def setup_oauth(): """Authorize your app via identifier.""" # Request token oauth = OAuth1(CONSUMER_KEY, client_secret=CONSUMER_SECRET) r = requests.post(url=REQUEST_TOKEN_URL, auth=oauth) credentials = parse_qs(r.content) resource_owner_key = credentials.get('oauth_token')[0] resource_owner_secret = credentials.get('oauth_token_secret')[0] # Authorize authorize_url = AUTHORIZE_URL + resource_owner_key print 'Please go here and authorize: ' + authorize_url verifier = raw_input('Please input the verifier: ') oauth = OAuth1(CONSUMER_KEY, client_secret=CONSUMER_SECRET, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret, verifier=verifier) # Finally, Obtain the Access Token r = requests.post(url=ACCESS_TOKEN_URL, auth=oauth) credentials = parse_qs(r.content) token = credentials.get('oauth_token')[0] secret = credentials.get('oauth_token_secret')[0] return token, secret
def step_impl(context, method): """Store a list of valid form submissions (used for valid cases for fuzz generation) """ if hasattr(context, 'timeout') is False: context.timeout = 5 # Sensible default if hasattr(context, 'targeturi') is False: assert False, "Target URI not specified" context.submission = [] context.submission_method = method context.type = 'urlencode' # Used downstream for selecting encoding context.content_type = 'application/x-www-form-urlencoded; charset=utf-8' # Add all valid cases into a list as unserialised data structures for row in context.table: context.submission.append(urlparse2.parse_qs(row['submission'])) test_valid_submission(context) assert True
def step_impl(context, submission, method): """For static injection, store a valid form where elements are replaced with injections and test it once. This is also used for the valid case instrumentation. """ if hasattr(context, 'timeout') is False: context.timeout = 5 # Sensible default if hasattr(context, 'targeturi') is False: assert False, "Target URI not specified" # Unserialise into a data structure and store in a list # (one valid case is just a special case of providing # several valid cases) context.submission = [urlparse2.parse_qs(submission)] context.submission_method = method context.type = 'urlencode' # Used downstream for selecting encoding context.content_type = 'application/x-www-form-urlencoded; charset=utf-8' test_valid_submission(context) assert True
def getID(url): pUrl=urlparse2.urlparse(url) return urlparse2.parse_qs(pUrl.query)['id'][0]