def createRequest(self, operation, request, outgoingData = None):
reply = None
try:
requestUrl = request.url()
scheme = str(requestUrl.scheme())
if scheme in ('data', 'about', 'javascript'):
reply = QNetworkAccessManager.createRequest(self, operation, request, outgoingData)
elif scheme in ('http', 'https'):
url = requestUrl.toEncoded().data().decode('utf-8')
url_response = None
if url in self.request_lookaside:
url_response = self.request_lookaside[url]
else:
responses = []
for row in self.Data.read_responses_by_url(self.cursor, url):
responseItems = interface.data_row_to_response_items(row)
response_length = str(responseItems[ResponsesTable.RES_LENGTH])
if response_length and int(response_length) > 0 and str(responseItems[ResponsesTable.STATUS]).startswith('2'):
responses.append(responseItems)
if len(responses) > 0:
url_response = responses[-1]
# TODO: implement max size limit
self.request_lookaside[url] = url_response
if not url_response:
# try again, with base url
if '?' in url:
base_url = url[0:url.index('?')]
else:
base_url = url
for row in self.Data.read_responses_starting_with_url(self.cursor, base_url):
responseItems = interface.data_row_to_response_items(row)
response_length = str(responseItems[ResponsesTable.RES_LENGTH])
if response_length and int(response_length) > 0 and str(responseItems[ResponsesTable.STATUS]).startswith('2'):
responses.append(responseItems)
if len(responses) > 0:
url_response = responses[-1]
self.request_lookaside[url] = url_response
if url_response:
reply = CustomNetworkReply(self, requestUrl, url_response[ResponsesTable.RES_HEADERS], url_response[ResponsesTable.RES_DATA])
except Exception as error:
self.framework.report_implementation_error(error)
if not reply:
# must always return reply
request.setUrl(QUrl('about:blank'))
reply = QNetworkAccessManager.createRequest(self, operation, request, outgoingData)
return reply
def tester_populate_click_jacking(self, response_id):
row = self.Data.read_responses_by_id(self.cursor, response_id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
self.setup_clickjacking_url(url)
def fill_by_row(self, row):
responseItems = interface.data_row_to_response_items(row)
rr = RequestResponse(self.framework)
rr.Id = responseItems[ResponsesTable.ID]
rr.responseUrl = responseItems[ResponsesTable.URL]
rr.requestHeaders = responseItems[ResponsesTable.REQ_HEADERS]
rr.requestBody = responseItems[ResponsesTable.REQ_DATA]
rr.responseHeaders = responseItems[ResponsesTable.RES_HEADERS]
rr.responseBody = responseItems[ResponsesTable.RES_DATA]
rr.responseContentType = responseItems[ResponsesTable.RES_CONTENT_TYPE]
rr.requestHost = responseItems[ResponsesTable.REQ_HOST]
rr.responseStatus = responseItems[ResponsesTable.STATUS]
rr.responseHash = responseItems[ResponsesTable.RES_DATA_HASHVAL]
rr.requestHash = responseItems[ResponsesTable.REQ_DATA_HASHVAL]
rr.requestTime = responseItems[ResponsesTable.REQTIME]
rr.requestDate = responseItems[ResponsesTable.REQDATE]
rr.notes = responseItems[ResponsesTable.NOTES]
rr.confirmed = responseItems[ResponsesTable.CONFIRMED]
if not rr.responseContentType:
# TODO: fix this to use better algorithm
rr.responseContentType = 'text/html'
rr.contentType, rr.charset = self.contentExtractor.parseContentType(
rr.responseContentType)
rr.baseType = self.contentExtractor.getBaseType(rr.contentType)
return rr
def fill_by_row(self, row):
responseItems = interface.data_row_to_response_items(row)
rr = RequestResponse(self.framework)
rr.Id = responseItems[ResponsesTable.ID]
rr.responseUrl = responseItems[ResponsesTable.URL]
rr.requestHeaders = responseItems[ResponsesTable.REQ_HEADERS]
rr.requestBody = responseItems[ResponsesTable.REQ_DATA]
rr.responseHeaders = responseItems[ResponsesTable.RES_HEADERS]
rr.responseBody = responseItems[ResponsesTable.RES_DATA]
rr.responseContentType = responseItems[ResponsesTable.RES_CONTENT_TYPE]
rr.requestHost = responseItems[ResponsesTable.REQ_HOST]
rr.responseStatus = responseItems[ResponsesTable.STATUS]
rr.responseHash = responseItems[ResponsesTable.RES_DATA_HASHVAL]
rr.requestHash = responseItems[ResponsesTable.REQ_DATA_HASHVAL]
rr.requestTime = responseItems[ResponsesTable.REQTIME]
rr.requestDate = responseItems[ResponsesTable.REQDATE]
rr.notes = responseItems[ResponsesTable.NOTES]
