metasploit-framework/external/ratproxy/ratproxy_wmap.diff

249 lines
7.3 KiB
Diff

--- ratproxy/Makefile 2008-06-10 06:44:28.000000000 -0500
+++ ratproxymod/Makefile 2008-11-06 16:36:22.000000000 -0600
@@ -21,7 +21,7 @@
PROGNAME = ratproxy
CFLAGS = -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE
-LDFLAGS = -lcrypto -lssl
+LDFLAGS = -lcrypto -lssl -lsqlite3
all: $(PROGNAME) flare-check
--- ratproxy/ratproxy.c 2008-07-03 01:27:15.000000000 -0500
+++ ratproxymod/ratproxy.c 2008-11-06 16:36:24.000000000 -0600
@@ -43,6 +43,9 @@
#include <openssl/md5.h>
#include <time.h>
+/* MSF Wmap - ET loWNOISE et[]metasploit.com */
+#include <sqlite3.h>
+
#include "config.h"
#include "types.h"
#include "debug.h"
@@ -75,8 +78,11 @@
_u8* use_proxy; /* Upstream proxy */
_u8* trace_dir; /* Trace directory */
+_u8* db_file; /* Sqlite3 DB */
_u32 proxy_port = 8080; /* Upstream proxy port */
-_u8 use_len; /* Use length, not cksum */
+_u8 use_len; /* Use length, not cksum */
+
+_u8 ip_addr[18];
static FILE* outfile; /* Output file descriptor */
@@ -90,6 +96,7 @@
" -p port - listen on a custom TCP port (default: 8080)\n"
" -d domain - analyze requests to specified domains only (default: all)\n"
" -P host:port - use upstream proxy for all requests (format host:port)\n"
+ " -b dbfile - Sqlite3 wmap file\n"
" -r - accept remote connections (default: 127.0.0.1 only)\n"
" -l - use response length, not checksum, for identity check\n"
" -2 - perform two, not one, page identity check\n"
@@ -111,7 +118,8 @@
"Example settings suitable for most tests:\n"
" 1) Low verbosity : -v <outdir> -w <outfile> -d <domain> -lfscm\n"
" 2) High verbosity : -v <outdir> -w <outfile> -d <domain> -lextifscgjm\n"
- " 3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm\n\n"
+ " 3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm\n"
+ " 4) Wmap : -v <outdir> -b <wmap db>\n"
"Multiple -d options are allowed. Consult the documentation for more.\n", argv0);
@@ -538,12 +546,23 @@
static _u8 dump_fn[1024];
static _u8 dumped_already;
+static _u8 db_dump_fn[1024];
/* Save trace data to file, if requested. */
static _u8* save_trace(struct http_request* req, struct http_response* res) {
_s32 f;
_u32 i;
+ _u32 lenh;
+ _u32 reslenh;
FILE* out;
+ _u8 *zErrMsg = 0;
+ _u8 *zTail;
+ _u32 rc;
+ sqlite3 *db;
+ sqlite3_stmt *pStmt;
+ static _u8 reqhbuf[1024];
+ static _u8* reqh;
+ static _u8* resh;
if (!trace_dir) return "-";
@@ -551,6 +570,109 @@
if (dumped_already) return dump_fn;
dumped_already = 1;
+ /* Sqlite3 Wmap format*/
+
+ if (db_file) {
+
+ lenh=0;
+ for (i=0;i<req->h.c;i++){
+ sprintf(reqhbuf,"%s: %s\n", req->h.v1[i], req->h.v2[i]);
+ lenh = lenh+strlen(reqhbuf);
+ }
+
+ reqh = malloc(lenh + 1);
+ if (!reqh) fatal("out of memory");
+
+ strcpy(reqh,"");
+
+ for (i=0;i<req->h.c;i++){
+ sprintf(reqhbuf,"%s: %s\n", req->h.v1[i], req->h.v2[i]);
+ strcat(reqh,reqhbuf);
+ }
+
+ /* Resp headers*/
+ reslenh=0;
+ for (i=0;i<res->h.c;i++){
+ sprintf(reqhbuf,"%s: %s\n", res->h.v1[i], res->h.v2[i]);
+ reslenh = reslenh+strlen(reqhbuf);
+ }
+
+ resh = malloc(reslenh + 1);
+ if (!resh) fatal("out of memory");
+
+ strcpy(resh,"");
+
+ for (i=0;i<res->h.c;i++){
