def setup(self): first_path = self.prefix + (self.calibration if self.calibration else RandomUtils.rand_string()) + self.suffix first_response = self.requester.request(first_path) self.invalid_status = first_response.status if self.invalid_status == 404: # Using the response status code is enough :-} return second_path = self.prefix + (self.calibration if self.calibration else RandomUtils.rand_string( omit=first_path)) + self.suffix second_response = self.requester.request(second_path) # Look for redirects if first_response.redirect and second_response.redirect: self.redirect_reg_exp = self.generate_redirect_reg_exp( first_response.redirect, first_path, second_response.redirect, second_path, ) # Analyze response bodies if first_response.body is not None and second_response.body is not None: self.dynamic_parser = DynamicContentParser(self.requester, first_path, first_response.body, second_response.body) else: self.dynamic_parser = None self.ratio = float("{0:.2f}".format( self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals # The wildcard response is static if self.ratio == 1: pass # Adjusting ratio based on response length elif len(first_response) < 100: self.ratio -= 0.1 elif len(first_response) < 500: self.ratio -= 0.05 elif len(first_response) < 2000: self.ratio -= 0.02 else: self.ratio -= 0.01 # If the path is reflected in response, decrease the ratio. Because # the difference between path lengths can reduce the similarity ratio if first_path in first_response.body.decode( ) and len(first_response) < 100000: self.ratio -= 0.1
def setup(self): first_path = self.prefix + ( self.calibration if self.calibration else RandomUtils.rand_string() ) + self.suffix first_response = self.requester.request(first_path) self.invalid_status = first_response.status if self.invalid_status == 404: # Using the response status code is enough :-} return second_path = self.prefix + ( self.calibration if self.calibration else RandomUtils.rand_string(omit=first_path) ) + self.suffix second_response = self.requester.request(second_path) # Look for redirects if first_response.redirect and second_response.redirect: self.redirect_reg_exp = self.generate_redirect_reg_exp( first_response.redirect, first_path, second_response.redirect, second_path, ) # Analyze response bodies if first_response.body is not None and second_response.body is not None: self.dynamic_parser = DynamicContentParser( self.requester, first_path, first_response.body, second_response.body ) else: self.dynamic_parser = None base_ratio = float( "{0:.2f}".format(self.dynamic_parser.comparisonRatio) ) # Rounding to 2 decimals # If response length is small, adjust ratio if len(first_response) < 500: base_ratio -= 0.15 elif len(first_response) < 2000: base_ratio -= 0.1 if base_ratio < self.ratio: self.ratio = base_ratio
def generate_redirect_reg_exp(self, first_loc, first_path, second_loc, second_path): # Use a unique sign to locate where the path gets reflected in the redirect self.sign = RandomUtils.rand_string(n=20) first_loc = first_loc.replace(first_path, self.sign) second_loc = second_loc.replace(second_path, self.sign) reg_exp_start = "^" reg_exp_end = "$" for f, s in zip(first_loc, second_loc): if f == s: reg_exp_start += re.escape(f) else: reg_exp_start += ".*" break if reg_exp_start.endswith(".*"): for f, s in zip(first_loc[::-1], second_loc[::-1]): if f == s: reg_exp_end = re.escape(f) + reg_exp_end else: break return unquote(reg_exp_start + reg_exp_end)