improved error messages

pkg/report.go

@@ -66,7 +66,7 @@ func GenerateReport(report Report, currentDate string) {
 
 	file, err := os.OpenFile(reportPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
 	if err != nil {
-		msg := "Report: " + err.Error() + "\n"
+		msg := fmt.Sprintf("GenerateReport: os.OpenFile: %s\n", err.Error())
 		PrintFatal(msg)
 	}
 
@@ -75,7 +75,7 @@ func GenerateReport(report Report, currentDate string) {
 	if Config.EscapeJSON {
 		j, err := json.MarshalIndent(report, report.Settings.IndentPrefix, report.Settings.IndentSuffix)
 		if err != nil {
-			msg := fmt.Sprintf("Error occured during marshalling. Error %s\n", err.Error())
+			msg := fmt.Sprintf("Generator: json.MarshalIndent: %s\n", err.Error())
 			PrintFatal(msg)
 		}
 

pkg/request_smuggling.go

@@ -165,6 +165,7 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) {
 			PrintFatal(err.Error())
 		}
 		Print("ads", NoColor)*/
+	errorString := "httpRequestSmuggling"
 
 	httpsUsed := false
 	proxyUsed := false
@@ -204,25 +205,25 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) {
 		var resp string
 		var msg string
 
-		waitLimiter(fmt.Sprintf("Request smuggling %d:", i))
+		waitLimiter(fmt.Sprintf("%s %d", errorString, i))
 		if proxyUsed {
 			dialerP, err := proxy.FromURL(proxyUrl, proxy.Direct)
 			/*dialerP, err := proxy.SOCKS5("tcp", proxyUrl.Host, nil, &net.Dialer{
 				Timeout:   15 * time.Second,
 				KeepAlive: 15 * time.Second,
 			})*/
 			if err != nil {
-				msg = "Request Smuggling while proxy.FromURL:" + err.Error() + "\n"
-				Print(msg, Red)
+				msg = fmt.Sprintf("%s: proxy.FromURL: %s", errorString, err.Error())
+				Print(msg+"\n", Red)
 				result.HasError = true
 				result.ErrorMessages = append(result.ErrorMessages, msg)
 				return
 			}
 			conn, err = dialerP.Dial("tcp", address)
 
 			if err != nil {
-				msg = "Request Smuggling while dialerP.dial:" + err.Error() + "\n"
-				Print(msg, Red)
+				msg = fmt.Sprintf("%s: dialerP.Dial: %s", errorString, err.Error())
+				Print(msg+"\n", Red)
 				result.HasError = true
 				result.ErrorMessages = append(result.ErrorMessages, msg)
 			}
@@ -236,18 +237,28 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) {
 				InsecureSkipVerify: true,
 			}
 			connS, err = tls.Dial("tcp", address, tlsConfig)
+
+			if err != nil {
+				msg = fmt.Sprintf("%s: tls.Dial: %s", errorString, err.Error())
+				Print(msg+"\n", Red)
+				result.HasError = true
+				result.ErrorMessages = append(result.ErrorMessages, msg)
+				return
+			}
 		} else {
 			dialer := net.Dialer{Timeout: time.Duration(Config.TimeOut) * time.Second}
 			conn, err = dialer.Dial("tcp", address)
-		}
-		if err != nil {
-			msg = "Request Smuggling:" + err.Error() + "\n"
-			Print(msg, Red)
-			result.HasError = true
-			result.ErrorMessages = append(result.ErrorMessages, msg)
-			return
+
+			if err != nil {
+				msg = fmt.Sprintf("%s: dialerP.Dial: %s", errorString, err.Error())
+				Print(msg+"\n", Red)
+				result.HasError = true
+				result.ErrorMessages = append(result.ErrorMessages, msg)
+				return
+			}
 		}
 
+		err = nil
 		if proxyUsed {
 			defer conn.Close()
 
@@ -269,8 +280,8 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) {
 		}
 
 		if err != nil {
-			msg = "Request Smuggling: " + err.Error() + "\n"
-			Print(msg, Yellow)
+			msg = fmt.Sprintf("%s: bufio.NewReader.ReadString: %s", errorString, err.Error())
+			Print(msg+"\n", Yellow)
 
