def logResponse(self, roundtrip=0, rawresponse=None, code=None, xmlpayload=None):
self.responseFileName = "response_" + str(self.httpDataFileCounter) + ".txt"
self.responseFile = self.httpDataDirectory + "/" + self.responseFileName
if code:
if self.codes.has_key(code):
self.codes[code] += 1
else:
self.codes[code] = 1
# status code
self.indexFileHandle.write('<TR class="row0"><TD>Status Code</TD>')
self.indexFileHandle.write("<TD>%s</TD></TR>" % code)
# response
self.indexFileHandle.write('<TR class="row1"><TD>XML Response Payload</TD>')
if xmlpayload:
c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
c = self.convertToBR(c)
self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)
self.indexFileHandle.write('<TR class="row0"><TD>Response</TD>')
# use csvrr for a clean raw response entry in the CSV file
csvrr = ""
if rawresponse:
if rawresponse[1] == 1:
for xx in rawresponse[0]:
self.indexFileHandle.write("<TD>%s</TD></TR>" % str(xx))
csvrr += str(xx)
elif type(rawresponse) is str:
self.indexFileHandle.write("<TD>%s</TD></TR>" % str(rawresponse))
csvrr = str(rawresponse)
else:
self.indexFileHandle.write("<TD>%s</TD></TR>" % str(rawresponse[0]))
csvrr = str(rawresponse[0])
else:
self.indexFileHandle.write("<TD>%s</TD></TR>" % "No response extracted")
csvrr = "No response extracted"
# round trip
self.indexFileHandle.write('<TR class="row1"><TD>Round Trip</TD>')
self.indexFileHandle.write("<TD>%s</TD></TR>" % roundtrip)
self.httpDataFileHandle.close()
self.httpDataFileHandle = None
self.indexFileHandle.write("</TABLE><br />")
self.httpDataFileCounter = self.httpDataFileCounter + 1
sys.stdout = self.originalStdOut # reset system printing
# order matters since its a CSV file
self.csvw.pushIntoArr(code)
self.csvw.pushIntoArr(csvrr.replace("\r", "").replace("\n", ""))
if xmlpayload:
self.csvw.pushIntoArr(xmlpayload.replace("\r", "").replace("\n", "").replace('""', '"'))
else:
self.csvw.pushIntoArr("No XML payload received")
self.csvw.pushIntoArr(roundtrip)
self.csvw.pushIntoArr("file: " + self.httpDataFile)
# now force the row write into CSV file
self.csvw.writeInternalData()
def logSoapInvoke(self, method, params, request, attacktype=None, idsEvasion=None):
self.httpDataFileName = str(self.httpDataFileCounter) + ".txt"
self.httpDataFile = self.httpDataDirectory + "/" + self.httpDataFileName
self.httpDataFileHandle = open(self.httpDataFile, mode="w")
# HTML
self.indexFileHandle.write('<TABLE width="90%" border=2 cellspacing=0 cellpadding=4>')
# type of attack
self.indexFileHandle.write('<TR class="row0"><TD width="25%">Type of Attack</TD>')
# use csvattacktype for a clean attacktype entry in the CSV file
csvattacktype = ""
if attacktype:
self.indexFileHandle.write('<TD width="65%s">%s</TD></TR>' % ("%", attacktype))
csvattacktype = attacktype
else:
self.indexFileHandle.write('<TD width="65%s">%s</TD></TR>' % ("%", "Unknown Attack Type"))
csvattacktype = "Unknown Attack Type"
# method
self.indexFileHandle.write('<TR class="row1"><TD>Method</TD>')
self.indexFileHandle.write("<TD>%s</TD></TR>" % method)
# params
self.indexFileHandle.write('<TR class="row0"><TD>Request Params</TD>')
if type(params) is str:
self.indexFileHandle.write("<TD>%s</TD></TR>" % params)
elif type(params) is dict:
forprint = {}
# loop on dict escaping HTML entities
for k, v in params.iteritems():
forprint[k] = cgi.escape(v, 1)
self.indexFileHandle.write("<TD>%s</TD></TR>" % forprint)
# request
self.indexFileHandle.write('<TR class="row1"><TD>Request Payload</TD>')
c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
c = self.convertToBR(c)
