def __init__(self):
if NetworkAccessManager.__unique:
raise NetworkAccessManager.__unique
NetworkAccessManager.__unique = self
QNetworkAccessManager.__init__(self)
self.requestTokensInfo = None
self.proxy_instance = QNetworkProxy(QNetworkProxy.NoProxy)
# overloaded 'finished' signal so that we can store them in the history
self.finished[QNetworkReply].connect(self.finished_overload)
# setup network disk cache directoru (./user/cache)
self.diskCache = QNetworkDiskCache()
self.diskCache.setCacheDirectory(core.management.configuration['path']['cache'])
self.setCache(self.diskCache)
self.sheepURI = QUrl.fromLocalFile(core.management.configuration['path']['resources']).toString()
# history model keeps all transaction in memory
self.history = NetworkHistory(self.diskCache, self)
self.post_history = POSTHistory()
self.appinfo = SiteInfoStore(self)
self.rewrite_stored_url = False
self.urlrewriting = URLRewritingStore()
# did we enable tampering data? if so, what is the tampering method
self.tampering = False
self.tampering_method = None
self.intercept = False
self.disable_referer = False
# set the personnal cookie jar
if not core.management.cookieJar:
core.management.cookieJar = QNetworkCookieJar()
self.setCookieJar(core.management.cookieJar)
# store the SSL certificates
self.sslCfg = QSslConfiguration.defaultConfiguration()
sslCa = self.sslCfg.caCertificates()
sslNew = QSslCertificate.fromPath(core.management.configuration['path']['certificates'])
sslCa +=sslNew
self.sslCfg.setCaCertificates(sslCa)
QSslConfiguration.setDefaultConfiguration(self.sslCfg)
QObject.connect(self, SIGNAL("authenticationRequired(QNetworkReply*, QAuthenticator*)"), self.authenticationRequired_Slot)
def __init__(self):
if NetworkAccessManager.__unique:
raise NetworkAccessManager.__unique
NetworkAccessManager.__unique = self
QNetworkAccessManager.__init__(self)
self.requestTokensInfo = None
self.proxy_instance = QNetworkProxy(QNetworkProxy.NoProxy)
# overloaded 'finished' signal so that we can store them in the history
self.finished[QNetworkReply].connect(self.finished_overload)
# setup network disk cache directoru (./user/cache)
self.diskCache = QNetworkDiskCache()
self.diskCache.setCacheDirectory(core.management.configuration["path"]["cache"])
self.setCache(self.diskCache)
self.sheepURI = QUrl.fromLocalFile(core.management.configuration["path"]["resources"]).toString()
# history model keeps all transaction in memory
self.history = NetworkHistory(self.diskCache, self)
self.post_history = POSTHistory()
self.appinfo = SiteInfoStore(self)
self.rewrite_stored_url = False
self.urlrewriting = URLRewritingStore()
# did we enable tampering data? if so, what is the tampering method
self.tampering = False
self.tampering_method = None
self.intercept = False
self.disable_referer = False
# set the personnal cookie jar
if not core.management.cookieJar:
core.management.cookieJar = QNetworkCookieJar()
self.setCookieJar(core.management.cookieJar)
# store the SSL certificates
self.sslCfg = QSslConfiguration.defaultConfiguration()
sslCa = self.sslCfg.caCertificates()
sslNew = QSslCertificate.fromPath(core.management.configuration["path"]["certificates"])
sslCa += sslNew
self.sslCfg.setCaCertificates(sslCa)
QSslConfiguration.setDefaultConfiguration(self.sslCfg)
QObject.connect(
self, SIGNAL("authenticationRequired(QNetworkReply*, QAuthenticator*)"), self.authenticationRequired_Slot
)
class NetworkAccessManager(QNetworkAccessManager):
__unique = None
def __init__(self):
if NetworkAccessManager.__unique:
raise NetworkAccessManager.__unique
NetworkAccessManager.__unique = self
QNetworkAccessManager.__init__(self)
self.requestTokensInfo = None
self.proxy_instance = QNetworkProxy(QNetworkProxy.NoProxy)
# overloaded 'finished' signal so that we can store them in the history
self.finished[QNetworkReply].connect(self.finished_overload)
