def get_traffic_details(scan_id, traffic_id):
"""
The HTTP request and response associated with a vulnerability, usually the
user will first get /scans/1/kb/3 and from there (if needed) browse to
this resource where the HTTP traffic is available
:param scan_id: The scan ID
:param traffic_id: The ID of the request/response
:return: HTTP request and response in base64 format
"""
scan_info = get_scan_info_from_id(scan_id)
if scan_info is None:
abort(404, 'Scan not found')
history_db = HistoryItem()
try:
details = history_db.read(traffic_id)
except DBException:
msg = 'Failed to retrieve request with id %s from DB.'
abort(404, msg)
return
data = {
'request': b64encode(details.request.dump()),
'response': b64encode(details.response.dump())
}
return jsonify(data)
def get_traffic_details(scan_id, traffic_id):
"""
The HTTP request and response associated with a vulnerability, usually the
user will first get /scans/1/kb/3 and from there (if needed) browse to
this resource where the HTTP traffic is available
:param scan_id: The scan ID
:param traffic_id: The ID of the request/response
:return: HTTP request and response in base64 format
"""
scan_info = get_scan_info_from_id(scan_id)
if scan_info is None:
abort(404, 'Scan not found')
history_db = HistoryItem()
try:
details = history_db.read(traffic_id)
except DBException:
msg = 'Failed to retrieve request with id %s from DB.'
abort(404, msg)
return
data = {'request': b64encode(details.request.dump()),
'response': b64encode(details.response.dump())}
return jsonify(data)
def response_dump(_id):
"""
:param _id: The ID to query in the database
:return: The response as unicode
"""
_history = HistoryItem()
try:
details = _history.read(_id)
except DBException:
return None
return smart_unicode(details.response.dump().strip())
def response_dump(_id):
"""
:param _id: The ID to query in the database
:return: The response as unicode
"""
_history = HistoryItem()
try:
details = _history.read(_id)
except DBException:
return None
return smart_unicode(details.response.dump().strip())
class FuzzyRequests(entries.RememberingWindow):
"""Infrastructure to generate fuzzy HTTP requests.
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af, initial_request=None):
super(FuzzyRequests,
self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests",
"Fuzzy_Requests")
self.w3af = w3af
self.historyItem = HistoryItem()
mainhbox = gtk.HBox()
# To store the responses
self.responses = []
# ---- left pane ----
vbox = gtk.VBox()
mainhbox.pack_start(vbox, False, False)
# we create the buttons first, to pass them
analyzBut = gtk.Button("Analyze")
self.sendPlayBut = entries.SemiStockButton(
"", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests")
self.sendStopBut = entries.SemiStockButton(
"", gtk.STOCK_MEDIA_STOP, "Stops the request being sent")
self.sSB_state = helpers.PropagateBuffer(
self.sendStopBut.set_sensitive)
self.sSB_state.change(self, False)
# Fix content length checkbox
self._fix_content_lengthCB = gtk.CheckButton(
'Fix content length header')
self._fix_content_lengthCB.set_active(True)
self._fix_content_lengthCB.show()
# request
self.originalReq = RequestPart(
self,
w3af, [
analyzBut.set_sensitive, self.sendPlayBut.set_sensitive,
functools.partial(self.sSB_state.change, 'rRV')
],
editable=True,
widgname='fuzzyrequest')
if initial_request is None:
self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '')
else:
(initialUp, initialDn) = initial_request
self.originalReq.show_raw(initialUp, initialDn)
# Add the right button popup menu to the text widgets
rawTextView = self.originalReq.get_view_by_id('HttpRawView')
rawTextView.textView.connect("populate-popup", self._populate_popup)
# help
helplabel = gtk.Label()
helplabel.set_selectable(True)
helplabel.set_markup(FUZZY_HELP)
self.originalReq.append_page(helplabel, gtk.Label("Syntax help"))
helplabel.show()
self.originalReq.show()
vbox.pack_start(self.originalReq, True, True, padding=5)
vbox.show()
# the commands
t = gtk.Table(2, 4)
analyzBut.connect("clicked", self._analyze)
t.attach(analyzBut, 0, 2, 0, 1)
self.analyzefb = gtk.Label("0 requests")
self.analyzefb.set_sensitive(False)
t.attach(self.analyzefb, 2, 3, 0, 1)
self.preview = gtk.CheckButton("Preview")
t.attach(self.preview, 3, 4, 0, 1)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start)
t.attach(self.sendPlayBut, 0, 1, 1, 2)
self.sendStopBut.connect("clicked", self._send_stop)
t.attach(self.sendStopBut, 1, 2, 1, 2)
self.sendfb = gtk.Label("0 ok, 0 errors")
self.sendfb.set_sensitive(False)
t.attach(self.sendfb, 2, 3, 1, 2)
t.attach(self._fix_content_lengthCB, 3, 4, 1, 2)
t.show_all()
vbox.pack_start(t, False, False, padding=5)
# ---- throbber pane ----
vbox = gtk.VBox()
self.throbber = helpers.Throbber()
self.throbber.set_sensitive(False)
vbox.pack_start(self.throbber, False, False)
vbox.show()
mainhbox.pack_start(vbox, False, False)
# ---- right pane ----
vbox = gtk.VBox()
mainhbox.pack_start(vbox)
# A label to show the id of the response
self.title0 = gtk.Label()
self.title0.show()
vbox.pack_start(self.title0, False, True)
# result itself
self.resultReqResp = ReqResViewer(w3af,
withFuzzy=False,
editableRequest=False,
editableResponse=False)
self.resultReqResp.set_sensitive(False)
vbox.pack_start(self.resultReqResp, True, True, padding=5)
vbox.show()
# result control
centerbox = gtk.HBox()
self.pagesControl = entries.PagesControl(w3af, self.page_change)
centerbox.pack_start(self.pagesControl, True, False)
centerbox.show()
# cluster responses button
image = gtk.Image()
image.set_from_file(
os.path.join(ROOT_PATH, 'core', 'ui', 'gui', 'data',
'cluster_data.png'))
image.show()
self.clusterButton = gtk.Button(label='Cluster responses')
self.clusterButton.connect("clicked", self._clusterData)
self.clusterButton.set_sensitive(False)
self.clusterButton.set_image(image)
self.clusterButton.show()
centerbox.pack_start(self.clusterButton, True, False)
# clear responses button
self.clearButton = entries.SemiStockButton(
'Clear Responses',
gtk.STOCK_CLEAR,
tooltip='Clear all HTTP responses from fuzzer window')
self.clearButton.connect("clicked", self._clearResponses)
self.clearButton.set_sensitive(False)
self.clearButton.show()
centerbox.pack_start(self.clearButton, True, False)
vbox.pack_start(centerbox, False, False, padding=5)
# Show all!
self._sendPaused = True
self.vbox.pack_start(mainhbox)
self.vbox.show()
mainhbox.show()
self.show()
def _populate_popup(self, textview, menu):
"""Populates the menu with the fuzzing items."""
