def create_mutants(freq, mutant_str_list, fuzzable_param_list,
append, fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not 'fuzz_form_files' in fuzzer_config:
return []
if not isinstance(freq, HTTPPostDataRequest):
return []
file_vars = freq.get_file_vars()
if not file_vars:
return []
fake_file_objs = []
ext = fuzzer_config['fuzzed_files_extension']
for mutant_str in mutant_str_list:
if isinstance(mutant_str, basestring):
# I have to create the NamedStringIO with a "name".
# This is needed for MultipartPostHandler
fname = "%s.%s" % (rand_alpha(7), ext)
str_file = NamedStringIO(mutant_str, name=fname)
fake_file_objs.append(str_file)
res = Mutant._create_mutants_worker(freq, FileContentMutant,
fake_file_objs,
file_vars,
append, fuzzer_config)
return res
def test_mutant_creation_post_data(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
original_form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
self.assertEqual(len(created_mutants), 4, created_mutants)
expected_username_values = self.payloads + ['John8212'] * 2
expected_address_values = ['Bonsai Street 123'] * 2 + self.payloads
expected_file_values = ['GIF89a'] * 4
created_dc_lst = [i.get_dc() for i in created_mutants]
generated_username_values = [
dc['username'][0] for dc in created_dc_lst
]
generated_address_values = [dc['address'][0] for dc in created_dc_lst]
generated_file_values = [dc['file'][0] for dc in created_dc_lst]
self.assertEqual(expected_username_values, generated_username_values)
self.assertEqual(expected_address_values, generated_address_values)
for index, gen_file_value in enumerate(generated_file_values):
startswith = gen_file_value.startswith(expected_file_values[index])
self.assertTrue(startswith, gen_file_value)
self.assertTrue(
all(str_file.name[-4:].startswith('.gif')
for str_file in generated_file_values))
def test_mutant_creation_qs_and_postdata(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "password"), ("value", "")])
url = URL('http://moth/foo.bar?action=login')
freq = HTTPPostDataRequest(url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
expected_dc_lst = [
Form([('username', ['abc']), ('password', ['FrAmE30.'])]),
Form([('username', ['def']), ('password', ['FrAmE30.'])]),
Form([('username', ['John8212']), ('password', ['abc'])]),
Form([('username', ['John8212']), ('password', ['def'])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
created_urls = [i.get_uri() for i in created_mutants]
self.assertEqual(created_urls, [
url,
] * 4)
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_generic_methods(self):
self.dc['a'] = [
'1',
]
self.dc['b'] = [
'2',
]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
mutant = created_mutants[0]
self.assertEqual(repr(mutant),
'<mutant-generic | GET | http://moth/ >')
self.assertEqual(mutant.print_mod_value(),
'The data that was sent is: "None".')
self.assertNotEqual(id(mutant.copy()), id(mutant))
self.assertRaises(ValueError, mutant.get_original_response_body)
body = 'abcdef123'
mutant.set_original_response_body(body)
self.assertEqual(mutant.get_original_response_body(), body)
def test_mutant_creation(self):
self.dc["a"] = ["1"]
self.dc["b"] = ["2"]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
DataContainer([("a", ["abc"]), ("b", ["2"])]),
DataContainer([("a", ["def"]), ("b", ["2"])]),
DataContainer([("a", ["1"]), ("b", ["abc"])]),
DataContainer([("a", ["1"]), ("b", ["def"])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), "a")
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), "1")
self.assertEqual(created_mutants[2].get_var(), "b")
self.assertEqual(created_mutants[2].get_var_index(), 0)
self.assertEqual(created_mutants[2].get_original_value(), "2")
self.assertTrue(all(isinstance(m, Mutant) for m in created_mutants))
self.assertTrue(all(m.get_mutant_class() == "Mutant" for m in created_mutants))
def test_from_mutant(self):
dc = DataContainer()
url = URL('http://moth/')
payloads = ['abc', 'def']
dc['a'] = ['1', ]
dc['b'] = ['2', ]
freq = FuzzableRequest(url, dc=dc)
fuzzer_config = {}
created_mutants = Mutant.create_mutants(freq, payloads, [], False,
fuzzer_config)
mutant = created_mutants[0]
inst = Vuln.from_mutant('TestCase', 'desc' * 30, 'High', 1,
'plugin_name', mutant)
self.assertIsInstance(inst, Vuln)
self.assertEqual(inst.get_uri(), mutant.get_uri())
self.assertEqual(inst.get_url(), mutant.get_url())
self.assertEqual(inst.get_method(), mutant.get_method())
self.assertEqual(inst.get_dc(), mutant.get_dc())
self.assertEqual(inst.get_var(), mutant.get_var())
