Module: Arachni::Module::Trainer

Includes:
ElementDB
Included in:
Base
Defined in:
lib/module/trainer.rb

Overview

Trainer module

Included by Base.
Includes trainer methods used to updated the HTML elements in case any
new elements appear dynamically during the audit.

@author: Anastasios “Zapotek” Laskos 

                                     <tasos.laskos@gmail.com>
                                     <zapotek@segfault.gr>

@version: 0.1-pre

Instance Method Summary (collapse)

Methods included from ElementDB

#init_cookies, #init_forms, #init_links, #update_cookies, #update_forms, #update_links, #work_on_cookies, #work_on_forms, #work_on_links

Instance Method Details

- (Object) train(res, url = nil)

This is used to train Arachni.

It will be called to analyze every HTTP response during the audit,
detect any changes our input may have caused to the web app
and make the module aware of new attack vectors that may present themselves.

Parameters:

  • (Net::HTTPResponse) res

    the HTTP response

  • (String) url (defaults to: nil)

    provide a new url in case our request caused a redirection 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/module/trainer.rb', line 45

def train( res, url = nil )

    opts = Options.instance
    analyzer = Analyzer.new( opts )

    analyzer.url = @page.url.clone

    if( url )
        analyzer.url = URI( @page.url ).
        merge( URI( URI.escape( url ) ) ).to_s
    end

    links   = analyzer.get_links( res.body ).clone if opts.audit_links
    forms   = analyzer.get_forms( res.body ).clone if opts.audit_forms
    cookies = analyzer.get_cookies( res.to_hash['set-cookie'].to_s ).clone

    if( url && opts.audit_links )
        links.push( {
            'href' => analyzer.url,
            'vars' => analyzer.get_link_vars( analyzer.url )
        } )
    end

    update_forms( forms ) if opts.audit_forms
    update_links( links ) if opts.audit_links
    update_cookies( cookies )

end