Proxy support

emba

@@ -418,6 +418,20 @@ main() {
     source "${EXT_DIR}/emba_venv/bin/activate"
   fi
 
+  # EMBA should be started with "sudo -E" to access the proxy settings from the user
+  export PROXY_SETTINGS=""
+  PROXY_SETTINGS="$(env | grep "http_proxy=http" | cut -d = -f2 | sort -u | head -1)"
+  if [[ -n "${PROXY_SETTINGS}" ]]; then
+    # 2nd try with the original user:
+    PROXY_SETTINGS="$(sudo -E -u "${SUDO_USER:-${USER}}" env | grep -E "http_proxy=http" | cut -d = -f2 | sort -u | head -1)"
+  else
+    if [[ -f "${LOG_DIR}"/orig_user.log ]]; then
+      if grep -q "PROXY: http" "${LOG_DIR}"/orig_user.log; then
+        PROXY_SETTINGS="$(grep "PROXY: http" "${LOG_DIR}"/orig_user.log | awk '{print $2}')"
+      fi
+    fi
+  fi
+
   # Check all dependencies of EMBA
   dependency_check
 

helpers/helpers_emba_dependency_check.sh

@@ -203,9 +203,17 @@ dependency_check()
   ## Quest Container
   #######################################################################################
   print_output "[*] Network connection:" "no_log"
+
+
   if [[ "${CONTAINER_NUMBER}" -ne 1 ]]; then
     print_output "    Internet connection - \\c" "no_log"
-    # if ! ping 8.8.8.8 -q -c 1 -W 1 &>/dev/null ; then
+
+    if [[ -n "${PROXY_SETTINGS}" ]]; then
+      export http_proxy="${PROXY_SETTINGS}"
+      export https_proxy="${PROXY_SETTINGS}"
+      print_output "[*] Info: Proxy settings detected: ${ORANGE}${PROXY_SETTINGS}${NC}" "no_log"
+    fi
+
     if ! curl -Is https://www.google.com &>/dev/null ; then
       echo -e "$RED""not ok""$NC"
       print_output "[-] Warning: Quest container has no internet connection!" "no_log"

modules/L15_emulated_checks_nmap.sh

@@ -80,8 +80,8 @@ check_live_nmap_basic() {
   print_ln
 
   # extract only the service details from gnmap output file:
-  mapfile -t NMAP_SERVICES < <(grep "open" "$LOG_PATH_MODULE"/*.gnmap | cut -d: -f2- | sed s/'\t'/'\n\t'/g | sed s/'\/, '/'\n\t\t'/g | sed s/'Ports: '/'Ports:\n\t\t'/g | grep -v "/closed/\|filtered/" | grep -v "Host: \|Ports:\|Ignored State:\|OS: \|Seq Index: \|Status: \|IP ID Seq: \|^# " | sed 's/^[[:blank:]].*\/\///' | sed 's/\/$//g'| sort -u || true)
-  mapfile -t NMAP_PORTS_SERVICES < <(grep "open" "$LOG_PATH_MODULE"/*.nmap | cut -d: -f2- | awk '{print $1,$3}' | grep "[0-9]" | sort -u || true)
+  mapfile -t NMAP_SERVICES < <(grep -a "open" "$LOG_PATH_MODULE"/*.gnmap | cut -d: -f2- | sed s/'\t'/'\n\t'/g | sed s/'\/, '/'\n\t\t'/g | sed s/'Ports: '/'Ports:\n\t\t'/g | grep -v "/closed/\|filtered/" | grep -v "Host: \|Ports:\|Ignored State:\|OS: \|Seq Index: \|Status: \|IP ID Seq: \|^# " | sed 's/^[[:blank:]].*\/\///' | sed 's/\/$//g'| sort -u || true)
+  mapfile -t NMAP_PORTS_SERVICES < <(grep -a "open" "$LOG_PATH_MODULE"/*.nmap | cut -d: -f2- | awk '{print $1,$3}' | grep "[0-9]" | sort -u || true)
   # extract cpe information like the following:
   # Service Info: OS: Linux; Device: WAP; CPE: cpe:/h:dlink:dir-300:2.14, cpe:/o:linux:linux_kernel, cpe:/h:d-link:dir-300
   mapfile -t NMAP_CPE_DETECTION < <(grep -ah "Service Info: " "$LOG_PATH_MODULE"/*.nmap | grep -a "CPE: .*" | sort -u || true)

modules/L22_upnp_hnap_checks.sh

@@ -120,16 +120,16 @@ check_basic_hnap_jnap() {
       JNAP_ACTION="X-JNAP-Action: http://cisco.com/jnap/core/GetDeviceInfo"
       if [[ "$SSL" -eq 0 ]]; then
         # HNAP
-        curl -v -L --max-redir 0 -f -m 5 -s -X GET http://"${IP_ADDRESS_}":"${PORT}"/HNAP/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
-        curl -v -L --max-redir 0 -f -m 5 -s -X GET http://"${IP_ADDRESS_}":"${PORT}"/HNAP1/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
+        curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET http://"${IP_ADDRESS_}":"${PORT}"/HNAP/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
+        curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET http://"${IP_ADDRESS_}":"${PORT}"/HNAP1/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
         # JNAP
-        curl -v -L --max-redir 0 -f -m 5 -s -X POST -H "${JNAP_ACTION}" -d "{}" http://"${IP_ADDRESS_}":"${PORT}"/JNAP/ >> "$LOG_PATH_MODULE"/jnap-discovery-check.txt || true
+        curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X POST -H "${JNAP_ACTION}" -d "{}" http://"${IP_ADDRESS_}":"${PORT}"/JNAP/ >> "$LOG_PATH_MODULE"/jnap-discovery-check.txt || true
       else
         # HNAP - SSL
-        curl -v -L --max-redir 0 -f -m 5 -s -X GET https://"${IP_ADDRESS_}":"${PORT}"/HNAP/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
-        curl -v -L --max-redir 0 -f -m 5 -s -X GET https://"${IP_ADDRESS_}":"${PORT}"/HNAP1/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
+        curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET https://"${IP_ADDRESS_}":"${PORT}"/HNAP/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
+        curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET https://"${IP_ADDRESS_}":"${PORT}"/HNAP1/ >> "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true
         # JNAP - SSL
-        curl -v -L --max-redir 0 -f -m 5 -s -X POST -H "${JNAP_ACTION}" -d "{}" https://"${IP_ADDRESS_}":"${PORT}"/JNAP/ >> "$LOG_PATH_MODULE"/jnap-discovery-check.txt || true
+        curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X POST -H "${JNAP_ACTION}" -d "{}" https://"${IP_ADDRESS_}":"${PORT}"/JNAP/ >> "$LOG_PATH_MODULE"/jnap-discovery-check.txt || true
       fi
 
       if [[ -s "$LOG_PATH_MODULE"/hnap-discovery-check.txt ]]; then
@@ -183,7 +183,7 @@ check_jnap_access() {
 
   for SYSINFO_CGI in "${SYSINFO_CGI_ARR[@]}"; do
     print_output "[*] Testing for sysinfo.cgi" "no_log"
-    curl -v -L --max-redir 0 -f -m 5 -s -X GET http://"${IP_ADDRESS_}":"${PORT}"/"${SYSINFO_CGI}" > "${LOG_PATH_MODULE}"/JNAP_"${SYSINFO_CGI}".log || true
+    curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET http://"${IP_ADDRESS_}":"${PORT}"/"${SYSINFO_CGI}" > "${LOG_PATH_MODULE}"/JNAP_"${SYSINFO_CGI}".log || true
 
     if grep -q "wl0_ssid=\|wl1_ssid=\|wl0_passphrase=\|wl1_passphrase=\|wps_pin=\|default_passphrase=" "${LOG_PATH_MODULE}"/JNAP_"${SYSINFO_CGI}".log; then
       print_output "[+] Found sensitive information in sysinfo.cgi - see https://korelogic.com/Resources/Advisories/KL-001-2015-006.txt:"
@@ -196,7 +196,7 @@ check_jnap_access() {
     JNAP_EPT_NAME="$(echo "${JNAP_EPT}" | rev | cut -d '/' -f1 | rev)"
     JNAP_ACTION="X-JNAP-Action: ${JNAP_EPT}"
     DATA="{}"
-    curl -v -L --max-redir 0 -f -m 5 -s -X POST -H "${JNAP_ACTION}" -d "${DATA}" http://"${IP_ADDRESS_}":"${PORT}"/JNAP/ > "${LOG_PATH_MODULE}"/JNAP_"${JNAP_EPT_NAME}".log || true
+    curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X POST -H "${JNAP_ACTION}" -d "${DATA}" http://"${IP_ADDRESS_}":"${PORT}"/JNAP/ > "${LOG_PATH_MODULE}"/JNAP_"${JNAP_EPT_NAME}".log || true
 
     if [[ -s "${LOG_PATH_MODULE}"/JNAP_"${JNAP_EPT_NAME}".log ]]; then
       if grep -q "_ErrorUnauthorized" "${LOG_PATH_MODULE}"/JNAP_"${JNAP_EPT_NAME}".log; then

modules/L25_web_checks.sh

@@ -189,23 +189,23 @@ check_for_basic_auth_init() {
     disable_strict_mode 1
     print_output "[*] Web server with basic auth protected ... performing login attempt"
     # basic auth from nmap found
-    curl -v -L --max-redir 0 -f -m 5 -s -X GET http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
+    curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
     CURL_RET="$?"
 
     # if authentication required, we try user "admin" without password and "admin":"password"
     if [[ "$CURL_RET" == 22 ]]; then
       local CREDS="admin:"
-      curl -v -L --max-redir 0 -f -m 5 -s -X GET -u "${CREDS}" http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
+      curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET -u "${CREDS}" http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
       local CURL_RET="$?"
     fi
     if [[ "$CURL_RET" == 22 ]]; then
       local CREDS="user:"
-      curl -v -L --max-redir 0 -f -m 5 -s -X GET -u "${CREDS}" http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
+      curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET -u "${CREDS}" http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
       local CURL_RET="$?"
     fi
     if [[ "$CURL_RET" == 22 ]]; then
       local CREDS="admin:password"
-      curl -v -L --max-redir 0 -f -m 5 -s -X GET -u "${CREDS}" http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
+      curl -v -L --noproxy '*' --max-redir 0 -f -m 5 -s -X GET -u "${CREDS}" http://"${IP_}"/ 2> >(tee -a "$LOG_FILE")
       local CURL_RET="$?"
     fi
     enable_strict_mode 1
@@ -283,7 +283,7 @@ web_access_crawler() {
   local WEB_DIR_L1=""
   local WEB_DIR_L2=""
   local WEB_DIR_L3=""
-  local CURL_OPTS=( -sS )
+  local CURL_OPTS=( -sS --noproxy '*' )
   [[ -v CURL_CREDS ]] && local CURL_OPTS+=( "${CURL_CREDS}" )
   local CRAWLED_ARR=()
   local CURL_RET=""
@@ -298,6 +298,7 @@ web_access_crawler() {
   sub_module_title "Starting web server crawling for $ORANGE$IP_:$PORT$NC"
   print_ln
 
+  disable_strict_mode "${STRICT_MODE}" 0
   # the refernce size is used for identifying incorrect 200 ok results
   CURL_RET=$(timeout --preserve-status --signal SIGINT 2 curl "${CURL_OPTS[@]}" "$PROTO""://""$IP_":"$PORT_""/EMBA/""$RANDOM""/""$RANDOM"."$RANDOM" -o /dev/null -w '%{http_code}:%{size_download}')
   CURL_RET_CODE="$(echo "${CURL_RET}" | cut -d: -f1 || true)"
@@ -313,7 +314,6 @@ web_access_crawler() {
 
   local HOME_=""
   HOME_=$(pwd)
-  disable_strict_mode "${STRICT_MODE}" 0
   for R_PATH in "${ROOT_PATH[@]}" ; do
     # we need files and links (for cgi files)
     cd "${R_PATH}" || exit 1