rr.confirmed = responseItems[ResponsesTable.CONFIRMED]
if not rr.responseContentType:
# TODO: fix this to use better algorithm
rr.responseContentType = 'text/html'
rr.contentType, rr.charset = self.contentExtractor.parseContentType(rr.responseContentType)
rr.baseType = self.contentExtractor.getBaseType(rr.contentType)
return rr
def get_next_fuzz_item(self):
self.qlock.lock()
locked = True
fuzz_item = None
try:
data_item = self.queueDataModel.popleft_data()
if not data_item:
self.keep_fuzzing = False
return
fuzz_id = data_item[DomFuzzerQueueTable.ID]
row = self.Data.read_responses_by_id(
self.read_cursor, data_item[DomFuzzerQueueTable.RESPONSE_ID])
if not row:
self.framework.log_warning('missing response id: %s' %
(response_id))
return
responseItems = interface.data_row_to_response_items(row)
target_url = self.compute_url_from_payload(data_item)
qurl = QUrl.fromEncoded(target_url)
dataContent = responseItems[ResponsesTable.RES_DATA]
# TODO: store reference
fuzz_item = (fuzz_id, dataContent, qurl)
self.qlock.unlock()
locked = False
finally:
if locked:
self.qlock.unlock()
return fuzz_item
def bulk_requester_populate_responses(self, id_list):
url_list = []
first = True
for Id in id_list:
row = self.Data.read_responses_by_id(self.cursor, Id)
if not row:
continue
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
if url not in url_list:
url_list.append(url)
if first:
method, url, template_text = self.generate_template_for_response_item(
responseItems)
self.set_combo_box_text(self.mainWindow.bulkRequestMethodEdit,
method.upper())
self.mainWindow.bulkRequestTemplateEdit.setPlainText(
template_text)
first = False
self.mainWindow.bulkRequestUrlListEdit.setPlainText(
'\n'.join(url_list))
def requester_bulk_response_received(self, response_id, context):
self.mainWindow.bulkRequestProgressBar.setValue(
self.mainWindow.bulkRequestProgressBar.value() + 1)
context = str(context)
if self.pending_bulk_requests is not None:
try:
self.pending_bulk_requests.pop(context)
except KeyError as e:
pass
if 0 != response_id:
row = self.Data.read_responses_by_id(self.cursor, response_id)
if row:
response_item = interface.data_row_to_response_items(row)
self.Data.insert_requester_history(self.cursor, response_id)
self.requesterHistoryDataModel.append_data([response_item])
finished = False
if self.pending_bulk_requests is None or len(
self.pending_bulk_requests) == 0:
self.mainWindow.bulkRequestProgressBar.setValue(
self.mainWindow.bulkRequestProgressBar.maximum())
finished = True
elif self.mainWindow.bulkRequestProgressBar.value(
) == self.mainWindow.bulkRequestProgressBar.maximum():
finished = True
if finished:
self.mainWindow.bulkRequestPushButton.setText('Send')
def tester_populate_click_jacking(self, response_id):
row = self.Data.read_responses_by_id(self.cursor, response_id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
self.setup_clickjacking_url(url)
def get_next_fuzz_item(self):
self.qlock.lock()
locked = True
fuzz_item = None
try:
data_item = self.queueDataModel.popleft_data()
if not data_item:
self.keep_fuzzing = False
return
fuzz_id = data_item[DomFuzzerQueueTable.ID]
row = self.Data.read_responses_by_id(self.read_cursor, data_item[DomFuzzerQueueTable.RESPONSE_ID])
if not row:
self.framework.log_warning('missing response id: %s' % (response_id))
return
responseItems = interface.data_row_to_response_items(row)
target_url = self.compute_url_from_payload(data_item)
qurl = QUrl.fromEncoded(target_url)
dataContent = responseItems[ResponsesTable.RES_DATA]
# TODO: store reference
fuzz_item = (fuzz_id, dataContent, qurl)
self.qlock.unlock()
locked = False
finally:
if locked:
self.qlock.unlock()
return fuzz_item
def performSearchHandler(self):
text = self.searchCriteria.text
options = self.searchCriteria.options
locations = self.searchCriteria.locations
self.reqheaders = locations['RequestHeaders']
self.reqbody = locations['RequestBody']
self.resheaders = locations['ResponseHeaders']
self.resbody = locations['ResponseBody']
self.requrl = locations['RequestUrl']
self.notes = locations['AnalystNotes']
caseSensitive = options['CaseSensitive']
invertSearch = options['InvertSearch']
re_search, re_search_bytes = None, None
if options['Wildcard']:
wildcardSearch = re.escape(text).replace('\*','.*').replace('\?','.?')
