def _createFileNameMutants( freq, mutantClass, mutant_str_list, fuzzableParamList , append ):
'''
@parameter freq: A fuzzable request with a dataContainer inside.
@parameter mutantClass: The class to use to create the mutants
@parameter fuzzableParamList: What parameters should be fuzzed
@parameter append: True/False, if we should append the value or replace it.
@parameter mutant_str_list: a list with mutant strings to use
@return: Mutants that have the filename URL changed with the strings at mutant_str_list
>>> from core.data.parsers.urlParser import url_object
>>> from core.data.request.fuzzableRequest import fuzzableRequest
>>> url = url_object('http://www.w3af.com/abc/def.html')
>>> fr = fuzzableRequest()
>>> fr.setURL( url )
>>> mutant_list = _createFileNameMutants( fr, mutantFileName, ['ping!','pong-'], [], False )
>>> [ m.getURL().url_string for m in mutant_list]
['http://www.w3af.com/abc/ping%21.html', 'http://www.w3af.com/abc/pong-.html', 'http://www.w3af.com/abc/def.ping%21', 'http://www.w3af.com/abc/def.pong-']
>>> mutant_list = _createFileNameMutants( fr, mutantFileName, ['/etc/passwd',], [], False )
>>> [ m.getURL().url_string for m in mutant_list]
['http://www.w3af.com/abc/%2Fetc%2Fpasswd.html', 'http://www.w3af.com/abc//etc/passwd.html', 'http://www.w3af.com/abc/def.%2Fetc%2Fpasswd', 'http://www.w3af.com/abc/def./etc/passwd']
'''
res = []
fileName = freq.getURL().getFileName()
splittedFileName = [ x for x in re.split( r'([a-zA-Z0-9]+)', fileName ) if x != '' ]
for i in xrange( len( splittedFileName ) ):
for mutant_str in mutant_str_list:
if re.match('[a-zA-Z0-9]', splittedFileName[i] ):
divided_file_name = dc()
divided_file_name['start'] = ''.join( splittedFileName[: i] )
if append:
divided_file_name['fuzzedFname'] = splittedFileName[i] + urllib.quote_plus( mutant_str )
else:
divided_file_name['fuzzedFname'] = urllib.quote_plus( mutant_str )
divided_file_name['end'] = ''.join( splittedFileName[i+1:] )
freq_copy = freq.copy()
freq_copy.setURL( freq.getURL() )
# Create the mutant
m = mutantClass( freq_copy )
m.setOriginalValue( splittedFileName[i] )
m.setVar( 'fuzzedFname' )
m._mutant_dc = divided_file_name
m.setModValue( mutant_str )
# Special for filename fuzzing and some configurations of mod_rewrite
m.setDoubleEncoding( False )
res.append( m )
# The same but with a different type of encoding! (mod_rewrite)
m2 = m.copy()
m2.setSafeEncodeChars('/')
if m2.getURL() != m.getURL():
res.append( m2 )
return res
def __init__(self):
# Internal variables
self._url = None
self._uri = None
self._method = "GET"
self._data = ""
self._headers = {}
self._cookie = None
self._dc = dc()
# Set the internal variables
self._sent_information_comparable = None
def __init__(self):
# Internal variables
self._url = None
self._uri = None
self._method = 'GET'
self._data = ''
self._headers = {}
self._cookie = None
self._dc = dc()
# Set the internal variables
self._sent_information_comparable = None
def _createFileNameMutants(freq, mutantClass, mutant_str_list,
fuzzableParamList, append):
'''
@parameter freq: A fuzzable request with a dataContainer inside.
@parameter mutantClass: The class to use to create the mutants
@parameter fuzzableParamList: What parameters should be fuzzed
@parameter append: True/False, if we should append the value or replace it.
@parameter mutant_str_list: a list with mutant strings to use
@return: Mutants that have the filename URL changed with the strings at mutant_str_list
>>> from core.data.parsers.urlParser import url_object
>>> from core.data.request.fuzzableRequest import fuzzableRequest
>>> url = url_object('http://www.w3af.com/abc/def.html')
>>> fr = fuzzableRequest()
>>> fr.setURL( url )
>>> mutant_list = _createFileNameMutants( fr, mutantFileName, ['ping!','pong-'], [], False )
>>> [ m.getURL().url_string for m in mutant_list]
['http://www.w3af.com/abc/ping%21.html', 'http://www.w3af.com/abc/pong-.html', 'http://www.w3af.com/abc/def.ping%21', 'http://www.w3af.com/abc/def.pong-']
>>> mutant_list = _createFileNameMutants( fr, mutantFileName, ['/etc/passwd',], [], False )
>>> [ m.getURL().url_string for m in mutant_list]
['http://www.w3af.com/abc/%2Fetc%2Fpasswd.html', 'http://www.w3af.com/abc//etc/passwd.html', 'http://www.w3af.com/abc/def.%2Fetc%2Fpasswd', 'http://www.w3af.com/abc/def./etc/passwd']
'''
res = []
fileName = freq.getURL().getFileName()
splittedFileName = [
x for x in re.split(r'([a-zA-Z0-9]+)', fileName) if x != ''
]
for i in xrange(len(splittedFileName)):
for mutant_str in mutant_str_list:
if re.match('[a-zA-Z0-9]', splittedFileName[i]):
divided_file_name = dc()
divided_file_name['start'] = ''.join(splittedFileName[:i])
if append:
divided_file_name['fuzzedFname'] = splittedFileName[
i] + urllib.quote_plus(mutant_str)
else:
divided_file_name['fuzzedFname'] = urllib.quote_plus(
mutant_str)
divided_file_name['end'] = ''.join(splittedFileName[i + 1:])
freq_copy = freq.copy()
freq_copy.setURL(freq.getURL())
# Create the mutant
m = mutantClass(freq_copy)
m.setOriginalValue(splittedFileName[i])
m.setVar('fuzzedFname')
m._mutant_dc = divided_file_name
m.setModValue(mutant_str)
# Special for filename fuzzing and some configurations of mod_rewrite
m.setDoubleEncoding(False)
res.append(m)
# The same but with a different type of encoding! (mod_rewrite)
m2 = m.copy()
m2.setSafeEncodeChars('/')
if m2.getURL() != m.getURL():
res.append(m2)
return res