Changeset 131
- Timestamp:
- 12/20/06 11:09:37 (2 years ago)
- Files:
-
- honeyclient/trunk (modified) (1 prop)
- honeyclient/trunk/bin/StartAgent.pl (modified) (2 diffs, 1 prop)
- honeyclient/trunk/bin/StartManager.pl (modified) (3 diffs, 1 prop)
- honeyclient/trunk/bin/TestRegistry.pl (copied) (copied from honeyclient/tags/bug/POST-42/bin/TestRegistry.pl)
- honeyclient/trunk/etc/file_checklist.txt (copied) (copied from honeyclient/tags/bug/POST-42/etc/file_checklist.txt)
- honeyclient/trunk/etc/honeyclient.xml (modified) (7 diffs, 1 prop)
- honeyclient/trunk/etc/honeyclient_log.conf (modified) (2 diffs, 1 prop)
- honeyclient/trunk/etc/inline2test.conf (modified) (1 prop)
- honeyclient/trunk/lib/HoneyClient/Agent.pm (modified) (8 diffs, 2 props)
- honeyclient/trunk/lib/HoneyClient/Agent/Driver.pm (modified) (3 diffs, 2 props)
- honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser.pm (modified) (26 diffs, 1 prop)
- honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/FF.pm (modified) (2 diffs, 1 prop)
- honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/IE.pm (modified) (1 diff, 2 props)
- honeyclient/trunk/lib/HoneyClient/Agent/Integrity (copied) (copied from honeyclient/tags/bug/POST-42/lib/HoneyClient/Agent/Integrity)
- honeyclient/trunk/lib/HoneyClient/Agent/Integrity.pm (modified) (25 diffs, 1 prop)
- honeyclient/trunk/lib/HoneyClient/Manager.pm (modified) (2 diffs, 2 props)
- honeyclient/trunk/lib/HoneyClient/Manager/FW.pm (modified) (6 diffs, 1 prop)
- honeyclient/trunk/lib/HoneyClient/Manager/VM.pm (modified) (4 diffs, 1 prop)
- honeyclient/trunk/lib/HoneyClient/Util/Config.pm (modified) (5 diffs, 1 prop)
- honeyclient/trunk/lib/HoneyClient/Util/SOAP.pm (modified) (3 diffs, 1 prop)
- honeyclient/trunk/t/honeyclient_agent.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_agent.t)
- honeyclient/trunk/t/honeyclient_agent_driver.t (modified) (1 diff)
- honeyclient/trunk/t/honeyclient_agent_driver_browser.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_agent_driver_browser.t)
- honeyclient/trunk/t/honeyclient_agent_driver_browser_ie.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_agent_driver_browser_ie.t)
- honeyclient/trunk/t/honeyclient_agent_integrity.t (modified) (3 diffs)
- honeyclient/trunk/t/honeyclient_agent_integrity_registry.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_agent_integrity_registry.t)
- honeyclient/trunk/t/honeyclient_agent_integrity_registry_parser.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_agent_integrity_registry_parser.t)
- honeyclient/trunk/t/honeyclient_manager.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_manager.t)
- honeyclient/trunk/t/honeyclient_manager_fw.t (copied) (copied from honeyclient/tags/bug/POST-42/t/honeyclient_manager_fw.t)
- honeyclient/trunk/t/honeyclient_manager_vm.t (modified) (2 diffs)
- honeyclient/trunk/t/honeyclient_util_config.t (modified) (3 diffs)
- honeyclient/trunk/t/honeyclient_util_soap.t (modified) (1 diff)
- honeyclient/trunk/t/test_registry (copied) (copied from honeyclient/tags/bug/POST-42/t/test_registry)
- honeyclient/trunk/thirdparty/xpath-23934.patch (copied) (copied from honeyclient/tags/bug/POST-42/thirdparty/xpath-23934.patch)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeyclient/trunk
- Property sc:bug-fix-release-branch set to 0.9
honeyclient/trunk/bin/StartAgent.pl
- Property svn:keywords set to Id "$file"
r13 r131 1 #!perl -w 1 #!perl -w -Ilib 2 3 # $Id$ 2 4 3 5 use strict; … … 35 37 print "Watchdog fault detected, recovering Agent daemon.\n"; 36 38 # XXX: Reenable this, eventually. 37 #Carp::carp __PACKAGE__ . "->_watchdogFaultHandler(): Error occurred during processing.\n" . $errMsg;39 #Carp::carp __PACKAGE__ . "->_watchdogFaultHandler(): Error occurred during processing.\n" . $errMsg; 38 40 39 41 honeyclient/trunk/bin/StartManager.pl
- Property svn:keywords set to Id "$file"
