Hi,
I rewrote the patch for the HTTP proxy support CR #51.
Mainly I removed the redundant code to make it easier for later
maintainance since we don't have then different locations for code
changes. Also I removed the HTTPS proxy code since it didn't work :-/
For HTTPS proxy support we face the problem to change the request with
"https://"; when needed. We need to do this since we don't just want to
tunnel the request via CONNECT through the proxy but rather have a MitM
Proxy for analyses and modifications. Right now I don't see where we
would have the needed information in the code to decide if it is a HTTP
or a HTTPS request. Maybe somebody have an idea?
Regards,
Christian
Index: misc/plugutils.c
===================================================================
--- misc/plugutils.c (revision 10927)
+++ misc/plugutils.c (working copy)
@@ -1942,3 +1942,64 @@
INTERNAL_COMM_MSG_SHARED_SOCKET |
INTERNAL_COMM_SHARED_SOCKET_DESTROY);
}
+
+
+/**
+ * @brief Report state of preference "http_use_proxy".
+ *
+ * @return 1 if pref is "yes", 0 otherwise.
+ */
+int
+http_use_proxy (struct arglist *prefs)
+{
+ char *use_proxy;
+
+ use_proxy = arg_get_value (prefs, "http_use_proxy");
+ if (use_proxy && !strcmp (use_proxy, "yes"))
+ return 1;
+ else
+ return 0;
+}
+
+
+/**
+ * @brief Report state of preference "http_proxy_host".
+ *
+ * @return Pointer to newly allocated value if set, NULL if not set
+ */
+gchar *
+http_proxy_host (struct arglist *prefs)
+{
+ char *proxy_host;
+
+ proxy_host = arg_get_value (prefs, "http_proxy_host");
+ if (proxy_host)
+ return g_strdup (proxy_host);
+ else
+ return NULL;
+}
+
+
+/**
+ * @brief Report state of preference "http_proxy_port".
+ *
+ * @return Value if set, -1 if not
+ */
+int
+http_proxy_port (struct arglist *prefs)
+{
+ char *proxy_port;
+ int port_value;
+
+ proxy_port = arg_get_value (prefs, "http_proxy_port");
+ if (proxy_port)
+ {
+ port_value = atoi (proxy_port);
+ if (port_value > 0)
+ return port_value;
+ else
+ return -1;
+ }
+ else
+ return -1;
+}
Index: misc/network.c
===================================================================
--- misc/network.c (revision 10927)
+++ misc/network.c (working copy)
@@ -42,6 +42,8 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#include <arpa/inet.h>
+
#include "system.h" /* for efree(), erealloc() */
#include "network.h" /* for socket_close() */
#include "kb.h" /* for kb_item_get_str() */
@@ -925,7 +927,7 @@
int
open_stream_connection (struct arglist *args, unsigned int port, int transport,
- int timeout)
+ int timeout, int is_http)
{
int fd;
openvas_connection *fp;
@@ -975,9 +977,9 @@
set_ids_evasion_mode (args, fp);
if (fp->options & OPENVAS_CNX_IDS_EVASION_FAKE_RST)
- fp->fd = ids_open_sock_tcp (args, port, fp->options, timeout);
+ fp->fd = ids_open_sock_tcp (args, port, fp->options, timeout, is_http);
else
- fp->fd = open_sock_tcp (args, port, timeout);
+ fp->fd = open_sock_tcp (args, port, timeout, is_http);
if (fp->fd < 0)
goto failed;
@@ -1018,7 +1020,8 @@
*/
int
open_stream_connection_unknown_encaps5 (struct arglist *args, unsigned int port,
- int timeout, int *p, int *delta_t)
+ int timeout, int *p, int *delta_t,
+ int is_http)
{
int fd;
int i;
@@ -1039,7 +1042,8 @@
{
if (delta_t != NULL)
(void) gettimeofday (&tv1, NULL);
- if ((fd = open_stream_connection (args, port, encaps[i], timeout)) >= 0)
+ if ((fd = open_stream_connection (args, port, encaps[i], timeout,
+ is_http)) >= 0)
{
*p = encaps[i];
#if DEBUG_SSL > 2
@@ -1071,14 +1075,16 @@
int
open_stream_connection_unknown_encaps (struct arglist *args, unsigned int port,
