Exemplo n.º 1
0
    def logResponse(self, roundtrip=0, rawresponse=None, code=None, xmlpayload=None):
        self.responseFileName = "response_" + str(self.httpDataFileCounter) + ".txt"
        self.responseFile = self.httpDataDirectory + "/" + self.responseFileName

        if code:
            if self.codes.has_key(code):
                self.codes[code] += 1
            else:
                self.codes[code] = 1

        # status code
        self.indexFileHandle.write('<TR class="row0"><TD>Status Code</TD>')
        self.indexFileHandle.write("<TD>%s</TD></TR>" % code)
        # response
        self.indexFileHandle.write('<TR class="row1"><TD>XML Response Payload</TD>')
        if xmlpayload:
            c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
            c = self.convertToBR(c)
            self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)

        self.indexFileHandle.write('<TR class="row0"><TD>Response</TD>')
        # use csvrr for a clean raw response entry in the CSV file
        csvrr = ""
        if rawresponse:
            if rawresponse[1] == 1:
                for xx in rawresponse[0]:
                    self.indexFileHandle.write("<TD>%s</TD></TR>" % str(xx))
                    csvrr += str(xx)
            elif type(rawresponse) is str:
                self.indexFileHandle.write("<TD>%s</TD></TR>" % str(rawresponse))
                csvrr = str(rawresponse)
            else:
                self.indexFileHandle.write("<TD>%s</TD></TR>" % str(rawresponse[0]))
                csvrr = str(rawresponse[0])
        else:
            self.indexFileHandle.write("<TD>%s</TD></TR>" % "No response extracted")
            csvrr = "No response extracted"

        # round trip
        self.indexFileHandle.write('<TR class="row1"><TD>Round Trip</TD>')
        self.indexFileHandle.write("<TD>%s</TD></TR>" % roundtrip)

        self.httpDataFileHandle.close()
        self.httpDataFileHandle = None

        self.indexFileHandle.write("</TABLE><br />")
        self.httpDataFileCounter = self.httpDataFileCounter + 1
        sys.stdout = self.originalStdOut  # reset system printing

        # order matters since its a CSV file
        self.csvw.pushIntoArr(code)
        self.csvw.pushIntoArr(csvrr.replace("\r", "").replace("\n", ""))
        if xmlpayload:
            self.csvw.pushIntoArr(xmlpayload.replace("\r", "").replace("\n", "").replace('""', '"'))
        else:
            self.csvw.pushIntoArr("No XML payload received")
        self.csvw.pushIntoArr(roundtrip)
        self.csvw.pushIntoArr("file: " + self.httpDataFile)
        # now force the row write into CSV file
        self.csvw.writeInternalData()
Exemplo n.º 2
0
    def logSoapInvoke(self, method, params, request, attacktype=None, idsEvasion=None):
        self.httpDataFileName = str(self.httpDataFileCounter) + ".txt"
        self.httpDataFile = self.httpDataDirectory + "/" + self.httpDataFileName
        self.httpDataFileHandle = open(self.httpDataFile, mode="w")

        # HTML
        self.indexFileHandle.write('<TABLE width="90%" border=2 cellspacing=0 cellpadding=4>')
        # type of attack
        self.indexFileHandle.write('<TR class="row0"><TD width="25%">Type of Attack</TD>')
        # use csvattacktype for a clean attacktype entry in the CSV file
        csvattacktype = ""
        if attacktype:
            self.indexFileHandle.write('<TD width="65%s">%s</TD></TR>' % ("%", attacktype))
            csvattacktype = attacktype
        else:
            self.indexFileHandle.write('<TD width="65%s">%s</TD></TR>' % ("%", "Unknown Attack Type"))
            csvattacktype = "Unknown Attack Type"
        # method
        self.indexFileHandle.write('<TR class="row1"><TD>Method</TD>')
        self.indexFileHandle.write("<TD>%s</TD></TR>" % method)
        # params
        self.indexFileHandle.write('<TR class="row0"><TD>Request Params</TD>')
        if type(params) is str:
            self.indexFileHandle.write("<TD>%s</TD></TR>" % params)
        elif type(params) is dict:
            forprint = {}
            # loop on dict escaping HTML entities
            for k, v in params.iteritems():
                forprint[k] = cgi.escape(v, 1)
            self.indexFileHandle.write("<TD>%s</TD></TR>" % forprint)