menu.append(gtk.SeparatorMenuItem())
main_generator_menu = gtk.MenuItem(_("Generators"))
main_generator_menu.set_submenu(create_generator_menu(self))
menu.append(main_generator_menu)
menu.show_all()
def _clearResponses(self, widg):
"""Clears all the responses from the fuzzy window."""
self.responses = []
self.resultReqResp.request.clear_panes()
self.resultReqResp.response.clear_panes()
self.resultReqResp.set_sensitive(False)
self.clusterButton.set_sensitive(False)
self.clearButton.set_sensitive(False)
self.pagesControl.deactivate()
def _clusterData(self, widg):
"""Analyze if we can cluster the responses and do it."""
data = []
for resp in self.responses:
if resp[0]:
reqid = resp[1]
historyItem = self.historyItem.read(reqid)
data.append(historyItem.response)
if data:
distance_function_selector(self.w3af, data)
else:
# Let the user know ahout the problem
msg = "There are no HTTP responses available to cluster."
dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL,
gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, msg)
opt = dlg.run()
dlg.destroy()
def _analyze(self, widg):
"""Handles the Analyze part."""
(request, postbody) = self.originalReq.get_both_texts_raw()
try:
fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody)
except fuzzygen.FuzzyError:
return
self.analyzefb.set_text("%d requests" % fg.calculate_quantity())
self.analyzefb.set_sensitive(True)
# raise the window only if preview is active
if self.preview.get_active():
PreviewWindow(self.w3af, self, fg)
def _send_stop(self, widg=None):
"""Stop the requests being sent."""
self._sendStopped = True
self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY,
"Sends the pending requests")
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start)
self.sSB_state.change(self, False)
self.throbber.running(False)
def _send_pause(self, widg):
"""Pause the requests being sent."""
self._sendPaused = True
self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY,
"Sends the pending requests")
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_play)
self.throbber.running(False)
def _send_play(self, widg):
"""Continue sending the requests."""
self._sendPaused = False
self.sendPlayBut.change_internals('', gtk.STOCK_MEDIA_PAUSE,
'Sends the pending requests')
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect('clicked', self._send_pause)
self.throbber.running(True)
def _send_start(self, widg):
"""Start sending the requests."""
(request, postbody) = self.originalReq.get_both_texts_raw()
try:
fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody)
except fuzzygen.FuzzyError:
return
quant = fg.calculate_quantity()
if quant > 20:
msg = "Are you sure you want to send %d requests?" % quant
dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL,
gtk.MESSAGE_WARNING, gtk.BUTTONS_YES_NO,
msg)
opt = dlg.run()
dlg.destroy()
if opt != gtk.RESPONSE_YES:
return
# Get the fix content length value
fixContentLength = self._fix_content_lengthCB.get_active()
# initial state
self.result_ok = 0
self.result_err = 0
self._sendPaused = False
self._sendStopped = False
requestGenerator = fg.generate()
# change the buttons
self.sendPlayBut.change_internals('', gtk.STOCK_MEDIA_PAUSE,
'Pauses the requests sending')
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect('clicked', self._send_pause)
self.sSB_state.change(self, True)
self.throbber.running(True)
# let's send the requests!
gobject.timeout_add(100, self._real_send, fixContentLength,
requestGenerator)
def _real_send(self, fixContentLength, requestGenerator):
"""This is the one that actually sends the requests, if corresponds.
:param fixContentLength: if the length should be fixed by the core.
:param requestGenerator: where to ask for the requests
"""
if self._sendStopped:
return False
if self._sendPaused:
return True
try:
realreq, realbody = requestGenerator.next()
except StopIteration:
# finished with all the requests!
self._send_stop()
return False
# Clear any errors that might have been generated by previous runs
# of this or other GUI tools
self.w3af.uri_opener.clear()
try:
http_resp = self.w3af.uri_opener.send_raw_request(
realreq, realbody, fixContentLength)
error_msg = None
self.result_ok += 1
except HTTPRequestException, e:
# One HTTP request failed
error_msg = str(e)
http_resp = None
self.result_err += 1
except ScanMustStopException, e:
# Many HTTP requests failed and the URL library wants to stop
error_msg = str(e)
self.result_err += 1
# Let the user know about the problem
msg = "Stopped sending requests because of the following" \
" unexpected error:\n\n%s"
helpers.FriendlyExceptionDlg(msg % error_msg)
return False
class FuzzyRequests(entries.RememberingWindow):
"""Infrastructure to generate fuzzy HTTP requests.
