Ejemplo n.º 1
0
    def test_do_ssl_req_through_proxy(self):
        resp_body = self.proxy_opener.open(get_moth_https()).read()

        # Basic check
        self.assertTrue(len(resp_body) > 0)

        # Get response using the proxy
        proxy_resp = self.proxy_opener.open(get_moth_https())
        # Get it without any proxy
        direct_resp = urllib2.urlopen(get_moth_https())

        # Must be equal
        self.assertEqual(direct_resp.read(), proxy_resp.read())

        # Have to remove the Date header because in some cases they differ
        # because one request was sent in second X and the other in X+1, which
        # makes the test fail
        direct_resp_headers = dict(direct_resp.info())
        proxy_resp_headers = dict(proxy_resp.info())
        del direct_resp_headers['date']
        del proxy_resp_headers['date']

        del direct_resp_headers['transfer-encoding']
        del proxy_resp_headers['content-length']

        del proxy_resp_headers['content-encoding']

        self.assertEqual(direct_resp_headers, proxy_resp_headers)
Ejemplo n.º 2
0
    def test_do_ssl_req_through_proxy(self):
        resp_body = self.proxy_opener.open(get_moth_https()).read()

        # Basic check
        self.assertTrue(len(resp_body) > 0)

        # Get response using the proxy
        proxy_resp = self.proxy_opener.open(get_moth_https())
        # Get it without any proxy
        direct_resp = urllib2.urlopen(get_moth_https())

        # Must be equal
        self.assertEqual(direct_resp.read(), proxy_resp.read())

        # Have to remove the Date header because in some cases they differ
        # because one request was sent in second X and the other in X+1, which
        # makes the test fail
        direct_resp_headers = dict(direct_resp.info())
        proxy_resp_headers = dict(proxy_resp.info())
        del direct_resp_headers['date']
        del proxy_resp_headers['date']

        del direct_resp_headers['transfer-encoding']
        del proxy_resp_headers['content-length']

        del proxy_resp_headers['content-encoding']

        self.assertEqual(direct_resp_headers, proxy_resp_headers)
Ejemplo n.º 3
0
    def test_basic_ssl(self):
        url = URL(get_moth_https())
        http_response = self.uri_opener.GET(url, cache=False)

        self.assertIn(self.MOTH_MESSAGE, http_response.body)

        self.assertGreaterEqual(http_response.id, 1)
        self.assertNotEqual(http_response.id, None)
Ejemplo n.º 4
0
    def test_https_via_proxy(self):
        self.assertEqual(self._proxy.total_handled_requests, 0)

        url = URL(get_moth_https())
        http_response = self.uri_opener.GET(url, cache=False)

        self.assertIn(self.MOTH_MESSAGE, http_response.body)
        self.assertEqual(self._proxy.total_handled_requests, 1)
Ejemplo n.º 5
0
    def test_basic_ssl(self):
        url = URL(get_moth_https())
        http_response = self.uri_opener.GET(url, cache=False)

        self.assertIn(self.MOTH_MESSAGE, http_response.body)

        self.assertGreaterEqual(http_response.id, 1)
        self.assertNotEqual(http_response.id, None)
Ejemplo n.º 6
0
    def test_https_via_proxy(self):
        self.assertEqual(self._proxy.total_handled_requests, 0)

        url = URL(get_moth_https())
        http_response = self.uri_opener.GET(url, cache=False)

        self.assertIn(self.MOTH_MESSAGE, http_response.body)
        self.assertEqual(self._proxy.total_handled_requests, 1)
Ejemplo n.º 7
0
    def test_hmap_https(self):
        cfg = self._run_configs['cfg']
        self._scan(get_moth_https(), cfg['plugins'])

        infos = self.kb.get('hmap', 'server')
        self.assertEqual(len(infos), 1, infos)

        info = infos[0]
        self.assertIn('WSGIServer/0.1', info.get_desc(), info.get_desc())
Ejemplo n.º 8
0
    def test_hmap_https(self):
        cfg = self._run_configs['cfg']
        self._scan(get_moth_https(), cfg['plugins'])

        infos = self.kb.get('hmap', 'server')
        self.assertEqual(len(infos), 1, infos)

        info = infos[0]
        self.assertIn('WSGIServer/0.1', info.get_desc(), info.get_desc())
Ejemplo n.º 9
0
 def test_https_via_proxy(self):
     TODO = 'Skip this test because of a strange bug with the extended'\
            ' url library and w3af\'s local proxy daemon. More info here:'\
            ' https://github.com/andresriancho/w3af/issues/183'
     raise SkipTest(TODO)
 
     url = URL(get_moth_https())
     http_response = self.uri_opener.GET(url, cache=False)
     self.assertIn(self.MOTH_MESSAGE, http_response.body)
Ejemplo n.º 10
0
    def test_spiderman_https(self):
        port = get_unused_port()

        run_config = {
            "target": get_moth_https(),
            "plugins": {"crawl": (PluginConfig("spider_man", ("listen_port", port, PluginConfig.INT)),)},
        }

        self.generic_spiderman_run(run_config, get_moth_https, port)
Ejemplo n.º 11
0
    def test_https_via_proxy(self):
        TODO = 'Skip this test because of a strange bug with the extended'\
               ' url library and w3af\'s local proxy daemon. More info here:'\
               ' https://github.com/andresriancho/w3af/issues/183'
        raise SkipTest(TODO)

        url = URL(get_moth_https())
        http_response = self.uri_opener.GET(url, cache=False)
        self.assertIn(self.MOTH_MESSAGE, http_response.body)
Ejemplo n.º 12
0
    def test_spiderman_https(self):
        port = get_unused_port()

        run_config = {
                'target': get_moth_https(),
                'plugins': {'crawl': (PluginConfig('spider_man',
                                                   ('listen_port', port,
                                                    PluginConfig.INT),
                                                   ),)}
        }

        self.generic_spiderman_run(run_config, get_moth_https, port)
Ejemplo n.º 13
0
    def test_spiderman_https(self):
        port = get_unused_port()

        run_config = {
                'target': get_moth_https(),
                'plugins': {'crawl': (PluginConfig('spider_man',
                                                   ('listen_port', port,
                                                    PluginConfig.INT),
                                                   ),)}
        }

        self.generic_spiderman_run(run_config, get_moth_https, port)
Ejemplo n.º 14
0
class TestSQLMapWrapper(unittest.TestCase):