            # request
        self.indexFileHandle.write('<TR class="row1"><TD>Request Payload</TD>')
        c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
        c = self.convertToBR(c)
        self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)
        # IDS Evasion
        if idsEvasion is not None:
            self.indexFileHandle.write('<TR class="row0"><TD>IDS Evasion</TD>')
            self.indexFileHandle.write("<TD>%s</TD></TR>" % idsEvasion)

        sys.stdout = self.httpDataFileHandle  # will record all print statements to the file

        # CSV logging
        # first flush the csvw array
        self.csvw.setNewArr()
        # order matters since its a CSV file
        self.csvw.pushIntoArr(csvattacktype)
        self.csvw.pushIntoArr(method)
        self.csvw.pushIntoArr(params)
        self.csvw.pushIntoArr(request.replace("\r", "").replace("\n", "").replace('""', '"'))
        self.csvw.pushIntoArr(idsEvasion)
Exemplo n.º 3
0
    def logResponse(self,
                    roundtrip=0,
                    rawresponse=None,
                    code=None,
                    xmlpayload=None):
        self.responseFileName = "response_" + str(
            self.httpDataFileCounter) + ".txt"
        self.responseFile = self.httpDataDirectory + "/" + self.responseFileName

        if code:
            if self.codes.has_key(code):
                self.codes[code] += 1
            else:
                self.codes[code] = 1

        # status code
        self.indexFileHandle.write("<TR class=\"row0\"><TD>Status Code</TD>")
        self.indexFileHandle.write("<TD>%s</TD></TR>" % code)
        # response
        self.indexFileHandle.write(
            "<TR class=\"row1\"><TD>XML Response Payload</TD>")
        if xmlpayload:
            c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
            c = self.convertToBR(c)
            self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)

        self.indexFileHandle.write("<TR class=\"row0\"><TD>Response</TD>")
        # use csvrr for a clean raw response entry in the CSV file
        csvrr = ""
        if rawresponse:
            if rawresponse[1] == 1:
                for xx in rawresponse[0]:
                    self.indexFileHandle.write("<TD>%s</TD></TR>" % str(xx))
                    csvrr += str(xx)
            elif type(rawresponse) is str:
                self.indexFileHandle.write("<TD>%s</TD></TR>" %
                                           str(rawresponse))
                csvrr = str(rawresponse)
            else:
                self.indexFileHandle.write("<TD>%s</TD></TR>" %
                                           str(rawresponse[0]))
                csvrr = str(rawresponse[0])
        else:
            self.indexFileHandle.write("<TD>%s</TD></TR>" %
                                       "No response extracted")
            csvrr = "No response extracted"

        # round trip
        self.indexFileHandle.write("<TR class=\"row1\"><TD>Round Trip</TD>")
        self.indexFileHandle.write("<TD>%s</TD></TR>" % roundtrip)

        self.httpDataFileHandle.close()
        self.httpDataFileHandle = None

        self.indexFileHandle.write("</TABLE><br />")
        self.httpDataFileCounter = self.httpDataFileCounter + 1
        sys.stdout = self.originalStdOut  #reset system printing

        # order matters since its a CSV file
        self.csvw.pushIntoArr(code)
        self.csvw.pushIntoArr(csvrr.replace("\r", "").replace("\n", ""))
        if xmlpayload:
            self.csvw.pushIntoArr(
                xmlpayload.replace("\r", "").replace("\n",
                                                     "").replace("\"\"", "\""))
        else:
            self.csvw.pushIntoArr("No XML payload received")
        self.csvw.pushIntoArr(roundtrip)
        self.csvw.pushIntoArr('file: ' + self.httpDataFile)
        # now force the row write into CSV file
        self.csvw.writeInternalData()
Exemplo n.º 4
0
    def logSoapInvoke(self,
                      method,
                      params,
                      request,
                      attacktype=None,
                      idsEvasion=None):
        self.httpDataFileName = str(self.httpDataFileCounter) + ".txt"
        self.httpDataFile = self.httpDataDirectory + "/" + self.httpDataFileName
        self.httpDataFileHandle = open(self.httpDataFile, mode="w")