def test_mutant_creation_repeated_params(self):
self.dc['a'] = ['1', '2']
self.dc['b'] = [
'3',
]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
expected_dc_lst = [
DataContainer([('a', ['abc', '2']), ('b', ['3'])]),
DataContainer([('a', ['def', '2']), ('b', ['3'])]),
DataContainer([('a', ['1', 'abc']), ('b', ['3'])]),
DataContainer([('a', ['1', 'def']), ('b', ['3'])]),
DataContainer([('a', ['1', '2']), ('b', ['abc'])]),
DataContainer([('a', ['1', '2']), ('b', ['def'])])
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), 'a')
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), '1')
self.assertEqual(created_mutants[2].get_var(), 'a')
self.assertEqual(created_mutants[2].get_var_index(), 1)
self.assertEqual(created_mutants[2].get_original_value(), '2')
def test_mutant_creation_repeated_params(self):
self.dc["a"] = ["1", "2"]
self.dc["b"] = ["3"]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
DataContainer([("a", ["abc", "2"]), ("b", ["3"])]),
DataContainer([("a", ["def", "2"]), ("b", ["3"])]),
DataContainer([("a", ["1", "abc"]), ("b", ["3"])]),
DataContainer([("a", ["1", "def"]), ("b", ["3"])]),
DataContainer([("a", ["1", "2"]), ("b", ["abc"])]),
DataContainer([("a", ["1", "2"]), ("b", ["def"])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), "a")
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), "1")
self.assertEqual(created_mutants[2].get_var(), "a")
self.assertEqual(created_mutants[2].get_var_index(), 1)
self.assertEqual(created_mutants[2].get_original_value(), "2")
def test_from_mutant(self):
dc = DataContainer()
url = URL('http://moth/')
payloads = ['abc', 'def']
dc['a'] = [
'1',
]
dc['b'] = [
'2',
]
freq = FuzzableRequest(url, dc=dc)
fuzzer_config = {}
created_mutants = Mutant.create_mutants(freq, payloads, [], False,
fuzzer_config)
mutant = created_mutants[0]
inst = Info.from_mutant('TestCase', 'desc' * 30, 1, 'plugin_name',
mutant)
self.assertIsInstance(inst, Info)
self.assertEqual(inst.get_uri(), mutant.get_uri())
self.assertEqual(inst.get_url(), mutant.get_url())
self.assertEqual(inst.get_method(), mutant.get_method())
self.assertEqual(inst.get_dc(), mutant.get_dc())
self.assertEqual(inst.get_var(), mutant.get_var())
def test_mutant_creation_post_data(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
original_form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
self.assertEqual(len(created_mutants), 4, created_mutants)
expected_username_values = self.payloads + ["John8212"] * 2
expected_address_values = ["Bonsai Street 123"] * 2 + self.payloads
expected_file_values = ["GIF89a"] * 4
created_dc_lst = [i.get_dc() for i in created_mutants]
generated_username_values = [dc["username"][0] for dc in created_dc_lst]
generated_address_values = [dc["address"][0] for dc in created_dc_lst]
generated_file_values = [dc["file"][0] for dc in created_dc_lst]
self.assertEqual(expected_username_values, generated_username_values)
self.assertEqual(expected_address_values, generated_address_values)
for index, gen_file_value in enumerate(generated_file_values):
startswith = gen_file_value.startswith(expected_file_values[index])
self.assertTrue(startswith, gen_file_value)
self.assertTrue(all(str_file.name[-4:].startswith(".gif") for str_file in generated_file_values))
def test_mutant_creation(self):
self.dc['a'] = [
'1',
]
self.dc['b'] = [
'2',
]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
expected_dc_lst = [
DataContainer([('a', ['abc']), ('b', ['2'])]),
DataContainer([('a', ['def']), ('b', ['2'])]),
DataContainer([('a', ['1']), ('b', ['abc'])]),
DataContainer([('a', ['1']), ('b', ['def'])])
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), 'a')
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), '1')
self.assertEqual(created_mutants[2].get_var(), 'b')
self.assertEqual(created_mutants[2].get_var_index(), 0)
self.assertEqual(created_mutants[2].get_original_value(), '2')
self.assertTrue(all(isinstance(m, Mutant) for m in created_mutants))
self.assertTrue(
all(m.get_mutant_class() == 'Mutant' for m in created_mutants))
def create_mutants(freq, mutant_str_list, fuzzable_param_list, append,
fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not 'fuzz_form_files' in fuzzer_config:
return []
if not isinstance(freq, HTTPPostDataRequest):
return []
file_vars = freq.get_file_vars()
if not file_vars:
return []
fake_file_objs = []
ext = fuzzer_config['fuzzed_files_extension']
for mutant_str in mutant_str_list:
if isinstance(mutant_str, basestring):