self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)
# IDS Evasion
if idsEvasion is not None:
self.indexFileHandle.write('<TR class="row0"><TD>IDS Evasion</TD>')
self.indexFileHandle.write("<TD>%s</TD></TR>" % idsEvasion)
sys.stdout = self.httpDataFileHandle # will record all print statements to the file
# CSV logging
# first flush the csvw array
self.csvw.setNewArr()
# order matters since its a CSV file
self.csvw.pushIntoArr(csvattacktype)
self.csvw.pushIntoArr(method)
self.csvw.pushIntoArr(params)
self.csvw.pushIntoArr(request.replace("\r", "").replace("\n", "").replace('""', '"'))
self.csvw.pushIntoArr(idsEvasion)
def logResponse(self,
roundtrip=0,
rawresponse=None,
code=None,
xmlpayload=None):
self.responseFileName = "response_" + str(
self.httpDataFileCounter) + ".txt"
self.responseFile = self.httpDataDirectory + "/" + self.responseFileName
if code:
if self.codes.has_key(code):
self.codes[code] += 1
else:
self.codes[code] = 1
# status code
self.indexFileHandle.write("<TR class=\"row0\"><TD>Status Code</TD>")
self.indexFileHandle.write("<TD>%s</TD></TR>" % code)
# response
self.indexFileHandle.write(
"<TR class=\"row1\"><TD>XML Response Payload</TD>")
if xmlpayload:
c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
c = self.convertToBR(c)
self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)
self.indexFileHandle.write("<TR class=\"row0\"><TD>Response</TD>")
# use csvrr for a clean raw response entry in the CSV file
csvrr = ""
if rawresponse:
if rawresponse[1] == 1:
for xx in rawresponse[0]:
self.indexFileHandle.write("<TD>%s</TD></TR>" % str(xx))
csvrr += str(xx)
elif type(rawresponse) is str:
self.indexFileHandle.write("<TD>%s</TD></TR>" %
str(rawresponse))
csvrr = str(rawresponse)
else:
self.indexFileHandle.write("<TD>%s</TD></TR>" %
str(rawresponse[0]))
csvrr = str(rawresponse[0])
else:
self.indexFileHandle.write("<TD>%s</TD></TR>" %
"No response extracted")
csvrr = "No response extracted"
# round trip
self.indexFileHandle.write("<TR class=\"row1\"><TD>Round Trip</TD>")
self.indexFileHandle.write("<TD>%s</TD></TR>" % roundtrip)
self.httpDataFileHandle.close()
self.httpDataFileHandle = None
self.indexFileHandle.write("</TABLE><br />")
self.httpDataFileCounter = self.httpDataFileCounter + 1
sys.stdout = self.originalStdOut #reset system printing
# order matters since its a CSV file
self.csvw.pushIntoArr(code)
self.csvw.pushIntoArr(csvrr.replace("\r", "").replace("\n", ""))
if xmlpayload:
self.csvw.pushIntoArr(
xmlpayload.replace("\r", "").replace("\n",
"").replace("\"\"", "\""))
else:
self.csvw.pushIntoArr("No XML payload received")
self.csvw.pushIntoArr(roundtrip)
self.csvw.pushIntoArr('file: ' + self.httpDataFile)
# now force the row write into CSV file
self.csvw.writeInternalData()
def logSoapInvoke(self,
method,
params,
request,
attacktype=None,
idsEvasion=None):
self.httpDataFileName = str(self.httpDataFileCounter) + ".txt"
self.httpDataFile = self.httpDataDirectory + "/" + self.httpDataFileName
self.httpDataFileHandle = open(self.httpDataFile, mode="w")
# HTML
self.indexFileHandle.write(
"<TABLE width=\"90%\" border=2 cellspacing=0 cellpadding=4>")
# type of attack
self.indexFileHandle.write(
"<TR class=\"row0\"><TD width=\"25%\">Type of Attack</TD>")
# use csvattacktype for a clean attacktype entry in the CSV file
csvattacktype = ""
if attacktype:
self.indexFileHandle.write("<TD width=\"65%s\">%s</TD></TR>" %
("%", attacktype))
csvattacktype = attacktype
else:
self.indexFileHandle.write("<TD width=\"65%s\">%s</TD></TR>" %
("%", "Unknown Attack Type"))
csvattacktype = "Unknown Attack Type"