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af, initial_request=None):
super(FuzzyRequests, self).__init__(w3af, "fuzzyreq",
"w3af - Fuzzy Requests",
"Fuzzy_Requests")
self.w3af = w3af
self.historyItem = HistoryItem()
mainhbox = gtk.HBox()
# To store the responses
self.responses = []
# ---- left pane ----
vbox = gtk.VBox()
mainhbox.pack_start(vbox, False, False)
# we create the buttons first, to pass them
analyzBut = gtk.Button("Analyze")
self.sendPlayBut = entries.SemiStockButton(
"", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests")
self.sendStopBut = entries.SemiStockButton(
"", gtk.STOCK_MEDIA_STOP, "Stops the request being sent")
self.sSB_state = helpers.PropagateBuffer(
self.sendStopBut.set_sensitive)
self.sSB_state.change(self, False)
# Fix content length checkbox
self._fix_content_lengthCB = gtk.CheckButton('Fix content length header')
self._fix_content_lengthCB.set_active(True)
self._fix_content_lengthCB.show()
# request
self.originalReq = RequestPart(self, w3af,
[analyzBut.set_sensitive,
self.sendPlayBut.set_sensitive,
functools.partial(self.sSB_state.change, "rRV")],
editable=True,
widgname="fuzzyrequest")
if initial_request is None:
self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '')
else:
(initialUp, initialDn) = initial_request
self.originalReq.show_raw(initialUp, initialDn)
# Add the right button popup menu to the text widgets
rawTextView = self.originalReq.get_view_by_id('HttpRawView')
rawTextView.textView.connect("populate-popup", self._populate_popup)
# help
helplabel = gtk.Label()
helplabel.set_selectable(True)
helplabel.set_markup(FUZZYHELP)
self.originalReq.append_page(helplabel, gtk.Label("Syntax help"))
helplabel.show()
self.originalReq.show()
vbox.pack_start(self.originalReq, True, True, padding=5)
vbox.show()
# the commands
t = gtk.Table(2, 4)
analyzBut.connect("clicked", self._analyze)
t.attach(analyzBut, 0, 2, 0, 1)
self.analyzefb = gtk.Label("0 requests")
self.analyzefb.set_sensitive(False)
t.attach(self.analyzefb, 2, 3, 0, 1)
self.preview = gtk.CheckButton("Preview")
t.attach(self.preview, 3, 4, 0, 1)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start)
t.attach(self.sendPlayBut, 0, 1, 1, 2)
self.sendStopBut.connect("clicked", self._send_stop)
t.attach(self.sendStopBut, 1, 2, 1, 2)
self.sendfb = gtk.Label("0 ok, 0 errors")
self.sendfb.set_sensitive(False)
t.attach(self.sendfb, 2, 3, 1, 2)
t.attach(self._fix_content_lengthCB, 3, 4, 1, 2)
t.show_all()
vbox.pack_start(t, False, False, padding=5)
# ---- throbber pane ----
vbox = gtk.VBox()
self.throbber = helpers.Throbber()
self.throbber.set_sensitive(False)
vbox.pack_start(self.throbber, False, False)
vbox.show()
mainhbox.pack_start(vbox, False, False)
# ---- right pane ----
vbox = gtk.VBox()
mainhbox.pack_start(vbox)
# A label to show the id of the response
self.title0 = gtk.Label()
self.title0.show()
vbox.pack_start(self.title0, False, True)
# result itself
self.resultReqResp = ReqResViewer(w3af, withFuzzy=False,
editableRequest=False,
editableResponse=False)
self.resultReqResp.set_sensitive(False)
vbox.pack_start(self.resultReqResp, True, True, padding=5)
vbox.show()
# result control
centerbox = gtk.HBox()
self.pagesControl = entries.PagesControl(w3af, self._pageChange)
centerbox.pack_start(self.pagesControl, True, False)
centerbox.show()
# cluster responses button
image = gtk.Image()
image.set_from_file(os.path.join(ROOT_PATH, 'core', 'ui', 'gui',
'data', 'cluster_data.png'))
image.show()
self.clusterButton = gtk.Button(label='Cluster responses')
self.clusterButton.connect("clicked", self._clusterData)
self.clusterButton.set_sensitive(False)
self.clusterButton.set_image(image)
self.clusterButton.show()
centerbox.pack_start(self.clusterButton, True, False)
# clear responses button
self.clearButton = entries.SemiStockButton(
'Clear Responses', gtk.STOCK_CLEAR,
tooltip='Clear all HTTP responses from fuzzer window')
self.clearButton.connect("clicked", self._clearResponses)
self.clearButton.set_sensitive(False)
self.clearButton.show()
centerbox.pack_start(self.clearButton, True, False)
vbox.pack_start(centerbox, False, False, padding=5)
# Show all!
self._sendPaused = True
self.vbox.pack_start(mainhbox)
self.vbox.show()
mainhbox.show()
self.show()
def _populate_popup(self, textview, menu):
"""Populates the menu with the fuzzing items."""
menu.append(gtk.SeparatorMenuItem())
main_generator_menu = gtk.MenuItem(_("Generators"))
main_generator_menu.set_submenu(create_generator_menu(self))
menu.append(main_generator_menu)
menu.show_all()
def _clearResponses(self, widg):
"""Clears all the responses from the fuzzy window."""
self.responses = []
self.resultReqResp.request.clear_panes()
self.resultReqResp.response.clear_panes()
self.resultReqResp.set_sensitive(False)
self.clusterButton.set_sensitive(False)
self.clearButton.set_sensitive(False)
self.pagesControl.deactivate()
def _clusterData(self, widg):
"""Analyze if we can cluster the responses and do it."""
data = []
for resp in self.responses:
if resp[0]:
reqid = resp[1]
historyItem = self.historyItem.read(reqid)
data.append(historyItem.response)
if data:
distance_function_selector(self.w3af, data)
else:
# Let the user know ahout the problem
msg = "There are no HTTP responses available to cluster."
dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL,
gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, msg)
opt = dlg.run()
dlg.destroy()
def _analyze(self, widg):
"""Handles the Analyze part."""
(request, postbody) = self.originalReq.get_both_texts_raw()
try:
fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody)
except fuzzygen.FuzzyError:
return
self.analyzefb.set_text("%d requests" % fg.calculate_quantity())
self.analyzefb.set_sensitive(True)
# raise the window only if preview is active
if self.preview.get_active():
PreviewWindow(self.w3af, self, fg)
def _send_stop(self, widg=None):
"""Stop the requests being sent."""
self._sendStopped = True
self.sendPlayBut.change_internals(
"", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests")
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start)
self.sSB_state.change(self, False)
self.throbber.running(False)
def _send_pause(self, widg):
"""Pause the requests being sent."""
self._sendPaused = True
self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY,
"Sends the pending requests")
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_play)
self.throbber.running(False)
def _send_play(self, widg):
"""Continue sending the requests."""
self._sendPaused = False
self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PAUSE,
"Sends the pending requests")
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause)
self.throbber.running(True)
def _send_start(self, widg):
"""Start sending the requests."""
(request, postbody) = self.originalReq.get_both_texts_raw()
try:
fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody)
except fuzzygen.FuzzyError:
return
quant = fg.calculate_quantity()
if quant > 20:
msg = "Are you sure you want to send %d requests?" % quant
dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING,
gtk.BUTTONS_YES_NO, msg)
opt = dlg.run()
dlg.destroy()
if opt != gtk.RESPONSE_YES:
return
# Get the fix content length value
fixContentLength = self._fix_content_lengthCB.get_active()
# initial state
self.result_ok = 0
self.result_err = 0
self._sendPaused = False
self._sendStopped = False
requestGenerator = fg.generate()
# change the buttons
self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PAUSE,
"Pauses the requests sending")
self.sendPlayBut.disconnect(self.sPB_signal)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause)
self.sSB_state.change(self, True)
self.throbber.running(True)
# let's send the requests!
gobject.timeout_add(100, self._real_send, fixContentLength,
requestGenerator)
def _real_send(self, fixContentLength, requestGenerator):
"""This is the one that actually sends the requests, if corresponds.
:param fixContentLength: if the lenght should be fixed by the core.
:param requestGenerator: where to ask for the requests
"""
if self._sendStopped:
return False
if self._sendPaused:
return True
try:
realreq, realbody = requestGenerator.next()
except StopIteration:
# finished with all the requests!
self._send_stop()
return False
try:
http_resp = self.w3af.uri_opener.send_raw_request(realreq, realbody,
fixContentLength)
error_msg = None
self.result_ok += 1
except HTTPRequestException, e:
# One HTTP request failed
error_msg = str(e)
http_resp = None
self.result_err += 1
except ScanMustStopException, e:
# Many HTTP requests failed and the URL library wants to stop
error_msg = str(e)
self.result_err += 1
# Let the user know about the problem
msg = "Stopped sending requests because of the following"\
" unexpected error:\n\n%s"
helpers.FriendlyExceptionDlg(msg % error_msg)
return False
class FullKBTree(KBTree):
"""A tree showing all the info.
