Module: Watobo::Mixin::Parser::Web10

Includes:
Constants
Defined in:
lib/watobo/mixins/httpparser.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Instance Method Details

#__connection_close?Boolean

Returns:

  • (Boolean) 


571
572
573
574
575
576
 
# File 'lib/watobo/mixins/httpparser.rb', line 571

def __connection_close?
  headers("Connection") do |h|
    return true if h =~ /close/i
  end
  return false
end

#bodyObject 



593
594
595
596
597
598
599
600
601
 
# File 'lib/watobo/mixins/httpparser.rb', line 593

def body
  begin
    return nil if self.nil? or self.length < 3
    return "#{self.last}" if self[-2].strip.empty?
  rescue
    return nil
  end
  nil
end

#body_encodedObject 



638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
 
# File 'lib/watobo/mixins/httpparser.rb', line 638

def body_encoded
  b = self.body
  return nil if b.nil?
  
  cs = self.charset        
  return b.unpack("C*").pack("C*") if cs.nil?
  
  begin
    # not sure if this is a good idea???
    #return  b.encode(cs, :invalid => :replace, :undef => :replace, :replace => '').unpack("C*").pack("C*")
  rescue => bang
    if $DEBUG
       puts bang
       puts bang.backtrace
    end          
  end
  return b.unpack("C*").pack("C*")
end

#charsetObject 



697
698
699
700
701
702
703
704
705
706
707
 
# File 'lib/watobo/mixins/httpparser.rb', line 697

def charset
  cs = nil
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Type: .*charset=([^;]*)/i then
      cs = $1.strip
      break
    end
  end
  return cs
end

#connection_close?Boolean

Returns:

  • (Boolean) 


578
579
580
581
582
583
 
# File 'lib/watobo/mixins/httpparser.rb', line 578

def connection_close?
  headers("Connection") do |h|
    return false if h =~ /keep\-alive/i
  end
  return true
end

#content_encodingObject 



476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
 
# File 'lib/watobo/mixins/httpparser.rb', line 476

def content_encoding
  te = TE_NONE
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Encoding:(.*)/i then
      dummy = $1.strip
    #  puts "Content-Encoding => #{dummy}"
      te = case dummy
      when /chunked/i
        TE_CHUNKED
      when /compress/i
        TE_COMPRESS
      when /zip/i
        TE_GZIP
      when /deflate/i
        TE_DEFLATE
      when /identity/i
        TE_IDENTITY
      else
        TE_NONE
      end
      break
    end
  end
  return te
end

#content_lengthObject 



462
463
464
465
466
467
468
469
470
471
472
473
474
 
# File 'lib/watobo/mixins/httpparser.rb', line 462

def content_length
  # Note: Calculate Chunk-Encoded Content-Length
  # this is only possible if the whole body is loaded???
  ct = -1
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Length:(.*)/i then
      ct = $1.strip.to_i
      break
    end
  end
  return ct
end

#content_type(default_ct = 'undefined') ⇒ Object 



438
439
440
441
442
443
444
445
446
447
448
 
# File 'lib/watobo/mixins/httpparser.rb', line 438

def content_type(default_ct='undefined')
  ct = default_ct
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Type:([^;]*);?/i then
      ct = $1
      break
    end
  end
  return ct.strip
end

#content_type_ex(default_ct = 'undefined') ⇒ Object 



450
451
452
453
454
455
456
457
458
459
460
 
# File 'lib/watobo/mixins/httpparser.rb', line 450

def content_type_ex(default_ct='undefined')
  ct = default_ct
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Content-Type:(.*)/i then
      ct = $1.strip
      break
    end
  end
  return ct.strip
end

#contentMD5Object 



532
533
534
535
536
 
# File 'lib/watobo/mixins/httpparser.rb', line 532

def contentMD5
  b = self.body.nil? ? "" : self.body
  hash = Digest::MD5.hexdigest(b)
  return hash
end

#cookies_UNUSEDObject 



738
739
740
741
742
743
744
745
746
747
748
749
750
751
 
# File 'lib/watobo/mixins/httpparser.rb', line 738

def cookies_UNUSED
  cookie_list=[]
  self.headers.each do |line|
    if line =~ /Cookie2?: (.*)/i then
      clist = $1.split(";")
      clist.each do |c|
        # c.gsub!(/^[ ]+/,"")
        # c.chomp!
        cookie_list.push c.strip
      end
    end
  end
  return cookie_list
end

