public class ScriptsActiveScanner extends AbstractAppParamPlugin
Plugin.AlertThreshold, Plugin.AttackStrength
CRLF, PATTERN_PARAM
Constructor and Description |
---|
ScriptsActiveScanner() |
Modifier and Type | Method and Description |
---|---|
int |
getCategory()
Gets the category of this scanner.
|
int |
getCweId()
Gets the CWE ID of the issue(s) raised by the scanner.
|
String[] |
getDependency()
Returns no dependencies by default.
|
String |
getDescription()
Default description of this plugin.
|
int |
getId()
Unique Paros ID of this plugin.
|
String |
getName()
Plugin name.
|
String |
getReference()
Reference document provided by this plugin.
|
int |
getRisk()
Gets the highest risk level of the alerts raised by the plugin.
|
String |
getSolution()
Default solution returned by this plugin.
|
int |
getWascId()
Gets the WASC ID of the issue(s) raised by the scanner.
|
void |
init()
Finishes the initialisation of the plugin, subclasses should add any initialisation
logic/code to this method.
|
boolean |
isStop()
Check if this test should be stopped.
|
void |
raiseAlert(int risk,
int confidence,
String name,
String description,
String uri,
String param,
String attack,
String otherInfo,
String solution,
String evidence,
int cweId,
int wascId,
HttpMessage msg) |
void |
raiseAlert(int risk,
int confidence,
String name,
String description,
String uri,
String param,
String attack,
String otherInfo,
String solution,
String evidence,
String reference,
int cweId,
int wascId,
HttpMessage msg) |
void |
scan()
Scans the target server using the message previously set during initialisation.
|
void |
scan(HttpMessage msg,
String param,
String value)
Plugin method that need to be implemented for the specific test.
|
void |
sendAndReceive(HttpMessage msg)
Sends and receives the given
message , always following redirections. |
void |
sendAndReceive(HttpMessage msg,
boolean isFollowRedirect)
Sends and receives the given
message , optionally following redirections. |
void |
sendAndReceive(HttpMessage msg,
boolean isFollowRedirect,
boolean handleAntiCSRF)
Sends and receives the given
message , optionally following redirections and
optionally regenerating anti-CSRF token, if any. |
String |
setParam(HttpMessage msg,
String param,
String value) |
scan, setEscapedParameter, setParameter
notifyPluginCompleted
bingo, bingo, bingo, bingo, bingo, bingo, cloneInto, compareTo, createParamIfNotExist, equals, getAlertThreshold, getAlertThreshold, getAlertThresholdsSupported, getAttackStrength, getAttackStrength, getAttackStrengthsSupported, getBaseMsg, getCodeName, getConfig, getDelayInMs, getHTMLEncode, getKb, getLog, getNewMsg, getParent, getProperty, getStatus, getTechSet, getTimeFinished, getTimeStarted, getURLDecode, getURLEncode, hashCode, init, inScope, isAnyInScope, isDepreciated, isEnabled, isFileExist, isVisible, loadFrom, matchBodyPattern, matchHeaderPattern, run, saveTo, setAlertThreshold, setAttackStrength, setConfig, setDefaultAlertThreshold, setDefaultAttackStrength, setDelayInMs, setEnabled, setProperty, setStatus, setTechSet, setTimeFinished, setTimeStarted, stripOff, targets, writeProgress
public int getId()
Plugin
public String getName()
Plugin
public String[] getDependency()
AbstractPlugin
getDependency
in interface Plugin
getDependency
in class AbstractPlugin
public String getDescription()
Plugin
public int getCategory()
Plugin
Category
public String getSolution()
Plugin
public String getReference()
Plugin
public void init()
AbstractPlugin
Called after the plugin has been initialised with the message being scanned. By default it does nothing.
