def add_owtf_transaction(self, request_hash): owtf_transaction = transaction.HTTP_Transaction(timer.Timer()) request = request_from_cache(request_hash, self.cache_dir) response = response_from_cache(request_hash, self.cache_dir) request.in_scope = self.Core.IsInScopeURL(request.url) owtf_transaction.ImportProxyRequestResponse(request, response) self.Core.DB.Transaction.LogTransaction(owtf_transaction)
def Request(self, url, method=None, post=None): # kludge: necessary to get around urllib2 limitations: Need this to get # the exact request that was sent. global raw_request url = str(url) raw_request = [] # Init Raw Request to blank list. post = self.DerivePOST(post) method = DeriveHTTPMethod(method, post) url = url.strip() # Clean up URL. request = urllib2.Request(url, post, self.Headers) # GET request. if method is not None: # kludge: necessary to do anything other that GET or POST with # urllib2 request.get_method = lambda: method # MUST create a new Transaction object each time so that lists of # transactions can be created and process at plugin-level # Pass the timer object to avoid instantiating each time. self.http_transaction = transaction.HTTP_Transaction(self.timer) self.http_transaction.Start(url, post, method, self.target.IsInScopeURL(url)) self.RequestCountTotal += 1 try: response = self.perform_request(request) self.set_succesful_transaction(raw_request, response) except urllib2.HTTPError, Error: # page NOT found. # Error is really a response for anything other than 200 OK in # urllib2 :) self.http_transaction.SetTransaction(False, raw_request[0], Error)
def Request(self, url, method=None, post=None): # kludge: necessary to get around urllib2 limitations: Need this to get the exact request that was sent. global raw_request url = str(url) raw_request = [] # Init Raw Request to blank list. post = self.DerivePOST(post) method = DeriveHTTPMethod(method, post) url = url.strip() # Clean up URL. request = urllib2.Request(url, post, self.Headers) # GET request. if method is not None: # kludge: necessary to do anything other that GET or POST with urllib2 request.get_method = lambda: method # MUST create a new Transaction object each time so that lists of # transactions can be created and process at plugin-level # Pass the timer object to avoid instantiating each time. self.http_transaction = transaction.HTTP_Transaction(self.timer) self.http_transaction.Start(url, post, method, self.target.IsInScopeURL(url)) self.RequestCountTotal += 1 try: response = self.perform_request(request) self.set_succesful_transaction(raw_request, response) except urllib2.HTTPError as Error: # page NOT found. # Error is really a response for anything other than 200 OK in urllib2 :) self.http_transaction.SetTransaction(False, raw_request[0], Error) except urllib2.URLError as Error: # Connection refused? err_message = self.ProcessHTTPErrorCode(Error, url) self.http_transaction.SetError(err_message) except IOError: err_message = "ERROR: Requester Object -> Unknown HTTP Request error: %s\n%s" % (url, str(sys.exc_info())) self.http_transaction.SetError(err_message) if self.LogTransactions: # Log transaction in DB for analysis later and return modified Transaction with ID. self.log_transaction() return self.http_transaction
def DeriveTransaction(self, trans): if trans: owtf_transaction = transaction.HTTP_Transaction(None) response_body = trans.response_body if trans.binary_response: response_body = base64.b64decode(response_body) owtf_transaction.SetTransactionFromDB( trans.id, trans.url, trans.method, trans.response_status, str(trans.time), trans.time_human, trans.data, trans.raw_request, trans.response_headers, response_body) return owtf_transaction return (None)
def get_owtf_transactions(self, hash_list): transactions_dict = None target_list = self.target.GetIndexedTargets() if target_list: # If there are no targets in db, where are we going to add. OMG transactions_dict = {} host_list = self.target.GetAllInScope('host_name') for request_hash in hash_list: request = request_from_cache(os.path.join(self.cache_dir, request_hash)) response = response_from_cache(os.path.join(self.cache_dir, request_hash)) target_id, request.in_scope = self.derive_target_for_transaction(request, response, target_list, host_list) owtf_transaction = transaction.HTTP_Transaction(timer.Timer()) owtf_transaction.ImportProxyRequestResponse(request, response) try: transactions_dict[target_id].append(owtf_transaction) except KeyError: transactions_dict[target_id] = [owtf_transaction] return(transactions_dict)
def Request(self, URL, Method = None, POST = None): global RawRequest # kludge: necessary to get around urllib2 limitations: Need this to get the exact request that was sent RawRequest = [] # Init Raw Request to blank list POST = self.DerivePOST(POST) Method = DeriveHTTPMethod(Method, POST) URL = URL.strip() # Clean up URL request = urllib2.Request(URL, POST, self.Headers) # GET request if None != Method: request.get_method = lambda : Method # kludge: necessary to do anything other that GET or POST with urllib2 # MUST create a new Transaction object each time so that lists of transactions can be created and process at plugin-level self.Transaction = transaction.HTTP_Transaction(self.Core.Timer) # Pass the timer object to avoid instantiating each time self.Transaction.Start(URL, POST, Method, self.Core.IsInScopeURL(URL)) self.RequestCountTotal += 1 try: Response = urllib2.urlopen(request) self.Transaction.SetTransaction(True, RawRequest[0], Response) except urllib2.HTTPError, Error: # page NOT found self.Transaction.SetTransaction(False, RawRequest[0], Error) # Error is really a response for anything other than 200 OK in urllib2 :)
def GetByID(self, ID): MatchList = self.Search({'ID': ID}) if len(MatchList) > 0: # Transaction found T = MatchList[0] Transaction = transaction.HTTP_Transaction(self.Core.Timer) TStr = "" Prefix = self.GetPrefix(T['Scope']) try: Path = self.Core.Config.Get( 'TRANSACTION_LOG_TRANSACTIONS') + Prefix + T['ID'] + ".txt" TStr = open( Path).read() # Try to retrieve transaction to memory except IOError: self.Core.Error.Add( "ERROR: Transaction " + T['ID'] + " could not be found, has the DB been tampered with?") if TStr: # Transaction could be read from DB Request, ResponseHeaders, ResponseBody = self.ParseDBTransaction( TStr, T['Status']) Transaction.SetTransactionFromDB(T, Request, ResponseHeaders, ResponseBody) self.SetIDForTransaction(Transaction, T['ID'], Path) return Transaction return False # Transaction not found