def test_qs_and_cookie(self): """ Even when fuzz_cookies is True, we won't create HeaderMutants based on a FuzzableRequest. This is one of the ugly things related with https://github.com/andresriancho/w3af/issues/3149 Which we fixed! """ cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', True) # This one changed cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/?id=1') # And now there is a cookie cookie = Cookie('foo=bar') freq = FuzzableRequest(url, cookie=cookie) mutants = create_mutants(freq, self.payloads) expected_urls = [ u'http://moth/?id=abc', u'http://moth/?id=def', u'http://moth/?id=1', u'http://moth/?id=1' ] generated_urls = [m.get_uri().url_string for m in mutants] self.assertEqual(generated_urls, expected_urls) self.assertAllInstance(mutants[:2], QSMutant) self.assertAllInstance(mutants[2:], CookieMutant) self.assertAllHaveTokens(mutants)
def test_qs_and_cookie(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', True) # This one changed cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/?id=1') # And now there is a cookie cookie = Cookie('foo=bar') freq = HTTPQSRequest(url, cookie=cookie) generated_mutants = create_mutants(freq, self.payloads) expected_urls = [ u'http://moth/?id=abc', u'http://moth/?id=def', u'http://moth/?id=1', u'http://moth/?id=1' ] generated_urls = [m.get_uri().url_string for m in generated_mutants] self.assertEqual(generated_urls, expected_urls) expected_cookies = ['foo=bar;', 'foo=bar;', 'foo=abc;', 'foo=def;'] generated_cookies = [str(m.get_cookie()) for m in generated_mutants] self.assertEqual(expected_cookies, generated_cookies) self.assertTrue( all( isinstance(m, QSMutant) or isinstance(m, CookieMutant) for m in generated_mutants))
def __init__(self, uri, method='GET', headers=None, cookie=None, post_data=None): super(FuzzableRequest, self).__init__() # Note: Do not check for the URI/Headers type here, since I'm doing it # in set_uri() and set_headers() already. if cookie is not None and not isinstance(cookie, Cookie): raise TypeError(TYPE_ERROR % ('cookie', 'Cookie')) if post_data is not None and not isinstance(post_data, DataContainer): raise TypeError(TYPE_ERROR % ('post_data', 'DataContainer')) # Internal variables self._method = method self._cookie = Cookie() if cookie is None else cookie self._post_data = KeyValueContainer( ) if post_data is None else post_data # Set the headers self._headers = None pheaders = Headers() if headers is None else headers self.set_headers(pheaders) # Set the URL self._uri = None self._url = None self.set_uri(uri) # Set the internal variables self._sent_info_comp = None
def test_repeated(self): cookie_obj = Cookie('test=123; test=abc def; path=/') self.assertIn('test', cookie_obj) self.assertIn('path', cookie_obj) self.assertEqual(cookie_obj['test'], ['123', 'abc def'])
def set_cookie(self, cookie): """ :param cookie: A Cookie object as defined in core.data.dc.cookie, or a string. """ if isinstance(cookie, Cookie): self._cookie = cookie elif isinstance(cookie, basestring): self._cookie = Cookie(cookie) elif cookie is None: self._cookie = Cookie() else: fmt = '[FuzzableRequest error] set_cookie received: "%s": "%s".' error_str = fmt % (type(cookie), repr(cookie)) om.out.error(error_str) raise BaseFrameworkException(error_str)
def _get_all_parameters(self, request): """ :param request: The HTTP request :yield: All the HTTP request parameters as tuples of (name, value) """ headers = request.get_headers() query_string = request.get_uri().get_querystring() dc = dc_from_hdrs_post(headers, request.get_data()) cookie_str, _ = headers.iget('cookie', '') cookie_dc = Cookie(cookie_str) token_generators = itertools.chain(query_string.iter_tokens(), dc.iter_tokens(), headers.iter_tokens(), cookie_dc.iter_tokens()) for token in token_generators: token_name = token.get_name() token_value = token.get_value() token_value = smart_str_ignore(token_value) yield token_name, token_value # Handle the case where the parameter is base64 encoded is_b64, decoded_data = maybe_decode_base64(token_value) if is_b64: yield token_name, decoded_data
def test_basic(self): cookie_obj = Cookie('test=123; foobar=abc def; path=/') self.assertIn('test', cookie_obj) self.assertIn('foobar', cookie_obj) self.assertIn('path', cookie_obj) self.assertEqual(cookie_obj['test'], ['123']) self.assertEqual(cookie_obj['foobar'], ['abc def'])
def test_create_cookie(self): url = URL('http://www.w3af.com/') headers = Headers([('content-type', 'text/html'), ('Cookie', 'abc=def')]) response = HTTPResponse(200, '', headers, url, url) cookie = Cookie.from_http_response(response) self.assertEqual(cookie, Cookie('abc=def'))
