def from_httplib_resp(cls, httplibresp, original_url=None):
'''
Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
instance
:param httplibresp: httplib.HTTPResponse instance
:param original_url: Optional 'url_object' instance.
:return: A HTTPResponse instance
'''
resp = httplibresp
code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
hdrs = Headers(hdrs.items())
if original_url:
url_inst = URL(resp.geturl(), original_url.encoding)
url_inst = url_inst.url_decode()
else:
url_inst = original_url = URL(resp.geturl())
charset = getattr(resp, 'encoding', None)
return cls(code,
body,
hdrs,
url_inst,
original_url,
msg,
charset=charset)
def from_httplib_resp(cls, httplibresp, original_url=None):
'''
Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
instance
:param httplibresp: httplib.HTTPResponse instance
:param original_url: Optional 'url_object' instance.
:return: A HTTPResponse instance
'''
resp = httplibresp
code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
hdrs = Headers(hdrs.items())
if original_url:
url_inst = URL(resp.geturl(), original_url.encoding)
url_inst = url_inst.url_decode()
else:
url_inst = original_url = URL(resp.geturl())
if isinstance(resp, urllib2.HTTPError):
# This is possible because in errors.py I do:
# err = urllib2.HTTPError(req.get_full_url(), code, msg, hdrs, resp)
charset = getattr(resp.fp, 'encoding', None)
else:
# The encoding attribute is only set on CachedResponse instances
charset = getattr(resp, 'encoding', None)
return cls(code, body, hdrs, url_inst, original_url,
msg, charset=charset)
def from_httplib_resp(cls, httplibresp, original_url=None):
'''
Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
instance
:param httplibresp: httplib.HTTPResponse instance
:param original_url: Optional 'url_object' instance.
:return: A HTTPResponse instance
'''
resp = httplibresp
code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
hdrs = Headers(hdrs.items())
if original_url:
url_inst = URL(resp.geturl(), original_url.encoding)
url_inst = url_inst.url_decode()
else:
url_inst = original_url = URL(resp.geturl())
if isinstance(resp, urllib2.HTTPError):
# This is possible because in errors.py I do:
# err = urllib2.HTTPError(req.get_full_url(), code, msg, hdrs, resp)
charset = getattr(resp.fp, 'encoding', None)
else:
# The encoding attribute is only set on CachedResponse instances
charset = getattr(resp, 'encoding', None)
return cls(code,
body,
hdrs,
url_inst,
original_url,
msg,
charset=charset)
def test_http_auth_detect_simple(self):
body = ''
hdrs = {'content-type': 'text/html', 'www-authenticate': 'realm-w3af'}
hdrs = Headers(hdrs.items())
response = HTTPResponse(401, body, hdrs, self.url, self.url, _id=1)
self.plugin.grep(self.request, response)
self.assertEqual(len(kb.kb.get('http_auth_detect', 'auth')), 1)
self.assertEqual(len(kb.kb.get('http_auth_detect', 'userPassUri')), 0)
def test_http_auth_detect_simple(self):
body = ''
hdrs = {'content-type': 'text/html', 'www-authenticate': 'realm-w3af'}
hdrs = Headers(hdrs.items())
response = HTTPResponse(401, body, hdrs, self.url, self.url, _id=1)
self.plugin.grep(self.request, response)
self.assertEqual(len(kb.kb.get('http_auth_detect', 'auth')), 1)
self.assertEqual(len(kb.kb.get('http_auth_detect', 'userPassUri')), 0)
def test_analyze_cookies_with_httponly_case_sensitive_expires(self):
body = ''
url = URL('https://www.w3af.com/')
headers = {'content-type': 'text/html',
'Set-Cookie': 'name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly'}
headers = Headers(headers.items())
response = HTTPResponse(200, body, headers, url, url, _id=1)
request = FuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertEqual(len(kb.kb.get('analyze_cookies', 'cookies')), 1)
self.assertEqual(len(kb.kb.get('analyze_cookies', 'security')), 0)
def test_analyze_cookies_with_httponly_case_sensitive_expires(self):
body = ""
url = URL("https://www.w3af.com/")
headers = {
"content-type": "text/html",
"Set-Cookie": "name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly",
}
headers = Headers(headers.items())
response = HTTPResponse(200, body, headers, url, url, _id=1)
request = FuzzableRequest(url, method="GET")
self.plugin.grep(request, response)
self.assertEqual(len(kb.kb.get("analyze_cookies", "cookies")), 1)
self.assertEqual(len(kb.kb.get("analyze_cookies", "security")), 0)
def test_analyze_cookies_with_httponly_case_sensitive_expires(self):
body = ''
url = URL('https://www.w3af.com/')
headers = {
'content-type':
'text/html',
'Set-Cookie':
'name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly'
}
headers = Headers(headers.items())
response = HTTPResponse(200, body, headers, url, url, _id=1)
request = FuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertEqual(len(kb.kb.get('analyze_cookies', 'cookies')), 1)
self.assertEqual(len(kb.kb.get('analyze_cookies', 'security')), 0)
def from_httplib_resp(cls, httplibresp, original_url=None):
'''
Factory function. Build a HTTPResponse object from a httplib.HTTPResponse
instance
:param httplibresp: httplib.HTTPResponse instance
:param original_url: Optional 'url_object' instance.