wildcardSearch_bytes = re.escape(text.encode('utf-8')).replace(b'\*',b'.*').replace(b'\?',b'.?')
if caseSensitive:
re_search = re.compile(wildcardSearch)
re_search_bytes = re.compile(wildcardSearch_bytes)
else:
re_search = re.compile(wildcardSearch, re.I)
re_search_bytes = re.compile(wildcardSearch_bytes, re.I)
elif options['RegularExpression']:
if caseSensitive:
re_search = re.compile(text)
re_search_bytes = re.compile(text.encode('utf-8'))
else:
re_search = re.compile(text, re.I)
re_search_bytes = re.compile(text.encode('utf-8'), re.I)
if re_search:
self.str_strategy = lambda v: re_search.search(v)
self.bytes_strategy = lambda v: re_search_bytes.search(v)
else:
if caseSensitive:
self.str_strategy = lambda v: -1 != v.find(text)
self.bytes_strategy = lambda v: -1 != v.find(text.encode('utf-8'))
else:
ltext = text.lower()
self.str_strategy = lambda v: -1 != v.lower().find(ltext)
self.bytes_strategy = lambda v: -1 != v.lower().find(ltext.encode('utf-8'))
for row in self.Data.execute_search(self.cursor, self.reqbody or self.resbody):
if self.canceled:
break
responseItems = interface.data_row_to_response_items(row)
if self.isMatch(responseItems):
if not invertSearch:
self.fill(responseItems)
elif invertSearch:
self.fill(responseItems)
self.callbackObj.emit(SIGNAL('searchFinished()'))
def append_sequence_item(self, responseId, requestId=''):
topItem = self.sequenceStepsTreeWidget.topLevelItem(
self.sequenceStepsTreeWidget.topLevelItemCount() - 1)
if topItem is None:
current_max = 0
else:
current_max = int(topItem.text(0))
stepnum = str(current_max + 1)
row = self.Data.read_responses_by_id(self.cursor, responseId)
if not row:
return
self.sequenceResponseIds.add(responseId)
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
method = responseItems[ResponsesTable.REQ_METHOD]
contentType = responseItems[
ResponsesTable.RES_CONTENT_TYPE].lower().strip()
charset = ContentHelper.getCharSet(contentType)
if contentType and ';' in contentType:
contentType = contentType[0:contentType.index(';')]
reqHeaders = responseItems[ResponsesTable.REQ_HEADERS]
reqData = responseItems[ResponsesTable.REQ_DATA]
requestHeaders, requestBody, rawRequest = ContentHelper.combineRaw(
reqHeaders, reqData)
resHeaders = responseItems[ResponsesTable.RES_HEADERS]
resData = responseItems[ResponsesTable.RES_DATA]
responseHeaders, responseBody, rawResponse = ContentHelper.combineRaw(
resHeaders, resData, charset)
sequence_item = {
'responseUrl': url,
'responseId': responseId,
'rawResponse': rawResponse,
'rawRequest': rawRequest,
'method': method,
}
self.sequence_items[stepnum] = sequence_item
status = self.check_pattern_match(sequence_item)
item = QTreeWidgetItem([stepnum, status, method, contentType, url])
self.sequenceStepsTreeWidget.addTopLevelItem(item)
self.hide_media_type_item(item, contentType)
self.formCapture.process_target_request(responseId, requestId, method,
url, reqHeaders, reqData)
return item
def requester_populate_response_id(self, Id):
row = self.Data.read_responses_by_id(self.cursor, Id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
method, url, template_text = self.generate_template_for_response_item(responseItems)
self.set_combo_box_text(self.mainWindow.requesterRequestMethod, method.upper())
self.mainWindow.requesterUrlEdit.setText(url)
self.mainWindow.requesterTemplateEdit.setPlainText(template_text)
def fill_requesters(self):
# requesters
self.requesterHistoryDataModel.clearModel()
history_items = []
for row in self.Data.get_all_requester_history(self.cursor):
response_item = interface.data_row_to_response_items(row)
history_items.append(response_item)
self.requesterHistoryDataModel.append_data(history_items)
self.fill_sequences()
self.mainWindow.requesterUrlEdit.setText(self.framework.get_raft_config_value('requesterUrlEdit'))
self.mainWindow.bulkRequestUrlListEdit.setPlainText(self.framework.get_raft_config_value('bulkRequestUrlListEdit'))
def webfuzzer_populate_response_id(self, Id):
self.clear_data_dictionary()
row = self.Data.read_responses_by_id(self.cursor, Id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
reqHeaders = responseItems[ResponsesTable.REQ_HEADERS].decode('utf-8', 'ignore')
