def httpresponse_bytes_diffratio(helpers, http_bytes_one, http_bytes_two): """ Returns a difference ratio between two byte arrays each representing one http response. Ratio=1.0 is a perfect match. """ http_one_info = helpers.analyzeResponse(http_bytes_one) http_one = StringUtil.fromBytes(http_bytes_one) http_one_body = http_one[http_one_info.getBodyOffset():] http_two_info = helpers.analyzeResponse(http_bytes_two) http_two = StringUtil.fromBytes(http_bytes_two) http_two_body = http_two[http_two_info.getBodyOffset():] s = SequenceMatcher(lambda x: x== " ", http_one_body, http_two_body) return s.ratio()
def httpresponse_bytes_diffratio(helpers, http_bytes_one, http_bytes_two): """ Returns a difference ratio between two byte arrays each representing one http response. Ratio=1.0 is a perfect match. """ http_one_info = helpers.analyzeResponse(http_bytes_one) http_one = StringUtil.fromBytes(http_bytes_one) http_one_body = http_one[http_one_info.getBodyOffset():] http_two_info = helpers.analyzeResponse(http_bytes_two) http_two = StringUtil.fromBytes(http_bytes_two) http_two_body = http_two[http_two_info.getBodyOffset():] s = SequenceMatcher(lambda x: x == " ", http_one_body, http_two_body) return s.ratio()
def _get_examples(): names_and_bytes = None # z is the zip file containing the examples z = None if app_in_jar.startedFromJar(): # App started from JAR; attempt to acquire through java.lang.Class.getResourceAsStream() stream = Column.getResourceAsStream('/mallard_examples.zip') if stream is not None: # Convert to cStringIO; FileUtil.wrap does not seem to work well with ZipFile fbytes = StringUtil.fromBytes(FileUtil.readBytes(stream)) f = cStringIO.StringIO(fbytes) try: z = zipfile.ZipFile(f, 'r') except zipfile.BadZipfile: pass # App was not started from JAR, or loading failed; see if the ZIP file can be found in the file system if z is None: if os.path.isfile('mallard_examples.zip'): try: z = zipfile.ZipFile('mallard_examples.zip', 'r') except zipfile.BadZipfile: pass if z is not None: names_and_bytes = [] infos = z.infolist() for info in infos: if info.filename.lower().endswith('.page'): names_and_bytes.append((info.filename, z.read(info))) return names_and_bytes
def map(k, context): result = context.cx.getCurrentValue() meta_data = StringUtil.fromBytes(result.getValue("meta_data", "json")) meta = json.loads(meta_data) product = meta['ProductName'] version = meta['Version'] ispluginhang = meta.get('PluginHang', None) == "1" err = 0 kv = result.getColumnLatest("raw_data", "dump") if kv is None: err += 1 dumplen = 0 else: dumplen = kv.getValueLength() if "additional_minidumps" in meta: extradumps = meta["additional_minidumps"].split(",") for extradump in extradumps: extrakv = result.getColumnLatest( "raw_data", "upload_file_minidump_" + extradump) if extrakv is None: err += 1 else: extralen = extrakv.getValueLength() dumplen += extralen context.write(k, (product, version, ispluginhang, dumplen, err))
def map(k, context): result = context.cx.getCurrentValue() meta_data = StringUtil.fromBytes(result.getValue("meta_data", "json")) meta = json.loads(meta_data) product = meta['ProductName'] version = meta['Version'] ispluginhang = meta.get('PluginHang', None) == "1" err = 0 kv = result.getColumnLatest("raw_data", "dump") if kv is None: err += 1 dumplen = 0 else: dumplen = kv.getValueLength() if "additional_minidumps" in meta: extradumps = meta["additional_minidumps"].split(",") for extradump in extradumps: extrakv = result.getColumnLatest("raw_data", "upload_file_minidump_" + extradump) if extrakv is None: err += 1 else: extralen = extrakv.getValueLength() dumplen += extralen context.write(k, (product, version, ispluginhang, dumplen, err))
def read(filePath): bytes = Files.readAllBytes(filePath) content = StringUtil.fromBytes(bytes) if content.find(Strings.FileUtils_separator) != -1: (vars, script) = content.split(Strings.FileUtils_separator, 2) return (vars, script) else: return (None, None)
def getNextPayload(self, baseValue): '''Interface method to return the next generated payload''' strinput = StringUtil.fromBytes(baseValue) if not self.unicodePayload: strinput = str(strinput) bv = self.decode(strinput) (self.morePayloads, output) = self.process(bv) return self.encode(output)
