def createFuzzableRequests(resp, request=None, add_self=True): ''' Generates the fuzzable requests based on an http response instance. @parameter resp: An HTTPResponse instance. @parameter request: The HTTP request that generated the resp @parameter add_self: If I should add the current HTTP request (@parameter request) to the result on not. @return: A list of fuzzable requests. ''' is_redirect = lambda resp: 300 <= resp.getCode() < 400 res = [] # Headers for all fuzzable requests created here: # And add the fuzzable headers to the dict headers = dict((h, '') for h in cf.cf.getData('fuzzableHeaders')) req_headers = dict(headers) req_headers.update(request and request.getHeaders() or {}) # Get the cookie! cookieObj = _create_cookie(resp) # Create the fuzzable request that represents the request object # passed as parameter if add_self: qsr = HTTPQSRequest( resp.getURI(), headers=req_headers, cookie=cookieObj ) res.append(qsr) # If response was a 30X (i.e. a redirect) then include the # corresponding fuzzable request. if is_redirect(resp): redir_headers = resp.getLowerCaseHeaders() location = redir_headers.get('location') or \ redir_headers.get('uri', '') if location: location = smart_unicode(location, encoding=resp.charset) try: absolute_location = resp.getURL().urlJoin(location) except ValueError: msg = 'The application sent a 30x redirect "Location:" that' msg += ' w3af failed to correctly parse as an URL, the header' msg += ' value was: "%s"' om.out.debug( msg % location ) else: qsr = HTTPQSRequest( absolute_location, headers=req_headers, cookie=cookieObj ) res.append(qsr) # Try to find forms in the document try: dp = dpCache.dpc.getDocumentParserFor(resp) except w3afException: # Failed to find a suitable parser for the document form_list = [] else: form_list = dp.getForms() if not form_list: # Check if its a wsdl file wsdlp = wsdlParser.wsdlParser() try: wsdlp.setWsdl(resp.getBody()) except w3afException: pass else: for rem_meth in wsdlp.getMethods(): wspdr = wsPostDataRequest( rem_meth.getLocation(), rem_meth.getAction(), rem_meth.getParameters(), rem_meth.getNamespace(), rem_meth.getMethodName(), headers ) res.append(wspdr) else: # Create one httpPostDataRequest for each form variant mode = cf.cf.getData('fuzzFormComboValues') for form in form_list: for variant in form.getVariants(mode): if form.getMethod().upper() == 'POST': r = httpPostDataRequest( variant.getAction(), variant.getMethod(), headers, cookieObj, variant, form.getFileVariables() ) else: # The default is a GET request r = HTTPQSRequest( variant.getAction(), headers=headers, cookie=cookieObj ) r.setDc(variant) res.append(r) return res
def createFuzzableRequests( httpResponse, request=None, add_self=True ): ''' Generates the fuzzable requests based on an http response instance. @parameter httpResponse: An httpResponse instance. @parameter request: The HTTP request that generated the httpResponse @parameter add_self: If I should add the current HTTP request (@parameter request) to the result on not. @return: A list of fuzzable requests. ''' res = [] # query string url = httpResponse.getURL() QSObject = httpResponse.getURI().getQueryString() # Headers for all fuzzable requests created here: # And add the fuzzable headers to the dict headers = {} for header_name in cf.cf.getData('fuzzableHeaders' ): if header_name not in headers: headers[ header_name ] = '' # Get the cookie! cookieObj = _createCookie( httpResponse ) # # create the fuzzable request that represents the request object passed as parameter # if add_self: self_headers = {} if request: self_headers = request.getHeaders() for header_name in cf.cf.getData('fuzzableHeaders' ): if header_name not in headers: self_headers[ header_name ] = '' qsr = httpQsRequest.httpQsRequest() qsr.setURL( url ) qsr.setDc( QSObject ) qsr.setHeaders( self_headers ) qsr.setCookie( cookieObj ) res.append( qsr ) # Try to find forms in the document form_list = [] try: dp = dpCache.dpc.getDocumentParserFor( httpResponse ) except w3afException: # Failed to find a suitable parser for the document pass else: form_list = dp.getForms() if not form_list: # Check if its a wsdl file wsdlp = wsdlParser.wsdlParser() try: wsdlp.setWsdl( httpResponse.getBody() ) except w3afException: pass else: webServiceList = wsdlp.getMethods() if len( webServiceList ) != 0: for remoteMethod in webServiceList: wspdr = wsPostDataRequest.wsPostDataRequest() wspdr.setURL( remoteMethod.getLocation() ) wspdr.setAction( remoteMethod.getAction() ) wspdr.setParameters( remoteMethod.getParameters() ) wspdr.setNS( remoteMethod.getNamespace() ) wspdr.setMethodName( remoteMethod.getMethodName() ) wspdr.setHeaders( headers ) res.append( wspdr ) else: # create one httpPostDataRequest for each form variant mode = cf.cf.getData('fuzzFormComboValues') for form in form_list: for variant in form.getVariants(mode): if form.getMethod().upper() == 'POST': r = httpPostDataRequest.httpPostDataRequest() r.setMethod(variant.getMethod()) r.setFileVariables(form.getFileVariables()) else: # The default is a GET request r = httpQsRequest.httpQsRequest() r.setURL(variant.getAction()) r.setDc(variant) r.setHeaders(headers) r.setCookie(cookieObj) res.append(r) return res