This also gives a long description of the element when clicked.
:param kbbrowser: The KB Browser
:param filter: The filter to show which elements
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af, kbbrowser, ifilter):
super(FullKBTree, self).__init__(w3af, ifilter,
'Knowledge Base', strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._showDesc)
self.show()
def _showDesc(self, tv):
"""Shows the description at the right
:param tv: the treeview.
"""
(path, column) = tv.get_cursor()
if path is None:
return
instance = self.get_instance(path)
if not isinstance(instance, Info):
return
longdesc = instance.get_desc()
self.kbbrowser.explanation.set_text(longdesc)
if not instance.get_id():
self.clear_request_response_viewer()
return
#
# We have two different cases:
#
# 1) The object is related to ONLY ONE request / response
# 2) The object is related to MORE THAN ONE request / response
#
# For 1), we show the classic view, and for 2) we show the classic
# view with a "page control"
#
# Work:
#
if len(instance.get_id()) == 1:
# There is ONLY ONE id related to the object
# This is 1)
self.kbbrowser.pagesControl.deactivate()
self.kbbrowser._pageChange(0)
self.kbbrowser.pagesControl.hide()
self.kbbrowser.title0.hide()
search_id = instance.get_id()[0]
try:
history_item = self._historyItem.read(search_id)
except DBException:
msg = _('The HTTP data with id %s is not inside the database.')
self._show_message(_('Error'), msg % search_id)
self.clear_request_response_viewer()
return
# Error handling for .trace file problems
# https://github.com/andresriancho/w3af/issues/1174
try:
# These lines will trigger the code that reads the .trace file
# from disk and if they aren't there an exception will rise
history_item.request
history_item.response
except IOError, ioe:
self._show_message(_('Error'), str(ioe))
return
# Now we know that these two lines will work and we won't trigger
# https://github.com/andresriancho/w3af/issues/1174
self.kbbrowser.rrV.request.show_object(history_item.request)
self.kbbrowser.rrV.response.show_object(history_item.response)
# Don't forget to highlight if necessary
severity = instance.get_severity()
for s in instance.get_to_highlight():
self.kbbrowser.rrV.response.highlight(s, severity)
else:
class KBBrowser(entries.RememberingHPaned):
"""Show the Knowledge Base, with the filter and the tree.
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af):
super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250)
# Internal variables:
#
# Here I save the request and response ids to be used in the page control
self.req_res_ids = []
# This is to search the DB and print the different request and responses as they are
# requested from the page control, "_pageChange" method.
self._historyItem = HistoryItem()
# the filter to the tree
filterbox = gtk.HBox()
self.filters = {}
def make_but(label, signal, initial):
but = gtk.CheckButton(label)
but.set_active(initial)
but.connect("clicked", self.type_filter, signal)
self.filters[signal] = initial
but.show()
filterbox.pack_start(but, expand=False, fill=False, padding=2)
make_but("Vulnerabilities", "vuln", True)
make_but("Informations", "info", True)
filterbox.show()
# the kb tree
self.kbtree = FullKBTree(w3af, self, self.filters)
# all in the first pane
scrollwin21 = gtk.ScrolledWindow()
scrollwin21.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
scrollwin21.add(self.kbtree)
scrollwin21.show()
# the filter and tree box
treebox = gtk.VBox()
treebox.pack_start(filterbox, expand=False, fill=False)
treebox.pack_start(scrollwin21)
treebox.show()
# the explanation
explan_tv = gtk.TextView()
explan_tv.set_editable(False)
explan_tv.set_cursor_visible(False)
explan_tv.set_wrap_mode(gtk.WRAP_WORD)
self.explanation = explan_tv.get_buffer()
explan_tv.show()
scrollwin22 = gtk.ScrolledWindow()
scrollwin22.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
scrollwin22.add_with_viewport(explan_tv)
scrollwin22.show()
# The request/response viewer
self.rrV = reqResViewer.reqResViewer(w3af, withAudit=False)
self.rrV.set_sensitive(False)
# Create the title label to show the request id
self.title0 = gtk.Label()
self.title0.show()
# Create page changer to handle info/vuln objects that have MORE THAN ONE
# related request/response
self.pagesControl = entries.PagesControl(w3af, self._pageChange, 0)
self.pagesControl.deactivate()
self._pageChange(0)
centerbox = gtk.HBox()
centerbox.pack_start(self.pagesControl, True, False)
# Add everything to a vbox
vbox_rrv_centerbox = gtk.VBox()
vbox_rrv_centerbox.pack_start(self.title0, False, True)
vbox_rrv_centerbox.pack_start(self.rrV, True, True)
vbox_rrv_centerbox.pack_start(centerbox, False, False)
# and show
vbox_rrv_centerbox.show()
self.pagesControl.show()
centerbox.show()
# And now put everything inside the vpaned
vpanedExplainAndView = entries.RememberingVPaned(
w3af, "pane-kbbexplainview", 100)
vpanedExplainAndView.pack1(scrollwin22)
vpanedExplainAndView.pack2(vbox_rrv_centerbox)
vpanedExplainAndView.show()
# pack & show
self.pack1(treebox)
self.pack2(vpanedExplainAndView)
self.show()
def type_filter(self, button, ptype):
"""Changes the filter of the KB in the tree."""
self.filters[ptype] = button.get_active()
self.kbtree.set_filter(self.filters)
def _pageChange(self, page):
"""
Handle the page change in the page control.