        # HTML
        self.indexFileHandle.write(
            "<TABLE width=\"90%\" border=2 cellspacing=0 cellpadding=4>")
        # type of attack
        self.indexFileHandle.write(
            "<TR class=\"row0\"><TD width=\"25%\">Type of Attack</TD>")
        # use csvattacktype for a clean attacktype entry in the CSV file
        csvattacktype = ""
        if attacktype:
            self.indexFileHandle.write("<TD width=\"65%s\">%s</TD></TR>" %
                                       ("%", attacktype))
            csvattacktype = attacktype
        else:
            self.indexFileHandle.write("<TD width=\"65%s\">%s</TD></TR>" %
                                       ("%", "Unknown Attack Type"))
            csvattacktype = "Unknown Attack Type"
        # method
        self.indexFileHandle.write("<TR class=\"row1\"><TD>Method</TD>")
        self.indexFileHandle.write("<TD>%s</TD></TR>" % method)
        # params
        self.indexFileHandle.write(
            "<TR class=\"row0\"><TD>Request Params</TD>")
        if type(params) is str:
            self.indexFileHandle.write("<TD>%s</TD></TR>" % params)
        elif type(params) is dict:
            forprint = {}
            # loop on dict escaping HTML entities
            for k, v in params.iteritems():
                forprint[k] = cgi.escape(v, 1)
            self.indexFileHandle.write("<TD>%s</TD></TR>" % forprint)

        # request
        self.indexFileHandle.write(
            "<TR class=\"row1\"><TD>Request Payload</TD>")
        c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
        c = self.convertToBR(c)
        self.indexFileHandle.write("<TD><pre>%s</pre></TD></TR>" % c)
        # IDS Evasion
        if idsEvasion is not None:
            self.indexFileHandle.write(
                "<TR class=\"row0\"><TD>IDS Evasion</TD>")
            self.indexFileHandle.write("<TD>%s</TD></TR>" % idsEvasion)

        sys.stdout = self.httpDataFileHandle  #will record all print statements to the file

        # CSV logging
        # first flush the csvw array
        self.csvw.setNewArr()
        # order matters since its a CSV file
        self.csvw.pushIntoArr(csvattacktype)
        self.csvw.pushIntoArr(method)
        self.csvw.pushIntoArr(params)
        self.csvw.pushIntoArr(
            request.replace("\r", "").replace("\n", "").replace("\"\"", "\""))
        self.csvw.pushIntoArr(idsEvasion)
Exemplo n.º 5
0
    def writeData(
        self,
        method=None,
        params=None,
        request=None,
        attacktype=None,
        idsEvasion=None,
        roundtrip=None,
        rawresponse=None,
        code=None,
        xmlpayload=None,
    ):

        file_str_req = StringIO()
        file_str_resp = StringIO()
        colwidths = (1 * inch, self.PAGE_WIDTH - (2 * inch))
        dataarr = []

        #################################################################
        # Request
        if attacktype:
            dataarr.append(("Type of Attack", attacktype))
        else:
            dataarr.append(("Type of Attack", "Unknown Attack Type"))

        if method:
            dataarr.append(("Method", method))
        else:
            dataarr.append(("Method", "Unknown Method"))

        if type(params) is str:
            dataarr.append(("Request Params", params))
        elif type(params) is dict:
            forprint = {}
            # loop on dict escaping HTML entities
            for k, v in params.iteritems():
                forprint[k] = v
            dataarr.append(("Request Params", forprint))
        else:
            dataarr.append(("Request Params", "Unknown Params"))

        if idsEvasion:
            dataarr.append(("IDS Evasion", idsEvasion))
        else:
            dataarr.append(("IDS Evasion", "Not Used"))
        #################################################################
        #################################################################
        # Response
        if code:
            dataarr.append(("Status Code", code))
        else:
            dataarr.append(("Status Code", "Unknown Code"))

        if rawresponse:
            if rawresponse[1] == 1:
                for xx in rawresponse[0]:
                    try:
                        dataarr.append(("Response", Paragraph(str(xx), self.style)))
                    except ValueError:
                        pass
            elif type(rawresponse) is str:
                dataarr.append(("Response", Paragraph(str(rawresponse), self.style)))
            else:
                try:
                    dataarr.append(("Response", Paragraph(str(rawresponse[0]), self.style)))
                except ValueError:
                    pass
        else:
            dataarr.append(("Response", "No response extracted"))

        if roundtrip:
            dataarr.append(("Round Trip", roundtrip))
        else:
            dataarr.append(("Round Trip", "Unknown Roundtrip"))
        #################################################################

