def test_get_clean_body_max_escape_count(self):
# This payload has one of each special char that will be encoded
payload = ' '.join(SPECIAL_CHARS)
body = 'abc %s def' % urllib.quote_plus(payload)
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url)
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [],
False, {})
mutant = created_mutants[0]
tests = [(False, 1),
(False, 3),
(True, 1000),
(True, None)]
for expected_result, max_escape_count in tests:
clean_body = get_clean_body(mutant,
response,
max_escape_count=max_escape_count)
self.assertIsInstance(clean_body, unicode)
if expected_result:
msg = 'Failed in round (%s - %s), clean body is: "%s"'
args = (expected_result, max_escape_count, clean_body)
self.assertEqual(clean_body, 'abc def', msg % args)
else:
msg = 'Failed in round (%s - %s), clean body is: "%s"'
args = (expected_result, max_escape_count, clean_body)
self.assertEqual(clean_body, body, msg % args)
def test_get_clean_body_max_escape_count(self):
# This payload has one of each special char that will be encoded
payload = ' '.join(SPECIAL_CHARS)
body = 'abc %s def' % urllib.quote_plus(payload)
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url)
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [], False,
{})
mutant = created_mutants[0]
tests = [(False, 1), (False, 3), (True, 1000), (True, None)]
for expected_result, max_escape_count in tests:
clean_body = get_clean_body(mutant,
response,
max_escape_count=max_escape_count)
self.assertIsInstance(clean_body, unicode)
if expected_result:
msg = 'Failed in round (%s - %s), clean body is: "%s"'
args = (expected_result, max_escape_count, clean_body)
self.assertEqual(clean_body, 'abc def', msg % args)
else:
msg = 'Failed in round (%s - %s), clean body is: "%s"'
args = (expected_result, max_escape_count, clean_body)
self.assertEqual(clean_body, body, msg % args)
def test_get_clean_body_encoded_find_special_char_fail(self):
for char in SPECIAL_CHARS:
payload = 'x%sy' % char
body = 'abc %s def' % urllib.quote_plus(payload)
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200,
body,
headers,
url,
url,
charset='utf-8')
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(
freq, [payload], [], False, {})
mutant = created_mutants[0]
clean_body = get_clean_body(mutant, response)
msg = 'Failed for payload %r and body %r'
args = (payload, body)
self.assertEqual(clean_body, 'abc def', msg % args)
self.assertIsInstance(clean_body, unicode)
def send_clean(self, mutant):
"""
Sends a mutant to the network (without using the cache) and then returns
the HTTP response object and a sanitized response body (which doesn't
contain any traces of the injected payload).
The sanitized version is useful for having clean comparisons between two
responses that were generated with different mutants.
:param mutant: The mutant to send to the network.
:return: (HTTP response,
Sanitized HTTP response body)
"""
http_response = self.send_mutant(mutant, cache=False)
clean_body = get_clean_body(mutant, http_response)
return http_response, clean_body
def send_clean(self, mutant):
"""
Sends a mutant to the network (without using the cache) and then returns
the HTTP response object and a sanitized response body (which doesn't
contain any traces of the injected payload).
The sanitized version is useful for having clean comparisons between two
responses that were generated with different mutants.
:param mutant: The mutant to send to the network.
:return: (HTTP response,
Sanitized HTTP response body)
"""
http_response = self.send_mutant(mutant, cache=False)
clean_body = get_clean_body(mutant, http_response)
return http_response, clean_body
def test_get_clean_body_double_encoded(self):
payload = 'hello/world'
body = 'abc %s def' % urllib.quote_plus(urllib.quote_plus(payload))
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url)
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [],
False, {})
mutant = created_mutants[0]
clean_body = get_clean_body(mutant, response)
self.assertEqual(clean_body, 'abc def')
self.assertIsInstance(clean_body, unicode)
def test_get_clean_body_simple(self):
payload = 'payload'
body = 'abc %s def' % payload
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url)
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [],
False, {})
mutant = created_mutants[0]
clean_body = get_clean_body(mutant, response)
self.assertEqual(clean_body, body.replace(payload, ''))
self.assertIsInstance(clean_body, unicode)
def test_get_clean_body_encoded_upper_case(self):
payload = 'hello/world'
# uppercase here!
body = 'abc %s def' % urllib.urlencode({'a': payload})
body = body.replace('%2f', '%2F')
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url)
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [],
False, {})
mutant = created_mutants[0]
clean_body = get_clean_body(mutant, response)
self.assertEqual(clean_body, 'abc a= def')
self.assertIsInstance(clean_body, unicode)
def test_get_clean_body_encoded_find_special_char_fail(self):
for char in SPECIAL_CHARS:
payload = 'x%sy' % char
body = 'abc %s def' % urllib.quote_plus(payload)
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url, charset='utf-8')
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [],
False, {})
mutant = created_mutants[0]
clean_body = get_clean_body(mutant, response)
msg = 'Failed for payload %r and body %r'
args = (payload, body)
self.assertEqual(clean_body, 'abc def', msg % args)
self.assertIsInstance(clean_body, unicode)
def test_get_clean_body_encoded_upper_case(self):
payload = 'hello/world'
# uppercase here!
body = 'abc %s def' % urllib.urlencode({'a': payload})
body = body.replace('%2f', '%2F')
url = URL('http://w3af.com')
headers = Headers([('Content-Type', 'text/html')])
response = HTTPResponse(200, body, headers, url, url)
freq = FuzzableRequest(URL('http://w3af.com/?a=1'))
created_mutants = FakeMutant.create_mutants(freq, [payload], [], False,
{})
mutant = created_mutants[0]
clean_body = get_clean_body(mutant, response)
self.assertEqual(clean_body, 'abc a= def')
self.assertIsInstance(clean_body, unicode)