"""
# Only do something if I have a list of request and responses
if self.req_res_ids:
request_id = self.req_res_ids[page]
try:
historyItem = self._historyItem.read(request_id)
except:
# the request brought problems
self.rrV.request.clear_panes()
self.rrV.response.clear_panes()
self.rrV.set_sensitive(False)
self.title0.set_markup("<b>Error</b>")
else:
self.title0.set_markup("<b>Id: %d</b>" % request_id)
self.rrV.request.show_object(historyItem.request)
self.rrV.response.show_object(historyItem.response)
self.rrV.set_sensitive(True)
def _write_findings_to_xml(self):
"""
Write all the findings to the XML file
:return: None, we write the data to the XML
"""
# HistoryItem to get requests/responses
req_history = HistoryItem()
for i in kb.kb.get_all_findings():
message_node = self._xml.createElement('vulnerability')
message_node.setAttribute('severity', xml_str(i.get_severity()))
message_node.setAttribute('method', xml_str(i.get_method()))
message_node.setAttribute('url', xml_str(i.get_url()))
message_node.setAttribute('var', xml_str(i.get_token_name()))
message_node.setAttribute('name', xml_str(i.get_name()))
message_node.setAttribute('plugin', xml_str(i.get_plugin_name()))
# Wrap description in a <description> element and put it above the
# request/response elements
desc_str = xml_str(i.get_desc(with_id=False))
description_node = self._xml.createElement('description')
description = self._xml.createTextNode(desc_str)
description_node.appendChild(description)
message_node.appendChild(description_node)
# If there is information from the vulndb, then we should write it
if i.has_db_details():
desc_str = xml_str(i.get_long_description())
description_node = self._xml.createElement('long-description')
description = self._xml.createTextNode(desc_str)
description_node.appendChild(description)
message_node.appendChild(description_node)
fix_str = xml_str(i.get_fix_guidance())
fix_node = self._xml.createElement('fix-guidance')
fix = self._xml.createTextNode(fix_str)
fix_node.appendChild(fix)
message_node.appendChild(fix_node)
fix_effort_str = xml_str(i.get_fix_effort())
fix_node = self._xml.createElement('fix-effort')
fix = self._xml.createTextNode(fix_effort_str)
fix_node.appendChild(fix)
message_node.appendChild(fix_node)
if i.get_references():
references_node = self._xml.createElement('references')
for ref in i.get_references():
ref_node = self._xml.createElement('reference')
ref_node.setAttribute('title', xml_str(ref.title))
ref_node.setAttribute('url', xml_str(ref.url))
references_node.appendChild(ref_node)
message_node.appendChild(references_node)
if i.get_id():
message_node.setAttribute('id', str(i.get_id()))
# Wrap all transactions in a http-transactions node
transaction_set = self._xml.createElement('http-transactions')
message_node.appendChild(transaction_set)
for request_id in i.get_id():
try:
details = req_history.read(request_id)
except DBException:
msg = 'Failed to retrieve request with id %s from DB.'
print(msg % request_id)
continue
# Wrap the entire http transaction in a single block
action_set = self._xml.createElement('http-transaction')
action_set.setAttribute('id', str(request_id))
transaction_set.appendChild(action_set)
request_node = self._xml.createElement('http-request')
self.report_http_action(request_node, details.request)
action_set.appendChild(request_node)
response_node = self._xml.createElement('http-response')
self.report_http_action(response_node, details.response)
action_set.appendChild(response_node)
self._top_elem.appendChild(message_node)
class FullKBTree(KBTree):
def __init__(self, w3af, kbbrowser, ifilter):
"""A tree showing all the info.
This also gives a long description of the element when clicked.
:param kbbrowser: The KB Browser
:param filter: The filter to show which elements
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
super(FullKBTree, self).__init__(w3af,
ifilter,
'Knowledge Base',
strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._showDesc)
self.show()
def _showDesc(self, tv):
"""Shows the description at the right
:param tv: the treeview.
"""
(path, column) = tv.get_cursor()
if path is None:
return
instance = self.get_instance(path)
if not isinstance(instance, Info):
return
longdesc = instance.get_desc()
self.kbbrowser.explanation.set_text(longdesc)
if not instance.get_id():
self.clear_request_response_viewer()
return
#
# We have two different cases:
#
# 1) The object is related to ONLY ONE request / response
# 2) The object is related to MORE THAN ONE request / response
#
# For 1), we show the classic view, and for 2) we show the classic
# view with a "page control"
#
# Work:
#
if len(instance.get_id()) == 1:
# There is ONLY ONE id related to the object
# This is 1)
self.kbbrowser.pagesControl.deactivate()
self.kbbrowser._pageChange(0)
self.kbbrowser.pagesControl.hide()
self.kbbrowser.title0.hide()
search_id = instance.get_id()[0]
try:
history_item = self._historyItem.read(search_id)
except DBException:
msg = _('The HTTP data with id %s is not inside the database.')
self._show_message(_('Error'), msg % search_id)
self.clear_request_response_viewer()
return
# Error handling for .trace file problems
# https://github.com/andresriancho/w3af/issues/1174
try:
# These lines will trigger the code that reads the .trace file
# from disk and if they aren't there an exception will rise
history_item.request
history_item.response
except IOError, ioe:
self._show_message(_('Error'), str(ioe))
return
# Now we know that these two lines will work and we won't trigger
# https://github.com/andresriancho/w3af/issues/1174
self.kbbrowser.rrV.request.show_object(history_item.request)
self.kbbrowser.rrV.response.show_object(history_item.response)
# Don't forget to highlight if necessary
severity = instance.get_severity()
for s in instance.get_to_highlight():
self.kbbrowser.rrV.response.highlight(s, severity)
else:
class KBBrowser(entries.RememberingHPaned):
"""Show the Knowledge Base, with the filter and the tree.
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af):
super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250)
# Internal variables:
#
# Here I save the request and response ids to be used in the page control
self.req_res_ids = []
# This is to search the DB and print the different request and responses as they are
# requested from the page control, "_pageChange" method.
self._historyItem = HistoryItem()
# the filter to the tree
filterbox = gtk.HBox()
self.filters = {}
def make_but(label, signal, initial):
but = gtk.CheckButton(label)
but.set_active(initial)
but.connect("clicked", self.type_filter, signal)
self.filters[signal] = initial
but.show()
filterbox.pack_start(but, expand=False, fill=False, padding=2)
make_but("Vulnerabilities", "vuln", True)
make_but("Informations", "info", True)
filterbox.show()
# the kb tree
self.kbtree = FullKBTree(w3af, self, self.filters)
# all in the first pane
scrollwin21 = gtk.ScrolledWindow()
scrollwin21.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
scrollwin21.add(self.kbtree)
scrollwin21.show()
# the filter and tree box
treebox = gtk.VBox()
treebox.pack_start(filterbox, expand=False, fill=False)
treebox.pack_start(scrollwin21)
treebox.show()
# the explanation
explan_tv = gtk.TextView()
explan_tv.set_editable(False)
explan_tv.set_cursor_visible(False)
explan_tv.set_wrap_mode(gtk.WRAP_WORD)
self.explanation = explan_tv.get_buffer()
explan_tv.show()
scrollwin22 = gtk.ScrolledWindow()
scrollwin22.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
scrollwin22.add_with_viewport(explan_tv)
scrollwin22.show()
# The request/response viewer
self.rrV = ReqResViewer(w3af, withAudit=False)
self.rrV.set_sensitive(False)
# Create the title label to show the request id
self.title0 = gtk.Label()
self.title0.show()
# Create page changer to handle info/vuln objects that have MORE THAN ONE
# related request/response
self.pagesControl = entries.PagesControl(w3af, self._pageChange, 0)
self.pagesControl.deactivate()
self._pageChange(0)
centerbox = gtk.HBox()
centerbox.pack_start(self.pagesControl, True, False)
# Add everything to a vbox
vbox_rrv_centerbox = gtk.VBox()
vbox_rrv_centerbox.pack_start(self.title0, False, True)
vbox_rrv_centerbox.pack_start(self.rrV, True, True)
vbox_rrv_centerbox.pack_start(centerbox, False, False)
# and show
vbox_rrv_centerbox.show()
self.pagesControl.show()
centerbox.show()
# And now put everything inside the vpaned
vpanedExplainAndView = entries.RememberingVPaned(
w3af, "pane-kbbexplainview", 100)
vpanedExplainAndView.pack1(scrollwin22)
vpanedExplainAndView.pack2(vbox_rrv_centerbox)
vpanedExplainAndView.show()
# pack & show
self.pack1(treebox)
self.pack2(vpanedExplainAndView)
self.show()
def type_filter(self, button, ptype):
"""Changes the filter of the KB in the tree."""
