From 34b21114c343c4397ada99bcc0d1b16c4cae6b4a Mon Sep 17 00:00:00 2001 From: "maximilian.hildebrand" Date: Tue, 26 Apr 2022 14:35:32 +0200 Subject: [PATCH] improved error messages --- pkg/report.go | 4 +-- pkg/request_smuggling.go | 41 +++++++++++++++++++----------- pkg/requests.go | 8 +++--- web-cache-vulnerability-scanner.go | 22 ++++++++-------- 4 files changed, 42 insertions(+), 33 deletions(-) diff --git a/pkg/report.go b/pkg/report.go index cff68be..d00e310 100644 --- a/pkg/report.go +++ b/pkg/report.go @@ -66,7 +66,7 @@ func GenerateReport(report Report, currentDate string) { file, err := os.OpenFile(reportPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666) if err != nil { - msg := "Report: " + err.Error() + "\n" + msg := fmt.Sprintf("GenerateReport: os.OpenFile: %s\n", err.Error()) PrintFatal(msg) } @@ -75,7 +75,7 @@ func GenerateReport(report Report, currentDate string) { if Config.EscapeJSON { j, err := json.MarshalIndent(report, report.Settings.IndentPrefix, report.Settings.IndentSuffix) if err != nil { - msg := fmt.Sprintf("Error occured during marshalling. Error %s\n", err.Error()) + msg := fmt.Sprintf("Generator: json.MarshalIndent: %s\n", err.Error()) PrintFatal(msg) } diff --git a/pkg/request_smuggling.go b/pkg/request_smuggling.go index 4632814..2c161c2 100644 --- a/pkg/request_smuggling.go +++ b/pkg/request_smuggling.go @@ -165,6 +165,7 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { PrintFatal(err.Error()) } Print("ads", NoColor)*/ + errorString := "httpRequestSmuggling" httpsUsed := false proxyUsed := false @@ -204,7 +205,7 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { var resp string var msg string - waitLimiter(fmt.Sprintf("Request smuggling %d:", i)) + waitLimiter(fmt.Sprintf("%s %d", errorString, i)) if proxyUsed { dialerP, err := proxy.FromURL(proxyUrl, proxy.Direct) /*dialerP, err := proxy.SOCKS5("tcp", proxyUrl.Host, nil, &net.Dialer{ @@ -212,8 +213,8 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { KeepAlive: 15 * time.Second, })*/ if err != nil { - msg = "Request Smuggling while proxy.FromURL:" + err.Error() + "\n" - Print(msg, Red) + msg = fmt.Sprintf("%s: proxy.FromURL: %s", errorString, err.Error()) + Print(msg+"\n", Red) result.HasError = true result.ErrorMessages = append(result.ErrorMessages, msg) return @@ -221,8 +222,8 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { conn, err = dialerP.Dial("tcp", address) if err != nil { - msg = "Request Smuggling while dialerP.dial:" + err.Error() + "\n" - Print(msg, Red) + msg = fmt.Sprintf("%s: dialerP.Dial: %s", errorString, err.Error()) + Print(msg+"\n", Red) result.HasError = true result.ErrorMessages = append(result.ErrorMessages, msg) } @@ -236,18 +237,28 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { InsecureSkipVerify: true, } connS, err = tls.Dial("tcp", address, tlsConfig) + + if err != nil { + msg = fmt.Sprintf("%s: tls.Dial: %s", errorString, err.Error()) + Print(msg+"\n", Red) + result.HasError = true + result.ErrorMessages = append(result.ErrorMessages, msg) + return + } } else { dialer := net.Dialer{Timeout: time.Duration(Config.TimeOut) * time.Second} conn, err = dialer.Dial("tcp", address) - } - if err != nil { - msg = "Request Smuggling:" + err.Error() + "\n" - Print(msg, Red) - result.HasError = true - result.ErrorMessages = append(result.ErrorMessages, msg) - return + + if err != nil { + msg = fmt.Sprintf("%s: dialerP.Dial: %s", errorString, err.Error()) + Print(msg+"\n", Red) + result.HasError = true + result.ErrorMessages = append(result.ErrorMessages, msg) + return + } } + err = nil if proxyUsed { defer conn.Close() @@ -269,8 +280,8 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { } if err != nil { - msg = "Request Smuggling: " + err.Error() + "\n" - Print(msg, Yellow) + msg = fmt.Sprintf("%s: bufio.NewReader.ReadString: %s", errorString, err.Error()) + Print(msg+"\n", Yellow) // Time out error is same for TLS and Conn. Both use net.Error.Timeout nerr, _ := err.