Beispiel #1
0
 def toggle_bookmark(self, cell, path, model):
     """Toggle bookmark."""
     model[path][1] = not model[path][1]
     historyItem = HistoryItem()
     historyItem.load(model[path][0])
     historyItem.toggle_mark(True)
     return
Beispiel #2
0
    def __init__(self,
                 w3af,
                 request_id,
                 enableWidget=None,
                 withManual=True,
                 withFuzzy=True,
                 withCompare=True,
                 withAudit=True,
                 editableRequest=False,
                 editableResponse=False,
                 widgname="default"):

        # Create the window
        RememberingWindow.__init__(self, w3af, "reqResWin",
                                   _("w3af - HTTP Request/Response"),
                                   "Browsing_the_Knowledge_Base")

        # Create the request response viewer
        rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy,
                                withCompare, withAudit, editableRequest,
                                editableResponse, widgname)

        # Search the id in the DB
        historyItem = HistoryItem()
        historyItem.load(request_id)

        # Set
        rrViewer.request.show_object(historyItem.request)
        rrViewer.response.show_object(historyItem.response)
        rrViewer.show()
        self.vbox.pack_start(rrViewer)

        # Show the window
        self.show()
Beispiel #3
0
 def toggle_bookmark(self, cell, path, model):
     """Toggle bookmark."""
     model[path][1] = not model[path][1]
     historyItem = HistoryItem()
     historyItem.load(model[path][0])
     historyItem.toggle_mark(True)
     return
Beispiel #4
0
 def edit_tag(self, cell, path, new_text, model):
     """Edit tag."""
     model[path][4] = new_text
     historyItem = HistoryItem()
     historyItem.load(model[path][0])
     historyItem.update_tag(new_text, True)
     return
Beispiel #5
0
 def edit_tag(self, cell, path, new_text, model):
     """Edit tag."""
     model[path][4] = new_text
     historyItem = HistoryItem()
     historyItem.load(model[path][0])
     historyItem.update_tag(new_text, True)
     return
Beispiel #6
0
    def __init__(self, w3af, request_id, enableWidget=None, withManual=True,
                 withFuzzy=True, withCompare=True, withAudit=True, editableRequest=False,
                 editableResponse=False, widgname="default"):

        # Create the window
        RememberingWindow.__init__(self, w3af, "reqResWin",
                                   _("w3af - HTTP Request/Response"),
                                   "Browsing_the_Knowledge_Base")

        # Create the request response viewer
        rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy,
                                withCompare, withAudit, editableRequest,
                                editableResponse, widgname)

        # Search the id in the DB
        historyItem = HistoryItem()
        historyItem.load(request_id)

        # Set
        rrViewer.request.show_object(historyItem.request)
        rrViewer.response.show_object(historyItem.response)
        rrViewer.show()
        self.vbox.pack_start(rrViewer)

        # Show the window
        self.show()
Beispiel #7
0
 def test_save_load(self):
     i = random.randint(1, 499)
     url = URL('http://w3af.com/a/b/c.php')
     request = HTTPRequest(url, data='a=1')
     hdr = Headers([('Content-Type', 'text/html')])
     res = HTTPResponse(200, '<html>', hdr, url, url)
     h1 = HistoryItem()
     h1.request = request
     res.set_id(i)
     h1.response = res
     h1.save()
     h2 = HistoryItem()
     h2.load(i)
     self.assertEqual(h1.request, h2.request)
     self.assertEqual(h1.response.body, h2.response.body)
Beispiel #8
0
 def test_save_load(self):
     i = random.randint(1, 499)
     url = URL('http://w3af.com/a/b/c.php')
     request = HTTPRequest(url, data='a=1')
     hdr = Headers([('Content-Type', 'text/html')])
     res = HTTPResponse(200, '<html>', hdr, url, url)
     h1 = HistoryItem()
     h1.request = request
     res.set_id(i)
     h1.response = res
     h1.save()
     h2 = HistoryItem()
     h2.load(i)
     self.assertEqual(h1.request, h2.request)
     self.assertEqual(h1.response.body, h2.response.body)
Beispiel #9
0
    def _impact_done(self, event, impact):
        # Keep calling this from timeout_add until isSet
        if not event.isSet():
            return True
        # We stop the throbber, and hide it
        self.throbber.hide()
        self.throbber.running(False)

