def __init__(self, w3af, parent, fg): super(PreviewWindow, self).__init__(w3af, "fuzzypreview", "Preview", "Fuzzy_Requests") self.pages = [] self.generator = fg.generate() self.set_modal(True) self.set_transient_for(parent) # content self.panes = RequestPart(self, w3af, editable=False, widgname="fuzzypreview") self.vbox.pack_start(self.panes) self.panes.show() # the ok button centerbox = gtk.HBox() quant = fg.calculate_quantity() self.pagesControl = entries.PagesControl(w3af, self.page_change, quant) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() self.vbox.pack_start(centerbox, False, False, padding=5) self.page_change(0) self.vbox.show() self.show()
def __init__(self, w3af, parent, fg): super(PreviewWindow, self).__init__(w3af, "fuzzypreview", "Preview", "Fuzzy_Requests") self.pages = [] self.generator = fg.generate() self.set_modal(True) self.set_transient_for(parent) # content self.panes = RequestPart(self, w3af, editable=False, widgname="fuzzypreview") self.vbox.pack_start(self.panes) self.panes.show() # the ok button centerbox = gtk.HBox() quant = fg.calculate_quantity() self.pagesControl = entries.PagesControl(w3af, self._pageChange, quant) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() self.vbox.pack_start(centerbox, False, False, padding=5) self._pageChange(0) self.vbox.show() self.show()
class PreviewWindow(entries.RememberingWindow): """A window with the analysis preview. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> """ def __init__(self, w3af, parent, fg): super(PreviewWindow, self).__init__(w3af, "fuzzypreview", "Preview", "Fuzzy_Requests") self.pages = [] self.generator = fg.generate() self.set_modal(True) self.set_transient_for(parent) # content self.panes = RequestPart(self, w3af, editable=False, widgname="fuzzypreview") self.vbox.pack_start(self.panes) self.panes.show() # the ok button centerbox = gtk.HBox() quant = fg.calculate_quantity() self.pagesControl = entries.PagesControl(w3af, self.page_change, quant) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() self.vbox.pack_start(centerbox, False, False, padding=5) self.page_change(0) self.vbox.show() self.show() def page_change(self, page): while len(self.pages) <= page: it = self.generator.next() self.pages.append(it) (txtup, txtdn) = self.pages[page] self.panes.show_raw(txtup, txtdn)
class PreviewWindow(entries.RememberingWindow): """A window with the analysis preview. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> """ def __init__(self, w3af, parent, fg): super(PreviewWindow, self).__init__(w3af, "fuzzypreview", "Preview", "Fuzzy_Requests") self.pages = [] self.generator = fg.generate() self.set_modal(True) self.set_transient_for(parent) # content self.panes = RequestPart(self, w3af, editable=False, widgname="fuzzypreview") self.vbox.pack_start(self.panes) self.panes.show() # the ok button centerbox = gtk.HBox() quant = fg.calculate_quantity() self.pagesControl = entries.PagesControl(w3af, self._pageChange, quant) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() self.vbox.pack_start(centerbox, False, False, padding=5) self._pageChange(0) self.vbox.show() self.show() def _pageChange(self, page): while len(self.pages) <= page: it = self.generator.next() self.pages.append(it) (txtup, txtdn) = self.pages[page] self.panes.show_raw(txtup, txtdn)
def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton( 'Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = RequestPart( self, w3af, [ analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial(self.sSB_state.change, 'rRV') ], editable=True, widgname='fuzzyrequest') if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZY_HELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = ReqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self.page_change) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file( os.path.join(ROOT_PATH, 'core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show()
class FuzzyRequests(entries.RememberingWindow): """Infrastructure to generate fuzzy HTTP requests. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> """ def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton( 'Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = RequestPart( self, w3af, [ analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial(self.sSB_state.change, 'rRV') ], editable=True, widgname='fuzzyrequest') if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZY_HELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = ReqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self.page_change) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file( os.path.join(ROOT_PATH, 'core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show() def _populate_popup(self, textview, menu): """Populates the menu with the fuzzing items.""" menu.append(gtk.SeparatorMenuItem()) main_generator_menu = gtk.MenuItem(_("Generators")) main_generator_menu.set_submenu(create_generator_menu(self)) menu.append(main_generator_menu) menu.show_all() def _clearResponses(self, widg): """Clears all the responses from the fuzzy window.""" self.responses = [] self.resultReqResp.request.clear_panes() self.resultReqResp.response.clear_panes() self.resultReqResp.set_sensitive(False) self.clusterButton.set_sensitive(False) self.clearButton.set_sensitive(False) self.pagesControl.deactivate() def _clusterData(self, widg): """Analyze if we can cluster the responses and do it.""" data = [] for resp in self.responses: if resp[0]: reqid = resp[1] historyItem = self.historyItem.read(reqid) data.append(historyItem.response) if data: distance_function_selector(self.w3af, data) else: # Let the user know ahout the problem msg = "There are no HTTP responses available to cluster." dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, msg) opt = dlg.run() dlg.destroy() def _analyze(self, widg): """Handles the Analyze part.""" (request, postbody) = self.originalReq.get_both_texts_raw() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return self.analyzefb.set_text("%d requests" % fg.calculate_quantity()) self.analyzefb.set_sensitive(True) # raise the window only if preview is active if self.preview.get_active(): PreviewWindow(self.w3af, self, fg) def _send_stop(self, widg=None): """Stop the requests being sent.""" self._sendStopped = True self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) self.sSB_state.change(self, False) self.throbber.running(False) def _send_pause(self, widg): """Pause the requests being sent.""" self._sendPaused = True self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_play) self.throbber.running(False) def _send_play(self, widg): """Continue sending the requests.""" self._sendPaused = False self.sendPlayBut.change_internals('', gtk.STOCK_MEDIA_PAUSE, 'Sends the pending requests') self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect('clicked', self._send_pause) self.throbber.running(True) def _send_start(self, widg): """Start sending the requests.""" (request, postbody) = self.originalReq.get_both_texts_raw() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return quant = fg.calculate_quantity() if quant > 20: msg = "Are you sure you want to send %d requests?" % quant dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_YES_NO, msg) opt = dlg.run() dlg.destroy() if opt != gtk.RESPONSE_YES: return # Get the fix content length value fixContentLength = self._fix_content_lengthCB.get_active() # initial state self.result_ok = 0 self.result_err = 0 self._sendPaused = False self._sendStopped = False requestGenerator = fg.generate() # change the buttons self.sendPlayBut.change_internals('', gtk.STOCK_MEDIA_PAUSE, 'Pauses the requests sending') self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect('clicked', self._send_pause) self.sSB_state.change(self, True) self.throbber.running(True) # let's send the requests! gobject.timeout_add(100, self._real_send, fixContentLength, requestGenerator) def _real_send(self, fixContentLength, requestGenerator): """This is the one that actually sends the requests, if corresponds. :param fixContentLength: if the length should be fixed by the core. :param requestGenerator: where to ask for the requests """ if self._sendStopped: return False if self._sendPaused: return True try: realreq, realbody = requestGenerator.next() except StopIteration: # finished with all the requests! self._send_stop() return False # Clear any errors that might have been generated by previous runs # of this or other GUI tools self.w3af.uri_opener.clear() try: http_resp = self.w3af.uri_opener.send_raw_request( realreq, realbody, fixContentLength) error_msg = None self.result_ok += 1 except HTTPRequestException, e: # One HTTP request failed error_msg = str(e) http_resp = None self.result_err += 1 except ScanMustStopException, e: # Many HTTP requests failed and the URL library wants to stop error_msg = str(e) self.result_err += 1 # Let the user know about the problem msg = "Stopped sending requests because of the following" \ " unexpected error:\n\n%s" helpers.FriendlyExceptionDlg(msg % error_msg) return False
def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton('Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = RequestPart(self, w3af, [analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial(self.sSB_state.change, "rRV")], editable=True, widgname="fuzzyrequest") if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZYHELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = ReqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self._pageChange) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file(os.path.join(ROOT_PATH, 'core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show()
