Commit 1595a68d authored by Sophie Brun's avatar Sophie Brun

Merge tag 'upstream/1.2.1'

Upstream version 1.2.1
parents d229cfa7 f4358b65
# ChangeLog
## 1.2.1 _(July 25, 2015)_
- HTTP
- `ProxyServer`
- Updated SSL interception to use different interceptors for each host.
- Shutdown on framework abort, instead of waiting for the user to shutdown
the proxy manually.
- Checks
- Passive
- `backdoors` -- Updated exempt platforms to all Framework platforms.
- Fingerprinters
- Added
- Frameworks
- Nette
- Symphony
## 1.2 _(July 16, 2015)_
- Switched to Arachni Public Source License v1.0.
......
......@@ -3,7 +3,7 @@
<table>
<tr>
<th>Version</th>
<td>1.2</td>
<td>1.2.1</td>
</tr>
<tr>
<th>Homepage</th>
......@@ -340,6 +340,8 @@ Currently, the following platforms can be identified:
- ASP.NET MVC
- JSF
- CherryPy
- Nette
- Symfony
The user also has the option of specifying extra platforms (like a DB server)
in order to help the system be as efficient as possible. Alternatively, fingerprinting
......
......@@ -29,8 +29,8 @@ class Arachni::Checks::Backdoors < Arachni::Check::Base
description: %q{Tries to find common backdoors on the server.},
elements: [Element::Server],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
version: '0.2.4',
exempt_platforms: [ :ruby, :aspx_mvc, :django, :cakephp ],
version: '0.2.5',
exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
issue: {
name: %q{A backdoor file exists on the server},
......
=begin
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
This file is part of the Arachni Framework project and is subject to
redistribution and commercial restrictions. Please see the Arachni Framework
web site for more information on licensing and terms of use.
=end
module Arachni
module Platform::Fingerprinters
# Identifies Nette Framework cookies.
#
# @author Tomas Dobrotka <tomas@dobrotka.sk>
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
# @version 0.1
class Nette < Platform::Fingerprinter
def run
return if !server_or_powered_by_include?( 'Nette' ) &&
!cookies.include?( 'nette-browser' )
platforms << :php << :nette
end
end
end
end
=begin
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
This file is part of the Arachni Framework project and is subject to
redistribution and commercial restrictions. Please see the Arachni Framework
web site for more information on licensing and terms of use.
=end
module Arachni
module Platform::Fingerprinters
# Identifies Default Symfony Framework cookie.
#
# @author Tomas Dobrotka <tomas@dobrotka.sk>
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
# @version 0.1
class Symfony < Platform::Fingerprinter
def run
return if !cookies.include?( 'symfony' )
platforms << :php << :symfony
end
end
end
end
......@@ -15,8 +15,6 @@ require 'ostruct'
# data to {Arachni::Framework#push_to_page_queue} to be audited.
#
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
#
# @version 0.3.2
class Arachni::Plugins::Proxy < Arachni::Plugin::Base
BASEDIR = "#{File.dirname( __FILE__ )}/proxy/"
......@@ -74,7 +72,13 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
print_info
TemplateScope.get.set :params, {}
@server.start
Thread.new do
@server.start
end
wait_while_framework_running
@server.shutdown
end
def clean_up
......@@ -493,7 +497,7 @@ a way to restrict usage enough to avoid users unwittingly interfering with each
others' sessions.
},
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
version: '0.3.3',
version: '0.3.4',
options: [
Options::Port.new( :port,
description: 'Port to bind to.',
......