r13 r131 1 #!/usr/bin/perl -w 1 #!perl -w -Ilib 2 3 # $Id$ 2 4 3 5 use strict; … … 20 22 my $agentState = HoneyClient::Manager->run( 21 23 driver => 'IE', # Change to 'IE' or 'FF' 22 master_vm_config => '/vm/Agent.Master- 2/winXPPro.cfg',24 master_vm_config => '/vm/Agent.Master-7/winXPPro.cfg', 23 25 agent_state => encode_base64(nfreeze({ 24 26 IE => { # Change to 'IE' or 'FF' … … 26 28 # Enable this line, if you want to only go to the 27 29 # first 5 links for each domain. 28 #max_relative_links_to_visit => 5,30 max_relative_links_to_visit => 5, 29 31 }, 30 32 })), honeyclient/trunk/etc/honeyclient.xml
- Property svn:keywords set to Id "$file"
r13 r131 9 9 For information about the syntax of this file format, please type 10 10 "perldoc XML::Simple". 11 12 CVS: $Id$ 11 13 12 14 ####################################################################### … … 45 47 <HoneyClient> 46 48 <!-- Global Options --> 47 <timeout description="Default timeout used for all communications between each module (in seconds)." default="600"> 48 600 49 <!-- Note: This timeout should be long enough so that the Agent watchdog code will properly let the integrity checking code finish, before detecting a faulty timeout in processing. --> 50 <timeout description="Default timeout used for all communications between each module (in seconds)." default="900"> 51 1800 49 52 </timeout> 50 53 <log_config description="The global Log4perl configuration file, used throughout all modules. This setting should not need to be changed." default="etc/honeyclient_log.conf"> … … 69 72 </timeout> 70 73 <Browser> 71 72 73 74 <!-- HoneyClient::Agent::Driver::IE Options --> 75 <!-- TODO: Update this. --> 76 <ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0"> 74 77 1 75 78 </ignore_links_timed_out> 76 77 79 <!-- TODO: Update this. --> 80 <process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe"> 78 81 iexplore.exe 79 82 </process_name> 80 83 <max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1"> 81 84 -1 82 85 </max_relative_links_to_visit> 83 84 85 86 86 <IE> 87 <!-- HoneyClient::Agent::Driver::IE Options --> 88 <!-- TODO: Update this. --> 89 <ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0"> 87 90 1 88 91 </ignore_links_timed_out> 89 90 92 <!-- TODO: Update this. --> 93 <process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe"> 91 94 iexplore.exe 92 95 </process_name> 93 96 <max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1"> 94 97 -1 95 98 </max_relative_links_to_visit> 96 99 </IE> 97 100 <FF> 98 101 <max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1"> 99 102 5 100 103 </max_relative_links_to_visit> 101 102 104 <!-- http://gatekeeper-w.mitre.org:80 --> 105 <http_proxy description="Set to your HTTP Proxy if you have one, otherwise set to 'none'"> 103 106 none 104 107 </http_proxy> 105 108 <ff_exec description="path to the firefox executable (default install path is C:\Program Files\Mozilla Firefox\firefox.exe)"> 106 109 C:\Program Files\Mozilla Firefox\firefox.exe 107 110 </ff_exec> 108 111 </FF> 109 112 </Browser> 110 113 <EmailClient> … … 112 115 </Driver> 113 116 <perform_integrity_checks description="An integer, representing whether the Agent should perform any integrity checks. 1 enables, 0 disables." default="1"> 114 0117 1 115 118 </perform_integrity_checks> 116 119 <!-- HoneyClient::Agent::Integrity Options --> … … 118 121 <!-- Files which are read in only. --> 119 122 <!-- TODO: Update this. --> 120 <file_checklist description="The file containing the list of files and directories to check during filesystem checking." >121 none123 <file_checklist description="The file containing the list of files and directories to check during filesystem checking." default="none"> 124 etc/file_checklist.txt 122 125 </file_checklist> 123 126 <!-- TODO: Update this. --> 124 <file_exclude description="The file containing the list of files or directories to exclude if found in subdirectories during filesystem checking." >125 /tmp/file_exclude.txt127 <file_exclude description="The file containing the list of files or directories to exclude if found in subdirectories during filesystem checking." default="none"> 128 ../../../etc/file_exclude.txt 126 129 </file_exclude> 127 <!