#user = User("PHPbb64", 0, "http://localhost:8080/phpbb/ucp.php?mode=login", login_data = {"username": "******", "password": "******"}, session= "ABC")
#user = User("Joomla", 0, "http://localhost:8080/", login_data = {"username": "******", "password": "******"}, session= "ABC")
#user = User("ModX", 0 , "http://localhost:8080/manager/", login_data= {"username": "******", "password": "******"}, session="ABC")
#user = User("Pimcore", 0, "http://localhost:8080/admin/login/", login_data={"username": "******", "password": "******"}, session="ABC")
#user = User("Piwigo", 0, "http://localhost:8080/", login_data={"username": "******", "password": "******"}, session="ABC")
#user = User("Concret5", 0, "http://localhost:8080/index.php/login", login_data={"uName": "admin", "uPassword": "******"})
#user = User("Mediawiki", 0)
#user = User("MyBB2", 0, "http://localhost:8080/index.php", login_data= {"quick_username": "******", "quick_password": "******"}, session="ABC")
#user = User("MyBB2", 0, "http://localhost:8080/admin/index.php", login_data= {"username": "******", "password": "******"}, session="ABC")
#user = User("local", 0)
url = "http://localhost:8080/"
crawler_config = CrawlConfig("Database Name",
url,
max_depth=2,
max_click_depth=5,
crawl_speed=CrawlSpeed.Fast)
attack_config = AttackConfig(url)
database_manager = DatabaseManager(user, dropping=True)
crawler = Crawler(
crawl_config=crawler_config,
database_manager=database_manager) #, proxy="localhost", port=8082)
crawler.crawl(user)
# TODO: It seems to be that, there is an error if we instanciate crawler and attacker and then call the crawl function. Maybe use one global app!
logging.info("Crawler finished")
logging.info("Start attacking...")
#attacker = Attacker(attack_config, database_manager=database_manager)#, proxy="localhost", port=8082)
#attacker.attack(user)
logging.info("Finish attacking...")
def setUp(self):
self.persistence_manager = DatabaseManager(User("DummyUser", 0))
self.domain_handler = DomainHandler("example.com",
self.persistence_manager)
def setUp(self):
self.persistence_manager = DatabaseManager(User("DummyUser", 0))
self.domain_handler = DomainHandler("example.com", self.persistence_manager)
class DomainHandlerTest(unittest.TestCase):
def setUp(self):
self.persistence_manager = DatabaseManager(User("DummyUser", 0))
self.domain_handler = DomainHandler("example.com",
self.persistence_manager)
def test_a_parameter_calculation(self):
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "a"),
ParameterType.Char)
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "4"),
ParameterType.Digit)
self.assertEqual(
self.domain_handler.calculate_new_url_type(None, "afd"),
ParameterType.String)
self.assertEqual(
self.domain_handler.calculate_new_url_type(None, "1.5"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(None, "42342"),
ParameterType.Integer)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Digit,
"a"),
ParameterType.Char)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Digit,
"1"),
ParameterType.Digit)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Digit,
"12"),
ParameterType.Integer)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Digit,
"42.5"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Digit,
"abc"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Digit,
"abc123"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"a"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"1"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"1.5"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"abc"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"abc123"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"17"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Float,
"17.5"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Integer,
"a"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Integer,
"14"),
ParameterType.Integer)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Integer,
"14.5"),
ParameterType.Float)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Integer,
"abc123"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Char,
"a"),
ParameterType.Char)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Char,
"4"),
ParameterType.Char)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Char,
"14"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Char,
"14.5"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Char,
"abc"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.Char,
"abc123"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.String,
"a"),
ParameterType.String)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.String,
"abc"),
ParameterType.String)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.String,
"1"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.String,
"2.3"),
ParameterType.AlphaNumerical)
self.assertEqual(
self.domain_handler.calculate_new_url_type(ParameterType.String,
"abc123"),
ParameterType.AlphaNumerical)
