Beispiel #1
0
    def __init__(self, ip, port, urlOpener=ExtendedUrllib(),
                 proxy_cert='core/controllers/daemons/mitm.crt'):
        '''
        :param ip: IP address to bind
        :param port: Port to bind
        :param urlOpener: The urlOpener that will be used to open the requests
                          that arrive from the browser
        :param proxyHandler: A class that will know how to handle requests
                             from the browser
        :param proxy_cert: Proxy certificate to use, this is needed for
                           proxying SSL connections.
        '''
        Proxy.__init__(self, ip, port, urlOpener, w3afLocalProxyHandler,
                       proxy_cert)

        self.daemon = True
        self.name = 'LocalProxyThread'

        # Internal vars
        self._request_queue = Queue.Queue()
        self._edited_requests = {}
        self._edited_responses = {}

        # User configured parameters
        self._methods_to_trap = set()
        self._what_to_trap = re.compile('.*')
        self._what_not_to_trap = re.compile('.*\.(gif|jpg|png|css|js|ico|swf|axd|tif)$')
        self._trap = False
        self._fix_content_length = True
Beispiel #2
0
class TestExtendedUrllibProxy(unittest.TestCase):

    MOTH_MESSAGE = 'Welcome to the moth homepage!'

    def setUp(self):
        self.uri_opener = ExtendedUrllib()
        
        # Start the proxy daemon
        self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
        self._proxy.start()
        self._proxy.wait_for_start()
        
        port = self._proxy.get_port()
        
        # Configure the proxy
        settings = OpenerSettings()
        options = settings.get_options()
        proxy_address_opt = options['proxy_address']
        proxy_port_opt = options['proxy_port']
        
        proxy_address_opt.set_value('127.0.0.1') 
        proxy_port_opt.set_value(port)
        
        settings.set_options(options)
        self.uri_opener.settings = settings
    
    def tearDown(self):
        self.uri_opener.end()
        
    def test_http_default_port_via_proxy(self):
        url = URL('http://moth/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)

    def test_http_port_specification_via_proxy(self):
        url = URL('http://moth:80/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)

    def test_https_via_proxy(self):
        TODO = 'Skip this test because of a strange bug with the extended'\
               ' url library and w3af\'s local proxy daemon. More info here:'\
               ' https://github.com/andresriancho/w3af/issues/183'
        raise SkipTest(TODO)
    
        url = URL('https://moth/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)

    def test_offline_port_via_proxy(self):
        url = URL('http://127.0.0.1:8181/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertEqual(http_response.get_code(), 400)
    
    def test_POST_via_proxy(self):
        url = URL('http://moth/w3af/core/echo/post.php')
        http_response = self.uri_opener.POST(url, data='abc=123', cache=False)
        self.assertIn('[abc] => 123', http_response.body)
Beispiel #3
0
class TestExtendedUrllibProxy(unittest.TestCase):

    MOTH_MESSAGE = 'Welcome to the moth homepage!'

    def setUp(self):
        self.uri_opener = ExtendedUrllib()

        # Start the proxy daemon
        self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
        self._proxy.start()
        self._proxy.wait_for_start()

        port = self._proxy.get_port()

        # Configure the proxy
        settings = OpenerSettings()
        options = settings.get_options()
        proxy_address_opt = options['proxy_address']
        proxy_port_opt = options['proxy_port']

        proxy_address_opt.set_value('127.0.0.1')
        proxy_port_opt.set_value(port)

        settings.set_options(options)
        self.uri_opener.settings = settings

    def tearDown(self):
        self.uri_opener.end()

    def test_http_default_port_via_proxy(self):
        url = URL('http://moth/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)

    def test_http_port_specification_via_proxy(self):
        url = URL('http://moth:80/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)

    def test_https_via_proxy(self):
        TODO = 'Skip this test because of a strange bug with the extended'\
               ' url library and w3af\'s local proxy daemon. More info here:'\
               ' https://github.com/andresriancho/w3af/issues/183'
        raise SkipTest(TODO)

        url = URL('https://moth/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)

    def test_offline_port_via_proxy(self):
        url = URL('http://127.0.0.1:8181/')
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertEqual(http_response.get_code(), 400)

    def test_POST_via_proxy(self):
        url = URL('http://moth/w3af/core/echo/post.php')
        http_response = self.uri_opener.POST(url, data='abc=123', cache=False)
        self.assertIn('[abc] => 123', http_response.body)
Beispiel #4
0
 def crawl(self, freq):
     
     # Create the proxy server
     try:
         self._proxy = Proxy(self._listen_address, self._listen_port,
                             self._uri_opener, self.create_p_h())
     except w3afProxyException, proxy_exc:
         om.out.error('%s' % proxy_exc)
Beispiel #5
0
    def _start_proxy(self, uri_opener):
        '''
        Saves the proxy configuration to self.local_proxy_url in order for the
        wrapper to use it in the calls to sqlmap.py and have the traffic go
        through our proxy (which has the user configuration, logging, etc).
        
