/* Validate URL */ bool validate_url(t_session *session) { if (valid_uri(session->uri, session->host->allow_dot_files)) { if (session->host->secure_url == false) { return true; } else if (strstr(session->request_uri, "%00") == NULL) { return true; } else { session->return_code = 403; } } else { session->return_code = (session->request_method == PUT) ? 403 : 404; } log_exploit_attempt(session, "invalid URL", NULL); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit(session); monitor_event("Invalid URL %s for %s", session->uri, session->host->hostname.item[0]); } #endif session->error_cause = ec_INVALID_URL; return false; }
void zmq::socket_base_t::event(const std::string &addr_, intptr_t value_, int type_) { scoped_lock_t lock(monitor_sync); if (monitor_events & type_) { monitor_event (type_, value_, addr_); } }
/** * monitor_bh - * @ignored: * * Check connected status and load/unload as appropriate. */ void monitor_bh(void *ignored) { printk(KERN_DEBUG "monitor_bh:\n"); monitor_event(); MOD_DEC_USE_COUNT; }
void zmq::socket_base_t::event_connect_delayed (std::string &addr_, int err_) { if (monitor_events & ZMQ_EVENT_CONNECT_DELAYED) { zmq_event_t event; event.event = ZMQ_EVENT_CONNECT_DELAYED; event.value = err_; monitor_event (event, addr_); } }
void zmq::socket_base_t::event_connect_retried (std::string &addr_, int interval_) { if (monitor_events & ZMQ_EVENT_CONNECT_RETRIED) { zmq_event_t event; event.event = ZMQ_EVENT_CONNECT_RETRIED; event.value = interval_; monitor_event (event, addr_); } }
void zmq::socket_base_t::event_listening (std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_LISTENING) { zmq_event_t event; event.event = ZMQ_EVENT_LISTENING; event.value = fd_; monitor_event (event, addr_); } }
void zmq::socket_base_t::event_accepted (std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_ACCEPTED) { zmq_event_t event; event.event = ZMQ_EVENT_ACCEPTED; event.value = fd_; monitor_event (event, addr_); } }
void zmq::socket_base_t::event_close_failed (std::string &addr_, int err_) { if (monitor_events & ZMQ_EVENT_CLOSE_FAILED) { zmq_event_t event; event.event = ZMQ_EVENT_CLOSE_FAILED; event.value = err_; monitor_event (event, addr_); } }
void zmq::socket_base_t::event_disconnected (std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_DISCONNECTED) { zmq_event_t event; event.event = ZMQ_EVENT_DISCONNECTED; event.value = fd_; monitor_event (event, addr_); } }
void zmq::socket_base_t::stop_monitor (bool send_monitor_stopped_event_) { if (monitor_socket) { if ((monitor_events & ZMQ_EVENT_MONITOR_STOPPED) && send_monitor_stopped_event_) monitor_event (ZMQ_EVENT_MONITOR_STOPPED, 0, ""); zmq_close (monitor_socket); monitor_socket = NULL; monitor_events = 0; } }
void zmq::socket_base_t::stop_monitor (void) { if (monitor_socket) { if (monitor_events & ZMQ_EVENT_MONITOR_STOPPED) monitor_event (ZMQ_EVENT_MONITOR_STOPPED, 0, ""); zmq_close (monitor_socket); monitor_socket = NULL; monitor_events = 0; } }
void zmq::socket_base_t::event_disconnected (std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_DISCONNECTED) { zmq_event_t event; event.event = ZMQ_EVENT_DISCONNECTED; event.data.disconnected.addr = (char *) malloc (addr_.size () + 1); copy_monitor_address (event.data.disconnected.addr, addr_); event.data.disconnected.fd = fd_; monitor_event (event); } }
void zmq::socket_base_t::event_close_failed (std::string &addr_, int err_) { if (monitor_events & ZMQ_EVENT_CLOSE_FAILED) { zmq_event_t event; event.event = ZMQ_EVENT_CLOSE_FAILED; event.data.close_failed.addr = (char *) malloc (addr_.size () + 1); copy_monitor_address (event.data.close_failed.addr, addr_); event.data.close_failed.err = err_; monitor_event (event); } }