-- TODO: Update this. -->128 <reg_list_to_check description="The file containing the list of registry keys to check.">129 /tmp/reg_list_to_check.txt130 </reg_list_to_check>131 130 <!-- Files which are written out only. --> 132 131 <!-- TODO: Update this. --> … … 140 139 <!-- Files to read and write. --> 141 140 <!-- TODO: Update this. --> 142 <clean_reg description="Stores baseline for the registry. Always appended with a number.">143 clean.reg144 </clean_reg>145 <!-- TODO: Update this. -->146 <current_reg description="Stores the current state of the register to check against the clean state.">147 current.reg148 </current_reg>149 <!-- TODO: Update this. -->150 <diffs description="The file for the diff command to redirect its output to. Always appended with a number.">151 differences.out152 </diffs>153 <!-- TODO: Update this. -->154 141 <test_dir description="If you're testing integrity checks, this is the directory that you can specify to minimize testing time. Only the files in this directory will be part of the integrity check."> 155 142 ../t/testintegrity 156 143 </test_dir> 144 <Registry> 145 <!-- HoneyClient::Agent::Integrity::Registry::Test Options --> 146 <Test> 147 <!-- 148 Note: you should *never* need to change *any* values 149 within this section of the configuration. All contents 150 are *only* used for unit testing. 151 --> 152 <before_registry_file description="The relative path to a (before) sample registry dump, that's used during unit testing." default="t/test_registry/before.reg"> 153 t/test_registry/before.reg 154 </before_registry_file> 155 <after_registry_file description="The relative path to an (after) sample registry dump, that's used during unit testing." default="t/test_registry/after.reg"> 156 t/test_registry/after.reg 157 </after_registry_file> 158 </Test> 159 <Parser> 160 <!-- HoneyClient::Agent::Integrity::Registry::Parser::Test Options --> 161 <Test> 162 <!-- 163 Note: you should *never* need to change *any* values 164 within this section of the configuration. All contents 165 are *only* used for unit testing. 166 --> 167 <registry_file description="The relative path to a sample registry dump, that's used during unit testing." default="t/test_registry/dump.reg"> 168 t/test_registry/dump.reg 169 </registry_file> 170 </Test> 171 </Parser> 172 </Registry> 157 173 </Integrity> 158 174 </Agent> … … 314 330 are *only* used for unit testing. 315 331 --> 316 <!-- TODO: Update this. -->317 332 <test_vm_config description="The relative path to the (empty) test VM, that's used during unit testing." default="t/testVM/winXPPro.vmx"> 318 333 t/testVM/winXPPro.vmx honeyclient/trunk/etc/honeyclient_log.conf
- Property svn:keywords set to Id "$file"
r13 r131 7 7 # modules. 8 8 # 9 # CVS: $Id : honeylog.conf 1099 2006-06-29 22:38:16Z jdurick$9 # CVS: $Id$ 10 10 # 11 11 # @author jdurick, kindlund … … 60 60 61 61 log4perl.rootLogger=INFO, Screen 62 # Suppress Parser Debugging Messages 63 #log4perl.logger.HoneyClient.Agent.Integrity.Registry.Parser=INFO, Screen 62 64 log4perl.appender.Screen=Log::Log4perl::Appender::Screen 63 65 # If you want colorized logging to the screen, enable this line, instead. 64 66 #log4perl.appender.Screen=Log::Log4perl::Appender::ScreenColoredLevels 65 67 log4perl.appender.Screen.stderr=0 66 log4perl.appender.Screen.Threshold= INFO68 log4perl.appender.Screen.Threshold=DEBUG 67 69 log4perl.appender.Screen.layout=Log::Log4perl::Layout::PatternLayout 68 70 log4perl.appender.Screen.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %5p [%M] (%F:%L) - %m%n honeyclient/trunk/etc/inline2test.conf
- Property svn:keywords set to Id "$file"
honeyclient/trunk/lib/HoneyClient/Agent.pm
- Property svn:executable deleted
- Property svn:keywords set to Id "$file"