(net.Error) @@ -303,7 +314,7 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) { } if timeOutCount == 3 { - msg := "The request timed out 3 times in a row. It is most likely vulnerable to this Request Smuggling technique." + msg := "The request timed out 3 times in a row. It *may* be vulnerable to this Request Smuggling technique." fillRequest(result, msg, req, Config.Website.Url.String()) Print(msg+"\n", Green) } diff --git a/pkg/requests.go b/pkg/requests.go index fe87279..80bc454 100644 --- a/pkg/requests.go +++ b/pkg/requests.go @@ -229,7 +229,7 @@ func firstRequest(rp requestParams) ([]byte, int, reportRequest, http.Header, er req, err = http.NewRequest("GET", rp.url, nil) } if err != nil { - msg = fmt.Sprintf("%s %s\n", rp.identifier, err.Error()) + msg = fmt.Sprintf("%s: http.NewRequest: %s\n", rp.identifier, err.Error()) Print(msg, Red) return body, -1, repRequest, nil, errors.New(msg) } @@ -275,15 +275,15 @@ func firstRequest(rp requestParams) ([]byte, int, reportRequest, http.Header, er resp, err = newClient.Do(req) if err != nil { - msg = fmt.Sprintf("%s %s\n", rp.identifier, err.Error()) - Print(msg, Yellow) + msg = fmt.Sprintf("%s: newClient.Do: %s\n", rp.identifier, err.Error()) + Print(msg, Red) return body, -1, repRequest, nil, errors.New(msg) } else { defer resp.Body.Close() body, err = ioutil.ReadAll(resp.Body) if err != nil { - msg = fmt.Sprintf("%s %s\n", rp.identifier, err.Error()) + msg = fmt.Sprintf("%s: ioutil.ReadAll: %s\n", rp.identifier, err.Error()) Print(msg, Red) return body, -1, repRequest, nil, errors.New(msg) } diff --git a/web-cache-vulnerability-scanner.go b/web-cache-vulnerability-scanner.go index a4b2546..5c2d974 100644 --- a/web-cache-vulnerability-scanner.go +++ b/web-cache-vulnerability-scanner.go @@ -56,7 +56,8 @@ func main() { if os.IsNotExist(err) { err := os.Mkdir(pkg.Config.GeneratePath, 0755) if err != nil { - pkg.PrintFatal(err.Error()) + msg := fmt.Sprintf("Error while creating Directory: %s\n", err.Error()) + pkg.PrintFatal(msg) } } } @@ -66,7 +67,7 @@ func main() { /* Setting Logoutput to Log file and stdout */ f, err := os.OpenFile(pkg.Config.GeneratePath+currentDate+"_WCVS_Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644) if err != nil { - msg := "Log: " + err.Error() + "\n" + msg := fmt.Sprintf("Error while creating/opening Log File: %s\n", err.Error()) pkg.PrintFatal(msg) } defer f.Close() @@ -485,7 +486,7 @@ func runTests(rec int, u string, progress string, foundUrls *[]string, stat stri if pkg.Config.GenerateCompleted { _, err = completedFile.WriteString(u + "\n") if err != nil { - pkg.Print("Writing to completed URLs file: "+err.Error(), pkg.Red) + pkg.Print("Couldn't write to WCVS_Completed File: %s\n"+err.Error(), pkg.Red) } } @@ -527,7 +528,7 @@ func createCompletedURLs() *os.File { file, err = os.Create(completedPath) } if err != nil { - msg := "CompletedURLs: " + err.Error() + "\n" + msg := "Couldn't create WCVS_Completed file: " + err.Error() + "\n" pkg.PrintFatal(msg) } @@ -539,24 +540,21 @@ func setProxy() *url.URL { if pkg.Config.ProxyCertPath != "" { proxyURL, err := url.Parse(pkg.Config.ProxyURL) if err != nil { - msg := "Proxy: " + err.Error() + "\n" + msg := "setProxy: url.Parse: " + err.Error() + "\n" pkg.PrintFatal(msg) } caCert, err := ioutil.ReadFile(pkg.Config.ProxyCertPath) if err != nil { - msg := "Proxy: " + err.Error() + "\n" + msg := "setProxy: ioutil.ReadFile: " + err.Error() + "\n" pkg.PrintFatal(msg) } //caCertPool,err := x509.SystemCertPool() // führt zu crypto/x509: system root pool is not available on Windows caCertPool := x509.NewCertPool() - if err != nil { - msg := "Proxy: " + err.Error() + "\n" - pkg.PrintFatal(msg) - } + ok := caCertPool.AppendCertsFromPEM(caCert) if !ok { - msg := "Proxy: could not append cert\n" + msg := "setProxy: could not append cert\n" pkg.PrintFatal(msg) } @@ -568,7 +566,7 @@ func setProxy() *url.URL { err = http2.ConfigureTransport(tr) if err != nil { - msg := fmt.Sprintf("Proxy: Cannot switch to HTTP2: %s\n", err.Error()) + msg := fmt.Sprintf("setProxy: Cannot switch to HTTP2: %s\n", err.Error()) pkg.PrintFatal(msg) }