Class: Arachni::Module::Trainer

Inherits:
Object
  • Object
show all
Includes:
ElementDB, Output, Utilities
Defined in:
lib/arachni/module/trainer.rb

Overview

Trainer class

Analyzes all HTTP responses looking for new auditable elements.

<tasos.laskos@gmail.com>
<zapotek@segfault.gr>

@version: 0.2.1

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Methods included from Utilities

#exception_jail, #get_path, #hash_keys_to_str, #normalize_url, #read_file, #seed, #uri_decode, #uri_encode, #uri_parse, #uri_parser, #url_sanitize

Methods included from ElementDB

#cookie_in_jar?, #init_cookies, #init_forms, #init_links, #update_cookies, #update_forms, #update_links

Methods included from Output

#o_print_bad, #o_print_debug, #o_print_error, #o_print_info, #o_print_line, #o_print_ok, #o_print_status, #o_print_verbose, #print_bad, #print_debug, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose

Methods included from UI::Output

#buffer, #debug!, #debug?, #flush_buffer, #mute!, #muted?, #only_positives!, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, #uncap_buffer!, #unmute!, #verbose!, #verbose?

Constructor Details

- (Trainer) initialize

A new instance of Trainer



36
37
38
39
40
41
 
# File 'lib/arachni/module/trainer.rb', line 36

def initialize
  @opts     = Options.instance
  @updated  = false

  @pages = []
end

Instance Attribute Details

- (Object) http

Returns the value of attribute http



33
34
35
 
# File 'lib/arachni/module/trainer.rb', line 33

def http
  @http
end

- (Page) page

Returns an updated Parser::Page object or nil if there waere no updates

Returns:

  • (Page) 


89
90
91
92
93
94
95
96
 
# File 'lib/arachni/module/trainer.rb', line 89

def page
    if( @updated  )
          @updated = false
          return  @page
      else
          return nil
    end
end

- (Object) parser

Returns the value of attribute parser



34
35
36
 
# File 'lib/arachni/module/trainer.rb', line 34

def parser
  @parser
end

Instance Method Details

- (Object) add_response(res, redir = false)

Passes the reponse to #analyze for analysis

Parameters:

  • res (Typhoeus::Response)
  • redir (Bool) (defaults to: false)

    was the response forcing a redirection?



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/arachni/module/trainer.rb', line 53

def add_response( res, redir = false )

    # non text files won't contain any auditable elements
    type = @http.class.content_type( res.headers_hash )
    if type.is_a?( String) && !type.substring?( 'text' )
        return false
    end

    @parser = Parser.new( Options.instance, res )
    @parser.url = @page.url

    begin
        url = @parser.to_absolute( res.effective_url )

        return if !follow?( url )

        analyze( [ res, redir ] )

    rescue Exception => e
        print_error( "Invalid URL, probably broken redirection. Ignoring..." )
        print_error( "URL: #{res.effective_url}" )
        print_error_backtrace( e )
        raise e
    end

end

- (Object) analyze(res)

Analyzes a response looking for new links, forms and cookies.

Parameters:



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/arachni/module/trainer.rb', line 104

def analyze( res )

    print_debug( 'Started for response with request ID: #' +
      res[0].request.id.to_s )

    @parser.url = @parser.to_absolute( url_sanitize( res[0].effective_url ) )

    train_cookies( res[0] )

    # if the response body is the same as the page body and
    # no new cookies have appeared there's no reason to analyze the page
    if( res[0].body == @page.html && !@updated )
        print_debug( 'Page hasn\'t changed, skipping...' )
        return
    end

    train_forms( res[0] )
    train_links( res[0], res[1] )

    if( @updated )

        begin
            url         = res[0].request.url
            # prepare the page url
            @parser.url = @parser.to_absolute( url )
        rescue Exception => e
            print_error( "Invalid URL, probably broken redirection. Ignoring..." )

            begin
                print_error( "URL: #{res[0].request.url}" )
            rescue
            end

            print_error_backtrace( e )
            return
        end

        @page.html = res[0].body.dup
        @page.response_headers    = res[0].headers_hash
        @page.query_vars = @parser.link_vars( @parser.url ).dup
        @page.url        = @parser.url.dup
        @page.code       = res[0].code
        @page.method     = res[0].request.method.to_s.upcase

        @page.forms      ||= []
        @page.links      ||= []
        @page.cookies    ||= []

        @pages << @page

        @updated = false
    end

    print_debug( 'Training complete.' )
end

- (Object) flush_pages 



160
161
162
163
164
 
# File 'lib/arachni/module/trainer.rb', line 160

def flush_pages
    pages = @pages.dup
    @pages = []
    pages
end

- (Boolean) follow?(url)

Returns:

  • (Boolean) 


80
81
82
 
# File 'lib/arachni/module/trainer.rb', line 80

def follow?( url )
    !@parser.skip?( url )
end

- (Object) set_page(page) 



43
44
45
 
# File 'lib/arachni/module/trainer.rb', line 43

def set_page( page )
    @page = page.deep_clone
end