    SQLI_GET = get_moth_http('/audit/sql_injection/'
                             'where_string_single_qs.py?uname=pablo')

    SSL_SQLI_GET = get_moth_https('/audit/sql_injection/'
                                  'where_string_single_qs.py?uname=pablo')

    SQLI_POST = get_moth_http('/audit/sql_injection/where_integer_form.py')

    DATA_POST = 'text=1'

    def setUp(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        self.uri_opener = ExtendedUrllib()

        self.sqlmap = SQLMapWrapper(target, self.uri_opener, debug=True)

    def tearDown(self):
        self.uri_opener.end()
        self.sqlmap.cleanup()

    @classmethod
    def setUpClass(cls):
        output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
        if os.path.exists(output_dir):
            shutil.rmtree(output_dir)

    @classmethod
    def tearDownClass(cls):
        # Doing this in both setupclass and teardownclass in order to be sure
        # that a ctrl+c doesn't break it
        output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
        if os.path.exists(output_dir):
            shutil.rmtree(output_dir)

    def test_verify_vulnerability(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

    def test_verify_vulnerability_ssl(self):
        uri = URL(self.SSL_SQLI_GET)
        target = Target(uri)

        self.uri_opener = ExtendedUrllib()

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable, self.sqlmap.last_stdout)

    def test_verify_vulnerability_false(self):
        not_vuln = get_moth_http('/audit/sql_injection/'
                                 'where_string_single_qs.py?fake=pablo')
        uri = URL(not_vuln)
        target = Target(uri)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        vulnerable = self.sqlmap.is_vulnerable()
        self.assertFalse(vulnerable)

    def test_verify_vulnerability_POST(self):
        target = Target(URL(self.SQLI_POST), self.DATA_POST)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable, self.sqlmap.last_stdout)

    def test_wrapper_invalid_url(self):
        self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET,
                          self.uri_opener)

    def test_stds(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        prms = [
            '--batch',
        ]
        cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)

        self.assertIsInstance(process.stdout, file)
        self.assertIsInstance(process.stderr, file)
        self.assertIsInstance(process.stdin, file)
        self.assertIsInstance(cmd, basestring)

        self.assertIn('sqlmap.py', cmd)

    def test_target_basic(self):
        target = Target(URL(self.SQLI_GET))
        params = target.to_params()

        self.assertEqual(params, ["--url=%s" % self.SQLI_GET])

    def test_target_post_data(self):
        target = Target(URL(self.SQLI_GET), self.DATA_POST)
        params = target.to_params()

        self.assertEqual(
            params, ["--url=%s" % self.SQLI_GET,
                     "--data=%s" % self.DATA_POST])

    def test_no_coloring(self):
        params = self.sqlmap.get_wrapper_params()
        self.assertIn('--disable-coloring', params)

    def test_always_batch(self):
        params = self.sqlmap.get_wrapper_params()
        self.assertIn('--batch', params)

    def test_use_proxy(self):
        params = self.sqlmap.get_wrapper_params()

        self.assertTrue(
            any(i.startswith('--proxy=http://127.0.0.1:') for i in params))

    def test_enable_coloring(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
        params = sqlmap.get_wrapper_params()
        self.assertNotIn('--disable-coloring', params)

    def test_dbs(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.dbs()
        output = process.stdout.read()

        self.assertIn('on SQLite it is not possible to enumerate databases',
                      output)

    def test_tables(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.tables()
        output = process.stdout.read()

        self.assertIn('auth_group_permissions', output)
        self.assertIn('Database: SQLite_masterdb', output)
        self.assertIn('django_content_type', output)

    def test_users(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.users()
        output = process.stdout.read()

        self.assertIn('on SQLite it is not possible to enumerate the users',
                      output)

    def test_dump(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable)

        cmd, process = self.sqlmap.dump()
        output = process.stdout.read()

        self.assertIn('django_session', output)
        self.assertIn('auth_user_user_permissions', output)

    def test_sqlmap(self):
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable, self.sqlmap.last_stdout)

        cmd, process = self.sqlmap.direct('--tables')
        output = process.stdout.read()

        self.assertIn('django_session', output)
        self.assertIn('auth_user_user_permissions', output)

        self.assertNotIn('COLUMN_PRIVILEGES', output)
Ejemplo n.º 15
0
 def test_https_via_proxy(self):
     raise SkipTest(TODO_183)
 
     url = URL(get_moth_https())
     http_response = self.uri_opener.GET(url, cache=False)
     self.assertIn(self.MOTH_MESSAGE, http_response.body)
Ejemplo n.º 16
0
 def test_https_via_proxy(self):
     raise SkipTest(TODO_183)
 
     url = URL(get_moth_https())
     http_response = self.uri_opener.GET(url, cache=False)
     self.assertIn(self.MOTH_MESSAGE, http_response.body)