Class: Watobo::Gui::RequestEditor

Inherits:
SimpleTextView show all
Defined in:
lib/watobo/gui/request_editor.rb

Direct Known Subclasses

FuzzRequestEditor

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary

Attributes inherited from SimpleTextView

#max_len, #style, #textbox

Instance Method Summary collapse

Methods inherited from SimpleTextView

#clear, #clearEvents, #editable=, #editable?, #filter, #highlight, #makeMatchVisible, #numMatches, #rawRequest, #resetMatches, #setFont, #setText, #subscribe, #textStyle, #textStyle=

Methods included from Utils

#addDecoder, #addEncoder, #addStringInfo, #cleanupHTTP, load_plugins, #removeTags, #replace_text

Constructor Details

#initialize(owner, opts) ⇒ RequestEditor

Returns a new instance of RequestEditor.



327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
 
# File 'lib/watobo/gui/request_editor.rb', line 327

def initialize(owner, opts)
  super(owner, opts)
  @keystate = true

  @textbox.textStyle -= TEXT_WORDWRAP

  @textbox.editable = true
  @markers = []

  @textbox.connect(SEL_RIGHTBUTTONRELEASE) do |sender, sel, event|
    unless event.moved?
      FXMenuPane.new(self) do |menu_pane|
        cpos = sender.cursorPos
        pos = sender.selStartPos
        #puts "*selStartPos: #{pos}"
        #puts "*selEndPos: #{sender.selEndPos}"
        len = sender.selEndPos - pos
        string2decode = sender.extractText(pos, len)
        string2decode.extend Watobo::Mixin::Transcoders

        fp_submenu = FXMenuPane.new(self) do |sub|
          eh = FXMenuCommand.new(sub, "File")
          eh.connect(SEL_COMMAND) {
            insf = FXFileDialog.getOpenFilename(self, "Select file to insert", nil)
            if insf != "" then
              if File.exists?(insf) then
                # puts "Inserting #{insf}"
                sender.insertText(cpos, "%%File.read('#{insf}')%%")
              end
            end

          }
        end
        FXMenuCascade.new(menu_pane, "Insert", nil, fp_submenu)

        FXMenuSeparator.new(menu_pane)
        fp_submenu = FXMenuPane.new(self) do |sub|
          target = FXMenuCommand.new(sub, "JSON")
          target.connect(SEL_COMMAND) {
            begin
              jb = JSON.parse(string2decode)
              out = JSON.pretty_generate jb
              replace_text(sender, out)
            rescue => bang
              out = "Could prettify response :(\n\n"
              out << bang.to_s
            end
          }
          target = FXMenuCommand.new(sub, "XML")
          target.connect(SEL_COMMAND) {
            begin
              doc = Nokogiri.XML(string2decode)
              replace_text(sender, doc.to_xml)
            rescue => bang
              puts bang
            end

          }

        end
        FXMenuCascade.new(menu_pane, "Prettify", nil, fp_submenu)

        addStringInfo(menu_pane, sender)
        addDecoder(menu_pane, sender)
        addEncoder(menu_pane, sender)
        menu_pane.create
        menu_pane.popup(nil, event.root_x, event.root_y)
        app.runModalWhileShown(menu_pane)
      end

    end
  end

  @textbox.connect(SEL_REPLACED, method(:onTextChanged))
  @textbox.connect(SEL_DELETED, method(:onTextChanged))

  # KEY_Return
  # KEY_Control_L
  # KEY_Control_R
  # KEY_s
  @ctrl_pressed = false

  @textbox.connect(SEL_KEYPRESS) do |sender, sel, event|
    @keystate = false
    if event.code == KEY_Control_L or event.code == KEY_Control_R
      @ctrl_pressed = true
      @keystate = true
    elsif event.code == KEY_Alt_R
    @ctrl_pressed = false
    @keystate = true
    #  @shift_pressed = true if @ctrl_pressed and ( event.code == KEY_Shift_L or event.code == KEY_Shift_R )
    elsif event.code == KEY_F1
      unless event.moved?
        FXMenuPane.new(self) do |menu_pane|
          FXMenuCaption.new(menu_pane, "Hotkeys:")
          FXMenuSeparator.new(menu_pane)
          ["<ctrl-enter> - Send Request",
           "<ctrl-b> - Encode Base64",
           "<ctrl-shift-b> - Decode Base64",
           "<ctrl-u> - Encode URL",
           "<ctrl-shift-u> - Decode URL",
           "<ctrl-j> - Prettify JSON"
          ].each do |hk|
            FXMenuCaption.new(menu_pane, hk)
          end

          menu_pane.create

          menu_pane.popup(nil, event.root_x, event.root_y)
          app.runModalWhileShown(menu_pane)
        end

      end
    elsif @ctrl_pressed
      if event.code == KEY_Return
        notify(:hotkey_ctrl_enter)
        @keystate = true # special handling of KEY_Return, because we don't want a linebreak in textbox.
      else
        notify(:hotkey_ctrl_f) if event.code == KEY_f
        notify(:hotkey_ctrl_s) if event.code == KEY_s
        pos = @textbox.selStartPos
        len = @textbox.selEndPos - pos

        # if nothing is selected we asssume that conversion/beautifying should be
        # performed on full body
        if len==0
          i = @textbox.text.index("\n\n")
          unless i.nil?
            pos = i + 2
            len = @textbox.text.length - pos
          end
        end

        unless len==0
          text = @textbox.extractText(pos, len)
          rptxt = case event.code
                    when KEY_u
                      CGI::escape(text)
                    when KEY_h
                      CGI::escapeHTML(text)
                    when KEY_H
                      CGI::unescapeHTML(text)
                    when KEY_b
                      Base64.strict_encode64(text)
                    when KEY_U
                      CGI::unescape(text)
                    when KEY_B
                      Base64.decode64(text)
                    when KEY_j
                      begin
                        jb = JSON.parse(text)
                        out = JSON.pretty_generate jb
                      end
                      out
                    else
                      text
                  end
          text = normalizeText(rptxt)
          @textbox.replaceText(pos, len, text)
          @textbox.setSelection(pos, text.length)
        end
        @keystate = false
      end
    else
      #puts "%04x" % event.code
      @keystate = false
    end
    @keystate
  end

  @textbox.connect(SEL_KEYRELEASE) do |sender, sel, event|
    @ctrl_pressed = false if event.code == KEY_Control_L or event.code == KEY_Control_R

  end


end

Instance Method Details

#parseRequestObject 



505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
 
# File 'lib/watobo/gui/request_editor.rb', line 505

def parseRequest
  begin
    return @textbox.to_request
  rescue SyntaxError, LocalJumpError, NameError => bang
    puts bang
    puts bang.backtrace
    #  puts bang.backtrace if $DEBUG
    notify(:error, "#{$!}")
  rescue => bang
    puts bang
    notify(:error, "Could not parse request: #{$!}")
  end

  return nil
end