Exemple #1
0
    def from_httplib_resp(cls, httplibresp, original_url=None):
        '''
        Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
        instance
    
        :param httplibresp: httplib.HTTPResponse instance
        :param original_url: Optional 'url_object' instance.
    
        :return: A HTTPResponse instance
        '''
        resp = httplibresp
        code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
        hdrs = Headers(hdrs.items())

        if original_url:
            url_inst = URL(resp.geturl(), original_url.encoding)
            url_inst = url_inst.url_decode()
        else:
            url_inst = original_url = URL(resp.geturl())

        charset = getattr(resp, 'encoding', None)
        return cls(code,
                   body,
                   hdrs,
                   url_inst,
                   original_url,
                   msg,
                   charset=charset)
Exemple #2
0
 def from_httplib_resp(cls, httplibresp, original_url=None):
     '''
     Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
     instance
 
     :param httplibresp: httplib.HTTPResponse instance
     :param original_url: Optional 'url_object' instance.
 
     :return: A HTTPResponse instance
     '''
     resp = httplibresp
     code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
     hdrs = Headers(hdrs.items())
 
     if original_url:
         url_inst = URL(resp.geturl(), original_url.encoding)
         url_inst = url_inst.url_decode()
     else:
         url_inst = original_url = URL(resp.geturl())
 
     
     if isinstance(resp, urllib2.HTTPError):
         # This is possible because in errors.py I do:
         # err = urllib2.HTTPError(req.get_full_url(), code, msg, hdrs, resp)
         charset = getattr(resp.fp, 'encoding', None)
     else:
         # The encoding attribute is only set on CachedResponse instances
         charset = getattr(resp, 'encoding', None)
     
     return cls(code, body, hdrs, url_inst, original_url,
                msg, charset=charset)
Exemple #3
0
    def from_httplib_resp(cls, httplibresp, original_url=None):
        '''
        Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
        instance
    
        :param httplibresp: httplib.HTTPResponse instance
        :param original_url: Optional 'url_object' instance.
    
        :return: A HTTPResponse instance
        '''
        resp = httplibresp
        code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
        hdrs = Headers(hdrs.items())

        if original_url:
            url_inst = URL(resp.geturl(), original_url.encoding)
            url_inst = url_inst.url_decode()
        else:
            url_inst = original_url = URL(resp.geturl())

        if isinstance(resp, urllib2.HTTPError):
            # This is possible because in errors.py I do:
            # err = urllib2.HTTPError(req.get_full_url(), code, msg, hdrs, resp)
            charset = getattr(resp.fp, 'encoding', None)
        else:
            # The encoding attribute is only set on CachedResponse instances
            charset = getattr(resp, 'encoding', None)

        return cls(code,
                   body,
                   hdrs,
                   url_inst,
                   original_url,
                   msg,
                   charset=charset)
Exemple #4
0
 def test_http_auth_detect_simple(self):
     body = ''
     hdrs = {'content-type': 'text/html', 'www-authenticate': 'realm-w3af'}
     hdrs = Headers(hdrs.items())
     response = HTTPResponse(401, body, hdrs, self.url, self.url, _id=1)
     self.plugin.grep(self.request, response)
     self.assertEqual(len(kb.kb.get('http_auth_detect', 'auth')), 1)
     self.assertEqual(len(kb.kb.get('http_auth_detect', 'userPassUri')), 0)
 def test_http_auth_detect_simple(self):
     body = ''
     hdrs = {'content-type': 'text/html', 'www-authenticate': 'realm-w3af'}
     hdrs = Headers(hdrs.items())
     response = HTTPResponse(401, body, hdrs, self.url, self.url, _id=1)
     self.plugin.grep(self.request, response)
     self.assertEqual(len(kb.kb.get('http_auth_detect', 'auth')), 1)
     self.assertEqual(len(kb.kb.get('http_auth_detect', 'userPassUri')), 0)
    def test_analyze_cookies_with_httponly_case_sensitive_expires(self):
        body = ''
        url = URL('https://www.w3af.com/')
        headers = {'content-type': 'text/html',
                   'Set-Cookie': 'name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly'}
        headers = Headers(headers.items())
        response = HTTPResponse(200, body, headers, url, url, _id=1)
        request = FuzzableRequest(url, method='GET')

        self.plugin.grep(request, response)

        self.assertEqual(len(kb.kb.get('analyze_cookies', 'cookies')), 1)
        self.assertEqual(len(kb.kb.get('analyze_cookies', 'security')), 0)
Exemple #7
0
    def test_analyze_cookies_with_httponly_case_sensitive_expires(self):
        body = ""
        url = URL("https://www.w3af.com/")
        headers = {
            "content-type": "text/html",
            "Set-Cookie": "name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly",
        }
        headers = Headers(headers.items())
        response = HTTPResponse(200, body, headers, url, url, _id=1)
        request = FuzzableRequest(url, method="GET")

        self.plugin.grep(request, response)

