def extract(self, arg, from_response=None):
"""Extract a particular field of the request.
The field is looked up in:
* attributes
* URL query
* request body
* cookies
* response
"""
if from_response:
if self.response:
return self.response.extract(arg)
return None
if hasattr(self, arg):
return getattr(self, arg)
if self.query:
query = parse_qs(self.query)
if arg in query:
return query[arg][0]
if self.content:
post = parse_qs(self.content)
if arg in post:
return post[arg][0]
c = self.cookies
if c:
if arg in c:
return c[arg].value
if from_response is None and self.response:
return self.response.extract(arg)
def find_injection_points(r):
"""Find valid injection points.
This functions returns the injection points that could
be used by i().
"""
ips = []
if r.query:
i_pts = parse_qs(r.query)
if i_pts:
ips.extend(i_pts)
if r.content:
i_pts = parse_qs(r.content)
if i_pts:
ips.extend(i_pts)
if r.cookies:
i_pts = [c.name for c in r.cookies]
if i_pts:
ips.extend(i_pts)
try:
i_pts = json.loads(r.content)
ips.extend(i_pts.keys())
except (ValueError, TypeError):
pass
return ips
def find_injection_points(r):
"""Find valid injection points.
This functions returns the injection points that could
be used by i().
"""
ips = []
if r.query:
i_pts = parse_qs(r.query)
if i_pts:
ips.extend(i_pts)
if r.content:
i_pts = parse_qs(r.content)
if i_pts:
ips.extend(i_pts)
if r.cookies:
i_pts = [ c.name for c in r.cookies]
if i_pts:
ips.extend(i_pts)
try:
i_pts = json.loads(r.content)
ips.extend(i_pts.keys())
except (ValueError,TypeError):
pass
return ips
def extract(self, arg, from_response=None):
"""Extract a particular field of the request.
The field is looked up in:
* attributes
* headers
* URL query
* request body
* cookies
* response
"""
if from_response:
if self.response:
return self.response.extract(arg)
return None
if hasattr(self, arg):
return getattr(self, arg)
h = self.get_header(arg)
if h:
return h[0]
if self.query:
query = parse_qs(self.query)
if arg in query:
return query[arg][0]
if self.content:
post = parse_qs(self.content)
if arg in post:
return post[arg][0]
try:
for c in self.cookies:
if c.name == arg:
return c.value
except CookieException:
pass
if from_response is None and self.response:
return self.response.extract(arg)
def extract(self, arg, from_response=None):
"""Extract a particular field of the request.
The field is looked up in:
* attributes
* headers
* URL query
* request body
* cookies
* response
"""
if from_response:
if self.response:
return self.response.extract(arg)
return None
if hasattr(self, arg):
return getattr(self, arg)
h = self.get_header(arg)
if h:
return h[0]
if self.query:
query = parse_qs(self.query)
if arg in query:
return query[arg][0]
if self.content:
post = parse_qs(self.content)
if arg in post:
return post[arg][0]
try:
for c in self.cookies:
if c.name == arg:
return c.value
except CookieException:
pass
if from_response is None and self.response:
return self.response.extract(arg)
def _inject_post(r, value, pds, pre_func):
rs = []
i_pts = parse_qs(r.content)
if value in i_pts:
nc = i_pts.copy()
for p in pds:
nc[value] = [pre_func(p), ]
n_content = urlencode(nc)
r_new = r.copy()
r_new.content = n_content
r_new.injection_point = value
r_new.payload = p
r_new._update_content_length()
rs.append(r_new)
return rs
def _inject_query(r, value, pds, pre_func):
rs = []
i_pts = parse_qs(r.query)
if value in i_pts:
nq = i_pts.copy()
parsed_url = urlparse.urlparse(r.url)
for p in pds:
nq[value] = [pre_func(p), ]
s = list(parsed_url)
s[4] = urlencode(nq)
r_new = r.copy()
r_new.url = urlparse.urlunparse(s)
r_new.injection_point = value
r_new.payload = p
rs.append(r_new)
return rs
def _inject_post(r, value, pds, pre_func):
rs = []
i_pts = parse_qs(r.content)
if value in i_pts:
nc = i_pts.copy()
for p in pds:
nc[value] = [
pre_func(p),
]
n_content = urlencode(nc)
r_new = r.copy()
r_new.raw_content = n_content
r_new.content = n_content
r_new.injection_point = value
r_new.payload = p
r_new.update_content_length()
rs.append(r_new)
return rs
def _inject_query(r, value, pds, pre_func):
rs = []
i_pts = parse_qs(r.query)
if value in i_pts:
nq = i_pts.copy()
parsed_url = urlparse.urlparse(r.url)
for p in pds:
nq[value] = [
pre_func(p),
]
s = list(parsed_url)
s[4] = urlencode(nq)
r_new = r.copy()
r_new.url = urlparse.urlunparse(s)
r_new.injection_point = value
r_new.payload = p
rs.append(r_new)
return rs
