httpush-devel — HTTPush core and plugins development discussion list

[httpush-devel] Plugin documentation review

[Lluis M. <ll...@gi...>]

Hi all,

This last week I've been working on the plugin interface
to HTTPush. The current CVS code currently sports a
couple of functional (useless) plugins:

- Automatically retrieve whois information for domains
audited
- Create a log file using the old "pre-XML" format.

I've posted a plugin reference to the documentation
section, you can find it at
http://sourceforge.net/docman/display_doc.php?docid=6005&group_id=29026
or at the CVS code, as the docs/plugins.txt. I recommend
getting the text file, as displayed as HTML it's a bit
chaotic.

The document covers only the very basics, I hope to
improve it in the next weeks with your help, please post
any doubts/requests/modifications you may come up with
:) Btw, if you want to try and write a plugin, note that
the specifications will (most probably) change, so I
wouldn't get too much into it, at least till the
document hasn't been completed.

As I added the plugin vulnerabiliy reporting capability,
I updated the functionality of the internal webserver to
display vulnerability information, still very basic but
worth giving it a try. Of course the old functionality
is still there, but I feel the plugin/XML/vulnerability
thingie will be the way to go, as it opens a new world
of vulnerability research, by automating tedious tasks
while auditing web servers.

Performance is not really great, but considering all the
stuff it does in the background, I'm satisfied with it
at the moment. Any ideas on how to improve performance
is welcome :)

Check the changelog for more info.

Cheers,

Lluis Mora  ll...@gi...
.

Re: [httpush-devel] (no subject)

[Lluis M. <ll...@gi...>]

Hi Jason,

Quoting ja...@li...:

> Hey all,
>
> I've been using httpush with mostly success for about
3 months I
> guess (just about since release date).  I had to do
minor dorking to
> get it working ok under netscape (disable ssl v3
support and comment
> out some of the cookie code).  Just noticed this new 

I'd like to know if you had to do any modifications to
Netscape in order to get the CVS httpush to work for
you, I had to change nothing on NEtscape 4.7, export
version, but any problem reports will be welcome :)


> fixed but -f logging has been removed.  Are there
plans to readd or
> is help needed for this?

The "-f" is gone for good and won't come back :) but...

The new version uses the "data/" directory for logging.
It's no longer a plain text file where you can review
the requests made, but a few XML files that are rather
uninteligible without the proper parsing. In order to
review the requests (and responses, which are now
logged), give the internal webserver a try, just point
your browser to the ip and port where you are running
httpush, e.h. http://127.0.0.1:8080/ and check the
Audited Sites link. Sites you have visited using the
proxy are displayed and some (very basic) information on
them can be obtained by clicking on the server name. The
plus sign to the left of the site will lead you to the
directory/pages/requests section, where you can see an
overview of the site structure and view the raw request
and response data. This is much more powerful than it
used to be, though till the time where plugins are in
place not a lot of functionality apart from reviewing
requests is provided. I hope to improve this soon :)

Once the plugin specifications are in place and the code
is finished, my idea is to offer users the ability to
write their own plugins that will interact with HTTPush,
so that e.g. when a new directory is found, a plugin
could be called in order to make operations on that
directory, such as trying to get a directory listing,
etc.

Also, reporting plugins need to be written, I can
imagine one could be written to create a "-f"-like file
from the XML data, something not that difficult, and
that at least two persons have already requested :)
Personally i'm much more interested in a reporting
plugin that will output a report on server-wide
security, including directory structures +
vulnerabilities found in it, which is already taken into
account in the DTD (check the httpush.dtd file in the
CVS).

It's just a matter of time, there is plenty to do, and
there will be work for everybody when the plugins are in
place :)

Cheers, and thanks for your email,

Lluis Mora
.

[httpush-devel] (no subject)

[<ja...@li...>]

Hey all,

I've been using httpush with mostly success for about 3 months I 
guess (just about since release date).  I had to do minor dorking to 
get it working ok under netscape (disable ssl v3 support and comment 
out some of the cookie code).  Just noticed this new version (and 
that it's on sourceforge) tonight and see that some cookie stuff is 
fixed but -f logging has been removed.  Are there plans to readd or 
is help needed for this?

J

[httpush-devel] A few improvements

[Lluis M. <ll...@gi...>]

Hi all,

I've just commited the latest version of the code to the
CVS.

Amongst the improvements are:

- Full directory/requests browsing/reviewing pages. Just
go to the "Audited Sites" link on the built-in server
page and browse through the information. It looks good
on Netscape 4.7 and Lynx, any feedback on other browsers
appreciated :) Browsing through the data is quite slow,
as for every new request the server XML file has to be
parsed.

- Added a first attempt at pre-forked request handlers,
in order to get some extra speed when processing
requests, though at the moment a problem (bug?) with
flocking IO::Socket handles is making the code useless.

Hopefully next week I'll be putting some work on the
much needed plugin interface, which I believe will make
a difference on the functionality of HTTPush. I'll be
posting my ideas for the plugin API early next week so
we can all discuss them.

Cheers,

Lluis	ll...@s2...
.

[httpush-devel] New member

[rpinuaga <rpi...@s2...>]

Hoooooooooola httpush-devel,

   Well, lets start :)

-- 
Saludos,
 rpinuaga                          mailto:rpi...@s2...