def create_mutants(freq, mutant_str_list, fuzzable_param_list, append,
fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not 'fuzz_form_files' in fuzzer_config:
return []
if not isinstance(freq, HTTPPostDataRequest):
return []
file_vars = freq.get_file_vars()
if not file_vars:
return []
fake_file_objs = []
ext = fuzzer_config['fuzzed_files_extension']
for mutant_str in mutant_str_list:
if isinstance(mutant_str, basestring):
# I have to create the NamedStringIO with a "name".
# This is needed for MultipartPostHandler
fname = "%s.%s" % (rand_alpha(7), ext)
str_file = NamedStringIO(mutant_str, name=fname)
fake_file_objs.append(str_file)
res = Mutant._create_mutants_worker(freq, FileContentMutant,
fake_file_objs, file_vars, append,
fuzzer_config)
return res
def create_mutants(freq, mutant_str_list, fuzzable_param_list,
append, fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not 'fuzz_form_files' in fuzzer_config:
return []
if not isinstance(freq, HTTPPostDataRequest):
return []
file_vars = freq.get_file_vars()
if not file_vars:
return []
fake_file_objs = []
ext = fuzzer_config['fuzzed_files_extension']
for mutant_str in mutant_str_list:
if isinstance(mutant_str, basestring):
# I have to create the NamedStringIO with a "name".
# This is needed for MultipartPostHandler
fname = "%s.%s" % (rand_alpha(7), ext)
str_file = NamedStringIO(mutant_str, name=fname)
fake_file_objs.append(str_file)
res = Mutant._create_mutants_worker(freq, FileContentMutant,
fake_file_objs,
file_vars,
append, fuzzer_config)
return res
def create_mutants(freq, mutant_str_list, fuzzable_param_list, append,
fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not isinstance(freq, HTTPQSRequest):
return []
return Mutant._create_mutants_worker(freq, QSMutant, mutant_str_list,
fuzzable_param_list, append,
fuzzer_config)
def create_mutants(freq, mutant_str_list, fuzzable_param_list,
append, fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not isinstance(freq, HTTPQSRequest):
return []
return Mutant._create_mutants_worker(freq, QSMutant, mutant_str_list,
fuzzable_param_list,
append, fuzzer_config)
def create_mutants(freq, mutant_str_list, fuzzable_param_list,
append, fuzzer_config, data_container=None):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not isinstance(freq, HTTPQSRequest):
return []
if not fuzzer_config['fuzz_cookies']:
return []
orig_cookie = freq.get_cookie()
return Mutant._create_mutants_worker(
freq, CookieMutant, mutant_str_list,
fuzzable_param_list,
append, fuzzer_config,
data_container=orig_cookie)
def create_mutants(freq,
mutant_str_list,
fuzzable_param_list,
append,
fuzzer_config,
data_container=None):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not fuzzer_config['fuzzable_headers']:
return []
# Generate a list with the headers we'll fuzz
fuzzable_param_list = fuzzable_param_list + fuzzer_config[
'fuzzable_headers']
# Generate a dummy object that we'll use for fixing the "impedance mismtach"
# between the Headers() object that doesn't have the same form as a
# generic DataContainer. Headers look like:
# {'a':'b'}
# While data containers look like
# {'a': ['b',]}
#
# Note that I'm undoing this in the set_dc method above.
# (search for __HERE__)
#
orig_headers = freq.get_headers()
headers_copy = orig_headers.copy()
for header_name in fuzzer_config['fuzzable_headers']:
headers_copy[header_name] = ''
cloned_headers = headers_copy.clone_with_list_values()
return Mutant._create_mutants_worker(freq,
HeadersMutant,
mutant_str_list,
fuzzable_param_list,
append,
fuzzer_config,
data_container=cloned_headers)
def create_mutants(freq, mutant_str_list, fuzzable_param_list, append, fuzzer_config, data_container=None):
"""
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
"""
if not fuzzer_config["fuzzable_headers"]:
return []
# Generate a list with the headers we'll fuzz
fuzzable_param_list = fuzzable_param_list + fuzzer_config["fuzzable_headers"]
# Generate a dummy object that we'll use for fixing the "impedance mismtach"
# between the Headers() object that doesn't have the same form as a
# generic DataContainer. Headers look like:
# {'a':'b'}
# While data containers look like
# {'a': ['b',]}
#
# Note that I'm undoing this in the set_dc method above.
# (search for __HERE__)
#
orig_headers = freq.get_headers()
headers_copy = orig_headers.copy()
for header_name in fuzzer_config["fuzzable_headers"]:
headers_copy[header_name] = ""
cloned_headers = headers_copy.clone_with_list_values()
return Mutant._create_mutants_worker(
freq,
HeadersMutant,
mutant_str_list,
fuzzable_param_list,
append,
fuzzer_config,
data_container=cloned_headers,
)
