def test_setpostdata(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = 'a=1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.raw_post, 'a=1')
self.assertEqual(fr.params.post, {'a': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'1': None})
self.assertEqual(fr.params.raw_post, '1')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': 1}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
self.assertEqual(fr.params.raw_post, 'a=1')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': '1'}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
self.assertEqual(fr.params.raw_post, 'a=1')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = "{'a': '1'}"
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {"{'a': '1'}": None})
def test_params_set(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
ffilter = FuzzResFilter(filter_string="r.params.get.param=+'test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.params.get.param, "1test")
self.assertEqual(fuzz_res.history.params.get, {'param': "1test", 'param2': "2"})
ffilter = FuzzResFilter(filter_string="r.params.get.param=-'test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.params.get.param, "test1test")
self.assertEqual(fuzz_res.history.params.get, {'param': "test1test", 'param2': "2"})
ffilter = FuzzResFilter(filter_string="r.params.get.param:='test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.params.get.param, "test")
self.assertEqual(fuzz_res.history.params.get, {'param': "test", 'param2': "2"})
ffilter = FuzzResFilter(filter_string="r.params.get.param2='2'")
self.assertEqual(ffilter.is_visible(fuzz_res), True)
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
ffilter = FuzzResFilter(filter_string="r.params.all=+'2'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.params.all, {'param': "12", 'param2': "22"})
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
ffilter = FuzzResFilter(filter_string="r.params.all:='2'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.params.all, {'param': "2", 'param2': "2"})
def test_get_vars(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/?a&b=1"
self.assertEqual(fr.params.get, {'a': None, 'b': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/?"
self.assertEqual(fr.params.get, {})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
self.assertEqual(fr.params.get, {})
def test_setpostdata_with_json(self):
fr = FuzzRequest()
fr.headers.request = {'Content-Type': 'application/json'}
fr.url = "http://www.wfuzz.org/"
fr.params.post = '{"string": "Foo bar","boolean": false}'
self.assertEqual(fr.params.post, {
'string': 'Foo bar',
'boolean': False
})
fr = FuzzRequest()
fr.headers.request = {'Content-Type': 'application/json'}
fr.url = "http://www.wfuzz.org/"
fr.params.post = '{"array": [1,2]}'
self.assertEqual(fr.params.post, {'array': [1, 2]})
def test_urlp(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path/test.php?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
ffilter = FuzzResFilter(filter_string="r.urlp.scheme='http'")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.urlp.netloc='www.wfuzz.org'")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.urlp.path='/path/test.php'")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.urlp.ffname='test.php'")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.urlp.fext='.php'")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.urlp.fname='test'")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.urlp.hasquery")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="not r.urlp.isbllist")
self.assertEqual(True, ffilter.is_visible(fuzz_res))
def test_setgetdata(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1'}
self.assertEqual(fr.method, "GET")
self.assertEqual(fr.params.get, {'a': '1'})
def test_cache_key_json_header_after(self):
fr = FuzzRequest()
fr.headers.request = {'Content-Type': 'application/json'}
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-p1')
def test_setgetdata(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1'}
self.assertEqual(fr.method, "GET")
self.assertEqual(fr.params.get, {'a': '1'})
def test_post_bad_json(self):
fr = FuzzRequest()
fr.headers.request = {'Content-Type': 'application/json'}
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'1': None})
self.assertEqual(fr.params.raw_post, '1')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.headers.request = {'Content-Type': 'application/json'}
fr.params.post = 'a=1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.raw_post, "a=1")
self.assertEqual(fr.params.post, {'a': '1'})