# method
self.indexFileHandle.write("<TR class=\"row1\"><TD>Method</TD>")
self.indexFileHandle.write("<TD>%s</TD></TR>" % method)
# params
self.indexFileHandle.write(
"<TR class=\"row0\"><TD>Request Params</TD>")
if type(params) is str:
self.indexFileHandle.write("<TD>%s</TD></TR>" % params)
elif type(params) is dict:
forprint = {}
# loop on dict escaping HTML entities
for k, v in params.iteritems():
forprint[k] = cgi.escape(v, 1)
self.indexFileHandle.write("<TD>%s</TD></TR>" % forprint)
# request
self.indexFileHandle.write(
"<TR class=\"row1\"><TD>Request Payload</TD>")
c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
c = self.convertToBR(c)
self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)
# IDS Evasion
if idsEvasion is not None:
self.indexFileHandle.write(
"<TR class=\"row0\"><TD>IDS Evasion</TD>")
self.indexFileHandle.write("<TD>%s</TD></TR>" % idsEvasion)
sys.stdout = self.httpDataFileHandle #will record all print statements to the file
# CSV logging
# first flush the csvw array
self.csvw.setNewArr()
# order matters since its a CSV file
self.csvw.pushIntoArr(csvattacktype)
self.csvw.pushIntoArr(method)
self.csvw.pushIntoArr(params)
self.csvw.pushIntoArr(
request.replace("\r", "").replace("\n", "").replace("\"\"", "\""))
self.csvw.pushIntoArr(idsEvasion)
def writeData(
self,
method=None,
params=None,
request=None,
attacktype=None,
idsEvasion=None,
roundtrip=None,
rawresponse=None,
code=None,
xmlpayload=None,
):
file_str_req = StringIO()
file_str_resp = StringIO()
colwidths = (1 * inch, self.PAGE_WIDTH - (2 * inch))
dataarr = []
#################################################################
# Request
if attacktype:
dataarr.append(("Type of Attack", attacktype))
else:
dataarr.append(("Type of Attack", "Unknown Attack Type"))
if method:
dataarr.append(("Method", method))
else:
dataarr.append(("Method", "Unknown Method"))
if type(params) is str:
dataarr.append(("Request Params", params))
elif type(params) is dict:
forprint = {}
# loop on dict escaping HTML entities
for k, v in params.iteritems():
forprint[k] = v
dataarr.append(("Request Params", forprint))
else:
dataarr.append(("Request Params", "Unknown Params"))
if idsEvasion:
dataarr.append(("IDS Evasion", idsEvasion))
else:
dataarr.append(("IDS Evasion", "Not Used"))
#################################################################
#################################################################
# Response
if code:
dataarr.append(("Status Code", code))
else:
dataarr.append(("Status Code", "Unknown Code"))
if rawresponse:
if rawresponse[1] == 1:
for xx in rawresponse[0]:
try:
dataarr.append(("Response", Paragraph(str(xx), self.style)))
except ValueError:
pass
elif type(rawresponse) is str:
dataarr.append(("Response", Paragraph(str(rawresponse), self.style)))
else:
try:
dataarr.append(("Response", Paragraph(str(rawresponse[0]), self.style)))
except ValueError:
pass
else:
dataarr.append(("Response", "No response extracted"))
if roundtrip:
dataarr.append(("Round Trip", roundtrip))
else:
dataarr.append(("Round Trip", "Unknown Roundtrip"))
#################################################################
#################################################################
# Paylaods
# Request
c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
c = self.convertToN(c)
file_str_req.write(str(c))
# Response
if xmlpayload:
c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
c = self.convertToN(c)
file_str_resp.write(str(c))
preqheader = Paragraph("Request:", self.style)
preq = XPreformatted(str(file_str_req.getvalue()), self.style)
prespheader = Paragraph("Response:", self.style)
