--- spkproxy-1.4.8.orig/Makefile +++ spkproxy-1.4.8/Makefile @@ -0,0 +1,37 @@ +DESTDIR= +DATADIR=/usr/share/spikeproxy + +OTHERFILES = allwords bottomright.html CA.cert CA.pkey \ +FileTemplate.xml help.html index.html left.html notes.html \ +passchecklist requestcache.html scan_database.db server.cert \ +server.pkey shortwords testpickle.pickle \ +titleframe.html topright.html words \ + +DIRS = testVulnXml VulnXML ntlm + +PROGRAMFILES = daveutil.py requestandresponse.py spikeProxyUI.py \ +spkproxy.py testform.py testfunc.py testpickle.py versioncheck.py \ +VulnXML.py whiskerdbtovulnxml.py read_query.py timeoutsocket.py + +COMPILEDFILES = $(PROGRAMFILES:.py=.pyc) + + +# TODO should the python code be bytecompiled? +all: + +regenerate: + ./regerenateVulnXML.sh + +install: + for file in $(OTHERFILES) ; do \ + install -m644 $$file $(DESTDIR)$(DATADIR)/ ; \ + done + for file in $(PROGRAMFILES) ; do \ + install -m755 $$file $(DESTDIR)$(DATADIR)/ ; \ + done + for dir in $(DIRS) ; do \ + cp -a $$dir $(DESTDIR)/$(DATADIR)/ ; \ + done + +clean: + -rm -f $(COMPILEDFILES) ntlm/*pyc --- spkproxy-1.4.8.orig/cleanVulnXML.sh +++ spkproxy-1.4.8/cleanVulnXML.sh @@ -1,3 +1,4 @@ +#!/bin/sh rm -f VulnXML/SiteTests/site* rm -f VulnXML/DirectoryTests/direc* rm -f testVulnXml/* --- spkproxy-1.4.8.orig/cleanup.sh +++ spkproxy-1.4.8/cleanup.sh @@ -1,3 +1,4 @@ +#!/bin/sh rm -rf spikeProxyUI rm -f *~ mkdir spikeProxyUI --- spkproxy-1.4.8.orig/debian/README.Debian +++ spkproxy-1.4.8/debian/README.Debian @@ -0,0 +1,50 @@ +spkproxy for Debian +------------------- + +This package provides a wrapper script that moves into the +/usr/share/spikeproxy dir and runs 'python spkproxy.py' with all the arguments +given on the command line. + +Notice that only 'root' can run spikeproxy since it writes its +results to /var/cache/spikeproxy/. This directory is not +setup writable for all users by default in this package + +Running spikeproxy as 'root' is not recommended so, if you see errors like the +following: + +OSError: [Errno 13] Permission denied: '/var/cache/spikeproxy/www.google.com_80_0' + +then it's because you do not have write permissions in the cache directory. + +Since spikeproxy version 1.4.8-4 a '-c' option has been introduced so that +users can specify an alternate location for the cache directory. The +information below is only useful if you want all users to use the same cache +directory (NOT recommended) + +Sharing the cache directory +--------------------------- + +You need to change permissions for that dir so that an average user can run and +work with spikeproxy. Notice that the Debian package does *not* implement any +behaviour related this by default since it might introduce new security issues +(such as symlink attacks or sensitive information disclosure), it's your task +as an administration to set it up as you wish. + +You could, for example, grant write access to the 'adm' group with + +# chown root.adm /var/cache/spikeproxy/ +# chmod g+wX /var/cache/spikeproxy/ + +If you want to grant access to all users you can just run: + +# chmod a+rwxt /var/cache/spikeproxy/ + +But this might not be a smart move in multi-user systems since a user in the +system could create directories of common web sites and symlinks in them +to trick other users to overwrite their own files. + + + -- Javier Fernandez-Sanguino Pen~a , + Mon, 2 Oct 2006 00:37:10 +0200 + + --- spkproxy-1.4.8.orig/debian/changelog +++ spkproxy-1.4.8/debian/changelog @@ -0,0 +1,169 @@ +spkproxy (1.4.8-4.4) unstable; urgency=medium + + * Non-maintainer upload. + * Update DH level to 10. + * debian/compat: updated