        # Analyze the impact
        if impact.ok:
            #   Lets check if we found any vulnerabilities
            #
            #   TODO: I should actually show ALL THE REQUESTS generated by
            #         audit plugins... not just the ones with vulnerabilities.
            #
            for result in impact.result:
                if result.get_id() is None:
                    continue

                for itemId in result.get_id():
                    historyItem = HistoryItem()
                    historyItem.load(itemId)
                    historyItem.update_tag(historyItem.tag +
                                           result.plugin_name)
                    historyItem.info = result.get_desc()
                    historyItem.save()
        else:
            if isinstance(impact.exception, HTTPRequestException):
                msg = 'Exception found while sending HTTP request. Original' \
                      ' exception is: "%s"' % impact.exception
            elif isinstance(impact.exception, ScanMustStopException):
                msg = 'Multiple exceptions found while sending HTTP requests.' \
                      ' Exception: "%s"' % impact.exception
            elif isinstance(impact.exception, BaseFrameworkException):
                msg = str(impact.exception)
            else:
                raise impact.exception

            # We stop the throbber, and hide it
            self.throbber.hide()
            self.throbber.running(False)
            gtk.gdk.threads_enter()
            helpers.FriendlyExceptionDlg(msg)
            gtk.gdk.threads_leave()

        return False
Beispiel #10
0
    def _impact_done(self, event, impact):
        # Keep calling this from timeout_add until isSet
        if not event.isSet():
            return True
        # We stop the throbber, and hide it
        self.throbber.hide()
        self.throbber.running(False)

        # Analyze the impact
        if impact.ok:
            #   Lets check if we found any vulnerabilities
            #
            #   TODO: I should actually show ALL THE REQUESTS generated by
            #         audit plugins... not just the ones with vulnerabilities.
            #
            for result in impact.result:
                if result.get_id() is None:
                    continue

                for itemId in result.get_id():
                    history_item = HistoryItem()
                    history_item.load(itemId)
                    history_item.update_tag(history_item.tag + result.plugin_name)
                    history_item.info = result.get_desc()
                    history_item.save()
        else:
            if isinstance(impact.exception, HTTPRequestException):
                msg = 'Exception found while sending HTTP request. Original' \
                      ' exception is: "%s"' % impact.exception
            elif isinstance(impact.exception, ScanMustStopException):
                msg = 'Multiple exceptions found while sending HTTP requests.' \
                      ' Exception: "%s"' % impact.exception
            elif isinstance(impact.exception, BaseFrameworkException):
                msg = str(impact.exception)
            else:
                raise impact.exception

            # We stop the throbber, and hide it
            self.throbber.hide()
            self.throbber.running(False)
            gtk.gdk.threads_enter()
            helpers.FriendlyExceptionDlg(msg)
            gtk.gdk.threads_leave()

        return False
Beispiel #11
0
    def test_save_load_unicode_decode_error(self):
        url = URL('http://w3af.com/a/b/é.php?x=á')
        request = HTTPRequest(url, data='a=1')
        headers = Headers([('Content-Type', 'text/html')])

        res = HTTPResponse(200, '<html>', headers, url, url)
        res.set_id(1)

        h1 = HistoryItem()
        h1.request = request
        h1.response = res
        h1.save()

        h2 = HistoryItem()
        h2.load(1)

