added support for WebScarab logs

2024-11-22 17:46:37 +03:00 · 2011-01-20 15:55:50 +00:00 · 2011-01-20 15:55:50 +00:00 · 2fa066f892
commit 2fa066f892
parent 345e2288e1
1 changed files with 131 additions and 94 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -25,6 +25,7 @@ from extra.keepalive import keepalive
 from extra.xmlobject import xmlobject
 from lib.controller.checks import checkConnection
 from lib.core.common import backend
+from lib.core.common import extractRegexResult
 from lib.core.common import getConsoleWidth
 from lib.core.common import getFileItems
 from lib.core.common import getFileType
@ -136,18 +137,43 @@ def __urllib2Opener():
    urllib2.install_opener(opener)

 def __feedTargetsDict(reqFile, addedTargetUrls):
-    fp = openFile(reqFile, "rb")
+    """
+    Parses web scarab and burp logs and adds results to the target url list
+    """

-    fread = fp.read()
-    fread = fread.replace("\r", "")
+    def __parseWebScarabLog(content):
+        """
+        Parses web scarab logs (POST method not supported)
+        """
+        reqResList = content.split("### Conversation")

-    reqResList = fread.split("======================================================")
+        for request in reqResList:
+            url    = extractRegexResult(r"URL: (?P<result>.+?)\n", request, re.I)
+            method = extractRegexResult(r"METHOD: (?P<result>.+?)\n", request, re.I)
+            cookie = extractRegexResult(r"COOKIE: (?P<result>.+?)\n", request, re.I)

+            if not method or not url:
+                logger.debug("Invalid log data")
+                continue
+
+            if method.upper() == "POST":
+                warnMsg = "POST requests from WebScarab logs are not supported "
+                warnMsg += "as data content is stored in separate files"
+                logger.warning(warnMsg)
+                continue
+
+            if not kb.targetUrls or url not in addedTargetUrls:
+                kb.targetUrls.add((url, method, None, cookie))
+                addedTargetUrls.add(url)
+
+    def __parseBurpLog(content):
+        """
+        Parses burp logs
+        """
        port   = None
        scheme = None

-    if conf.scope:
-        logger.info("using regular expression '%s' for filtering targets" % conf.scope)
+        reqResList = content.split("======================================================")

        for request in reqResList:
            if scheme is None:
@ -239,6 +265,17 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                    kb.targetUrls.add((url, method, data, cookie))
                    addedTargetUrls.add(url)

+    fp = openFile(reqFile, "rb")
+
+    fread = fp.read()
+    fread = fread.replace("\r", "")
+
+    if conf.scope:
+        logger.info("using regular expression '%s' for filtering targets" % conf.scope)
+
+    __parseBurpLog(fread)
+    __parseWebScarabLog(fread)
+
 def __loadQueries():
    """
    Loads queries from 'xml/queries.xml' file.