to 10. + * debian/control: + - Bumped Standards-Version to 3.9.8. + * debian/rules: + - Fix FTBFS about a binary-indep target. Thanks to Santiago Vila + for patch. (Closes: #831930) + + -- Giovani Augusto Ferreira Sun, 25 Dec 2016 19:10:13 -0200 + +spkproxy (1.4.8-4.3) unstable; urgency=medium + + * Non-maintainer upload. + * Build using dh-python. + + -- Matthias Klose Tue, 18 Aug 2015 18:32:35 +0200 + +spkproxy (1.4.8-4.2) unstable; urgency=low + + * Non-maintainer upload. + * Drop useless dh_python call (Closes: #715309). + + -- Luca Falavigna Sun, 14 Jul 2013 10:21:18 +0200 + +spkproxy (1.4.8-4.1) unstable; urgency=low + + * Non-maintainer upload. + * Change dependency from python-pyopenssl to python-openssl + (Closes: #494902) + + -- Emmanuel Bouthenot Mon, 21 Apr 2009 18:53:26 +0000 + +spkproxy (1.4.8-4) unstable; urgency=low + + * Acknowledge NMU, thanks Ana for the patch. (Closes: #380960) + * Package rebuild makes it depend on python version 2.4 (Closes: #385390) + * Add a new -c option to define the proxy's cache for users, this makes + it easier to define an alternate location for cachedir so that + administrators do not have to fiddle with the permissions of + /var/cache/spikeproxy + * Introduce all the options into the manpage, including the new -c option. + (it previously said there was only one option, which is no longer true) + * Introduce a new function in spikeProxyUI.py to setCache() that checks + if the cache directory exists and is writable. Previously it will only + check if it existed and would not complain about it not being writable + until you browsed through the proxy. This makes the error message + of the cachedir not being useful for the user appear as soon as the + program startups. + * Remove all compile Python files under ntlm/. This makes it possible + to rebuild the package after running spikeproxy locally (within + package sources) + + -- Javier Fernandez-Sanguino Pen~a Sun, 1 Oct 2006 23:51:39 +0200 + +spkproxy (1.4.8-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Updated to the new Python policy. (Closes: #380960) + * Bumped compat to 5. + + -- Ana Beatriz Guerrero Lopez Fri, 29 Sep 2006 00:28:16 +0200 + +spkproxy (1.4.8-3) unstable; urgency=low + + * Do some error interception with respect of the cache dir. + Also, add a symlink from /usr/share/spikeproxy/cache to + /var/cache/spikeproxy/. I'm doing this after Ubuntu + improperly fixed a bug (Malone: #3397) which nobody + forwarded to me. And still the reporter said that I'm not responding, + go figure. + * Have spikeproxy intercept the error when trying to create + cache directories under /var/cache/spikeproxy/ and print some + additional information (point users to README.Debian!) + * Add some more information in README.Debian on how to setup + spikeproxy and why the default is the way it is. + + -- Javier Fernandez-Sanguino Pen~a Thu, 6 Apr 2006 12:11:52 +0200 + + +spkproxy (1.4.8-2) unstable; urgency=low + + * Add timeoutsocked and read_query to the Makefile's python files + to install (Closes: #322229 + + -- Javier Fernandez-Sanguino Pen~a Thu, 11 Aug 2005 20:48:04 +0200 + +spkproxy (1.4.8-1) unstable; urgency=low + + * Updated to latest upstream release + * Use debhelper compatibility version 4 + * Set exit status in the postrm script to prevent --purge from + breaking if the CACHEDIR does not exist (Closes: #320684) + + -- Javier Fernandez-Sanguino Pen~a Fri, 5 Aug 2005 01:01:47 +0200 + +spkproxy (1.4.7-9) unstable; urgency=low + + * Fixed web interface UI with patch provided by Uew Hermann + (Closes: #298235) + + -- Javier Fernandez-Sanguino Pen~a