presp = XPreformatted(str(file_str_resp.getvalue()), self.style)
# create a list (array) of all values to write
# then cast to tuple of tuples
# so array/list looks like: [('l', 'xx'), ('ll', 'xxx'), ('lll', 'xxxxx')]
data = tuple(dataarr)
t = Table(data, colwidths, rowHeights=None)
t.setStyle(self.GRID_STYLE)
self.Story.append(t)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(preqheader)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(preq)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(prespheader)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(presp)
self.Story.append(Spacer(1, 0.2 * inch))
def writeData(self,
method=None,
params=None,
request=None,
attacktype=None,
idsEvasion=None,
roundtrip=None,
rawresponse=None,
code=None,
xmlpayload=None):
file_str_req = StringIO()
file_str_resp = StringIO()
colwidths = (1 * inch, self.PAGE_WIDTH - (2 * inch))
dataarr = []
#################################################################
# Request
if attacktype:
dataarr.append(('Type of Attack', attacktype))
else:
dataarr.append(('Type of Attack', 'Unknown Attack Type'))
if method:
dataarr.append(('Method', method))
else:
dataarr.append(('Method', 'Unknown Method'))
if type(params) is str:
dataarr.append(('Request Params', params))
elif type(params) is dict:
forprint = {}
# loop on dict escaping HTML entities
for k, v in params.iteritems():
forprint[k] = v
dataarr.append(('Request Params', forprint))
else:
dataarr.append(('Request Params', 'Unknown Params'))
if idsEvasion:
dataarr.append(('IDS Evasion', idsEvasion))
else:
dataarr.append(('IDS Evasion', 'Not Used'))
#################################################################
#################################################################
# Response
if code:
dataarr.append(('Status Code', code))
else:
dataarr.append(('Status Code', 'Unknown Code'))
if rawresponse:
if rawresponse[1] == 1:
for xx in rawresponse[0]:
try:
dataarr.append(
('Response', Paragraph(str(xx), self.style)))
except ValueError:
pass
elif type(rawresponse) is str:
dataarr.append(
('Response', Paragraph(str(rawresponse), self.style)))
else:
try:
dataarr.append(
('Response', Paragraph(str(rawresponse[0]),
self.style)))
except ValueError:
pass
else:
dataarr.append(('Response', 'No response extracted'))
if roundtrip:
dataarr.append(('Round Trip', roundtrip))
else:
dataarr.append(('Round Trip', 'Unknown Roundtrip'))
#################################################################
#################################################################
# Paylaods
# Request
c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
c = self.convertToN(c)
file_str_req.write(str(c))
# Response
if xmlpayload:
c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
c = self.convertToN(c)
file_str_resp.write(str(c))
preqheader = Paragraph("Request:", self.style)
preq = XPreformatted(str(file_str_req.getvalue()), self.style)
prespheader = Paragraph("Response:", self.style)
presp = XPreformatted(str(file_str_resp.getvalue()), self.style)
# create a list (array) of all values to write
# then cast to tuple of tuples
# so array/list looks like: [('l', 'xx'), ('ll', 'xxx'), ('lll', 'xxxxx')]
data = tuple(dataarr)
t = Table(data, colwidths, rowHeights=None)
t.setStyle(self.GRID_STYLE)
self.Story.append(t)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(preqheader)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(preq)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(prespheader)
self.Story.append(Spacer(1, 0.2 * inch))
self.Story.append(presp)
self.Story.append(Spacer(1, 0.2 * inch))