        self.assertEqual(h1.request.to_dict(), h2.request.to_dict())
        self.assertEqual(h1.response.body, h2.response.body)
        self.assertEqual(h1.request.url_object, h2.request.url_object)
Beispiel #12
0
    def test_save_load_unicode_decode_error(self):
        url = URL('http://w3af.com/a/b/é.php?x=á')
        request = HTTPRequest(url, data='a=1')
        headers = Headers([('Content-Type', 'text/html')])

        res = HTTPResponse(200, '<html>', headers, url, url)
        res.set_id(1)

        h1 = HistoryItem()
        h1.request = request
        h1.response = res
        h1.save()

        h2 = HistoryItem()
        h2.load(1)

        self.assertEqual(h1.request, h2.request)
        self.assertEqual(h1.response.body, h2.response.body)
        self.assertEqual(h1.request.url_object, h2.request.url_object)
Beispiel #13
0
    def _impact_done(self, event, impact):
        # Keep calling this from timeout_add until isSet
        if not event.isSet():
            return True
        # We stop the throbber, and hide it
        self.throbber.hide()
        self.throbber.running(False)
        # Analyze the impact
        if impact.ok:
            #   Lets check if we found any vulnerabilities
            #
            #   TODO: I should actually show ALL THE REQUESTS generated by audit plugins...
            #               not just the ones with vulnerabilities.
            #
            for result in impact.result:

                # TODO: I'm not sure when this is None bug it appeared in Trac bug #167736
                if result.get_id() is not None:
                    for itemId in result.get_id():
                        historyItem = HistoryItem()
                        historyItem.load(itemId)
                        historyItem.update_tag(
                            historyItem.tag + result.plugin_name)
                        historyItem.info = result.get_desc()
                        historyItem.save()
        else:
            if impact.exception.__class__ == BaseFrameworkException:
                msg = str(impact.exception)
            elif impact.exception.__class__ == ScanMustStopException:
                msg = "Stopped sending requests because " + \
                    str(impact.exception)
            elif impact.exception.__class__ == ScanMustStopOnUrlError:
                msg = "Not sending requests because " + str(impact.exception)
            else:
                raise impact.exception
            # We stop the throbber, and hide it
            self.throbber.hide()
            self.throbber.running(False)
            gtk.gdk.threads_enter()
            helpers.FriendlyExceptionDlg(msg)
            gtk.gdk.threads_leave()
        return False
Beispiel #14
0
    def _impact_done(self, event, impact):
        # Keep calling this from timeout_add until isSet
        if not event.isSet():
            return True
        # We stop the throbber, and hide it
        self.throbber.hide()
        self.throbber.running(False)
        # Analyze the impact
        if impact.ok:
            #   Lets check if we found any vulnerabilities
            #
            #   TODO: I should actually show ALL THE REQUESTS generated by audit plugins...
            #               not just the ones with vulnerabilities.
            #
            for result in impact.result:

                # TODO: I'm not sure when this is None bug it appeared in Trac bug #167736
                if result.get_id() is not None:
                    for itemId in result.get_id():
                        historyItem = HistoryItem()
                        historyItem.load(itemId)
                        historyItem.update_tag(historyItem.tag +
                                               result.plugin_name)
                        historyItem.info = result.get_desc()
                        historyItem.save()
        else:
            if impact.exception.__class__ == BaseFrameworkException:
                msg = str(impact.exception)
            elif impact.exception.__class__ == ScanMustStopException:
                msg = "Stopped sending requests because " + \
                    str(impact.exception)
            elif impact.exception.__class__ == ScanMustStopOnUrlError:
                msg = "Not sending requests because " + str(impact.exception)
            else:
                raise impact.exception
            # We stop the throbber, and hide it
            self.throbber.hide()
            self.throbber.running(False)
            gtk.gdk.threads_enter()
            helpers.FriendlyExceptionDlg(msg)
            gtk.gdk.threads_leave()
        return False
Beispiel #15
0
    def test_tag(self):
        tag_id = random.randint(501, 999)
        tag_value = rand_alnum(10)
        url = URL('http://w3af.org/a/b/c.php')