def read(fd, buffersize): """read(fd, buffersize) -> string Read a file descriptor. """ from org.python.core.util import StringUtil rawio = FileDescriptors.get(fd) buf = _handle_oserror(rawio.read, buffersize) return asPyString(StringUtil.fromBytes(buf))
def set_response_tab_pane(self, request_response): raw_response = request_response.getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = JTextArea(response_body) response_tab_textarea.setLineWrap(True) return JScrollPane(response_tab_textarea)
def read(fd, buffersize): """read(fd, buffersize) -> string Read a file descriptor. """ from org.python.core.util import StringUtil rawio = FileDescriptors.get(fd) buf = _handle_oserror(rawio.read, buffersize) return asPyString(StringUtil.fromBytes(buf))
def prepareForStep(self, configurationAttributes, requestParameters, step): extensionResult = self.extensionPrepareForStep(configurationAttributes, requestParameters, step) if extensionResult != None: return extensionResult if (step == 1): print "Passport-saml: Prepare for Step 1 method call" identity = CdiUtil.bean(Identity) sessionId = identity.getSessionId() sessionAttribute = sessionId.getSessionAttributes() print "Passport-saml: session %s" % sessionAttribute oldState = sessionAttribute.get("state") if (oldState == None): print "Passport-saml: old state is none" return True else: print "Passport-saml: state is obtained" try: stateBytes = Base64Util.base64urldecode(oldState) state = StringUtil.fromBytes(stateBytes) stateObj = json.loads(state) print stateObj["provider"] for y in stateObj: print(y, ':', stateObj[y]) httpService = CdiUtil.bean(HttpService) facesService = CdiUtil.bean(FacesService) facesContext = CdiUtil.bean(FacesContext) httpclient = httpService.getHttpsClient() headersMap = HashMap() headersMap.put("Accept", "text/json") host = facesContext.getExternalContext().getRequest( ).getServerName() url = "https://" + host + "/passport/token" print "Passport-saml: url %s" % url resultResponse = httpService.executeGet( httpclient, url, headersMap) http_response = resultResponse.getHttpResponse() response_bytes = httpService.getResponseContent( http_response) szResponse = httpService.convertEntityToString( response_bytes) print "Passport-saml: szResponse %s" % szResponse tokenObj = json.loads(szResponse) print "Passport-saml: /passport/auth/saml/" + stateObj[ "provider"] + "/" + tokenObj["token_"] facesService.redirectToExternalURL("/passport/auth/saml/" + stateObj["provider"] + "/" + tokenObj["token_"]) except Exception, err: print str(err) return True return True
def set_response_tab_pane(self, request_response): raw_response = request_response.getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = self.callbacks.createTextEditor() component = response_tab_textarea.getComponent() response_tab_textarea.setText(response_body) response_tab_textarea.setEditable(False) return component
def set_response_tab_pane(self, scanner_issue): raw_response = scanner_issue.getRequestResponse().getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = JTextArea(response_body) response_tab_textarea.setLineWrap(True) # Set a context menu self.set_context_menu(response_tab_textarea, scanner_issue) return JScrollPane(response_tab_textarea)
def set_response_tab_pane(self, scanner_issue): raw_response = scanner_issue.getRequestResponse().getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = self.callbacks.createTextEditor() component = response_tab_textarea.getComponent() response_tab_textarea.setText(response_body) response_tab_textarea.setEditable(False) # Set a context menu self.set_context_menu(component, scanner_issue) return component
def process(self, input, output) : try : comp = bz2.BZ2Decompressor() buf = zeros(8192, "b") while True : bytes_read = input.read(buf) if(bytes_read == -1) : break output.write(comp.decompress(StringUtil.fromBytes(buf, 0, bytes_read))) except : print "Exception in Decompress:" print '-' * 60 traceback.print_exc(file=sys.stdout) print '-' * 60 raise
def process(self, input, output): try: comp = bz2.BZ2Decompressor() buf = zeros(8192, "b") while True: bytes_read = input.read(buf) if (bytes_read == -1): break output.write( comp.decompress(StringUtil.fromBytes(buf, 0, bytes_read))) except: print "Exception in Decompress:" print '-' * 60 traceback.print_exc(file=sys.stdout) print '-' * 60 raise
