def setUp(self):
self.kb.cleanup()
self.w3afcore = w3afCore()
self.misc_settings = MiscSettings()
self.request_callback_call_count = 0
self.request_callback_match = 0
if self.MOCK_RESPONSES:
httpretty.reset()
httpretty.enable()
try:
url = URL(self.target_url)
except ValueError, ve:
msg = ('When using MOCK_RESPONSES you need to set the'
' target_url attribute to a valid URL, exception was:'
' "%s".')
raise Exception(msg % ve)
domain = url.get_domain()
proto = url.get_protocol()
port = url.get_port()
self._register_httpretty_uri(proto, domain, port)
def __init__(self, torNodes):
BasePlugin.__init__(self, torNodes, 'w3afPlugin')
self.info("[*] w3afPlugin Initialized!")
self.w3afCorePlugin = w3afCore()
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.plugins.zero_enabled_plugins()
self.miscSettings = MiscSettings()
def get_misc_settings(self):
"""
Get the misc settings options.
:return: The misc settings in an OptionList
"""
from w3af.core.controllers.misc_settings import MiscSettings
misc_settings = MiscSettings()
return self._get_x_settings('misc-settings', misc_settings)
def save_current_to_profile(self,
profile_name,
prof_desc='',
prof_path='',
self_contained=False):
"""
Save the current configuration of the core to the profile called
profile_name.
:return: The new profile instance if the profile was successfully saved.
Otherwise raise a BaseFrameworkException.
"""
# Open the already existing profile
new_profile = profile(profile_name, workdir=os.path.dirname(prof_path))
# shortcut
w3af_plugins = self._w3af_core.plugins
# Save the enabled plugins
for plugin_type in w3af_plugins.get_plugin_types():
enabled_plugins = []
for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
enabled_plugins.append(plugin_name)
new_profile.set_enabled_plugins(plugin_type, enabled_plugins)
# Save the plugin options
for plugin_type in w3af_plugins.get_plugin_types():
for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
plugin_options = w3af_plugins.get_plugin_options(
plugin_type, plugin_name)
if plugin_options:
new_profile.set_plugin_options(
plugin_type,
plugin_name,
plugin_options,
self_contained=self_contained)
# Save the profile targets
targets = cf.cf.get('targets')
if targets:
new_profile.set_target(' , '.join(t.url_string for t in targets))
# Save the misc and http settings
misc_settings = MiscSettings()
new_profile.set_misc_settings(misc_settings.get_options())
new_profile.set_http_settings(
self._w3af_core.uri_opener.settings.get_options())
# Save the profile name and description
new_profile.set_desc(prof_desc)
new_profile.set_name(profile_name)
# Save the profile to the file
new_profile.save(profile_name)
return new_profile
def test_basic(self):
opt_lst = MiscSettings().get_options()
for opt in opt_lst:
self.assertIn(opt.get_type(), OPTION_TYPES)
self.assertTrue(opt.get_name())
self.assertEqual(opt, opt)
# Just verify that this doesn't crash and that the types
# are correct
self.assertIsInstance(opt.get_name(), basestring)
self.assertIsInstance(opt.get_desc(), basestring)
self.assertIsInstance(opt.get_type(), basestring)
self.assertIsInstance(opt.get_help(), basestring)
self.assertIsInstance(opt.get_value_str(), basestring)
def __init__(self, name, console, core, parent=None):
menu.__init__(self, name, console, core, parent)
self._load_help('root')
# At first, there is no scan thread
self._scan_thread = None
mapDict(self.addChild, {
'plugins': pluginsMenu,
'target': (ConfigMenu, self._w3af.target),
'misc-settings': (ConfigMenu, MiscSettings()),
'http-settings': (ConfigMenu, self._w3af.uri_opener.settings),
'profiles': ProfilesMenu,
'bug-report': bug_report_menu,
'exploit': exploit,
'kb': kbMenu
})
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
:raise BaseFrameworkException: if the profile to load has some type of
problem, or the plugins are incorrectly
configured.
"""
error_messages = []
# Clear all the current configuration before loading a new profile
self._w3af_core.plugins.zero_enabled_plugins()
MiscSettings().set_default_values()
self._w3af_core.uri_opener.settings.set_default_values()
if profile_name is None:
# If the profile name is None, I just clear the enabled plugins and
# return
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
if 'local_ip_address' in profile_inst.get_misc_settings():
local_ip = get_local_ip()
profile_misc_settings['local_ip_address'].set_value(local_ip)
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
try:
http_settings = profile_inst.get_http_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework http-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
self._w3af_core.uri_opener.settings.set_options(http_settings)
#
# Handle plugin options
#
error_fmt = (
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise BaseFrameworkException: if the profile to load has some type of problem.
"""
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if 'local_ip_address' in profile_inst.get_misc_settings():
profile_misc_settings['local_ip_address'].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(
profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = ('The profile you are trying to load (%s) seems to be'
' outdated, this is a common issue which happens when the'
' framework is updated and one of its plugins adds/removes'
' one of the configuration parameters referenced by a profile'
', or the plugin is removed all together.\n\n'
'The profile was loaded but some of your settings might'
' have been lost. This is the list of issues that were found:\n\n'
' - %s\n'
'\nWe recommend you review the specific plugin configurations,'
' apply the required changes and save the profile in order'
' to update it and avoid this message. If this warning does not'
' disappear you can manually edit the profile file to fix it.')
error_messages = []
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names,
plugin_type,
raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is'\
' unknown to the w3af framework.'
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is unknown.'
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(
plugin_type,
plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type,
plugin_name,
plugin_options)
except BaseFrameworkException, w3e:
msg = 'Setting the options for plugin "%s.%s" raised an' \
' exception due to unknown or invalid configuration' \
' parameters.'
msg += ' ' + str(w3e)
error_messages.append(msg % (plugin_type, plugin_name))
def setUp(self):
MiscSettings().set_default_values()
create_temp_dir()
self.vdb = VariantDB()