def test_copy_with_token(self): dc = Cookie('one=123; two=567; path=/') dc.set_token(('one', 0)) dc_copy = copy.deepcopy(dc) self.assertEqual(dc.get_token(), dc_copy.get_token()) self.assertIsNotNone(dc.get_token()) self.assertIsNotNone(dc_copy.get_token()) self.assertEqual(dc_copy.get_token().get_name(), 'one')
def test_config_true(self): fuzzer_config = {'fuzz_cookies': True} cookie = Cookie('foo=bar; spam=eggs') freq = HTTPQSRequest(self.url, cookie=cookie) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, fuzzer_config) self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def __init__(self, uri, method='GET', headers=None, cookie=None, dc=None): super(FuzzableRequest, self).__init__() # Internal variables self._dc = dc or DataContainer() self._method = method self._headers = Headers(headers or ()) self._cookie = cookie or Cookie() self._data = None self.set_uri(uri) # Set the internal variables self._sent_info_comp = None
def add_req(): url = request.json["url"] method = request.json["method"] post_data = request.json["post_data"] headers = request.json["headers"] cookie_string = request.json['cookie'] headers = Headers(headers.items()) freq = FuzzableRequest(URL(url), method, headers, Cookie(cookie_string), dc_from_hdrs_post(headers, post_data)) urllist.req_queue.put_nowait(freq) print("req size %d" % urllist.req_queue.qsize()) return jsonify({"status": True})
def test_should_inject_cookie_value(self): b64data = base64.b64encode( cPickle.dumps({ 'data': 'here', 'cookie': 'A' * 16 })) url = URL('http://moth/') cookie = Cookie('foo=%s' % b64data) freq = FuzzableRequest(url, cookie=cookie) mutant = CookieMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)[0] self.assertTrue(self.plugin._should_inject(mutant, 'python'))
def test_basics(self): cookie = Cookie('foo=bar; spam=eggs') freq = FuzzableRequest(self.url, cookie=cookie) m = CookieMutant(freq) m.get_dc().set_token(('foo', 0)) m.set_token_value('abc') self.assertEqual(m.get_url().url_string, 'http://moth/') self.assertEqual(str(m.get_cookie()), 'foo=abc; spam=eggs') expected_found_at = '"http://moth/", using HTTP method GET. The modified'\ ' parameter was the session cookie with value: '\ '"foo=abc; spam=eggs".' generated_found_at = m.found_at() self.assertEqual(generated_found_at, expected_found_at)
def test_valid_results(self): cookie = Cookie('foo=bar; spam=eggs') freq = HTTPQSRequest(self.url, cookie=cookie) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, self.fuzzer_config) self.assertEqual(len(generated_mutants), 4, generated_mutants) expected_cookies = [ 'foo=abc; spam=eggs;', 'foo=def; spam=eggs;', 'foo=bar; spam=abc;', 'foo=bar; spam=def;' ] generated_cookies = [str(m.get_cookie()) for m in generated_mutants] self.assertEqual(expected_cookies, generated_cookies) generated_cookies = [str(m.get_dc()) for m in generated_mutants] self.assertEqual(expected_cookies, generated_cookies)
def test_basics(self): cookie = Cookie('foo=bar; spam=eggs') freq = HTTPQSRequest(self.url, cookie=cookie) m = CookieMutant(freq) m.set_var('foo', 0) m.set_mod_value('abc') self.assertEqual(m.get_url().url_string, 'http://moth/') self.assertEqual(str(m.get_cookie()), 'foo=abc; spam=eggs;') expected_mod_value = 'The cookie data that was sent is: "foo=abc;'\ ' spam=eggs;".' generated_mod_value = m.print_mod_value() self.assertEqual(generated_mod_value, expected_mod_value) expected_found_at = '"http://moth/", using HTTP method GET. The modified'\ ' parameter was the session cookie with value: '\ '"foo=abc; spam=eggs;".' generated_found_at = m.found_at() self.assertEqual(generated_found_at, expected_found_at)
def _create_cookie(http_response): """ Create a cookie object based on a HTTP response. >>> from w3af.core.data.parsers.url import URL >>> from w3af.core.data.url.HTTPResponse import HTTPResponse >>> url = URL('http://www.w3af.com/') >>> headers = Headers({'content-type': 'text/html', 'Cookie': 'abc=def' }.items()) >>> response = HTTPResponse(200, '' , headers, url, url) >>> cookie = _create_cookie(response) >>> cookie Cookie({u'abc': [u'def']}) """ cookies = [] # Get data from RESPONSE response_headers = http_response.get_headers() for hname, hvalue in response_headers.iteritems(): if 'cookie' in hname.lower(): cookies.append(hvalue) cookie_inst = Cookie(''.join(cookies)) # # delete everything that the browsers usually keep to themselves, since # this cookie object is the one we're going to send to the wire # for key in ['path', 'expires', 'domain', 'max-age']: try: del cookie_inst[key] except: pass return cookie_inst