Ejemplo n.º 1
0
function dvwaPhpIdsTrap()
{
    try {
        $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
        $init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
        $init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
        $init->config['General']['use_base_path'] = true;
        $init->config['Caching']['caching'] = 'none';
        // 2. Initiate the PHPIDS and fetch the results
        $ids = new IDS_Monitor($request, $init);
        $result = $ids->run();
        if (!$result->isEmpty()) {
            require_once 'IDS/Log/File.php';
            require_once 'IDS/Log/Composite.php';
            $compositeLog = new IDS_Log_Composite();
            $compositeLog->addLogger(IDS_Log_File::getInstance($init));
            $compositeLog->execute($result);
            echo 'Hacking attempt detected and logged.';
            //echo $result;
            exit;
        }
    } catch (Exception $e) {
        /*
         * something went terribly wrong - maybe the
         * filter rules weren't found?
         */
        printf('An error occured: %s', $e->getMessage());
    }
}
Ejemplo n.º 2
0
function dvwaPhpIdsTrap()
{
    global $_DVWA;
    try {
        /*
         * 1. Define what to scan
         * Please keep in mind what array_merge does and how this might interfer
         * with your variables_order settings
         */
        $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
        $init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
        $init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
        $init->config['General']['use_base_path'] = true;
        $init->config['Caching']['caching'] = 'none';
        // 2. Initiate the PHPIDS and fetch the results
        $ids = new IDS_Monitor($request, $init);
        $result = $ids->run();
        if (!$result->isEmpty()) {
            require_once 'IDS/Log/File.php';
            require_once 'IDS/Log/Composite.php';
            $compositeLog = new IDS_Log_Composite();
            $compositeLog->addLogger(IDS_Log_File::getInstance($init));
            $compositeLog->execute($result);
            echo 'Hacking attempt detected and logged.<br />Have a nice day.';
            if ($_DVWA['default_phpids_verbose'] == 'true') {
                echo $result;
            }
            exit;
        }
    } catch (Exception $e) {
        // Something went terribly wrong - maybe the filter rules weren't found?
        printf('An error occured: %s', $e->getMessage());
    }
}
Ejemplo n.º 3
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $req = array('GET' => $request->getQuery(), 'POST' => $request->getPost(), 'COOKIE' => $request->getCookie(), 'PARAMS' => $request->getUserParams());
     $init = IDS_Init::init(APPLICATION_PATH . '/configs/phpids.ini');
     $ids = new IDS_Monitor($req, $init);
     $result = $ids->run();
     if (!$result->isEmpty()) {
         $compositeLog = new IDS_Log_Composite();
         $compositeLog->addLogger(IDS_Log_File::getInstance($init));
         $compositeLog->execute($result);
     }
 }
Ejemplo n.º 4
0
  * In the result object you will find any suspicious
  * fields of the passed array enriched with additional info
  *
  * Note: it is moreover possible to dump this information by
  * simply echoing the result object, since IDS_Report implemented
  * a __toString method.
  */
 if (!$result->isEmpty()) {
     //		echo $result;
     /*
      * The following steps are optional to log the results
      */
     require_once 'IDS/Log/File.php';
     require_once 'IDS/Log/Composite.php';
     $compositeLog = new IDS_Log_Composite();
     $compositeLog->addLogger(IDS_Log_File::getInstance($init));
     /*
      * Note that you might also use different logging facilities
      * such as IDS_Log_Email or IDS_Log_Database
      *
      * Just uncomment the following lines to test the wrappers
      */
     /*
     *
     require_once 'IDS/Log/Email.php';
     require_once 'IDS/Log/Database.php';
     
     $compositeLog->addLogger(
     	IDS_Log_Email::getInstance($init),
     	IDS_Log_Database::getInstance($init)
     );
Ejemplo n.º 5
0
$ids_init->config['General']['base_path'] = TM_INCLUDEPATH . '/phpids/lib/IDS/';
$ids_init->config['General']['use_base_path'] = true;
#$ids_init->config['General']['use_base_path'] = false;
$ids_init->config['General']['html'] = array("POST.summary", "POST.body", "POST.body_text", "POST.subject", "POST.message_doptin", "POST.message_greeting", "POST.message_update", "POST.content");
$ids_init->config['General']['exceptions'] = array("POST.summary", "POST.body", "POST.body_text", "POST.subject", "POST.message_doptin", "POST.message_greeting", "POST.message_update", "POST.content", "REQUEST.summary", "REQUEST.body", "REQUEST.body_text", "REQUEST.subject", "REQUEST.message_doptin", "REQUEST.message_greeting", "REQUEST.message_update", "REQUEST.content");
$ids_init->config['Caching']['caching'] = 'file';
//none
$ids_init->config['Caching']['expiration_time'] = 600;
$ids_init->config['Caching']['path'] = "../../../../admin/tmp/phpids.cache";
$ids_init->config['Logging']['path'] = "../../../../admin/tmp/phpids.log";
#$ids_init->config['Caching']['path'] =TM_INCLUDEPATH."/../admin/tmp/phpids.cache";
#$ids_init->config['Logging']['path'] =TM_INCLUDEPATH."/../admin/tmp/phpids.log";
