def DeleteAll(self, filter_data, target_id=None): """ Here keeping filter_data optional is very risky """ query = self.GenerateQueryUsingSession( filter_data, target_id, for_delete=True) # Empty dict will match all results # Delete the folders created for these plugins for plugin in query.all(): # First check if path exists in db if plugin.output_path: output_path = os.path.join( self.config.GetOutputDirForTargets(), plugin.output_path) if os.path.exists(output_path): FileOperations.rm_tree(output_path) # When folders are removed delete the results from db results = query.delete() self.db.session.commit()
def initialize(self, outbound_options=[], outbound_auth=""): # The tornado application, which is used to pass variables to request handler self.application = tornado.web.Application( handlers=[(r'.*', ProxyHandler)], debug=False, gzip=True, ) self.config = self.get_component("config") self.db_config = self.get_component("db_config") # All required variables in request handler # Required variables are added as attributes to application, so that request handler can access these self.application.Core = self.get_component("core") try: self.proxy_manager = self.get_component("proxy_manager") except ComponentNotFoundException: self.proxy_manager = None self.application.proxy_manager = self.proxy_manager # ctypes object allocated from shared memory to verify if proxy must inject probe code or not # 'i' means ctypes type is integer, initialization value is 0 # if lock is True then a new recursive lock object is created to # synchronize access to the value self.application.Core.pnh_inject = Value('i', 0, lock=True) self.application.inbound_ip = self.db_config.Get('INBOUND_PROXY_IP') self.application.inbound_port = int( self.db_config.Get('INBOUND_PROXY_PORT')) if self.proxy_manager: #Botnet mode needs only one proxy process self.instances = "1" else: self.instances = self.db_config.Get("INBOUND_PROXY_PROCESSES") # Proxy CACHE # Cache related settings, including creating required folders according to cache folder structure self.application.cache_dir = self.db_config.Get( "INBOUND_PROXY_CACHE_DIR") # Clean possible older cache directory. if os.path.exists(self.application.cache_dir): FileOperations.rm_tree(self.application.cache_dir) FileOperations.make_dirs(self.application.cache_dir) # SSL MiTM # SSL certs, keys and other settings (os.path.expanduser because they are stored in users home directory ~/.owtf/proxy ) self.application.ca_cert = os.path.expanduser( self.db_config.Get('CA_CERT')) self.application.ca_key = os.path.expanduser( self.db_config.Get('CA_KEY')) try: # To stop owtf from breaking for our beloved users :P self.application.ca_key_pass = FileOperations.open( os.path.expanduser(self.db_config.Get('CA_PASS_FILE')), 'r', owtf_clean=False).read().strip() except IOError: self.application.ca_key_pass = "******" self.application.proxy_folder = os.path.dirname( self.application.ca_cert) self.application.certs_folder = os.path.expanduser( self.db_config.Get('CERTS_FOLDER')) try: # Ensure CA.crt and Key exist assert os.path.exists(self.application.ca_cert) assert os.path.exists(self.application.ca_key) except AssertionError: self.get_component("error_handler").FrameworkAbort( "Files required for SSL MiTM are missing. Please run the install script" ) try: # If certs folder missing, create that assert os.path.exists(self.application.certs_folder) except AssertionError: FileOperations.make_dirs(self.application.certs_folder) # Blacklist (or) Whitelist Cookies # Building cookie regex to be used for cookie filtering for caching if self.db_config.Get('WHITELIST_COOKIES') == 'None': cookies_list = self.db_config.Get('BLACKLIST_COOKIES').split(',') self.application.cookie_blacklist = True else: cookies_list = self.db_config.Get('WHITELIST_COOKIES').split(',') self.application.cookie_blacklist = False if self.application.cookie_blacklist: regex_cookies_list = [ cookie + "=([^;]+;?)" for cookie in cookies_list ] else: regex_cookies_list = [ "(" + cookie + "=[^;]+;?)" for cookie in self.db_config.Get('COOKIES_LIST') ] regex_string = '|'.join(regex_cookies_list) self.application.cookie_regex = re.compile(regex_string) # Outbound Proxy # Outbound proxy settings to be used inside request handler if outbound_options: if len(outbound_options) == 3: self.application.outbound_proxy_type = outbound_options[0] self.application.outbound_ip = outbound_options[1] self.application.outbound_port = int(outbound_options[2]) else: self.application.outbound_proxy_type = "http" self.application.outbound_ip = outbound_options[0] self.application.outbound_port = int(outbound_options[1]) else: self.application.outbound_ip, self.application.outbound_port, self.application.outbound_proxy_type = None, None, None if outbound_auth: self.application.outbound_username, self.application.outbound_password = outbound_auth.split( ":") else: self.application.outbound_username, self.application.outbound_password = None, None # Server has to be global, because it is used inside request handler to attach sockets for monitoring global server server = tornado.httpserver.HTTPServer(self.application) self.server = server # Header filters # Restricted headers are picked from framework/config/framework_config.cfg # These headers are removed from the response obtained from webserver, before sending it to browser global restricted_response_headers restricted_response_headers = self.config.FrameworkConfigGet( "PROXY_RESTRICTED_RESPONSE_HEADERS").split(",") # These headers are removed from request obtained from browser, before sending it to webserver global restricted_request_headers restricted_request_headers = self.config.FrameworkConfigGet( "PROXY_RESTRICTED_REQUEST_HEADERS").split(",") # HTTP Auth options if self.db_config.Get("HTTP_AUTH_HOST") != "None": self.application.http_auth = True # All the variables are lists self.application.http_auth_hosts = self.db_config.Get( "HTTP_AUTH_HOST").strip().split(',') self.application.http_auth_usernames = self.db_config.Get( "HTTP_AUTH_USERNAME").strip().split(',') self.application.http_auth_passwords = self.db_config.Get( "HTTP_AUTH_PASSWORD").strip().split(',') self.application.http_auth_modes = self.db_config.Get( "HTTP_AUTH_MODE").strip().split(',') else: self.application.http_auth = False
def CleanUpForTarget(self, target_URL): return FileOperations.rm_tree(self.GetOutputDirForTarget(target_URL))
def initialize(self, outbound_options=[], outbound_auth=""): # The tornado application, which is used to pass variables to request handler self.application = tornado.web.Application(handlers=[(r'.*', ProxyHandler)], debug=False, gzip=True,) self.config = self.get_component("config") self.db_config = self.get_component("db_config") # All required variables in request handler # Required variables are added as attributes to application, so that request handler can access these self.application.Core = self.get_component("core") try: self.proxy_manager = self.get_component("proxy_manager") except ComponentNotFoundException: self.proxy_manager = None self.application.proxy_manager = self.proxy_manager # ctypes object allocated from shared memory to verify if proxy must inject probe code or not # 'i' means ctypes type is integer, initialization value is 0 # if lock is True then a new recursive lock object is created to # synchronize access to the value self.application.Core.pnh_inject = Value('i', 0, lock=True) self.application.inbound_ip = self.db_config.Get('INBOUND_PROXY_IP') self.application.inbound_port = int(self.db_config.Get('INBOUND_PROXY_PORT')) if self.proxy_manager: self.instances = "1" # Botnet mode needs only one proxy process. else: self.instances = self.db_config.Get("INBOUND_PROXY_PROCESSES") # Proxy CACHE # Cache related settings, including creating required folders according to cache folder structure self.application.cache_dir = self.db_config.Get("INBOUND_PROXY_CACHE_DIR") # Clean possible older cache directory. if os.path.exists(self.application.cache_dir): FileOperations.rm_tree(self.application.cache_dir) FileOperations.make_dirs(self.application.cache_dir) # SSL MiTM # SSL certs, keys