Communication:"
        puts bang
        puts bang.class
        puts bang.backtrace #if $DEBUG
      #return
      end

      chat = Chat.new(request.copy, resp.copy, :source => CHAT_SOURCE_INTERCEPT)
     # notify(:new_interception, chat)
     Watobo::Chats.add chat
     Thread.current.exit if missing_credentials
end
    }

  end
}
end

#stop ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 89

def stop()
  begin
    puts "[#{self.class}] stop"
    if @t_server.respond_to? :status
      puts @t_server.status
    Thread.kill @t_server
    @intercept_srv.close
    end
  rescue IOError => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#subscribe(event, &callback) ⇒ Object

# File 'lib/watobo/interceptor/proxy.rb', line 49

def subscribe(event, &callback)
  (@event_dispatcher_listeners[event] ||= []) << callback
end