- int timeout, int *p)
+ int timeout, int *p, int is_http)
{
- return open_stream_connection_unknown_encaps5 (args, port, timeout, p, NULL);
+ return open_stream_connection_unknown_encaps5 (args, port, timeout, p, NULL,
+ is_http);
}
int
-open_stream_auto_encaps (struct arglist *args, unsigned int port, int timeout)
+open_stream_auto_encaps (struct arglist *args, unsigned int port, int timeout,
+ int is_http)
{
int trp = plug_get_port_transport (args, port);
int fd;
@@ -1087,14 +1093,14 @@
{
if ((fd =
open_stream_connection_unknown_encaps (args, port, timeout,
- &trp)) < 0)
+ &trp, is_http)) < 0)
return -1;
plug_set_port_transport (args, port, trp);
return fd;
}
else
{
- fd = open_stream_connection (args, port, trp, timeout);
+ fd = open_stream_connection (args, port, trp, timeout, is_http);
return fd;
}
/*NOTREACHED*/}
@@ -2064,7 +2070,7 @@
int
-open_sock_tcp (struct arglist *args, unsigned int port, int timeout)
+open_sock_tcp (struct arglist *args, unsigned int port, int timeout, int is_http)
{
char name[32];
int ret;
@@ -2078,7 +2084,7 @@
errno = 0;
- ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout);
+ ret = open_sock_option (args, port, SOCK_STREAM, IPPROTO_TCP, timeout, is_http);
if (ret < 0 && errno == ETIMEDOUT)
plug_set_key (args, name, ARG_INT, (void *) 1);
@@ -2089,7 +2095,7 @@
int
open_sock_udp (struct arglist *args, unsigned int port)
{
- return open_sock_option (args, port, SOCK_DGRAM, IPPROTO_UDP, 0);
+ return open_sock_option (args, port, SOCK_DGRAM, IPPROTO_UDP, 0, IS_NOT_HTTP);
}
@@ -2313,11 +2319,12 @@
int
open_sock_option (struct arglist *args, unsigned int port, int type,
- int protocol, int timeout)
+ int protocol, int timeout, int is_http)
{
struct sockaddr_in addr;
struct sockaddr_in6 addr6;
struct in6_addr *t;
+ int use_http_proxy;
#if 0
/*
@@ -2336,16 +2343,34 @@
arg_dump (args, 0);
return (-1);
}
+
if (IN6_ARE_ADDR_EQUAL (t, &in6addr_any))
return (-1);
+
+ struct arglist *prefs = arg_get_value (args, "preferences");
+ use_http_proxy = http_use_proxy (prefs);
+
if (IN6_IS_ADDR_V4MAPPED (t))
{
- bzero ((void *) &addr, sizeof (addr));
- addr.sin_family = AF_INET;
- addr.sin_port = htons ((unsigned short) port);
- addr.sin_addr.s_addr = t->s6_addr32[3];
- return open_socket ((struct sockaddr *) &addr, type, protocol,
- timeout, sizeof (struct sockaddr_in));
+ /* HTTP proxy */
+ if ((use_http_proxy != 0) && (is_http == IS_HTTP))
+ {
+ bzero ((void *) &addr, sizeof (addr));
+ addr.sin_family = AF_INET;
+ inet_pton (AF_INET, http_proxy_host (prefs), &addr.sin_addr.s_addr);
+ addr.sin_port = htons (http_proxy_port (prefs));
+ return open_socket ((struct sockaddr *) &addr, type, protocol,
+ timeout, sizeof (struct sockaddr_in));
+ }
+ else
+ {
+ bzero ((void *) &addr, sizeof (addr));
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons ((unsigned short) port);
+ addr.sin_addr.s_addr = t->s6_addr32[3];
+ return open_socket ((struct sockaddr *) &addr, type, protocol,
+ timeout, sizeof (struct sockaddr_in));
+ }
}
else
{
Index: misc/plugutils.h
===================================================================
--- misc/plugutils.h (revision 10927)
+++ misc/plugutils.h (working copy)
@@ -198,6 +198,10 @@
int shared_socket_release (struct arglist *, char *);
int shared_socket_destroy (struct arglist *, char *);
+int http_use_proxy (struct arglist *);
+gchar *http_proxy_host (struct arglist *);
+int http_proxy_port (struct arglist *);
+
/** @todo Donate modules to these defines, eg. internal_comm.h, openvas_encaps.h
* Old comment: In fact, these defines might better be in a separate files.