        for i in xrange(501, 1000):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == tag_id:
                h1.update_tag(tag_value)
            h1.save()

        h2 = HistoryItem()
        h2.load(tag_id)
        self.assertEqual(h2.tag, tag_value)
Beispiel #16
0
 def test_history_access(self):
     self.count_plugin.loops = 1
     self.w3afcore.start()
     
     history_item = HistoryItem() 
     self.assertTrue(history_item.load(1))
     self.assertEqual(history_item.id, 1)
     self.assertEqual(history_item.get_request().get_uri().url_string,
                      get_moth_http())
     self.assertEqual(history_item.get_response().get_uri().url_string,
                      get_moth_http())
Beispiel #17
0
    def test_tag(self):
        tag_id = random.randint(501, 999)
        tag_value = rand_alnum(10)
        url = URL('http://w3af.org/a/b/c.php')

        for i in xrange(501, 1000):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == tag_id:
                h1.update_tag(tag_value)
            h1.save()

        h2 = HistoryItem()
        h2.load(tag_id)
        self.assertEqual(h2.tag, tag_value)
Beispiel #18
0
    def test_history_access(self):
        self.count_plugin.loops = 1
        self.w3afcore.start()

        history_item = HistoryItem()
        self.assertTrue(history_item.load(1))
        self.assertEqual(history_item.id, 1)
        self.assertEqual(history_item.get_request().get_uri().url_string,
                         get_moth_http())
        self.assertEqual(history_item.get_response().get_uri().url_string,
                         get_moth_http())
Beispiel #19
0
    def test_save_load_compressed(self):
        force_compression_count = HistoryItem._UNCOMPRESSED_FILES + HistoryItem._COMPRESSED_FILE_BATCH
        force_compression_count += 150

        url = URL('http://w3af.com/a/b/c.php')
        headers = Headers([('Content-Type', 'text/html')])
        body = '<html>' + LOREM * 20

        for i in xrange(1, force_compression_count):
            request = HTTPRequest(url, data='a=%s' % i)

            response = HTTPResponse(200, body, headers, url, url)
            response.set_id(i)

            h = HistoryItem()
            h.request = request
            h.response = response
            h.save()

        compressed_file = os.path.join(h.get_session_dir(), '1-150.zip')
        self.assertTrue(os.path.exists(compressed_file))

        compressed_file_temp = os.path.join(h.get_session_dir(),
                                            '1-150.zip.tmp')
        self.assertFalse(os.path.exists(compressed_file_temp))

        expected_files = [
            '%s.trace' % i
            for i in range(1, HistoryItem._COMPRESSED_FILE_BATCH + 1)
        ]

        _zip = zipfile.ZipFile(compressed_file, mode='r')
        self.assertEqual(_zip.namelist(), expected_files)

        for i in xrange(1, 100):
            h = HistoryItem()
            h.load(i)

            self.assertEqual(h.request.get_uri(), url)
            self.assertEqual(h.response.get_headers(), headers)
            self.assertEqual(h.response.get_body(), body)
Beispiel #20
0
    def test_mark(self):
        mark_id = 3
        url = URL('http://w3af.org/a/b/c.php')
        
        for i in xrange(0, 500):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == mark_id:
                h1.toggle_mark()
            h1.save()

        h2 = HistoryItem()
        h2.load(mark_id)
        self.assertTrue(h2.mark)

        h3 = HistoryItem()
        h3.load(mark_id-1)
        self.assertFalse(h3.mark)
Beispiel #21
0
    def test_mark(self):
        mark_id = 3
        url = URL('http://w3af.org/a/b/c.php')

        for i in xrange(0, 500):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == mark_id:
                h1.toggle_mark()
            h1.save()

        h2 = HistoryItem()
        h2.load(mark_id)
        self.assertTrue(h2.mark)

        h3 = HistoryItem()
        h3.load(mark_id - 1)
        self.assertFalse(h3.mark)