self.filters[ptype] = button.get_active()
self.kbtree.set_filter(self.filters)
def _pageChange(self, page):
"""
Handle the page change in the page control.
"""
# Only do something if I have a list of request and responses
if self.req_res_ids:
request_id = self.req_res_ids[page]
try:
historyItem = self._historyItem.read(request_id)
except:
# the request brought problems
self.rrV.request.clear_panes()
self.rrV.response.clear_panes()
self.rrV.set_sensitive(False)
self.title0.set_markup("<b>Error</b>")
else:
self.title0.set_markup("<b>Id: %d</b>" % request_id)
self.rrV.request.show_object(historyItem.request)
self.rrV.response.show_object(historyItem.response)
self.rrV.set_sensitive(True)
class FullKBTree(KBTree):
def __init__(self, w3af, kbbrowser, ifilter):
"""A tree showing all the info.
This also gives a long description of the element when clicked.
:param kbbrowser: The KB Browser
:param ifilter: The filter to show which elements
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
super(FullKBTree, self).__init__(w3af,
ifilter,
'Knowledge Base',
strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._show_desc)
self.show()
def _create_reference_list(self, info):
"""
:return: A list with references for this info instance in markdown
format so I can add them to the description.
"""
if not info.get_references():
return ''
output = '\n\n### References\n'
for ref in info.get_references():
output += ' * [%s](%s)\n' % (ref.title, ref.url)
return output
def _show_desc(self, tv):
"""Shows the description in the right section
:param tv: the treeview.
"""
(path, column) = tv.get_cursor()
if path is None:
return
instance = self.get_instance(path)
if not isinstance(instance, Info):
return
summary = instance.get_desc()
self.kbbrowser.explanation.set_text(summary)
self.kbbrowser.vuln_notebook.set_current_page(0)
if instance.has_db_details():
desc_markdown = instance.get_long_description()
desc_markdown += '\n\n### Fix guidance\n'
desc_markdown += instance.get_fix_guidance()
desc_markdown += self._create_reference_list(instance)
desc = markdown(desc_markdown)
self.kbbrowser.description.load_html_string(desc, FILE)
else:
self.kbbrowser.description.load_html_string(
DB_VULN_NOT_FOUND, FILE)
if not instance.get_id():
self.clear_request_response_viewer()
return
#
# We have two different cases:
#
# 1) The object is related to ONLY ONE request / response
# 2) The object is related to MORE THAN ONE request / response
#
# For 1), we show the classic view, and for 2) we show the classic
# view with a "page control"
#
# Work:
#
if len(instance.get_id()) == 1:
# There is ONLY ONE id related to the object
# This is 1)
self.kbbrowser.pagesControl.deactivate()
self.kbbrowser.page_change(0)
self.kbbrowser.pagesControl.hide()
self.kbbrowser.title0.hide()
search_id = instance.get_id()[0]
try:
history_item = self._historyItem.read(search_id)
except DBException:
msg = _('The HTTP data with id %s is not inside the database.')
self._show_message(_('Error'), msg % search_id)
self.clear_request_response_viewer()
return
# Error handling for .trace file problems
# https://github.com/andresriancho/w3af/issues/1174
try:
# These lines will trigger the code that reads the .trace file
# from disk and if they aren't there an exception will rise
history_item.request
history_item.response
except IOError, ioe:
self._show_message(_('Error'), str(ioe))
return
# Now we know that these two lines will work and we won't trigger
# https://github.com/andresriancho/w3af/issues/1174
self.kbbrowser.rrV.request.show_object(history_item.request)
self.kbbrowser.rrV.response.show_object(history_item.response)
# Don't forget to highlight if necessary
severity = instance.get_severity()
for s in instance.get_to_highlight():
self.kbbrowser.rrV.response.highlight(s, severity)
else:
class KBBrowser(entries.RememberingHPaned):
"""Show the Knowledge Base, with the filter and the tree.
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af):
super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250)
# Internal variables:
# Save the request and response ids to be used in the page control
self.req_res_ids = []
