golang: Criando um Http Methods Tester v0.1 by firebits – baseado na RFC 2616

Já faz um tempo que estou me aprofundando nos conceitos da OWASP, há muito no que aprofundar ainda. Estou desenvolvendo um WAS (Web Application Scanner) open source e apenas “free for fun”, mesmo. 🙂

Esse source code que fiz foi para explorar Http Methods, sendo que pode detectar alguns considerados vulneráveis em um web server.

Referência:
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)

golang.org

my brain;)

/* Http Methods Tester v0.1
* RFC 2616 http://www.ietf.org/rfc/rfc2616.txt
* Obtem os HTTP Methods de uma web app
* Mauro Risonho de Paula Assumpção aka firebits
* 24.03.2014 23:01:17
* License BSD 3
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of the nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/

package main
import (
“net”
“os”
“fmt”
“io/ioutil”
)

func main() {
if len(os.Args) != 2 {
fmt.Fprintf(os.Stderr, “Uso: %s host:port “, os.Args[0])
os.Exit(1)

}
service := os.Args[1]
tcpAddr, err := net.ResolveTCPAddr(“tcp4”, service)

//Verificador de Error(err)
//TODO:
// tentar usar while e usar vetor
conn_TRACE, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_CONNECT, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_OPTIONS, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_PUT, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_POST, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_GET, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_HEAD, err := net.DialTCP(“tcp”, nil, tcpAddr)
conn_DELETE, err := net.DialTCP(“tcp”, nil, tcpAddr)

//Verificador de Error(err)
_, err = conn_TRACE.Write([]byte(“TRACE / HTTP/1.0\r\n\r\n”))
_, err = conn_CONNECT.Write([]byte(“CONNECT / HTTP/1.0\r\n\r\n”))
_, err = conn_OPTIONS.Write([]byte(“OPTIONS / HTTP/1.0\r\n\r\n”))
_, err = conn_PUT.Write([]byte(“PUT / HTTP/1.0\r\n\r\n”))
_, err = conn_POST.Write([]byte(“POST / HTTP/1.0\r\n\r\n”))
_, err = conn_GET.Write([]byte(“GET / HTTP/1.0\r\n\r\n”))
_, err = conn_HEAD.Write([]byte(“HEAD / HTTP/1.0\r\n\r\n”))
_, err = conn_DELETE.Write([]byte(“DELETE / HTTP/1.0\r\n\r\n”))

//Verificador de Error(err)
//resultado, err := readFully(conn_Method)
result_TRACE, err := ioutil.ReadAll(conn_TRACE)
result_CONNECT, err := ioutil.ReadAll(conn_CONNECT)
result_OPTIONS, err := ioutil.ReadAll(conn_OPTIONS)
result_PUT, err := ioutil.ReadAll(conn_PUT)
result_POST, err := ioutil.ReadAll(conn_POST)
result_GET, err := ioutil.ReadAll(conn_GET)
result_HEAD, err := ioutil.ReadAll(conn_HEAD)
result_DELETE, err := ioutil.ReadAll(conn_DELETE)

checkError(err)

// exibir os resultados dos HTTP Methods
// TODO fazer algo que detecte se foi renderizado ou não, ou se retorna request 200
// ou 405
fmt.Println(“TRACE”)
fmt.Println(string(result_TRACE))
fmt.Println(“============================================================”)

fmt.Println(“CONNECT”)
fmt.Println(string(result_CONNECT))
fmt.Println(“============================================================”)

fmt.Println(“OPTIONS”)
fmt.Println(string(result_OPTIONS))
fmt.Println(“============================================================”)

fmt.Println(“PUT”)
fmt.Println(string(result_PUT))
fmt.Println(“============================================================”)

fmt.Println(“POST”)
fmt.Println(string(result_POST))
fmt.Println(“============================================================”)

fmt.Println(“GET”)
fmt.Println(string(result_GET))
fmt.Println(“============================================================”)

fmt.Println(“HEAD”)
fmt.Println(string(result_HEAD))
fmt.Println(“============================================================”)

fmt.Println(“DELETE”)
fmt.Println(string(result_DELETE))
fmt.Println(“============================================================”)

os.Exit(0)
}
func checkError(err error) {
if err != nil {
fmt.Fprintf(os.Stderr, “Erro Fatal: %s”, err.Error())
os.Exit(1)
}
}

Há muito o que melhorar ainda, como usar vetor e quem sabe um while e ir fazendo trocas de http methods, mas vou revisando e postando aqui no blog.

Depois passo para meu git também.