+ sprintf(reqhbuf,"%s: %s\n", res->h.v1[i], res->h.v2[i]);
+ strcat(resh,reqhbuf);
+ }
+
+ /*db*/
+
+ sprintf(db_dump_fn,"%s/%s",trace_dir,db_file);
+
+ rc = sqlite3_open(db_dump_fn, &db);
+ if( rc ){
+ fprintf(stderr, "Can't open database: %s\n", sqlite3_errmsg(db));
+ sqlite3_close(db);
+ exit(1);
+ }
+
+
+ _u8 retry,kr;
+
+ retry =1;
+ kr=0;
+ while(retry){
+ rc = sqlite3_prepare( db,
+ "INSERT INTO "
+ " requests(host,port,ssl,meth,path,headers,query,body,respcode,resphead,response,created) "
+ "VALUES(?,?,?,?,?,?,?,?,?,?,?,?);",
+ -1, &pStmt, &zTail);
+
+ if( rc!=SQLITE_OK ){
+ //fprintf(stderr, "SQL error: %s\n", zErrMsg);
+ //fprintf(stderr, "SQL error: retries %d\n", kr++);
+ sqlite3_free(zErrMsg);
+ retry = 1;
+ }
+ else{
+ if(rc==SQLITE_OK){
+ //fprintf(stderr, "SQL OK: retries %d\n", kr++);
+
+ sqlite3_bind_text(pStmt, 1, ip_addr, -1, SQLITE_STATIC);
+ sqlite3_bind_int(pStmt, 2, req->port);
+ sqlite3_bind_int(pStmt, 3, req->from_ssl);
+ sqlite3_bind_text(pStmt, 4, req->method, -1, SQLITE_STATIC);
+ sqlite3_bind_text(pStmt, 5, req->path, -1, SQLITE_STATIC);
+ sqlite3_bind_blob(pStmt, 6, reqh, lenh, SQLITE_STATIC);
+ sqlite3_bind_text(pStmt, 7, req->query, -1, SQLITE_STATIC);
+ sqlite3_bind_blob(pStmt, 8, req->payload,req->payload_len , SQLITE_STATIC);
+ sqlite3_bind_int(pStmt, 9, res->code);
+ sqlite3_bind_blob(pStmt, 10, resh,reslenh, SQLITE_STATIC);
+ sqlite3_bind_blob(pStmt, 11, res->payload, res->payload_len, SQLITE_STATIC);
+ sqlite3_bind_blob(pStmt, 12, "", -1, SQLITE_STATIC);
+ rc = sqlite3_step(pStmt);
+ if ( rc!=SQLITE_DONE ) {
+ //blah
+ }
+ else{
+ sqlite3_finalize(pStmt);
+ //fprintf(stderr, "SQL FINALIZE: retries %d\n", kr++);
+ retry =0;
+ }
+ }
+ }
+ }
+
+ free(reqh);
+ free(resh);
+ sqlite3_close(db);
+
+ }
+ else {
+ /* Normal save*/
+
sprintf(dump_fn,"%.512s/%08x-%04x.trace",trace_dir,(_u32)time(0),getpid());
f = open(dump_fn, O_WRONLY | O_CREAT | O_EXCL, 0600);
@@ -594,6 +716,7 @@
fclose(out);
close(f);
+ }
return dump_fn;
}
@@ -1653,7 +1776,7 @@
debug("ratproxy version " VERSION " by <lcamtuf@google.com>\n");
- while ((opt = getopt(argc,argv,"+w:v:p:d:P:itxgjmafske2clXCr")) > 0)
+ while ((opt = getopt(argc,argv,"+w:v:p:d:P:b:itxgjmafske2clXCr")) > 0)
switch (opt) {
case 'w': {
@@ -1761,6 +1884,11 @@
use_any = 1;
break;
+ case 'b':
+ if (db_file) fatal("multiple -b options make no sense");
+ db_file = optarg;
+ break;
+
default:
usage(argv[0]);
}
--- ratproxy/http.c 2008-06-10 07:28:26.000000000 -0500
+++ ratproxymod/http.c 2008-11-06 16:36:24.000000000 -0600
@@ -32,6 +32,7 @@
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -57,6 +58,8 @@
static _u8 srv_buf[MAXLINE], /* libc IO buffers */
cli_buf[MAXLINE];
+extern _u8 ip_addr[18];
+
/* Read a single line of HTTP headers, strip whitespaces */
static _u8* grab_line(FILE* where) {
@@ -657,7 +660,10 @@
struct hostent* he;
_s32 ss;
- if (!(he = gethostbyname(host)) || !(he->h_addr_list[0]))
+ he = gethostbyname(host);
+ strncpy(ip_addr,inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),18);
+
+ if (!(he) || !(he->h_addr_list[0]))
http_error(client,"Unable to find target host",0);
ss = socket(PF_INET, SOCK_STREAM, 0);