# This is to search the DB and print the different request and responses
# as they are requested from the page control, "page_change" method.
self._historyItem = HistoryItem()
# the filter to the tree
filterbox = gtk.HBox()
self.filters = {}
def make_but(label, signal, initial):
but = gtk.CheckButton(label)
but.set_active(initial)
but.connect('clicked', self.type_filter, signal)
self.filters[signal] = initial
but.show()
filterbox.pack_start(but, expand=False, fill=False, padding=2)
make_but('Vulnerability', 'vuln', True)
make_but('Information', 'info', True)
filterbox.show()
# the kb tree
self.kbtree = FullKBTree(w3af, self, self.filters)
# all in the first pane
kbtree_scrollwin = gtk.ScrolledWindow()
kbtree_scrollwin.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
kbtree_scrollwin.add(self.kbtree)
kbtree_scrollwin.show()
# the filter and tree box
treebox = gtk.VBox()
treebox.pack_start(filterbox, expand=False, fill=False)
treebox.pack_start(kbtree_scrollwin)
treebox.show()
# the vulnerability information
summary = self.get_notebook_summary(w3af)
description = self.get_notebook_description()
self.vuln_notebook = gtk.Notebook()
self.vuln_notebook.append_page(summary, gtk.Label('Summary'))
self.vuln_notebook.append_page(description, gtk.Label('Description'))
self.vuln_notebook.set_current_page(0)
self.vuln_notebook.show()
# pack & show
self.pack1(treebox)
self.pack2(self.vuln_notebook)
self.show()
def get_notebook_description(self):
# Make the HTML viewable area
self.description = webkit.WebView()
# Disable the plugins for the webview
ws = self.description.get_settings()
ws.set_property('enable-plugins', False)
self.description.set_settings(ws)
self.description.show()
desc_scroll = gtk.ScrolledWindow()
desc_scroll.add(self.description)
desc_scroll.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
desc_scroll.show()
return desc_scroll
def get_notebook_summary(self, w3af):
summary_tv = gtk.TextView()
summary_tv.set_editable(False)
summary_tv.set_cursor_visible(False)
summary_tv.set_wrap_mode(gtk.WRAP_WORD)
self.explanation = summary_tv.get_buffer()
summary_tv.show()
summary_scrollwin = gtk.ScrolledWindow()
summary_scrollwin.set_policy(gtk.POLICY_AUTOMATIC,
gtk.POLICY_AUTOMATIC)
summary_scrollwin.add_with_viewport(summary_tv)
summary_scrollwin.show()
# The request/response viewer
self.rrV = ReqResViewer(w3af, withAudit=False)
self.rrV.set_sensitive(False)
# Create the title label to show the request id
self.title0 = gtk.Label()
self.title0.show()
# Create page changer to handle info/vuln objects that have MORE THAN
# ONE related request/response
self.pagesControl = entries.PagesControl(w3af, self.page_change, 0)
self.pagesControl.deactivate()
self.page_change(0)
center_box = gtk.HBox()
center_box.pack_start(self.pagesControl, True, False)
# Title, request/response and paginator all go together in a vbox
http_data_vbox = gtk.VBox()
http_data_vbox.pack_start(self.title0, False, True)
http_data_vbox.pack_start(self.rrV, True, True)
http_data_vbox.pack_start(center_box, False, False)
# and show
http_data_vbox.show()
self.pagesControl.show()
center_box.show()
# The summary and http data go in a vbox too
summary_data_vbox = entries.RememberingVPaned(w3af,
'pane-kbbexplainview',
100)
summary_data_vbox.pack1(summary_scrollwin)
summary_data_vbox.pack2(http_data_vbox)
summary_data_vbox.show()
return summary_data_vbox
def type_filter(self, button, ptype):
"""Changes the filter of the KB in the tree."""
self.filters[ptype] = button.get_active()
self.kbtree.set_filter(self.filters)
def page_change(self, page):
"""
Handle the page change in the page control.
"""
# Only do something if I have a list of request and responses
if self.req_res_ids:
request_id = self.req_res_ids[page]
try:
historyItem = self._historyItem.read(request_id)
except:
# the request brought problems
self.rrV.request.clear_panes()
self.rrV.response.clear_panes()
self.rrV.set_sensitive(False)
self.title0.set_markup("<b>Error</b>")
else:
self.title0.set_markup("<b>Id: %d</b>" % request_id)
self.rrV.request.show_object(historyItem.request)
self.rrV.response.show_object(historyItem.response)
self.rrV.set_sensitive(True)
class FullKBTree(KBTree):
def __init__(self, w3af, kbbrowser, ifilter):
"""A tree showing all the info.
This also gives a long description of the element when clicked.
:param kbbrowser: The KB Browser
:param ifilter: The filter to show which elements
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
super(FullKBTree, self).__init__(w3af, ifilter,
'Knowledge Base', strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._show_desc)
self.show()
def _create_reference_list(self, info):
"""
:return: A list with references for this info instance in markdown
format so I can add them to the description.
"""
if not info.get_references():
return ''
output = '\n\n### References\n'
for ref in info.get_references():
output += ' * [%s](%s)\n' % (ref.title, ref.url)
return output
def _show_desc(self, tv):
"""Shows the description in the right section
:param tv: the treeview.
"""
(path, column) = tv.get_cursor()
if path is None:
return
instance = self.get_instance(path)
if not isinstance(instance, Info):
return
summary = instance.get_desc()
self.kbbrowser.explanation.set_text(summary)
self.kbbrowser.vuln_notebook.set_current_page(0)
if instance.has_db_details():
desc_markdown = instance.get_long_description()
desc_markdown += '\n\n### Fix guidance\n'
desc_markdown += instance.get_fix_guidance()
desc_markdown += self._create_reference_list(instance)
desc = markdown(desc_markdown)
self.kbbrowser.description.load_html_string(desc, FILE)
else:
self.kbbrowser.description.load_html_string(DB_VULN_NOT_FOUND, FILE)
if not instance.get_id():
self.clear_request_response_viewer()
return
#
# We have two different cases:
#
# 1) The object is related to ONLY ONE request / response
# 2) The object is related to MORE THAN ONE request / response
#
# For 1), we show the classic view, and for 2) we show the classic
# view with a "page control"
#
# Work:
#
if len(instance.get_id()) == 1:
# There is ONLY ONE id related to the object
# This is 1)
self.kbbrowser.pagesControl.deactivate()
self.kbbrowser.page_change(0)
self.kbbrowser.pagesControl.hide()
self.kbbrowser.title0.hide()
search_id = instance.get_id()[0]
try:
history_item = self._historyItem.read(search_id)
except DBException:
msg = _('The HTTP data with id %s is not inside the database.')
self._show_message(_('Error'), msg % search_id)
self.clear_request_response_viewer()
return
# Error handling for .trace file problems
# https://github.com/andresriancho/w3af/issues/1174
try:
# These lines will trigger the code that reads the .trace file
# from disk and if they aren't there an exception will rise
history_item.request
history_item.response
except IOError, ioe:
self._show_message(_('Error'), str(ioe))
return
# Now we know that these two lines will work and we won't trigger
# https://github.com/andresriancho/w3af/issues/1174
self.kbbrowser.rrV.request.show_object(history_item.request)
self.kbbrowser.rrV.response.show_object(history_item.response)
# Don't forget to highlight if necessary
severity = instance.get_severity()
for s in instance.get_to_highlight():
self.kbbrowser.rrV.response.highlight(s, severity)
else:
class KBBrowser(entries.RememberingHPaned):
"""Show the Knowledge Base, with the filter and the tree.
