def define(response_1, response_2, param, value, wordlist): """ defines a rule list for detecting anomalies by comparing two HTTP response returns dict """ factors = { 'same_code': False, # if http status code is same, contains that code 'same_body': False, # if http body is same, contains that body 'same_plaintext': False, # if http body isn't same but is same after removing html, contains that non-html text 'lines_num': False, # if number of lines in http body is same, contains that number 'lines_diff': False, # if http-body or plaintext aren't and there are more than two lines, contain which lines are same 'same_headers': False, # if the headers are same, contains those headers 'same_redirect': False, # if both requests redirect in similar manner, contains that redirection 'param_missing': False, # if param name is missing from the body, contains words that are already there 'value_missing': False # contains whether param value is missing from the body } if type(response_1) == type(response_2) == requests.models.Response: body_1, body_2 = response_1.text, response_2.text if response_1.status_code == response_2.status_code: factors['same_code'] = response_1.status_code if response_1.headers.keys() == response_2.headers.keys(): factors['same_headers'] = list(response_1.headers.keys()) factors['same_headers'].sort() if mem.var['disable_redirects']: if response_1.headers.get('Location', '') == response_2.headers.get( 'Location', ''): factors['same_redirect'] = urlparse( response_1.headers.get('Location', '')).path elif urlparse(response_1.url).path == urlparse(response_2.url).path: factors['same_redirect'] = urlparse(response_1.url).path else: factors['same_redirect'] = '' if response_1.text == response_2.text: factors['same_body'] = response_1.text elif response_1.text.count('\n') == response_2.text.count('\n'): factors['lines_num'] = response_1.text.count('\n') elif remove_tags(body_1) == remove_tags(body_2): factors['same_plaintext'] = remove_tags(body_1) elif body_1 and body_2 and body_1.count('\\n') == body_2.count('\\n'): factors['lines_diff'] = diff_map(body_1, body_2) if param not in response_2.text: factors['param_missing'] = [ word for word in wordlist if word in response_2.text ] if value not in response_2.text: factors['value_missing'] = True return factors
def compare(response, factors, params): """ detects anomalies by comparing a HTTP response against a rule list returns string, list (anamoly, list of parameters that caused it) """ if factors['same_code'] and response.status_code != factors['same_code']: return ('http code', params) if factors['same_headers'] and list( response.headers.keys()) != factors['same_headers']: return ('http headers', params) if factors['same_redirect'] and response.url != factors['same_redirect']: return ('redirection', params) if factors['same_body'] and response.text != factors['same_body']: return ('body length', params) if factors['same_plaintext'] and remove_tags( response.text) != factors['same_plaintext']: return ('text length', params) if factors['lines_diff']: for line in factors['lines_diff']: if line not in response.text: return ('lines', params) if type(factors['param_missing']) == list: for param in params.keys(): if param in response.text and param not in factors[ 'param_missing'] and re.search(r'[\'"\s]%s[\'"\s]' % param, response.text): return ('param name reflection', params) if factors['value_missing']: for value in params.values(): if value in response.text and re.search( r'[\'"\s]%s[\'"\s]' % value, response.text): return ('param value reflection', params) return ('', [])
def define(response_1, response_2, param, value, wordlist): """ defines a rule list for detecting anomalies by comparing two HTTP response returns dict """ factors = { 'same_code': False, # if http status code is same, contains that code 'same_body': False, # if http body is same, contains that body 'same_plaintext': False, # if http body isn't same but is same after removing html, contains that non-html text 'lines_diff': False, # if http-body or plaintext aren't and there are more than two lines, contain which lines are same 'common_string': False, # if there is just one line, contains the longest common string 'same_headers': False, # if the headers are same, contains those headers 'same_redirect': False, # if both requests redirect in similar manner, contains that redirection 'param_missing': False, # if param name is missing from the body, contains words that are already there 'value_missing': False # contains whether param value is missing from the body } if response_1 and response_2: body_1, body_2 = response_1.text, response_2.text if response_1.status_code == response_2.status_code: factors['same_code'] = response_1.status_code if response_1.headers.keys() == response_2.headers.keys(): factors['same_headers'] = list(response_1.headers.keys()) if response_1.url == response_2.url: factors['same_redirect'] = response_1.url if response_1.text == response_2.text: factors['same_body'] = response_1.text elif remove_tags(body_1) == remove_tags(body_2): factors['same_plaintext'] = remove_tags(body_1) elif body_1 and body_2: if body_1.count('\\n') == 1: factors['common_string'] = lcs(body_1, body_2) elif body_1.count('\\n') == body_2.count('\\n'): factors['lines_diff'] = diff_map(body_1, body_2) if param not in response_2.text: factors['param_missing'] = [ word for word in wordlist if word in response_2.text ] if value not in response_2.text: factors['value_missing'] = True return factors
def compare(response, factors, params): """ detects anomalies by comparing a HTTP response against a rule list returns string, list (anomaly, list of parameters that caused it) """ these_headers = list(response.headers.keys()) these_headers.sort() if factors['same_code'] and response.status_code != factors['same_code']: return ('http code', params) if factors['same_headers'] and these_headers != factors['same_headers']: return ('http headers', params) if mem.var['disable_redirects']: if factors['same_redirect'] and urlparse( response.headers.get('Location', '')).path != factors['same_redirect']: return ('redirection', params) elif factors['same_redirect'] and 'Location' in response.headers: if urlparse(response.headers.get['Location'] ).path != factors['same_redirect']: return ('redirection', params) if factors['same_body'] and response.text != factors['same_body']: return ('body length', params) if factors['lines_num'] and response.text.count( '\n') != factors['lines_num']: return ('number of lines', params) if factors['same_plaintext'] and remove_tags( response.text) != factors['same_plaintext']: return ('text length', params) if factors['lines_diff']: for line in factors['lines_diff']: if line not in response.text: return ('lines', params) if type(factors['param_missing']) == list: for param in params.keys(): if len(param) < 5: continue if param not in factors['param_missing'] and re.search( r'[\'"\s]%s[\'"\s]' % param, response.text): return ('param name reflection', params) if factors['value_missing']: for value in params.values(): if value in response.text and re.search( r'[\'"\s]%s[\'"\s]' % value, response.text): return ('param value reflection', params) return ('', [])