def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
if compare_diff:
body1, body2 = diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
self.debug('Result: %s' % cmp_res)
return cmp_res
def _is_resp_equal(self, res1, res2):
"""
@see: unittest for this method in test_csrf.py
"""
if res1.get_code() != res2.get_code():
return False
if not relative_distance_boolean(res1.body, res2.body,
self._equal_limit):
return False
return True
def _is_resp_equal(self, res1, res2):
"""
@see: unittest for this method in test_csrf.py
"""
if res1.get_code() != res2.get_code():
return False
if not relative_distance_boolean(res1.body, res2.body,
self._equal_limit):
return False
return True
def test_all(self):
acceptance_tests = []
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a', 'a', 0.1))
acceptance_tests.append(('a', 'a', 0.0))
acceptance_tests.append(('a', 'b', 1.0))
acceptance_tests.append(('a', 'b', 0.1))
acceptance_tests.append(('a', 'b', 0.0))
acceptance_tests.append(('a', 'ab', 1.0))
acceptance_tests.append(('a', 'ab', 0.1))
acceptance_tests.append(('a', 'b', 0.0000000000000000001))
acceptance_tests.append(('a', 'b' * 100, 1.0))
acceptance_tests.append(('a', 'ab', 0.66666666666))
acceptance_tests.append(('a', 'aab', 0.5))
acceptance_tests.append(('a', 'aaab', 0.4))
acceptance_tests.append(
('a', 'aaaab',
0.33333333333333333333333333333333333333333333333333333333))
acceptance_tests.append(('a' * 25, 'a', 1.0))
acceptance_tests.append(('aaa', 'aa', 1.0))
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927))
acceptance_tests.append(('aaa', 'aa', 0.8))
acceptance_tests.append(('a', 'a', 0.0))
for e, d, f in acceptance_tests:
res1 = relative_distance_boolean(e, d, f)
res2 = relative_distance(e, d) >= f
msg = 'relative_distance_boolean and relative_distance returned'\
' different results for the same parameters:\n'\
' - %s\n'\
' - %s\n'\
' - Threshold: %s\n'\
self.assertEqual(res1, res2, msg % (e, d, f))
def test_all(self):
acceptance_tests = []
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a', 'a', 0.1))
acceptance_tests.append(('a', 'a', 0.0))
acceptance_tests.append(('a', 'b', 1.0))
acceptance_tests.append(('a', 'b', 0.1))
acceptance_tests.append(('a', 'b', 0.0))
acceptance_tests.append(('a', 'ab', 1.0))
acceptance_tests.append(('a', 'ab', 0.1))
acceptance_tests.append(('a', 'b', 0.0000000000000000001))
acceptance_tests.append(('a', 'b' * 100, 1.0))
acceptance_tests.append(('a', 'ab', 0.66666666666))
acceptance_tests.append(('a', 'aab', 0.5))
acceptance_tests.append(('a', 'aaab', 0.4))
acceptance_tests.append(('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333))
acceptance_tests.append(('a' * 25, 'a', 1.0))
acceptance_tests.append(('aaa', 'aa', 1.0))
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927))
acceptance_tests.append(('aaa', 'aa', 0.8))
acceptance_tests.append(('a', 'a', 0.0))
for e, d, f in acceptance_tests:
res1 = relative_distance_boolean(e, d, f)
res2 = relative_distance(e, d) >= f
msg = 'relative_distance_boolean and relative_distance returned'\
' different results for the same parameters:\n'\
' - %s\n'\
' - %s\n'\
' - Threshold: %s\n'\
self.assertEqual(res1, res2, msg % (e, d, f))
def audit(self, freq, orig_response):
"""
Check if the protocol specified in freq is https and fetch the same URL
using http. ie:
- input: https://w3af.org/
- check: http://w3af.org/
:param freq: A FuzzableRequest
"""
if not self._run:
return
else:
# Define some variables
initial_uri = freq.get_uri()
insecure_uri = initial_uri.copy()
secure_uri = initial_uri.copy()
insecure_uri.set_protocol('http')
insecure_fr = freq.copy()
insecure_fr.set_url(insecure_uri)
secure_uri.set_protocol('https')
secure_fr = freq.copy()
secure_fr.set_url(secure_uri)
# Make sure that we ignore errors during this test
send_mutant = self._uri_opener.send_mutant
kwargs = {'grep': False, 'ignore_errors': True}
try:
insecure_response = send_mutant(insecure_fr, **kwargs)
secure_response = send_mutant(secure_fr, **kwargs)
except (BaseFrameworkException, ScanMustStopException):
# No vulnerability to report since one of these threw an error
# (because there is nothing listening on that port). It makes
# no sense to keep running since we already got an error
self._run = False
else:
if insecure_response is None or secure_response is None:
# No vulnerability to report since one of these threw an
# error (because there is nothing listening on that port).
# It makes no sense to keep running since we already got an
# error
self._run = False
return
if self._redirects_to_secure(insecure_response,
secure_response):
return
if insecure_response.get_code() == secure_response.get_code()\
and relative_distance_boolean(insecure_response.get_body(),
secure_response.get_body(),
0.95):
desc = 'Secure content can be accessed using the insecure'\
' protocol HTTP. The vulnerable URLs are:'\
' "%s" - "%s" .'
desc = desc % (secure_uri, insecure_uri)
response_ids = [insecure_response.id, secure_response.id]
v = Vuln.from_fr('Secure content over insecure channel',
desc, severity.MEDIUM, response_ids,
self.get_name(), freq)
self.kb_append(self, 'un_ssl', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
# In most cases, when one resource is available, all are
# so we just stop searching for this vulnerability
self._run = False
def audit(self, freq, orig_response):
"""
Check if the protocol specified in freq is https and fetch the same URL
using http. ie:
- input: https://w3af.org/
- check: http://w3af.org/
:param freq: A FuzzableRequest
"""
if not self._run:
return
else:
# Define some variables
initial_uri = freq.get_uri()
insecure_uri = initial_uri.copy()
secure_uri = initial_uri.copy()
insecure_uri.set_protocol('http')
insecure_fr = freq.copy()
insecure_fr.set_url(insecure_uri)
secure_uri.set_protocol('https')
secure_fr = freq.copy()
secure_fr.set_url(secure_uri)
# Make sure that we ignore errors during this test
send_mutant = self._uri_opener.send_mutant
kwargs = {'grep': False, 'ignore_errors': True}
try:
insecure_response = send_mutant(insecure_fr, **kwargs)
secure_response = send_mutant(secure_fr, **kwargs)
except (BaseFrameworkException, ScanMustStopException):
# No vulnerability to report since one of these threw an error
# (because there is nothing listening on that port). It makes
# no sense to keep running since we already got an error
self._run = False
else:
if insecure_response is None or secure_response is None:
# No vulnerability to report since one of these threw an
# error (because there is nothing listening on that port).
# It makes no sense to keep running since we already got an
# error
self._run = False
return
if self._redirects_to_secure(insecure_response, secure_response):
return
if insecure_response.get_code() == secure_response.get_code()\
and relative_distance_boolean(insecure_response.get_body(),
secure_response.get_body(),
0.95):
desc = 'Secure content can be accessed using the insecure'\
' protocol HTTP. The vulnerable URLs are:'\
' "%s" - "%s" .'
desc = desc % (secure_uri, insecure_uri)
response_ids = [insecure_response.id, secure_response.id]
v = Vuln.from_fr('Secure content over insecure channel',
desc, severity.MEDIUM, response_ids,
self.get_name(), freq)
self.kb_append(self, 'un_ssl', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
# In most cases, when one resource is available, all are
# so we just stop searching for this vulnerability
self._run = False