def __init__(self, callbacks, attack, unicodePayload=False): self.callbacks = callbacks # use Unicode strings in Jython? self.unicodePayload = unicodePayload # this is all the stuff from attack so we dont need to store it httpService = attack.getHttpService() self.httpHost = httpService.getHost() # java.lang.String self.httpPort = httpService.getPort() # int self.httpProtocol = httpService.getProtocol() # java.lang.String self.requestTemplate = StringUtil.fromBytes( attack.getRequestTemplate()) # python unicode if self.unicodePayload: self.self.requestTemplate = str(self.requestTemplate) self.morePayloads = True self.init()
def handleReceivedResponseForModifiedRequest(self, requestResponse): #Get original HTTP Request requestData = StringUtil.fromBytes(requestResponse.getRequest()) requestId = re.search(b"^X-REQUEST-ID: ([^\r]*)", requestData, flags=re.MULTILINE).group(1).encode('ascii') origRequestId = re.search(b"^X-REQUEST-ORIG-ID: ([^\r]*)", requestData, flags=re.MULTILINE).group(1).encode('ascii') print("Keys") print(requestId) print(origRequestId) print(self.requestResponseCache.keys()) self.requestResponseCache[requestId] = requestResponse origRequestResponse = self.requestResponseCache[origRequestId] analyzedOrigResponse = self.helpers.analyzeResponse( origRequestResponse.getResponse()) analayzeMutatedResponse = self.helpers.analyzeResponse( requestResponse.getResponse()) origResponseHeaders = self._buildResponseHeadersDictionary( analyzedOrigResponse.getHeaders()) mutatedResponseHeaders = self._buildResponseHeadersDictionary( analayzeMutatedResponse.getHeaders()) mutatedRequestInfo = self.helpers.analyzeRequest( requestResponse.getHttpService(), requestResponse.getRequest()) model = self.jtable.getModel() model.addRow([ str(mutatedRequestInfo.getUrl()), str(analayzeMutatedResponse.getStatusCode()), self._getDictValueOrEmptyStr(mutatedResponseHeaders, "content-length"), self._getDictValueOrEmptyStr(mutatedResponseHeaders, "location"), requestId, origRequestId ]) print("Modified Request Found: %s %s" % (requestId, origRequestId))
def processHttpMessage(self, toolFlag, messageIsRequest, requestResponse): if not messageIsRequest: requestData = StringUtil.fromBytes(requestResponse.getRequest()) #We generated the request, process it if requestData.find(b"X-REQUEST-ID") != -1: self.handleReceivedResponseForModifiedRequest(requestResponse) #Response received for non-mutated request. #Mutate request and send it. else: origRequestResponseUUID = str(uuid.uuid4()) reload(replacements) print("Looking for replacements") for replacement in self.replacements: newRequestData = re.sub(self.origSearchString, replacement, requestData) #If no replacemnets made, don't send any requests if newRequestData != requestData: newRequestUUID = str(uuid.uuid4()) newRequestData = re.sub( b"Host", b"X-REQUEST-ID: " + newRequestUUID + "\r\nHost", requestData) newRequestData = re.sub( b"Host", b"X-REQUEST-ORIG-ID: " + origRequestResponseUUID + "\r\nHost", newRequestData) print("Sending Mutated Request") print(newRequestData) self.requestResponseCache[ origRequestResponseUUID] = requestResponse httpService = requestResponse.getHttpService() self.callbacks.makeHttpRequest(httpService, newRequestData) print("Got here")
def checkResult(self, messageEntry, roleIndex, activeSuccessRoles): for userIndex in self._db.getActiveUserIndexes(): userEntry = self._db.arrayOfUsers[userIndex] ignoreUser = False # if user is not in this role, ignore it if not userEntry._roles[roleIndex]: ignoreUser = True # If user is in any other role that should succeed, then ignore it for index in userEntry._roles.keys(): if not index == roleIndex and userEntry._roles[index] and index in activeSuccessRoles: ignoreUser = True if not ignoreUser: shouldSucceed = roleIndex in activeSuccessRoles requestResponse = messageEntry._userRuns[userEntry._index] resp = StringUtil.fromBytes(requestResponse.getResponse()) found = re.search(messageEntry._successRegex, resp, re.DOTALL) succeeds = found if shouldSucceed else not found if not succeeds: return False return True