Since 2.5.0 it is no longer abstract.
init
in class AbstractPlugin
AbstractPlugin.init(HttpMessage, HostProcess)
public void scan()
Plugin
scan
in interface Plugin
scan
in class AbstractAppParamPlugin
Plugin.init(HttpMessage, HostProcess)
public void scan(HttpMessage msg, String param, String value)
AbstractAppParamPlugin
scan
in class AbstractAppParamPlugin
msg
- a copy of the HTTP message currently under scanningparam
- the name of the parameter under testingvalue
- the clean value (no escaping is needed)public boolean isStop()
AbstractPlugin
isStop
in class AbstractPlugin
true
if the scanner should stop, false
otherwisepublic String setParam(HttpMessage msg, String param, String value)
public void sendAndReceive(HttpMessage msg) throws org.apache.commons.httpclient.HttpException, IOException
AbstractPlugin
message
, always following redirections.
The following changes are made to the request before being sent:
HttpHeader.IF_MODIFIED_SINCE
and HttpHeader.IF_NONE_MATCH
are removed, to always obtain a fresh response;
HttpHeader.CONTENT_LENGTH
is updated, to match the length of the
request body.
HttpSenderListener
(for example, scripts).
sendAndReceive
in class AbstractPlugin
msg
- the message to be sent and receivedorg.apache.commons.httpclient.HttpException
- if a HTTP error occurredIOException
- if an I/O error occurred (for example, read time out)AbstractPlugin.sendAndReceive(HttpMessage, boolean)
,
AbstractPlugin.sendAndReceive(HttpMessage, boolean, boolean)
public void sendAndReceive(HttpMessage msg, boolean isFollowRedirect) throws org.apache.commons.httpclient.HttpException, IOException
AbstractPlugin
message
, optionally following redirections.
The following changes are made to the request before being sent:
HttpHeader.IF_MODIFIED_SINCE
and HttpHeader.IF_NONE_MATCH
are removed, to always obtain a fresh response;
HttpHeader.CONTENT_LENGTH
is updated, to match the length of the
request body.
HttpSenderListener
(for example, scripts).
sendAndReceive
in class AbstractPlugin
msg
- the message to be sent and receivedisFollowRedirect
- true
if redirections should be followed, false
otherwiseorg.apache.commons.httpclient.HttpException
- if a HTTP error occurredIOException
- if an I/O error occurred (for example, read time out)AbstractPlugin.sendAndReceive(HttpMessage)
,
AbstractPlugin.sendAndReceive(HttpMessage, boolean, boolean)
public void sendAndReceive(HttpMessage msg, boolean isFollowRedirect, boolean handleAntiCSRF) throws org.apache.commons.httpclient.HttpException, IOException
AbstractPlugin
message
, optionally following redirections and
optionally regenerating anti-CSRF token, if any.
The following changes are made to the request before being sent:
HttpHeader.IF_MODIFIED_SINCE
and HttpHeader.IF_NONE_MATCH
are removed, to always obtain a fresh response;
HttpHeader.CONTENT_LENGTH
is updated, to match the length of the
request body.
HttpSenderListener
(for example, scripts).
sendAndReceive
in class AbstractPlugin
msg
- the message to be sent and receivedisFollowRedirect
- true
if redirections should be followed, false
otherwisehandleAntiCSRF
- true
if the anti-CSRF token present in the request should be
handled/regenerated, false
otherwiseorg.apache.commons.httpclient.HttpException
- if a HTTP error occurredIOException
- if an I/O error occurred (for example, read time out)AbstractPlugin.sendAndReceive(HttpMessage)
,
AbstractPlugin.sendAndReceive(HttpMessage, boolean)
public void raiseAlert(int risk, int confidence, String name, String description, String uri, String param, String attack, String otherInfo, String solution, String evidence, int cweId, int wascId, HttpMessage msg)
public void raiseAlert(int risk, int confidence, String name, String description, String uri, String param, String attack, String otherInfo, String solution, String evidence, String reference, int cweId, int wascId, HttpMessage msg)
public int getRisk()
Plugin
getRisk
in interface Plugin
getRisk
in class AbstractPlugin
Alert.RISK_HIGH
,
Alert.RISK_MEDIUM
,
Alert.RISK_LOW
,
Alert.RISK_INFO
public int getCweId()
Plugin
getCweId
in interface Plugin
getCweId
in class AbstractPlugin
public int getWascId()
Plugin
getWascId
in interface Plugin
getWascId
in class AbstractPlugin