Example #1
0
    def test_user_configured_find_in_file_upload_content(self):
        """
        Do not send file content mutants unless the user configures it.
        https://github.com/andresriancho/w3af/issues/3149
        """
        # Set the value to False (True is the default)
        cf.save('fuzz_form_files', False)

        try:
            self.scan_file_upload_fuzz_files()
        finally:
            # Restore the default
            cf.save('fuzz_form_files', True)

        xss_vulns = self.kb.get('xss', 'xss')
        self.assertEqual(len(xss_vulns), 0, xss_vulns)
Example #2
0
    def test_user_configured_find_in_file_upload_content(self):
        """
        Do not send file content mutants unless the user configures it.
        https://github.com/andresriancho/w3af/issues/3149
        """
        # Set the value to False (True is the default)
        cf.save('fuzz_form_files', False)

        try:
            self.scan_file_upload_fuzz_files()
        finally:
            # Restore the default
            cf.save('fuzz_form_files', True)

        xss_vulns = self.kb.get('xss', 'xss')
        self.assertEqual(len(xss_vulns), 0, xss_vulns)
Example #3
0
    def test_form_file_post_no_files(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', True)  # This one changed
        cf_singleton.save('fuzz_url_parts', False)

        form_params = FormParameters()
        form_params.add_field_by_attr_items([("name", "username"), ("value", "")])
        form_params.add_field_by_attr_items([("name", "address"), ("value", "")])

        form = URLEncodedForm(form_params)

        freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), post_data=form,
                               method='PUT')

        mutants = create_mutants(freq, self.payloads)

        self.assertTrue(all(isinstance(m, QSMutant) for m in mutants[:2]))
        self.assertTrue(all(isinstance(m, PostDataMutant) for m in mutants[4:]))

        self.assertTrue(all(m.get_method() == 'PUT' for m in mutants))

        expected_uris = {'http://www.w3af.com/?id=abc',
                         'http://www.w3af.com/?id=def',
                         'http://www.w3af.com/?id=3',
                         'http://www.w3af.com/?id=3',
                         'http://www.w3af.com/?id=3',
                         'http://www.w3af.com/?id=3'}
        created_uris = set([i.get_uri().url_string for i in mutants])
        self.assertEqual(expected_uris, created_uris)

        expected_dcs = {'id=abc', 'id=def',
                        'username=abc&address=Bonsai%20Street%20123',
                        'username=def&address=Bonsai%20Street%20123',
                        'username=John8212&address=abc',
                        'username=John8212&address=def'}

        created_dcs = set([str(i.get_dc()) for i in mutants])
        self.assertEqual(created_dcs, expected_dcs)
Example #4
0
    def test_qs_and_cookie(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # And now there is a cookie
        cookie = Cookie('foo=bar')
        freq = HTTPQSRequest(url, cookie=cookie)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [
            u'http://moth/?id=abc', u'http://moth/?id=def',
            u'http://moth/?id=1', u'http://moth/?id=1'
        ]

        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        expected_cookies = ['foo=bar;', 'foo=bar;', 'foo=abc;', 'foo=def;']

        generated_cookies = [str(m.get_cookie()) for m in generated_mutants]

        self.assertEqual(expected_cookies, generated_cookies)

        self.assertTrue(
            all(
                isinstance(m, QSMutant) or isinstance(m, CookieMutant)
                for m in generated_mutants))
Example #5
0
    def test_urlparts_filename_path_qs(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', True)  # This one changed
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', True)  # This one changed

        url = URL('http://moth/foo/bar.htm?id=1')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        generated_uris = [m.get_uri().url_string for m in generated_mutants]
        expected_uris = [
            'http://moth/foo/bar.htm?id=abc',
            'http://moth/foo/bar.htm?id=def',
            'http://moth/foo/abc.htm',
            'http://moth/foo/def.htm',
            'http://moth/foo/bar.abc',
            'http://moth/foo/bar.def',
            'http://moth/abc/bar.htm',
            'http://moth/def/bar.htm',
            'http://moth/foo/abc',
            'http://moth/foo/def',
        ]
        self.assertEqual(generated_uris, expected_uris)
Example #6
0
    def test_form_file_post_no_files(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', True)  # This one changed
        cf_singleton.save('fuzz_url_parts', False)

        form_params = FormParameters()
        form_params.add_field_by_attr_items([("name", "username"),
                                             ("value", "")])
        form_params.add_field_by_attr_items([("name", "address"),
                                             ("value", "")])

        form = URLEncodedForm(form_params)

        freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'),
                               post_data=form,
                               method='PUT')

        mutants = create_mutants(freq, self.payloads)

        self.assertTrue(all(isinstance(m, QSMutant) for m in mutants[:2]))
        self.assertTrue(all(
            isinstance(m, PostDataMutant) for m in mutants[4:]))

