def toggle_bookmark(self, cell, path, model):
"""Toggle bookmark."""
model[path][1] = not model[path][1]
historyItem = HistoryItem()
historyItem.load(model[path][0])
historyItem.toggle_mark(True)
return
def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = 'report.xml'
self._timeFormat = '%a %b %d %H:%M:%S %Y'
self._longTimestampString = str(
time.strftime(self._timeFormat, time.localtime()))
self._timestampString = str(int(time.time()))
# List with additional xml elements
self._errorXML = []
# xml
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement("w3afrun")
self._topElement.setAttribute("start", self._timestampString)
self._topElement.setAttribute("startstr", self._longTimestampString)
self._topElement.setAttribute("xmloutputversion", "2.0")
# Add in the version details
version_element = self._xmldoc.createElement("w3af-version")
version_data = self._xmldoc.createTextNode(
str(get_w3af_version.get_w3af_version()))
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scanInfo = self._xmldoc.createElement("scaninfo")
# HistoryItem to get requests/responses
self._history = HistoryItem()
def edit_tag(self, cell, path, new_text, model):
"""Edit tag."""
model[path][4] = new_text
historyItem = HistoryItem()
historyItem.load(model[path][0])
historyItem.update_tag(new_text, True)
return
def __init__(self,
w3af,
request_id,
enableWidget=None,
withManual=True,
withFuzzy=True,
withCompare=True,
withAudit=True,
editableRequest=False,
editableResponse=False,
widgname="default"):
# Create the window
RememberingWindow.__init__(self, w3af, "reqResWin",
_("w3af - HTTP Request/Response"),
"Browsing_the_Knowledge_Base")
# Create the request response viewer
rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy,
withCompare, withAudit, editableRequest,
editableResponse, widgname)
# Search the id in the DB
historyItem = HistoryItem()
historyItem.load(request_id)
# Set
rrViewer.request.show_object(historyItem.request)
rrViewer.response.show_object(historyItem.response)
rrViewer.show()
self.vbox.pack_start(rrViewer)
# Show the window
self.show()
def __init__(self, w3af, kbbrowser, ifilter):
super(FullKBTree, self).__init__(w3af,
ifilter,
'Knowledge Base',
strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._showDesc)
self.show()
def test_history_access(self):
self.count_plugin.loops = 1
self.w3afcore.start()
history_item = HistoryItem()
self.assertTrue(history_item.load(1))
self.assertEqual(history_item.id, 1)
self.assertEqual(history_item.get_request().get_uri().url_string,
'http://moth/')
self.assertEqual(history_item.get_response().get_uri().url_string,
'http://moth/')
def _impact_done(self, event, impact):
# Keep calling this from timeout_add until isSet
if not event.isSet():
return True
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
# Analyze the impact
if impact.ok:
# Lets check if we found any vulnerabilities
#
# TODO: I should actually show ALL THE REQUESTS generated by audit plugins...
# not just the ones with vulnerabilities.
#
for result in impact.result:
# TODO: I'm not sure when this is None bug it appeared in Trac bug #167736
if result.get_id() is not None:
for itemId in result.get_id():
historyItem = HistoryItem()
historyItem.load(itemId)
historyItem.update_tag(historyItem.tag +
result.plugin_name)
historyItem.info = result.get_desc()
historyItem.save()
else:
if impact.exception.__class__ == w3afException:
msg = str(impact.exception)
elif impact.exception.__class__ == w3afMustStopException:
msg = "Stopped sending requests because " + \
str(impact.exception)
elif impact.exception.__class__ == w3afMustStopOnUrlError:
msg = "Not sending requests because " + str(impact.exception)
else:
raise impact.exception
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
gtk.gdk.threads_enter()
helpers.FriendlyExceptionDlg(msg)
gtk.gdk.threads_leave()
return False
def __init__(self, w3af, padding=10, time_refresh=False):
"""Init object."""