class FuzzyRequests(entries.RememberingWindow): """Infrastructure to generate fuzzy HTTP requests. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> """ def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton('Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = RequestPart(self, w3af, [analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial(self.sSB_state.change, "rRV")], editable=True, widgname="fuzzyrequest") if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZYHELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = ReqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self._pageChange) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file(os.path.join(ROOT_PATH, 'core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show() def _populate_popup(self, textview, menu): """Populates the menu with the fuzzing items.""" menu.append(gtk.SeparatorMenuItem()) main_generator_menu = gtk.MenuItem(_("Generators")) main_generator_menu.set_submenu(create_generator_menu(self)) menu.append(main_generator_menu) menu.show_all() def _clearResponses(self, widg): """Clears all the responses from the fuzzy window.""" self.responses = [] self.resultReqResp.request.clear_panes() self.resultReqResp.response.clear_panes() self.resultReqResp.set_sensitive(False) self.clusterButton.set_sensitive(False) self.clearButton.set_sensitive(False) self.pagesControl.deactivate() def _clusterData(self, widg): """Analyze if we can cluster the responses and do it.""" data = [] for resp in self.responses: if resp[0]: reqid = resp[1] historyItem = self.historyItem.read(reqid) data.append(historyItem.response) if data: distance_function_selector(self.w3af, data) else: # Let the user know ahout the problem msg = "There are no HTTP responses available to cluster." dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, msg) opt = dlg.run() dlg.destroy() def _analyze(self, widg): """Handles the Analyze part.""" (request, postbody) = self.originalReq.get_both_texts_raw() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return self.analyzefb.set_text("%d requests" % fg.calculate_quantity()) self.analyzefb.set_sensitive(True) # raise the window only if preview is active if self.preview.get_active(): PreviewWindow(self.w3af, self, fg) def _send_stop(self, widg=None): """Stop the requests being sent.""" self._sendStopped = True self.sendPlayBut.change_internals( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) self.sSB_state.change(self, False) self.throbber.running(False) def _send_pause(self, widg): """Pause the requests being sent.""" self._sendPaused = True self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_play) self.throbber.running(False) def _send_play(self, widg): """Continue sending the requests.""" self._sendPaused = False self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PAUSE, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause) self.throbber.running(True) def _send_start(self, widg): """Start sending the requests.""" (request, postbody) = self.originalReq.get_both_texts_raw() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return quant = fg.calculate_quantity() if quant > 20: msg = "Are you sure you want to send %d requests?" % quant dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_YES_NO, msg) opt = dlg.run() dlg.destroy() if opt != gtk.RESPONSE_YES: return # Get the fix content length value fixContentLength = self._fix_content_lengthCB.get_active() # initial state self.result_ok = 0 self.result_err = 0 self._sendPaused = False self._sendStopped = False requestGenerator = fg.generate() # change the buttons self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PAUSE, "Pauses the requests sending") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause) self.sSB_state.change(self, True) self.throbber.running(True) # let's send the requests! gobject.timeout_add(100, self._real_send, fixContentLength, requestGenerator) def _real_send(self, fixContentLength, requestGenerator): """This is the one that actually sends the requests, if corresponds. :param fixContentLength: if the lenght should be fixed by the core. :param requestGenerator: where to ask for the requests """ if self._sendStopped: return False if self._sendPaused: return True try: realreq, realbody = requestGenerator.next() except StopIteration: # finished with all the requests! self._send_stop() return False try: http_resp = self.w3af.uri_opener.send_raw_request(realreq, realbody, fixContentLength) error_msg = None self.result_ok += 1 except HTTPRequestException, e: # One HTTP request failed error_msg = str(e) http_resp = None self.result_err += 1 except ScanMustStopException, e: # Many HTTP requests failed and the URL library wants to stop error_msg = str(e) self.result_err += 1 # Let the user know about the problem msg = "Stopped sending requests because of the following"\ " unexpected error:\n\n%s" helpers.FriendlyExceptionDlg(msg % error_msg) return False