def equal_with_limit(self, body1, body2, compare_diff=False): """ Determines if two pages are equal using a ratio. """ if compare_diff: body1, body2 = diff(body1, body2) cmp_res = relative_distance_boolean(body1, body2, self._eq_limit) self.debug('Result: %s' % cmp_res) return cmp_res
def _is_resp_equal(self, res1, res2): """ @see: unittest for this method in test_csrf.py """ if res1.get_code() != res2.get_code(): return False if not relative_distance_boolean(res1.body, res2.body, self._equal_limit): return False return True
def _is_resp_equal(self, res1, res2): """ @see: unittest for this method in test_csrf.py """ if res1.get_code() != res2.get_code(): return False if not relative_distance_boolean(res1.body, res2.body, self._equal_limit): return False return True
def test_all(self): acceptance_tests = [] acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a', 'a', 0.1)) acceptance_tests.append(('a', 'a', 0.0)) acceptance_tests.append(('a', 'b', 1.0)) acceptance_tests.append(('a', 'b', 0.1)) acceptance_tests.append(('a', 'b', 0.0)) acceptance_tests.append(('a', 'ab', 1.0)) acceptance_tests.append(('a', 'ab', 0.1)) acceptance_tests.append(('a', 'b', 0.0000000000000000001)) acceptance_tests.append(('a', 'b' * 100, 1.0)) acceptance_tests.append(('a', 'ab', 0.66666666666)) acceptance_tests.append(('a', 'aab', 0.5)) acceptance_tests.append(('a', 'aaab', 0.4)) acceptance_tests.append( ('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333)) acceptance_tests.append(('a' * 25, 'a', 1.0)) acceptance_tests.append(('aaa', 'aa', 1.0)) acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927)) acceptance_tests.append(('aaa', 'aa', 0.8)) acceptance_tests.append(('a', 'a', 0.0)) for e, d, f in acceptance_tests: res1 = relative_distance_boolean(e, d, f) res2 = relative_distance(e, d) >= f msg = 'relative_distance_boolean and relative_distance returned'\ ' different results for the same parameters:\n'\ ' - %s\n'\ ' - %s\n'\ ' - Threshold: %s\n'\ self.assertEqual(res1, res2, msg % (e, d, f))
def test_all(self): acceptance_tests = [] acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a', 'a', 0.1)) acceptance_tests.append(('a', 'a', 0.0)) acceptance_tests.append(('a', 'b', 1.0)) acceptance_tests.append(('a', 'b', 0.1)) acceptance_tests.append(('a', 'b', 0.0)) acceptance_tests.append(('a', 'ab', 1.0)) acceptance_tests.append(('a', 'ab', 0.1)) acceptance_tests.append(('a', 'b', 0.0000000000000000001)) acceptance_tests.append(('a', 'b' * 100, 1.0)) acceptance_tests.append(('a', 'ab', 0.66666666666)) acceptance_tests.append(('a', 'aab', 0.5)) acceptance_tests.append(('a', 'aaab', 0.4)) acceptance_tests.append(('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333)) acceptance_tests.append(('a' * 25, 'a', 1.0)) acceptance_tests.append(('aaa', 'aa', 1.0)) acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927)) acceptance_tests.append(('aaa', 'aa', 0.8)) acceptance_tests.append(('a', 'a', 0.0)) for e, d, f in acceptance_tests: res1 = relative_distance_boolean(e, d, f) res2 = relative_distance(e, d) >= f msg = 'relative_distance_boolean and relative_distance returned'\ ' different results for the same parameters:\n'\ ' - %s\n'\ ' - %s\n'\ ' - Threshold: %s\n'\ self.assertEqual(res1, res2, msg % (e, d, f))