def checkResult(self, messageEntry, roleIndex, activeSuccessRoles): for userIndex in self._db.getActiveUserIndexes(): userEntry = self._db.arrayOfUsers[userIndex] ignoreUser = False # if user is not in this role, ignore it if not userEntry._roles[roleIndex]: ignoreUser = True # If user is in any other role that should succeed, then ignore it for index in userEntry._roles.keys(): if not index == roleIndex and userEntry._roles[ index] and index in activeSuccessRoles: ignoreUser = True if not ignoreUser: shouldSucceed = roleIndex in activeSuccessRoles requestResponse = messageEntry._userRuns[userEntry._index] resp = StringUtil.fromBytes(requestResponse.getResponse()) found = re.search(messageEntry._successRegex, resp, re.DOTALL) succeeds = found if shouldSucceed else not found if not succeeds: return False return True
consumer = QueueingConsumer(channel) # Declare as exclusive consumer of queue channel.basicConsume(queueName, True, "consumer", False, True, None, consumer) print " [*] Waiting for messages." except IOError: print "Unable to connect to queue." connection.close() sys.exit(1) writer = WriteMsgToFile(HOME_FILE) while True: try: delivery = consumer.nextDelivery() message = delivery.getBody() message = StringUtil.fromBytes(message) token = message.split(":",1)[0] rest = message.split(":",1)[1] message = str(message) # If message is a "token_request", process request and add new token to hashmap if message[0:13] == ("TOKEN_REQUEST"): makeToken = ProcessTokenRequest(message, channel) tokenID = makeToken.sendToken() permissions.put(tokenID[0], tokenID[1]) # Otherwise, check if message has valid token (token in hashmap). # If so, accept message, then delete token from valid list. else: if permissions.containsKey(token): print (" [x] Received '" + rest + "' from: " + permissions.get(token))
# Declare as exclusive consumer of queue channel.basicConsume(queueName, True, "consumer", False, True, None, consumer) print " [*] Waiting for messages." except IOError: print "Unable to connect to queue." connection.close() sys.exit(1) writer = WriteMsgToFile(HOME_FILE) while True: try: delivery = consumer.nextDelivery() message = delivery.getBody() message = StringUtil.fromBytes(message) token = message.split(":", 1)[0] rest = message.split(":", 1)[1] message = str(message) # If message is a "token_request", process request and add new token to hashmap if message[0:13] == ("TOKEN_REQUEST"): makeToken = ProcessTokenRequest(message, channel) tokenID = makeToken.sendToken() permissions.put(tokenID[0], tokenID[1]) # Otherwise, check if message has valid token (token in hashmap). # If so, accept message, then delete token from valid list. else: if permissions.containsKey(token): print(" [x] Received '" + rest + "' from: " +
def getEntryS(self, key): val = self.getEntry(key) if val == None : return None return StringUtil.fromBytes(val)
def renderMap(self, connection_parameters=None, sql=None, geom_id_entity=None, geom_entity=None, data_entity=None, map_parameters={}): # Put connection parameters into a java HashMap. params_hashmap = HashMap() for param, value in connection_parameters.items(): if value: params_hashmap.put(param, value) # Get data store. data_store = DataStoreFinder.getDataStore(params_hashmap) # Create VirtualTable from sql. vtable = VirtualTable("vtable", sql) # Set primary key. vtable.setPrimaryKeyColumns([geom_id_entity['ID']]) # metadatata = intententional typo. GT needs to fix the name. vtable.addGeometryMetadatata(geom_entity['ID'], JPolygon, 4326) # Create feature source from virtual table. data_store.addVirtualTable(vtable) feature_source = data_store.getFeatureSource("vtable") # Add styling classes if there was a value entity. if data_entity: # Generate class bounds. num_classes = data_entity.get('num_classes', 25) vmin = float(data_entity.get('min', 0)) vmax = float(data_entity.get('max', 1)) vrange = vmax - vmin class_width = vrange/num_classes classes = [(None, vmin)] for i in range(num_classes): classes.append((vmin + i * class_width, vmin + (i + 1) * class_width)) classes.append((vmax, None)) # Generate style rules for classes. rules = [] for c in classes: rule = self.create_rule(c[0], c[1], vmin, vrange, attr=data_entity['ID']) rules.append(rule) feature_type_style = self.style_factory.createFeatureTypeStyle(rules) style = self.style_factory.createStyle() style.featureTypeStyles().add(feature_type_style) else: style = None # Setup map. gt_map = DefaultMapContext() gt_map.addLayer(feature_source, style) gt_renderer = StreamingRenderer() gt_renderer.setMapContent(gt_map) image_bounds = Rectangle(0, 0, map_parameters.get('WIDTH', 100), map_parameters.get('HEIGHT', 100)) # Set image type based on format. image_format = map_parameters.get('FORMAT', 'image/png') if image_format == 'image/jpeg': image_type = BufferedImage.TYPE_INT_RGB else: image_type = BufferedImage.TYPE_INT_ARGB buffered_image = BufferedImage(image_bounds.width, image_bounds.height, image_type) graphics = buffered_image.createGraphics() # Set background color if not transparent. if not map_parameters.get('TRANSPARENT'): graphics.setPaint(Color.WHITE) graphics.fill(image_bounds) crs = CRS.decode(map_parameters.get('SRS', "EPSG:4326")) bbox = map_parameters.get('BBOX', '-180,-90,180,90') coords = [float(coord) for coord in bbox.split(",")] map_bounds = ReferencedEnvelope(coords[0], coords[2], coords[1], coords[3], crs) gt_renderer.paint(graphics, image_bounds, map_bounds) # Release the JDBC connection and map content. data_store.dispose() gt_renderer.getMapContent().dispose() # Return raw image. byte_array_output_stream = ByteArrayOutputStream() informal_format = re.match('image/(.*)', image_format).group(1) ImageIO.write(buffered_image, informal_format, byte_array_output_stream) byte_array = byte_array_output_stream.toByteArray() raw_image = Py.newString(StringUtil.fromBytes(byte_array)) return raw_image
def replaceDomain(requestData, oldDomain, newDomain): reqstr = StringUtil.fromBytes(requestData) reqstr = reqstr.replace(oldDomain, newDomain) newreq = StringUtil.toBytes(reqstr) return newreq
def findBlobS(self,realm,key): b = self.findBlob(realm,key) if b == None : return None return StringUtil.fromBytes(b)
def getEntryS(self, key): val = self.getEntry(key) if val == None: return None return StringUtil.fromBytes(val)
def dialogaction(action, var): cutil.printVar("testmail", action, var) if action == "sendmail": C = cmail.CMAIL(var) res = C.sendMail("Mail from hotel", "What do you think about us ?", "*****@*****.**", "Jython") print res.getSendResult() assert res.getSendResult() == None assert res.getName() != None var["OK"] = True if action == "checkmail": C = cmail.CMAIL(var) li = C.getList() print li for l in li: print l.getDescription(), l.getContent() assert len(li) == 1 var["OK"] = True if action == "sendmailattach": C = cmail.CMAIL(var) li = C.getList() for l in li: C.removeElem(l) li = C.getList() assert len(li) == 0 s = "Attachment" key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY, "TESTJ", StringUtil.toBytes(s)) aList = cmail.createAttachList(None, cutil.PDFTEMPORARY, key, "attach.txt") res = C.sendMail("Mail from hotel with attachment", "Nothing interesting ", "*****@*****.**", "Jython", aList) print res.getSendResult() assert res.getSendResult() == None var["OK"] = True if action == "checkmailattach": B = SHolder.getBlobHandler() C = cmail.CMAIL(var) li = C.getList() assert len(li) == 1 l = li[0] att = l.getaList() assert len(att) == 1 for a in att: print a.getFileName(), a.getRealm(), a.getBlobKey() va = B.findBlob(a.getRealm(), a.getBlobKey()) assert va != None ss = StringUtil.fromBytes(va) print ss assert ss == "Attachment" var["OK"] = True if action == "sendmultiattach": C = cmail.CMAIL(var) li = C.getList() for l in li: C.removeElem(l) li = C.getList() assert len(li) == 0 aList = None for i in range(20): s = "Attachment content" + str(i) key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY, "TESTJ", StringUtil.toBytes(s)) aList = cmail.createAttachList(aList, cutil.PDFTEMPORARY, key, "attach" + str(i) + ".txt") res = C.sendMail("Mail from hotel with 20 attachment", "Nothing interesting inside ", "*****@*****.**", "Jython", aList) print res.getSendResult() assert res.getSendResult() == None var["OK"] = True if action == "checkmultiattach": B = SHolder.getBlobHandler() C = cmail.CMAIL(var) li = C.getList() assert len(li) == 1 l = li[0] att = l.getaList() assert len(att) == 20 for a in att: print a.getFileName(), a.getRealm(), a.getBlobKey() va = B.findBlob(a.getRealm(), a.getBlobKey()) assert va != None ss = StringUtil.fromBytes(va) print ss assert not cutil.emptyS(ss) var["OK"] = True
