def test_filter_by_body(): f = context.gen_filter_by_body(['ct', 'sexy']) fn = context.gen_filter_by_body(['nct', 'sexy']) # Test request bodies r = Request() r.start_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.body = 'foo' assert not f(r) assert fn(r) r.body = 'sexy' assert f(r) assert not fn(r) # Test response bodies r = Request() rsp = Response() rsp.start_line = 'HTTP/1.1 200 OK' rsp.headers['sexy'] = 'sexy' r.start_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.response = rsp assert not f(r) assert fn(r) rsp.body = 'sexy' assert f(r) assert not fn(r)
def req_w_rsp(req): r = Response() r.status_line = 'HTTP/1.1 200 OK' r.headers['Test-Header'] = 'ABC123' r.raw_data = 'AAAA' req.response = r return req
def test_filter_by_raw_headers_request(): f1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:') fn1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:', negate=True) f2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader') fn2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader', negate=True) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) r.headers['OtherHeader'] = 'sexy' r.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def test_filter_by_body(): f = context.gen_filter_by_body(context.cmp_contains, 'sexy') fn = context.gen_filter_by_body(context.cmp_contains, 'sexy', negate=True) # Test request bodies r = Request() r.status_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.raw_data = 'foo' assert not f(r) assert fn(r) r.raw_data = 'sexy' assert f(r) assert not fn(r) # Test response bodies r = Request() rsp = Response() rsp.status_line = 'HTTP/1.1 200 OK' rsp.headers['sexy'] = 'sexy' r.status_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.response = rsp assert not f(r) assert fn(r) rsp.raw_data = 'sexy' assert f(r) assert not fn(r)
def test_filter_by_raw_headers_request(): f1 = context.gen_filter_by_raw_headers(['ct', 'Sexy:']) fn1 = context.gen_filter_by_raw_headers(['nct', 'Sexy:']) f2 = context.gen_filter_by_raw_headers(['ct', 'sexy\r\nHeader']) fn2 = context.gen_filter_by_raw_headers(['nct', 'sexy\r\nHeader']) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) r.headers['OtherHeader'] = 'sexy' r.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def async_mangle_response(self, request): # This function gets called to mangle/edit respones passed through the proxy retrsp = request.response # Write original response to the temp file with tempfile.NamedTemporaryFile(delete=False) as tf: tfName = tf.name tf.write(request.response.full_response) # Have the console edit the file yield edit_file(tfName, front=True) # Create new mangled response from edited file with open(tfName, 'r') as f: text = f.read() os.remove(tfName) # Check if dropped if text == '': pappyproxy.proxy.log('Response dropped!') defer.returnValue(None) mangled_rsp = Response(text, update_content_length=True) if mangled_rsp.full_response != request.response.full_response: mangled_rsp.unmangled = request.response retrsp = mangled_rsp defer.returnValue(retrsp)
def test_proxy_server_macro_multiple(mocker): proxy = TestProxyConnection() new_req_contents1 = 'GET / HTTP/1.1\r\nMangled: Very yes\r\n\r\n' new_rsp_contents1 = 'HTTP/1.1 200 OKILIE DOKILIE\r\nMangled: Very yes\r\n\r\n' new_req1 = Request(new_req_contents1) new_rsp1 = Response(new_rsp_contents1) new_req_contents2 = 'GET / HTTP/1.1\r\nMangled: Very very yes\r\n\r\n' new_rsp_contents2 = 'HTTP/1.1 200 OKILIE DOKILIE\r\nMangled: Very very yes\r\n\r\n' new_req2 = Request(new_req_contents2) new_rsp2 = Response(new_rsp_contents2) test_macro1 = InterceptMacroTest(new_req=new_req1, new_rsp=new_rsp1) test_macro2 = InterceptMacroTest(new_req=new_req2, new_rsp=new_rsp2) macros = collections.OrderedDict() macros['macro1'] = test_macro1 macros['macro2'] = test_macro2 proxy.setUp(mocker, int_macros=macros) proxy.write_as_browser('GET /serious.php HTTP/1.1\r\n\r\n') assert proxy.read_as_server() == new_req_contents2 proxy.write_as_server('HTTP/1.1 404 NOT FOUND\r\n\r\n') assert proxy.read_as_browser() == new_rsp_contents2
def req_w_rsp(req): r = Response() r.start_line = "HTTP/1.1 200 OK" r.headers["Test-Header"] = "ABC123" r.body = "AAAA" req.response = r return req