reqData = responseItems[ResponsesTable.REQ_DATA].decode('utf-8', 'ignore')
method = responseItems[ResponsesTable.REQ_METHOD]
splitted = urlparse.urlsplit(url)
# Create a new parsed object removing the scheme and netloc
base_url = urlparse.urlunsplit((splitted[0], splitted[1], splitted[2], '', ''))
req_loc = ("", "", "", splitted.query, splitted.fragment)
useragent = self.framework.useragent()
has_cookie = False
template = StringIO()
template.write('${method} ${request_uri}%s HTTP/1.1\n' % urlparse.urlunsplit(req_loc))
first = True
for line in reqHeaders.splitlines():
if not line:
break
if first and self.re_request.match(line):
first = False
continue
if ':' in line:
name, value = [v.strip() for v in line.split(':', 1)]
lname = name.lower()
if 'host' == lname:
if splitted.hostname and value == splitted.hostname:
template.write('Host: ${host}\n')
continue
elif 'user-agent' == lname:
if useragent == value:
template.write('User-Agent: ${user_agent}\n')
continue
template.write(line)
template.write('\n')
template.write('\n')
template.write(reqData)
self.set_combo_box_text(self.mainWindow.stdFuzzerReqMethod, method.upper())
self.mainWindow.wfStdUrlEdit.setText(base_url)
self.mainWindow.wfStdEdit.setPlainText(template.getvalue())
def fill_fuzzer_history(self, index):
Id = interface.index_to_id(self.fuzzerHistoryDataModel, index)
if Id:
row = self.Data.read_responses_by_id(self.cursor, Id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
reqHeaders = responseItems[ResponsesTable.REQ_HEADERS]
reqData = responseItems[ResponsesTable.REQ_DATA]
resHeaders = responseItems[ResponsesTable.RES_HEADERS]
resData = responseItems[ResponsesTable.RES_DATA]
contentType = responseItems[ResponsesTable.RES_CONTENT_TYPE]
self.miniResponseRenderWidget.populate_response_content(url, reqHeaders, reqData, resHeaders, resData, contentType)
def requester_populate_response_id(self, Id):
row = self.Data.read_responses_by_id(self.cursor, Id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
method, url, template_text = self.generate_template_for_response_item(
responseItems)
self.set_combo_box_text(self.mainWindow.requesterRequestMethod,
method.upper())
self.mainWindow.requesterUrlEdit.setText(url)
self.mainWindow.requesterTemplateEdit.setPlainText(template_text)
def append_sequence_item(self, responseId, requestId = ''):
topItem = self.sequenceStepsTreeWidget.topLevelItem(self.sequenceStepsTreeWidget.topLevelItemCount()-1)
if topItem is None:
current_max = 0
else:
current_max = int(topItem.text(0))
stepnum = str(current_max + 1)
row = self.Data.read_responses_by_id(self.cursor, responseId)
if not row:
return
self.sequenceResponseIds.add(responseId)
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
method = responseItems[ResponsesTable.REQ_METHOD]
contentType = responseItems[ResponsesTable.RES_CONTENT_TYPE].lower().strip()
charset = ContentHelper.getCharSet(contentType)
if contentType and ';' in contentType:
contentType = contentType[0:contentType.index(';')]
reqHeaders = responseItems[ResponsesTable.REQ_HEADERS]
reqData = responseItems[ResponsesTable.REQ_DATA]
requestHeaders, requestBody, rawRequest = ContentHelper.combineRaw(reqHeaders, reqData)
resHeaders = responseItems[ResponsesTable.RES_HEADERS]
resData = responseItems[ResponsesTable.RES_DATA]
responseHeaders, responseBody, rawResponse = ContentHelper.combineRaw(resHeaders, resData, charset)
sequence_item = {
'responseUrl' : url,
'responseId' : responseId,
'rawResponse' : rawResponse,
'rawRequest' : rawRequest,
'method' : method,
}
self.sequence_items[stepnum] = sequence_item
status = self.check_pattern_match(sequence_item)
item = QTreeWidgetItem([stepnum, status, method, contentType, url])
self.sequenceStepsTreeWidget.addTopLevelItem(item)
self.hide_media_type_item(item, contentType)
self.formCapture.process_target_request(responseId, requestId, method, url, reqHeaders, reqData)
return item
def fill_requesters(self):
# requesters
self.requesterHistoryDataModel.clearModel()
history_items = []
for row in self.Data.get_all_requester_history(self.cursor):
response_item = interface.data_row_to_response_items(row)
history_items.append(response_item)
self.requesterHistoryDataModel.append_data(history_items)
self.fill_sequences()
