def add_owtf_transaction(self, request_hash):
owtf_transaction = transaction.HTTP_Transaction(timer.Timer())
request = request_from_cache(request_hash, self.cache_dir)
response = response_from_cache(request_hash, self.cache_dir)
request.in_scope = self.Core.IsInScopeURL(request.url)
owtf_transaction.ImportProxyRequestResponse(request, response)
self.Core.DB.Transaction.LogTransaction(owtf_transaction)
def Request(self, url, method=None, post=None):
# kludge: necessary to get around urllib2 limitations: Need this to get
# the exact request that was sent.
global raw_request
url = str(url)
raw_request = [] # Init Raw Request to blank list.
post = self.DerivePOST(post)
method = DeriveHTTPMethod(method, post)
url = url.strip() # Clean up URL.
request = urllib2.Request(url, post, self.Headers) # GET request.
if method is not None:
# kludge: necessary to do anything other that GET or POST with
# urllib2
request.get_method = lambda: method
# MUST create a new Transaction object each time so that lists of
# transactions can be created and process at plugin-level
# Pass the timer object to avoid instantiating each time.
self.http_transaction = transaction.HTTP_Transaction(self.timer)
self.http_transaction.Start(url, post, method,
self.target.IsInScopeURL(url))
self.RequestCountTotal += 1
try:
response = self.perform_request(request)
self.set_succesful_transaction(raw_request, response)
except urllib2.HTTPError, Error: # page NOT found.
# Error is really a response for anything other than 200 OK in
# urllib2 :)
self.http_transaction.SetTransaction(False, raw_request[0], Error)
def Request(self, url, method=None, post=None):
# kludge: necessary to get around urllib2 limitations: Need this to get the exact request that was sent.
global raw_request
url = str(url)
raw_request = [] # Init Raw Request to blank list.
post = self.DerivePOST(post)
method = DeriveHTTPMethod(method, post)
url = url.strip() # Clean up URL.
request = urllib2.Request(url, post, self.Headers) # GET request.
if method is not None:
# kludge: necessary to do anything other that GET or POST with urllib2
request.get_method = lambda: method
# MUST create a new Transaction object each time so that lists of
# transactions can be created and process at plugin-level
# Pass the timer object to avoid instantiating each time.
self.http_transaction = transaction.HTTP_Transaction(self.timer)
self.http_transaction.Start(url, post, method, self.target.IsInScopeURL(url))
self.RequestCountTotal += 1
try:
response = self.perform_request(request)
self.set_succesful_transaction(raw_request, response)
except urllib2.HTTPError as Error: # page NOT found.
# Error is really a response for anything other than 200 OK in urllib2 :)
self.http_transaction.SetTransaction(False, raw_request[0], Error)
except urllib2.URLError as Error: # Connection refused?
err_message = self.ProcessHTTPErrorCode(Error, url)
self.http_transaction.SetError(err_message)
except IOError:
err_message = "ERROR: Requester Object -> Unknown HTTP Request error: %s\n%s" % (url, str(sys.exc_info()))
self.http_transaction.SetError(err_message)
if self.LogTransactions:
# Log transaction in DB for analysis later and return modified Transaction with ID.
self.log_transaction()
return self.http_transaction
def DeriveTransaction(self, trans):
if trans:
owtf_transaction = transaction.HTTP_Transaction(None)
response_body = trans.response_body
if trans.binary_response:
response_body = base64.b64decode(response_body)
owtf_transaction.SetTransactionFromDB(
trans.id, trans.url, trans.method, trans.response_status,
str(trans.time), trans.time_human, trans.data,
trans.raw_request, trans.response_headers, response_body)
return owtf_transaction
return (None)
def get_owtf_transactions(self, hash_list):
transactions_dict = None
target_list = self.target.GetIndexedTargets()
if target_list: # If there are no targets in db, where are we going to add. OMG
transactions_dict = {}
host_list = self.target.GetAllInScope('host_name')
for request_hash in hash_list:
request = request_from_cache(os.path.join(self.cache_dir, request_hash))
response = response_from_cache(os.path.join(self.cache_dir, request_hash))
target_id, request.in_scope = self.derive_target_for_transaction(request, response, target_list, host_list)
owtf_transaction = transaction.HTTP_Transaction(timer.Timer())
owtf_transaction.ImportProxyRequestResponse(request, response)
try:
transactions_dict[target_id].append(owtf_transaction)
except KeyError:
transactions_dict[target_id] = [owtf_transaction]
return(transactions_dict)
def Request(self, URL, Method = None, POST = None): global RawRequest # kludge: necessary to get around urllib2 limitations: Need this to get the exact request that was sent RawRequest = [] # Init Raw Request to blank list POST = self.DerivePOST(POST) Method = DeriveHTTPMethod(Method, POST) URL = URL.strip() # Clean up URL request = urllib2.Request(URL, POST, self.Headers) # GET request if None != Method: request.get_method = lambda : Method # kludge: necessary to do anything other that GET or POST with urllib2 # MUST create a new Transaction object each time so that lists of transactions can be created and process at plugin-level self.Transaction = transaction.HTTP_Transaction(self.Core.Timer) # Pass the timer object to avoid instantiating each time self.Transaction.Start(URL, POST, Method, self.Core.IsInScopeURL(URL)) self.RequestCountTotal += 1 try: Response = urllib2.urlopen(request) self.Transaction.SetTransaction(True, RawRequest[0], Response) except urllib2.HTTPError, Error: # page NOT found self.Transaction.SetTransaction(False, RawRequest[0], Error) # Error is really a response for anything other than 200 OK in urllib2 :)
def GetByID(self, ID):
MatchList = self.Search({'ID': ID})
if len(MatchList) > 0: # Transaction found
T = MatchList[0]
Transaction = transaction.HTTP_Transaction(self.Core.Timer)
TStr = ""
Prefix = self.GetPrefix(T['Scope'])
try:
Path = self.Core.Config.Get(
'TRANSACTION_LOG_TRANSACTIONS') + Prefix + T['ID'] + ".txt"
TStr = open(
Path).read() # Try to retrieve transaction to memory
except IOError:
self.Core.Error.Add(
"ERROR: Transaction " + T['ID'] +
" could not be found, has the DB been tampered with?")
if TStr: # Transaction could be read from DB
Request, ResponseHeaders, ResponseBody = self.ParseDBTransaction(
TStr, T['Status'])
Transaction.SetTransactionFromDB(T, Request, ResponseHeaders,
ResponseBody)
self.SetIDForTransaction(Transaction, T['ID'], Path)
return Transaction
return False # Transaction not found