def test_filter_by_response_code(http_request): f = context.gen_filter_by_response_code(context.cmp_eq, 200) fn = context.gen_filter_by_response_code(context.cmp_eq, 200, negate=True) r = Response() http_request.response = r r.status_line = 'HTTP/1.1 404 Not Found' assert not f(http_request) assert fn(http_request) r.status_line = 'HTTP/1.1 200 OK' assert f(http_request) assert not fn(http_request)
def test_filter_by_response_code(http_request): f = context.gen_filter_by_response_code(['eq', '200']) fn = context.gen_filter_by_response_code(['neq', '200']) r = Response() http_request.response = r r.start_line = 'HTTP/1.1 404 Not Found' assert not f(http_request) assert fn(http_request) r.start_line = 'HTTP/1.1 200 OK' assert f(http_request) assert not fn(http_request)
def test_session_mixed(req, rsp): s = Session( cookie_names=['session', 'state'], cookie_vals={ 'session': ResponseCookie('session=foo; secure; httponly; path=/') }, header_vals={'auth': 'bar'}, ) s.apply_req(req) s.apply_rsp(rsp) assert req.cookies['session'] == 'foo' assert rsp.cookies['session'].key == 'session' assert rsp.cookies['session'].val == 'foo' assert rsp.cookies['session'].secure assert rsp.cookies['session'].http_only assert rsp.cookies['session'].path == '/' assert 'auth' not in rsp.headers r = Response() r.start_line = 'HTTP/1.1 200 OK' r.set_cookie(ResponseCookie('state=bazzers')) r.set_cookie(ResponseCookie('session=buzzers')) s.get_rsp(r) assert s.cookie_vals['session'].val == 'buzzers' assert s.cookie_vals['state'].val == 'bazzers'
def http_request(): req = Request('GET / HTTP/1.1\r\n\r\n') req.host = 'www.foo.faketld' req.port = '1337' req.is_ssl = True req.reqid = 123 rsp = Response('HTTP/1.1 200 OK\r\n\r\n') req.response = rsp return req
def test_filter_by_raw_headers_response(): f1 = context.gen_filter_by_raw_headers(['ct', 'Sexy:']) fn1 = context.gen_filter_by_raw_headers(['nct', 'Sexy:']) f2 = context.gen_filter_by_raw_headers(['ct', 'sexy\r\nHeader']) fn2 = context.gen_filter_by_raw_headers(['nct', 'sexy\r\nHeader']) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) rsp.headers['OtherHeader'] = 'sexy' rsp.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def test_filter_by_raw_headers_response(): f1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:') fn1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:', negate=True) f2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader') fn2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader', negate=True) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) rsp.headers['OtherHeader'] = 'sexy' rsp.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def test_proxy_server_macro_360_noscope(mocker): proxy = TestProxyConnection() new_req_contents = 'GET / HTTP/1.1\r\nMangled: Very yes\r\n\r\n' new_rsp_contents = 'HTTP/1.1 200 OKILIE DOKILIE\r\nMangled: Very yes\r\n\r\n' new_req = Request(new_req_contents) new_rsp = Response(new_rsp_contents) test_macro = InterceptMacroTest(new_req=new_req, new_rsp=new_rsp) proxy.setUp(mocker, int_macros={'test_macro': test_macro}, in_scope=False) proxy.write_as_browser('GET /serious.php HTTP/1.1\r\n\r\n') assert proxy.read_as_server() == 'GET /serious.php HTTP/1.1\r\n\r\n' proxy.write_as_server('HTTP/1.1 404 NOT FOUND\r\n\r\n') assert proxy.read_as_browser() == 'HTTP/1.1 404 NOT FOUND\r\n\r\n'
def test_gen_filter_by_set_cookies(): f1 = context.gen_filter_by_set_cookies(context.cmp_contains, 'Session') f2 = context.gen_filter_by_set_cookies(context.cmp_contains, 'Cookie', context.cmp_contains, 'CookieVal') r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' '\r\n')) r.response = rsp assert not f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' '\r\n')) r.response = rsp assert f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' 'Set-Cookie: CookieThing=NoMatch\r\n' '\r\n')) r.response = rsp assert f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' 'Set-Cookie: CookieThing=CookieValue\r\n' '\r\n')) r.response = rsp assert f1(r) assert f2(r)
def test_submit_request(mocker, http_request): rsp = Response('HTTP/1.1 200 OK\r\n\r\n') mocker.patch.object(pappyproxy.http.Request, 'submit_request', new=mock_submitter(rsp)) mocker.patch('pappyproxy.http.Request.async_deep_save' ).return_value = mock_deferred() comm_data = {"action": "submit"} comm_data['host'] = http_request.host comm_data['port'] = http_request.port comm_data['is_ssl'] = http_request.is_ssl comm_data['full_message'] = base64.b64encode(http_request.full_message) comm_data['tags'] = ['footag'] v = perform_comm(json.dumps(comm_data)) expected_data = {} expected_data[u'request'] = json.loads(http_request.to_json()) expected_data[u'response'] = json.loads(http_request.response.to_json()) expected_data[u'success'] = True expected_data[u'request'][u'tags'] = [u'footag'] assert json.loads(v) == expected_data
