def __init__(self, ip, port, urlOpener=ExtendedUrllib(),
proxy_cert='core/controllers/daemons/mitm.crt'):
'''
:param ip: IP address to bind
:param port: Port to bind
:param urlOpener: The urlOpener that will be used to open the requests
that arrive from the browser
:param proxyHandler: A class that will know how to handle requests
from the browser
:param proxy_cert: Proxy certificate to use, this is needed for
proxying SSL connections.
'''
Proxy.__init__(self, ip, port, urlOpener, w3afLocalProxyHandler,
proxy_cert)
self.daemon = True
self.name = 'LocalProxyThread'
# Internal vars
self._request_queue = Queue.Queue()
self._edited_requests = {}
self._edited_responses = {}
# User configured parameters
self._methods_to_trap = set()
self._what_to_trap = re.compile('.*')
self._what_not_to_trap = re.compile('.*\.(gif|jpg|png|css|js|ico|swf|axd|tif)$')
self._trap = False
self._fix_content_length = True
class TestExtendedUrllibProxy(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
# Start the proxy daemon
self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Configure the proxy
settings = OpenerSettings()
options = settings.get_options()
proxy_address_opt = options['proxy_address']
proxy_port_opt = options['proxy_port']
proxy_address_opt.set_value('127.0.0.1')
proxy_port_opt.set_value(port)
settings.set_options(options)
self.uri_opener.settings = settings
def tearDown(self):
self.uri_opener.end()
def test_http_default_port_via_proxy(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_http_port_specification_via_proxy(self):
url = URL('http://moth:80/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_https_via_proxy(self):
TODO = 'Skip this test because of a strange bug with the extended'\
' url library and w3af\'s local proxy daemon. More info here:'\
' https://github.com/andresriancho/w3af/issues/183'
raise SkipTest(TODO)
url = URL('https://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_offline_port_via_proxy(self):
url = URL('http://127.0.0.1:8181/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(http_response.get_code(), 400)
def test_POST_via_proxy(self):
url = URL('http://moth/w3af/core/echo/post.php')
http_response = self.uri_opener.POST(url, data='abc=123', cache=False)
self.assertIn('[abc] => 123', http_response.body)
class TestExtendedUrllibProxy(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
# Start the proxy daemon
self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Configure the proxy
settings = OpenerSettings()
options = settings.get_options()
proxy_address_opt = options['proxy_address']
proxy_port_opt = options['proxy_port']
proxy_address_opt.set_value('127.0.0.1')
proxy_port_opt.set_value(port)
settings.set_options(options)
self.uri_opener.settings = settings
def tearDown(self):
self.uri_opener.end()
def test_http_default_port_via_proxy(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_http_port_specification_via_proxy(self):
url = URL('http://moth:80/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_https_via_proxy(self):
TODO = 'Skip this test because of a strange bug with the extended'\
' url library and w3af\'s local proxy daemon. More info here:'\
' https://github.com/andresriancho/w3af/issues/183'
raise SkipTest(TODO)
url = URL('https://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_offline_port_via_proxy(self):
url = URL('http://127.0.0.1:8181/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(http_response.get_code(), 400)
def test_POST_via_proxy(self):
url = URL('http://moth/w3af/core/echo/post.php')
http_response = self.uri_opener.POST(url, data='abc=123', cache=False)
self.assertIn('[abc] => 123', http_response.body)
def crawl(self, freq):
# Create the proxy server
try:
self._proxy = Proxy(self._listen_address, self._listen_port,
self._uri_opener, self.create_p_h())
except w3afProxyException, proxy_exc:
om.out.error('%s' % proxy_exc)
def _start_proxy(self, uri_opener):
'''
Saves the proxy configuration to self.local_proxy_url in order for the
wrapper to use it in the calls to sqlmap.py and have the traffic go
through our proxy (which has the user configuration, logging, etc).
:return: None, an exception is raised if something fails.
'''
host = '127.0.0.1'
for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY + 25):
try:
self.proxy = Proxy(host, port, uri_opener)
except w3afProxyException, pe:
pass
else:
self.proxy.start()
self.local_proxy_url = 'http://%s:%s/' % (host, port)
return
class SQLMapWrapper(object):
SQLMAP_LOCATION = os.path.join('plugins', 'attack', 'db', 'sqlmap')
VULN_STR = 'sqlmap identified the following injection points'
NOT_VULN_STR = 'all tested parameters appear to be not injectable'
SQLMAP_ERRORS = ('connection timed out to the target',)
def __init__(self, target, uri_opener, coloring=False):
if not isinstance(target, Target):
fmt = 'Invalid type %s for target parameter in SQLMapWrapper ctor.'
raise TypeError(fmt % type(target))
self._start_proxy(uri_opener)
self.target = target
self.coloring = coloring
self.last_command = None
self.verified_vulnerable = False
def _start_proxy(self, uri_opener):
'''
Saves the proxy configuration to self.local_proxy_url in order for the
wrapper to use it in the calls to sqlmap.py and have the traffic go
through our proxy (which has the user configuration, logging, etc).
:return: None, an exception is raised if something fails.
