Beispiel #1
0
    def get_http_auth_type(url, headers={}):
        headers['User-Agent'] = USER_AGENT
        try:
            r = requests.get(url,
                             verify=False,
                             headers=headers,
                             timeout=Globals.timeout)
        except Exception as e:
            raise RequestException('Network error: {}'.format(e))

        if r.status_code == 401:
            if 'WWW-Authenticate' not in r.headers:
                raise RequestException(
                    'HTTP Authentication type cannot be determined '
                    'because there is no response header "WWW-Authenticate"')
            respheader = r.headers['WWW-Authenticate'].lower()
            if 'basic' in respheader:
                return AuthMode.BASIC
            elif 'digest' in respheader:
                return AuthMode.DIGEST
            elif 'ntlm' in respheader:
                return AuthMode.NTLM
            else:
                return AuthMode.UNKNOWN
        else:
            return AuthMode.UNKNOWN
Beispiel #2
0
    def try_auth(self, username, password):
        if self.interface == 'admin-console':
            # We need to retrieve ViewState value
            r = Requester.get(self.interface_url)
            m = re.search('<input type="hidden" name="javax\.faces\.ViewState" ' \
                'id="javax\.faces\.ViewState" value="(?P<viewstate>.*?)"', r.text)
            if not m:
                raise RequestException(
                    'Unable to retrieve ViewState from {}'.format(
                        self.interface_url))

            data = OrderedDict([
                ("login_form", "login_form"),
                ("login_form:name", username),
                ("login_form:password", password),
                ("login_form:submit", "Login"),
                ("javax.faces.ViewState", m.group('viewstate')),
            ])
            # We also need to retrieve JSESSIONID value
            m = re.search(
                r'JSESSIONID=(?P<jsessionid>.*); Path=\/admin-console',
                r.headers['Set-Cookie'])
            if not m:
                raise RequestException('Unable to retrieve JSESSIONID value ' \
                    'from {}'.format(self.interface_url))

            r = Requester.post(self.interface_url,
                               data,
                               headers={
                                   'Cookie':
                                   'JSESSIONID={}'.format(
                                       m.group('jsessionid'))
                               },
                               allow_redirects=False)

            status = ('name="login_form:password"' not in r.text \
                and 'Not logged in' not in r.text)
            return status

        elif self.interface == 'jmx-console':
            r = Requester.http_auth(self.interface_url, self.http_auth_type,
                                    username, password)
            return (r.status_code != 401)

        elif self.interface == 'management':
            r = Requester.http_auth(self.interface_url, self.http_auth_type,
                                    username, password)
            return (r.status_code != 401)

        elif self.interface == 'web-console':
            r = Requester.http_auth(self.interface_url, self.http_auth_type,
                                    username, password)
            return (r.status_code != 401)

        else:
            raise AuthException(
                'No auth interface found during initialization')
 def post(url, data, headers={}, allow_redirects=True):
     headers['User-Agent'] = USER_AGENT
     try:
         r = requests.post(url, data=data, 
             verify=False, headers=headers, timeout=Globals.timeout,
             allow_redirects=allow_redirects)
         return r
     except Exception as e:
         raise RequestException('Network error: {}'.format(e))
Beispiel #4
0
 def _get_salt(self, url):
     r = Requester.get(url)
     m = re.search(
         '<input name="salt" type="hidden" value="(?P<salt>\S+?)">', r.text)
     if not m:
         raise RequestException(
             'Unable to retrieve salt from {}'.format(url))
     else:
         return m.group('salt')
Beispiel #5
0
 def get(url, params={}, headers={}, cookies=None, allow_redirects=True):
     headers['User-Agent'] = USER_AGENT
     try:
         r = requests.get(url,
                          params=params,
                          headers=headers,
                          cookies=cookies,
                          verify=False,
                          timeout=Globals.timeout,
                          allow_redirects=allow_redirects)
         return r
     except Exception as e:
         raise RequestException('Network error: {}'.format(e))
    def http_auth(url, auth_type, username, password, headers={}):
        if auth_type == AuthMode.BASIC:
            auth = requests.auth.HTTPBasicAuth(username, password)
        elif auth_type == AuthMode.DIGEST:
            auth = requests.auth.HTTPDigestAuth(username, password)
        elif auth_type == AuthMode.NTLM:
            auth = requests_ntlm.HttpNtlmAuth(username, password)
        else:
            return None

        headers['User-Agent'] = USER_AGENT
        try:
            r = requests.get(url, headers=headers, auth=auth, 
                    verify=False, timeout=Globals.timeout)
            return r
        except Exception as e:
            raise RequestException('Network error: {}'.format(e))