Ejemplo n.º 1
0
 def extract(self, arg, from_response=None):
   """Extract a particular field of the request.
   The field is looked up in:
     * attributes
     * URL query
     * request body
     * cookies
     * response
   """
   if from_response:
     if self.response:
       return self.response.extract(arg)
     return None
   if hasattr(self, arg):
     return getattr(self, arg)
   if self.query:
     query = parse_qs(self.query)
     if arg in query:
       return query[arg][0]
   if self.content:
     post = parse_qs(self.content)
     if arg in post:
       return post[arg][0]
   c = self.cookies
   if c:
     if arg in c:
       return c[arg].value
   if from_response is None and self.response:
     return self.response.extract(arg)
Ejemplo n.º 2
0
def find_injection_points(r):
    """Find valid injection points.

  This functions returns the injection points that could
  be used by i().
  """
    ips = []
    if r.query:
        i_pts = parse_qs(r.query)
        if i_pts:
            ips.extend(i_pts)
    if r.content:
        i_pts = parse_qs(r.content)
        if i_pts:
            ips.extend(i_pts)
    if r.cookies:
        i_pts = [c.name for c in r.cookies]
        if i_pts:
            ips.extend(i_pts)
    try:
        i_pts = json.loads(r.content)
        ips.extend(i_pts.keys())
    except (ValueError, TypeError):
        pass
    return ips
Ejemplo n.º 3
0
def find_injection_points(r):
  """Find valid injection points.

  This functions returns the injection points that could
  be used by i().
  """
  ips = []
  if r.query:
    i_pts = parse_qs(r.query)
    if i_pts:
      ips.extend(i_pts)
  if r.content:
    i_pts = parse_qs(r.content)
    if i_pts:
      ips.extend(i_pts)
  if r.cookies:
    i_pts = [ c.name for c in r.cookies]
    if i_pts:
      ips.extend(i_pts)
  try:
    i_pts = json.loads(r.content)
    ips.extend(i_pts.keys())
  except (ValueError,TypeError):
    pass
  return ips
Ejemplo n.º 4
0
 def extract(self, arg, from_response=None):
     """Extract a particular field of the request.
 The field is looked up in:
   * attributes
   * headers
   * URL query
   * request body
   * cookies
   * response
 """
     if from_response:
         if self.response:
             return self.response.extract(arg)
         return None
     if hasattr(self, arg):
         return getattr(self, arg)
     h = self.get_header(arg)
     if h:
         return h[0]
     if self.query:
         query = parse_qs(self.query)
         if arg in query:
             return query[arg][0]
     if self.content:
         post = parse_qs(self.content)
         if arg in post:
             return post[arg][0]
     try:
         for c in self.cookies:
             if c.name == arg:
                 return c.value
     except CookieException:
         pass
     if from_response is None and self.response:
         return self.response.extract(arg)
Ejemplo n.º 5
0
 def extract(self, arg, from_response=None):
   """Extract a particular field of the request.
   The field is looked up in:
     * attributes
     * headers
     * URL query
     * request body
     * cookies
     * response
   """
   if from_response:
     if self.response:
       return self.response.extract(arg)
     return None
   if hasattr(self, arg):
     return getattr(self, arg)
   h = self.get_header(arg)
   if h:
     return h[0]
   if self.query:
     query = parse_qs(self.query)
     if arg in query:
       return query[arg][0]
   if self.content:
     post = parse_qs(self.content)
     if arg in post:
       return post[arg][0]
   try:
     for c in self.cookies:
       if c.name == arg:
         return c.value
   except CookieException:
     pass
   if from_response is None and self.response:
     return self.response.extract(arg)
Ejemplo n.º 6
0
def _inject_post(r, value, pds, pre_func):
  rs = []
  i_pts = parse_qs(r.content)
  if value in i_pts:
    nc = i_pts.copy()
    for p in pds:
      nc[value] = [pre_func(p), ]
      n_content = urlencode(nc)
      r_new = r.copy()
      r_new.content = n_content
      r_new.injection_point = value
      r_new.payload = p
      r_new._update_content_length()
      rs.append(r_new)
  return rs
Ejemplo n.º 7
0
def _inject_query(r, value, pds, pre_func):
  rs = []
  i_pts = parse_qs(r.query)
  if value in i_pts:
    nq = i_pts.copy()
    parsed_url = urlparse.urlparse(r.url)
    for p in pds:
      nq[value] = [pre_func(p), ]
      s = list(parsed_url)
      s[4] = urlencode(nq)
      r_new = r.copy()
      r_new.url = urlparse.urlunparse(s)
      r_new.injection_point = value
      r_new.payload = p
      rs.append(r_new)
  return rs
Ejemplo n.º 8
0
def _inject_post(r, value, pds, pre_func):
    rs = []
    i_pts = parse_qs(r.content)
    if value in i_pts:
        nc = i_pts.copy()
        for p in pds:
            nc[value] = [
                pre_func(p),
            ]
            n_content = urlencode(nc)
            r_new = r.copy()
            r_new.raw_content = n_content
            r_new.content = n_content
            r_new.injection_point = value
            r_new.payload = p
            r_new.update_content_length()
            rs.append(r_new)
    return rs
Ejemplo n.º 9
0
def _inject_query(r, value, pds, pre_func):
    rs = []
    i_pts = parse_qs(r.query)
    if value in i_pts:
        nq = i_pts.copy()
        parsed_url = urlparse.urlparse(r.url)
        for p in pds:
            nq[value] = [
                pre_func(p),
            ]
            s = list(parsed_url)
            s[4] = urlencode(nq)
            r_new = r.copy()
            r_new.url = urlparse.urlunparse(s)
            r_new.injection_point = value
            r_new.payload = p
            rs.append(r_new)
    return rs