'''
host = '127.0.0.1'
for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY+25):
try:
self.proxy = Proxy(host, port, uri_opener)
except w3afProxyException, pe:
pass
else:
self.proxy.start()
self.local_proxy_url = 'http://%s:%s/' % (host, port)
return
else:
def setUp(self):
self.uri_opener = ExtendedUrllib()
# Start the proxy daemon
self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Configure the proxy
settings = OpenerSettings()
options = settings.get_options()
proxy_address_opt = options['proxy_address']
proxy_port_opt = options['proxy_port']
proxy_address_opt.set_value('127.0.0.1')
proxy_port_opt.set_value(port)
settings.set_options(options)
self.uri_opener.settings = settings
class SQLMapWrapper(object):
SQLMAP_LOCATION = os.path.join('plugins', 'attack', 'db', 'sqlmap')
VULN_STR = 'sqlmap identified the following injection points'
NOT_VULN_STR = 'all tested parameters appear to be not injectable'
SQLMAP_ERRORS = ('connection timed out to the target', )
def __init__(self, target, uri_opener, coloring=False):
if not isinstance(target, Target):
fmt = 'Invalid type %s for target parameter in SQLMapWrapper ctor.'
raise TypeError(fmt % type(target))
self._start_proxy(uri_opener)
self.target = target
self.coloring = coloring
self.last_command = None
self.verified_vulnerable = False
def _start_proxy(self, uri_opener):
'''
Saves the proxy configuration to self.local_proxy_url in order for the
wrapper to use it in the calls to sqlmap.py and have the traffic go
through our proxy (which has the user configuration, logging, etc).
:return: None, an exception is raised if something fails.
'''
host = '127.0.0.1'
for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY + 25):
try:
self.proxy = Proxy(host, port, uri_opener)
except w3afProxyException, pe:
pass
else:
self.proxy.start()
self.local_proxy_url = 'http://%s:%s/' % (host, port)
return
else:
def setUp(self):
# Start the proxy server
create_temp_dir()
self._proxy = Proxy(self.IP, 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Build the proxy opener
proxy_handler = urllib2.ProxyHandler({"http": "http://%s:%s"
% (self.IP, port)})
self.proxy_opener = urllib2.build_opener(proxy_handler,
urllib2.HTTPHandler)
def _start_proxy(self, uri_opener):
'''
Saves the proxy configuration to self.local_proxy_url in order for the
wrapper to use it in the calls to sqlmap.py and have the traffic go
through our proxy (which has the user configuration, logging, etc).
:return: None, an exception is raised if something fails.
'''
host = '127.0.0.1'
for port in xrange(SQLMAP_PROXY, SQLMAP_PROXY+25):
try:
self.proxy = Proxy(host, port, uri_opener)
except w3afProxyException, pe:
pass
else:
self.proxy.start()
self.local_proxy_url = 'http://%s:%s/' % (host, port)
return
def setUp(self):
self.uri_opener = ExtendedUrllib()
# Start the proxy daemon
self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Configure the proxy
settings = OpenerSettings()
options = settings.get_options()
proxy_address_opt = options['proxy_address']
proxy_port_opt = options['proxy_port']
proxy_address_opt.set_value('127.0.0.1')
proxy_port_opt.set_value(port)
settings.set_options(options)
self.uri_opener.settings = settings
class TestProxy(unittest.TestCase):
IP = '127.0.0.1'
def setUp(self):
# Start the proxy server
create_temp_dir()
self._proxy = Proxy(self.IP, 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Build the proxy opener
proxy_handler = urllib2.ProxyHandler({"http": "http://%s:%s"
% (self.IP, port)})
self.proxy_opener = urllib2.build_opener(proxy_handler,
urllib2.HTTPHandler)
def test_do_req_through_proxy(self):
resp_body = self.proxy_opener.open('http://moth').read()
# Basic check
self.assertTrue(len(resp_body) > 0)
# Get response using the proxy
proxy_resp = self.proxy_opener.open('http://moth')
# Get it without any proxy
direct_resp = urllib2.urlopen('http://moth')
# Must be equal
self.assertEqual(direct_resp.read(), proxy_resp.read())
# Have to remove the Date header because in some cases they differ because
# one request was sent in second X and the other in X+1, which makes the
# test fail
direct_resp_headers = dict(direct_resp.info())
proxy_resp_headers = dict(proxy_resp.info())
del direct_resp_headers['date']
del proxy_resp_headers['date']
self.assertEqual(direct_resp_headers, proxy_resp_headers)
def test_do_SSL_req_through_proxy(self):
resp_body = self.proxy_opener.open('https://moth').read()
# Basic check
self.assertTrue(len(resp_body) > 0)
# Get response using the proxy
proxy_resp = self.proxy_opener.open('https://moth')
# Get it without any proxy
direct_resp = urllib2.urlopen('https://moth')
# Must be equal
self.assertEqual(direct_resp.read(), proxy_resp.read())
# Have to remove the Date header because in some cases they differ because
# one request was sent in second X and the other in X+1, which makes the
# test fail
direct_resp_headers = dict(direct_resp.info())
proxy_resp_headers = dict(proxy_resp.info())
del direct_resp_headers['date']
del proxy_resp_headers['date']
self.assertEqual(direct_resp_headers, proxy_resp_headers)
def test_proxy_req_ok(self):
'''Test if self._proxy.stop() works as expected. Note that the check
content is the same as the previous check, but it might be that this
check fails because of some error in start() or stop() which is run
during setUp and tearDown.'''
# Get response using the proxy
proxy_resp = self.proxy_opener.open('http://moth').read()
# Get it the other way
resp = urllib2.urlopen('http://moth').read()
# They must be very similar
self.assertEqual(resp, proxy_resp)
def test_stop_no_requests(self):
'''Test what happens if I stop the proxy without sending any requests
through it'''
# Note that the test is completed by self._proxy.stop() in tearDown
pass
def test_stop_stop(self):
'''Test what happens if I stop the proxy twice.'''
# Note that the test is completed by self._proxy.stop() in tearDown
self._proxy.stop()
def tearDown(self):
# Shutdown the proxy server
self._proxy.stop()
