def test_do_ssl_req_through_proxy(self):
resp_body = self.proxy_opener.open(get_moth_https()).read()
# Basic check
self.assertTrue(len(resp_body) > 0)
# Get response using the proxy
proxy_resp = self.proxy_opener.open(get_moth_https())
# Get it without any proxy
direct_resp = urllib2.urlopen(get_moth_https())
# Must be equal
self.assertEqual(direct_resp.read(), proxy_resp.read())
# Have to remove the Date header because in some cases they differ
# because one request was sent in second X and the other in X+1, which
# makes the test fail
direct_resp_headers = dict(direct_resp.info())
proxy_resp_headers = dict(proxy_resp.info())
del direct_resp_headers['date']
del proxy_resp_headers['date']
del direct_resp_headers['transfer-encoding']
del proxy_resp_headers['content-length']
del proxy_resp_headers['content-encoding']
self.assertEqual(direct_resp_headers, proxy_resp_headers)
def test_do_ssl_req_through_proxy(self):
resp_body = self.proxy_opener.open(get_moth_https()).read()
# Basic check
self.assertTrue(len(resp_body) > 0)
# Get response using the proxy
proxy_resp = self.proxy_opener.open(get_moth_https())
# Get it without any proxy
direct_resp = urllib2.urlopen(get_moth_https())
# Must be equal
self.assertEqual(direct_resp.read(), proxy_resp.read())
# Have to remove the Date header because in some cases they differ
# because one request was sent in second X and the other in X+1, which
# makes the test fail
direct_resp_headers = dict(direct_resp.info())
proxy_resp_headers = dict(proxy_resp.info())
del direct_resp_headers['date']
del proxy_resp_headers['date']
del direct_resp_headers['transfer-encoding']
del proxy_resp_headers['content-length']
del proxy_resp_headers['content-encoding']
self.assertEqual(direct_resp_headers, proxy_resp_headers)
def test_basic_ssl(self):
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertGreaterEqual(http_response.id, 1)
self.assertNotEqual(http_response.id, None)
def test_https_via_proxy(self):
self.assertEqual(self._proxy.total_handled_requests, 0)
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertEqual(self._proxy.total_handled_requests, 1)
def test_basic_ssl(self):
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertGreaterEqual(http_response.id, 1)
self.assertNotEqual(http_response.id, None)
def test_https_via_proxy(self):
self.assertEqual(self._proxy.total_handled_requests, 0)
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertEqual(self._proxy.total_handled_requests, 1)
def test_hmap_https(self):
cfg = self._run_configs['cfg']
self._scan(get_moth_https(), cfg['plugins'])
infos = self.kb.get('hmap', 'server')
self.assertEqual(len(infos), 1, infos)
info = infos[0]
self.assertIn('WSGIServer/0.1', info.get_desc(), info.get_desc())
def test_hmap_https(self):
cfg = self._run_configs['cfg']
self._scan(get_moth_https(), cfg['plugins'])
infos = self.kb.get('hmap', 'server')
self.assertEqual(len(infos), 1, infos)
info = infos[0]
self.assertIn('WSGIServer/0.1', info.get_desc(), info.get_desc())
def test_https_via_proxy(self):
TODO = 'Skip this test because of a strange bug with the extended'\
' url library and w3af\'s local proxy daemon. More info here:'\
' https://github.com/andresriancho/w3af/issues/183'
raise SkipTest(TODO)
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_spiderman_https(self):
port = get_unused_port()
run_config = {
"target": get_moth_https(),
"plugins": {"crawl": (PluginConfig("spider_man", ("listen_port", port, PluginConfig.INT)),)},
}
self.generic_spiderman_run(run_config, get_moth_https, port)
def test_https_via_proxy(self):
TODO = 'Skip this test because of a strange bug with the extended'\
' url library and w3af\'s local proxy daemon. More info here:'\
' https://github.com/andresriancho/w3af/issues/183'
raise SkipTest(TODO)
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_spiderman_https(self):
port = get_unused_port()
run_config = {
'target': get_moth_https(),
'plugins': {'crawl': (PluginConfig('spider_man',
('listen_port', port,
PluginConfig.INT),
),)}
}
self.generic_spiderman_run(run_config, get_moth_https, port)
def test_spiderman_https(self):
port = get_unused_port()
run_config = {
'target': get_moth_https(),
'plugins': {'crawl': (PluginConfig('spider_man',
('listen_port', port,
PluginConfig.INT),
),)}
}