# I have to create the NamedStringIO with a "name".
# This is needed for MultipartPostHandler
fname = "%s.%s" % (rand_alpha(7), ext)
str_file = NamedStringIO(mutant_str, name=fname)
fake_file_objs.append(str_file)
res = Mutant._create_mutants_worker(freq, FileContentMutant,
fake_file_objs, file_vars, append,
fuzzer_config)
return res
def test_mutant_creation_empty_dc(self):
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = []
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_creation_empty_dc(self):
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
expected_dc_lst = []
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def create_mutants(freq, mutant_str_list, fuzzable_param_list, append,
fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not isinstance(freq, HTTPQSRequest):
return []
return Mutant._create_mutants_worker(freq, QSMutant, mutant_str_list,
fuzzable_param_list, append,
fuzzer_config)
def test_mutant_creation_ignore_params(self):
self.dc["a"] = ["1"]
self.dc["b"] = ["2"]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, ["a"], False, self.fuzzer_config)
expected_dc_lst = [DataContainer([("a", ["abc"]), ("b", ["2"])]), DataContainer([("a", ["def"]), ("b", ["2"])])]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def create_mutants(freq, mutant_str_list, fuzzable_param_list,
append, fuzzer_config):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not isinstance(freq, HTTPQSRequest):
return []
return Mutant._create_mutants_worker(freq, QSMutant, mutant_str_list,
fuzzable_param_list,
append, fuzzer_config)
def create_vuln(self):
v = self.create_base_vuln()
url = self.url
if self.method.upper() == 'GET':
url.querystring = self.data
# User configured
v.set_method(self.method)
v.set_name(self.name)
v.set_var(self.vulnerable_parameter)
v.set_url(url)
v.set_dc(self.data)
freq = FuzzableRequest(url, method=self.method, dc=self.data)
mutant = Mutant(freq)
mutant.set_var(self.vulnerable_parameter)
mutant.set_dc(self.data)
v.set_mutant(mutant)
return v
def create_vuln(self):
self.data[self.vulnerable_parameter][0] = self.payload
v = super(LocalFileReadTemplate, self).create_vuln()
freq = FuzzableRequest(self.url, method=self.method, dc=self.data)
mutant = Mutant(freq)
mutant.set_var(self.vulnerable_parameter)
mutant.set_dc(self.data)
mutant.set_mod_value(self.payload)
v.set_mutant(mutant)
v['file_pattern'] = self.file_pattern
return v
def create_vuln(self):
v = super(XPathTemplate, self).create_vuln()
original_value = self.data[self.vulnerable_parameter][0]
freq = FuzzableRequest(self.url, method=self.method, dc=self.data)
mutant = Mutant(freq)
mutant.set_var(self.vulnerable_parameter)
mutant.set_dc(self.data)
mutant.set_original_value(original_value)
v.set_mutant(mutant)
return v
def test_mutant_generic_methods(self):
self.dc["a"] = ["1"]
self.dc["b"] = ["2"]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
mutant = created_mutants[0]
self.assertEqual(repr(mutant), "<mutant-generic | GET | http://moth/ >")
self.assertEqual(mutant.print_mod_value(), 'The data that was sent is: "None".')
