Example #1
0
 def request_and_verify(case):
     vul = case.vul
     method = case.method
     url = case.url
     headers = case.headers
     body = case.body
     args = case.args
     old_param = args[2]
     old_value = args[3]
     print 'Verify case use:\n%s' % url
     # time out
     with gevent.Timeout(20, False) as t:
         resp = make_request(method, url, headers, body)
         if resp:
             if Verify.verify(resp, args):
                 poc = gen_poc(method, url, body, old_param, old_value)
                 print_warn('Found %s in %s' % (vul, poc))
                 result = (vul, url, poc)
                 return result
         # count++ when error happened
         else:
             Verify.ERROR_COUNT += 1
Example #2
0
 def request_and_verify(case):
     vul = case.vul
     method = case.method
     url = case.url
     headers = case.headers
     body = case.body
     args = case.args
     old_param = args[2]
     old_value = args[3]
     LOGGER.info('Verify: %s' % url)
     # time out
     with gevent.Timeout(20, False) as t:
         resp = make_request(method, url, headers, body)
         if resp:
             if Verify.verify(resp, args):
                 poc = gen_poc(method, url, body, old_param, old_value)
                 LOGGER.critical(
                     'Found cross-site script vulnerability(%s) in %s' %
                     (vul, poc))
                 result = (vul, url, poc)
                 return result
         # count++ when error happened
         else:
             Verify.ERROR_COUNT += 1
Example #3
0
                            ('Render get()', url, 'BadStatusLine'))
                        splited = url.split('/', 3)
                        path = '/'.join(splited)
                        blocked_urls.append(path)
                    except UnicodeDecodeError:
                        pass
                    else:
                        try:
                            page_source = browser.page_source
                        # handle alert
                        except UnexpectedAlertPresentException:
                            alert = browser.switch_to_alert()
                            alert.accept()
                            page_source = browser.page_source
                        if Verify.verify(page_source, args):
                            poc = gen_poc('GET', url, '')
                            result = (vul, url, poc)
                            openner_result.append(result)
            # must close the browser.
            browser.quit()

    @staticmethod
    def verify_with_browser(browser_type, case_list, process_num):
        open_task = []
        i = len(case_list)
        k = 0
        if i > process_num:
            j = i / process_num
            for i in range(process_num):
                if i == process_num - 1:
                    cases = case_list[k:]