def test_basic(self):
freq = FuzzableRequest(URL('http://www.w3af.com/'))
fake_ref = 'http://w3af.org/'
mutant = HeadersMutant(freq.copy())
mutant.set_var('Referer')
original_referer = freq.get_referer()
mutant.set_original_value(original_referer)
mutant.set_mod_value(fake_ref)
self.assertEqual(mutant.get_headers()['Referer'], fake_ref)
self.assertEqual(mutant.get_original_value(), original_referer)
def test_basic(self):
freq = FuzzableRequest(URL('http://www.w3af.com/'))
fake_ref = 'http://w3af.org/'
mutant = HeadersMutant(freq.copy())
mutant.set_var('Referer')
original_referer = freq.get_referer()
mutant.set_original_value(original_referer)
mutant.set_mod_value(fake_ref)
self.assertEqual(mutant.get_headers()['Referer'], fake_ref)
self.assertEqual(mutant.get_original_value(), original_referer)
def _is_origin_checked(self, freq, orig_response):
"""
:return: True if the remote web application verifies the Referer before
processing the HTTP request.
"""
fake_ref = 'http://www.w3af.org/'
mutant = HeadersMutant(freq.copy())
mutant.set_var('Referer')
mutant.set_original_value(freq.get_referer())
mutant.set_mod_value(fake_ref)
mutant_response = self._uri_opener.send_mutant(mutant)
if not self._is_resp_equal(orig_response, mutant_response):
return True
return False
def _is_origin_checked(self, freq, orig_response):
"""
:return: True if the remote web application verifies the Referer before
processing the HTTP request.
"""
fake_ref = 'http://www.w3af.org/'
mutant = HeadersMutant(freq.copy())
mutant.set_var('Referer')
mutant.set_original_value(freq.get_referer())
mutant.set_mod_value(fake_ref)
mutant_response = self._uri_opener.send_mutant(mutant)
if not self._is_resp_equal(orig_response, mutant_response):
return True
return False
