added MZ's ratproxy patch for wmap

git-svn-id: file:///home/svn/framework3/trunk@5696 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-28 00:09:50 +00:00 · 2008-09-28 00:09:50 +00:00 · 1bf3c76c9c
parent d553fe2f8d
commit 1bf3c76c9c
2 changed files with 236 additions and 0 deletions
--- a/external/ratproxy/ratproxy_wmap.diff
+++ b/external/ratproxy/ratproxy_wmap.diff
@ -0,0 +1,214 @@
+diff -Naur ratproxy/Makefile ratproxymod/Makefile
+--- ratproxy/Makefile	2008-06-10 11:44:28.000000000 +0000
+++ ratproxymod/Makefile	2008-09-25 18:53:31.000000000 +0000
+@@ -21,7 +21,7 @@
+ 
+ PROGNAME = ratproxy
+ CFLAGS	 = -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE
+-LDFLAGS  = -lcrypto -lssl
+LDFLAGS  = -lcrypto -lssl -lsqlite3
+ 
+ all: $(PROGNAME) flare-check
+ 
+diff -Naur ratproxy/ratproxy.c ratproxymod/ratproxy.c
+--- ratproxy/ratproxy.c	2008-07-03 06:27:15.000000000 +0000
+++ ratproxymod/ratproxy.c	2008-09-25 22:15:54.000000000 +0000
+@@ -43,6 +43,9 @@
+ #include <openssl/md5.h>
+ #include <time.h>
+ 
+/* MSF Wmap - ET loWNOISE et[]metasploit.com */
+#include <sqlite3.h>
+
+ #include "config.h"
+ #include "types.h"
+ #include "debug.h"
+@@ -75,6 +78,7 @@
+ 
+ _u8* use_proxy;					/* Upstream proxy             */
+ _u8* trace_dir;					/* Trace directory            */
+_u8* db_file;				        /* Sqlite3 DB    	      */	
+ _u32 proxy_port = 8080;				/* Upstream proxy port        */
+ _u8  use_len;					/* Use length, not cksum      */
+ 
+@@ -90,6 +94,7 @@
+         "   -p port       - listen on a custom TCP port (default: 8080)\n"
+         "   -d domain     - analyze requests to specified domains only (default: all)\n"
+         "   -P host:port  - use upstream proxy for all requests (format host:port)\n"
+	"   -b dbfile     - Sqlite3 wmap file\n"
+         "   -r            - accept remote connections (default: 127.0.0.1 only)\n"
+         "   -l            - use response length, not checksum, for identity check\n"
+         "   -2            - perform two, not one, page identity check\n"
+@@ -111,7 +116,8 @@
+         "Example settings suitable for most tests:\n"
+         "  1) Low verbosity  : -v <outdir> -w <outfile> -d <domain> -lfscm\n"
+         "  2) High verbosity : -v <outdir> -w <outfile> -d <domain> -lextifscgjm\n"
+-        "  3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm\n\n"
+        "  3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm\n"
+        "  4) Wmap           : -v <outdir> -b <wmap db>\n"
+ 
+         "Multiple -d options are allowed. Consult the documentation for more.\n", argv0);
+ 
+@@ -538,12 +544,23 @@
+ 
+ static _u8 dump_fn[1024];
+ static _u8 dumped_already;
+static _u8 db_dump_fn[1024];
+ 
+ /* Save trace data to file, if requested. */
+ static _u8* save_trace(struct http_request* req, struct http_response* res) {
+   _s32 f;
+   _u32 i;
+  _u32 lenh;
+  _u32 reslenh;
+   FILE* out;
+  _u8 *zErrMsg = 0;
+  _u8 *zTail;
+  _u32 rc;
+  sqlite3 *db;
+  sqlite3_stmt *pStmt;
+  static _u8 reqhbuf[1024];
+  static _u8* reqh;
+  static _u8* resh;
+ 
+   if (!trace_dir) return "-";
+ 
+@@ -551,6 +568,109 @@
+   if (dumped_already) return dump_fn;
+   dumped_already = 1;
+ 
+  /* Sqlite3 Wmap format*/
+
+  if (db_file) {
+
+     lenh=0;
+     for (i=0;i<req->h.c;i++){
+         sprintf(reqhbuf,"%s: %s\n", req->h.v1[i], req->h.v2[i]);
+	 lenh = lenh+strlen(reqhbuf);
+     }	
+  
+     reqh = malloc(lenh + 1);
+     if (!reqh) fatal("out of memory");
+  
+     strcpy(reqh,"");
+  
+     for (i=0;i<req->h.c;i++){
+         sprintf(reqhbuf,"%s: %s\n", req->h.v1[i], req->h.v2[i]);
+	 strcat(reqh,reqhbuf);
+     }
+  
+     /* Resp headers*/
+     reslenh=0;
+     for (i=0;i<res->h.c;i++){