def test_params_set_no_value(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param"
fuzz_res = FuzzResult(history=fr)
ffilter = FuzzResFilter(filter_string="r.params.all=+'test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.params.get, {'param': None})
def test_ispath(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
ffilter = FuzzResFilter(filter_string="r.is_path")
self.assertEqual(False, ffilter.is_visible(fuzz_res))
ffilter = FuzzResFilter(filter_string="r.pstrip")
self.assertEqual(ffilter.is_visible(fuzz_res), "http://www.wfuzz.org/path-gparam-gparam2")
def test_empy_post(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = ''
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'': None})
self.assertEqual(fr.params.raw_post, '')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {})
self.assertEqual(fr.params.raw_post, '')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = None
self.assertEqual(fr.method, "GET")
self.assertEqual(fr.params.post, {})
self.assertEqual(fr.params.raw_post, None)
def test_setpostdata(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = 'a=1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'1': None})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = ''
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'': None})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {}
self.assertEqual(fr.method, "GET")
self.assertEqual(fr.params.post, {})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': 1}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': '1'}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = "{'a': '1'}"
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {"{'a': '1'}": None})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
fr.headers.request = {'Content-Type': 'application/json'}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'1': None})
def __init__(self, description, show_field):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
fuzz_res._description = description
fuzz_res._show_field = show_field
self.outfile = BytesIO()
with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f:
pickle.dump(fuzz_res, f)
self.outfile.seek(0)
self.outfile.name = "mockfile"
def test_allvars(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
fr.wf_allvars = "allvars"
self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': '1', 'b': '2'}
fr.wf_allvars = "allpost"
self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
default_headers = dict([
('Content-Type', 'application/x-www-form-urlencoded'),
('User-Agent', 'Wfuzz/{}'.format(wfuzz_version)),
('Host', 'www.wfuzz.org')
])
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.wf_allvars = "allheaders"
self.assertEqual(fr.wf_allvars_set, default_headers)
def test_allvars(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
fr.wf_allvars = "allvars"
self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': '1', 'b': '2'}
fr.wf_allvars = "allpost"
self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
default_headers = dict([
('Content-Type', 'application/x-www-form-urlencoded'),
('User-Agent', 'Wfuzz/{}'.format(wfuzz_version)),
('Host', 'www.wfuzz.org')
])
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.wf_allvars = "allheaders"
self.assertEqual(fr.wf_allvars_set, default_headers)
def test_url_set(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
ffilter = FuzzResFilter(filter_string="r.url=+'test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.url, "http://www.wfuzz.org/path?param=1¶m2=2test")
ffilter = FuzzResFilter(filter_string="r.url:='test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.url, "http://test/")
ffilter = FuzzResFilter(filter_string="r.url=-'test'")
ffilter.is_visible(fuzz_res)
self.assertEqual(fuzz_res.history.url, "testhttp://test/")
def test_seturl(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
self.assertEqual(fr.url, "http://www.wfuzz.org/")
self.assertEqual(fr.host, "www.wfuzz.org")
self.assertEqual(fr.redirect_url, "http://www.wfuzz.org/")
self.assertEqual(fr.scheme, "http")
self.assertEqual(fr.path, "/")
self.assertEqual(fr.follow, False)
fr.url = "http://www.wfuzz.org"
self.assertEqual(fr.url, "http://www.wfuzz.org/")
fr.url = "www.wfuzz.org"
self.assertEqual(fr.url, "http://www.wfuzz.org/")
fr.url = "FUZZ://www.wfuzz.org/"
self.assertEqual(fr.url, "FUZZ://www.wfuzz.org/")
self.assertEqual(fr.scheme, "FUZZ")
fr.url = "http://www.wfuzz.org/FUZZ"
self.assertEqual(fr.url, "http://www.wfuzz.org/FUZZ")
fr.url = "http://www.wfuzz.org/a"
self.assertEqual(fr.url, "http://www.wfuzz.org/a")
self.assertEqual(fr.path, "/a")
fr.url = "http://www.wfuzz.org/a"