def test_session_mixed(req, rsp): s = Session( cookie_names=['session', 'state'], cookie_vals={'session':ResponseCookie('session=foo; secure; httponly; path=/')}, header_vals={'auth':'bar'}, ) s.apply_req(req) s.apply_rsp(rsp) assert req.cookies['session'] == 'foo' assert rsp.cookies['session'].key == 'session' assert rsp.cookies['session'].val == 'foo' assert rsp.cookies['session'].secure assert rsp.cookies['session'].http_only assert rsp.cookies['session'].path == '/' assert 'auth' not in rsp.headers r = Response() r.start_line = 'HTTP/1.1 200 OK' r.set_cookie(ResponseCookie('state=bazzers')) r.set_cookie(ResponseCookie('session=buzzers')) s.get_rsp(r) assert s.cookie_vals['session'].val == 'buzzers' assert s.cookie_vals['state'].val == 'bazzers'
def mangle_response(self, response): return Response(string.replace(response.full_message, 'cloud', 'butt'))
def rsp(): r = Response() r.start_line = 'HTTP/1.1 200 OK' return r
def test_gen_filter_by_all_response(http_request): f = context.gen_filter_by_all(['ct', 'hello']) fn = context.gen_filter_by_all(['nct', 'hello']) # Nowhere r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r assert not f(http_request) assert fn(http_request) # Response text r = Response('HTTP/1.1 200 hello\r\n') http_request.response = r assert f(http_request) assert not fn(http_request) # Data r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.body = 'hello' assert f(http_request) assert not fn(http_request) # Header key r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.headers['hello'] = 'goodbye' assert f(http_request) assert not fn(http_request) # Header value r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.headers['goodbye'] = 'hello' assert f(http_request) assert not fn(http_request) # Nowhere in headers r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.headers['goodbye'] = 'for real' assert not f(http_request) assert fn(http_request) # Cookie key r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.add_cookie(ResponseCookie('hello=goodbye')) assert f(http_request) assert not fn(http_request) # Cookie value r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.add_cookie(ResponseCookie('goodbye=hello')) assert f(http_request) assert not fn(http_request) # Nowhere in cookie r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.add_cookie(ResponseCookie('goodbye=for real')) assert not f(http_request) assert fn(http_request)
def test_gen_filter_by_all_response(http_request): f = context.gen_filter_by_all(context.cmp_contains, 'hello') fn = context.gen_filter_by_all(context.cmp_contains, 'hello', negate=True) # Nowhere r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r assert not f(http_request) assert fn(http_request) # Response text r = Response('HTTP/1.1 200 hello\r\n') http_request.response = r assert f(http_request) assert not fn(http_request) # Data r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.raw_data = 'hello' assert f(http_request) assert not fn(http_request) # Header key r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.headers['hello'] = 'goodbye' assert f(http_request) assert not fn(http_request) # Header value r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.headers['goodbye'] = 'hello' assert f(http_request) assert not fn(http_request) # Nowhere in headers r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.headers['goodbye'] = 'for real' assert not f(http_request) assert fn(http_request) # Cookie key r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.add_cookie(ResponseCookie('hello=goodbye')) r.update_from_objects() assert f(http_request) assert not fn(http_request) # Cookie value r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.add_cookie(ResponseCookie('goodbye=hello')) r.update_from_objects() assert f(http_request) assert not fn(http_request) # Nowhere in cookie r = Response('HTTP/1.1 200 OK\r\n') http_request.response = r r.add_cookie(ResponseCookie('goodbye=for real')) r.update_from_objects() assert not f(http_request) assert fn(http_request)