def wsgi(self, environ, start_response):
""" The bottle WSGI-interface. """
try:
out = self._cast(self._handle(environ))
# rfc2616 section 4.3
if response._status_code in (100, 101, 204, 304)\
or environ['REQUEST_METHOD'] == 'HEAD':
if hasattr(out, 'close'): out.close()
out = []
start_response(response._status_line, response.headerlist)
return out
except (KeyboardInterrupt, SystemExit, MemoryError):
raise
except Exception:
if not self.catchall: raise
err = '<h1>Critical error while processing request: %s</h1>' \
% html_escape(environ.get('PATH_INFO', '/'))
if DEBUG:
err += '<h2>Error:</h2>\n<pre>\n%s\n</pre>\n' \
'<h2>Traceback:</h2>\n<pre>\n%s\n</pre>\n' \
% (html_escape(repr(_e())), html_escape(format_exc()))
environ['wsgi.errors'].write(err)
headers = [('Content-Type', 'text/html; charset=UTF-8')]
start_response('500 INTERNAL SERVER ERROR', headers, sys.exc_info())
return [tob(err)]
def grep_domobjects(http_objs, requests, response_data, dom_regex):
request_URLs = http_objs["request_URL"]
dom_rows = []
hash_group = []
for i in xrange(0, requests):
protocol = request_URLs[i]["protocol"]
url = request_URLs[i]["url"]
path = request_URLs[i]["path"]
params = request_URLs[i]["params"]
query = request_URLs[i]["query"]
full_path = protocol + "://" + url + path
content = re.findall(eval(dom_regex), response_data[i], re.I)
content = str(content)
if content != "[]":
if utils.md5_object(full_path + utils.html_escape(content)) not in hash_group:
dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + utils.html_escape(content) + "</td>")
hash_group.append(utils.md5_object(full_path + utils.html_escape(content)))
return dom_rows
def grep_domobjects(http_objs, requests, response_data, dom_regex):
request_URLs = http_objs["request_URL"]
dom_rows = []
hash_group = []
for i in xrange(0, requests):
protocol = request_URLs[i]["protocol"]
url = request_URLs[i]["url"]
path = request_URLs[i]["path"]
params = request_URLs[i]["params"]
query = request_URLs[i]["query"]
full_path = protocol + "://" + url + path
content = re.findall(eval(dom_regex), response_data[i], re.I)
content = str(content)
if content != "[]":
if utils.md5_object(full_path +
utils.html_escape(content)) not in hash_group:
dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" +
utils.html_escape(content) + "</td>")
hash_group.append(
utils.md5_object(full_path + utils.html_escape(content)))
return dom_rows
def get_script_body(urls, requests, request_headers, response_data):
js_body_rows = []
js_body_path = []
js_comment_rows = []
js_comment_path = []
hash_group = []
for i in xrange(0, requests):
protocol = urls[i]["protocol"]
domain = urls[i]["url"]
path = urls[i]["path"]
params = urls[i]["params"]
query = urls[i]["query"]
full_path = protocol + "://" + domain + path
body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))
for script in body_js:
if utils.md5_object(full_path + script) not in hash_group:
if full_path not in js_body_path:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(content))
js_body_rows.append("<td>" + rpt.href(full_path) +
"</td><td>" +
rpt.href(str(i) + "body") + "</td>")
hash_group.append(utils.md5_object(full_path + script))
js_body_path.append(full_path)
else:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(content))
rpt.make_module_report_file(content, str(i) + "body")
for comment in comment_js:
if utils.md5_object(full_path + comment) not in hash_group:
if full_path not in js_comment_path:
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(comment))
js_comment_rows.append("<td>" + rpt.href(full_path) +
"</td><td>" +
rpt.href(str(i) + "comment") +
"</td>")
hash_group.append(utils.md5_object(full_path + comment))
js_comment_path.append(full_path)
else:
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(comment))
rpt.make_module_report_file(content, str(i) + "comment")
js_body = [js_body_rows, js_comment_rows]
return js_body
def get_script_body(urls, requests, request_headers, response_data):
js_body_rows = []
js_body_path = []
js_comment_rows = []
js_comment_path = []
hash_group = []
for i in xrange(0, requests):
protocol = urls[i]["protocol"]
domain = urls[i]["url"]
path = urls[i]["path"]
params = urls[i]["params"]
query = urls[i]["query"]
full_path = protocol + "://" + domain + path
body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))
for script in body_js:
if utils.md5_object(full_path + script) not in hash_group:
if full_path not in js_body_path:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
js_body_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "body") + "</td>")
hash_group.append(utils.md5_object(full_path + script))
js_body_path.append(full_path)
else:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
rpt.make_module_report_file(content, str(i) + "body")
for comment in comment_js:
if utils.md5_object(full_path + comment) not in hash_group:
if full_path not in js_comment_path:
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
js_comment_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "comment") + "</td>")
hash_group.append(utils.md5_object(full_path + comment))
js_comment_path.append(full_path)
else:
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
rpt.make_module_report_file(content, str(i) + "comment")
js_body = [js_body_rows, js_comment_rows]
return js_body
def analysis(http_objs):
"""
Requests analysis
@param log_parser: Objects parsed at Burp Log File.
