def test_found_at(self): headers = Headers([('Referer', 'http://moth/')]) freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), headers=headers) m = HeadersMutant(freq) m.get_dc().set_token(('Referer', )) m.set_token_value('foo') expected = '"http://www.w3af.com/", using HTTP method GET. The'\ ' modified header was: "Referer" and it\'s value was: "foo".' self.assertEqual(m.found_at(), expected)
def test_found_at(self): headers = Headers([('Referer', 'http://moth/')]) freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), headers=headers) m = HeadersMutant(freq) m.get_dc().set_token(('Referer',)) m.set_token_value('foo') expected = '"http://www.w3af.com/", using HTTP method GET. The'\ ' modified header was: "Referer" and it\'s value was: "foo".' self.assertEqual(m.found_at(), expected)
def test_basic(self): referer_1 = 'http://w3af.org/' referer_2 = 'http://spam.w3af.org/' freq = FuzzableRequest(URL('http://www.w3af.com/'), headers=Headers([('Referer', referer_1)])) self.assertEqual(freq.get_referer(), referer_1) m = HeadersMutant(freq) m.get_dc().set_token(('Referer', )) m.set_token_value(referer_2) self.assertEqual(m.get_token_value(), referer_2)
def test_basic(self): referer_1 = 'http://w3af.org/' referer_2 = 'http://spam.w3af.org/' freq = FuzzableRequest(URL('http://www.w3af.com/'), headers=Headers([('Referer', referer_1)])) self.assertEqual(freq.get_referer(), referer_1) m = HeadersMutant(freq) m.get_dc().set_token(('Referer',)) m.set_token_value(referer_2) self.assertEqual(m.get_token_value(), referer_2)
def _is_origin_checked(self, freq, orig_response): """ :return: True if the remote web application verifies the Referer before processing the HTTP request. """ fake_ref = 'http://www.w3af.org/' mutant = HeadersMutant(copy.deepcopy(freq)) headers = mutant.get_dc() headers['Referer'] = fake_ref mutant.set_token(('Referer',)) mutant_response = self._uri_opener.send_mutant(mutant) if not self._is_resp_equal(orig_response, mutant_response): return True return False