def getObject(self):
'''Return object (request or resoponse).'''
head, body = self.get_text(splitted=True)
if self.is_request:
return httpRequestParser(head, body)
else:
raise Exception('HttpResponseParser is not implemented!:(')
def html_export(request_string):
'''
@parameter request_string: The string of the request to export
@return: A HTML that will perform the same HTTP request.
'''
requestLines = request_string.split('\n\n')
header = requestLines[0]
body = '\n\n'.join(requestLines[1:])
httpRequest = httpRequestParser( header, body)
res = '''<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Exported HTTP Request from W3AF</title>
</head>
<body>'''
res += '<form action="' + httpRequest.getURI() +'" method="' + httpRequest.getMethod() + '">\n'
if httpRequest.getData() and httpRequest.getData() != '\n':
postData = httpRequest.getDc()
for i in postData:
res += '<label>' + i + '</label>\n'
res += '<input type="text" name="' + i.strip() + '" value="' + postData[i][0] + '">\n'
res += '<input type="submit">\n'
res += '</form>\n'
res += '''</body>\n</html>'''
return res
def sendRawRequest( self, head, postdata, fixContentLength=True):
'''
In some cases the xUrllib user wants to send a request that was typed in a textbox or is stored in a file.
When something like that happens, this library allows the user to send the request by specifying two parameters
for the sendRawRequest method:
@parameter head: "<method> <URI> <HTTP version>\r\nHeader: Value\r\nHeader2: Value2..."
@parameter postdata: The postdata, if any. If set to '' or None, no postdata is sent.
@parameter fixContentLength: Indicates if the content length has to be fixed or not.
@return: An httpResponse object.
'''
# Parse the two strings
fuzzReq = httpRequestParser(head, postdata)
# Fix the content length
if fixContentLength:
headers = fuzzReq.getHeaders()
fixed = False
for h in headers:
if h.lower() == 'content-length':
headers[ h ] = str(len(postdata))
fixed = True
if not fixed and postdata:
headers[ 'content-length' ] = str(len(postdata))
fuzzReq.setHeaders(headers)
# Send it
function_reference = getattr( self , fuzzReq.getMethod() )
return function_reference( fuzzReq.getURI(), data=fuzzReq.getData(), headers=fuzzReq.getHeaders(),
useCache=False, grepResult=False)
def getObject(self):
'''Return object (request or resoponse).'''
head = self.startLine;
for header in self._headersStore:
head += header[0] + ':' + header[1] + CRLF
if self.is_request:
return httpRequestParser(head, self._raw.get_text())
else:
raise Exception('HttpResponseParser is not implemented')
def ruby_export( request_string ):
'''
@parameter request_string: The string of the request to export
@return: A net/http based ruby script that will perform the same HTTP request.
'''
# get the header and the body
splitted_request = request_string.split('\n\n')
header = splitted_request[0]
body = '\n\n'.join(splitted_request[1:])
http_request = httpRequestParser( header, body)
# Now I do the real magic...
res = 'require \'net/https\'\n\n'
res += 'url = URI.parse("' + ruby_escape_string(http_request.getURI().url_string) + '")\n'
if http_request.getData() != '\n' and http_request.getData() is not None:
escaped_data = ruby_escape_string( str(http_request.getData()) )
res += 'data = "' + escaped_data + '"\n'
else:
res += 'data = nil\n'
res += 'headers = { \n'
headers = http_request.getHeaders()
for header_name in headers:
header_value = ruby_escape_string(headers[header_name])
header_name = ruby_escape_string(header_name)
res += '\t"' + header_name + '" => "' + header_value + '",\n'
res = res [:-2]
res += '\n}\n'
method = http_request.getMethod()
res += 'res = Net::HTTP.start(url.host, url.port) do |http|\n'
res += '\thttp.use_ssl = '
if http_request.getURL().getProtocol().lower() == 'https':
res += 'true\n'
else:
res += 'false\n'
res += '\thttp.send_request("' + method + '", url.path, data, headers)\n'
res += 'end\n\n'
res += 'puts res.body\n'
return res
def python_export( request_string ):
'''
@parameter request_string: The string of the request to export
@return: A urllib2 based python script that will perform the same HTTP request.