r13 r131 5 5 # Description: Central library used for agent-based operations. 6 6 # 7 # CVS: $Id : Agent.pm 1049 2006-06-28 16:37:41Z flindiakos$7 # CVS: $Id$ 8 8 # 9 9 # @author knwang, ttruong, kindlund … … 210 210 # TODO: Update unit tests to include 'dclone' 211 211 use Storable qw(nfreeze thaw dclone); 212 $Storable::Deparse = 1; 213 $Storable::Eval = 1; 212 214 213 215 # Include Base64 Libraries … … 236 238 our $PERFORM_INTEGRITY_CHECKS : shared = 237 239 getVar(name => "perform_integrity_checks"); 240 241 # A globally shared, serialized hashtable, containing the 242 # initialized integrity state of the VM -- ready to be checked 243 # against, at any time. 244 our $integrityState : shared = undef; 238 245 239 246 # A globally shared, serialized hashtable, containing data per … … 359 366 $driverUpdateQueues{$driverName} = new Thread::Queue; 360 367 } 368 369 # Perform initial integrity baseline check. 370 #my $integrity = undef; 371 #if ($PERFORM_INTEGRITY_CHECKS) { 372 # print "Initializing Integrity Check...\n"; 373 # # TODO: Initialize Integrity Checks 374 # $integrity = HoneyClient::Agent::Integrity->new(); 375 # $integrity->initAll(); 376 #} 377 #$integrityState = $integrity->serialize(); 361 378 362 379 # Release data lock. … … 688 705 eval { 689 706 690 my $integrity = undef;691 if ($PERFORM_INTEGRITY_CHECKS) {692 print "Initializing Filesystem Integrity Check...\n";693 # TODO: Initialize Integrity Checks694 $integrity = HoneyClient::Agent::Integrity->new();695 $integrity->initAll();696 }697 698 707 ################################### 699 708 ### Driver Initialization Phase ### 700 709 ################################### 710 711 # Initially set local integrity object to undef. 712 my $integrity = undef; 701 713 702 714 # Initially set all driver objects to undef. … … 705 717 # Acquire lock on stored driver state. 706 718 $data = _lock(); 719 720 if ($PERFORM_INTEGRITY_CHECKS) { 721 # XXX: WARNING - The $integrityState object data is NOT thread-safe 722 # (since it relies on external data stored on the file system). 723 # As such, do NOT try to call integrity checks on multiple, simultaneous 724 # asynchronous threaded drivers. 725 #$integrity = thaw($integrityState); 726 # Perform initial integrity baseline check. 727 print "Initializing Integrity Check...\n"; 728 # TODO: Initialize Integrity Checks 729 $integrity = HoneyClient::Agent::Integrity->new(); 730 $integrity->initAll(); 731 732 # TODO: Delete this. 733 #$Data::Dumper::Indent = 1; 734 #$Data::Dumper::Terse = 1; 735 #print "Integrity: " . Dumper($integrity) . "\n"; 736 } 707 737 708 738 # Now, initialize each driver object. … … 805 835 # For now, we update a scalar called 'is_compromised' within 806 836 # the $data->{$driverName}->{'status'} sub-hashtable. 807 print "Performing Filesystem Integrity Check...\n";837 print "Performing Integrity Checks...\n"; 808 838 if ($integrity->checkAll()) { 809 839 print "Integrity Check: FAILED\n"; … … 1099 1129 =head1 SEE ALSO 1100 1130 1101 XXX: Fill this in. 1102 1103 XXX: If you have a mailing list, mention it here. 1104 1105 XXX: If you have a web site set up for your module, mention it here. 1131 L<http://www.honeyclient.org/trac> 1106 1132 1107 1133 =head1 REPORTING BUGS 1108 1134 1109 XXX: Mention website/mailing list to use, when reporting bugs. 1135 L<http://www.honeyclient.org/trac/newticket> 1110 1136 1111 1137 =head1 ACKNOWLEDGEMENTS honeyclient/trunk/lib/HoneyClient/Agent/Driver.pm
- Property svn:executable deleted
- Property svn:keywords set to Id "$file"
r13 r131 6 6 # HoneyClient VM. 7 7 # 8 # CVS: $Id : Driver.pm 1412 2006-10-18 20:33:18Z kindlund$8 # CVS: $Id$ 9 9 # 10 10 # @author knwang, ttruong, kindlund … … 160 160 # Make sure Log::Log4perl loads 161 161 BEGIN { use_ok('Log::Log4perl', qw(:nowarn)) 162 or diag("Can't load Log::Log4perl package. Check to make sure the package library is correctly li nsted within the path.");162 or diag("Can't load Log::Log4perl package. Check to make sure the package library is correctly listed within the path."); 163 163 164 164 # Suppress all logging messages, since we need clean output for unit testing. … … 697 697 L<perltoot/"Autoloaded Data Methods"> 698 698 699 XXX: If you have a mailing list, mention it here. 700 701 XXX: If you have a web site set up for your module, mention it here. 699 L<http://www.honeyclient.org/trac> 702 700 703 701 =head1 REPORTING BUGS 704 702 705 XXX: Mention website/mailing list to use, when reporting bugs. 703 L<http://www.honeyclient.org/trac/newticket> 706 704 707 705 =head1 AUTHORS honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser.pm
