diff --git a/platform/com.subgraph.vega.api/src/com/subgraph/vega/api/model/alerts/IScanAlert.java b/platform/com.subgraph.vega.api/src/com/subgraph/vega/api/model/alerts/IScanAlert.java index 06f879b5..9d18463e 100644 --- a/platform/com.subgraph.vega.api/src/com/subgraph/vega/api/model/alerts/IScanAlert.java +++ b/platform/com.subgraph.vega.api/src/com/subgraph/vega/api/model/alerts/IScanAlert.java @@ -15,7 +15,8 @@ import com.subgraph.vega.api.model.IModelProperties; public interface IScanAlert extends IModelProperties { - enum Severity { HIGH, MEDIUM, LOW, INFO, UNKNOWN }; + enum Severity { HIGH, MEDIUM, LOW, INFO, UNKNOWN } + String getDiscretionaryHostname(); String getName(); Severity getSeverity(); String getTitle(); @@ -31,4 +32,6 @@ enum Severity { HIGH, MEDIUM, LOW, INFO, UNKNOWN }; void addRegexHighlight(String regex); void addRegexCaseInsensitiveHighlight(String regex); Collection getHighlights(); + void setDiscretionaryHostname(String hostname); + void setResource(String resourceString); } diff --git a/platform/com.subgraph.vega.http.requests/src/com/subgraph/vega/internal/http/requests/connection/SocksModeClientConnectionOperator.java b/platform/com.subgraph.vega.http.requests/src/com/subgraph/vega/internal/http/requests/connection/SocksModeClientConnectionOperator.java index bd0ec6d9..76d7cf62 100644 --- a/platform/com.subgraph.vega.http.requests/src/com/subgraph/vega/internal/http/requests/connection/SocksModeClientConnectionOperator.java +++ b/platform/com.subgraph.vega.http.requests/src/com/subgraph/vega/internal/http/requests/connection/SocksModeClientConnectionOperator.java @@ -72,23 +72,25 @@ public void openConnection(OperatedClientConnection conn, HttpHost target, InetA * otherwise SSLSocketImpl blows up due to, it seems, https://bugs.openjdk.java.net/browse/JDK-8022081. */ - Class c = sock.getClass(); - try { - Field f = c.getDeclaredField("host"); - f.setAccessible(true); - f.set(sock, target.getHostName()); - } catch (NoSuchFieldException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } catch (SecurityException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } catch (IllegalArgumentException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IllegalAccessException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + if (sf.isSecure(sock) == true) { + Class c = sock.getClass(); + try { + Field f = c.getDeclaredField("host"); + f.setAccessible(true); + f.set(sock, target.getHostName()); + } catch (NoSuchFieldException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (SecurityException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (IllegalArgumentException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalAccessException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } } InetSocketAddress localAddress = null; diff --git a/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanAlert.java b/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanAlert.java index c14fc1a1..4f4ae6ab 100644 --- a/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanAlert.java +++ b/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanAlert.java @@ -38,6 +38,7 @@ public class ScanAlert implements IScanAlert, Activatable { private final ModelProperties properties; private transient Activator activator; + private String discretionaryHostname; ScanAlert(String key, String name, String title, Severity severity, IScanInstance scanInstance, long requestId) { this.key = key; @@ -67,6 +68,26 @@ public String getTitle() { activate(ActivationPurpose.READ); return title; } + + @Override + public String getDiscretionaryHostname() { + activate(ActivationPurpose.READ); + return this.discretionaryHostname; + } + + @Override + public void setDiscretionaryHostname(String hostname) { + activate(ActivationPurpose.READ); + discretionaryHostname = hostname; + activate(ActivationPurpose.WRITE); + } + + @Override + public void setResource(String resourceString) { + activate(ActivationPurpose.READ); + this.resource = resourceString; + activate(ActivationPurpose.WRITE); + } @Override public void setTemplateName(String name) { @@ -262,4 +283,7 @@ public void bind(Activator activator) { } + + + } diff --git a/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanInstance.java b/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanInstance.java index 6039ae4f..f2c33e69 100644 --- a/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanInstance.java +++ b/platform/com.subgraph.vega.model/src/com/subgraph/vega/internal/model/alerts/ScanInstance.java @@ -158,6 +158,7 @@ public int getScanStatus() { public boolean isActive() { int scanStatus = getScanStatus(); return (scanStatus == SCAN_PROBING || scanStatus == SCAN_STARTING || scanStatus == SCAN_AUDITING); + } @Override diff --git a/platform/com.subgraph.vega.scanner/META-INF/MANIFEST.MF b/platform/com.subgraph.vega.scanner/META-INF/MANIFEST.MF index 212f8997..a6aff729 100644 --- a/platform/com.subgraph.vega.scanner/META-INF/MANIFEST.MF +++ b/platform/com.subgraph.vega.scanner/META-INF/MANIFEST.MF @@ -24,6 +24,7 @@ Import-Package: com.google.common.base, com.subgraph.vega.api.scanner.modules, com.subgraph.vega.api.util, com.subgraph.vega.http.requests.custom, + com.subgraph.vega.sslprobe, org.apache.http;version="4.0.0", org.apache.http.client, org.apache.http.client.entity, diff --git a/platform/com.subgraph.vega.scanner/src/com/subgraph/vega/impl/scanner/Scan.java b/platform/com.subgraph.vega.scanner/src/com/subgraph/vega/impl/scanner/Scan.java index bd6826cc..b446ef00 100644 --- a/platform/com.subgraph.vega.scanner/src/com/subgraph/vega/impl/scanner/Scan.java +++ b/platform/com.subgraph.vega.scanner/src/com/subgraph/vega/impl/scanner/Scan.java @@ -36,6 +36,7 @@ import com.subgraph.vega.api.scanner.modules.IResponseProcessingModule; import com.subgraph.vega.api.scanner.modules.IScannerModule; import com.subgraph.vega.api.scanner.modules.IScannerModuleRegistry; +import com.subgraph.vega.sslprobe.SSLProbe; public class Scan implements IScan { private final Scanner scanner; @@ -44,6 +45,7 @@ public class Scan implements IScan { private IScanInstance scanInstance; // guarded by this private IWorkspace workspace; // guarded by this private ScanProbe scanProbe; // guarded by this + private SSLProbe sslProbe; private IHttpRequestEngine requestEngine; // guarded by this private ScannerTask scannerTask; // guarded by this private Thread scannerThread; // guarded by this @@ -140,6 +142,23 @@ public IScanProbeResult probeTargetUri(URI uri) { } scanProbe = new ScanProbe(uri, requestEngine); + + if (uri.getScheme().contains("https")) { + int sslPort; + String httpHostString; + + if (uri.getPort() == -1) { + sslPort = 443; + httpHostString = "https://" + uri.getHost(); + } else + { + sslPort = uri.getPort(); + httpHostString = "https://" + uri.getHost() + ":" + sslPort; + } + sslProbe = new SSLProbe(scanInstance, uri.getHost(), sslPort, httpHostString); + sslProbe.run(); + } + } final IScanProbeResult probeResult = scanProbe.runProbe(); synchronized(this) { @@ -148,7 +167,7 @@ public IScanProbeResult probeTargetUri(URI uri) { redirectURI = probeResult.getRedirectTarget(); return probeResult; } - + @Override public void startScan() { synchronized(this) { diff --git a/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/alerts/tree/AlertScanNode.java b/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/alerts/tree/AlertScanNode.java index 334b3ace..8f0f90c3 100644 --- a/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/alerts/tree/AlertScanNode.java +++ b/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/alerts/tree/AlertScanNode.java @@ -67,8 +67,9 @@ private String renderScanInstance() { sb.append(" ["); switch(scanInstance.getScanStatus()) { + case IScanInstance.SCAN_PROBING: - sb.append("Probing"); + sb.append("Probing Server"); break; case IScanInstance.SCAN_STARTING: sb.append("Starting"); @@ -104,6 +105,9 @@ public String getImage() { @Override protected String createKeyForAlert(IScanAlert alert) { if(!alert.hasAssociatedRequest()) { + if (alert.getDiscretionaryHostname() != null) { + return alert.getDiscretionaryHostname(); + } return NO_HOSTNAME; } final IRequestLogRecord record = workspace.getRequestLog().lookupRecord(alert.getRequestId()); diff --git a/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/dashboard/CrawlerPane.java b/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/dashboard/CrawlerPane.java index fe4f1278..df20af77 100644 --- a/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/dashboard/CrawlerPane.java +++ b/platform/com.subgraph.vega.ui.scanner/src/com/subgraph/vega/ui/scanner/dashboard/CrawlerPane.java @@ -98,6 +98,7 @@ private void renderProgress() { switch(scannerStatus) { case IScanInstance.SCAN_CONFIG: case IScanInstance.SCAN_PROBING: + progressPane.setLabelText("Probing server.."); case IScanInstance.SCAN_STARTING: case IScanInstance.SCAN_AUDITING: progressPane.setProgressBarValue((int) crawlerPercent);