Sat, 19 Mar 2005 20:36:12 +0100 + +spkproxy (1.4.7-8) unstable; urgency=medium + + * Spikeproxy now uses /var/cache/spikeproxy as it's cache directory + instead of the current directory when being run (Closes: #266321) + * Use dh_python in debian/rules (Closes: #207327) + * Remove unnecesary directories from the DIRS definition in the Makefile + * Changed architecture to 'all' + * Remove all the contents of the cache dir on purge + * Changed PORT to '8080' in spikeProxyUI.py + + -- Javier Fernandez-Sanguino Pen~a Wed, 25 Aug 2004 16:55:35 +0200 + +spkproxy (1.4.7-7) unstable; urgency=low + + * Added python-pyopenssl dependencies (Closes: #222409, #222211) + + -- Javier Fernandez-Sanguino Pen~a Fri, 28 Nov 2003 22:39:44 +0100 + +spkproxy (1.4.7-6) unstable; urgency=low + + * Added Build-Depends on python (Closes: #213879) + + -- Javier Fernandez-Sanguino Pen~a Sun, 5 Oct 2003 18:30:58 +0200 + +spkproxy (1.4.7-5) unstable; urgency=low + + * Use dh_python and call dh_python as suggested by Josselin Mouette + (Closes: #207327) + * Removed python byte-compiled files + + -- Javier Fernandez-Sanguino Pen~a Thu, 28 Aug 2003 16:02:56 +0200 + +spkproxy (1.4.7-4) unstable; urgency=low + + * Fixed depends line (Closes: #205946) + + -- Javier Fernandez-Sanguino Pen~a Wed, 20 Aug 2003 16:35:23 +0200 + +spkproxy (1.4.7-3) unstable; urgency=low + + * Depends on python2.3 as requested by maintainers, removed + python 2.2 dependancies. + + -- Javier Fernandez-Sanguino Pen~a Sun, 17 Aug 2003 12:49:52 +0200 + +spkproxy (1.4.7-2) unstable; urgency=low + + * Added python-xml and python2.2-xmlbase to the dependancies (Closes: #198272) + + -- Javier Fernandez-Sanguino Pen~a Sat, 21 Jun 2003 12:56:13 +0200 + +spkproxy (1.4.7-1) unstable; urgency=low + + * Initial Release. + * Added a wrapper script and a manpage to the proxy. + * Modified spikeproy: + - to tell users to setup the HTTP proxy + - to not validate the version (he thinks its outdated even if + it's the latest one) + * Included a Makefile to install the information properly + * Added dependancies suggest by spkproxy.py + + -- Javier Fernandez-Sanguino Pen~a Thu, 5 Jun 2003 08:31:29 +0200 + --- spkproxy-1.4.8.orig/debian/compat +++ spkproxy-1.4.8/debian/compat @@ -0,0 +1 @@ +10 --- spkproxy-1.4.8.orig/debian/control +++ spkproxy-1.4.8/debian/control @@ -0,0 +1,29 @@ +Source: spkproxy +Section: net +Priority: optional +Maintainer: Javier Fernandez-Sanguino Pen~a +Build-Depends: debhelper (>= 10), dh-python +Build-Depends-Indep: python (>= 2.3) +Standards-Version: 3.9.8 + +Package: spikeproxy +Architecture: all +Depends: ${python:Depends}, python-openssl +Description: Web application security testing proxy + SPIKE proXy is part of the SPIKE Application Testing Suite, + It functions as an HTTP and HTTPS proxy, and allows the web developer + or web application auditor low level access to the entire web application + interface, while also providing a bevy of automated tools and techniques + for discovering common problems. These automated tools include: + . + - Automated SQL Injection Detection + - Web Site Crawling (guaranteed not to crawl sites other than + the one being tested) + - Login form brute forcing + - Automated overflow detection + - Automated directory traversal detection + . + In addition to automated analysis, SPIKE proXy allows the user to + analyse the internals of the web application by viewing and changing + all variables, cookies, headers, or other parts of the request and + resubmit them. Also, a single installation can be shared by multiple users. --- spkproxy-1.4.8.orig/debian/copyright +++ spkproxy-1.4.8/debian/copyright @@ -0,0 +1,13 @@ +This package was debianized by Javier Fernandez-Sanguino Pen~a on +Thu, 5 Jun 2003 08:31:29 +0200. + +It was downloaded from http://www.immunitysec.com/downloads/SP147.tgz + +Upstream Author: Dave Aitel + +Copyright: +(c) 2002 - Immunity Security, Inc. + +Spikeproxy is released under the GNU GPL license, you will find a copy +of it in your Debian GNU/Linux system under /usr/share/common-licenses/ + --- spkproxy-1.4.8.orig/debian/dirs +++ spkproxy-1.4.8/debian/dirs @@ -0,0 +1,3 @@ +usr/share/spikeproxy +var/cache/spikeproxy +usr/bin --- spkproxy-1.4.8.orig/debian/docs +++ spkproxy-1.4.8/debian/docs @@ -0,0 +1,4 @@ +README.txt +SpikeUsage.txt +TODO.txt +WHYGPL.txt --- spkproxy-1.4.8.orig/debian/postrm +++ spkproxy-1.4.8/debian/postrm @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +CACHEDIR=/var/cache/spikeproxy + +if [ "$1" = "purge" ]; then + [ -d $CACHEDIR ] && rm -rf $CACHEDIR +fi + + +#DEBHELPER# + +exit 0 --- spkproxy-1.4.8.orig/debian/pyversions +++ spkproxy-1.4.8/debian/pyversions @@ -0,0 +1 @@ +2.3- --- spkproxy-1.4.8.orig/debian/rules +++ spkproxy-1.4.8/debian/rules @@ -0,0 +1,78 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +#export DH_COMPAT=4 + + + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + + + +build: build-stamp + +build-stamp: + dh_testdir + + # It really does nothing at the moment but... + make + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + make clean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/spkproxy. + make install DESTDIR=`pwd`/debian/spikeproxy/ + install -m755 debian/spikeproxy-wrapper `pwd`/debian/spikeproxy/usr/bin/spikeproxy + cd debian/spikeproxy/usr/share/spikeproxy/ && ln -s ../../../var/cache/spikeproxy/ cache + +# Build architecture-dependent files here. +binary-arch: +# We have nothing to do by default. + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_python2 +# dh_installdebconf + dh_installdocs + dh_installexamples + dh_installmenu + dh_installcron + dh_installman debian/spikeproxy.1 + dh_installinfo + dh_installchangelogs CHANGELOG.txt + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- spkproxy-1.4.8.orig/debian/spikeproxy-wrapper +++ spkproxy-1.4.8/debian/spikeproxy-wrapper @@ -0,0 +1,10 @@ +#!/bin/sh + +DATADIR=/usr/share/spikeproxy/ +if [ ! -d "$DATADIR" ] ; then + echo "ERR: Cannot find $DATADIR, is spikeproxy properly installed?" + exit 1 +fi + +cd $DATADIR +exec python spkproxy.py $* --- spkproxy-1.4.8.orig/debian/spikeproxy.1 +++ spkproxy-1.4.8/debian/spikeproxy.1 @@ -0,0 +1,110 @@ +.\" Hey, EMACS: -*- nroff -*- +.TH SPIKEPROXY 1 "October 2, 2006" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +spikeproxy \- web application auditing tool +.SH SYNOPSIS +.B spkproxy +.B [-s SSLproxyhost] [-p port] [-U NTLMUser] [-D NTLMDomain] [-P NTLMPassword] +.B [-l ListenHost] [-c cache_directory] +.SH DESCRIPTION +This manual page documents briefly the +.B spikeproxy +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +SPIKE proXY functions as an HTTP and HTTPS proxy, and allows +web developers or web application auditors low level access to +the entire web application interface, while also providing a +number of automated tools and techniques for discovering common +problems. These automated tools include: + +1.Automated SQL Injection Detection + +2.Web Site Crawling (guaranteed not to crawl sites other than the one being tested) + +3.Login form brute forcing + +4.Automated overflow detection + +5.Automated directory traversal detection + +.PP +In addition to automated analysis, SPIKE proXy allows the user to +penetrate