 			// Time out error is same for TLS and Conn. Both use net.Error.Timeout
 			nerr, _ := err.(net.Error)
@@ -303,7 +314,7 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) {
 	}
 
 	if timeOutCount == 3 {
-		msg := "The request timed out 3 times in a row. It is most likely vulnerable to this Request Smuggling technique."
+		msg := "The request timed out 3 times in a row. It *may* be vulnerable to this Request Smuggling technique."
 		fillRequest(result, msg, req, Config.Website.Url.String())
 		Print(msg+"\n", Green)
 	}

pkg/requests.go

@@ -229,7 +229,7 @@ func firstRequest(rp requestParams) ([]byte, int, reportRequest, http.Header, er
 		req, err = http.NewRequest("GET", rp.url, nil)
 	}
 	if err != nil {
-		msg = fmt.Sprintf("%s %s\n", rp.identifier, err.Error())
+		msg = fmt.Sprintf("%s: http.NewRequest: %s\n", rp.identifier, err.Error())
 		Print(msg, Red)
 		return body, -1, repRequest, nil, errors.New(msg)
 	}
@@ -275,15 +275,15 @@ func firstRequest(rp requestParams) ([]byte, int, reportRequest, http.Header, er
 	resp, err = newClient.Do(req)
 
 	if err != nil {
-		msg = fmt.Sprintf("%s %s\n", rp.identifier, err.Error())
-		Print(msg, Yellow)
+		msg = fmt.Sprintf("%s: newClient.Do: %s\n", rp.identifier, err.Error())
+		Print(msg, Red)
 		return body, -1, repRequest, nil, errors.New(msg)
 	} else {
 		defer resp.Body.Close()
 
 		body, err = ioutil.ReadAll(resp.Body)
 		if err != nil {
-			msg = fmt.Sprintf("%s %s\n", rp.identifier, err.Error())
+			msg = fmt.Sprintf("%s: ioutil.ReadAll: %s\n", rp.identifier, err.Error())
 			Print(msg, Red)
 			return body, -1, repRequest, nil, errors.New(msg)
 		}

web-cache-vulnerability-scanner.go

@@ -56,7 +56,8 @@ func main() {
 			if os.IsNotExist(err) {
 				err := os.Mkdir(pkg.Config.GeneratePath, 0755)
 				if err != nil {
-					pkg.PrintFatal(err.Error())
+					msg := fmt.Sprintf("Error while creating Directory: %s\n", err.Error())
+					pkg.PrintFatal(msg)
 				}
 			}
 		}
@@ -66,7 +67,7 @@ func main() {
 	/* Setting Logoutput to Log file and stdout */
 	f, err := os.OpenFile(pkg.Config.GeneratePath+currentDate+"_WCVS_Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 	if err != nil {
-		msg := "Log: " + err.Error() + "\n"
+		msg := fmt.Sprintf("Error while creating/opening Log File: %s\n", err.Error())
 		pkg.PrintFatal(msg)
 	}
 	defer f.Close()
@@ -485,7 +486,7 @@ func runTests(rec int, u string, progress string, foundUrls *[]string, stat stri
 	if pkg.Config.GenerateCompleted {
 		_, err = completedFile.WriteString(u + "\n")
 		if err != nil {
-			pkg.Print("Writing to completed URLs file: "+err.Error(), pkg.Red)
+			pkg.Print("Couldn't write to WCVS_Completed File: %s\n"+err.Error(), pkg.Red)
 		}
 	}
 
@@ -527,7 +528,7 @@ func createCompletedURLs() *os.File {
 		file, err = os.Create(completedPath)
 	}
 	if err != nil {
-		msg := "CompletedURLs: " + err.Error() + "\n"
+		msg := "Couldn't create WCVS_Completed file: " + err.Error() + "\n"
 		pkg.PrintFatal(msg)
 	}
 
@@ -539,24 +540,21 @@ func setProxy() *url.URL {
 	if pkg.Config.ProxyCertPath != "" {
 		proxyURL, err := url.Parse(pkg.Config.ProxyURL)
 		if err != nil {
-			msg := "Proxy: " + err.Error() + "\n"
+			msg := "setProxy: url.Parse: " + err.Error() + "\n"
 			pkg.PrintFatal(msg)
 		}
 		caCert, err := ioutil.ReadFile(pkg.Config.ProxyCertPath)
 		if err != nil {
-			msg := "Proxy: " + err.Error() + "\n"
+			msg := "setProxy: ioutil.ReadFile: " + err.Error() + "\n"
 			pkg.PrintFatal(msg)
 		}
 		//caCertPool,err := x509.SystemCertPool()
 		// führt zu crypto/x509: system root pool is not available on Windows
 		caCertPool := x509.NewCertPool()
-		if err != nil {
-			msg := "Proxy: " + err.Error() + "\n"
-			pkg.PrintFatal(msg)
-		}
+
 		ok := caCertPool.AppendCertsFromPEM(caCert)
 		if !ok {
-			msg := "Proxy: could not append cert\n"
+			msg := "setProxy: could not append cert\n"
 			pkg.PrintFatal(msg)
 		}
 
@@ -568,7 +566,7 @@ func setProxy() *url.URL {
 
 		err = http2.ConfigureTransport(tr)
 		if err != nil {
-			msg := fmt.Sprintf("Proxy: Cannot switch to HTTP2: %s\n", err.Error())
+			msg := fmt.Sprintf("setProxy: Cannot switch to HTTP2: %s\n", err.Error())
 			pkg.PrintFatal(msg)
 		}