#data_UNUSEDObject 



753
754
755
756
 
# File 'lib/watobo/mixins/httpparser.rb', line 753

def data_UNUSED
  return self.last.strip if self.last =~ /\=.*\&?/i
  return ""
end

#has_body?Boolean

Returns:

  • (Boolean) 


567
568
569
 
# File 'lib/watobo/mixins/httpparser.rb', line 567

def has_body?
  self.body.nil? ? false : true
end

#has_header?(name) ⇒ Boolean

Returns:

  • (Boolean) 


585
586
587
588
589
590
591
 
# File 'lib/watobo/mixins/httpparser.rb', line 585

def has_header?(name)
  self.each do |l|
    return false if l.strip.empty?
    return true if l =~ /^#{name}:/i
  end
  return false
end

#header_value(header_name) ⇒ Object 



420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
 
# File 'lib/watobo/mixins/httpparser.rb', line 420

def header_value(header_name)
  header_values =[]
  self.headers.each do |header|
    begin
    if header =~ /^#{header_name}/i then
      dummy = header.split(/:/)
      value=dummy[1]
      value.gsub!(/^[ ]*/,"")
      header_values.push value
    end
    rescue => bang
      puts bang
      puts bang.backtrace if $DEBUG
    end
  end
  return header_values
end

#headers(filter = nil, &b) ⇒ Object 



709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
 
# File 'lib/watobo/mixins/httpparser.rb', line 709

def headers(filter=nil, &b)
  begin
  header_list=[]
  self.each do |line|
    cl = line.unpack("C*").pack("C*")
    return header_list if cl.strip.empty?
    unless filter.nil?
      if cl =~ /#{filter}/
        yield line if block_given?
        header_list.push line
      end
    else
      yield line if block_given?
      header_list.push line
    end
  end
  return header_list
  rescue => bang
    puts "! no headers available !".upcase
    puts bang
    puts bang.backtrace
    if $DEBUG
      puts bang.backtrace
      puts self.to_yaml
    end
    return nil
  end
end

#is_json?Boolean

Returns:

  • (Boolean) 


620
621
622
623
624
 
# File 'lib/watobo/mixins/httpparser.rb', line 620

def is_json?
  ct = self.content_type
  return true if ct =~ /\/json/i
  return false
end

#is_multipart?Boolean

Returns:

  • (Boolean) 


632
633
634
635
636
 
# File 'lib/watobo/mixins/httpparser.rb', line 632

def is_multipart?
  ct = self.content_type
  return true if ct =~ /^multipart/i
  return false
end

#is_text?Boolean

Returns:

  • (Boolean) 


603
604
605
606
607
608
609
610
611
612
 
# File 'lib/watobo/mixins/httpparser.rb', line 603

def is_text?
  ct = self.content_type(nil) 
  if ct.nil?
    return true if self.body_encoded.ascii_only?
    return false
  else
    return true if ct =~ /text/i
    return false
  end
end

#is_wwwform?Boolean

Returns:

  • (Boolean) 


614
615
616
617
618
 
# File 'lib/watobo/mixins/httpparser.rb', line 614

def is_wwwform?
  ct = self.content_type
  return true if ct =~ /form/i
  return false
end

#is_xml?Boolean

Returns:

  • (Boolean) 


626
627
628
629
630
 
# File 'lib/watobo/mixins/httpparser.rb', line 626

def is_xml?
  ct = self.content_type
  return true if ct =~ /xml/i
  return false
end

#new_cookies(&b) ⇒ Object

returns array of new cookies Set-Cookie: mycookie=b41dc9e55d6163f78321996b10c940edcec1b4e55a76464c4e9d25e160ac0ec5b769806b; Path=/



667
668
669
670
671
672
673
674
675
 
# File 'lib/watobo/mixins/httpparser.rb', line 667

def new_cookies(&b)
  nc = []
  headers("Set-Cookie") do |h|
    cookie = Watobo::Cookie.new(h)
    yield cookie if block_given?
    nc << cookie
  end
  nc
end