def run(self): """ Where all the work is done. Three steps 1) Make the request again to make sure it's stable (We use python difflib) 2) Make the request without any cookies, if it's similar the cookies aren't required 3) Loop through removing one cookie at a time, if the diff isn't big we leave it out, if it is we can figure that it's required and we leave it in At the end we're left with the required cookies. """ selected_message = self.selected_message original_request_bytes = selected_message.getRequest() original_request = StringUtil.fromBytes(original_request_bytes) original_response_bytes = selected_message.getResponse() original_response = StringUtil.fromBytes(original_response_bytes) http_service = selected_message.getHttpService() helpers = self.callbacks.getHelpers() request_info = helpers.analyzeRequest(http_service, original_request_bytes) parameters = request_info.getParameters(); cookie_parameters = [parameter for parameter in parameters if parameter.getType() == IParameter.PARAM_COOKIE] num_requests_needed = len(cookie_parameters) + 2 num_requests_made = 0 self.progressBar.setMaximum(num_requests_needed) self.progressBar.setValue(num_requests_made) #=========================================================== # We will resubmit the request to make sure it is somewhat stable self.statusTextArea.append("Making baseline request which we will compare to original request (1 of 1)") self.statusTextArea.append("\n") baseline_reqres_pair = self.callbacks.makeHttpRequest(http_service, original_request) threshold = httpresponse_bytes_diffratio(helpers, original_response_bytes, baseline_reqres_pair.getResponse()) if (threshold < 0.6): self.statusTextArea.append("ERROR: Not a stable HTTP request, try another where it's nearly the same every request") self.statusTextArea.append("\n") self.progressBar.setValue(num_requests_needed) return # Pad it a little by decreasing the threshold... threshold = threshold * 0.8 #TODO: We should automate discovering the right threshold self.statusTextArea.append("...Complete, threshold ratio is %s" % (threshold)) self.statusTextArea.append("\n") #=========================================================== if (cancelThread is True): print "Canceled" return num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== # Now we'll check if it actually requires authentication by removing all cookies nocookies_request_bytes = StringUtil.toBytes(original_request) for parameter in cookie_parameters: nocookies_request_bytes = helpers.removeParameter(nocookies_request_bytes, parameter) self.statusTextArea.append("Making no-cookie request to make sure it requires them (1 of 1)") self.statusTextArea.append("\n") nocookie_reqres_pair = self.callbacks.makeHttpRequest(http_service, nocookies_request_bytes) nocookiediff = httpresponse_bytes_diffratio(helpers, original_response_bytes, nocookie_reqres_pair.getResponse()) if (nocookiediff > threshold): self.statusTextArea.append("ERROR: Cookies don't seem to be required or it's too close to tell") self.statusTextArea.append("\n") self.progressBar.setValue(num_requests_needed) return self.statusTextArea.append("...Complete, confirmed at least one cookie is required") self.statusTextArea.append("\n") #=========================================================== if (cancelThread is True): print "Canceled" return num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== # Now iterate over all the cookie values, removing one at a time until left with required ones self.statusTextArea.append("Making requests, removing each cookie one at a time. (%d requests)" % (len(cookie_parameters))) self.statusTextArea.append("\n") minimumcookies_request_bytes = StringUtil.toBytes(original_request) for parameter in cookie_parameters: if (cancelThread is True): print "Canceled" return missingcookie_request_bytes = helpers.removeParameter(minimumcookies_request_bytes, parameter) missingcookie_reqres_pair = self.callbacks.makeHttpRequest(http_service, missingcookie_request_bytes) missingcookiediff = httpresponse_bytes_diffratio(helpers, original_response_bytes, missingcookie_reqres_pair.getResponse()) if (missingcookiediff > threshold): self.statusTextArea.append(" Cookie '%s' is not required (%s similarity ratio)" % (parameter.getName(), missingcookiediff)) self.statusTextArea.append("\n") minimumcookies_request_bytes = missingcookie_request_bytes else: self.statusTextArea.append("* Cookie '%s' is required (%s similarity