def _initSplittedLayout(self):
'''Init Splitted layout. It's more convenient for intercept.'''
self._vpaned = RememberingVPaned(self.w3af, 'trap_view')
self._vpaned.show()
self.pack_start(self._vpaned, True, True)
self._vpaned.add(self.request)
self._vpaned.add(self.response)
def __init__(self, w3af, parentView, editable=False):
'''Make object.'''
RememberingVPaned.__init__(self, w3af, 'headers_view')
self.id = 'HttpHeadersView'
self.label = 'Headers'
self.startLine = ''
self.parentView = parentView
self.is_request = True
box = gtk.HBox()
self._headersStore = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING)
self._headersTreeview = gtk.TreeView(self._headersStore)
# Column for Name
renderer = gtk.CellRendererText()
renderer.set_property('editable', editable)
renderer.connect('edited', self._headerNameEdited, self._headersStore)
column = gtk.TreeViewColumn(_('Name'), renderer, text=0)
column.set_sort_column_id(0)
column.set_resizable(True)
self._headersTreeview.append_column(column)
# Column for Value
renderer = gtk.CellRendererText()
renderer.set_property('editable', editable)
renderer.set_property('ellipsize', pango.ELLIPSIZE_END)
renderer.connect('edited', self._headerValueEdited, self._headersStore)
column = gtk.TreeViewColumn(_('Value'), renderer, text=1)
column.set_resizable(True)
column.set_expand(True)
column.set_sort_column_id(1)
self._headersTreeview.append_column(column)
self._scrolled = gtk.ScrolledWindow()
self._scrolled.add(self._headersTreeview)
self._scrolled.show_all()
box.pack_start(self._scrolled)
# Buttons area
buttons = [
(gtk.STOCK_GO_UP, self._moveHeaderUp),
(gtk.STOCK_GO_DOWN, self._moveHeaderDown),
(gtk.STOCK_ADD, self._addHeader),
(gtk.STOCK_DELETE, self._deleteHeader)
]
buttonBox = gtk.VBox()
for button in buttons:
b = gtk.Button(stock=button[0])
b.connect("clicked", button[1])
b.show()
buttonBox.pack_start(b, False, False)
buttonBox.show()
if editable:
box.pack_start(buttonBox, False, False)
box.show()
self.add(box)
self._raw = HttpEditor(w3af)
self._raw.show()
self._raw.set_editable(editable)
self._raw.set_wrap(True)
self._raw.set_highlight_syntax(False)
self._raw.set_highlight_current_line(False)
self.initial = False
if editable:
buf = self._raw.get_buffer()
buf.connect("changed", self._changed)
self.add(self._raw)
class reqResViewer(gtk.VBox):
'''
A widget with the request and the response inside.
@author: Andres Riancho ( [email protected] )
@author: Facundo Batista ( [email protected] )
'''
def __init__(self, w3af, enableWidget=None, withManual=True, withFuzzy=True,
withCompare=True, withAudit=True, editableRequest=False, editableResponse=False,
widgname="default", layout='Tabbed'):
super(reqResViewer,self).__init__()
self.w3af = w3af
# Request
self.request = requestPart(w3af, enableWidget, editableRequest, widgname=widgname)
self.request.show()
# Response
self.response = responsePart(w3af, editableResponse, widgname=widgname)
self.response.show()
self.layout = layout
if layout == 'Tabbed':
self._initTabbedLayout()
else:
self._initSplittedLayout()
# Init req toolbox
self._initToolBox(withManual, withFuzzy, withCompare, withAudit)
self.show()
def _initTabbedLayout(self):
'''Init Tabbed layout. It's more convenient for quick view.'''
nb = gtk.Notebook()
nb.show()
self.nb = nb
self.pack_start(nb, True, True)
nb.append_page(self.request, gtk.Label(_("Request")))
nb.append_page(self.response, gtk.Label(_("Response")))
# Info
self.info = HttpEditor(self.w3af)
self.info.set_editable(False)
#self.info.show()
nb.append_page(self.info, gtk.Label(_("Info")))
def _initSplittedLayout(self):
'''Init Splitted layout. It's more convenient for intercept.'''