- Property svn:keywords set to Id "$file"
r13 r131 7 7 # HoneyClient VM. 8 8 # 9 # CVS: $Id : Browser.pm 1423 2006-11-6 14:21:47Z stephenson$9 # CVS: $Id$ 10 10 # 11 11 # @author knwang, kindlund, stephenson … … 84 84 $browser->{links_to_visit}->{'http://www.mitre.org'} = 1; 85 85 86 # Now, drive IEfor one iteration.86 # Now, drive the browser for one iteration. 87 87 $browser->drive(); 88 88 … … 90 90 91 91 This library allows the Agent module to drive an instance of any broswer, 92 running inside the HoneyClient VM. The purpose 93 of this module is to programmatically navigate the browser to different 94 websites, in order to become purposefully infected with new malware. 95 The module implements the logic necessary to decide the order in which 96 the 92 running inside the HoneyClient VM. The purpose of this module is to 93 programmatically navigate the browser to different websites, in order to 94 become purposefully infected with new malware. 97 95 98 96 This module is object-oriented in design, retaining all state information … … 175 173 # Do not simply export all your public functions/methods/constants. 176 174 177 # This allows declaration use HoneyClient::Agent::Driver:: IE':all';175 # This allows declaration use HoneyClient::Agent::Driver::Browser ':all'; 178 176 # If you do not need this, moving things directly into @EXPORT or @EXPORT_OK 179 177 # will save memory. … … 213 211 214 212 # Use Storable Library 213 # TODO: Need unit testing. 215 214 use Storable qw(dclone); 216 215 … … 240 239 =head1 DEFAULT PARAMETER LIST 241 240 242 When a n IEB<$object> is instantiated using the B<new()> function,241 When a Browser B<$object> is instantiated using the B<new()> function, 243 242 the following parameters are supplied default values. Each value 244 243 can be overridden by specifying the new (key => value) pair into the … … 302 301 This parameter is a hashtable of fully qualified URLs, such that each 303 302 URL shares a common B<hostname>. This is an internal hashtable used 304 by the IE driver that should be initially empty. As the IE driver305 extracts and removes new URLs off the B<links_to_visit> hashtable,303 by the Browser driver that should be initially empty. As the Browser 304 driver extracts and removes new URLs off the B<links_to_visit> hashtable, 306 305 driving the browser to each URL, any B<relative> links found are 307 306 added into this hashtable; any B<external> links found are added … … 364 363 =over 4 365 364 366 A string containing the process name of the Internet Explorer 367 browser application, as it appears in the Task Manager. This is 368 usually called "iexplore.exe". 365 A string containing the process name of the browser application, 366 as it appears in the Task Manager. 369 367 370 368 =back … … 458 456 ignore_links_timed_out => getVar(name => "ignore_links_timed_out"), 459 457 460 # A string containing the process name of the Internet Explorer 461 # browser application, as it appears in the Task Manager. This is 462 # usually called "iexplore.exe". 458 # A string containing the process name of the browser application, 459 # as it appears in the Task Manager. 463 460 process_name => getVar(name => "process_name"), 464 461 … … 495 492 # 'links_to_visit' hashtable is checked. 496 493 # 497 # Inputs: HoneyClient::Agent::Driver:: IEobject494 # Inputs: HoneyClient::Agent::Driver::Browser object 498 495 # Outputs: link, or undef if all applicable scalars/hashtables are empty 499 496 sub _getNextLink { … … 682 679 # hash. 683 680 # 684 # Inputs: HoneyClient::Agent::Driver:: IEobject,681 # Inputs: HoneyClient::Agent::Driver::Browser object, 685 682 # hostname[:port] of referring URL, 686 683 # array of URL strings 687 # Outputs: HoneyClient::Agent::Driver:: IEobject684 # Outputs: HoneyClient::Agent::Driver::Browser object 688 685 sub _processLinks { 689 686 … … 751 748 # already in the hashtable. 