'''
# get the header and the body
splitted_request = request_string.split('\n\n')
header = splitted_request[0]
body = '\n\n'.join(splitted_request[1:])
http_request = httpRequestParser( header, body)
# Now I do the real magic...
res = 'import urllib2\n\n'
res += 'url = "' + python_escape_string(http_request.getURI()) + '"\n'
if http_request.getData() != '\n' and http_request.getData() is not None:
escaped_data = python_escape_string(str(http_request.getData()) )
res += 'data = "' + escaped_data + '"\n'
else:
res += 'data = None\n'
res += 'headers = { \n'
headers = http_request.getHeaders()
for header_name in headers:
header_value = python_escape_string(headers[header_name])
header_name = python_escape_string(header_name)
res += '\t"' + header_name + '" : "' + header_value + '",\n'
res = res [:-2]
res += '\n}\n'
res += '''
request = urllib2.Request(url, data, headers)
response = urllib2.urlopen(request)
response_body = response.read()
'''
res += 'print response_body\n'
return res
def _fixContentLength(self, head, postdata):
'''
The user may have changed the postdata of the request, and not the content-length header;
so we are going to fix that problem.
'''
fuzzReq = httpRequestParser(head, postdata)
headers = fuzzReq.getHeaders()
for h in headers:
if h.lower() == 'content-length':
length = headers[ h ]
try:
length = int(length)
except Exception, e:
om.out.debug('Failed to fix the content length, the value of the header is: "'+ length +'".')
else:
if length == len(fuzzReq.getData()):
# I don't have to fix anything
pass
else:
# fixing length!
headers[ h ] = str(len(fuzzReq.getData()))
fuzzReq.setHeaders(headers)
def showRaw(self, head, body):
self._obj = httpRequestParser(head, body)
self.synchronize()
def ajax_export(request_string):
"""
@parameter request_string: The string of the request to export
@return: A javascript that will perform the same HTTP request.
"""
# get the header and the body
splitted_request = request_string.split("\n\n")
header = splitted_request[0]
body = "\n\n".join(splitted_request[1:])
http_request = httpRequestParser(header, body)
# Now I do the real magic...
# This is the header, to include the AJAX stuff:
res = """/* Init AJAX stuff */
var xmlhttp=false;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
// JScript gives us Conditional compilation, we can cope with old IE versions.
// and security blocked creation of the objects.
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (E) {
xmlhttp = false;
}
}
@end @*/
if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
try {
xmlhttp = new XMLHttpRequest();
} catch (e) {
xmlhttp=false;
}
}
if (!xmlhttp && window.createRequest) {
try {
xmlhttp = window.createRequest();
} catch (e) {
xmlhttp=false;
}
}
/* Finished AJAX initialization */
/* Create the request */
"""
# Set the method and the path
res += 'xmlhttp.open("' + http_request.getMethod() + '", "'
res += ajax_escape_string(http_request.getURI().url_string) + '",true);\n'
# For debugging
res += """
/* Debugging code, this should be removed for real life XSS exploits */
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4) {
alert(xmlhttp.responseText)
}
}
/* Add headers to the request and send it */
"""
# Now I add the headers:
headers = http_request.getHeaders()
for header_name in headers:
res += 'xmlhttp.setRequestHeader("' + ajax_escape_string(header_name) + '", "'
res += ajax_escape_string(headers[header_name]) + '");\n'
# And finally the post data (if any)
if http_request.getData() and http_request.getData() != "\n":
res += "var post_data = (<r><![CDATA[" + str(http_request.getData()) + "]]></r>).toString();\n"
res += "xmlhttp.send(post_data);\n"
else:
res += "xmlhttp.send(null);\n"
return res
def showRaw(self, head, body):
self._obj = httpRequestParser(head, body)
### FIXME: REMOVE ME ###
self._set_vals.append((True, str(self._obj)))
#######################
self.synchronize()