self.mainWindow.requesterUrlEdit.setText(
self.framework.get_raft_config_value('requesterUrlEdit'))
self.mainWindow.bulkRequestUrlListEdit.setPlainText(
self.framework.get_raft_config_value('bulkRequestUrlListEdit'))
def generate_fuzz_values(self, response_id):
row = self.Data.read_responses_by_id(self.read_cursor, response_id)
if not row:
self.framework.log_warning('missing response id: %s' %
(response_id))
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
contentType = responseItems[ResponsesTable.RES_CONTENT_TYPE]
responseBody = responseItems[ResponsesTable.RES_DATA]
if url in self.processed_urls:
self.framework.log_warning(
'skipping already scanned url [%s] for now' % (url))
return
else:
self.processed_urls[url] = True
# TODO: need better content type
if 'html' not in contentType:
if b'<html' not in responseBody.lower():
# non-html not supported
self.framework.log_warning(
'skipping not HTML request for [%s]: %s' %
(response_id, url))
return
fuzz_payloads = self.calculate_fuzz_payloads(url)
self.qlock.lock()
try:
# if self.fuzz_queue.has_key(url):
# # TODO: allow for better rescan in future
# self.framework.log_warning('adding already scanned url [%s] for now' % (url))
for payload in fuzz_payloads:
queue_item = [
None, response_id, payload[0], payload[1], payload[2],
payload[3], 'P'
]
rowid = self.Data.add_dom_fuzzer_queue_item(
self.write_cursor, queue_item)
queue_item[0] = rowid
self.queueDataModel.append_data([queue_item])
finally:
self.qlock.unlock()
def sequence_runner_response_received(self, response_id, context):
context = str(context)
if self.pending_sequence_requests is not None:
try:
self.pending_sequence_requests.pop(context)
except KeyError as e:
print((e))
pass
if 0 != response_id:
row = self.Data.read_responses_by_id(self.cursor, response_id)
if row:
response_item = interface.data_row_to_response_items(row)
self.sequenceRunnerDataModel.append_data([response_item])
if self.pending_sequence_requests is None or len(self.pending_sequence_requests) == 0:
self.mainWindow.sequenceRunnerRunButton.setText('Send')
def populate_by_dbrow(self, row):
responseItems = interface.data_row_to_response_items(row)
self.origin = responseItems[ResponsesTable.DATA_ORIGIN]
self.host = responseItems[ResponsesTable.REQ_HOST]
self.hostip = responseItems[ResponsesTable.HOST_IP]
self.url = responseItems[ResponsesTable.URL]
self.status = responseItems[ResponsesTable.STATUS]
self.datetime = responseItems[ResponsesTable.REQDATE]
self.method = responseItems[ResponsesTable.REQ_METHOD]
self.content_type = responseItems[ResponsesTable.RES_CONTENT_TYPE]
self.request_headers = responseItems[ResponsesTable.REQ_HEADERS]
self.request_body = responseItems[ResponsesTable.REQ_DATA]
self.response_headers = responseItems[ResponsesTable.RES_HEADERS]
self.response_body = responseItems[ResponsesTable.RES_DATA]
self.content_length = responseItems[ResponsesTable.RES_LENGTH]
self.elapsed = responseItems[ResponsesTable.REQTIME]
self.notes = responseItems[ResponsesTable.NOTES]
self.confirmed = responseItems[ResponsesTable.CONFIRMED]
def populate_by_dbrow(self, row):
responseItems = interface.data_row_to_response_items(row)
self.origin = responseItems[ResponsesTable.DATA_ORIGIN]
self.host = responseItems[ResponsesTable.REQ_HOST]
self.hostip = responseItems[ResponsesTable.HOST_IP]
self.url = responseItems[ResponsesTable.URL]
self.status = responseItems[ResponsesTable.STATUS]
self.datetime = responseItems[ResponsesTable.REQDATE]
self.method = responseItems[ResponsesTable.REQ_METHOD]
self.content_type = responseItems[ResponsesTable.RES_CONTENT_TYPE]
self.request_headers = responseItems[ResponsesTable.REQ_HEADERS]
self.request_body = responseItems[ResponsesTable.REQ_DATA]
self.response_headers = responseItems[ResponsesTable.RES_HEADERS]
self.response_body = responseItems[ResponsesTable.RES_DATA]
self.content_length = responseItems[ResponsesTable.RES_LENGTH]
self.elapsed = responseItems[ResponsesTable.REQTIME]
self.notes = responseItems[ResponsesTable.NOTES]
self.confirmed = responseItems[ResponsesTable.CONFIRMED]
def sequence_runner_response_received(self, response_id, context):
context = str(context)
if self.pending_sequence_requests is not None:
try:
self.pending_sequence_requests.pop(context)
except KeyError as e:
print((e))
pass
if 0 != response_id:
row = self.Data.read_responses_by_id(self.cursor, response_id)
if row:
response_item = interface.data_row_to_response_items(row)
self.sequenceRunnerDataModel.append_data([response_item])
if self.pending_sequence_requests is None or len(
self.pending_sequence_requests) == 0:
self.mainWindow.sequenceRunnerRunButton.setText('Send')
def requester_response_received(self, response_id, context):
if 0 != response_id:
row = self.Data.read_responses_by_id(self.cursor, response_id)
if row:
response_item = interface.data_row_to_response_items(row)
self.Data.insert_requester_history(self.cursor, response_id)
self.requesterHistoryDataModel.append_data([response_item])
url = response_item[ResponsesTable.URL]
req_headers = response_item[ResponsesTable.REQ_HEADERS]
req_body = response_item[ResponsesTable.REQ_DATA]
res_headers = response_item[ResponsesTable.RES_HEADERS]
res_body = response_item[ResponsesTable.RES_DATA]
res_content_type = response_item[ResponsesTable.RES_CONTENT_TYPE]
self.miniResponseRenderWidget.populate_response_content(url, req_headers, req_body, res_headers, res_body, res_content_type)
self.mainWindow.requesterSendButton.setText('Send')
self.pending_request = None
def generate_fuzz_values(self, response_id):
row = self.Data.read_responses_by_id(self.read_cursor, response_id)
if not row:
self.framework.log_warning('missing response id: %s' % (response_id))
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
contentType = responseItems[ResponsesTable.RES_CONTENT_TYPE]
responseBody = responseItems[ResponsesTable.RES_DATA]
if url in self.processed_urls:
self.framework.log_warning('skipping already scanned url [%s] for now' % (url))
return
else:
self.processed_urls[url] = True
# TODO: need better content type
if 'html' not in contentType:
if b'<html' not in responseBody.lower():
# non-html not supported
self.framework.log_warning('skipping not HTML request for [%s]: %s' % (response_id, url))
return
fuzz_payloads = self.calculate_fuzz_payloads(url)
self.qlock.lock()
try:
# if self.fuzz_queue.has_key(url):
# # TODO: allow for better rescan in future
# self.framework.log_warning('adding already scanned url [%s] for now' % (url))
for payload in fuzz_payloads:
queue_item = [None, response_id, payload[0], payload[1], payload[2], payload[3], 'P']
rowid = self.Data.add_dom_fuzzer_queue_item(
self.write_cursor, queue_item
)
queue_item[0] = rowid
self.queueDataModel.append_data([queue_item])
finally:
self.qlock.unlock()
def bulk_requester_populate_responses(self, id_list):
url_list = []
first = True
for Id in id_list:
row = self.Data.read_responses_by_id(self.cursor, Id)
if not row:
continue
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
if url not in url_list:
url_list.append(url)
if first:
method, url, template_text = self.generate_template_for_response_item(responseItems)
self.set_combo_box_text(self.mainWindow.bulkRequestMethodEdit, method.upper())
self.mainWindow.bulkRequestTemplateEdit.setPlainText(template_text)
first = False
self.mainWindow.bulkRequestUrlListEdit.setPlainText('\n'.join(url_list))
def requester_response_received(self, response_id, context):
if 0 != response_id:
row = self.Data.read_responses_by_id(self.cursor, response_id)
if row:
response_item = interface.data_row_to_response_items(row)
self.Data.insert_requester_history(self.cursor, response_id)
self.requesterHistoryDataModel.append_data([response_item])
url = response_item[ResponsesTable.URL]
req_headers = response_item[ResponsesTable.REQ_HEADERS]
req_body = response_item[ResponsesTable.REQ_DATA]
res_headers = response_item[ResponsesTable.RES_HEADERS]
res_body = response_item[ResponsesTable.RES_DATA]
res_content_type = response_item[
ResponsesTable.RES_CONTENT_TYPE]
self.miniResponseRenderWidget.populate_response_content(
url, req_headers, req_body, res_headers, res_body,
res_content_type)
self.mainWindow.requesterSendButton.setText('Send')
self.pending_request = None
def tester_populate_csrf(self, response_id):
row = self.Data.read_responses_by_id(self.cursor, response_id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