void zmq::socket_base_t::event_listening (std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_LISTENING) { zmq_event_t event; event.event = ZMQ_EVENT_LISTENING; event.data.listening.addr = (char *) malloc (addr_.size () + 1); copy_monitor_address (event.data.listening.addr, addr_); event.data.listening.fd = fd_; monitor_event (event); } }
void zmq::socket_base_t::event_connect_retried (std::string &addr_, int interval_) { if (monitor_events & ZMQ_EVENT_CONNECT_RETRIED) { zmq_event_t event; event.event = ZMQ_EVENT_CONNECT_RETRIED; event.data.connect_retried.addr = (char *) malloc (addr_.size () + 1); copy_monitor_address (event.data.connect_retried.addr, addr_); event.data.connect_retried.interval = interval_; monitor_event (event); } }
void zmq::socket_base_t::event_connect_delayed (std::string &addr_, int err_) { if (monitor_events & ZMQ_EVENT_CONNECT_DELAYED) { zmq_event_t event; event.event = ZMQ_EVENT_CONNECT_DELAYED; event.data.connect_delayed.addr = (char *) malloc (addr_.size () + 1); copy_monitor_address (event.data.connect_delayed.addr, addr_); event.data.connect_delayed.err = err_; monitor_event (event); } }
/* ************************************************** */ void monitor_death(call_t *c) { struct entitydata *entitydata = get_entity_private_data(c); /* log node death */ entitydata->nbr_nodes--; /* log active nodes number */ log_activenodes(c); /* monitor */ monitor_event(c); }
static void log_sqli_attempt(t_session *session, char *str) { log_exploit_attempt(session, "SQLi", str); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit_attempt(session); monitor_event("SQLi attempt for %s%s", session->host->hostname.item[0], session->uri); } #endif }
static int prevent_xss_str(t_session *session, char *input) { int result = 0; short low, high; char *str, value; char tag[22]; str = input; while (*str != '\0') { if ((value = *str) == '%') { if ((high = hex_char_to_int(*(str + 1))) != -1) { if ((low = hex_char_to_int(*(str + 2))) != -1) { value = (char)(high<<4) + low; str += 2; } } } if (value == '<') { str++; strncpy(tag, str, 21); tag[21] = '\0'; url_decode(tag); strlower(tag); if ((memcmp(tag, "script", 6) == 0) && ((tag[6] == ' ') || (tag[6] == '>'))) { log_exploit_attempt(session, "XSS", input); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit_attempt(session); monitor_event("XSS attempt for %s%s", session->host->hostname.item[0], session->uri); } #endif if (session->host->prevent_xss == p_prevent) { *str = '_'; } result = 1; break; } } str++; } return result; }
void zmq::socket_base_t::stop_monitor (bool send_monitor_stopped_event_) { // this is a private method which is only called from // contexts where the mutex has been locked before if (monitor_socket) { if ((monitor_events & ZMQ_EVENT_MONITOR_STOPPED) && send_monitor_stopped_event_) monitor_event (ZMQ_EVENT_MONITOR_STOPPED, 0, ""); zmq_close (monitor_socket); monitor_socket = NULL; monitor_events = 0; } }
void zmq::socket_base_t::stop_monitor() { if (monitor_socket) { if (monitor_events & ZMQ_EVENT_MONITOR_STOPPED) { zmq_event_t event; event.event = ZMQ_EVENT_MONITOR_STOPPED; event.value = 0; monitor_event (event, ""); } zmq_close (monitor_socket); monitor_socket = NULL; monitor_events = 0; } }
/* Prevent SQL injection */ static int prevent_sqli_str(t_session *session, char *str, int length) { char *data, *c; t_sqli_pattern *pattern; int result = 0; if ((str == NULL) || (length <= 0)) { return 0; } if ((data = (char*)malloc(length + 1)) == NULL) { return -1; } memcpy(data, str, length); data[length] = '\0'; url_decode(data); c = data; while (*c != '\0') { if (*c == '+') { *c = ' '; } c++; } pattern = sqli_patterns; while (pattern != NULL) { if (regexec(&(pattern->regex), data, 0, NULL, 0) != REG_NOMATCH) { log_exploit_attempt(session, "SQLi", str); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit(session); monitor_event("SQLi attempt for %s", session->file_on_disk); } #endif result = 1; break; } pattern = pattern->next; } free(data); return result; }
