def setup_fuzz_window(self):
self.callbackLogger = self.CallbackLogger()
self.domFuzzerWebView = DomFuzzerWebView(self.framework,
self.callbackLogger,
self.mainWindow)
self.domFuzzerPlaceholderLayout = self.mainWindow.domFuzzerFuzzPlaceholder.layout(
)
if not self.domFuzzerPlaceholderLayout:
self.domFuzzerPlaceholderLayout = QVBoxLayout(
self.mainWindow.domFuzzerFuzzPlaceholder)
self.domFuzzerPlaceholderLayout.addWidget(self.domFuzzerWebView)
self.currentFuzzId = None
QObject.connect(self.domFuzzerWebView, SIGNAL('loadStarted()'),
self.handle_webView_loadStarted)
QObject.connect(self.domFuzzerWebView, SIGNAL('loadFinished(bool)'),
self.handle_webView_loadFinished)
def setup_fuzz_window(self):
self.callbackLogger = self.CallbackLogger()
self.domFuzzerWebView = DomFuzzerWebView(self.framework, self.callbackLogger, self.mainWindow)
self.domFuzzerPlaceholderLayout = self.mainWindow.domFuzzerFuzzPlaceholder.layout()
if not self.domFuzzerPlaceholderLayout:
self.domFuzzerPlaceholderLayout = QVBoxLayout(self.mainWindow.domFuzzerFuzzPlaceholder)
self.domFuzzerPlaceholderLayout.addWidget(self.domFuzzerWebView)
self.currentFuzzId = None
QObject.connect(self.domFuzzerWebView, SIGNAL('loadStarted()'), self.handle_webView_loadStarted)
QObject.connect(self.domFuzzerWebView, SIGNAL('loadFinished(bool)'), self.handle_webView_loadFinished)
class DomFuzzerTab(QObject):
class CallbackLogger():
def __init__(self):
self.messages = []
def log(self, source, url, message):
self.messages.append((source, url, message))
def clear_messages(self):
self.messages = []
def get_messages(self):
return self.messages
def __init__(self, framework, mainWindow):
QObject.__init__(self, mainWindow)
self.framework = framework
self.mainWindow = mainWindow
self.mainWindow.domFuzzerStartButton.clicked.connect(
self.handle_fuzzerStart_clicked)
self.mainWindow.domFuzzerStopButton.clicked.connect(
self.handle_fuzzerStop_clicked)
self.mainWindow.domFuzzerClearQueueButton.clicked.connect(
self.handle_fuzzerClearQueue_clicked)
self.mainWindow.domFuzzerStartButton.setEnabled(True)
self.mainWindow.domFuzzerStopButton.setEnabled(False)
self.miniResponseRenderWidget = MiniResponseRenderWidget(
self.framework, self.mainWindow.domFuzzerResultsTabWidget, False,
self)
self.setup_fuzz_window()
self.Data = None
self.cursor = None
self.framework.subscribe_database_events(self.db_attach,
self.db_detach)
def db_attach(self):
self.Data = self.framework.getDB()
self.cursor = self.Data.allocate_thread_cursor()
def db_detach(self):
self.close_cursor()
self.Data = None
def close_cursor(self):
if self.cursor and self.Data:
self.cursor.close()
self.Data.release_thread_cursor(self.cursor)
self.cursor = None
def handle_fuzzerStart_clicked(self):
self.mainWindow.domFuzzerStartButton.setEnabled(False)
self.mainWindow.domFuzzerStopButton.setEnabled(True)
self.domFuzzerThread.startFuzzing(self)
def handle_fuzzerStop_clicked(self):
self.mainWindow.domFuzzerStartButton.setEnabled(True)
self.mainWindow.domFuzzerStopButton.setEnabled(False)
self.domFuzzerThread.stopFuzzing()
def handle_fuzzerClearQueue_clicked(self):
self.domFuzzerThread.clearFuzzQueue()
def setup_fuzzer_results_treeview(self):
treeView = self.mainWindow.domFuzzerResultsTreeView
treeView.setSelectionMode(treeView.ExtendedSelection)
self.resultsTreeViewSelectionModel = QItemSelectionModel(
treeView.model())
treeView.setSelectionModel(self.resultsTreeViewSelectionModel)
treeView.clicked.connect(self.handle_resultsTreeView_clicked)
# self.resultsTreeViewSelectionModel.selectionChanged.connect(self.handle_selectionChanged)
self.resultsTreeViewSelectionModel.currentChanged.connect(
self.handle_currentChanged)
treeView.setContextMenuPolicy(Qt.CustomContextMenu)
self.connect(treeView,
SIGNAL("customContextMenuRequested(const QPoint&)"),
self.fuzzer_results_context_menu)
self.resultsMenu = QMenu(treeView)
self.copyUrlAction = action = QAction("Copy URL", self)