#parm_namesObject 



386
387
388
389
390
391
392
393
394
395
396
397
398
 
# File 'lib/watobo/mixins/httpparser.rb', line 386

def parm_names
  parm_names=[]
  parmlist=[]
  parmlist.concat(get_parms)
  parmlist.concat(post_parms)
  parmlist.each do |p|
    p.gsub!(/=.*/,'')
    parm_names.push p
  end

  return parm_names

end

#parmsObject 



378
379
380
381
382
383
384
 
# File 'lib/watobo/mixins/httpparser.rb', line 378

def parms
  parmlist=[]
  parmlist.concat(get_parms)
  parmlist.concat(post_parms)

  return parmlist
end

#post_parm_names(&block) ⇒ Object 



400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
 
# File 'lib/watobo/mixins/httpparser.rb', line 400

def post_parm_names(&block)

  parm_names=[]
  parmlist=[]

  parmlist.concat(post_parms)
  parmlist.each do |p|
    if p then
      p.gsub!(/=.*/,'')
      p.strip!
      yield p if block_given?
      parm_names << p
    end
  end

  return parm_names

end

#post_parm_value(parm_name) ⇒ Object

def get_parm_value(parm_name)

  parm_value = ""
  self.get_parms.each do |parm|
    if parm =~ /^#{Regexp.quote(parm_name)}=/i then
      dummy = parm.split(/=/)
      if dummy.length > 1 then
        #  parm_value=dummy[1].gsub(/^[ ]*/,"")
        parm_value=dummy[1].strip
      end
    end
  end
  return parm_value
end



552
553
554
555
556
557
558
559
560
561
562
563
564
565
 
# File 'lib/watobo/mixins/httpparser.rb', line 552

def post_parm_value(parm_name)
  parm_value=""
  self.post_parms.each do |parm|
    if parm =~ /#{Regexp.quote(parm_name)}/i then
      dummy = parm.split(/=/)
      if dummy.length > 1 then
        parm_value = dummy[1].strip
      else
        # puts "Uhhhh ... need parameter value from '#{parm}''"
      end
    end
  end
  return parm_value
end

#post_parmsObject 



358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
 
# File 'lib/watobo/mixins/httpparser.rb', line 358

def post_parms
  parmlist=[]
  return parmlist unless has_body?
  begin
  if self.last =~ /\=.*\&?/i
    parmlist = self.last.split(/\&/)
    parmlist.map!{|p| x = p.strip.empty? ? nil : p }
    parmlist.compact!
  end
  rescue => bang
    # puts self.last.unpack("C*").pack("C*").gsub(/[^[:print:]]/,".")
    if $DEBUG
      puts bang
    puts bang.backtrace 
   
    end
  end
  return parmlist
end

#responseCodeObject 



657
658
659
660
661
662
663
 
# File 'lib/watobo/mixins/httpparser.rb', line 657

def responseCode
  if self.first =~ /^HTTP\/... (\d+) /
    return $1
  else
    return nil
  end
end

#statusObject 



677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
 
# File 'lib/watobo/mixins/httpparser.rb', line 677

def status
  begin
  # Filter bad utf-8 chars
  dummy = self.first.unpack("C*").pack("C*")

  if dummy =~ /^HTTP\/1\.\d{1,2} (.*)/i then
    return $1.chomp
  else
    return ''
  end
  rescue => bang
    if $DEBUG
    puts "! No Status Available !".upcase
    puts bang
    puts bang.backtrace
    end 
    return nil
  end
end

#transferEncodingObject Also known as: transfer_encoding 



503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
 
# File 'lib/watobo/mixins/httpparser.rb', line 503

def transferEncoding
  te = TE_NONE
  self.each do |line|
    break if line.strip.empty?
    if line =~ /^Transfer-Encoding:(.*)/i then
      dummy = $1.strip
     # puts dummy
      te = case dummy
      when 'chunked'
        TE_CHUNKED
      when 'compress'
        TE_COMPRESS
      when 'zip'
        TE_GZIP
      when 'deflate'
        TE_DEFLATE
      when 'identity'
        TE_IDENTITY
      else
        TE_NONE
      end
      break
    end
  end
  return te
end