Example #1
0
def createFuzzableRequests(resp, request=None, add_self=True):
    '''
    Generates the fuzzable requests based on an http response instance.
    
    @parameter resp: An HTTPResponse instance.
    @parameter request: The HTTP request that generated the resp
    @parameter add_self: If I should add the current HTTP request
        (@parameter request) to the result on not.
    
    @return: A list of fuzzable requests.
    '''
    is_redirect = lambda resp: 300 <= resp.getCode() < 400
    res = []
    
    # Headers for all fuzzable requests created here:
    # And add the fuzzable headers to the dict
    headers = dict((h, '') for h in cf.cf.getData('fuzzableHeaders'))
    req_headers = dict(headers)
    req_headers.update(request and request.getHeaders() or {})
    
    # Get the cookie!
    cookieObj = _create_cookie(resp)
    
    # Create the fuzzable request that represents the request object
    # passed as parameter
    if add_self:
        qsr = HTTPQSRequest(
                    resp.getURI(),
                    headers=req_headers,
                    cookie=cookieObj
                    )
        res.append(qsr)
    
    # If response was a 30X (i.e. a redirect) then include the
    # corresponding fuzzable request. 
    if is_redirect(resp):
        redir_headers = resp.getLowerCaseHeaders()
        location = redir_headers.get('location') or \
                        redir_headers.get('uri', '')
        if location:
            location = smart_unicode(location, encoding=resp.charset)
            try:
                absolute_location = resp.getURL().urlJoin(location)
            except ValueError:
                msg = 'The application sent a 30x redirect "Location:" that'
                msg += ' w3af failed to correctly parse as an URL, the header'
                msg += ' value was: "%s"'
                om.out.debug( msg % location )
            else:
                qsr = HTTPQSRequest(
                    absolute_location,
                    headers=req_headers,
                    cookie=cookieObj
                    )
                res.append(qsr)
    
    # Try to find forms in the document
    try:
        dp = dpCache.dpc.getDocumentParserFor(resp)
    except w3afException:
        # Failed to find a suitable parser for the document
        form_list = []
    else:
        form_list = dp.getForms()
    
    if not form_list:
        # Check if its a wsdl file
        wsdlp = wsdlParser.wsdlParser()
        try:
            wsdlp.setWsdl(resp.getBody())
        except w3afException:
            pass
        else:
            for rem_meth in wsdlp.getMethods():
                wspdr = wsPostDataRequest(
                                  rem_meth.getLocation(),
                                  rem_meth.getAction(),
                                  rem_meth.getParameters(),
                                  rem_meth.getNamespace(),
                                  rem_meth.getMethodName(),
                                  headers
                                  )
                res.append(wspdr)
    else:
        # Create one httpPostDataRequest for each form variant
        mode = cf.cf.getData('fuzzFormComboValues')
        for form in form_list:
            for variant in form.getVariants(mode):
                if form.getMethod().upper() == 'POST':
                    r = httpPostDataRequest(
                                        variant.getAction(),
                                        variant.getMethod(),
                                        headers,
                                        cookieObj,
                                        variant,
                                        form.getFileVariables()
                                        )
                else:
                    # The default is a GET request
                    r = HTTPQSRequest(
                                  variant.getAction(),
                                  headers=headers,
                                  cookie=cookieObj
                                  )
                    r.setDc(variant)
                
                res.append(r)
    return res
Example #2
0
def createFuzzableRequests( httpResponse, request=None, add_self=True ):
    '''
    Generates the fuzzable requests based on an http response instance.
    
    @parameter httpResponse: An httpResponse instance.
    @parameter request: The HTTP request that generated the httpResponse
    @parameter add_self: If I should add the current HTTP request (@parameter request) to the result
    on not.
    
    @return: A list of fuzzable requests.
    '''
    res = []
    
    # query string
    url = httpResponse.getURL()
    QSObject = httpResponse.getURI().getQueryString()
    
    # Headers for all fuzzable requests created here:
    # And add the fuzzable headers to the dict
    headers = {}
    for header_name in cf.cf.getData('fuzzableHeaders' ):
        if header_name not in headers:
            headers[ header_name ] = ''
    
    # Get the cookie!
    cookieObj = _createCookie( httpResponse )
    
    #
    # create the fuzzable request that represents the request object passed as parameter
    #
    if add_self:
        self_headers = {}
        if request:
            self_headers = request.getHeaders()
        for header_name in cf.cf.getData('fuzzableHeaders' ):
            if header_name not in headers:
                self_headers[ header_name ] = ''

        qsr = httpQsRequest.httpQsRequest()
        qsr.setURL( url )
        qsr.setDc( QSObject )
        qsr.setHeaders( self_headers )
        qsr.setCookie( cookieObj )
        res.append( qsr )
    
    # Try to find forms in the document
    form_list = []
    try:
        dp = dpCache.dpc.getDocumentParserFor( httpResponse )
    except w3afException:
        # Failed to find a suitable parser for the document
        pass
    else:
        form_list = dp.getForms()
    
    if not form_list:
        
        # Check if its a wsdl file
        wsdlp = wsdlParser.wsdlParser()
        try:
            wsdlp.setWsdl( httpResponse.getBody() )
        except w3afException:
            pass
        else:
            webServiceList = wsdlp.getMethods()
            if len( webServiceList ) != 0:
                for remoteMethod in webServiceList:
                    wspdr = wsPostDataRequest.wsPostDataRequest()
                    wspdr.setURL( remoteMethod.getLocation() )
                    wspdr.setAction( remoteMethod.getAction() )
                    wspdr.setParameters( remoteMethod.getParameters() )
                    wspdr.setNS( remoteMethod.getNamespace() )
                    wspdr.setMethodName( remoteMethod.getMethodName() )
                    wspdr.setHeaders( headers )
                    res.append( wspdr )     
        
    else:
        # create one httpPostDataRequest for each form variant
        mode = cf.cf.getData('fuzzFormComboValues')
        for form in form_list:
            for variant in form.getVariants(mode):
                if form.getMethod().upper() == 'POST':
                    r = httpPostDataRequest.httpPostDataRequest()
                    r.setMethod(variant.getMethod())
                    r.setFileVariables(form.getFileVariables())
                else:
                    # The default is a GET request
                    r = httpQsRequest.httpQsRequest()
                r.setURL(variant.getAction())
                r.setDc(variant)
                r.setHeaders(headers)
                r.setCookie(cookieObj)
                res.append(r)
    return res