action.triggered.connect(self.fuzzer_results_copy_url)
self.resultsMenu.addAction(action)
def fuzzer_results_context_menu(self, point):
if len(self.resultsTreeViewSelectionModel.selectedRows()) > 1:
self.copyUrlAction.setText('Copy URLs')
else:
self.copyUrlAction.setText('Copy URL')
self.resultsMenu.exec_(
self.mainWindow.domFuzzerResultsTreeView.mapToGlobal(point))
def fuzzer_results_index_to_url(self, dataModel, index):
index = dataModel.index(index.row(), 5) # TODO: use constant
if index.isValid():
currentItem = dataModel.data(index)
if currentItem is not None:
url = currentItem
return url
return None
def fuzzer_results_copy_url(self):
url_list = []
dataModel = self.mainWindow.domFuzzerResultsTreeView.model()
for index in self.resultsTreeViewSelectionModel.selectedRows():
curUrl = self.fuzzer_results_index_to_url(dataModel, index)
if curUrl:
url_list.append(curUrl)
QApplication.clipboard().setText('\n'.join(url_list))
def setup_fuzz_window(self):
self.callbackLogger = self.CallbackLogger()
self.domFuzzerWebView = DomFuzzerWebView(self.framework,
self.callbackLogger,
self.mainWindow)
self.domFuzzerPlaceholderLayout = self.mainWindow.domFuzzerFuzzPlaceholder.layout(
)
if not self.domFuzzerPlaceholderLayout:
self.domFuzzerPlaceholderLayout = QVBoxLayout(
self.mainWindow.domFuzzerFuzzPlaceholder)
self.domFuzzerPlaceholderLayout.addWidget(self.domFuzzerWebView)
self.currentFuzzId = None
QObject.connect(self.domFuzzerWebView, SIGNAL('loadStarted()'),
self.handle_webView_loadStarted)
QObject.connect(self.domFuzzerWebView, SIGNAL('loadFinished(bool)'),
self.handle_webView_loadFinished)
def set_fuzzer_thread(self, domFuzzerThread):
self.domFuzzerThread = domFuzzerThread
QObject.connect(self,
SIGNAL('fuzzItemAvailable(int, QByteArray, QUrl)'),
self.handle_fuzzItemAvailable)
QObject.connect(self, SIGNAL('fuzzRunFinished()'),
self.handle_fuzzRunFinished)
self.qtimer = QTimer()
self.qtimer2 = QTimer()
QObject.connect(self.qtimer, SIGNAL('timeout()'),
self.handle_load_timeout)
QObject.connect(self.qtimer2, SIGNAL('timeout()'),
self.handle_render_timeout)
def handle_fuzzItemAvailable(self, fuzzId, htmlContent, qurl):
self.currentFuzzId = fuzzId
self.currentFuzzUrl = qurl.toEncoded().data().decode('utf-8')
self.callbackLogger.clear_messages()
self.qtimer.start(3000) # 3 seconds to finish
self.domFuzzerWebView.setContent(htmlContent, '', qurl)
def handle_webView_loadStarted(self):
# print('loading started')
pass
def handle_webView_loadFinished(self, ok):
url = self.domFuzzerWebView.url().toString()
# print(('handle_webView_loadFinished', ok, url))
if url == 'about:blank':
return
if self.qtimer.isActive():
self.qtimer.stop()
if self.qtimer2.isActive():
self.qtimer2.stop()
if ok:
self.qtimer2.start(1000) # 1 seconds to finish
else:
self.fuzzItemCompleted(ok)
def handle_load_timeout(self):
if self.qtimer.isActive():
self.qtimer.stop()
# print('forcbily stopping page')
self.domFuzzerWebView.stop()
self.fuzzItemCompleted(False)
def handle_render_timeout(self):
if self.qtimer2.isActive():
self.qtimer2.stop()
# TODO: should check progress
self.domFuzzerWebView.stop()
self.fuzzItemCompleted(True)
def fuzzItemCompleted(self, ok):
if self.currentFuzzId is not None:
mainFrame = self.domFuzzerWebView.page().mainFrame()
dom = mainFrame.documentElement()
html = dom.toOuterXml()
self.domFuzzerThread.fuzzItemFinished(
self.currentFuzzId, self.currentFuzzUrl, html,
self.callbackLogger.get_messages())
self.domFuzzerWebView.setUrl(QUrl('about:blank'))
self.currentFuzzId = None
def handle_fuzzRunFinished(self):
self.mainWindow.domFuzzerStartButton.setEnabled(True)
self.mainWindow.domFuzzerStopButton.setEnabled(False)
def handle_resultsTreeView_clicked(self):
index = self.mainWindow.domFuzzerResultsTreeView.currentIndex()
self.fill_results_view(index)
def handle_currentChanged(self, index):
self.fill_results_view(index)
def fill_results_view(self, index):