# setup network disk cache directoru (./user/cache)
self.diskCache = QNetworkDiskCache()
self.diskCache.setCacheDirectory(core.management.configuration["path"]["cache"])
self.setCache(self.diskCache)
self.sheepURI = QUrl.fromLocalFile(core.management.configuration["path"]["resources"]).toString()
# history model keeps all transaction in memory
self.history = NetworkHistory(self.diskCache, self)
self.post_history = POSTHistory()
self.appinfo = SiteInfoStore(self)
self.rewrite_stored_url = False
self.urlrewriting = URLRewritingStore()
# did we enable tampering data? if so, what is the tampering method
self.tampering = False
self.tampering_method = None
self.intercept = False
self.disable_referer = False
# set the personnal cookie jar
if not core.management.cookieJar:
core.management.cookieJar = QNetworkCookieJar()
self.setCookieJar(core.management.cookieJar)
# store the SSL certificates
self.sslCfg = QSslConfiguration.defaultConfiguration()
sslCa = self.sslCfg.caCertificates()
sslNew = QSslCertificate.fromPath(core.management.configuration["path"]["certificates"])
sslCa += sslNew
self.sslCfg.setCaCertificates(sslCa)
QSslConfiguration.setDefaultConfiguration(self.sslCfg)
QObject.connect(
self, SIGNAL("authenticationRequired(QNetworkReply*, QAuthenticator*)"), self.authenticationRequired_Slot
)
def renew(self):
# self.history.renew()
# self.post_history.renew()
# self.appinfo.renew()
# self.urlrewriting.renew()
self.rewrite_stored_url = False
def setRequestTokensInfoReference(self, requestTokenInfoInstance):
self.requestTokensInfo = requestTokenInfoInstance
def getHistoryFromURL(self, qurlstr):
return self.history.getHistoryFromURL(qurlstr)
def setIntercept(self, value):
self.intercept = value
self.emit(SIGNAL("networkManagerIntercept_Signal"), self.intercept)
def toggleIntercept(self):
self.intercept = not self.intercept
self.emit(SIGNAL("networkManagerIntercept_Signal"), self.intercept)
def setURLRewriting(self, value=True):
self.rewrite_stored_url = value
def toggleDisableReferer(self):
self.disable_referer = not self.disable_referer
def getDiskCache(self):
return self.diskCache
def setProxy_Slot(self, proxy_type, host=None, port=None, user=None, password=None):
self.proxy_instance = QNetworkProxy()
if not QNetworkProxy.NoProxy == proxy_type:
self.proxy_instance.setType(proxy_type)
self.proxy_instance.setHostName(host)
self.proxy_instance.setPort(int(port))
self.proxy_instance.setUser(user)
self.proxy_instance.setPassword(password)
else:
self.proxy_instance.setType(QNetworkProxy.NoProxy)
self.setProxy(self.proxy_instance)
def getNetworkHistory(self, request_id):
return self.history.getHistory(request_id)
def getNetworkRequestIDFromURL(self, qurlstr):
return self.history.getRequestIDFromURL(qurlstr)
def getResponseContent(self, request_id):
return self.history.getResponseContent(request_id)
def getCookieJar(self):
return self.cookieJar()
def finished_overload(self, qreply):
url = qreply.request().url()
if url.toString().contains(self.sheepURI):
return qreply
qreply, request_id = self.history.processReply(qreply)
# query the cache to get the download content by this request
data = self.diskCache.data(url)
if data:
self.history.storeReplyContent(request_id, data.readAll())
if self.tampering:
self.emit(SIGNAL("networkManagerInspectContent"), request_id)
data.reset()
# emit the request_id for the HTTP transactions view widget
self.emit(SIGNAL("availableNetworkReply_Signal"), request_id)
self.emit(SIGNAL("newUrl_Signal"), request_id)
self.appinfo.extractSiteInfo(request_id)
return qreply
def createRequest(self, op, req, outgoingData=None):
if req.url().toString().contains(self.sheepURI):
return QNetworkAccessManager.createRequest(self, op, req, outgoingData)
# TODO: further test if the user-agent isn't already set in the request
# TODP: check for conflicts with existing user-agent from Qt
req.setRawHeader("User-Agent", core.management.__default_user_agent__)