:return: A HTTPResponse instance
'''
resp = httplibresp
code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read())
hdrs = Headers(hdrs.items())
if original_url:
url_inst = URL(resp.geturl(), original_url.encoding)
url_inst = url_inst.url_decode()
else:
url_inst = original_url = URL(resp.geturl())
charset = getattr(resp, 'encoding', None)
return cls(code, body, hdrs, url_inst, original_url,
msg, charset=charset)
def create_fuzzable_requests(resp, request=None, add_self=True):
'''
Generates the fuzzable requests based on an HTTP response instance.
:param resp: An HTTPResponse instance.
:param request: The HTTP request that generated the resp
:param add_self: If I should add the current HTTP request
(:param request) to the result on not.
:return: A list of fuzzable requests.
'''
res = []
# Headers for all fuzzable requests created here:
# And add the fuzzable headers to the dict
req_headers = dict((h, '') for h in cf.cf.get('fuzzable_headers'))
req_headers.update(request and request.get_headers() or {})
req_headers = Headers(req_headers.items())
# Get the cookie!
cookieObj = _create_cookie(resp)
# Create the fuzzable request that represents the request object
# passed as parameter
if add_self:
qsr = HTTPQSRequest(
resp.get_uri(),
headers=req_headers,
cookie=cookieObj
)
res.append(qsr)
# If response was a 30X (i.e. a redirect) then include the
# corresponding fuzzable request.
resp_headers = resp.get_headers()
for url_header_name in URL_HEADERS:
url_header_value, _ = resp_headers.iget(url_header_name, '')
if url_header_value:
url = smart_unicode(url_header_value, encoding=resp.charset)
try:
absolute_location = resp.get_url().url_join(url)
except ValueError:
msg = 'The application sent a "%s" redirect that w3af' \
' failed to correctly parse as an URL, the header' \
' value was: "%s"'
om.out.debug(msg % (url_header_name, url))
else:
qsr = HTTPQSRequest(
absolute_location,
headers=req_headers,
cookie=cookieObj
)
res.append(qsr)
# Try to find forms in the document
try:
dp = parser_cache.dpc.get_document_parser_for(resp)
except w3afException:
# Failed to find a suitable parser for the document
form_list = []
else:
form_list = dp.get_forms()
same_domain = lambda f: f.get_action(
).get_domain() == resp.get_url().get_domain()
form_list = [f for f in form_list if same_domain(f)]
if not form_list:
# Check if its a wsdl file
#TODO: Rewrite web service support
'''
wsdlp = WSDLParser()
try:
wsdlp.set_wsdl(resp.get_body())
except w3afException:
pass
else:
for rem_meth in wsdlp.get_methods():
wspdr = WebServiceRequest(
rem_meth.get_location(),
rem_meth.get_action(),
rem_meth.get_parameters(),
rem_meth.get_namespace(),
rem_meth.get_methodName(),
req_headers
)
res.append(wspdr)
'''
else:
# Create one HTTPPostDataRequest for each form variant
mode = cf.cf.get('form_fuzzing_mode')
for form in form_list:
for variant in form.get_variants(mode):
if form.get_method().upper() == 'POST':
r = HTTPPostDataRequest(
variant.get_action(),
variant.get_method(),
req_headers,
cookieObj,
variant)
else:
# The default is a GET request
r = HTTPQSRequest(
variant.get_action(),
headers=req_headers,
cookie=cookieObj
)
r.set_dc(variant)
res.append(r)
return res