self.generic_spiderman_run(run_config, get_moth_https, port)
class TestSQLMapWrapper(unittest.TestCase):
SQLI_GET = get_moth_http('/audit/sql_injection/'
'where_string_single_qs.py?uname=pablo')
SSL_SQLI_GET = get_moth_https('/audit/sql_injection/'
'where_string_single_qs.py?uname=pablo')
SQLI_POST = get_moth_http('/audit/sql_injection/where_integer_form.py')
DATA_POST = 'text=1'
def setUp(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
self.uri_opener = ExtendedUrllib()
self.sqlmap = SQLMapWrapper(target, self.uri_opener, debug=True)
def tearDown(self):
self.uri_opener.end()
self.sqlmap.cleanup()
@classmethod
def setUpClass(cls):
output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
@classmethod
def tearDownClass(cls):
# Doing this in both setupclass and teardownclass in order to be sure
# that a ctrl+c doesn't break it
output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
def test_verify_vulnerability(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_verify_vulnerability_ssl(self):
uri = URL(self.SSL_SQLI_GET)
target = Target(uri)
self.uri_opener = ExtendedUrllib()
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable, self.sqlmap.last_stdout)
def test_verify_vulnerability_false(self):
not_vuln = get_moth_http('/audit/sql_injection/'
'where_string_single_qs.py?fake=pablo')
uri = URL(not_vuln)
target = Target(uri)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertFalse(vulnerable)
def test_verify_vulnerability_POST(self):
target = Target(URL(self.SQLI_POST), self.DATA_POST)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable, self.sqlmap.last_stdout)
def test_wrapper_invalid_url(self):
self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET,
self.uri_opener)
def test_stds(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
prms = [
'--batch',
]
cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)
self.assertIsInstance(process.stdout, file)
self.assertIsInstance(process.stderr, file)
self.assertIsInstance(process.stdin, file)
self.assertIsInstance(cmd, basestring)
self.assertIn('sqlmap.py', cmd)
def test_target_basic(self):
target = Target(URL(self.SQLI_GET))
params = target.to_params()
self.assertEqual(params, ["--url=%s" % self.SQLI_GET])
def test_target_post_data(self):
target = Target(URL(self.SQLI_GET), self.DATA_POST)
params = target.to_params()
self.assertEqual(
params, ["--url=%s" % self.SQLI_GET,
"--data=%s" % self.DATA_POST])
def test_no_coloring(self):
params = self.sqlmap.get_wrapper_params()
self.assertIn('--disable-coloring', params)
def test_always_batch(self):
params = self.sqlmap.get_wrapper_params()
self.assertIn('--batch', params)
def test_use_proxy(self):
params = self.sqlmap.get_wrapper_params()
self.assertTrue(
any(i.startswith('--proxy=http://127.0.0.1:') for i in params))
def test_enable_coloring(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
params = sqlmap.get_wrapper_params()
self.assertNotIn('--disable-coloring', params)
def test_dbs(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.dbs()
output = process.stdout.read()
self.assertIn('on SQLite it is not possible to enumerate databases',
output)
def test_tables(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.tables()
output = process.stdout.read()
self.assertIn('auth_group_permissions', output)
self.assertIn('Database: SQLite_masterdb', output)
self.assertIn('django_content_type', output)
def test_users(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.users()
output = process.stdout.read()
self.assertIn('on SQLite it is not possible to enumerate the users',
output)
def test_dump(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.dump()
output = process.stdout.read()
self.assertIn('django_session', output)
self.assertIn('auth_user_user_permissions', output)
def test_sqlmap(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable, self.sqlmap.last_stdout)
cmd, process = self.sqlmap.direct('--tables')
output = process.stdout.read()
self.assertIn('django_session', output)
self.assertIn('auth_user_user_permissions', output)
self.assertNotIn('COLUMN_PRIVILEGES', output)
def test_https_via_proxy(self):
raise SkipTest(TODO_183)
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_https_via_proxy(self):
raise SkipTest(TODO_183)
url = URL(get_moth_https())
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