if self.disable_referer:
if req.hasRawHeader("Referer"):
req.setRawHeader("Referer", "")
elif req.hasRawHeader("Referrer"):
req.setRawHeader("Referrer", "")
# allow all tampering happening here
if self.tampering and self.tampering_method:
# automated tampering. last action should be replacement of tokens
op, req, outgoingData = self.tampering_method(op, req, outgoingData)
# interception code here, after the automated tampering to let flexibility
# to the pen-tester
if self.intercept:
loc_url = req.url()
try:
outgoingDataList = None
if outgoingData:
self.post_history.makePost(outgoingData, loc_url)
outgoingDataList = self.post_history.getPOSTList(loc_url)
tamper_dialog = core.dialog.http_tamper.HTTPTamperDialog(
self, op, req, outgoingDataList, core.management.maininstance
)
if tamper_dialog.exec_() == QDialog.Accepted:
nrequest = tamper_dialog.getHTTPRequest()
if nrequest:
op, req, outgoingDataByteArray = nrequest.networkRequest()
self.emit(SIGNAL("linkTampered_NetManager"), req.url())
if outgoingDataByteArray:
self.post_history.makePost(outgoingDataByteArray, loc_url)
outgoingData = self.post_history.getQBuffer(loc_url)
except Exception, error:
core.management.logger.exception(
"NetworkManager::createRequest- Exception during the request interception handling. (Exception: "
+ error
+ ")"
)
# prefer getting data from cache when possible
req.setAttribute(QNetworkRequest.CacheLoadControlAttribute, QNetworkRequest.PreferCache)
op, req, new_outgoingData = self.history.processRequest(op, req, outgoingData)
return QNetworkAccessManager.createRequest(self, op, req, new_outgoingData)
class NetworkAccessManager(QNetworkAccessManager):
__unique = None
def __init__(self):
if NetworkAccessManager.__unique:
raise NetworkAccessManager.__unique
NetworkAccessManager.__unique = self
QNetworkAccessManager.__init__(self)
self.requestTokensInfo = None
self.proxy_instance = QNetworkProxy(QNetworkProxy.NoProxy)
# overloaded 'finished' signal so that we can store them in the history
self.finished[QNetworkReply].connect(self.finished_overload)
# setup network disk cache directoru (./user/cache)
self.diskCache = QNetworkDiskCache()
self.diskCache.setCacheDirectory(core.management.configuration['path']['cache'])
self.setCache(self.diskCache)
self.sheepURI = QUrl.fromLocalFile(core.management.configuration['path']['resources']).toString()
# history model keeps all transaction in memory
self.history = NetworkHistory(self.diskCache, self)
self.post_history = POSTHistory()
self.appinfo = SiteInfoStore(self)
self.rewrite_stored_url = False
self.urlrewriting = URLRewritingStore()
# did we enable tampering data? if so, what is the tampering method
self.tampering = False
self.tampering_method = None
self.intercept = False
self.disable_referer = False
# set the personnal cookie jar
if not core.management.cookieJar:
core.management.cookieJar = QNetworkCookieJar()
self.setCookieJar(core.management.cookieJar)
# store the SSL certificates
self.sslCfg = QSslConfiguration.defaultConfiguration()
sslCa = self.sslCfg.caCertificates()
sslNew = QSslCertificate.fromPath(core.management.configuration['path']['certificates'])
sslCa +=sslNew
self.sslCfg.setCaCertificates(sslCa)
QSslConfiguration.setDefaultConfiguration(self.sslCfg)
QObject.connect(self, SIGNAL("authenticationRequired(QNetworkReply*, QAuthenticator*)"), self.authenticationRequired_Slot)
def renew(self):
#self.history.renew()
#self.post_history.renew()
#self.appinfo.renew()
#self.urlrewriting.renew()
self.rewrite_stored_url = False
def setRequestTokensInfoReference(self, requestTokenInfoInstance):
self.requestTokensInfo = requestTokenInfoInstance
def getHistoryFromURL(self, qurlstr):
return self.history.getHistoryFromURL(qurlstr)
def setIntercept(self, value):