"""
rpt = report.htmltags()
hash = utils.md5_object
hash_group = []
requests = http_objs["total_requests"]
request_methods = http_objs["request_methods"]
request_URLs = http_objs["request_URL"]
status = http_objs["response_status"]
request_body = http_objs["request_body"]
csrf_rows = []
params_form = []
header_poc = "<html><title>CSRF PoC</title><body>"
footer_poc = "'</form> <script>document.forms[0].submit()</script></body></html>"
for i in xrange(0, requests):
protocol = request_URLs[i]["protocol"]
url = request_URLs[i]["url"]
path = request_URLs[i]["path"]
params = request_URLs[i]["params"]
query = request_URLs[i]["query"]
out_escope = request_URLs[i]["out_escope"]
full_path = protocol + "://" + url + path
if out_escope is False:
if status[i] != 0 and status[i] < 300:
if request_methods[i] == "GET" and query != "":
body_poc = "<form method='GET' action='" + protocol + "://" + url + path + "?" + query + "'"
content = header_poc + body_poc + footer_poc
content_source = header_poc + utils.html_escape(body_poc + "</form> <script>document.forms[0].submit()</script>") + "</body></html>"
rpt.make_module_report_file(content, str(i) + "CSRF_POC")
rpt.make_module_report_file(content_source, str(i) + "CSRF_SOURCE_POC")
csrf_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "CSRF_POC") + "</td><td>" + rpt.href(str(i) + "CSRF_SOURCE_POC") + "</td><td>" + request_methods[i] + "</td>")
elif request_methods[i] == "POST" and request_body[i] != "":
params_split = request_body[i].split("&")
for x in params_split:
param = x.split("=")
params_form.append("<input type='text' name='" + str(param[0]) + "' value='" + str(i) + "' />")
input_form = ""
for param in params_form:
input_form = input_form + param
body_poc = "<form method='POST' action='" + protocol + "://" + url + path + "'"
body_poc = body_poc + input_form
content = header_poc + body_poc + footer_poc
content_source = header_poc + utils.html_escape(body_poc + "</form> <script>document.forms[0].submit()</script>") + "</body></html>"
rpt.make_module_report_file(content, str(i) + "CSRF_POC")
rpt.make_module_report_file(content_source, str(i) + "CSRF_SOURCE_POC")
csrf_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + request_methods[i] + "</td><td>" + rpt.href(str(i) + "CSRF_SOURCE_POC") + "</td><td>" + rpt.href(str(i) + "CSRF_POC") + "</td>")
collums = {"CSRF":["Path", "Method", "PoC", "Source PoC"]}
rows = {"CSRF":csrf_rows}
tip = "Tip: <a href='https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet' target='_blank'>Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet</a> and <a href='https://www.owasp.org/index.php/Testing_for_CSRF_%28OWASP-SM-005%29' target='_blank'>Testing for CSRF</a>"
rpt.make_table("csrf", tip, collums, rows)