into the internals of the web application by viewing and +changing all variables, cookies, headers, or other parts of the request +and resubmit them. SPIKE proXy maintains a careful record of each request +made - saving both each request, and the entire response. The user can +later go back and replace any request or view any response. +.SH OPTIONS +This program can be configured with the options listed below. +The options may be given in any order. +.TP +\-c cache directory +The directory that will be used to cache all the requests. This directory +is created if it does not exist. The default location is +.B /var/cache/spikeproxy +but it can only be used by the \fBroot\fR user. +\-l listenhost +The IP address the proxy will listen on (it defaults to 127.0.0.1 so it +is not available from external hosts). +.TP +\-p port +This option sets the port the proxy will listen on (it defaults to 8080 if not +provided). +.TP +\-h proxyHost +Sets a proxy host to use in the proxy chain. Spike will forward all requests +to this proxy. +.TP +\-H proxyPort +Sets the port for the proxy host. +.TP +\-s proxySSLHost +Sets a proxy host for SSL connections. Spike will forward all SSL requests +to this proxy. +.TP +\-S proxySSLPort +Sets the port for the SSL proxy host. +.TP +\-U NTLM Username +Defines the NTLM username it will use when authenticating to the proxy host. +.TP +\-P NTLM Password +Sets the password it will use when authenticating to the proxy host. +.TP +\-D NTLM Domain +Sets the NTLM domain it will use when providing credentials to the proxy host. +.SH SEE ALSO +.br +The program provides inline documentation in the user interface when +connected to it through a web client. If you are trying to audit a +web application you might want to read +.IR "OWASP Guide to Building Secure Web Applications and Web Services", +.IR "Application Security Attack Components project", +.IR "Application Security Testing Framework", +and the +.IR "OWASP Web Application Security TopTen" +available at +http://www.owasp.org +and the +.IR "World Wide Web Security FAQ" +available at +http://www.w3.org/Security/Faq/ + +.SH AUTHOR +This manual page was written by +Javier Fernandez-Sanguino Pen~a , +for the Debian GNU/Linux system (but may be used by others). --- spkproxy-1.4.8.orig/regenerateVulnXML.sh +++ spkproxy-1.4.8/regenerateVulnXML.sh @@ -1,3 +1,4 @@ +#!/bin/sh ./cleanVulnXML.sh ./whiskerdbtovulnxml.py scan_database.db testVulnXml/ cp testVulnXml/site* VulnXML/SiteTests/ --- spkproxy-1.4.8.orig/spikeProxyUI.py +++ spkproxy-1.4.8/spikeProxyUI.py @@ -66,6 +66,7 @@ #sqlinjectSucceeded=["ODBC","SQL","4096","","500","error","Error",":0:0","[boot","alert('XSS')"] sqlinjectSucceeded=["ODBC","SQL","4096","","500",":0:0","[boot","alert('XSS')","ORA-017"] + #here we do some wackyness to read in the words file. def chomp(line): line = line.split('\n')[0] @@ -90,12 +91,17 @@ def __init__(self): self.triggerhost="spike" - self.basedir=daveutil.pathjoin(os.getcwd(),"spikeProxyUI") + # Directory to use as cache + # Upstream uses this: + # self.cachedir="/usr/share/spikeproxy/cache/" + # but that does not follow the FHS and will not work + # when /usr is mounted ro. We use this instead: + # (which is set by parent and defaults to /var/cache/spikeproxy/ + self.cachedir="" + # Debian users, please read README.Debian! self.dostore=1 self.stopallactions=0 self.parent=None - #if the path doesn't exit, make it exist - daveutil.dmkdir(self.basedir) #set up our keywords function table self.initkeywords() self.setupfuzzstrings() @@ -117,6 +123,33 @@ self.parent=None return + def