index = self.mainWindow.domFuzzerResultsDataModel.index(
index.row(), DomFuzzerResultsTable.ID)
if index.isValid():
currentItem = self.mainWindow.domFuzzerResultsDataModel.data(index)
if currentItem is not None:
fuzzId = str(currentItem)
self.populate_results_response_render(fuzzId)
def populate_results_response_render(self, fuzzId):
results = self.Data.read_dom_fuzzer_results_by_id(
self.cursor, int(fuzzId))
if results:
resultsItems = [m or '' for m in results]
self.miniResponseRenderWidget.populate_response_content(
resultsItems[DomFuzzerResultsTable.URL],
b'', # TODO: determine if it makes sense to expose these values
b'',
b'',
bytes(resultsItems[DomFuzzerResultsTable.RENDERED_DATA]),
'')
class DomFuzzerTab(QObject):
class CallbackLogger():
def __init__(self):
self.messages = []
def log(self, source, url, message):
self.messages.append((source, url, message))
def clear_messages(self):
self.messages = []
def get_messages(self):
return self.messages
def __init__(self, framework, mainWindow):
QObject.__init__(self, mainWindow)
self.framework = framework
self.mainWindow = mainWindow
self.mainWindow.domFuzzerStartButton.clicked.connect(self.handle_fuzzerStart_clicked)
self.mainWindow.domFuzzerStopButton.clicked.connect(self.handle_fuzzerStop_clicked)
self.mainWindow.domFuzzerClearQueueButton.clicked.connect(self.handle_fuzzerClearQueue_clicked)
self.mainWindow.domFuzzerStartButton.setEnabled(True)
self.mainWindow.domFuzzerStopButton.setEnabled(False)
self.miniResponseRenderWidget = MiniResponseRenderWidget(self.framework, self.mainWindow.domFuzzerResultsTabWidget, False, self)
self.setup_fuzz_window()
self.Data = None
self.cursor = None
self.framework.subscribe_database_events(self.db_attach, self.db_detach)
def db_attach(self):
self.Data = self.framework.getDB()
self.cursor = self.Data.allocate_thread_cursor()
def db_detach(self):
self.close_cursor()
self.Data = None
def close_cursor(self):
if self.cursor and self.Data:
self.cursor.close()
self.Data.release_thread_cursor(self.cursor)
self.cursor = None
def handle_fuzzerStart_clicked(self):
self.mainWindow.domFuzzerStartButton.setEnabled(False)
self.mainWindow.domFuzzerStopButton.setEnabled(True)
self.domFuzzerThread.startFuzzing(self)
def handle_fuzzerStop_clicked(self):
self.mainWindow.domFuzzerStartButton.setEnabled(True)
self.mainWindow.domFuzzerStopButton.setEnabled(False)
self.domFuzzerThread.stopFuzzing()
def handle_fuzzerClearQueue_clicked(self):
self.domFuzzerThread.clearFuzzQueue()
def setup_fuzzer_results_treeview(self):
treeView = self.mainWindow.domFuzzerResultsTreeView
treeView.setSelectionMode(treeView.ExtendedSelection)
self.resultsTreeViewSelectionModel = QItemSelectionModel(treeView.model())
treeView.setSelectionModel(self.resultsTreeViewSelectionModel)
treeView.clicked.connect(self.handle_resultsTreeView_clicked)
# self.resultsTreeViewSelectionModel.selectionChanged.connect(self.handle_selectionChanged)
self.resultsTreeViewSelectionModel.currentChanged.connect(self.handle_currentChanged)
treeView.setContextMenuPolicy(Qt.CustomContextMenu)
self.connect(treeView, SIGNAL("customContextMenuRequested(const QPoint&)"), self.fuzzer_results_context_menu)
self.resultsMenu = QMenu(treeView)
self.copyUrlAction = action = QAction("Copy URL", self)
action.triggered.connect(self.fuzzer_results_copy_url)
self.resultsMenu.addAction(action)
def fuzzer_results_context_menu(self, point):
if len(self.resultsTreeViewSelectionModel.selectedRows()) > 1:
self.copyUrlAction.setText('Copy URLs')
else:
self.copyUrlAction.setText('Copy URL')
self.resultsMenu.exec_(self.mainWindow.domFuzzerResultsTreeView.mapToGlobal(point))
def fuzzer_results_index_to_url(self, dataModel, index):
index = dataModel.index(index.row(), 5) # TODO: use constant
if index.isValid():
currentItem = dataModel.data(index)
if currentItem is not None:
url = currentItem
return url
return None
def fuzzer_results_copy_url(self):
url_list = []