......@@ -63,6 +63,9 @@ class ProxyServer < WEBrick::HTTPProxyServer
# Will force the proxy to stfu.
@logger.close
@interceptor_ports = {}
@interceptors = {}
super(
BindAddress: @options[:address],
Port: @options[:port],
......@@ -111,6 +114,14 @@ class ProxyServer < WEBrick::HTTPProxyServer
@tokens.max - @tokens.size
end
def shutdown
@interceptors.each do |_, interceptor|
interceptor.shutdown
end
super
end
private
# Performs a GET request.
......@@ -176,7 +187,7 @@ class ProxyServer < WEBrick::HTTPProxyServer
def do_CONNECT( req, res )
host = req.unparsed_uri.split(':').first
req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port}" )
req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port( host )}" )
start_ssl_interceptor( host )
......@@ -211,7 +222,7 @@ class ProxyServer < WEBrick::HTTPProxyServer
#
# The interceptor will listen on {#interceptor_port}.
def start_ssl_interceptor( host )
return @interceptor if @interceptor
return @interceptors[host] if @interceptors[host]
ca = OpenSSL::X509::Certificate.new( File.read( INTERCEPTOR_CA_CERTIFICATE ) )
ca_key = OpenSSL::PKey::RSA.new( File.read( INTERCEPTOR_CA_KEY ) )
......@@ -253,25 +264,25 @@ class ProxyServer < WEBrick::HTTPProxyServer
# The interceptor is only used for SSL decryption/encryption, the actual
# proxy functionality is forwarded to the plain proxy server.
@interceptor = self.class.new(
@interceptors[host] = interceptor = self.class.new(
address: '127.0.0.1',
port: interceptor_port,
port: interceptor_port( host ),
ssl_certificate: cert,
ssl_private_key: keypair,
service_handler: method( :proxy_service )
)
def @interceptor.service( request, response )
def interceptor.service( request, response )
@options[:service_handler].call( request, response )
end
@interceptor.start_async
interceptor.start_async
end
# @return [Integer]
# Picks and stores an available port number for the interceptor.
def interceptor_port
@interceptor_port ||= Utilities.available_port
def interceptor_port( host )
@interceptor_ports[host] ||= Utilities.available_port
end
# Communicates with the endpoint webapp and forwards its responses to the
......
......@@ -108,6 +108,8 @@ class Manager
:rack,
:rails,
:cakephp,
:symfony,
:nette,
:django,
:aspx_mvc,
:jsf,
......@@ -165,6 +167,8 @@ class Manager
rack: 'Rack',
django: 'Django',
cakephp: 'CakePHP',
nette: 'Nette Framework',
symfony: 'Symfony',
rails: 'Ruby on Rails',
aspx_mvc: 'ASP.NET MVC',
jsf: 'JavaServer Faces',
......
......@@ -59,7 +59,9 @@ describe Arachni::Framework::Parts::Platform do
aspx_mvc: 'ASP.NET MVC',
jsf: 'JavaServer Faces',
cherrypy: 'CherryPy',
cakephp: 'CakePHP'
cakephp: 'CakePHP',
symfony: 'Symfony',
nette: 'Nette Framework'
}
}
end
......
......@@ -420,7 +420,7 @@ describe Arachni::Platform::Manager do
:tomcat, :asp, :aspx, :java, :perl, :php, :python, :ruby, :rack,
:sybase, :frontbase, :ingres, :hsqldb, :access, :jetty, :mongodb,
:aix, :sql, :nosql, :aspx_mvc, :rails, :django, :gunicorn, :cakephp,
:cherrypy, :jsf].sort
:cherrypy, :jsf, :symfony, :nette].sort
end
end
......
require 'spec_helper'
describe Arachni::Platform::Fingerprinters::Nette do
include_examples 'fingerprinter'
def platforms
[:php, :nette]
end
context 'when there is a Server header' do
it 'identifies it as Nette' do
check_platforms Arachni::Page.from_data(
url: 'http://stuff.com/blah',
response: { headers: { 'Server' => 'Nette/0.1' } }
)
end
end
context 'when there is an X-Powered-By header' do
it 'identifies it as Nette' do
check_platforms Arachni::Page.from_data(
url: 'http://stuff.com/blah',
response: { headers: { 'X-Powered-By' => 'Nette/0.1' } }
)
end
end
context 'when there is a nette-browser cookie' do
it 'identifies it as Nette' do
check_platforms Arachni::Page.from_data(
url: 'http://stuff.com/blah',
cookies: [Arachni::Cookie.new(
url: 'http://stuff.com/blah',
inputs: { 'nette-browser' => 'stuff' } )]
)
end
end
end
require 'spec_helper'
describe Arachni::Platform::Fingerprinters::Symfony do
include_examples 'fingerprinter'
def platforms
[:php, :symfony]
end
context 'when there is a symfony cookie' do
it 'identifies it as Symfony' do
check_platforms Arachni::Page.from_data(
url: 'http://stuff.com/blah',
cookies: [Arachni::Cookie.new(
url: 'http://stuff.com/blah',
inputs: { 'symfony' => 'stuff' } )]
)
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment