Ad-hoc patches to https://github.com/miau/watobo-patched

increment_user_id.patch

diff --git a/lib/watobo/core/session.rb b/lib/watobo/core/session.rb
index c7c1eeb..037a2ed 100644
--- a/lib/watobo/core/session.rb
+++ b/lib/watobo/core/session.rb
@@ -19,6 +19,7 @@
 # along with WATOBO; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 # .
+@@user_id = 1
 module Watobo
     
 
@@ -1237,6 +1238,19 @@ end
 
       def updateSession(request)
         @@session_lock.synchronize do
+          user_id_found = false
+          request.map!{ |line|
+            if line.match(/pentest0(?!\d)/)
+              puts "*" * 40
+              puts "=UPDATE user_id"
+              unless user_id_found
+                @@user_id += 1
+                user_id_found = true
+              end
+              line.gsub!(/pentest0(?!\d)/, "pentest#{@@user_id}")
+            end
+            line
+          }
           if @session[:valid_sids].has_key?(request.host)
             valid_sids = @session[:valid_sids][request.host] 
             puts "* found sid for site: #{request.site}" if $DEBUG

print_response.patch

diff --git a/lib/watobo/core/session.rb b/lib/watobo/core/session.rb
index 037a2ed..0258b48 100644
--- a/lib/watobo/core/session.rb
+++ b/lib/watobo/core/session.rb
@@ -180,6 +180,7 @@ include Watobo::Constants
                 
                 data = request.join + "\r\n"
                 unless socket.nil?
+                  puts data if $DEBUG
                   socket.print data
                   response_header = readHTTPHeader(socket, current_prefs)
                 end
@@ -243,6 +244,7 @@ include Watobo::Constants
               data << "\r\n" unless request.has_body?
               
               unless socket.nil?                
+                puts data if $DEBUG
                 socket.print data
              #   if socket.is_a? OpenSSL::SSL::SSLSocket
              #     socket.io.shutdown(0)
@@ -329,9 +331,9 @@ include Watobo::Constants
               updateCSRFToken(csrf_cache, copy)
               socket, csrf_request, csrf_response = sendHTTPRequest(copy, opts)
               next if socket.nil?
-            #  puts "= Response Headers:"
-            #  puts csrf_response
-            #  puts "==="
+              puts "= Response Headers:"
+              puts csrf_response
+              puts "==="
               update_sids(csrf_request.host, csrf_response.headers)
               next if socket.nil?
               #  p "*"
@@ -564,6 +566,7 @@ end
       end
           
           data = auth_request.join + "\r\n"
+          puts data if $DEBUG
           socket.print data
           
       puts "-----------------" if $DEBUG
@@ -638,7 +641,7 @@ end
 
           if $DEBUG
             puts "= NTLM Type 3 ="
-            puts data
+            puts data if $DEBUG
           end
           socket.print data
 
@@ -770,6 +773,7 @@ end
               end
               data = request.join + "\r\n"
 
+              puts data if $DEBUG
               tcp_socket.print data
               #  puts "-----------------"
               cl = 0
@@ -818,7 +822,7 @@ end
               data = request.join + "\r\n"
               if $DEBUG
                puts "============= T3 ======================="
-               puts data
+               puts data if $DEBUG
                puts "---"
               end
 
@@ -848,6 +852,7 @@ end
 
           # Start ProxyConnect Without Authentication
           data = request.join + "\r\n"
+          puts data if $DEBUG
           tcp_socket.print data
           # puts "-----------------"
 
@@ -898,6 +903,7 @@ end
         #    puts auth_request
         data = request.join + "\r\n"
 
+        puts data if $DEBUG
         tcp_socket.print data
         #  puts "-----------------"
         response_header = readHTTPHeader(tcp_socket)
@@ -946,6 +952,7 @@ end
         # puts request
         # puts "------------------------"
         data = request.join + "\r\n"
+        puts data if $DEBUG
         tcp_socket.print data
 
         response_header = readHTTPHeader(tcp_socket)
@@ -1036,6 +1043,7 @@ end
           else
             data = auth_request.join + "\r\n"
 
+            puts data if $DEBUG
             tcp_socket.print data
 
             response_header = readHTTPHeader(tcp_socket)
@@ -1165,9 +1173,9 @@ end
           #   site = request.site
           @@csrf_lock.synchronize do
             response.each do |line|
-              # puts line
+              puts line if $DEBUG
               @session[:csrf_patterns].each do |pat|
-                puts pat if $DEBUG
+                # puts pat if $DEBUG
                 if line =~ /#{pat}/i then
                   token_key = Regexp.quote($1.upcase)
                   token_value = $2

Ad-hoc patchs to https://github.com/miau/watobo-patched

• increment_user_id.patch
  • useful to scan a registration flow that checks uniqueness of parameters
  • replace "pentest0" with "pentest1", "pentest2", ... at each request
• print_response.patch
  • enable to print response if $DEBUG is set
  • you can set $DEBUG executing watobo like RUBY_OPT=-d watobo_gui.rb