Beispiel #1
0
 def wsgi(self, environ, start_response):
     """ The bottle WSGI-interface. """
     try:
         out = self._cast(self._handle(environ))
         # rfc2616 section 4.3
         if response._status_code in (100, 101, 204, 304)\
         or environ['REQUEST_METHOD'] == 'HEAD':
             if hasattr(out, 'close'): out.close()
             out = []
         start_response(response._status_line, response.headerlist)
         return out
     except (KeyboardInterrupt, SystemExit, MemoryError):
         raise
     except Exception:
         if not self.catchall: raise
         err = '<h1>Critical error while processing request: %s</h1>' \
               % html_escape(environ.get('PATH_INFO', '/'))
         if DEBUG:
             err += '<h2>Error:</h2>\n<pre>\n%s\n</pre>\n' \
                    '<h2>Traceback:</h2>\n<pre>\n%s\n</pre>\n' \
                    % (html_escape(repr(_e())), html_escape(format_exc()))
         environ['wsgi.errors'].write(err)
         headers = [('Content-Type', 'text/html; charset=UTF-8')]
         start_response('500 INTERNAL SERVER ERROR', headers, sys.exc_info())
         return [tob(err)]
Beispiel #2
0
def grep_domobjects(http_objs, requests, response_data, dom_regex):

    request_URLs = http_objs["request_URL"]

    dom_rows = []

    hash_group = []
                    
    for i in xrange(0, requests):
        protocol = request_URLs[i]["protocol"]
        url = request_URLs[i]["url"]
        path = request_URLs[i]["path"]
        params = request_URLs[i]["params"]
        query = request_URLs[i]["query"]

        full_path = protocol + "://" + url + path
        
        content = re.findall(eval(dom_regex), response_data[i], re.I) 
        content = str(content)
        if content != "[]":
            if utils.md5_object(full_path + utils.html_escape(content)) not in hash_group:
                dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + utils.html_escape(content) + "</td>")
            hash_group.append(utils.md5_object(full_path + utils.html_escape(content)))

    return dom_rows
Beispiel #3
0
def grep_domobjects(http_objs, requests, response_data, dom_regex):

    request_URLs = http_objs["request_URL"]

    dom_rows = []

    hash_group = []

    for i in xrange(0, requests):
        protocol = request_URLs[i]["protocol"]
        url = request_URLs[i]["url"]
        path = request_URLs[i]["path"]
        params = request_URLs[i]["params"]
        query = request_URLs[i]["query"]

        full_path = protocol + "://" + url + path

        content = re.findall(eval(dom_regex), response_data[i], re.I)
        content = str(content)
        if content != "[]":
            if utils.md5_object(full_path +
                                utils.html_escape(content)) not in hash_group:
                dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" +
                                utils.html_escape(content) + "</td>")
            hash_group.append(
                utils.md5_object(full_path + utils.html_escape(content)))

    return dom_rows
Beispiel #4
0
def get_script_body(urls, requests, request_headers, response_data):

    js_body_rows = []
    js_body_path = []
    js_comment_rows = []
    js_comment_path = []
    hash_group = []

    for i in xrange(0, requests):
        protocol = urls[i]["protocol"]
        domain = urls[i]["url"]
        path = urls[i]["path"]
        params = urls[i]["params"]
        query = urls[i]["query"]

        full_path = protocol + "://" + domain + path

        body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
        comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))

        for script in body_js:
            if utils.md5_object(full_path + script) not in hash_group:
                if full_path not in js_body_path:
                    content = jsbeautifier.js_beautify(script, "")
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(content))
                    js_body_rows.append("<td>" + rpt.href(full_path) +
                                        "</td><td>" +
                                        rpt.href(str(i) + "body") + "</td>")
                    hash_group.append(utils.md5_object(full_path + script))
                    js_body_path.append(full_path)
                else:
                    content = jsbeautifier.js_beautify(script, "")
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(content))
                rpt.make_module_report_file(content, str(i) + "body")

        for comment in comment_js:
            if utils.md5_object(full_path + comment) not in hash_group:
                if full_path not in js_comment_path:
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(comment))
                    js_comment_rows.append("<td>" + rpt.href(full_path) +
                                           "</td><td>" +
                                           rpt.href(str(i) + "comment") +
                                           "</td>")
                    hash_group.append(utils.md5_object(full_path + comment))
                    js_comment_path.append(full_path)
                else:
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(comment))
                rpt.make_module_report_file(content, str(i) + "comment")

    js_body = [js_body_rows, js_comment_rows]
    return js_body
Beispiel #5
0
def get_script_body(urls, requests, request_headers, response_data):

    js_body_rows = []
    js_body_path = []
    js_comment_rows = []
    js_comment_path = []
    hash_group = []

    for i in xrange(0, requests):
        protocol = urls[i]["protocol"]
        domain = urls[i]["url"]
        path = urls[i]["path"]
        params = urls[i]["params"]
        query = urls[i]["query"]

        full_path = protocol + "://" + domain + path
        
        body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
        comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))	
        
        for script in body_js:
            if utils.md5_object(full_path + script) not in hash_group:
               if full_path not in js_body_path:
                   content = jsbeautifier.js_beautify(script, "")
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
                   js_body_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "body") + "</td>")
                   hash_group.append(utils.md5_object(full_path + script))
                   js_body_path.append(full_path)
               else:
                   content = jsbeautifier.js_beautify(script, "")
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
               rpt.make_module_report_file(content, str(i) + "body")

        for comment in comment_js:
            if utils.md5_object(full_path + comment) not in hash_group:
               if full_path not in js_comment_path:
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
                   js_comment_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "comment") + "</td>")
                   hash_group.append(utils.md5_object(full_path + comment))
                   js_comment_path.append(full_path)
               else:
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
               rpt.make_module_report_file(content, str(i) + "comment")
               
    js_body = [js_body_rows, js_comment_rows]    
    return js_body
Beispiel #6
0
def analysis(http_objs):
    """
    Requests analysis

    @param log_parser: Objects parsed at Burp Log File.
    """
    
    rpt = report.htmltags()
    hash = utils.md5_object
    hash_group = []

    requests = http_objs["total_requests"]
    request_methods = http_objs["request_methods"]
    request_URLs = http_objs["request_URL"]
    status = http_objs["response_status"]
    request_body = http_objs["request_body"]
    
    csrf_rows = []
    params_form = []

    header_poc = "<html><title>CSRF PoC</title><body>"
    footer_poc = "'</form> <script>document.forms[0].submit()</script></body></html>"

    for i in xrange(0, requests):
        protocol = request_URLs[i]["protocol"]
        url = request_URLs[i]["url"]
        path = request_URLs[i]["path"]
        params = request_URLs[i]["params"]
        query = request_URLs[i]["query"]
        out_escope = request_URLs[i]["out_escope"]
        full_path = protocol + "://" + url + path

        if out_escope is False:
            if status[i] != 0 and status[i] < 300:
                if request_methods[i] == "GET" and query != "":
                    body_poc = "<form method='GET' action='" + protocol + "://" + url + path + "?" + query + "'"
                    content = header_poc + body_poc + footer_poc
                    content_source = header_poc + utils.html_escape(body_poc + "</form> <script>document.forms[0].submit()</script>") + "</body></html>" 
                    rpt.make_module_report_file(content, str(i) + "CSRF_POC")
                    rpt.make_module_report_file(content_source, str(i) + "CSRF_SOURCE_POC")
                    csrf_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "CSRF_POC") + "</td><td>" + rpt.href(str(i) + "CSRF_SOURCE_POC") + "</td><td>" + request_methods[i] + "</td>")

                elif request_methods[i] == "POST" and request_body[i] != "":
                    params_split = request_body[i].split("&")
                    for x in params_split:
                        param = x.split("=")
                        params_form.append("<input type='text' name='" + str(param[0]) + "' value='" + str(i) + "' />")
                    
                    input_form = ""
                    for param in params_form:
                        input_form = input_form + param
                    
                    body_poc = "<form method='POST' action='" + protocol + "://" + url + path + "'"
                    body_poc = body_poc + input_form
                    content = header_poc + body_poc + footer_poc
                    content_source = header_poc + utils.html_escape(body_poc + "</form> <script>document.forms[0].submit()</script>") + "</body></html>" 
                    rpt.make_module_report_file(content, str(i) + "CSRF_POC")
                    rpt.make_module_report_file(content_source, str(i) + "CSRF_SOURCE_POC")
                    csrf_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + request_methods[i] + "</td><td>" + rpt.href(str(i) + "CSRF_SOURCE_POC") + "</td><td>" + rpt.href(str(i) + "CSRF_POC") + "</td>")
                
    collums = {"CSRF":["Path", "Method", "PoC", "Source PoC"]}
    rows = {"CSRF":csrf_rows}

    tip = "Tip: <a href='https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet' target='_blank'>Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet</a> and <a href='https://www.owasp.org/index.php/Testing_for_CSRF_%28OWASP-SM-005%29' target='_blank'>Testing for CSRF</a>"

    rpt.make_table("csrf", tip, collums, rows)