No próximo post, vou falar sobre http methods com webdav, que é similar na essência, mas tem outra utilidade, um pouco diferenciada.

@firebitsbr

Anúncios

OpenBSD Tentando porting do Virtualbox (draft)

Ontem (23-06-2012), tentei pela primeira vez (mas era um desejo de uns 5 anos atrás), o porting do código-fonte do virtualbox para OpenBSD, tornando mais um host de virtualização.

Quando saiu o primeiro porting do Virtualbox para FreeBSD, achei que viria para OpenBSD, também.

FreeBSD build instructions
https://www.virtualbox.org/wiki/FreeBSD%20build%20instructions
http://dgz.dyndns.org/mediawiki/index.php/%28OBSD%29_HOWTO_Install_VMWARE_tools_on_a_OpenBSD_system
http://www.h-i-r.net/2009/11/virtualbox-full-screen-resolution-for.html

The FreeBSD build instructions are being worked on as the FreeBSD port advances.

If you like to help out with the FreeBSD port, please join the #vbox-dev irc channel or drop a mail on the development mailing list.

Current state: It works quite stable by now for FreeBSD 7.x and 8-CURRENT. There is a port in the FreeBSD ports tree too.
Prerequisites

You need:

[OK]    GCC 3.2.3 or later (except for the GCC 4.0.x series)
=> The default GCC should be fine.

[OK]    Yasm 0.6.2 or later
=> /usr/ports/devel/yasm

[NOK]    -> Freebsd
as86 (real mode assembler, usually part of the dev86 or bin86 package)
=> /usr/ports/devel/dev86

[NOK] -> Freebsd
bcc (Bruce Evans C Compiler; often part of the dev86 package)
=> /usr/ports/devel/dev86 (same as above)

[NOK]
IASL (Intel ACPI compiler)
=> The one installed into /usr/sbin/iasl should be fine.

[OK]
xsltproc (libxslt, XML style sheet processor)
=> /usr/ports/textproc/libxslt

[OK]
libxml2
=> /usr/ports/textproc/libxml2

[NOK]    -> Freebsd
libXcursor (required to support color mouse pointers in guest)
=> Probably installed, if not try /usr/ports/x11/libXcursor.

[OK]
libpng
=> /usr/ports/graphics/png

[OK]
libIDL
=> /usr/ports/devel/libIDL

[OK]
libSDL
=> /usr/ports/devel/sdl12

[OK]
mkisofs (required only for additions which aren’t supported yet)
=> /usr/ports/sysutils/cdrtools

[NOK] -> Freebsd
kBuild (The one provided with the VirtualBox sources doesn’t with FreeBSD 8-CURRENT)
=> /usr/ports/devel/kBuild

[OK]
curl
=> /usr/ports/ftp/curl

[NOK]    -> Freebsd
libXmu
=> /usr/ports/x11-toolkits/libXmu

Qt 4.4.x
[OK]
=> /usr/ports/x11-toolkits/qt4-gui

=> /usr/ports/net/qt4-network
=> /usr/ports/devel/qt4-moc
=> /usr/ports/net/qt4-uic
=> /usr/ports/net/qt4-rcc
=> /usr/ports/net/qt4-linguist ; or configure –disable-qt

Building VirtualBox

Change to the root directory of the sources and execute the configure script:

./configure –disable-hardening

If it finds everything it needs, it will create a file called ‘AutoConfig.kmk’ containing paths to the various tools on your system. Also, it will create an environment setup script called env.sh. This step only has to be done once (if something changes in your build tool setup, you might have to repeat it but keep in mind that both output files will be overwritten).

The switch –disable-hardening should not be used for building packages for redistribution or for production use.

Whenever you want to build VirtualBox, you have to open a shell and source the generated environment setup script ‘env.sh’, i.e. do

source ./env.sh

To build a release package, type

kmk all

This produces the required binaries in out/freebsd.x86/release/bin/. If you want to build a debug version, type

kmk BUILD_TYPE=debug

In case you have more than one CPU core, kmk will automatically do a parallel build.

Running your build

You can run VirtualBox directly from the build target directory (out/freebsd.x86/release/bin/).

You have to load the kernel driver first using kldload ./vboxdrv.ko as root. Make sure you give yourself read and write access to /dev/vboxdrv.

If you made a hardened build, make sure that the setuid stubs have the correct permissions:

for f in VirtualBox VBoxHeadless VBoxSDL VBoxBFE VBoxNetDHCP VBoxNetAdpCtl; do
chown root.root $f
chmod 4511 $f
done

Finally, you can start one of the frontends, e.g.

LD_LIBRARY_PATH=. ./VirtualBox