        self.assertTrue(all(m.get_method() == 'PUT' for m in mutants))

        expected_uris = {
            'http://www.w3af.com/?id=abc', 'http://www.w3af.com/?id=def',
            'http://www.w3af.com/?id=3', 'http://www.w3af.com/?id=3',
            'http://www.w3af.com/?id=3', 'http://www.w3af.com/?id=3'
        }
        created_uris = set([i.get_uri().url_string for i in mutants])
        self.assertEqual(expected_uris, created_uris)

        expected_dcs = {
            'id=abc', 'id=def', 'username=abc&address=Bonsai%20Street%20123',
            'username=def&address=Bonsai%20Street%20123',
            'username=John8212&address=abc', 'username=John8212&address=def'
        }

        created_dcs = set([str(i.get_dc()) for i in mutants])
        self.assertEqual(created_dcs, expected_dcs)
Example #7
0
    def test_qs_and_cookie(self):
        """
        Even when fuzz_cookies is True, we won't create HeaderMutants based
        on a FuzzableRequest. This is one of the ugly things related with

            https://github.com/andresriancho/w3af/issues/3149

        Which we fixed!
        """
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # And now there is a cookie
        cookie = Cookie('foo=bar')
        freq = FuzzableRequest(url, cookie=cookie)
        mutants = create_mutants(freq, self.payloads)

        expected_urls = [
            u'http://moth/?id=abc', u'http://moth/?id=def',
            u'http://moth/?id=1', u'http://moth/?id=1'
        ]

        generated_urls = [m.get_uri().url_string for m in mutants]

        self.assertEqual(generated_urls, expected_urls)
        self.assertAllInstance(mutants[:2], QSMutant)
        self.assertAllInstance(mutants[2:], CookieMutant)
        self.assertAllHaveTokens(mutants)
Example #8
0
    def test_simple(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def']
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)
        self.assertAllInstance(generated_mutants, QSMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #9
0
    def test_qs_and_no_cookie(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # But there is no cookie
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def']
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)
Example #10
0
    def test_form_file_qs(self):
        cf_singleton.save("fuzzable_headers", [])
        cf_singleton.save("fuzz_cookies", False)
        cf_singleton.save("fuzz_url_filenames", False)
        cf_singleton.save("fuzzed_files_extension", "gif")
        cf_singleton.save("fuzz_form_files", True)  # This one changed
        cf_singleton.save("fuzz_url_parts", False)

        url = URL("http://moth/foo.htm")
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        self.assertEqual(generated_mutants, [])
Example #11
0
    def test_no_cookie_in_request(self):
        cf_singleton.save("fuzzable_headers", [])
        cf_singleton.save("fuzz_cookies", True)  # This one changed
        cf_singleton.save("fuzz_url_filenames", False)
        cf_singleton.save("fuzzed_files_extension", "gif")
        cf_singleton.save("fuzz_form_files", False)
        cf_singleton.save("fuzz_url_parts", False)

        url = URL("http://moth/?id=1")
        # But there is no cookie
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ["http://moth/?id=abc", "http://moth/?id=def"]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)
        self.assertAllInstance(generated_mutants, QSMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #12
0
    def test_fuzz_headers(self):
        cf_singleton.save("fuzzable_headers", ["Referer"])  # This one changed
        cf_singleton.save("fuzz_cookies", False)
        cf_singleton.save("fuzz_url_filenames", False)
        cf_singleton.save("fuzzed_files_extension", "gif")
        cf_singleton.save("fuzz_form_files", False)
        cf_singleton.save("fuzz_url_parts", False)

        url = URL("http://moth/?id=1")
        # With headers
        headers = Headers([("Referer", "http://moths/"), ("Foo", "Bar")])
        freq = FuzzableRequest(url, headers=headers)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ["http://moth/?id=abc", "http://moth/?id=def", "http://moth/?id=1", "http://moth/?id=1"]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]
        self.assertEqual(generated_urls, expected_urls)

        expected_headers = [
            headers,
            headers,
            Headers([("Referer", "abc"), ("Foo", "Bar")]),
            Headers([("Referer", "def"), ("Foo", "Bar")]),
        ]

        generated_headers = [m.get_headers() for m in generated_mutants]
        self.assertEqual(expected_headers, generated_headers)

        self.assertAllInstance(generated_mutants[:2], QSMutant)
        self.assertAllInstance(generated_mutants[2:], HeadersMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #13
0
    def test_fuzz_headers_no_headers(self):
        cf_singleton.save('fuzzable_headers', ['Referer'])  # This one changed
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # No headers in the original request
        #headers = Headers([('Referer', 'http://moth/foo/bar/')])
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [
            'http://moth/?id=abc',
            'http://moth/?id=def',
            'http://moth/?id=1',
            'http://moth/?id=1',
        ]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        expected_headers = [
            Headers(),
            Headers(),
            Headers([('Referer', 'abc')]),
            Headers([('Referer', 'def')]),
        ]