dataModel = self.mainWindow.domFuzzerResultsTreeView.model()
for index in self.resultsTreeViewSelectionModel.selectedRows():
curUrl = self.fuzzer_results_index_to_url(dataModel, index)
if curUrl:
url_list.append(curUrl)
QApplication.clipboard().setText('\n'.join(url_list))
def setup_fuzz_window(self):
self.callbackLogger = self.CallbackLogger()
self.domFuzzerWebView = DomFuzzerWebView(self.framework, self.callbackLogger, self.mainWindow)
self.domFuzzerPlaceholderLayout = self.mainWindow.domFuzzerFuzzPlaceholder.layout()
if not self.domFuzzerPlaceholderLayout:
self.domFuzzerPlaceholderLayout = QVBoxLayout(self.mainWindow.domFuzzerFuzzPlaceholder)
self.domFuzzerPlaceholderLayout.addWidget(self.domFuzzerWebView)
self.currentFuzzId = None
QObject.connect(self.domFuzzerWebView, SIGNAL('loadStarted()'), self.handle_webView_loadStarted)
QObject.connect(self.domFuzzerWebView, SIGNAL('loadFinished(bool)'), self.handle_webView_loadFinished)
def set_fuzzer_thread(self, domFuzzerThread):
self.domFuzzerThread = domFuzzerThread
QObject.connect(self, SIGNAL('fuzzItemAvailable(int, QByteArray, QUrl)'), self.handle_fuzzItemAvailable)
QObject.connect(self, SIGNAL('fuzzRunFinished()'), self.handle_fuzzRunFinished)
self.qtimer = QTimer()
self.qtimer2 = QTimer()
QObject.connect(self.qtimer, SIGNAL('timeout()'), self.handle_load_timeout)
QObject.connect(self.qtimer2, SIGNAL('timeout()'), self.handle_render_timeout)
def handle_fuzzItemAvailable(self, fuzzId, htmlContent, qurl):
self.currentFuzzId = fuzzId
self.currentFuzzUrl = qurl.toEncoded().data().decode('utf-8')
self.callbackLogger.clear_messages()
self.qtimer.start(3000) # 3 seconds to finish
self.domFuzzerWebView.setContent(htmlContent, '', qurl)
def handle_webView_loadStarted(self):
# print('loading started')
pass
def handle_webView_loadFinished(self, ok):
url = self.domFuzzerWebView.url().toString()
# print(('handle_webView_loadFinished', ok, url))
if url == 'about:blank':
return
if self.qtimer.isActive():
self.qtimer.stop()
if self.qtimer2.isActive():
self.qtimer2.stop()
if ok:
self.qtimer2.start(1000) # 1 seconds to finish
else:
self.fuzzItemCompleted(ok)
def handle_load_timeout(self):
if self.qtimer.isActive():
self.qtimer.stop()
# print('forcbily stopping page')
self.domFuzzerWebView.stop()
self.fuzzItemCompleted(False)
def handle_render_timeout(self):
if self.qtimer2.isActive():
self.qtimer2.stop()
# TODO: should check progress
self.domFuzzerWebView.stop()
self.fuzzItemCompleted(True)
def fuzzItemCompleted(self, ok):
if self.currentFuzzId is not None:
mainFrame = self.domFuzzerWebView.page().mainFrame()
dom = mainFrame.documentElement()
html = dom.toOuterXml()
self.domFuzzerThread.fuzzItemFinished(self.currentFuzzId, self.currentFuzzUrl, html, self.callbackLogger.get_messages())
self.domFuzzerWebView.setUrl(QUrl('about:blank'))
self.currentFuzzId = None
def handle_fuzzRunFinished(self):
self.mainWindow.domFuzzerStartButton.setEnabled(True)
self.mainWindow.domFuzzerStopButton.setEnabled(False)
def handle_resultsTreeView_clicked(self):
index = self.mainWindow.domFuzzerResultsTreeView.currentIndex()
self.fill_results_view(index)
def handle_currentChanged(self, index):
self.fill_results_view(index)
def fill_results_view(self, index):
index = self.mainWindow.domFuzzerResultsDataModel.index(index.row(), DomFuzzerResultsTable.ID)
if index.isValid():
currentItem = self.mainWindow.domFuzzerResultsDataModel.data(index)
if currentItem is not None:
fuzzId = str(currentItem)
self.populate_results_response_render(fuzzId)
def populate_results_response_render(self, fuzzId):
results = self.Data.read_dom_fuzzer_results_by_id(self.cursor, int(fuzzId))
if results:
resultsItems = [m or '' for m in results]
self.miniResponseRenderWidget.populate_response_content(
resultsItems[DomFuzzerResultsTable.URL],
b'', # TODO: determine if it makes sense to expose these values
b'',
b'',
bytes(resultsItems[DomFuzzerResultsTable.RENDERED_DATA]),
''
)