self.intercept = value
self.emit(SIGNAL('networkManagerIntercept_Signal'), self.intercept)
def toggleIntercept(self):
self.intercept = not self.intercept
self.emit(SIGNAL('networkManagerIntercept_Signal'), self.intercept)
def setURLRewriting(self, value = True):
self.rewrite_stored_url = value
def toggleDisableReferer(self):
self.disable_referer = not self.disable_referer
def getDiskCache(self):
return self.diskCache
def setProxy_Slot(self, proxy_type, host=None, port=None, user=None, password=None):
self.proxy_instance = QNetworkProxy()
if not QNetworkProxy.NoProxy == proxy_type:
self.proxy_instance.setType(proxy_type)
self.proxy_instance.setHostName(host)
self.proxy_instance.setPort(int(port))
self.proxy_instance.setUser(user)
self.proxy_instance.setPassword(password)
else:
self.proxy_instance.setType(QNetworkProxy.NoProxy)
self.setProxy(self.proxy_instance)
def getNetworkHistory(self, request_id):
return self.history.getHistory(request_id)
def getNetworkRequestIDFromURL(self, qurlstr):
return self.history.getRequestIDFromURL(qurlstr)
def getResponseContent(self, request_id):
return self.history.getResponseContent(request_id)
def getCookieJar(self):
return self.cookieJar()
def finished_overload(self, qreply):
url = qreply.request().url()
if url.toString().contains(self.sheepURI):
return qreply
qreply, request_id = self.history.processReply(qreply)
# query the cache to get the download content by this request
data = self.diskCache.data(url)
if data:
self.history.storeReplyContent(request_id, data.readAll())
if self.tampering:
self.emit(SIGNAL('networkManagerInspectContent'), request_id)
data.reset()
# emit the request_id for the HTTP transactions view widget
self.emit(SIGNAL('availableNetworkReply_Signal'), request_id)
self.emit(SIGNAL('newUrl_Signal'), request_id)
self.appinfo.extractSiteInfo(request_id)
return qreply
def createRequest(self, op, req, outgoingData = None):
if req.url().toString().contains(self.sheepURI):
return QNetworkAccessManager.createRequest(self, op, req, outgoingData)
# TODO: further test if the user-agent isn't already set in the request
# TODP: check for conflicts with existing user-agent from Qt
req.setRawHeader("User-Agent", core.management.__default_user_agent__)
if self.disable_referer:
if req.hasRawHeader("Referer"):
req.setRawHeader("Referer", "")
elif req.hasRawHeader("Referrer"):
req.setRawHeader("Referrer", "")
# allow all tampering happening here
if self.tampering and self.tampering_method:
# automated tampering. last action should be replacement of tokens
op, req, outgoingData = self.tampering_method(op, req, outgoingData)
# interception code here, after the automated tampering to let flexibility
# to the pen-tester
if self.intercept:
loc_url = req.url()
try:
outgoingDataList = None
if outgoingData:
self.post_history.makePost(outgoingData, loc_url)
outgoingDataList = self.post_history.getPOSTList(loc_url)
tamper_dialog = core.dialog.http_tamper.HTTPTamperDialog(self, op, req, outgoingDataList, core.management.maininstance)
if tamper_dialog.exec_() == QDialog.Accepted:
nrequest = tamper_dialog.getHTTPRequest()
if nrequest:
op, req, outgoingDataByteArray = nrequest.networkRequest()
self.emit(SIGNAL('linkTampered_NetManager'), req.url())
if outgoingDataByteArray:
self.post_history.makePost(outgoingDataByteArray, loc_url)
outgoingData = self.post_history.getQBuffer(loc_url)
except Exception, error:
core.management.logger.exception("NetworkManager::createRequest- Exception during the request interception handling. (Exception: " + error + ")")
# prefer getting data from cache when possible
req.setAttribute(QNetworkRequest.CacheLoadControlAttribute, QNetworkRequest.PreferCache)
op, req, new_outgoingData = self.history.processRequest(op, req, outgoingData)
return QNetworkAccessManager.createRequest(self, op, req, new_outgoingData)