super(httpLogTab, self).__init__(w3af, "pane-httplogtab", 300)
self.w3af = w3af
self._padding = padding
self._lastId = 0
self._historyItem = HistoryItem()
if time_refresh:
gobject.timeout_add(1000, self.refresh_results)
# Create the main container
mainvbox = gtk.VBox()
mainvbox.set_spacing(self._padding)
# Add the menuHbox, Req/Res viewer and the R/R selector on the bottom
self._initSearchBox(mainvbox)
self._initFilterBox(mainvbox)
self._initReqResViewer(mainvbox)
mainvbox.show()
# Add everything
self.add(mainvbox)
self.show()
def store_in_cache(request, response):
# Create the http response object
resp = HTTPResponse.from_httplib_resp(response,
original_url=request.url_object)
resp.set_id(response.id)
resp.set_alias(gen_hash(request))
hi = HistoryItem()
hi.request = request
hi.response = resp
# Now save them
try:
hi.save()
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise w3afMustStopException(msg)
def store_in_cache(request, response):
# Create the http response object
resp = HTTPResponse.from_httplib_resp(response,
original_url=request.url_object)
resp.set_id(response.id)
resp.set_alias(gen_hash(request))
hi = HistoryItem()
hi.request = request
hi.response = resp
# Now save them
try:
hi.save()
except Exception, ex:
msg = ('Exception while inserting request/response to the'
' database: %s\nThe request/response that generated'
' the error is: %s %s %s' %
(ex, resp.get_id(), request.get_uri(), resp.get_code()))
om.out.error(msg)
raise
def _get_hist_obj(self):
hist_obj = self._hist_obj
if hist_obj is None:
historyobjs = HistoryItem().find([('alias', self._hash_id, "=")])
self._hist_obj = hist_obj = historyobjs[0] if historyobjs else None
return hist_obj
def clear():
'''
Clear the cache (remove all files and directories associated with it).
'''
return HistoryItem().clear()
def init():
create_temp_dir()
HistoryItem().init()
def __init__(self, w3af):
super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250)
# Internal variables:
#
# Here I save the request and response ids to be used in the page control
self.req_res_ids = []
# This is to search the DB and print the different request and responses as they are
# requested from the page control, "_pageChange" method.
self._historyItem = HistoryItem()
# the filter to the tree
filterbox = gtk.HBox()
self.filters = {}
def make_but(label, signal, initial):
but = gtk.CheckButton(label)
but.set_active(initial)
but.connect("clicked", self.type_filter, signal)
self.filters[signal] = initial
but.show()
filterbox.pack_start(but, expand=False, fill=False, padding=2)
make_but("Vulnerabilities", "vuln", True)
make_but("Informations", "info", True)
filterbox.show()
# the kb tree
self.kbtree = FullKBTree(w3af, self, self.filters)
# all in the first pane
scrollwin21 = gtk.ScrolledWindow()
scrollwin21.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
scrollwin21.add(self.kbtree)
scrollwin21.show()
# the filter and tree box
treebox = gtk.VBox()
treebox.pack_start(filterbox, expand=False, fill=False)
treebox.pack_start(scrollwin21)
treebox.show()
# the explanation
explan_tv = gtk.TextView()
explan_tv.set_editable(False)
explan_tv.set_cursor_visible(False)
explan_tv.set_wrap_mode(gtk.WRAP_WORD)
self.explanation = explan_tv.get_buffer()
explan_tv.show()
scrollwin22 = gtk.ScrolledWindow()
scrollwin22.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
scrollwin22.add_with_viewport(explan_tv)
scrollwin22.show()
# The request/response viewer
self.rrV = reqResViewer.reqResViewer(w3af, withAudit=False)
self.rrV.set_sensitive(False)
# Create the title label to show the request id
self.title0 = gtk.Label()
self.title0.show()
# Create page changer to handle info/vuln objects that have MORE THAN ONE
# related request/response
self.pagesControl = entries.PagesControl(w3af, self._pageChange, 0)
self.pagesControl.deactivate()
self._pageChange(0)
centerbox = gtk.HBox()
centerbox.pack_start(self.pagesControl, True, False)
# Add everything to a vbox
vbox_rrv_centerbox = gtk.VBox()
vbox_rrv_centerbox.pack_start(self.title0, False, True)
vbox_rrv_centerbox.pack_start(self.rrV, True, True)
vbox_rrv_centerbox.pack_start(centerbox, False, False)
# and show
vbox_rrv_centerbox.show()
self.pagesControl.show()
centerbox.show()
# And now put everything inside the vpaned
vpanedExplainAndView = entries.RememberingVPaned(
w3af, "pane-kbbexplainview", 100)
vpanedExplainAndView.pack1(scrollwin22)