/* Prevent cross-site scripting. */ int prevent_xss(t_session *session) { int result = 0; bool logged = false; short low, high; char *str, value; if ((str = session->vars) == NULL) { return 0; } while (*str != '\0') { if ((value = *str) == '%') { if ((high = hex_char_to_int(*(str + 1))) != -1) { if ((low = hex_char_to_int(*(str + 2))) != -1) { value = (char)(high<<4) + low; } } } if ((value == '\"') || (value == '<') || (value == '>') || (value == '\'')) { if (logged == false) { log_exploit_attempt(session, "XSS", session->vars); #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit(session); monitor_event("XSS attempt for %s", session->file_on_disk); } #endif logged = true; } *str = '_'; result = 1; } str++; } return result; }
void zmq::socket_base_t::event_closed (const std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_CLOSED) monitor_event (ZMQ_EVENT_CLOSED, fd_, addr_); }
void zmq::socket_base_t::event_listening (const std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_LISTENING) monitor_event (ZMQ_EVENT_LISTENING, fd_, addr_); }
void zmq::socket_base_t::event_accepted (const std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_ACCEPTED) monitor_event (ZMQ_EVENT_ACCEPTED, fd_, addr_); }
void zmq::socket_base_t::event_accept_failed (const std::string &addr_, int err_) { if (monitor_events & ZMQ_EVENT_ACCEPT_FAILED) monitor_event (ZMQ_EVENT_ACCEPT_FAILED, err_, addr_); }
/* Prevent Cross-site Request Forgery */ int prevent_csrf(t_session *session) { char *referer, *slash, prev = '\0'; int i, n; #ifdef ENABLE_MONITOR char *csrf_url; #endif if (session->request_method != POST) { return 0; } if ((referer = get_http_header("Origin:", session->http_headers)) == NULL) { if ((referer = get_http_header("Referer:", session->http_headers)) == NULL) { return 0; } } #ifdef ENABLE_MONITOR csrf_url = referer; #endif if (strncmp(referer, "http://", 7) == 0) { referer += 7; } else if (strncmp(referer, "https://", 8) == 0) { referer += 8; } else { session->request_method = GET; session->body = NULL; session->cookies = NULL; log_error(session, "invalid referer while checking for CSRF"); return 1; } if ((slash = strchr(referer, '/')) != NULL) { n = slash - referer; } else { n = strlen(referer); } for (i = 0; i < session->host->hostname.size; i++) { if (strncasecmp(referer, *(session->host->hostname.item + i), n) == 0) { return 0; } } if (session->body != NULL) { prev = *(session->body + session->content_length); *(session->body + session->content_length) = '\0'; } log_exploit_attempt(session, "CSRF", session->body); if (session->body != NULL) { *(session->body + session->content_length) = prev; } if (session->host->prevent_csrf == p_prevent) { session->request_method = GET; session->body = NULL; session->cookies = NULL; } #ifdef ENABLE_TOMAHAWK increment_counter(COUNTER_EXPLOIT); #endif #ifdef ENABLE_MONITOR if (session->config->monitor_enabled) { monitor_count_exploit_attempt(session); monitor_event("CSRF attempt for %s%s via %s", session->host->hostname.item[0], session->uri, csrf_url); } #endif return 1; }
void zmq::socket_base_t::event_close_failed (const std::string &addr_, int err_) { if (monitor_events & ZMQ_EVENT_CLOSE_FAILED) monitor_event (ZMQ_EVENT_CLOSE_FAILED, err_, addr_); }
void zmq::socket_base_t::event_disconnected (const std::string &addr_, int fd_) { if (monitor_events & ZMQ_EVENT_DISCONNECTED) monitor_event (ZMQ_EVENT_DISCONNECTED, fd_, addr_); }