---------- Forwarded message ----------
From: Viktor Gazdag <[EMAIL PROTECTED]>
Date: 2008/12/4
Subject: Re: [W3af-develop] plugin creating question
To: Andres Riancho <[EMAIL PROTECTED]>
2008/11/30 Andres Riancho <[EMAIL PROTECTED]>
> Viktor,
>
> On Sun, Nov 30, 2008 at 6:35 PM, Viktor Gazdag <[EMAIL PROTECTED]>
> wrote:
> > 2008/11/30 Viktor Gazdag <[EMAIL PROTECTED]>
> >>
> >> 2008/11/30 Andres Riancho <[EMAIL PROTECTED]>
> >>>
> >>> Viktor,
> >>>
> >>> On Sat, Nov 22, 2008 at 1:18 PM, Andres Riancho
> >>> <[EMAIL PROTECTED]> wrote:
> >>> > Viktor,
> >>> >
> >>> > On Sat, Nov 22, 2008 at 12:47 PM, Viktor Gazdag <[EMAIL PROTECTED]
> >
> >>> > wrote:
> >>> >> Hello! :)
> >>> >>
> >>> >>
> >>> >> I would like to be interested in create the frontpage
> version(151986)
> >>> >> and
> >>> >> the squid(148264) plugins. Can i make them? If yes, I will start to
> >>> >> code it,
> >>> >> but not finished so quickly. I will have more time for them after
> 2-3
> >>> >> weeks,
> >>> >> when i done with my school things.
> >>> >
> >>> > I'm really glad you want to contribute one more time =). Of course
> you
> >>> > can do it!
> >>> >
> >>> > Regarding the tasks:
> >>> >
> >>> > - 151986: discovery plugin to identify frontpage version
> >>> > It's a rather simple task, you just have to request the
> >>> > "/_vti_inf.html" page and use a regular expression to get the
> version.
> >>> > I think that nessus and metasploit do it, so maybe you can take some
> >>> > ideas from those plugins/modules.
> >>>
> >>> Have you been able to start with the 151986 task? Can I help you with
> >>> something?
> >>
> >> I have some problem with the "indent" things, but at Thursday i will
> make
> >> it. If i have still problem at Thursday, i will write.
> >>
> >
> > I change my mind! Here is the plugin. :)
>
> Excellent! I'm glad you changed your mind =)
> Here are my comments on the plugin, which performs the job as
> expected, but can be modified to be more efficient:
>
> - As we talked through gtalk, the _vti_inf.html file is only located
> in the webroot, so there is no need to search for it inside every
> directory. The for loop with
> "urlParser.getDirectories(fuzzableRequest.getURL() ):" has to be
> removed, together with all the references to self._analyzedDirs.
>
> - In order to be run only once, this discovery plugin has to raise a
> w3afRunOnce exception, (you may find a lot of references to this, and
> usage examples in other discovery plugins)
>
> - Having a _vti_inf.html file in the webroot is not a vulnerability,
> so I changed the result of the plugin from a vulnerability of medium
> severity to a information object.
>
> - I added a "else" after the if that checks if the regex matches (see
> line 92). It is kind of strange to have a _vti_inf.html file without
> any frontpage information, and this has to be reported to the user.
>
> If you have the time, please fix these small issues, and send me the
> plugin again. After that, I'll commit it to the trunk =)
I attached it!:)
>
>
> Thank you very much for your continuous contributions!
>
> >>>
> >>> > - 148264: Identify squid proxy
> >>> > Regarding this task, the issue is a little bit more complicated. I
> >>> > think that creating one plugin to address this vulnerability would be
> >>> > a waste of time, what we could do is create a grep plugin to fetch
> >>> > information from the headers, that can get the information about
> >>> > mod-choke[0], squid, and other appliances.
> >>> >
> >>> > For now, start with the task 151986, whenever you are done with that,
> >>> > we can move on to the next one =)
> >>> >
> >>> > Thanks!