        #################################################################
        # Paylaods
        # Request
        c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
        c = self.convertToN(c)
        file_str_req.write(str(c))

        # Response
        if xmlpayload:
            c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
            c = self.convertToN(c)
            file_str_resp.write(str(c))

        preqheader = Paragraph("Request:", self.style)
        preq = XPreformatted(str(file_str_req.getvalue()), self.style)
        prespheader = Paragraph("Response:", self.style)
        presp = XPreformatted(str(file_str_resp.getvalue()), self.style)

        # create a list (array) of all values to write
        # then cast to tuple of tuples
        # so array/list looks like: [('l', 'xx'), ('ll', 'xxx'), ('lll', 'xxxxx')]
        data = tuple(dataarr)
        t = Table(data, colwidths, rowHeights=None)
        t.setStyle(self.GRID_STYLE)

        self.Story.append(t)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(preqheader)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(preq)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(prespheader)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(presp)
        self.Story.append(Spacer(1, 0.2 * inch))
Exemplo n.º 6
0
    def writeData(self,
                  method=None,
                  params=None,
                  request=None,
                  attacktype=None,
                  idsEvasion=None,
                  roundtrip=None,
                  rawresponse=None,
                  code=None,
                  xmlpayload=None):

        file_str_req = StringIO()
        file_str_resp = StringIO()
        colwidths = (1 * inch, self.PAGE_WIDTH - (2 * inch))
        dataarr = []

        #################################################################
        # Request
        if attacktype:
            dataarr.append(('Type of Attack', attacktype))
        else:
            dataarr.append(('Type of Attack', 'Unknown Attack Type'))

        if method:
            dataarr.append(('Method', method))
        else:
            dataarr.append(('Method', 'Unknown Method'))

        if type(params) is str:
            dataarr.append(('Request Params', params))
        elif type(params) is dict:
            forprint = {}
            # loop on dict escaping HTML entities
            for k, v in params.iteritems():
                forprint[k] = v
            dataarr.append(('Request Params', forprint))
        else:
            dataarr.append(('Request Params', 'Unknown Params'))

        if idsEvasion:
            dataarr.append(('IDS Evasion', idsEvasion))
        else:
            dataarr.append(('IDS Evasion', 'Not Used'))
        #################################################################
        #################################################################
        # Response
        if code:
            dataarr.append(('Status Code', code))
        else:
            dataarr.append(('Status Code', 'Unknown Code'))

        if rawresponse:
            if rawresponse[1] == 1:
                for xx in rawresponse[0]:
                    try:
                        dataarr.append(
                            ('Response', Paragraph(str(xx), self.style)))
                    except ValueError:
                        pass
            elif type(rawresponse) is str:
                dataarr.append(
                    ('Response', Paragraph(str(rawresponse), self.style)))
            else:
                try:
                    dataarr.append(
                        ('Response', Paragraph(str(rawresponse[0]),
                                               self.style)))
                except ValueError:
                    pass
        else:
            dataarr.append(('Response', 'No response extracted'))

        if roundtrip:
            dataarr.append(('Round Trip', roundtrip))
        else:
            dataarr.append(('Round Trip', 'Unknown Roundtrip'))
        #################################################################

        #################################################################
        # Paylaods
        # Request
        c = cgi.escape(xmlpp.get_pprint(request).strip(), 1)
        c = self.convertToN(c)
        file_str_req.write(str(c))

        # Response
        if xmlpayload:
            c = cgi.escape(xmlpp.get_pprint(xmlpayload).strip(), 1)
            c = self.convertToN(c)
            file_str_resp.write(str(c))

        preqheader = Paragraph("Request:", self.style)
        preq = XPreformatted(str(file_str_req.getvalue()), self.style)
        prespheader = Paragraph("Response:", self.style)
        presp = XPreformatted(str(file_str_resp.getvalue()), self.style)

        # create a list (array) of all values to write
        # then cast to tuple of tuples
        # so array/list looks like: [('l', 'xx'), ('ll', 'xxx'), ('lll', 'xxxxx')]
        data = tuple(dataarr)
        t = Table(data, colwidths, rowHeights=None)
        t.setStyle(self.GRID_STYLE)

        self.Story.append(t)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(preqheader)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(preq)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(prespheader)
        self.Story.append(Spacer(1, 0.2 * inch))
        self.Story.append(presp)
        self.Story.append(Spacer(1, 0.2 * inch))