752 749 # 753 # Inputs: HoneyClient::Agent::Driver:: IEobject, url to validate750 # Inputs: HoneyClient::Agent::Driver::Browser object, url to validate 754 751 # Outputs: url if valid, empty string if invalid 755 752 sub _validateLink { … … 838 835 =head1 METHODS IMPLEMENTED 839 836 840 The following functions have been implemented by the IEdriver. Many837 The following functions have been implemented by the Browser driver. Many 841 838 of these methods were implementations of the parent Driver interface. 842 839 … … 845 842 Driver interface, see the L<HoneyClient::Agent::Driver> documentation. 846 843 847 =head2 HoneyClient::Agent::Driver:: IE->new($param => $value, ...)844 =head2 HoneyClient::Agent::Driver::Browser->new($param => $value, ...) 848 845 849 846 =over 4 850 847 851 Creates a new IEdriver object, which contains a hashtable848 Creates a new Browser driver object, which contains a hashtable 852 849 containing any of the supplied "param => value" arguments. 853 850 … … 859 856 corresponding $value(s) B<must> also be specified. 860 857 861 I<Output>: The instantiated IEdriver B<$object>, fully initialized.858 I<Output>: The instantiated Browser driver B<$object>, fully initialized. 862 859 863 860 =back … … 921 918 =pod 922 919 923 =head2 $object->drive( )920 =head2 $object->drive(url => $url) 924 921 925 922 =over 4 926 923 927 Drives an instance of Microsoft Internet Explorer for one iteration,924 Drives an instance of the browser for one iteration, 928 925 navigating to the next URL and updating the driver's corresponding 929 926 internal hashtables accordingly. … … 933 930 the "DEFAULT PARAMETER LIST" section. 934 931 935 Once a drive() iteration has completed, the corresponding Microsoft 936 Internet Explorer browser process is terminated. Thus, each call to 937 drive() invokes a new instance of the browser. 938 939 I<Output>: The updated IE driver B<$object>, containing state information 940 from driving Microsoft Internet Explorer for one iteration. 941 942 B<Warning>: This method will B<croak> if the IE driver object is B<unable> 932 Once a drive() iteration has completed, the corresponding browser process 933 is terminated. Thus, each call to drive() invokes a new instance of the 934 browser. 935 936 I<Inputs>: 937 B<$url> is an optional argument, specifying the next immediate URL the browser must drive to. 938 939 I<Output>: The updated Browser driver B<$object>, containing state information 940 from driving the browser for one iteration. 941 942 B<Warning>: This method will B<croak> if the Browser driver object is B<unable> 943 943 to navigate to a new link, because its list of links to visit is empty. 944 944 … … 1090 1090 =over 4 1091 1091 1092 Returns the next URL that the Microsoft Internet Explorer browser will 1093 navigate to, upon the next subsequent call to the B<$object>'s drive() 1094 method. 1092 Returns the next URL that the browser will navigate to, upon the next 1093 subsequent call to the B<$object>'s drive() method. 1095 1094 1096 1095 I<Output>: The next URL that the browser will be driven to. The returned 1097 data may be undef, if the IEdriver is finished and there are no links1096 data may be undef, if the Browser driver is finished and there are no links 1098 1097 left to navigate to. 1099 1098 … … 1145 1144 1146 1145 Returns the next set of server hostnames and/or IP addresses that the 1147 Microsoft Internet Explorer browser will contact, upon the next subsequent 1148 call to the B<$object>'sdrive() method.1146 browser will contact, upon the next subsequent call to the B<$object>'s 1147 drive() method. 1149 1148 1150 1149 Specifically, the returned data is a reference to a hashtable, containing … … 1276 1275 =over 4 1277 1276 1278 Indicates if the IE driver B<$object> has driven the Microsoft Internet1279 Explorer browserto all possible links it has found within its hashtables1277 Indicates if the Browser driver B<$object> has driven the browser 1278 process to all possible links it has found within its hashtables 1280 1279 and is unable to navigate the browser further without additional, external 1281 1280 input. 