self.assertNotEqual(id(mutant.copy()), id(mutant))
self.assertRaises(ValueError, mutant.get_original_response_body)
body = "abcdef123"
mutant.set_original_response_body(body)
self.assertEqual(mutant.get_original_response_body(), body)
def create_vuln(self):
self.data[self.vulnerable_parameter][0] = self.payload
v = super(LocalFileReadTemplate, self).create_vuln()
freq = FuzzableRequest(self.url, method=self.method, dc=self.data)
mutant = Mutant(freq)
mutant.set_var(self.vulnerable_parameter)
mutant.set_dc(self.data)
mutant.set_mod_value(self.payload)
v.set_mutant(mutant)
v['file_pattern'] = self.file_pattern
return v
def create_mutants(freq, mutant_str_list, fuzzable_param_list,
append, fuzzer_config, data_container=None):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not isinstance(freq, HTTPQSRequest):
return []
if not fuzzer_config['fuzz_cookies']:
return []
orig_cookie = freq.get_cookie()
return Mutant._create_mutants_worker(
freq, CookieMutant, mutant_str_list,
fuzzable_param_list,
append, fuzzer_config,
data_container=orig_cookie)
def test_mutant_creation_ignore_params(self):
self.dc['a'] = [
'1',
]
self.dc['b'] = [
'2',
]
freq = FuzzableRequest(self.url, dc=self.dc)
created_mutants = Mutant.create_mutants(freq, self.payloads, [
'a',
], False, self.fuzzer_config)
expected_dc_lst = [
DataContainer([('a', ['abc']), ('b', ['2'])]),
DataContainer([('a', ['def']), ('b', ['2'])])
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def create_mutants(freq,
mutant_str_list,
fuzzable_param_list,
append,
fuzzer_config,
data_container=None):
'''
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
'''
if not fuzzer_config['fuzzable_headers']:
return []
# Generate a list with the headers we'll fuzz
fuzzable_param_list = fuzzable_param_list + fuzzer_config[
'fuzzable_headers']
# Generate a dummy object that we'll use for fixing the "impedance mismtach"
# between the Headers() object that doesn't have the same form as a
# generic DataContainer. Headers look like:
# {'a':'b'}
# While data containers look like
# {'a': ['b',]}
#
# Note that I'm undoing this in the set_dc method above.
# (search for __HERE__)
#
orig_headers = freq.get_headers()
headers_copy = orig_headers.copy()
for header_name in fuzzer_config['fuzzable_headers']:
headers_copy[header_name] = ''
cloned_headers = headers_copy.clone_with_list_values()
return Mutant._create_mutants_worker(freq,
HeadersMutant,
mutant_str_list,
fuzzable_param_list,
append,
fuzzer_config,
data_container=cloned_headers)
def test_mutant_creation_qs_and_postdata(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "password"), ("value", "")])
url = URL("http://moth/foo.bar?action=login")
freq = HTTPPostDataRequest(url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
Form([("username", ["abc"]), ("password", ["FrAmE30."])]),
Form([("username", ["def"]), ("password", ["FrAmE30."])]),
Form([("username", ["John8212"]), ("password", ["abc"])]),
Form([("username", ["John8212"]), ("password", ["def"])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
created_urls = [i.get_uri() for i in created_mutants]
self.assertEqual(created_urls, [url] * 4)
self.assertEqual(created_dc_lst, expected_dc_lst)
def create_mutants(freq, mutant_str_list, fuzzable_param_list, append, fuzzer_config, data_container=None):
"""
This is a very important method which is called in order to create
mutants. Usually called from fuzzer.py module.
"""
if not fuzzer_config["fuzzable_headers"]:
return []
# Generate a list with the headers we'll fuzz
fuzzable_param_list = fuzzable_param_list + fuzzer_config["fuzzable_headers"]
# Generate a dummy object that we'll use for fixing the "impedance mismtach"
# between the Headers() object that doesn't have the same form as a
# generic DataContainer. Headers look like:
# {'a':'b'}
# While data containers look like
# {'a': ['b',]}
#
# Note that I'm undoing this in the set_dc method above.
# (search for __HERE__)
#
orig_headers = freq.get_headers()
headers_copy = orig_headers.copy()
for header_name in fuzzer_config["fuzzable_headers"]:
headers_copy[header_name] = ""
cloned_headers = headers_copy.clone_with_list_values()
return Mutant._create_mutants_worker(
freq,
HeadersMutant,
mutant_str_list,
fuzzable_param_list,
append,
fuzzer_config,
data_container=cloned_headers,
)
def create_vuln(self):
v = self.create_base_vuln()
url = self.url
if self.method.upper() == 'GET':
url.querystring = self.data
# User configured
v.set_method(self.method)
v.set_name(self.name)
v.set_var(self.vulnerable_parameter)
v.set_url(url)
v.set_dc(self.data)
freq = FuzzableRequest(url, method=self.method, dc=self.data)
mutant = Mutant(freq)
mutant.set_var(self.vulnerable_parameter)
mutant.set_dc(self.data)
v.set_mutant(mutant)
return v
def __init__(self, freq):
Mutant.__init__(self, freq)
def test_get_mutant_class(self):
m = Mutant(None)
self.assertEqual(m.get_mutant_class(), "Mutant")
def __init__(self, freq):
Mutant.__init__(self, freq)
def __init__(self, freq):
Mutant.__init__(self, freq)
self._double_encoding = False
self._safe_encode_chars = ''
def test_get_mutant_class(self):
m = Mutant(None)
self.assertEqual(m.get_mutant_class(), 'Mutant')