setCache(self,cachedir): + self.cachedir=cachedir + if not os.path.isdir(self.cachedir) and not os.path.islink(self.cachedir): + #if the path doesn't exit, make it exist + try: + daveutil.dmkdir(self.cachedir) + except: + print "I could not create the Cachedir "+self.cachedir+"!" + #make sure the path we are using is writable + try: + daveutil.dmkdir(daveutil.pathjoin(self.cachedir,"testsite")) + except: + print "Could not create sitedir under the cachedir "+self.cachedir + print "Review the permissions of that directory or use an alternate location (-c)" + print "(if running Debian see /usr/share/doc/spikeproxy/README.Debian)" + return 1 + + # remove the dir + if os.path.isdir(daveutil.pathjoin(self.cachedir,"testsite")): + try: + os.rmdir(daveutil.pathjoin(self.cachedir,"testsite")) + except: + print "Could not remove testing directory under the cachedir "+self.cachedir + print "Please review the permissions of that directory." + return 1 + return 0 + def setNTLM(self,ntlm): self.ntlm=ntlm @@ -310,7 +343,7 @@ #returns a 1 if we have that site in our store def haveSiteInStore(self,site): sitename=self.sitestr(site) - result= os.path.isdir(daveutil.pathjoin(self.basedir,sitename)) + result= os.path.isdir(daveutil.pathjoin(self.cachedir,sitename)) #print "Do we have "+sitename+" in our store: "+str(result) return result @@ -319,7 +352,12 @@ def createSite(self,site): #is this / going to bite us when we go win32? Who cares? :> #fixed with daveutil.pathjoin! - daveutil.dmkdir(daveutil.pathjoin(self.basedir,self.sitestr(site))) + try: + daveutil.dmkdir(daveutil.pathjoin(self.cachedir,self.sitestr(site))) + except: + print "Could not create sitedir under the cachedir "+self.cachedir + print "Please review the permissions of that directory." + print "(if running Debian see /usr/share/doc/spikeproxy/README.Debian)" return 1 @@ -351,14 +389,14 @@ def havePageInStore(self,page): dir=self.getDir(page) wholepath, filename = os.path.split(page) - return os.path.isdir(daveutil.pathjoin(self.basedir,dir,filename)) + return os.path.isdir(daveutil.pathjoin(self.cachedir,dir,filename)) #creates a directory for our page. It looks like this: ./sitebase/bob/dave.php/ def createPage(self,page): #used to do some crazy stuff here, but it's really quite simple #print "page="+page - #print "basedir="+self.basedir - dirtomake=daveutil.pathjoin(self.basedir,page) + #print "basedir="+self.cachedir + dirtomake=daveutil.pathjoin(self.cachedir,page) #print "Trying to make dir "+dirtomake daveutil.dmkdir(dirtomake) return 1 @@ -368,7 +406,7 @@ #print "inside duplicateRequestandResponse" #first get a list of the files in page's directory. the directory #is guaranteed to exist - pagedir=daveutil.pathjoin(self.basedir,self.getPageH(clientheader)) + pagedir=daveutil.pathjoin(self.cachedir,self.getPageH(clientheader)) filelist=dircache.listdir(pagedir) #print "pagedir="+pagedir #print "filelist="+str(filelist) @@ -396,7 +434,7 @@ #stores a request and response into our file structure for later retrival def storeRequestandResponse(self, clientheader,clientbody,serverheader,serverbody): #print "instore "+str(clientheader)+" Type: "+str(type(clientheader)) - dir=daveutil.pathjoin(self.basedir,self.getPageH(clientheader)) + dir=daveutil.pathjoin(self.cachedir,self.getPageH(clientheader)) #print "Dir: "+dir hash=daveutil.genhash(clientheader,clientbody,serverheader,serverbody) #we encode the directory name (the full page) for easy uniqueness test @@ -419,7 +457,12 @@ #print "obj: "+str(obj) #obj.printme() - openfile=open(filename,"wb") + try: + openfile=open(filename,"wb") + except: + print "Could not create a file