ratio)" % (parameter.getName(), missingcookiediff)) self.statusTextArea.append("\n") num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== #=========================================================== # minimumcookies_request_bytes now contains a request with the minimum number # of cookies needed to maintain the session. #=========================================================== # Display the results self.statusTextArea.append("== Required Cookies ==") self.statusTextArea.append("\n") mininumcookies_request_info = helpers.analyzeRequest(http_service, minimumcookies_request_bytes) minimum_cookie_parameters = [parameter for parameter in mininumcookies_request_info.getParameters() if parameter.getType() == IParameter.PARAM_COOKIE] for cookie_parameter in minimum_cookie_parameters: self.statusTextArea.append(cookie_parameter.getName()) self.statusTextArea.append("\n") #=========================================================== return
def dialogaction(action,var): cutil.printVar("testmail",action,var) if action == "sendmail" : C = cmail.CMAIL(var) res = C.sendMail("Mail from hotel","What do you think about us ?","*****@*****.**","Jython") print res.getSendResult() assert res.getSendResult() == None assert res.getName() != None var["OK"] = True if action == "checkmail": C = cmail.CMAIL(var) li = C.getList() print li for l in li : print l.getDescription(),l.getContent() assert len(li) == 1 var["OK"] = True if action == "sendmailattach" : C = cmail.CMAIL(var) li = C.getList() for l in li : C.removeElem(l) li = C.getList() assert len(li) == 0 s = "Attachment" key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(None,cutil.PDFTEMPORARY,key,"attach.txt") res = C.sendMail("Mail from hotel with attachment","Nothing interesting ","*****@*****.**","Jython",aList) print res.getSendResult() assert res.getSendResult() == None var["OK"] = True if action == "checkmailattach" : B = SHolder.getBlobHandler() C = cmail.CMAIL(var) li = C.getList() assert len(li) == 1 l = li[0] att = l.getaList() assert len(att) == 1 for a in att : print a.getFileName(),a.getRealm(),a.getBlobKey() va = B.findBlob(a.getRealm(),a.getBlobKey()) assert va != None ss = StringUtil.fromBytes(va) print ss assert ss == "Attachment" var["OK"] = True if action == "sendmultiattach" : C = cmail.CMAIL(var) li = C.getList() for l in li : C.removeElem(l) li = C.getList() assert len(li) == 0 aList = None for i in range(20) : s = "Attachment content" + str(i) key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(aList,cutil.PDFTEMPORARY,key,"attach" + str(i) + ".txt") res = C.sendMail("Mail from hotel with 20 attachment","Nothing interesting inside ","*****@*****.**","Jython",aList) print res.getSendResult() assert res.getSendResult() == None var["OK"] = True if action == "checkmultiattach" : B = SHolder.getBlobHandler() C = cmail.CMAIL(var) li = C.getList() assert len(li) == 1 l = li[0] att = l.getaList() assert len(att) == 20 for a in att : print a.getFileName(),a.getRealm(),a.getBlobKey() va = B.findBlob(a.getRealm(),a.getBlobKey()) assert va != None ss = StringUtil.fromBytes(va) print ss assert not cutil.emptyS(ss) var["OK"] = True
def run(self): """ Where all the work is done. Three steps 1) Make the request again to make sure it's stable (We use python difflib) 2) Make the request without any cookies, if it's similar the cookies aren't required 3) Loop through removing one cookie at a time, if the diff isn't big we leave it out, if it is we can figure that it's required and we leave it in At the end we're left with the required cookies. """ selected_message = self.selected_message original_request_bytes = selected_message.getRequest() original_request = StringUtil.fromBytes(original_request_bytes) original_response_bytes = selected_message.getResponse() original_response = StringUtil.fromBytes(original_response_bytes) http_service = selected_message.getHttpService() helpers = self.callbacks.getHelpers() request_info = helpers.analyzeRequest(http_service, original_request_bytes) parameters = request_info.getParameters() cookie_parameters = [ parameter for parameter in parameters if parameter.getType() == IParameter.PARAM_COOKIE ] num_requests_needed = len(cookie_parameters) + 2 num_requests_made = 0 self.progressBar.setMaximum(num_requests_needed) self.progressBar.setValue(num_requests_made) #=========================================================== # We