def bruteforce_wrapper( self, fuzzable_request ):
self.audit_wrapper( fuzzable_request.copy() )
res = []
for v in kb.kb.getData( self.getName(), 'auth' ):
if v.getURL() not in self._alreadyReported:
self._alreadyReported.append( v.getURL() )
res.extend( createFuzzableRequests(v['response']) )
return res
def _pre_discovery(self):
'''
Create the first fuzzableRequestList
'''
# We only want to scan pages that in current scope
get_curr_scope_pages = lambda fr: \
fr.getURL().getDomain() == url.getDomain()
for url in cf.cf.getData('targets'):
try:
#
# GET the initial target URLs in order to save them
# in a list and use them as our bootstrap URLs
#
response = self._w3af_core.uriOpener.GET(url, cache=True)
self._fuzzable_request_set.update( filter(
get_curr_scope_pages, createFuzzableRequests(response)) )
#
# NOTE: I need to perform this test here in order to avoid some weird
# thread locking that happens when the webspider calls is_404, and
# because I want to initialize the is_404 database in a controlled
# try/except block.
#
from core.controllers.coreHelpers.fingerprint_404 import is_404
is_404(response)
except KeyboardInterrupt:
self._w3af_core._end()
raise
except (w3afMustStopOnUrlError, w3afException, w3afMustStopException), w3:
om.out.error('The target URL: %s is unreachable.' % url)
om.out.error('Error description: %s' % w3)
except Exception, e:
om.out.error('The target URL: %s is unreachable '
'because of an unhandled exception.' % url)
om.out.error('Error description: "%s". See debug '
'output for more information.' % e)
om.out.error('Traceback for this error: %s' %
traceback.format_exc())
def _createFuzzableRequests( self, httpResponse, request=None, add_self=True ):
return createFuzzableRequests( httpResponse, request, add_self )