> >>> >
> >>> > [0]
> >>> >
> http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=150711&group_id=170274&group_project_id=50603
> >>> >
> >>> >>
> >>> >>
> -------------------------------------------------------------------------
> >>> >> This SF.Net email is sponsored by the Moblin Your Move Developer's
> >>> >> challenge
> >>> >> Build the coolest Linux based applications with Moblin SDK & win
> great
> >>> >> prizes
> >>> >> Grand prize is a trip for two to an Open Source event anywhere in
> the
> >>> >> world
> >>> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >>> >> _______________________________________________
> >>> >> W3af-develop mailing list
> >>> >> W3af-develop@lists.sourceforge.net
> >>> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > Andres Riancho
> >>> > http://w3af.sourceforge.net/
> >>> > Web Application Attack and Audit Framework
> >>> >
> >>>
> >>>
> >>>
> >>> --
> >>> Andres Riancho
> >>> http://w3af.sourceforge.net/
> >>> Web Application Attack and Audit Framework
> >>
> >
> >
>
>
>
> --
> Andres Riancho
> http://w3af.sourceforge.net/
> Web Application Attack and Audit Framework
>
'''
frontpage_version.py
Copyright 2006 Andres Riancho
This file is part of w3af, w3af.sourceforge.net .
w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
import core.controllers.outputManager as om
# options
from core.data.options.option import option
from core.data.options.optionList import optionList
from core.controllers.basePlugin.baseDiscoveryPlugin import baseDiscoveryPlugin
import core.data.kb.knowledgeBase as kb
import core.data.parsers.urlParser as urlParser
import core.data.kb.info as info
from core.controllers.w3afException import w3afRunOnce
from core.controllers.w3afException import w3afException
import re
class frontpage_ver(baseDiscoveryPlugin):
'''
Search FrontPage Server Info file and if it finds it will determine its version.
@author: Viktor Gazdag ( [EMAIL PROTECTED] )
'''
def __init__(self):
baseDiscoveryPlugin.__init__(self)
# Internal variables
self._exec = True
self._exec_one_time = False
def discover(self, fuzzableRequest ):
'''
For every directory, fetch a list of files and analyze the response.
@parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test.
'''
fuzzable_requests = []
if not self._exec:
# This will remove the plugin from the discovery plugins to be runned.
raise w3afRunOnce()
else:
# Run the plugin.
if self._exec_one_time:
self._exec = False
self.is404 = kb.kb.getData( 'error404page', '404' )
# Request the file
frontpage_info_url = urlParser.urlJoin( fuzzableRequest.getURL() , '/_vti_inf.html' )
try:
response = self._urlOpener.GET( frontpage_info_url, useCache=True )
om.out.debug( '[frontpage_ver] Testing "' + frontpage_info_url + '".' )
except w3afException, w3:
msg = 'Failed to GET FrontPage Server Info file: "' + frontpage_info_url
msg += '". Exception: ' + str(w3)
om.out.debug(msg)
else:
# Check if it's a FrontPage Server Info file
if not self.is404( response ):
regex = 'FPVersion="(.*?)"'
version_match = re.search(regex, response.getBody(), re.IGNORECASE)
if version_match:
i = info.info()
i.setId( response.id )
i.setName( 'FrontPage Configuration Information' )
i.setURL( response.getURL() )
desc = 'The FrontPage Configuration Information file was found at: "'
desc += i.getURL()
desc += '" and the version of FrontPage Server Extensions is: "'
desc += version_match.group(1) + '".'
i.setDesc( desc )
i['version'] = version_match.group(1)
kb.kb.append( self, 'frontpage_version', i )
om.out.information( i.getDesc() )
else:
# This is wierd... we found a _vti_inf file, but there is no frontpage
# information in it... IPS? WAF? honeypot?
i = info.info()
i.setId( response.id )
i.setName( 'Fake FrontPage Configuration Information' )
i.setURL( response.getURL() )
desc = 'A fake FrontPage Configuration Information file was found at: "'
desc += i.getURL()
desc += '". This may be an indication of a honeypot, a WAF or an IPS.'
i.setDesc( desc )
kb.kb.append( self, 'fake_frontpage', i )
om.out.information( i.getDesc() )
return fuzzable_requests
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
return ol
def setOptions( self, OptionList ):
'''
This method sets all the options that are configured using the user interface
generated by the framework using the result of getOptions().
@parameter OptionList: A dictionary with the options for the plugin.
@return: No value is returned.
'''
pass
def getPluginDeps( self ):
'''
@return: A list with the names of the plugins that should be runned before the
current one.
'''
return []
def getLongDesc( self ):
'''
@return: A DETAILED description of the plugin functions and features.
'''
return '''
This plugin searches for the FrontPage Server Info file and if it finds it will try to
determine the version of the Frontpage Server Extensions. The file is located inside the
web server webroot:
- http://localhost/_vti_inf.html
'''
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