* They are inserted here simply because plugutils uses them a lot. */
@@ -240,4 +244,7 @@
#define IS_ENCAPS_SSL(x) ((x) >= OPENVAS_ENCAPS_SSLv23 && (x) <= OPENVAS_ENCAPS_TLSv1)
+#define IS_HTTP 0
+#define IS_NOT_HTTP 1
+
#endif
Index: misc/network.h
===================================================================
--- misc/network.h (revision 10927)
+++ misc/network.h (working copy)
@@ -35,19 +35,19 @@
#include "arglists.h"
/* Plugin specific network functions */
-int open_sock_tcp (struct arglist *, unsigned int, int);
+int open_sock_tcp (struct arglist *, unsigned int, int, int);
int open_sock_udp (struct arglist *, unsigned int);
-int open_sock_option (struct arglist *, unsigned int, int, int, int);
+int open_sock_option (struct arglist *, unsigned int, int, int, int, int);
int recv_line (int, char *, size_t);
int nrecv (int, void *, int, int);
int socket_close (int);
-int open_stream_connection (struct arglist *, unsigned int, int, int);
+int open_stream_connection (struct arglist *, unsigned int, int, int, int);
int open_stream_connection_unknown_encaps (struct arglist *, unsigned int, int,
- int *);
+ int *, int);
int open_stream_connection_unknown_encaps5 (struct arglist *, unsigned int, int,
- int *, int *);
-int open_stream_auto_encaps (struct arglist *, unsigned int, int);
+ int *, int *, int);
+int open_stream_auto_encaps (struct arglist *, unsigned int, int, int);
int write_stream_connection (int, void *buf, int n);
int read_stream_connection (int, void *, int);
Index: misc/ids_send.c
===================================================================
--- misc/ids_send.c (revision 10927)
+++ misc/ids_send.c (working copy)
@@ -691,11 +691,12 @@
int
-ids_open_sock_tcp (args, port, method, timeout)
+ids_open_sock_tcp (args, port, method, timeout, is_http)
struct arglist *args;
int port;
int method;
int timeout;
+ int is_http;
{
int bpf;
struct in_addr dst, src;
@@ -744,7 +745,7 @@
bpf = bpf_open_live (iface, filter);
if (bpf >= 0)
{
- ret = open_sock_tcp (args, port, timeout);
+ ret = open_sock_tcp (args, port, timeout, is_http);
if (ret >= 0)
{
unsigned char *packet = bpf_next (bpf, &len);
@@ -766,5 +767,5 @@
return ret;
}
else
- return open_sock_tcp (args, port, timeout);
+ return open_sock_tcp (args, port, timeout, is_http);
}
Index: misc/ids_send.h
===================================================================
--- misc/ids_send.h (revision 10927)
+++ misc/ids_send.h (working copy)
@@ -50,6 +50,6 @@
#define OPENVAS_CNX_IDS_EVASION_SEND_MASK (OPENVAS_CNX_IDS_EVASION_SPLIT|OPENVAS_CNX_IDS_EVASION_INJECT|OPENVAS_CNX_IDS_EVASION_SHORT_TTL)
int ids_send (int, void *, int, int);
-int ids_open_sock_tcp (struct arglist *, int, int, int);
+int ids_open_sock_tcp (struct arglist *, int, int, int, int);
#endif
Index: nasl/nasl_builtin_find_service.c
===================================================================
--- nasl/nasl_builtin_find_service.c (revision 10927)
+++ nasl/nasl_builtin_find_service.c (working copy)
@@ -1888,12 +1888,12 @@
efree(&banner);
banner = NULL;
if (test_ssl == 2 || (test_ssl == 1 && ssl_port)) {
- cnx = open_stream_connection_unknown_encaps5(desc, port, cnx_timeout2, &trp, &diff_tv);
+ cnx = open_stream_connection_unknown_encaps5(desc, port, cnx_timeout2, &trp, &diff_tv, IS_NOT_HTTP);
diff_tv /= 1000; /* Now in milliseconds */
} else {
(void) gettimeofday(&tv1, NULL);
trp = OPENVAS_ENCAPS_IP;
- cnx = open_stream_connection(desc, port, trp, cnx_timeout2);
+ cnx = open_stream_connection(desc, port, trp, cnx_timeout2, IS_NOT_HTTP);
(void) gettimeofday(&tv2, NULL);
diff_tv = DIFFTV1000(tv2, tv1);
}
@@ -2412,7 +2412,7 @@
#ifdef DEBUG
fprintf(stderr, "find_service(%s): potentially wrapped service on port %d\n", inet_ntoa(*p_ip), port);