        self.assertEqual(len(kb.kb.get("analyze_cookies", "cookies")), 1)
        self.assertEqual(len(kb.kb.get("analyze_cookies", "security")), 0)
Exemple #8
0
    def test_analyze_cookies_with_httponly_case_sensitive_expires(self):
        body = ''
        url = URL('https://www.w3af.com/')
        headers = {
            'content-type':
            'text/html',
            'Set-Cookie':
            'name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly'
        }
        headers = Headers(headers.items())
        response = HTTPResponse(200, body, headers, url, url, _id=1)
        request = FuzzableRequest(url, method='GET')

        self.plugin.grep(request, response)

        self.assertEqual(len(kb.kb.get('analyze_cookies', 'cookies')), 1)
        self.assertEqual(len(kb.kb.get('analyze_cookies', 'security')), 0)
Exemple #9
0
 def from_httplib_resp(cls, httplibresp, original_url=None):
     '''
     Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
     instance
 
     :param httplibresp: httplib.HTTPResponse instance
     :param original_url: Optional 'url_object' instance.
 
     :return: A HTTPResponse instance
     '''
     resp = httplibresp
     code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
     hdrs = Headers(hdrs.items())
 
     if original_url:
         url_inst = URL(resp.geturl(), original_url.encoding)
         url_inst = url_inst.url_decode()
     else:
         url_inst = original_url = URL(resp.geturl())
 
     charset = getattr(resp, 'encoding', None)
     return cls(code, body, hdrs, url_inst, original_url,
                msg, charset=charset)
Exemple #10
0
def create_fuzzable_requests(resp, request=None, add_self=True):
    '''
    Generates the fuzzable requests based on an HTTP response instance.

    :param resp: An HTTPResponse instance.
    :param request: The HTTP request that generated the resp
    :param add_self: If I should add the current HTTP request
                         (:param request) to the result on not.

    :return: A list of fuzzable requests.
    '''
    res = []

    # Headers for all fuzzable requests created here:
    # And add the fuzzable headers to the dict
    req_headers = dict((h, '') for h in cf.cf.get('fuzzable_headers'))
    req_headers.update(request and request.get_headers() or {})
    req_headers = Headers(req_headers.items())

    # Get the cookie!
    cookieObj = _create_cookie(resp)

    # Create the fuzzable request that represents the request object
    # passed as parameter
    if add_self:
        qsr = HTTPQSRequest(
            resp.get_uri(),
            headers=req_headers,
            cookie=cookieObj
        )
        res.append(qsr)

    # If response was a 30X (i.e. a redirect) then include the
    # corresponding fuzzable request.
    resp_headers = resp.get_headers()

    for url_header_name in URL_HEADERS:
        url_header_value, _ = resp_headers.iget(url_header_name, '')
        if url_header_value:
            url = smart_unicode(url_header_value, encoding=resp.charset)
            try:
                absolute_location = resp.get_url().url_join(url)
            except ValueError:
                msg = 'The application sent a "%s" redirect that w3af' \
                      ' failed to correctly parse as an URL, the header' \
                      ' value was: "%s"'
                om.out.debug(msg % (url_header_name, url))
            else:
                qsr = HTTPQSRequest(
                    absolute_location,
                    headers=req_headers,
                    cookie=cookieObj
                )
                res.append(qsr)

    # Try to find forms in the document
    try:
        dp = parser_cache.dpc.get_document_parser_for(resp)
    except w3afException:
        # Failed to find a suitable parser for the document
        form_list = []
    else:
        form_list = dp.get_forms()
        same_domain = lambda f: f.get_action(
        ).get_domain() == resp.get_url().get_domain()
        form_list = [f for f in form_list if same_domain(f)]

    if not form_list:
        # Check if its a wsdl file
        #TODO: Rewrite web service support
        '''
        wsdlp = WSDLParser()
        try:
            wsdlp.set_wsdl(resp.get_body())
        except w3afException:
            pass
        else:
            for rem_meth in wsdlp.get_methods():
                wspdr = WebServiceRequest(
                    rem_meth.get_location(),
                    rem_meth.get_action(),
                    rem_meth.get_parameters(),
                    rem_meth.get_namespace(),
                    rem_meth.get_methodName(),
                    req_headers
                )
                res.append(wspdr)
        '''
    else:
        # Create one HTTPPostDataRequest for each form variant
        mode = cf.cf.get('form_fuzzing_mode')
        for form in form_list:
            for variant in form.get_variants(mode):
                if form.get_method().upper() == 'POST':
                    r = HTTPPostDataRequest(
                        variant.get_action(),
                        variant.get_method(),
                        req_headers,
                        cookieObj,
                        variant)
                else:
                    # The default is a GET request
                    r = HTTPQSRequest(
                        variant.get_action(),
                        headers=req_headers,
                        cookie=cookieObj
                    )
                    r.set_dc(variant)

                res.append(r)
    return res