        :return: None, an exception is raised if something fails.
        '''
        host = '127.0.0.1'

        for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY + 25):
            try:
                self.proxy = Proxy(host, port, uri_opener)
            except w3afProxyException, pe:
                pass
            else:
                self.proxy.start()
                self.local_proxy_url = 'http://%s:%s/' % (host, port)
                return
Beispiel #6
0
class SQLMapWrapper(object):
    
    
    SQLMAP_LOCATION = os.path.join('plugins', 'attack', 'db', 'sqlmap') 
    VULN_STR = 'sqlmap identified the following injection points'
    NOT_VULN_STR = 'all tested parameters appear to be not injectable'

    SQLMAP_ERRORS = ('connection timed out to the target',)
    
    def __init__(self, target, uri_opener, coloring=False):
        if not isinstance(target, Target):
            fmt = 'Invalid type %s for target parameter in SQLMapWrapper ctor.'
            raise TypeError(fmt % type(target))

        self._start_proxy(uri_opener)

        self.target = target
        self.coloring = coloring
        self.last_command = None
        self.verified_vulnerable = False
    
    def _start_proxy(self, uri_opener):
        '''
        Saves the proxy configuration to self.local_proxy_url in order for the
        wrapper to use it in the calls to sqlmap.py and have the traffic go
        through our proxy (which has the user configuration, logging, etc).
        
        :return: None, an exception is raised if something fails.
        '''
        host = '127.0.0.1'
        
        for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY+25):
            try:
                self.proxy = Proxy(host, port, uri_opener)
            except w3afProxyException, pe:
                pass
            else:
                self.proxy.start()
                self.local_proxy_url = 'http://%s:%s/' % (host, port)
                return
        else:
Beispiel #7
0
    def setUp(self):
        self.uri_opener = ExtendedUrllib()

        # Start the proxy daemon
        self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
        self._proxy.start()
        self._proxy.wait_for_start()

        port = self._proxy.get_port()

        # Configure the proxy
        settings = OpenerSettings()
        options = settings.get_options()
        proxy_address_opt = options['proxy_address']
        proxy_port_opt = options['proxy_port']

        proxy_address_opt.set_value('127.0.0.1')
        proxy_port_opt.set_value(port)

        settings.set_options(options)
        self.uri_opener.settings = settings
Beispiel #8
0
class SQLMapWrapper(object):

    SQLMAP_LOCATION = os.path.join('plugins', 'attack', 'db', 'sqlmap')
    VULN_STR = 'sqlmap identified the following injection points'
    NOT_VULN_STR = 'all tested parameters appear to be not injectable'

    SQLMAP_ERRORS = ('connection timed out to the target', )

    def __init__(self, target, uri_opener, coloring=False):
        if not isinstance(target, Target):
            fmt = 'Invalid type %s for target parameter in SQLMapWrapper ctor.'
            raise TypeError(fmt % type(target))

        self._start_proxy(uri_opener)

        self.target = target
        self.coloring = coloring
        self.last_command = None
        self.verified_vulnerable = False

    def _start_proxy(self, uri_opener):
        '''
        Saves the proxy configuration to self.local_proxy_url in order for the
        wrapper to use it in the calls to sqlmap.py and have the traffic go
        through our proxy (which has the user configuration, logging, etc).
        
        :return: None, an exception is raised if something fails.
        '''
        host = '127.0.0.1'

        for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY + 25):
            try:
                self.proxy = Proxy(host, port, uri_opener)
            except w3afProxyException, pe:
                pass
            else:
                self.proxy.start()
                self.local_proxy_url = 'http://%s:%s/' % (host, port)
                return
        else:
Beispiel #9
0
    def setUp(self):
        # Start the proxy server
        create_temp_dir()

        self._proxy = Proxy(self.IP, 0, ExtendedUrllib(), w3afProxyHandler)
        self._proxy.start()
        self._proxy.wait_for_start()
        
        port = self._proxy.get_port()
        
        # Build the proxy opener
        proxy_handler = urllib2.ProxyHandler({"http": "http://%s:%s"
                                              % (self.IP, port)})
        self.proxy_opener = urllib2.build_opener(proxy_handler,
                                                 urllib2.HTTPHandler)
Beispiel #10
0
 def _start_proxy(self, uri_opener):
     '''
     Saves the proxy configuration to self.local_proxy_url in order for the
     wrapper to use it in the calls to sqlmap.py and have the traffic go
     through our proxy (which has the user configuration, logging, etc).
     