def audit(self, freq, orig_response): """ Check if the protocol specified in freq is https and fetch the same URL using http. ie: - input: https://w3af.org/ - check: http://w3af.org/ :param freq: A FuzzableRequest """ if not self._run: return else: # Define some variables initial_uri = freq.get_uri() insecure_uri = initial_uri.copy() secure_uri = initial_uri.copy() insecure_uri.set_protocol('http') insecure_fr = freq.copy() insecure_fr.set_url(insecure_uri) secure_uri.set_protocol('https') secure_fr = freq.copy() secure_fr.set_url(secure_uri) # Make sure that we ignore errors during this test send_mutant = self._uri_opener.send_mutant kwargs = {'grep': False, 'ignore_errors': True} try: insecure_response = send_mutant(insecure_fr, **kwargs) secure_response = send_mutant(secure_fr, **kwargs) except (BaseFrameworkException, ScanMustStopException): # No vulnerability to report since one of these threw an error # (because there is nothing listening on that port). It makes # no sense to keep running since we already got an error self._run = False else: if insecure_response is None or secure_response is None: # No vulnerability to report since one of these threw an # error (because there is nothing listening on that port). # It makes no sense to keep running since we already got an # error self._run = False return if self._redirects_to_secure(insecure_response, secure_response): return if insecure_response.get_code() == secure_response.get_code()\ and relative_distance_boolean(insecure_response.get_body(), secure_response.get_body(), 0.95): desc = 'Secure content can be accessed using the insecure'\ ' protocol HTTP. The vulnerable URLs are:'\ ' "%s" - "%s" .' desc = desc % (secure_uri, insecure_uri) response_ids = [insecure_response.id, secure_response.id] v = Vuln.from_fr('Secure content over insecure channel', desc, severity.MEDIUM, response_ids, self.get_name(), freq) self.kb_append(self, 'un_ssl', v) om.out.vulnerability(v.get_desc(), severity=v.get_severity()) # In most cases, when one resource is available, all are # so we just stop searching for this vulnerability self._run = False
def audit(self, freq, orig_response): """ Check if the protocol specified in freq is https and fetch the same URL using http. ie: - input: https://w3af.org/ - check: http://w3af.org/ :param freq: A FuzzableRequest """ if not self._run: return else: # Define some variables initial_uri = freq.get_uri() insecure_uri = initial_uri.copy() secure_uri = initial_uri.copy() insecure_uri.set_protocol('http') insecure_fr = freq.copy() insecure_fr.set_url(insecure_uri) secure_uri.set_protocol('https') secure_fr = freq.copy() secure_fr.set_url(secure_uri) # Make sure that we ignore errors during this test send_mutant = self._uri_opener.send_mutant kwargs = {'grep': False, 'ignore_errors': True} try: insecure_response = send_mutant(insecure_fr, **kwargs) secure_response = send_mutant(secure_fr, **kwargs) except (BaseFrameworkException, ScanMustStopException): # No vulnerability to report since one of these threw an error # (because there is nothing listening on that port). It makes # no sense to keep running since we already got an error self._run = False else: if insecure_response is None or secure_response is None: # No vulnerability to report since one of these threw an # error (because there is nothing listening on that port). # It makes no sense to keep running since we already got an # error self._run = False return if self._redirects_to_secure(insecure_response, secure_response): return if insecure_response.get_code() == secure_response.get_code()\ and relative_distance_boolean(insecure_response.get_body(), secure_response.get_body(), 0.95): desc = 'Secure content can be accessed using the insecure'\ ' protocol HTTP. The vulnerable URLs are:'\ ' "%s" - "%s" .' desc = desc % (secure_uri, insecure_uri) response_ids = [insecure_response.id, secure_response.id] v = Vuln.from_fr('Secure content over insecure channel', desc, severity.MEDIUM, response_ids, self.get_name(), freq) self.kb_append(self, 'un_ssl', v) om.out.vulnerability(v.get_desc(), severity=v.get_severity()) # In most cases, when one resource is available, all are # so we just stop searching for this vulnerability self._run = False