self._vpaned = RememberingVPaned(self.w3af, 'trap_view')
self._vpaned.show()
self.pack_start(self._vpaned, True, True)
self._vpaned.add(self.request)
self._vpaned.add(self.response)
def focusResponse(self):
if self.layout == 'Tabbed':
self.nb.set_current_page(1)
def focusRequest(self):
if self.layout == 'Tabbed':
self.nb.set_current_page(0)
def _initToolBox(self, withManual, withFuzzy, withCompare, withAudit):
# Buttons
hbox = gtk.HBox()
if withManual or withFuzzy or withCompare:
from .craftedRequests import ManualRequests, FuzzyRequests
if withManual:
b = SemiStockButton("", gtk.STOCK_INDEX, _("Send Request to Manual Editor"))
b.connect("clicked", self._sendRequest, ManualRequests)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
if withFuzzy:
b = SemiStockButton("", gtk.STOCK_PROPERTIES, _("Send Request to Fuzzy Editor"))
b.connect("clicked", self._sendRequest, FuzzyRequests)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
if withCompare:
b = SemiStockButton("", gtk.STOCK_ZOOM_100, _("Send Request and Response to Compare Tool"))
b.connect("clicked", self._sendReqResp)
self.response.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
# I always can export requests
b = SemiStockButton("", gtk.STOCK_COPY, _("Export Request"))
b.connect("clicked", self._sendRequest, export_request)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
self.pack_start(hbox, False, False, padding=5)
hbox.show()
if withAudit:
# Add everything I need for the audit request thing:
# The button that shows the menu
b = SemiStockButton("", gtk.STOCK_EXECUTE, _("Audit Request with..."))
b.connect("button-release-event", self._popupMenu)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
# The throbber (hidden!)
self.throbber = helpers.Throbber()
hbox.pack_start(self.throbber, True, True)
self.pack_start(hbox, False, False, padding=5)
hbox.show()
def _popupMenu(self, widget, event):
'''Show a Audit popup menu.'''
_time = event.time
# Get the information about the click
#requestId = self._lstore[path][0]
# Create the popup menu
gm = gtk.Menu()
pluginType = "audit"
for pluginName in sorted(self.w3af.getPluginList(pluginType)):
e = gtk.MenuItem(pluginName)
e.connect('activate', self._auditRequest, pluginName, pluginType)
gm.append(e)
# Add a separator
gm.append(gtk.SeparatorMenuItem())
# Add a special item
e = gtk.MenuItem('All audit plugins')
e.connect('activate', self._auditRequest, 'All audit plugins',
'audit_all')
gm.append(e)
# show
gm.show_all()
gm.popup(None, None, None, event.button, _time)
def _auditRequest(self, menuItem, pluginName, pluginType):
"""
Audit a request using one or more plugins.
@parameter menuItem: The name of the audit plugin, or the 'All audit plugins' wildcard
@parameter pluginName: The name of the plugin
@parameter pluginType: The type of plugin
@return: None
"""
# We show a throbber, and start it
self.throbber.show()
self.throbber.running(True)
request = self.request.getObject()
# Now I start the analysis of this request in a new thread,
# threading game (copied from craftedRequests)
event = threading.Event()
impact = ThreadedURLImpact(self.w3af, request, pluginName, pluginType, event)
impact.start()
gobject.timeout_add(200, self._impactDone, event, impact)
def _impactDone(self, event, impact):
# Keep calling this from timeout_add until isSet
if not event.isSet():
return True
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
# Analyze the impact
if impact.ok:
# Lets check if we found any vulnerabilities
#
# TODO: I should actually show ALL THE REQUESTS generated by audit plugins...
# not just the ones with vulnerabilities.
#
for result in impact.result:
for itemId in result.getId():
historyItem = HistoryItem()
historyItem.load(itemId)
historyItem.updateTag(historyItem.tag + result.plugin_name)
historyItem.info = result.getDesc()
historyItem.save()
else:
if impact.exception.__class__ == w3afException:
msg = str(impact.exception)
elif impact.exception.__class__ == w3afMustStopException:
msg = "Stopped sending requests because " + str(impact.exception)
else:
raise impact.exception
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
gtk.gdk.threads_enter()
helpers.friendlyException(msg)
gtk.gdk.threads_leave()
return False
def _sendRequest(self, widg, func):
"""Sends the texts to the manual or fuzzy request.
@param func: where to send the request.
"""
headers,data = self.request.getBothTexts()
func(self.w3af, (headers,data))
def _sendReqResp(self, widg):
"""Sends the texts to the compare tool."""
headers,data = self.request.getBothTexts()
self.w3af.mainwin.commCompareTool((headers, data,\
self.response.getObject()))
def set_sensitive(self, how):
"""Sets the pane on/off."""
self.request.set_sensitive(how)
self.response.set_sensitive(how)