Esempio n. 1
0
    def test_found_at(self):
        headers = Headers([('Referer', 'http://moth/')])
        freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'),
                               headers=headers)
        m = HeadersMutant(freq)
        m.set_var('Referer')
        m.set_mod_value('foo')

        expected = '"http://www.w3af.com/", using HTTP method GET. The modified'\
                   ' header was: "Referer" and it\'s value was: "foo".'
        self.assertEqual(m.found_at(), expected)
Esempio n. 2
0
    def test_found_at(self):
        headers = Headers([('Referer', 'http://moth/')])
        freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'),
                               headers=headers)
        m = HeadersMutant(freq)
        m.set_var('Referer')
        m.set_mod_value('foo')

        expected = '"http://www.w3af.com/", using HTTP method GET. The modified'\
                   ' header was: "Referer" and it\'s value was: "foo".'
        self.assertEqual(m.found_at(), expected)
Esempio n. 3
0
    def test_basic(self):
        freq = FuzzableRequest(URL('http://www.w3af.com/'))
        fake_ref = 'http://w3af.org/'

        mutant = HeadersMutant(freq.copy())
        mutant.set_var('Referer')
        original_referer = freq.get_referer()
        mutant.set_original_value(original_referer)
        mutant.set_mod_value(fake_ref)

        self.assertEqual(mutant.get_headers()['Referer'], fake_ref)
        self.assertEqual(mutant.get_original_value(), original_referer)
Esempio n. 4
0
    def test_basic(self):
        freq = FuzzableRequest(URL('http://www.w3af.com/'))
        fake_ref = 'http://w3af.org/'

        mutant = HeadersMutant(freq.copy())
        mutant.set_var('Referer')
        original_referer = freq.get_referer()
        mutant.set_original_value(original_referer)
        mutant.set_mod_value(fake_ref)

        self.assertEqual(mutant.get_headers()['Referer'], fake_ref)
        self.assertEqual(mutant.get_original_value(), original_referer)
Esempio n. 5
0
File: csrf.py Progetto: weisst/w3af
    def _is_origin_checked(self, freq, orig_response):
        '''
        :return: True if the remote web application verifies the Referer before
                 processing the HTTP request.
        '''
        fake_ref = 'http://www.w3af.org/'
        mutant = HeadersMutant(freq.copy())
        mutant.set_var('Referer')
        mutant.set_original_value(freq.get_referer())
        mutant.set_mod_value(fake_ref)
        mutant_response = self._uri_opener.send_mutant(mutant)

        if not self._is_resp_equal(orig_response, mutant_response):
            return True

        return False
Esempio n. 6
0
 def _is_origin_checked(self, freq, orig_response):
     '''
     :return: True if the remote web application verifies the Referer before
              processing the HTTP request.
     '''
     fake_ref = 'http://www.w3af.org/'
     mutant = HeadersMutant(freq.copy())
     mutant.set_var('Referer')
     mutant.set_original_value(freq.get_referer())
     mutant.set_mod_value(fake_ref)
     mutant_response = self._uri_opener.send_mutant(mutant)
     
     if not self._is_resp_equal(orig_response, mutant_response):
         return True
     
     return False