vpanedExplainAndView.pack2(vbox_rrv_centerbox)
vpanedExplainAndView.show()
# pack & show
self.pack1(treebox)
self.pack2(vpanedExplainAndView)
self.show()
def __init__(self, w3af, initial_request=None):
super(FuzzyRequests,
self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests",
"Fuzzy_Requests")
self.w3af = w3af
self.historyItem = HistoryItem()
mainhbox = gtk.HBox()
# To store the responses
self.responses = []
# ---- left pane ----
vbox = gtk.VBox()
mainhbox.pack_start(vbox, False, False)
# we create the buttons first, to pass them
analyzBut = gtk.Button("Analyze")
self.sendPlayBut = entries.SemiStockButton(
"", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests")
self.sendStopBut = entries.SemiStockButton(
"", gtk.STOCK_MEDIA_STOP, "Stops the request being sent")
self.sSB_state = helpers.PropagateBuffer(
self.sendStopBut.set_sensitive)
self.sSB_state.change(self, False)
# Fix content length checkbox
self._fix_content_lengthCB = gtk.CheckButton(
'Fix content length header')
self._fix_content_lengthCB.set_active(True)
self._fix_content_lengthCB.show()
# request
self.originalReq = reqResViewer.requestPart(
self,
w3af, [
analyzBut.set_sensitive, self.sendPlayBut.set_sensitive,
functools.partial(self.sSB_state.change, "rRV")
],
editable=True,
widgname="fuzzyrequest")
if initial_request is None:
self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '')
else:
(initialUp, initialDn) = initial_request
self.originalReq.show_raw(initialUp, initialDn)
# Add the right button popup menu to the text widgets
rawTextView = self.originalReq.get_view_by_id('HttpRawView')
rawTextView.textView.connect("populate-popup", self._populate_popup)
# help
helplabel = gtk.Label()
helplabel.set_selectable(True)
helplabel.set_markup(FUZZYHELP)
self.originalReq.append_page(helplabel, gtk.Label("Syntax help"))
helplabel.show()
self.originalReq.show()
vbox.pack_start(self.originalReq, True, True, padding=5)
vbox.show()
# the commands
t = gtk.Table(2, 4)
analyzBut.connect("clicked", self._analyze)
t.attach(analyzBut, 0, 2, 0, 1)
self.analyzefb = gtk.Label("0 requests")
self.analyzefb.set_sensitive(False)
t.attach(self.analyzefb, 2, 3, 0, 1)
self.preview = gtk.CheckButton("Preview")
t.attach(self.preview, 3, 4, 0, 1)
self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start)
t.attach(self.sendPlayBut, 0, 1, 1, 2)
self.sendStopBut.connect("clicked", self._send_stop)
t.attach(self.sendStopBut, 1, 2, 1, 2)
self.sendfb = gtk.Label("0 ok, 0 errors")
self.sendfb.set_sensitive(False)
t.attach(self.sendfb, 2, 3, 1, 2)
t.attach(self._fix_content_lengthCB, 3, 4, 1, 2)
t.show_all()
vbox.pack_start(t, False, False, padding=5)
# ---- throbber pane ----
vbox = gtk.VBox()
self.throbber = helpers.Throbber()
self.throbber.set_sensitive(False)
vbox.pack_start(self.throbber, False, False)
vbox.show()
mainhbox.pack_start(vbox, False, False)
# ---- right pane ----
vbox = gtk.VBox()
mainhbox.pack_start(vbox)
# A label to show the id of the response
self.title0 = gtk.Label()
self.title0.show()
vbox.pack_start(self.title0, False, True)
# result itself
self.resultReqResp = reqResViewer.reqResViewer(w3af,
withFuzzy=False,
editableRequest=False,
editableResponse=False)
self.resultReqResp.set_sensitive(False)
vbox.pack_start(self.resultReqResp, True, True, padding=5)
vbox.show()
# result control
centerbox = gtk.HBox()
self.pagesControl = entries.PagesControl(w3af, self._pageChange)
centerbox.pack_start(self.pagesControl, True, False)
centerbox.show()
# cluster responses button
image = gtk.Image()
image.set_from_file(
os.path.join('core', 'ui', 'gui', 'data', 'cluster_data.png'))
image.show()
self.clusterButton = gtk.Button(label='Cluster responses')
self.clusterButton.connect("clicked", self._clusterData)
self.clusterButton.set_sensitive(False)
self.clusterButton.set_image(image)
self.clusterButton.show()
centerbox.pack_start(self.clusterButton, True, False)
# clear responses button
self.clearButton = entries.SemiStockButton(
'Clear Responses',
gtk.STOCK_CLEAR,
tooltip='Clear all HTTP responses from fuzzer window')
self.clearButton.connect("clicked", self._clearResponses)
self.clearButton.set_sensitive(False)
self.clearButton.show()
centerbox.pack_start(self.clearButton, True, False)
vbox.pack_start(centerbox, False, False, padding=5)
# Show all!
self._sendPaused = True
self.vbox.pack_start(mainhbox)
self.vbox.show()
mainhbox.show()
self.show()
