def get_expired_cookies( cookies: str, now: float = None ) -> List[dict]: now = now or time.time() def is_expired(expires: Optional[float]) -> bool: return expires is not None and expires <= now attr_sets: List[Tuple[str, str]] = parse_ns_headers( split_cookies(cookies) ) cookies = [ # The first attr name is the cookie name. dict(attrs[1:], name=attrs[0][0]) for attrs in attr_sets ] _max_age_to_expires(cookies=cookies, now=now) return [ { 'name': cookie['name'], 'path': cookie.get('path', '/') } for cookie in cookies if is_expired(expires=cookie.get('expires')) ]
def merge_cookies_into_session(cookies_input): jar = _context.session.cookies if isinstance(cookies_input, list): for item in cookies_input: cookie = Cookie( 0, item['name'], item['value'], None, False, item['domain'], True, bool(item['domain'].startswith(".")), item['path'], True, item['secure'], None, False, "", "", {}, ) logging.debug("Set cookie into context: %r", cookie) jar.set_cookie(cookie) else: attrs_set = parse_ns_headers(cookies_input.split('; ')) merge_cookies( jar, cookiejar_from_dict({x[0][0]: x[0][1] for x in attrs_set}))
def make_cookies(self, response, request): import time from http.cookiejar import split_header_words,_warn_unhandled_exception,parse_ns_headers """Return sequence of Cookie objects extracted from response object.""" # get cookie-attributes for RFC 2965 and Netscape protocols headers = response.info() rfc2965_hdrs = headers.get_list("Set-Cookie2") ns_hdrs = headers.get_list("Set-Cookie") self._policy._now = self._now = int(time.time()) rfc2965 = self._policy.rfc2965 netscape = self._policy.netscape if ((not rfc2965_hdrs and not ns_hdrs) or (not ns_hdrs and not rfc2965) or (not rfc2965_hdrs and not netscape) or (not netscape and not rfc2965)): return [] # no relevant cookie headers: quick exit try: cookies = self._cookies_from_attrs_set( split_header_words(rfc2965_hdrs), request) except Exception: _warn_unhandled_exception() cookies = [] if ns_hdrs and netscape: try: # RFC 2109 and Netscape cookies ns_cookies = self._cookies_from_attrs_set( parse_ns_headers(ns_hdrs), request) except Exception: _warn_unhandled_exception() ns_cookies = [] self._process_rfc2109_cookies(ns_cookies) # Look for Netscape cookies (from Set-Cookie headers) that match # corresponding RFC 2965 cookies (from Set-Cookie2 headers). # For each match, keep the RFC 2965 cookie and ignore the Netscape # cookie (RFC 2965 section 9.1). Actually, RFC 2109 cookies are # bundled in with the Netscape cookies for this purpose, which is # reasonable behaviour. if rfc2965: lookup = {} for cookie in cookies: lookup[(cookie.domain, cookie.path, cookie.name)] = None def no_matching_rfc2965(ns_cookie, lookup=lookup): key = ns_cookie.domain, ns_cookie.path, ns_cookie.name return key not in lookup ns_cookies = filter(no_matching_rfc2965, ns_cookies) if ns_cookies: cookies.extend(ns_cookies) return cookies
def get_expired_cookies(headers: List[Tuple[str, str]], now: float = None) -> List[dict]: now = now or time.time() attr_sets: List[Tuple[str, str]] = parse_ns_headers( value for name, value in headers if name.lower() == 'set-cookie') cookies = [ # The first attr name is the cookie name. dict(attrs[1:], name=attrs[0][0]) for attrs in attr_sets ] return [{ 'name': cookie['name'], 'path': cookie.get('path', '/') } for cookie in cookies if cookie.get('expires', float('Inf')) <= now]
def parse_cookies(self, response): # get cookie-attributes for RFC 2965 and Netscape protocols headers = response.headers ns_headers = headers.get_list("Set-Cookie") if not ns_headers: return [] try: cookies_tuple = self._normalized_cookie_tuples(cookiejar.parse_ns_headers(ns_headers)) return [self._cookie_from_cookie_tuple(cookie_tuple, response) for cookie_tuple in cookies_tuple] except Exception as e: _logger.warning("Unexpected error: %r", e) return []
def _bake_cookies(self): resp = self._get_resp(self.path) cookie_match = self.COOKIE_RE.search(resp.text) if not cookie_match: print('No apparent initialization cookie') return attrs = parse_ns_headers([cookie_match[1]]) jar: RequestsCookieJar = self._rsession.cookies req = MockRequest(resp.request) cookies = jar._cookies_from_attrs_set(attrs, req) for cookie in cookies: jar.set_cookie(cookie) print('Cookies set: ' + ', '.join(jar.keys()))
def get_expired_cookies(headers: List[Tuple[str, str]], now: float = None) -> List[dict]: now = now or time.time() def is_expired(expires: Optional[float]) -> bool: return expires is not None and expires <= now attr_sets: List[Tuple[str, str]] = parse_ns_headers( value for name, value in headers if name.lower() == 'set-cookie') cookies = [ # The first attr name is the cookie name. dict(attrs[1:], name=attrs[0][0]) for attrs in attr_sets ] return [{ 'name': cookie['name'], 'path': cookie.get('path', '/') } for cookie in cookies if is_expired(expires=cookie.get('expires'))]
"-fp", help= "Filters out parameters from being used on the scan, use on global params across the site (e.g. -fp err,username)" ) parser.add_argument( "-hi", help= "-hi FILENAME (collects hidden input types from HTML source code and writes them to the specified file for either further scanning.)" ) parser.add_argument("-bc", help="-bc [BURP COLLABORATOR PAYLOAD] (tests for SSRF)") args = parser.parse_args() if args.cookie: cookie_array = str(args.cookie).split(";") cookies = dict(res[0] for res in cookielib.parse_ns_headers(cookie_array)) print(cookies) ThreadedStart.auth_cookie = cookies if args.t: ThreadedStart.number_of_threads = int(args.t) if args.mode: ThreadedStart.mode = int(args.mode) if not args.e: print( "You need to specify a txt file at -e for your endpoints you want to scan." ) sys.exit(0)