Response Flagging

[forced-request]

Description

httpillage should be able to parse data from the response and use the results to flag the C&C. This will be useful for detecting successful vulnerabilities, etc.

Response should be able to match a regular expression, or find a string.

DB Structure

Create two tables: response_flag_meta and response_flags

response_flag_meta -- Represents the data to be scanned. One job can have many response_flag_meta. Columns: match_type (string or pattern), match_value, job_id

response_flags -- Created when client discovers a matching response. Columns: matched_string, http_request, node id, job id, timestamp.

API Changes

Create new API endpoint POST /api/job/:nodeid/:jobid/response_match. Create new controller: response_flag_controller

JSON data includes: matched_string, http_request (entire, raw request, base64), timestamp (from client).

App Changes

Create new model: response_flag_meta Create new model: response_flags Modify controller method: job#create -- allow creation of several response_flag_meta Modify View: job/new.html.erb -- Provide ability to create multiple response_flag_meta Modify View: job/show.html.erb -- Show a list of requests that match the associated response_flags

[forced-request]

@meowris This will have a UI component. Essentially, need a way to easily view responses that match a certain condition for a job.

[forced-request]

This is basically done. Need to add the following:

1. Ability to download raw http response from UI.
2. Ability to store and view associated payload.

[forced-request]

Need to add ability to scan 400 + 500 respones codes.

[forced-request]

Waiting on bugfix / solution for https://github.com/sparklemotion/mechanize/issues/446