self.assertEqual(sorted(str(fr).split("\n")),
sorted(raw_req.split("\n")))
fr.auth = ('basic', 'admin:admin')
self.assertEqual(fr.auth, ('basic', 'admin:admin'))
fr.url = "FUZZ"
self.assertEqual(fr.url, "FUZZ")
self.assertEqual(fr.host, "")
self.assertEqual(fr.redirect_url, "FUZZ")
self.assertEqual(fr.scheme, "")
self.assertEqual(fr.path, "FUZZ")
self.assertEqual(fr.follow, False)
def test_seturl(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
self.assertEqual(fr.url, "http://www.wfuzz.org/")
self.assertEqual(fr.host, "www.wfuzz.org")
self.assertEqual(fr.redirect_url, "http://www.wfuzz.org/")
self.assertEqual(fr.scheme, "http")
self.assertEqual(fr.path, "/")
self.assertEqual(fr.follow, False)
fr.url = "http://www.wfuzz.org"
self.assertEqual(fr.url, "http://www.wfuzz.org/")
fr.url = "www.wfuzz.org"
self.assertEqual(fr.url, "http://www.wfuzz.org/")
fr.url = "FUZZ://www.wfuzz.org/"
self.assertEqual(fr.url, "FUZZ://www.wfuzz.org/")
self.assertEqual(fr.scheme, "FUZZ")
fr.url = "http://www.wfuzz.org/FUZZ"
self.assertEqual(fr.url, "http://www.wfuzz.org/FUZZ")
fr.url = "http://www.wfuzz.org/a"
self.assertEqual(fr.url, "http://www.wfuzz.org/a")
self.assertEqual(fr.path, "/a")
fr.url = "http://www.wfuzz.org/a"
self.assertEqual(sorted(str(fr).split("\n")), sorted(raw_req.split("\n")))
fr.auth = ('basic', 'admin:admin')
self.assertEqual(fr.auth, ('basic', 'admin:admin'))
fr.url = "FUZZ"
self.assertEqual(fr.url, "FUZZ")
self.assertEqual(fr.host, "")
self.assertEqual(fr.redirect_url, "FUZZ")
self.assertEqual(fr.scheme, "")
self.assertEqual(fr.path, "FUZZ")
self.assertEqual(fr.follow, False)
def test_nonexisting(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
with self.assertRaises(Exception) as context:
ffilter = FuzzResFilter(filter_string="url=-'test'")
ffilter.is_visible(fuzz_res)
self.assertTrue("rsetattr: Can't set" in str(context.exception))
with self.assertRaises(Exception) as context:
ffilter = FuzzResFilter(filter_string="notthere=-'test'")
ffilter.is_visible(fuzz_res)
self.assertTrue("rgetattr: Can't get" in str(context.exception))
with self.assertRaises(Exception) as context:
ffilter = FuzzResFilter(filter_string="r.params.get.notthere=-'test'")
ffilter.is_visible(fuzz_res)
self.assertTrue("DotDict: Non-existing field" in str(context.exception))
def test_cache_key(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-ga-gb')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'c': '1', 'd': '2'}
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-pc-pd')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
fr.params.post = {'c': '1', 'd': '2'}
self.assertEqual(fr.to_cache_key(),
'http://www.wfuzz.org/-ga-gb-pc-pd')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
fr.params.post = {'a': '1', 'b': '2'}
self.assertEqual(fr.to_cache_key(),
'http://www.wfuzz.org/-ga-gb-pa-pb')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-p1')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = ''
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-p')
def test_cache_key(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-ga-gb')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'c': '1', 'd': '2'}
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-pc-pd')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
fr.params.post = {'c': '1', 'd': '2'}
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-ga-gb-pc-pd')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.get = {'a': '1', 'b': '2'}
fr.params.post = {'a': '1', 'b': '2'}
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-ga-gb-pa-pb')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-p1')
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = ''
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-p')
def test_setpostdata(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = 'a=1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = '1'
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'1': None})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = ''
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'': None})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {}
self.assertEqual(fr.method, "GET")
self.assertEqual(fr.params.post, {})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': 1}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/"
fr.params.post = {'a': '1'}
self.assertEqual(fr.method, "POST")
self.assertEqual(fr.params.post, {'a': '1'})
def test_cache_key_get_var(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/?a&b=1"
self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-ga-gb')