#endif
- nfd = open_stream_connection(desc, port, OPENVAS_ENCAPS_IP, cnx_timeout2);
+ nfd = open_stream_connection(desc, port, OPENVAS_ENCAPS_IP, cnx_timeout2, IS_NOT_HTTP);
if (nfd >= 0) {
fd = openvas_get_socket_from_connection(nfd);
#if 0
Index: nasl/nasl_socket.c
===================================================================
--- nasl/nasl_socket.c (revision 10927)
+++ nasl/nasl_socket.c (working copy)
@@ -354,7 +354,7 @@
/*--------------------------------------------------------------------------*/
tree_cell *
-nasl_open_sock_tcp_bufsz (lex_ctxt * lexic, int bufsz)
+nasl_open_sock_tcp_bufsz (lex_ctxt * lexic, int bufsz, int is_http)
{
int soc = -1;
struct arglist *script_infos = lexic->script_infos;
@@ -374,9 +374,9 @@
return NULL;
if (transport < 0)
- soc = open_stream_auto_encaps (script_infos, port, to);
+ soc = open_stream_auto_encaps (script_infos, port, to, is_http);
else
- soc = open_stream_connection (script_infos, port, transport, to);
+ soc = open_stream_connection (script_infos, port, transport, to, is_http);
if (bufsz > 0 && soc >= 0)
{
if (stream_set_buffer (soc, bufsz) < 0)
@@ -393,7 +393,7 @@
tree_cell *
nasl_open_sock_tcp (lex_ctxt * lexic)
{
- return nasl_open_sock_tcp_bufsz (lexic, -1);
+ return nasl_open_sock_tcp_bufsz (lexic, -1, IS_NOT_HTTP);
}
/*
Index: nasl/nasl_socket.h
===================================================================
--- nasl/nasl_socket.h (revision 10927)
+++ nasl/nasl_socket.h (working copy)
@@ -32,7 +32,7 @@
tree_cell *nasl_open_sock_tcp (lex_ctxt *);
tree_cell *nasl_open_sock_udp (lex_ctxt *);
/* private func */
-tree_cell *nasl_open_sock_tcp_bufsz (lex_ctxt *, int);
+tree_cell *nasl_open_sock_tcp_bufsz (lex_ctxt *, int, int);
tree_cell *nasl_socket_get_error (lex_ctxt *);
tree_cell *nasl_open_priv_sock_tcp (lex_ctxt *);
Index: nasl/nasl_misc_funcs.c
===================================================================
--- nasl/nasl_misc_funcs.c (revision 10927)
+++ nasl/nasl_misc_funcs.c (working copy)
@@ -218,7 +218,8 @@
if (port)
{
- soc = open_stream_connection (script_infos, port, OPENVAS_ENCAPS_IP, to);
+ soc = open_stream_connection (script_infos, port, OPENVAS_ENCAPS_IP, to,
+ IS_NOT_HTTP);
if (soc >= 0)
{
if (arg_get_value (script_infos, "denial_port") != 0)
@@ -285,7 +286,8 @@
retc = alloc_tree_cell (0, NULL);
retc->type = CONST_INT;
- soc = open_stream_connection (script_infos, port, OPENVAS_ENCAPS_IP, to);
+ soc = open_stream_connection (script_infos, port, OPENVAS_ENCAPS_IP, to,
+ IS_NOT_HTTP);
if (soc > 0)
{
/* Send some data */
Index: nasl/nasl_http.c
===================================================================
--- nasl/nasl_http.c (revision 10927)
+++ nasl/nasl_http.c (working copy)
@@ -50,7 +50,7 @@
tree_cell *
http_open_socket (lex_ctxt * lexic)
{
- return nasl_open_sock_tcp_bufsz (lexic, 65536);
+ return nasl_open_sock_tcp_bufsz (lexic, 65536, IS_HTTP);
}
tree_cell *
@@ -77,6 +77,7 @@
char content_l_str[32];
struct kb_item **kb;
int str_length = 0;
+ int use_proxy;
if (item == NULL || port < 0)
@@ -94,6 +95,18 @@
return NULL;
}
+ /* If a HTTP proxy is used, create a valid proxy request */
+ struct arglist *prefs = arg_get_value (script_infos, "preferences");
+ use_proxy = http_use_proxy (prefs);
+ if (use_proxy != 0)
+ {
+ char *host;
+ host = (char *) plug_get_host_fqdn (script_infos);
+ if (host == NULL)
+ return NULL;
+ item = g_strconcat ("http://";, host, item, NULL);
+ }
+
kb = plug_get_kb (script_infos);
g_snprintf (tmp, sizeof (tmp), "/tmp/http/auth/%d", port);
auth = kb_item_get_str (kb, tmp);
@@ -165,6 +178,7 @@
g_strlcpy (str, url, str_length);
}
efree (&url);
+ efree (&item);
if (auth != NULL)
{
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