        generated_headers = [m.get_headers() for m in generated_mutants]

        self.assertEqual(expected_headers, generated_headers)

        self.assertTrue(
            all(
                isinstance(m, QSMutant) or isinstance(m, HeadersMutant)
                for m in generated_mutants))
Example #14
0
    def test_form_file_post_no_files(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', True)  # This one changed
        cf_singleton.save('fuzz_url_parts', False)

        form = Form()
        form.add_input([("name", "username"), ("value", "")])
        form.add_input([("name", "address"), ("value", "")])

        freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'),
                                   dc=form,
                                   method='PUT')

        generated_mutants = create_mutants(freq, self.payloads)

        self.assertTrue(
            all('http://www.w3af.com/?id=3' == m.get_uri().url_string
                for m in generated_mutants))

        self.assertTrue(
            all(isinstance(m, PostDataMutant) for m in generated_mutants),
            generated_mutants)

        self.assertTrue(all(m.get_method() == 'PUT'
                            for m in generated_mutants))

        expected_dc_lst = [
            Form([('username', ['abc']), ('address', ['Bonsai Street 123'])]),
            Form([('username', ['def']), ('address', ['Bonsai Street 123'])]),
            Form([('username', ['John8212']), ('address', ['abc'])]),
            Form([('username', ['John8212']), ('address', ['def'])])
        ]

        created_dc_lst = [i.get_dc() for i in generated_mutants]

        self.assertEqual(created_dc_lst, expected_dc_lst)
Example #15
0
    def test_urlparts_no_path(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', True)  # This one changed

        url = URL('http://moth/')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        self.assertEqual(generated_mutants, [])
Example #16
0
    def test_urlparts_filename_path_qs(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', True)  # This one changed
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', True)  # This one changed

        url = URL('http://moth/foo/bar.htm?id=1')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        generated_uris = [m.get_uri().url_string for m in generated_mutants]
        expected_uris = [
            'http://moth/foo/bar.htm?id=abc',
            'http://moth/foo/bar.htm?id=def',
            'http://moth/foo/abc.htm',
            'http://moth/foo/def.htm',
            'http://moth/foo/bar.abc',
            'http://moth/foo/bar.def',
            'http://moth/abc/bar.htm',
            'http://moth/def/bar.htm',
            'http://moth/foo/abc',
            'http://moth/foo/def',
        ]
        self.assertEqual(generated_uris, expected_uris)
Example #17
0
    def test_qs_and_cookie(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # And now there is a cookie
        cookie = Cookie('foo=bar')
        freq = HTTPQSRequest(url, cookie=cookie)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [u'http://moth/?id=abc',
                         u'http://moth/?id=def',
                         u'http://moth/?id=1',
                         u'http://moth/?id=1']

        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        expected_cookies = ['foo=bar;',
                            'foo=bar;',
                            'foo=abc;',
                            'foo=def;']

        generated_cookies = [str(m.get_cookie()) for m in generated_mutants]

        self.assertEqual(expected_cookies, generated_cookies)

        self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, CookieMutant)
                            for m in generated_mutants))
Example #18
0
    def test_form_file_post_no_files(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', True)  # This one changed
        cf_singleton.save('fuzz_url_parts', False)

        form = Form()
        form.add_input([("name", "username"), ("value", "")])
        form.add_input([("name", "address"), ("value", "")])

        freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'), dc=form,
                                   method='PUT')

        generated_mutants = create_mutants(freq, self.payloads)

        self.assertTrue(all('http://www.w3af.com/?id=3' == m.get_uri().url_string
                            for m in generated_mutants))

        self.assertTrue(all(isinstance(m, PostDataMutant)
                            for m in generated_mutants), generated_mutants)

        self.assertTrue(
            all(m.get_method() == 'PUT' for m in generated_mutants))

        expected_dc_lst = [Form([('username', ['abc']),
                                 ('address', ['Bonsai Street 123'])]),
                           Form([('username', ['def']),
                                 ('address', ['Bonsai Street 123'])]),
                           Form([('username', ['John8212']),
                                 ('address', ['abc'])]),
                           Form([('username', ['John8212']),
                                 ('address', ['def'])])]

        created_dc_lst = [i.get_dc() for i in generated_mutants]

        self.assertEqual(created_dc_lst, expected_dc_lst)
Example #19
0
    def test_fuzz_headers_no_headers(self):
        cf_singleton.save('fuzzable_headers', ['Referer'])  # This one changed
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # No headers in the original request
        #headers = Headers([('Referer', 'http://moth/foo/bar/')])
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def',
                         'http://moth/?id=1',
                         'http://moth/?id=1', ]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        expected_headers = [Headers(),
                            Headers(),
                            Headers([('Referer', 'abc')]),
                            Headers([('Referer', 'def')]), ]