+         sprintf(reqhbuf,"%s: %s\n", res->h.v1[i], res->h.v2[i]);
+	 reslenh = reslenh+strlen(reqhbuf);
+     }	
+  
+     resh = malloc(reslenh + 1);
+     if (!resh) fatal("out of memory");
+  
+     strcpy(resh,"");
+  
+     for (i=0;i<res->h.c;i++){
+         sprintf(reqhbuf,"%s: %s\n", res->h.v1[i], res->h.v2[i]);
+  	 strcat(resh,reqhbuf);
+     }
+
+     /*db*/  
+  
+     sprintf(db_dump_fn,"%s/%s",trace_dir,db_file);
+
+     rc = sqlite3_open(db_dump_fn, &db);
+     if( rc ){
+       fprintf(stderr, "Can't open database: %s\n", sqlite3_errmsg(db));
+       sqlite3_close(db);
+       exit(1);
+     }
+  
+
+     _u8 retry,kr;
+  
+     retry =1;
+     kr=0;
+     while(retry){
+  	  rc = sqlite3_prepare( db,
+          "INSERT INTO "
+          " requests(host,port,ssl,meth,path,headers,query,body,respcode,resphead,response,created) "
+          "VALUES(?,?,?,?,?,?,?,?,?,?,?,?);",
+          -1, &pStmt, &zTail);
+  
+	  if( rc!=SQLITE_OK ){
+		//fprintf(stderr, "SQL error: %s\n", zErrMsg);
+		//fprintf(stderr, "SQL error: retries %d\n", kr++);
+		sqlite3_free(zErrMsg);
+		retry = 1;
+	  }
+	  else{
+	      if(rc==SQLITE_OK){
+	      //fprintf(stderr, "SQL OK: retries %d\n", kr++);
+			
+                sqlite3_bind_text(pStmt, 1, req->host, -1, SQLITE_STATIC);
+                sqlite3_bind_int(pStmt, 2, req->port);
+                sqlite3_bind_int(pStmt, 3, req->from_ssl);
+                sqlite3_bind_text(pStmt, 4, req->method, -1, SQLITE_STATIC);
+                sqlite3_bind_text(pStmt, 5, req->path, -1, SQLITE_STATIC);
+                sqlite3_bind_blob(pStmt, 6, reqh, lenh, SQLITE_STATIC);
+                sqlite3_bind_text(pStmt, 7, req->query, -1, SQLITE_STATIC);
+                sqlite3_bind_blob(pStmt, 8, req->payload,req->payload_len , SQLITE_STATIC);
+                sqlite3_bind_int(pStmt, 9, res->code);
+                sqlite3_bind_blob(pStmt, 10, resh,reslenh, SQLITE_STATIC);
+                sqlite3_bind_blob(pStmt, 11, res->payload, res->payload_len, SQLITE_STATIC);
+                sqlite3_bind_blob(pStmt, 12, "", -1, SQLITE_STATIC);
+                rc = sqlite3_step(pStmt);
+                if ( rc!=SQLITE_DONE ) {
+                   //blah
+                }
+		else{
+		   sqlite3_finalize(pStmt);
+		   //fprintf(stderr, "SQL FINALIZE: retries %d\n", kr++);
+		   retry =0;
+                }
+	      }
+	  }
+     }
+  
+     free(reqh);
+     free(resh);
+     sqlite3_close(db);     
+
+  } 
+  else {
+  /* Normal save*/
+
+   sprintf(dump_fn,"%.512s/%08x-%04x.trace",trace_dir,(_u32)time(0),getpid());
+ 
+   f = open(dump_fn, O_WRONLY | O_CREAT | O_EXCL, 0600);
+@@ -594,6 +714,7 @@
+   fclose(out);
+   close(f);
+ 
+  }
+   return dump_fn;
+ 
+ }
+@@ -1653,7 +1774,7 @@
+ 
+   debug("ratproxy version " VERSION " by <lcamtuf@google.com>\n");
+ 
+-  while ((opt = getopt(argc,argv,"+w:v:p:d:P:itxgjmafske2clXCr")) > 0) 
+  while ((opt = getopt(argc,argv,"+w:v:p:d:P:b:itxgjmafske2clXCr")) > 0) 
+     switch (opt) {
+ 
+       case 'w': {
+@@ -1761,6 +1882,11 @@
+         use_any = 1;
+         break;
+ 
+      case 'b':
+        if (db_file) fatal("multiple -b options make no sense");
+        db_file = optarg;
+	break;
+
+       default: 
+         usage(argv[0]);
+     }
--- a/external/ratproxy/readme.txt
+++ b/external/ratproxy/readme.txt
@ -0,0 +1,22 @@
+Ratproxy v1.51
+Passive web application security assessment tool
+
+Author:   		MZ
+URL:     		http://code.google.com/p/ratproxy/
+Version:  		1.51
+
+WMAP requirements:	Sqlite3 C dev library
+
+
+1. Download ratproxy.
+2. Uncompress source code.
+3. Apply patch.
+
+   patch -d ratproxy_dir < ratproxy_wmap.diff
+
+4. Compile and run. 
+
+Please read documentation/wmap.txt.          
+
+-ET 
+