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
def __init__(self, w3af):
super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250)
# Internal variables:
# Save the request and response ids to be used in the page control
self.req_res_ids = []
# This is to search the DB and print the different request and responses
# as they are requested from the page control, "page_change" method.
self._historyItem = HistoryItem()
# the filter to the tree
filterbox = gtk.HBox()
self.filters = {}
def make_but(label, signal, initial):
but = gtk.CheckButton(label)
but.set_active(initial)
but.connect('clicked', self.type_filter, signal)
self.filters[signal] = initial
but.show()
filterbox.pack_start(but, expand=False, fill=False, padding=2)
make_but('Vulnerability', 'vuln', True)
make_but('Information', 'info', True)
filterbox.show()
# the kb tree
self.kbtree = FullKBTree(w3af, self, self.filters)
# all in the first pane
kbtree_scrollwin = gtk.ScrolledWindow()
kbtree_scrollwin.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
kbtree_scrollwin.add(self.kbtree)
kbtree_scrollwin.show()
# the filter and tree box
treebox = gtk.VBox()
treebox.pack_start(filterbox, expand=False, fill=False)
treebox.pack_start(kbtree_scrollwin)
treebox.show()
# the vulnerability information
summary = self.get_notebook_summary(w3af)
description = self.get_notebook_description()
self.vuln_notebook = gtk.Notebook()
self.vuln_notebook.append_page(summary, gtk.Label('Summary'))
self.vuln_notebook.append_page(description, gtk.Label('Description'))
self.vuln_notebook.set_current_page(0)
self.vuln_notebook.show()
# pack & show
self.pack1(treebox)
self.pack2(self.vuln_notebook)
self.show()
def get_notebook_description(self):
# Make the HTML viewable area
self.description = webkit.WebView()
# Disable the plugins for the webview
ws = self.description.get_settings()
ws.set_property('enable-plugins', False)
self.description.set_settings(ws)
self.description.show()
desc_scroll = gtk.ScrolledWindow()
desc_scroll.add(self.description)
desc_scroll.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
desc_scroll.show()
return desc_scroll
def get_notebook_summary(self, w3af):
summary_tv = gtk.TextView()
summary_tv.set_editable(False)
summary_tv.set_cursor_visible(False)
summary_tv.set_wrap_mode(gtk.WRAP_WORD)
self.explanation = summary_tv.get_buffer()
summary_tv.show()
summary_scrollwin = gtk.ScrolledWindow()
summary_scrollwin.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
summary_scrollwin.add_with_viewport(summary_tv)
summary_scrollwin.show()
# The request/response viewer
self.rrV = ReqResViewer(w3af, withAudit=False)
self.rrV.set_sensitive(False)
# Create the title label to show the request id
self.title0 = gtk.Label()
self.title0.show()
# Create page changer to handle info/vuln objects that have MORE THAN
# ONE related request/response
self.pagesControl = entries.PagesControl(w3af, self.page_change, 0)
self.pagesControl.deactivate()
self.page_change(0)
center_box = gtk.HBox()
center_box.pack_start(self.pagesControl, True, False)
# Title, request/response and paginator all go together in a vbox
http_data_vbox = gtk.VBox()
http_data_vbox.pack_start(self.title0, False, True)
http_data_vbox.pack_start(self.rrV, True, True)
http_data_vbox.pack_start(center_box, False, False)
# and show
http_data_vbox.show()
self.pagesControl.show()
center_box.show()
# The summary and http data go in a vbox too
summary_data_vbox = entries.RememberingVPaned(w3af,
'pane-kbbexplainview',
100)
summary_data_vbox.pack1(summary_scrollwin)
summary_data_vbox.pack2(http_data_vbox)
summary_data_vbox.show()
return summary_data_vbox
def type_filter(self, button, ptype):
"""Changes the filter of the KB in the tree."""
self.filters[ptype] = button.get_active()
self.kbtree.set_filter(self.filters)
def page_change(self, page):
"""
Handle the page change in the page control.
"""
# Only do something if I have a list of request and responses
if self.req_res_ids:
request_id = self.req_res_ids[page]
try:
historyItem = self._historyItem.read(request_id)
except:
# the request brought problems
self.rrV.request.clear_panes()
self.rrV.response.clear_panes()
self.rrV.set_sensitive(False)
self.title0.set_markup("<b>Error</b>")
else:
self.title0.set_markup("<b>Id: %d</b>" % request_id)
self.rrV.request.show_object(historyItem.request)
self.rrV.response.show_object(historyItem.response)
self.rrV.set_sensitive(True)
def _write_findings_to_xml(self):
"""
Write all the findings to the XML file
:return: None, we write the data to the XML
"""
# HistoryItem to get requests/responses
req_history = HistoryItem()
for i in kb.kb.get_all_findings():
message_node = self._xml.createElement('vulnerability')
message_node.setAttribute('severity', xml_str(i.get_severity()))
message_node.setAttribute('method', xml_str(i.get_method()))
message_node.setAttribute('url', xml_str(i.get_url()))
message_node.setAttribute('var', xml_str(i.get_token_name()))
message_node.setAttribute('name', xml_str(i.get_name()))
message_node.setAttribute('plugin', xml_str(i.get_plugin_name()))
# Wrap description in a <description> element and put it above the
# request/response elements
desc_str = xml_str(i.get_desc(with_id=False))
description_node = self._xml.createElement('description')
description = self._xml.createTextNode(desc_str)
description_node.appendChild(description)
message_node.appendChild(description_node)
# If there is information from the vulndb, then we should write it
if i.has_db_details():
desc_str = xml_str(i.get_long_description())
description_node = self._xml.createElement('long-description')
description = self._xml.createTextNode(desc_str)
description_node.appendChild(description)
message_node.appendChild(description_node)
fix_str = xml_str(i.get_fix_guidance())
fix_node = self._xml.createElement('fix-guidance')
fix = self._xml.createTextNode(fix_str)
fix_node.appendChild(fix)
message_node.appendChild(fix_node)
fix_effort_str = xml_str(i.get_fix_effort())
fix_node = self._xml.createElement('fix-effort')
fix = self._xml.createTextNode(fix_effort_str)
fix_node.appendChild(fix)
message_node.appendChild(fix_node)
if i.get_references():
references_node = self._xml.createElement('references')
for ref in i.get_references():
ref_node = self._xml.createElement('reference')
ref_node.setAttribute('title', xml_str(ref.title))
ref_node.setAttribute('url', xml_str(ref.url))
references_node.appendChild(ref_node)
message_node.appendChild(references_node)
if i.get_id():
message_node.setAttribute('id', str(i.get_id()))
# Wrap all transactions in a http-transactions node
transaction_set = self._xml.createElement('http-transactions')
message_node.appendChild(transaction_set)
for request_id in i.get_id():
try:
details = req_history.read(request_id)
except DBException:
msg = 'Failed to retrieve request with id %s from DB.'
print(msg % request_id)
continue
# Wrap the entire http transaction in a single block
action_set = self._xml.createElement('http-transaction')
action_set.setAttribute('id', str(request_id))
transaction_set.appendChild(action_set)
request_node = self._xml.createElement('http-request')
self.report_http_action(request_node, details.request)
action_set.appendChild(request_node)
response_node = self._xml.createElement('http-response')
self.report_http_action(response_node, details.response)
action_set.appendChild(response_node)
self._top_elem.appendChild(message_node)