def handle_request_in_thread(self, flow):
"""
This method handles EVERY request that was send by the browser, we
receive the request and:
* Check if it's a request to indicate we should finish, if not
* Parse it and send to the core
:param flow: A libmproxy flow containing the request
"""
http_request = self._to_w3af_request(flow.request)
uri = http_request.get_uri()
msg = '[spider_man] Handling request: %s %s'
om.out.debug(msg % (http_request.get_method(), uri))
if uri.get_domain() == self.parent_process.target_domain:
grep = True
else:
grep = False
try:
if self._is_terminate_favicon(http_request):
http_response = self._create_favicon_response(http_request)
elif self._is_terminate_request(http_request):
self._terminate()
http_response = self._create_terminate_response(http_request)
else:
# Send the request to the core
freq = FuzzableRequest.from_http_request(http_request)
self.parent_process.plugin.send_fuzzable_request_to_core(freq)
# Send the request to the remote webserver
http_response = self._send_http_request(http_request,
grep=grep)
except Exception as e:
trace = str(traceback.format_exc())
http_response = self._create_error_response(http_request,
None,
e,
trace=trace)
# Useful logging
headers = http_response.get_headers()
cookie_value, cookie_header = headers.iget('cookie', None)
if cookie_value is not None:
msg = ('The remote web application sent the following'
' cookie: "%s" through the spider-man proxy.\nw3af will use'
' it during the rest of the scan process in order to'
' maintain the session.')
om.out.information(msg % cookie_value)
# Send the response (success|error) to the browser
http_response = self._to_libmproxy_response(flow.request,
http_response)
flow.reply(http_response)
def handle_request_in_thread(self, flow):
"""
This method handles EVERY request that was send by the browser, we
receive the request and:
* Check if it's a request to indicate we should finish, if not
* Parse it and send to the core
:param flow: A libmproxy flow containing the request
"""
http_request = self._to_w3af_request(flow.request)
uri = http_request.get_uri()
msg = '[spider_man] Handling request: %s %s'
om.out.debug(msg % (http_request.get_method(), uri))
if uri.get_domain() == self.parent_process.target_domain:
grep = True
else:
grep = False
try:
if self._is_terminate_favicon(http_request):
http_response = self._create_favicon_response(http_request)
elif self._is_terminate_request(http_request):
self._terminate()
http_response = self._create_terminate_response(http_request)
else:
# Send the request to the core
freq = FuzzableRequest.from_http_request(http_request)
self.parent_process.plugin.send_fuzzable_request_to_core(freq)
# Send the request to the remote webserver
http_response = self._send_http_request(http_request,
grep=grep)
except Exception, e:
trace = str(traceback.format_exc())
http_response = self._create_error_response(http_request,
None,
e,
trace=trace)
def handle_request_in_thread(self, flow):
"""
This method handles EVERY request that was send by the browser, we
receive the request and:
* Check if it's a request to indicate we should finish, if not
* Parse it and send to the core
:param flow: A libmproxy flow containing the request
"""
http_request = self._to_w3af_request(flow.request)
uri = http_request.get_uri()
msg = '[spider_man] Handling request: %s %s'
om.out.debug(msg % (http_request.get_method(), uri))
if uri.get_domain() == self.parent_process.target_domain:
grep = True
else:
grep = False
try:
if self._is_terminate_favicon(http_request):
http_response = self._create_favicon_response(http_request)
elif self._is_terminate_request(http_request):
self._terminate()
http_response = self._create_terminate_response(http_request)
else:
# Send the request to the core
freq = FuzzableRequest.from_http_request(http_request)
self.parent_process.plugin.send_fuzzable_request_to_core(freq)
# Send the request to the remote webserver
http_response = self._send_http_request(http_request, grep=grep)
except Exception, e:
trace = str(traceback.format_exc())
http_response = self._create_error_response(http_request, None, e,
trace=trace)