and other settings (os.path.expanduser because they are stored in users home directory # ~/.owtf/proxy) self.application.ca_cert = os.path.expanduser(self.db_config.Get('CA_CERT')) self.application.ca_key = os.path.expanduser(self.db_config.Get('CA_KEY')) # To stop OWTF from breaking for our beloved users :P try: self.application.ca_key_pass = FileOperations.open( os.path.expanduser(self.db_config.Get('CA_PASS_FILE')), 'r', owtf_clean=False).read().strip() except IOError: self.application.ca_key_pass = "******" # XXX: Legacy CA key pass for older versions. self.application.proxy_folder = os.path.dirname(self.application.ca_cert) self.application.certs_folder = os.path.expanduser(self.db_config.Get('CERTS_FOLDER')) try: # Ensure CA.crt and Key exist. assert os.path.exists(self.application.ca_cert) assert os.path.exists(self.application.ca_key) except AssertionError: self.get_component("error_handler").FrameworkAbort( "Files required for SSL MiTM are missing. Please run the install script") try: # If certs folder missing, create that. assert os.path.exists(self.application.certs_folder) except AssertionError: FileOperations.make_dirs(self.application.certs_folder) # Blacklist (or) Whitelist Cookies # Building cookie regex to be used for cookie filtering for caching if self.db_config.Get('WHITELIST_COOKIES') == 'None': cookies_list = self.db_config.Get('BLACKLIST_COOKIES').split(',') self.application.cookie_blacklist = True else: cookies_list = self.db_config.Get('WHITELIST_COOKIES').split(',') self.application.cookie_blacklist = False if self.application.cookie_blacklist: regex_cookies_list = [cookie + "=([^;]+;?)" for cookie in cookies_list] else: regex_cookies_list = ["(" + cookie + "=[^;]+;?)" for cookie in self.db_config.Get('COOKIES_LIST')] regex_string = '|'.join(regex_cookies_list) self.application.cookie_regex = re.compile(regex_string) # Outbound Proxy # Outbound proxy settings to be used inside request handler if outbound_options: if len(outbound_options) == 3: self.application.outbound_proxy_type = outbound_options[0] self.application.outbound_ip = outbound_options[1] self.application.outbound_port = int(outbound_options[2]) else: self.application.outbound_proxy_type = "http" self.application.outbound_ip = outbound_options[0] self.application.outbound_port = int(outbound_options[1]) else: self.application.outbound_ip = None self.application.outbound_port = None self.application.outbound_proxy_type = None if outbound_auth: self.application.outbound_username, self.application.outbound_password = outbound_auth.split(":") else: self.application.outbound_username = None self.application.outbound_password = None self.server = tornado.httpserver.HTTPServer(self.application) # server has to be a class variable, because it is used inside request handler to attach sockets for monitoring ProxyHandler.server = self.server # Header filters # Restricted headers are picked from framework/config/framework_config.cfg # These headers are removed from the response obtained from webserver, before sending it to browser restricted_response_headers = self.config.FrameworkConfigGet("PROXY_RESTRICTED_RESPONSE_HEADERS").split(",") ProxyHandler.restricted_response_headers = restricted_response_headers # These headers are removed from request obtained from browser, before sending it to webserver restricted_request_headers = self.config.FrameworkConfigGet("PROXY_RESTRICTED_REQUEST_HEADERS").split(",") ProxyHandler.restricted_request_headers = restricted_request_headers # HTTP Auth options if self.db_config.Get("HTTP_AUTH_HOST") != "None": self.application.http_auth = True # All the variables are lists self.application.http_auth_hosts = self.db_config.Get("HTTP_AUTH_HOST").strip().split(',') self.application.http_auth_usernames = self.db_config.Get("HTTP_AUTH_USERNAME").strip().split(',') self.application.http_auth_passwords = self.db_config.Get("HTTP_AUTH_PASSWORD").strip().split(',') self.application.http_auth_modes = self.db_config.Get("HTTP_AUTH_MODE").strip().split(',') else: self.application.http_auth = False