1282 1281 1283 I<Output>: True if the IEdriver B<$object> is finished, false otherwise.1284 1285 B<Note>: Additional links can be fed to this IEdriver at any time, by1282 I<Output>: True if the Browser driver B<$object> is finished, false otherwise. 1283 1284 B<Note>: Additional links can be fed to this Browser driver at any time, by 1286 1285 simply adding new hashtable entries to the B<links_to_visit> hashtable 1287 1286 within the B<$object>. 1288 1287 1289 1288 For example, if you wanted to add the URL "http://www.mitre.org" 1290 to the IEdriver B<$object>, simply use the following code:1289 to the Browser driver B<$object>, simply use the following code: 1291 1290 1292 1291 $object->{links_to_visit}->{'http://www.mitre.org'} = 1; … … 1328 1327 =over 4 1329 1328 1330 Returns the current status of the IEdriver B<$object>, as it's state1329 Returns the current status of the Browser driver B<$object>, as it's state 1331 1330 exists, between subsequent calls to $object->driver(). 1332 1331 1333 1332 Specifically, the data returned is a reference to a hashtable, 1334 1333 containing specific statistical information about the status 1335 of the IEdriver's progress, between iterations of driving the1336 Microsoft Internet Explorer browser.1334 of the Browser driver's progress, between iterations of driving the 1335 browser process. 1337 1336 1338 1337 The following is an example hashtable, containing all the … … 1351 1350 1352 1351 I<Output>: A corresponding B<$hashref>, containing statistical information 1353 about the IEdriver's progress, as previously mentioned.1352 about the Browser driver's progress, as previously mentioned. 1354 1353 1355 1354 # XXX: Resolve this, per parent Driver description. … … 1420 1419 =head1 BUGS & ASSUMPTIONS 1421 1420 1422 This module makes extensive use of the Win32::IE::Mechanize module.1423 Any bugs found within that library will most likely be present here.1424 1425 1421 In a nutshell, this object is nothing more than a blessed anonymous 1426 1422 reference to a hashtable, where (key => value) pairs are defined in … … 1430 1426 or overriding (key => value) pairs. 1431 1427 1432 However, additional links can be fed to any IEdriver at any time, by1428 However, additional links can be fed to any Browser driver at any time, by 1433 1429 simply adding new hashtable entries to the B<links_to_visit> hashtable 1434 1430 within the B<$object>. 1435 1431 1436 1432 For example, if you wanted to add the URL "http://www.mitre.org" 1437 to the IEdriver B<$object>, simply use the following code:1433 to the Browser driver B<$object>, simply use the following code: 1438 1434 1439 1435 $object->{links_to_visit}->{'http://www.mitre.org'} = 1; 1440 1436 1441 XXX: At some point, we may want to replace all the instances of '1' 1442 with more useful data, like a sub-hashtable that contains a set of 1443 L<Win32::OLE> options that would be fed directly into each 1444 instance of Win32::IE::Mechanize->new(%options). 1445 1446 In general, the IE driver does B<not> know how many links it will 1437 In general, the Browser driver does B<not> know how many links it will 1447 1438 ultimately end up browsing to, until it conducts an exhaustive 1448 1439 spider of all initial URLs supplied. As such, expect the output … … 1463 1454 =head1 SEE ALSO 1464 1455 1465 Win32::IE::Mechanize 1466 1467 Win32::OLE 1468 1469 XXX: If you have a mailing list, mention it here. 1470 1471 XXX: If you have a web site set up for your module, mention it here. 1456 L<http://www.honeyclient.org/trac> 1472 1457 1473 1458 =head1 REPORTING BUGS 1474 1459 1475 XXX: Mention website/mailing list to use, when reporting bugs. 1460 L<http://www.honeyclient.org/trac/newticket> 1476 1461 1477 1462 =head1 AUTHORS … … 1482 1467 1483 1468 Darien Kindlund, E<lt>kindlund@mitre.orgE<gt> 1469 1470 Brad Stephenson, E<lt>stephenson@mitre.orgE<gt> 1484 1471 1485 1472 =head1 COPYRIGHT & LICENSE honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/FF.pm