$ids = new IDS_Monitor($ids_request, $ids_init);
$ids_result = $ids->run();
if (!$ids_result->isEmpty()) {
    /*
     * The following steps are optional to log the results
     */
    require_once 'IDS/Log/File.php';
    require_once 'IDS/Log/Email.php';
    require_once 'IDS/Log/Composite.php';
    #require_once (TM_INCLUDEPATH.'/phpids/lib/IDS/Log/File.php');
    #require_once (TM_INCLUDEPATH.'/phpids/lib/IDS/Log/Email.php');
    #require_once (TM_INCLUDEPATH.'/phpids/lib/IDS/Log/Comopsite.php');
    $compositeLog = new IDS_Log_Composite();
    $compositeLog->addLogger(IDS_Log_File::getInstance($ids_init), IDS_Log_Email::getInstance($ids_init));
    $compositeLog->execute($ids_result);
    #if (DEBUG) echo $ids_result;
    $_MAIN_MESSAGE .= "<h1>PHPIDS Intrusion detection:</h1>";
    $_MAIN_MESSAGE .= "<pre><font size=1 color=\"red\">" . $ids_result . "</font></pre>";
}
Ejemplo n.º 6
0
 public function processIDS()
 {
     /**
      * PHPIDS
      * Requirements: PHP5, SimpleXML
      *
      * Copyright (c) 2010 PHPIDS group (http://php-ids.org)
      *
      * This program is free software; you can redistribute it and/or modify
      * it under the terms of the GNU General Public License as published by
      * the Free Software Foundation; version 2 of the license.
      *
      * This program is distributed in the hope that it will be useful,
      * but WITHOUT ANY WARRANTY; without even the implied warranty of
      * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      * GNU General Public License for more details.
      */
     // set the include path properly for PHPIDS
     set_include_path(get_include_path() . PATH_SEPARATOR . 'IDS/lib/');
     if (!session_id()) {
         session_start();
     }
     require_once 'IDS/Init.php';
     try {
         /*
          * It's pretty easy to get the PHPIDS running
          * 1. Define what to scan
          * 
          * Please keep in mind what array_merge does and how this might interfer 
          * with your variables_order settings
          */
         $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
         $init = IDS_Init::init(dirname(__FILE__) . '/IDS/Config/Config.ini.php');
         /**
          * You can also reset the whole configuration
          * array or merge in own data
          *
          * This usage doesn't overwrite already existing values
          * $config->setConfig(array('General' => array('filter_type' => 'xml')));
          *
          * This does (see 2nd parameter)
          * $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
          *
          * or you can access the config directly like here:
          */
         $init->config['General']['base_path'] = dirname(__FILE__) . '/IDS/';
         $init->config['General']['use_base_path'] = true;
         $init->config['Caching']['caching'] = 'none';
         // 2. Initiate the PHPIDS and fetch the results
         $ids = new IDS_Monitor($request, $init);
         $result = $ids->run();
         /*
          * That's it - now you can analyze the results:
          *
          * In the result object you will find any suspicious
          * fields of the passed array enriched with additional info
          *
          * Note: it is moreover possible to dump this information by
          * simply echoing the result object, since IDS_Report implemented
          * a __toString method.
          */
         if (!$result->isEmpty()) {
             // echo $result;
             Yii::log($result, 'warning', 'application.components.ids');
             /*
              * The following steps are optional to log the results
              */
             require_once 'IDS/Log/File.php';
             require_once 'IDS/Log/Composite.php';
             $compositeLog = new IDS_Log_Composite();
             $compositeLog->addLogger(IDS_Log_File::getInstance($init));
             /*
              * Note that you might also use different logging facilities
              * such as IDS_Log_Email or IDS_Log_Database
              *
              * Just uncomment the following lines to test the wrappers
              */
             /*
             *
             require_once 'IDS/Log/Email.php';
             require_once 'IDS/Log/Database.php';
             
             $compositeLog->addLogger(
                 IDS_Log_Email::getInstance($init),
                 IDS_Log_Database::getInstance($init)
             );
             */
             $compositeLog->execute($result);
             if ($this->callback !== NULL) {
                 call_user_func($this->callback);
             } else {
                 throw new CHttpException(500, $this->genericMessage);
             }
         } else {
             // echo '<a href="?test=%22><script>eval(window.name)</script>">No attack detected - click for an example attack</a>';
         }
     } catch (Exception $e) {
         /*
          * sth went terribly wrong - maybe the
          * filter rules weren't found?
          */
         /*printf(
               'An error occured: %s',
               $e->getMessage()
           );*/
         Yii::log($e->getMessage(), 'warning', 'application.components.ids');
         throw new CHttpException(500, $this->genericMessage);
     }
 }