under the cachedir "+self.cachedir + print "Please review the permissions of that directory." + print "(if running Debian see /usr/share/doc/spikeproxy/README.Debian)" #print "openfile="+str(openfile)+" object: "+str(obj) binary=1 cPickle.dump(obj,openfile,binary) @@ -439,7 +482,7 @@ if debug_serveFile: print "serving file "+filename #strip this last bit off - mybase=daveutil.pathjoin(self.basedir,"..") + mybase="/usr/share/spikeproxy" realfilename=daveutil.pathjoin(mybase,filename) if os.path.isfile(realfilename): file=open(realfilename,"r") @@ -482,14 +525,14 @@ #returns an html string of all the sites we have seen def getSites(self): - sitedir=daveutil.pathjoin(self.basedir) + sitedir=daveutil.pathjoin(self.cachedir) return self.htmlDirectory(sitedir) def printRequestCache(self): result="
    " for file in self.requestCache: display=file.split("/")[-1] - link=file.replace(self.basedir,"") + link=file.replace(self.cachedir,"") start="Request: " result+="
  • "+ start + display + "
    " + self.getOptions(file,1)+"
    • " return result @@ -524,7 +567,7 @@ #things like "crawl" "resend with modifications" etc #must change site around for rewrite request def getOptions(self,dir,isrequest): - realdir=dir.replace(self.basedir,"") + realdir=dir.replace(self.cachedir,"") #print "getOptions realdir="+realdir site=daveutil.pathsplit(realdir)[0] @@ -569,7 +612,7 @@ #rewrite a request and resend it def rewrite(self,file): #print "inside rewrite" - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) if os.path.isfile(realfile): result= self.displayRequestForm(realfile) return result @@ -585,7 +628,7 @@ #crawling and the start URL and any cookies and whatnot crawlURLList=[] doneURLList=[] - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) if not os.path.isfile(realfile): self.log( "!!!Some sort of error trying to crawl "+file) return notimplementedyet @@ -726,7 +769,7 @@ #gives the client the response. def displayResponse(self,file): result="" - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) #unpickle infile=open(realfile,"rb") @@ -739,7 +782,7 @@ def getinfo(self,file): - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) #print "getinfo on realfile: "+realfile if os.path.isdir(realfile): #print "Was a directory." @@ -854,7 +897,7 @@ failed=passwordFailedList #read in file and unpickle it into a request object - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) infile=open(realfile,"rb") obj=cPickle.load(infile) infile.close() @@ -941,7 +984,7 @@ failed=[] #read in file and unpickle it into a request object - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) infile=open(realfile,"rb") obj=cPickle.load(infile) infile.close() @@ -1107,7 +1150,7 @@ return "Stopped." #read in file and unpickle it into a request object - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) #here we delve into directories transparently! if os.path.isdir(realfile): @@ -1146,7 +1189,7 @@ #and sends the requests def doargsfuzz(self,file,fuzzstringsset,succeeded=sqlinjectSucceeded): #read in file and unpickle it into a request object - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) if self.stopallactions: return "Stopped." @@ -1380,7 +1423,7 @@ ch=obj.clientheader cb=obj.clientbody - requestfile=file.replace(self.basedir,"") + requestfile=file.replace(self.cachedir,"") #must use the real URL so that loading href "/bob.something" works as if from that server our_url=ch.URL+"_sendrequest" @@ -1633,12 +1676,12 @@ def xmlTest(self,file): #if the file is a directory or site, recurse into it #if the site-only has been clicked, only run site tests - realfile=daveutil.pathjoin(self.basedir,file) + realfile=daveutil.pathjoin(self.cachedir,file) #we have to use the directory to get the SITE because #we do not necessarally have an actual request file #get the first directory after the basedir - site=daveutil.pathsplit(realfile.replace(self.basedir,""))[0] + site=daveutil.pathsplit(realfile.replace(self.cachedir,""))[0] #split it up siteList=site.split("_") #get the site info @@ -1721,7 +1764,7 @@ #run the directory test against our site #using infile as the template request #print "Directory = %s"%directory - results=dirTest.DirRun(directory,daveutil.pathjoin(self.basedir,infile)) + results=dirTest.DirRun(directory,daveutil.pathjoin(self.cachedir,infile)) #report the results for message in results.logMessages: self.log("%s"%message) @@ -1731,10 +1774,10 @@ def runXMLFileandVariableTests(self,infile): self.log("RunXMLFileandVariableTests on %s"%infile) - url=daveutil.getURLfromFile(daveutil.pathjoin(self.basedir,infile)) + url=daveutil.getURLfromFile(daveutil.pathjoin(self.cachedir,infile)) dirs=daveutil.getDirsFromURL(url) for dir in dirs: - self.runXMLDirectoryTests(dir,os.path.join(self.basedir,infile)) + self.runXMLDirectoryTests(dir,os.path.join(self.cachedir,infile)) fileTestsDir=os.path.join(os.path.join(os.getcwd(),self.VulnXMLDirectory),self.VulnXMLFileTestsDirectory) allFileTests=os.listdir(fileTestsDir) @@ -1747,7 +1790,7 @@ ftest=VulnXML.VulnXMLTest(file=os.path.join(fileTestsDir,filetest)) ftest.setUI(self) - results=ftest.FileRun(daveutil.pathjoin(self.basedir,infile)) + results=ftest.FileRun(daveutil.pathjoin(self.cachedir,infile)) for message in results.logMessages: self.log("%s"%message) @@ -1762,7 +1805,7 @@ vtest=VulnXML.VulnXMLTest(file=os.path.join(variableTestsDir,variabletest)) vtest.setUI(self) - results=vtest.VariablesRun(os.path.join(self.basedir,infile)) + results=vtest.VariablesRun(os.path.join(self.cachedir,infile)) for message in results.logMessages: self.log("%s"%message) --- spkproxy-1.4.8.orig/spkproxy.py +++ spkproxy-1.4.8/spkproxy.py @@ -1351,6 +1351,10 @@ self.mylistenport=int(port) return + def setCacheDir(self,cachedir): + self.myUI.setCache(cachedir) + return + def setListenHost(self,host): self.mylistenhost=host return @@ -1423,6 +1427,7 @@ http://www.immunitysec.com/spike.html for more help and information usage: spkproxy.py [-p port] [-h proxyHost -H proxyPort] [-s proxySSLHost -S proxySSLPort] [-U NTLM Username -P NTLM Password -D NTLM Domain] [-l listenhost] + [-c cache directory] """ #this stuff happens. @@ -1432,12 +1437,13 @@ print "SPIKE Proxy is copyright Dave Aitel 2002" print "License: GPL v 2.0" print "Please visit www.immunitysec.com for updates and other useful tools!" - print "*** To use the GUI, browse to http://spike/ ***" + print "*** To use the GUI, configure as your proxy the following ***" + print "*** address http://127.0.0.1:8080 and browse to http://spike/ ***" print "Let dave@immunitysec.com know if you like this project. :>" #VERSIONCHECK #just comment this out if it pisses you off - versioncheck.getversion(VERSION) + #versioncheck.getversion(VERSION) #quit on control C and control break (win32) @@ -1447,7 +1453,7 @@ app = spkProxy() try: - (opts,args)=getopt.getopt(sys.argv[1:],"h:H:p:s:S:U:P:D:l:") + (opts,args)=getopt.getopt(sys.argv[1:],"h:H:p:s:S:U:P:D:l:c:") except getopt.GetoptError: #print help usage() @@ -1471,5 +1477,11 @@ app.setNTLMPassword(a) if o in ["-l"]: app.setListenHost(a) + if o in ["-c"]: + app.setCacheDir(a) + # Default value of the cache + if app.myUI.cachedir == '': + app.myUI.setCache("/var/cache/spikeproxy/") + app.run()