# Are reqHeaders necessary?
reqHeaders = str(responseItems[ResponsesTable.REQ_HEADERS], 'utf-8',
'ignore')
reqData = str(responseItems[ResponsesTable.REQ_DATA], 'utf-8',
'ignore') # TODO: consider replacement
data = reqHeaders + "\n" + reqData
# Check to ensure that either a GET or a POST is being used and pass that along to the function
# check = re.compile("^(GET|POST)", re.I)
# result = check.match(reqHeaders)
# if not result:
# return()
GET = re.compile("^GET", re.I)
POST = re.compile("^POST", re.I)
if GET.match(reqHeaders):
htmlresult = CSRFTester.generate_csrf_html(url, reqData, "get")
elif POST.match(reqHeaders):
htmlresult = CSRFTester.generate_csrf_html(url, reqData, "post")
else:
return ()
# htmlresult = CSRFTester.generate_csrf_html(url, reqData)
self.mainWindow.testerCSRFURLEdit.setText(url)
self.mainWindow.csrfGenEdit.setText(htmlresult)
self.mainWindow.csrfReqEdit.setPlainText(data)
def requester_bulk_response_received(self, response_id, context):
self.mainWindow.bulkRequestProgressBar.setValue(self.mainWindow.bulkRequestProgressBar.value()+1)
context = str(context)
if self.pending_bulk_requests is not None:
try:
self.pending_bulk_requests.pop(context)
except KeyError as e:
pass
if 0 != response_id:
row = self.Data.read_responses_by_id(self.cursor, response_id)
if row:
response_item = interface.data_row_to_response_items(row)
self.Data.insert_requester_history(self.cursor, response_id)
self.requesterHistoryDataModel.append_data([response_item])
finished = False
if self.pending_bulk_requests is None or len(self.pending_bulk_requests) == 0:
self.mainWindow.bulkRequestProgressBar.setValue(self.mainWindow.bulkRequestProgressBar.maximum())
finished = True
elif self.mainWindow.bulkRequestProgressBar.value() == self.mainWindow.bulkRequestProgressBar.maximum():
finished = True
if finished:
self.mainWindow.bulkRequestPushButton.setText('Send')
def tester_populate_csrf(self, response_id):
row = self.Data.read_responses_by_id(self.cursor, response_id)
if not row:
return
responseItems = interface.data_row_to_response_items(row)
url = responseItems[ResponsesTable.URL]
