''' unSSL.py Copyright 2006 Andres Riancho This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' import core.controllers.outputManager as om from core.controllers.basePlugin.baseAuditPlugin import baseAuditPlugin import core.data.kb.knowledgeBase as kb from core.controllers.w3afException import w3afException import core.data.kb.vuln as vuln from core.data.parsers.urlParser import * class unSSL(baseAuditPlugin): ''' This plugin checks if secure content can also be fetched using http. @author: Andres Riancho ( andres.riancho@gmail.com ) ''' def __init__(self): baseAuditPlugin.__init__(self) def _fuzzRequests(self, freq ): ''' Check if https and fetch the same thing using http. ie: input: https://a/ check: http://a/ @param freq: A fuzzableRequest ''' if 'HTTPS' == getProtocol( freq.getURL() ).upper(): secure = freq.getURL() unsecure = 'http://' + allButScheme(freq.getURL()) httpsResponse = self._sendMutant( freq ) freq.setURL( unsecure ) httpResponse = self._sendMutant( freq ) if httpResponse.getCode() == httpsResponse.getCode(): if httpResponse.getBody() == httpsResponse.getBody(): v = vuln.vuln( freq ) v.setDesc( 'Secure content can be accesed using insecure protocol http. The URLs are: ' + secure + ' - ' + unsecure + ' .' ) v.setId( httpResponse.id ) kb.kb.append( self, 'unSSL', v ) om.out.vulnerability( v.getDesc() ) def _analyzeResult( self, fuzzableRequest, res ): pass def getOptionsXML(self): ''' This method returns a XML containing the Options that the plugin has. Using this XML the framework will build a window, a menu, or some other input method to retrieve the info from the user. The XML has to validate against the xml schema file located at : w3af/core/ui/userInterface.dtd @return: XML with the plugin options. ''' return '\ \ \ ' def setOptions( self, OptionList ): ''' This method sets all the options that are configured using the user interface generated by the framework using the result of getOptionsXML(). @parameter OptionList: A dictionary with the options for the plugin. @return: No value is returned. ''' pass def getPluginDeps( self ): ''' @return: A list with the names of the plugins that should be runned before the current one. ''' return [] def getLongDesc( self ): ''' @return: A DETAILED description of the plugin functions and features. ''' return ''' This plugin verifies that URL's that are available using HTTPS aren't available over an insecure HTTP protocol. To detect this, the plugin simply requests "https://abc/a.asp" and "http://abc.asp" and if both are equal, a vulnerability is found. '''