- Property svn:keywords set to Id "$file"
r13 r131 1301 1301 =head1 SEE ALSO 1302 1302 1303 L<http://www.honeyclient.org/trac> 1304 1303 1305 LWP::UserAgent 1304 1306 … … 1311 1313 HoneyClient::Agent::Driver::IE 1312 1314 1313 1314 XXX: If you have a mailing list, mention it here.1315 1316 XXX: If you have a web site set up for your module, mention it here.1317 1318 1315 =head1 REPORTING BUGS 1319 1316 1320 XXX: Mention website/mailing list to use, when reporting bugs. 1317 L<http://www.honeyclient.org/trac/newticket> 1321 1318 1322 1319 =head1 AUTHORS honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/IE.pm
- Property svn:executable deleted
- Property svn:keywords set to Id "$file"
r13 r131 7 7 # HoneyClient VM. 8 8 # 9 # CVS: $Id : IE.pm 1599 2006-11-08 20:04:30Z kindlund$9 # CVS: $Id$ 10 10 # 11 11 # @author knwang, ttruong, kindlund, stephenson honeyclient/trunk/lib/HoneyClient/Agent/Integrity.pm
- Property svn:keywords set to Id "$file"
r13 r131 1 1 ################################################################################ 2 # Created on: June 1, 20062 # Created on: June 01, 2006 3 3 # Package: HoneyClient::Agent 4 4 # File: Integrity.pm 5 # Description: Module for checking the system integrity for possible modification 5 # Description: Module for checking the system integrity for possible 6 # modifications. 6 7 # 7 8 # @author knwang, xkovah, ttruong … … 26 27 ################################################################################ 27 28 28 29 30 29 =pod 31 30 … … 105 104 can_ok('HoneyClient::Agent::Integrity', 'initFileSystem'); 106 105 can_ok('HoneyClient::Agent::Integrity', 'checkFileSystem'); 107 can_ok('HoneyClient::Agent::Integrity', 'initRegistry'); 108 can_ok('HoneyClient::Agent::Integrity', 'checkRegistry'); 109 use HoneyClient::Agent::Integrity qw(initAll checkAll initRegistry checkRegistry initFileSystem checkFileSystem); 106 use HoneyClient::Agent::Integrity qw(initAll checkAll initFileSystem checkFileSystem); 110 107 111 108 # Make sure HoneyClient::Util::Config loads. … … 134 131 135 132 # Make sure Storable loads. 136 BEGIN { use_ok('Storable', qw(dclone )) or diag("Can't load Storable package. Check to make sure the package library is correctly listed within the path."); }133 BEGIN { use_ok('Storable', qw(dclone nfreeze thaw)) or diag("Can't load Storable package. Check to make sure the package library is correctly listed within the path."); } 137 134 require_ok('Storable'); 138 135 can_ok('Storable', 'dclone'); 139 use Storable qw(dclone); 136 can_ok('Storable', 'nfreeze'); 137 can_ok('Storable', 'thaw'); 138 use Storable qw(dclone nfreeze thaw); 140 139 141 140 ###Testing Globals### … … 159 158 # Include Global Configuration Processing Library 160 159 use HoneyClient::Util::Config qw(getVar); 160 use HoneyClient::Agent::Integrity::Registry; 161 161 use File::Find qw(find); 162 162 #use Win32::TieRegistry; 163 163 use Digest::MD5; 164 164 use MIME::Base64; 165 use Switch; 166 use Storable qw(dclone); 165 use Storable qw(nfreeze thaw dclone); 166 $Storable::Deparse = 1; 167 $Storable::Eval = 1; 167 168 use Data::Dumper; 169 use File::Basename qw(dirname); 168 170 169 171 BEGIN { … … 178 180 179 181 # Symbols to export on request 180 @EXPORT = qw(new initAll checkAll initRegistry checkRegistry initFileSystem checkFileSystem);182 @EXPORT = qw(new initAll checkAll); 181 183 182 184 # Items to export into callers namespace by default. Note: do not export … … 208 210 #Used *for now* to signal whether any changes occured (if they == 1) 209 211 my $g_fs_changes = 0; 210 my $g_reg_changes = 0; 211 212 #Used to initialize a default registry space to check if they don't specify anything when creating the object 213 my @default_reg_check_array = ("HKEY_LOCAL_MACHINE", "HKEY_CLASSES_ROOT", "HKEY_CURRENT_USER", "HKEY_USERS", "HKEY_CURRENT_CONFIG"); 214 215 #I h