# Are reqHeaders necessary?
reqHeaders = str(responseItems[ResponsesTable.REQ_HEADERS], "utf-8", "ignore")
reqData = str(responseItems[ResponsesTable.REQ_DATA], "utf-8", "ignore") # TODO: consider replacement
data = reqHeaders + "\n" + reqData
# Check to ensure that either a GET or a POST is being used and pass that along to the function
# check = re.compile("^(GET|POST)", re.I)
# result = check.match(reqHeaders)
# if not result:
# return()
GET = re.compile("^GET", re.I)
POST = re.compile("^POST", re.I)
if GET.match(reqHeaders):
htmlresult = CSRFTester.generate_csrf_html(url, reqData, "get")
elif POST.match(reqHeaders):
htmlresult = CSRFTester.generate_csrf_html(url, reqData, "post")
else:
return ()
# htmlresult = CSRFTester.generate_csrf_html(url, reqData)
self.mainWindow.testerCSRFURLEdit.setText(url)
self.mainWindow.csrfGenEdit.setText(htmlresult)
self.mainWindow.csrfReqEdit.setPlainText(data)
def createRequest(self, operation, request, outgoingData=None):
reply = None
try:
requestUrl = request.url()
scheme = str(requestUrl.scheme())
if scheme in ('data', 'about', 'javascript'):
reply = QNetworkAccessManager.createRequest(
self, operation, request, outgoingData)
elif scheme in ('http', 'https'):
url = requestUrl.toEncoded().data().decode('utf-8')
url_response = None
if url in self.request_lookaside:
url_response = self.request_lookaside[url]
else:
responses = []
for row in self.Data.read_responses_by_url(
self.cursor, url):
responseItems = interface.data_row_to_response_items(
row)
response_length = str(
responseItems[ResponsesTable.RES_LENGTH])
if response_length and int(
response_length) > 0 and str(responseItems[
ResponsesTable.STATUS]).startswith('2'):
responses.append(responseItems)
if len(responses) > 0:
url_response = responses[-1]
# TODO: implement max size limit
self.request_lookaside[url] = url_response
if not url_response:
# try again, with base url
if '?' in url:
base_url = url[0:url.index('?')]
else:
base_url = url
for row in self.Data.read_responses_starting_with_url(
self.cursor, base_url):
responseItems = interface.data_row_to_response_items(
row)
response_length = str(
responseItems[ResponsesTable.RES_LENGTH])
if response_length and int(
response_length) > 0 and str(
responseItems[ResponsesTable.
STATUS]).startswith('2'):
responses.append(responseItems)
if len(responses) > 0:
url_response = responses[-1]
self.request_lookaside[url] = url_response
if url_response:
reply = CustomNetworkReply(
self, requestUrl,
url_response[ResponsesTable.RES_HEADERS],
url_response[ResponsesTable.RES_DATA])
except Exception as error:
self.framework.report_implementation_error(error)
if not reply:
# must always return reply
request.setUrl(QUrl('about:blank'))
reply = QNetworkAccessManager.createRequest(
self, operation, request, outgoingData)
return reply
def performSearchHandler(self):
text = self.searchCriteria.text
options = self.searchCriteria.options
locations = self.searchCriteria.locations
self.reqheaders = locations['RequestHeaders']
self.reqbody = locations['RequestBody']
self.resheaders = locations['ResponseHeaders']
self.resbody = locations['ResponseBody']
self.requrl = locations['RequestUrl']
self.notes = locations['AnalystNotes']
caseSensitive = options['CaseSensitive']
invertSearch = options['InvertSearch']
re_search, re_search_bytes = None, None
if options['Wildcard']:
wildcardSearch = re.escape(text).replace('\*',
'.*').replace('\?', '.?')
wildcardSearch_bytes = re.escape(text.encode('utf-8')).replace(
b'\*', b'.*').replace(b'\?', b'.?')
if caseSensitive:
re_search = re.compile(wildcardSearch)
re_search_bytes = re.compile(wildcardSearch_bytes)
else:
re_search = re.compile(wildcardSearch, re.I)
re_search_bytes = re.compile(wildcardSearch_bytes, re.I)
elif options['RegularExpression']:
if caseSensitive:
re_search = re.compile(text)
re_search_bytes = re.compile(text.encode('utf-8'))
else:
re_search = re.compile(text, re.I)
re_search_bytes = re.compile(text.encode('utf-8'), re.I)
if re_search:
self.str_strategy = lambda v: re_search.search(v)
self.bytes_strategy = lambda v: re_search_bytes.search(v)
else:
if caseSensitive:
self.str_strategy = lambda v: -1 != v.find(text)
self.bytes_strategy = lambda v: -1 != v.find(
text.encode('utf-8'))
else:
ltext = text.lower()
self.str_strategy = lambda v: -1 != v.lower().find(ltext)
self.bytes_strategy = lambda v: -1 != v.lower().find(
ltext.encode('utf-8'))
for row in self.Data.execute_search(self.cursor, self.reqbody
or self.resbody):
if self.canceled:
break
responseItems = interface.data_row_to_response_items(row)
if self.isMatch(responseItems):
if not invertSearch:
self.fill(responseItems)
elif invertSearch:
self.fill(responseItems)
self.callbackObj.emit(SIGNAL('searchFinished()'))