def test_b_create_url_function(self):
url = self.domain_handler.handle_url(
"http://example.com/test.php?a=5&b=abc")
url_desc = self.persistence_manager.get_url_structure(url.url_hash)
self.assertEqual(url_desc.get_parameter_type("b"),
ParameterType.String)
self.assertEqual(url_desc.get_parameter_type("a"), ParameterType.Digit)
self.assertEqual(url.get_values_to_parameter("a")[0], "5")
self.assertEqual(url.get_values_to_parameter("b")[0], "abc")
url = self.domain_handler.handle_url("test.php?a=7&b=abc123",
"http://example.com")
url_desc = self.persistence_manager.get_url_structure(url.url_hash)
self.assertEqual(url_desc.get_parameter_type("b"),
ParameterType.AlphaNumerical)
self.assertEqual(url_desc.get_parameter_type("a"), ParameterType.Digit)
self.assertEqual(url.domain, "example.com")
self.assertEqual(url.path, "/test.php")
self.assertEqual(url.scheme, "http")
self.assertEqual(len(url.parameters), 2)
self.assertEqual(url.get_values_to_parameter("a")[0], "7")
self.assertEqual(url.get_values_to_parameter("b")[0], "abc123")
with self.assertRaises(KeyError):
url.get_values_to_parameter("zzz")
class DomainHandlerTest(unittest.TestCase):
def setUp(self):
self.persistence_manager = DatabaseManager(User("DummyUser", 0))
self.domain_handler = DomainHandler("example.com", self.persistence_manager)
def test_a_parameter_calculation(self):
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "a"), ParameterType.Char)
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "4"), ParameterType.Digit)
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "afd"), ParameterType.String)
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "1.5"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(None, "42342"), ParameterType.Integer)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Digit, "a"), ParameterType.Char)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Digit, "1"), ParameterType.Digit)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Digit, "12"), ParameterType.Integer)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Digit, "42.5"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Digit, "abc"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Digit, "abc123"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "a"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "1"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "1.5"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "abc"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "abc123"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "17"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Float, "17.5"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Integer, "a"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Integer, "14"), ParameterType.Integer)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Integer, "14.5"), ParameterType.Float)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Integer, "abc123"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Char, "a"), ParameterType.Char)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Char, "4"), ParameterType.Char)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Char, "14"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Char, "14.5"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Char, "abc"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.Char, "abc123"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.String, "a"), ParameterType.String)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.String, "abc"), ParameterType.String)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.String, "1"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.String, "2.3"), ParameterType.AlphaNumerical)
self.assertEqual(self.domain_handler.calculate_new_url_type(ParameterType.String, "abc123"), ParameterType.AlphaNumerical)
def test_b_create_url_function(self):
url = self.domain_handler.handle_url("http://example.com/test.php?a=5&b=abc")
url_desc = self.persistence_manager.get_url_structure(url.url_hash)
self.assertEqual(url_desc.get_parameter_type("b"), ParameterType.String)
self.assertEqual(url_desc.get_parameter_type("a"), ParameterType.Digit)
self.assertEqual(url.get_values_to_parameter("a")[0], "5")
self.assertEqual(url.get_values_to_parameter("b")[0], "abc")
url = self.domain_handler.handle_url("test.php?a=7&b=abc123", "http://example.com")
url_desc = self.persistence_manager.get_url_structure(url.url_hash)
self.assertEqual(url_desc.get_parameter_type("b"), ParameterType.AlphaNumerical)
self.assertEqual(url_desc.get_parameter_type("a"), ParameterType.Digit)
self.assertEqual(url.domain, "example.com")
self.assertEqual(url.path, "/test.php")
self.assertEqual(url.scheme, "http")
self.assertEqual(len(url.parameters), 2)
self.assertEqual(url.get_values_to_parameter("a")[0], "7")
self.assertEqual(url.get_values_to_parameter("b")[0], "abc123")
with self.assertRaises(KeyError):
url.get_values_to_parameter("zzz")