will resubmit the request to make sure it is somewhat stable self.statusTextArea.append( "Making baseline request which we will compare to original request (1 of 1)" ) self.statusTextArea.append("\n") baseline_reqres_pair = self.callbacks.makeHttpRequest( http_service, original_request) threshold = httpresponse_bytes_diffratio( helpers, original_response_bytes, baseline_reqres_pair.getResponse()) if (threshold < 0.6): self.statusTextArea.append( "ERROR: Not a stable HTTP request, try another where it's nearly the same every request" ) self.statusTextArea.append("\n") self.progressBar.setValue(num_requests_needed) return # Pad it a little by decreasing the threshold... threshold = threshold * 0.8 #TODO: We should automate discovering the right threshold self.statusTextArea.append("...Complete, threshold ratio is %s" % (threshold)) self.statusTextArea.append("\n") #=========================================================== if (cancelThread is True): print "Canceled" return num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== # Now we'll check if it actually requires authentication by removing all cookies nocookies_request_bytes = StringUtil.toBytes(original_request) for parameter in cookie_parameters: nocookies_request_bytes = helpers.removeParameter( nocookies_request_bytes, parameter) self.statusTextArea.append( "Making no-cookie request to make sure it requires them (1 of 1)") self.statusTextArea.append("\n") nocookie_reqres_pair = self.callbacks.makeHttpRequest( http_service, nocookies_request_bytes) nocookiediff = httpresponse_bytes_diffratio( helpers, original_response_bytes, nocookie_reqres_pair.getResponse()) if (nocookiediff > threshold): self.statusTextArea.append( "ERROR: Cookies don't seem to be required or it's too close to tell" ) self.statusTextArea.append("\n") self.progressBar.setValue(num_requests_needed) return self.statusTextArea.append( "...Complete, confirmed at least one cookie is required") self.statusTextArea.append("\n") #=========================================================== if (cancelThread is True): print "Canceled" return num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== # Now iterate over all the cookie values, removing one at a time until left with required ones self.statusTextArea.append( "Making requests, removing each cookie one at a time. (%d requests)" % (len(cookie_parameters))) self.statusTextArea.append("\n") minimumcookies_request_bytes = StringUtil.toBytes(original_request) for parameter in cookie_parameters: if (cancelThread is True): print "Canceled" return missingcookie_request_bytes = helpers.removeParameter( minimumcookies_request_bytes, parameter) missingcookie_reqres_pair = self.callbacks.makeHttpRequest( http_service, missingcookie_request_bytes) missingcookiediff = httpresponse_bytes_diffratio( helpers, original_response_bytes, missingcookie_reqres_pair.getResponse()) if (missingcookiediff > threshold): self.statusTextArea.append( " Cookie '%s' is not required (%s similarity ratio)" % (parameter.getName(), missingcookiediff)) self.statusTextArea.append("\n") minimumcookies_request_bytes = missingcookie_request_bytes else: self.statusTextArea.append( "* Cookie '%s' is required (%s similarity ratio)" % (parameter.getName(), missingcookiediff)) self.statusTextArea.append("\n") num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== #=========================================================== # minimumcookies_request_bytes now contains a request with the minimum number # of cookies needed to maintain the session. #=========================================================== # Display the results self.statusTextArea.append("== Required Cookies ==") self.statusTextArea.append("\n") mininumcookies_request_info = helpers.analyzeRequest( http_service, minimumcookies_request_bytes) minimum_cookie_parameters = [ parameter for parameter in mininumcookies_request_info.getParameters() if parameter.getType() == IParameter.PARAM_COOKIE ] for cookie_parameter in minimum_cookie_parameters: self.statusTextArea.append(cookie_parameter.getName()) self.statusTextArea.append("\n") #=========================================================== return
def _update_content(self): self.script.content = StringUtil.fromBytes(self.scriptEditor.text)