        generated_headers = [m.get_headers() for m in generated_mutants]

        self.assertEqual(expected_headers, generated_headers)

        self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, HeadersMutant)
                            for m in generated_mutants))
Example #20
0
    def test_fuzz_headers(self):
        cf_singleton.save('fuzzable_headers', ['Referer'])  # This one changed
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # With headers
        headers = Headers([('Referer', 'http://moths/'), ('Foo', 'Bar')])
        freq = FuzzableRequest(url, headers=headers)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [
            'http://moth/?id=abc',
            'http://moth/?id=def',
            'http://moth/?id=1',
            'http://moth/?id=1',
        ]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]
        self.assertEqual(generated_urls, expected_urls)

        expected_headers = [
            headers,
            headers,
            Headers([('Referer', 'abc'), ('Foo', 'Bar')]),
            Headers([('Referer', 'def'), ('Foo', 'Bar')]),
        ]

        generated_headers = [m.get_headers() for m in generated_mutants]
        self.assertEqual(expected_headers, generated_headers)

        self.assertAllInstance(generated_mutants[:2], QSMutant)
        self.assertAllInstance(generated_mutants[2:], HeadersMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #21
0
    def test_fuzz_headers(self):
        cf_singleton.save('fuzzable_headers', ['Referer'])  # This one changed
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # With headers
        headers = Headers([('Referer', 'http://moths/'),
                           ('Foo', 'Bar')])
        freq = FuzzableRequest(url, headers=headers)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def',
                         'http://moth/?id=1',
                         'http://moth/?id=1', ]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]
        self.assertEqual(generated_urls, expected_urls)

        expected_headers = [
            headers,
            headers,
            Headers([('Referer', 'abc'), ('Foo', 'Bar')]),
            Headers([('Referer', 'def'), ('Foo', 'Bar')]),]

        generated_headers = [m.get_headers() for m in generated_mutants]
        self.assertEqual(expected_headers, generated_headers)

        self.assertAllInstance(generated_mutants[:2], QSMutant)
        self.assertAllInstance(generated_mutants[2:], HeadersMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #22
0
    def test_filename_fname_qs(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', True)  # This one changed
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/foo.htm?id=1')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [
            u'http://moth/foo.htm?id=abc',
            u'http://moth/foo.htm?id=def',
            u'http://moth/abc.htm',
            u'http://moth/def.htm',
            u'http://moth/foo.abc',
            u'http://moth/foo.def',
        ]

        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        self.assertAllInstance(generated_mutants[:2], QSMutant)
        self.assertAllInstance(generated_mutants[2:], FileNameMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #23
0
    def test_qs_and_cookie(self):
        """
        Even when fuzz_cookies is True, we won't create HeaderMutants based
        on a FuzzableRequest. This is one of the ugly things related with

            https://github.com/andresriancho/w3af/issues/3149

        Which we fixed!
        """
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # And now there is a cookie
        cookie = Cookie('foo=bar')
        freq = FuzzableRequest(url, cookie=cookie)
        mutants = create_mutants(freq, self.payloads)

        expected_urls = [u'http://moth/?id=abc',
                         u'http://moth/?id=def',
                         u'http://moth/?id=1',
                         u'http://moth/?id=1']

        generated_urls = [m.get_uri().url_string for m in mutants]

        self.assertEqual(generated_urls, expected_urls)
        self.assertAllInstance(mutants[:2], QSMutant)
        self.assertAllInstance(mutants[2:], CookieMutant)
        self.assertAllHaveTokens(mutants)
Example #24
0
    def test_urlparts_no_path(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', True)  # This one changed

        url = URL('http://moth/')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        self.assertEqual(generated_mutants, [])
Example #25
0
    def test_filename_fname_qs(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', True)  # This one changed
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/foo.htm?id=1')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [u'http://moth/foo.htm?id=abc',
                         u'http://moth/foo.htm?id=def',
                         u'http://moth/abc.htm',
                         u'http://moth/def.htm',
                         u'http://moth/foo.abc',
                         u'http://moth/foo.def',
                         ]

        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        self.assertAllInstance(generated_mutants[:2], QSMutant)
        self.assertAllInstance(generated_mutants[2:], FileNameMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #26
0
    def test_simple(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        freq = FuzzableRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc', 'http://moth/?id=def']
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)
        self.assertAllInstance(generated_mutants, QSMutant)
        self.assertAllHaveTokens(generated_mutants)
Example #27
0
    def test_qs_and_no_cookie(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # But there is no cookie
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc', 'http://moth/?id=def']
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)