def mangle_response(self, response):
"""
This method mangles the response.
:param response: This is the response to mangle.
:return: A mangled version of the response.
"""
body = response.get_body()
for regex, string in self._manglers['s']['b']:
body = regex.sub(string, body)
response.set_body(body)
header_string = str(response.get_headers())
for regex, string in self._manglers['s']['h']:
header_string = regex.sub(string, header_string)
try:
mangled_header = Headers.from_string(header_string)
except ValueError:
error = 'Your header modifications created an invalid header'\
' string that could NOT be parsed back to a Header object.'
om.out.error(error)
else:
response.set_headers(mangled_header)
if self._user_option_fix_content_len:
response = self._fix_content_len(response)
return response
def mangle_response(self, response):
"""
This method mangles the response.
:param response: This is the response to mangle.
:return: A mangled version of the response.
"""
body = response.get_body()
for regex, string in self._manglers['s']['b']:
body = regex.sub(string, body)
response.set_body(body)
header_string = str(response.get_headers())
for regex, string in self._manglers['s']['h']:
header_string = regex.sub(string, header_string)
try:
mangled_header = Headers.from_string(header_string)
except ValueError:
error = 'Your header modifications created an invalid header'\
' string that could NOT be parsed back to a Header object.'
om.out.error(error)
else:
response.set_headers(mangled_header)
if self._user_option_fix_content_len:
response = self._fix_content_len(response)
return response
def validate(self, value):
if isinstance(value, Headers):
return value
try:
return Headers.from_string(value)
except Exception:
msg = 'Invalid HTTP header configured by user.'
raise BaseFrameworkException(msg)
class import_sqlite(CrawlPlugin):
"""
Import requests (method,uri,headers,data) stored in sqlite database.
:author: @s0i37
"""
def __init__(self):
CrawlPlugin.__init__(self)
self._input_sqlite = ''
@runonce(exc_class=RunOnce)
def crawl(self, fuzzable_request):
"""
Read the input file, and create the fuzzable_request_list based on that
information.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
In this case it is simply ignored and data
is read from the input files.
"""
self._load_data_from_sqlite()
def _load_data_from_sqlite(self):
"""
Load data from the csv file
"""
if not self._input_sqlite:
return
try:
db = sqlite3.connect(self._input_sqlite)
except BaseFrameworkException, e:
msg = 'An error was found while trying to read "%s": "%s".'
om.out.error(msg % (self._input_csv, e))
return
sql = db.cursor()
for method, uri, headers, data in sql.execute(
"select method,uri,headers,data from requests"):
try:
self.debug("+ %s %s" % (method, uri))
headers = Headers.from_string(str(headers))
self.output_queue.put(
FuzzableRequest.from_parts(uri,
method=method,
post_data=str(data),
headers=headers))
except Exception as e:
import traceback
traceback.print_exc()
msg = 'import_sqlite: %s'
self.debug(msg % str(e))
db.close()
def mangle_request(self, request):
"""
This method mangles the request.
:param request: This is the request to mangle.
:return: A mangled version of the request.
"""
data = request.get_data()
for regex, string in self._manglers['q']['b']:
data = regex.sub(string, data)
header_string = str(request.get_headers())
for regex, string in self._manglers['q']['h']:
header_string = regex.sub(string, header_string)
headers_inst = Headers.from_string(header_string)
request.set_headers(headers_inst)
request.add_data(data)
return request
def mangle_request(self, request):
"""
This method mangles the request.
:param request: This is the request to mangle.
:return: A mangled version of the request.
"""
data = request.get_data()
for regex, string in self._manglers['q']['b']:
data = regex.sub(string, data)
header_string = str(request.get_headers())
for regex, string in self._manglers['q']['h']:
header_string = regex.sub(string, header_string)
headers_inst = Headers.from_string(header_string)
request.set_headers(headers_inst)
request.add_data(data)
return request
def mangle_request(self, request):
"""
This method mangles the request.
:param request: This is the request to mangle.
:return: A mangled version of the request.
"""
data = request.get_data()
for regex, string in self._manglers['q']['b']:
data = regex.sub(string, data)
header_string = str(request.get_headers())
for regex, string in self._manglers['q']['h']:
header_string = regex.sub(string, header_string)
headers_inst = Headers.from_string(header_string)
return FuzzableRequest.from_parts(request.get_uri(),
method=request.get_method(),
post_data=data, headers=headers_inst)
def mangle_request(self, request):
"""
This method mangles the request.
:param request: This is the request to mangle.
:return: A mangled version of the request.
"""
data = request.get_data()
for regex, string in self._manglers['q']['b']:
data = regex.sub(string, data)
header_string = str(request.get_headers())
for regex, string in self._manglers['q']['h']:
header_string = regex.sub(string, header_string)
headers_inst = Headers.from_string(header_string)
return FuzzableRequest.from_parts(request.get_uri(),
method=request.get_method(),
post_data=data,
headers=headers_inst)
def test_to_str_from_string(self):
headers_from_obj = Headers([('a', 'b')])
headers_from_str = Headers.from_string(str(headers_from_obj))
self.assertEqual(headers_from_str, headers_from_obj)
def test_from_string(self):
headers_from_str = Headers.from_string('a: b\r\n')
headers_from_obj = Headers([('a', 'b')])
self.assertEqual(headers_from_str, headers_from_obj)
def test_to_str_from_string(self):
headers_from_obj = Headers([('a', 'b')])
headers_from_str = Headers.from_string(str(headers_from_obj))
self.assertEqual(headers_from_str, headers_from_obj)
def test_from_string(self):
headers_from_str = Headers.from_string('a: b\r\n')
headers_from_obj = Headers([('a', 'b')])
self.assertEqual(headers_from_str, headers_from_obj)
return
except ValueError, value_error:
msg = 'The file format is incorrect, an error was found while'\
' parsing: "%s". Exception: "%s".'
om.out.error(msg % (csv_row, value_error))
else:
# Create the obj based on the information
uri = URL(uri)
if not uri.is_valid_domain():
return
# If there is postdata, force parsing using urlencoded form
if headers:
if headers.find('\r\n') == -1:
headers = headers.replace('\n','\r\n')
headers = Headers.from_string( str(headers) )
else:
if postdata:
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
return FuzzableRequest.from_parts(uri, method=method,
post_data=postdata,
headers=headers)
def _objs_from_burp_log(self, burp_file):
"""
Read a burp log (XML) and extract the information.
"""
xp = BurpParser()
parser = etree.XMLParser(target=xp, huge_tree=True)
def validate(self, value):
try:
return Headers.from_string(value)
except Exception:
msg = 'Invalid HTTP header configured by user.'
raise BaseFrameworkException(msg)