     :return: None, an exception is raised if something fails.
     '''
     host = '127.0.0.1'
     
     for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY+25):
         try:
             self.proxy = Proxy(host, port, uri_opener)
         except w3afProxyException, pe:
             pass
         else:
             self.proxy.start()
             self.local_proxy_url = 'http://%s:%s/' % (host, port)
             return
Beispiel #11
0
 def setUp(self):
     self.uri_opener = ExtendedUrllib()
     
     # Start the proxy daemon
     self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
     self._proxy.start()
     self._proxy.wait_for_start()
     
     port = self._proxy.get_port()
     
     # Configure the proxy
     settings = OpenerSettings()
     options = settings.get_options()
     proxy_address_opt = options['proxy_address']
     proxy_port_opt = options['proxy_port']
     
     proxy_address_opt.set_value('127.0.0.1') 
     proxy_port_opt.set_value(port)
     
     settings.set_options(options)
     self.uri_opener.settings = settings
Beispiel #12
0
class TestProxy(unittest.TestCase):

    IP = '127.0.0.1'

    def setUp(self):
        # Start the proxy server
        create_temp_dir()

        self._proxy = Proxy(self.IP, 0, ExtendedUrllib(), w3afProxyHandler)
        self._proxy.start()
        self._proxy.wait_for_start()
        
        port = self._proxy.get_port()
        
        # Build the proxy opener
        proxy_handler = urllib2.ProxyHandler({"http": "http://%s:%s"
                                              % (self.IP, port)})
        self.proxy_opener = urllib2.build_opener(proxy_handler,
                                                 urllib2.HTTPHandler)

    def test_do_req_through_proxy(self):
        resp_body = self.proxy_opener.open('http://moth').read()

        # Basic check
        self.assertTrue(len(resp_body) > 0)

        # Get response using the proxy
        proxy_resp = self.proxy_opener.open('http://moth')
        # Get it without any proxy
        direct_resp = urllib2.urlopen('http://moth')

        # Must be equal
        self.assertEqual(direct_resp.read(), proxy_resp.read())

        # Have to remove the Date header because in some cases they differ because
        # one request was sent in second X and the other in X+1, which makes the
        # test fail
        direct_resp_headers = dict(direct_resp.info())
        proxy_resp_headers = dict(proxy_resp.info())
        del direct_resp_headers['date']
        del proxy_resp_headers['date']
        self.assertEqual(direct_resp_headers, proxy_resp_headers)

    def test_do_SSL_req_through_proxy(self):
        resp_body = self.proxy_opener.open('https://moth').read()

        # Basic check
        self.assertTrue(len(resp_body) > 0)

        # Get response using the proxy
        proxy_resp = self.proxy_opener.open('https://moth')
        # Get it without any proxy
        direct_resp = urllib2.urlopen('https://moth')

        # Must be equal
        self.assertEqual(direct_resp.read(), proxy_resp.read())

        # Have to remove the Date header because in some cases they differ because
        # one request was sent in second X and the other in X+1, which makes the
        # test fail
        direct_resp_headers = dict(direct_resp.info())
        proxy_resp_headers = dict(proxy_resp.info())
        del direct_resp_headers['date']
        del proxy_resp_headers['date']
        self.assertEqual(direct_resp_headers, proxy_resp_headers)

    def test_proxy_req_ok(self):
        '''Test if self._proxy.stop() works as expected. Note that the check
        content is the same as the previous check, but it might be that this
        check fails because of some error in start() or stop() which is run
        during setUp and tearDown.'''
        # Get response using the proxy
        proxy_resp = self.proxy_opener.open('http://moth').read()
        # Get it the other way
        resp = urllib2.urlopen('http://moth').read()
        # They must be very similar
        self.assertEqual(resp, proxy_resp)
    
    def test_stop_no_requests(self):
        '''Test what happens if I stop the proxy without sending any requests
        through it'''
        # Note that the test is completed by self._proxy.stop() in tearDown
        pass

    def test_stop_stop(self):
        '''Test what happens if I stop the proxy twice.'''
        # Note that the test is completed by self._proxy.stop() in tearDown
        self._proxy.stop()
    
    def tearDown(self):
        # Shutdown the proxy server
        self._proxy.stop()