def test_repeated_tmb(self): cf.save('fuzzRepeatedParameters', 'tmb') cfg = self._run_configs['cfg2'] self._scan(self.repeated_url + 'qs_repeat_all.php?a=1&a=2&a=3', cfg['plugins']) xssvulns = self.kb.getData('xss', 'xss') for xss in xssvulns: print xss # # FIXME # Very strange but because of # fake_mutants = createMutants(freq, ['',]) in xss plugin # we have here 6 vulns # self.assertEquals( len(xssvulns), 3 ) expected = [ ('qs_repeat_all.php', 'a', ('a',)), ] res = [(str(m.getURL()), m.getVar(), tuple(sorted(m.getDc().keys()))) for m in (xv.getMutant() for xv in xssvulns)] self.assertEquals( set([(self.repeated_url + e[0], e[1], tuple(sorted(e[2]))) for e in expected]), set(res), ) # Restore the default cf.save('fuzzRepeatedParameters', 'tmb')
def test_repeated_b(self): cf.save('fuzzRepeatedParameters', 'b') cfg = self._run_configs['cfg2'] self._scan(self.repeated_url + 'qs_repeat.php?a=1&a=2&a=3', cfg['plugins']) xssvulns = self.kb.getData('xss', 'xss') self.assertEquals( len(xssvulns), 0 ) # Restore the default cf.save('fuzzRepeatedParameters', 'tmb')
def test_repeated_t(self): cf.save('fuzzRepeatedParameters', 't') cfg = self._run_configs['cfg2'] self._scan(self.repeated_url + 'qs_repeat.php?a=1&a=2&a=3', cfg['plugins']) xssvulns = self.kb.getData('xss', 'xss') self.assertEquals( len(xssvulns), 1 ) expected = [ ('qs_repeat.php', 'a', ('a',)), ] res = [(str(m.getURL()), m.getVar(), tuple(sorted(m.getDc().keys()))) for m in (xv.getMutant() for xv in xssvulns)] self.assertEquals( set([(self.repeated_url + e[0], e[1], tuple(sorted(e[2]))) for e in expected]), set(res), ) # Restore the default cf.save('fuzzRepeatedParameters', 'tmb')
def test_fuzz_headers_no_headers(self): cf_singleton.save('fuzzable_headers', ['Referer']) # This one changed cf_singleton.save('fuzz_cookies', False) cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/?id=1') # No headers in the original request #headers = Headers([('Referer', 'http://moth/foo/bar/')]) freq = HTTPQSRequest(url) generated_mutants = create_mutants(freq, self.payloads) expected_urls = ['http://moth/?id=abc', 'http://moth/?id=def', 'http://moth/?id=1', 'http://moth/?id=1', ] generated_urls = [m.get_uri().url_string for m in generated_mutants] self.assertEqual(generated_urls, expected_urls) expected_headers = [Headers(), Headers(), Headers([('Referer', 'abc')]), Headers([('Referer', 'def')]), ] generated_headers = [m.get_headers() for m in generated_mutants] self.assertEqual(expected_headers, generated_headers) self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, HeadersMutant) for m in generated_mutants))
def test_simple(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', False) cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/?id=1') freq = HTTPQSRequest(url) generated_mutants = create_mutants(freq, self.payloads) expected_urls = ['http://moth/?id=abc', 'http://moth/?id=def'] generated_urls = [m.get_uri().url_string for m in generated_mutants] self.assertEqual(generated_urls, expected_urls) self.assertTrue( all(isinstance(m, QSMutant) for m in generated_mutants))
def test_urlparts_filename_path_qs(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', False) cf_singleton.save('fuzz_url_filenames', True) # This one changed cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', True) # This one changed url = URL('http://moth/foo/bar.htm?id=1') freq = HTTPQSRequest(url) generated_mutants = create_mutants(freq, self.payloads) generated_uris = [m.get_uri().url_string for m in generated_mutants] expected_uris = [ 'http://moth/foo/bar.htm?id=abc', 'http://moth/foo/bar.htm?id=def', 'http://moth/foo/abc.htm', 'http://moth/foo/def.htm', 'http://moth/foo/bar.abc', 'http://moth/foo/bar.def', 'http://moth/abc/bar.htm', 'http://moth/def/bar.htm', 'http://moth/foo/abc', 'http://moth/foo/def', ] self.assertEqual(generated_uris, expected_uris)
def test_urlparts_no_path(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', False) cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', True) # This one changed url = URL('http://moth/') freq = HTTPQSRequest(url) generated_mutants = create_mutants(freq, self.payloads) self.assertEqual(generated_mutants, [])
def test_form_file_post_no_files(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', False) cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', True) # This one changed cf_singleton.save('fuzz_url_parts', False) form = Form() form.add_input([("name", "username"), ("value", "")]) form.add_input([("name", "address"), ("value", "")]) freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'), dc=form, method='PUT') generated_mutants = create_mutants(freq, self.payloads) self.assertTrue(all('http://www.w3af.com/?id=3' == m.get_uri().url_string for m in generated_mutants)) self.assertTrue(all(isinstance(m, PostDataMutant) for m in generated_mutants), generated_mutants) self.assertTrue( all(m.get_method() == 'PUT' for m in generated_mutants)) expected_dc_lst = [Form( [('username', ['abc']), ('address', ['Bonsai Street 123'])]), Form([('username', [ 'def']), ('address', ['Bonsai Street 123'])]), Form([('username', [ 'John8212']), ('address', ['abc'])]), Form([('username', ['John8212']), ('address', ['def'])])] created_dc_lst = [i.get_dc() for i in generated_mutants] self.assertEqual(created_dc_lst, expected_dc_lst)
def test_filename_fname_qs(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', False) cf_singleton.save('fuzz_url_filenames', True) # This one changed cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/foo.htm?id=1') freq = HTTPQSRequest(url) generated_mutants = create_mutants(freq, self.payloads) expected_urls = [u'http://moth/foo.htm?id=abc', u'http://moth/foo.htm?id=def', u'http://moth/abc.htm', u'http://moth/def.htm', u'http://moth/foo.abc', u'http://moth/foo.def', ] generated_urls = [m.get_uri().url_string for m in generated_mutants] self.assertEqual(generated_urls, expected_urls) self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, FileNameMutant) for m in generated_mutants))
def test_qs_and_cookie(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', True) # This one changed cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/?id=1') # And now there is a cookie cookie = Cookie('foo=bar') freq = HTTPQSRequest(url, cookie=cookie) generated_mutants = create_mutants(freq, self.payloads) expected_urls = [u'http://moth/?id=abc', u'http://moth/?id=def', u'http://moth/?id=1', u'http://moth/?id=1'] generated_urls = [m.get_uri().url_string for m in generated_mutants] self.assertEqual(generated_urls, expected_urls) expected_cookies = ['foo=bar;', 'foo=bar;', 'foo=abc;', 'foo=def;'] generated_cookies = [str(m.get_cookie()) for m in generated_mutants] self.assertEqual(expected_cookies, generated_cookies) self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, CookieMutant) for m in generated_mutants))
def test_qs_and_no_cookie(self): cf_singleton.save('fuzzable_headers', []) cf_singleton.save('fuzz_cookies', True) # This one changed cf_singleton.save('fuzz_url_filenames', False) cf_singleton.save('fuzzed_files_extension', 'gif') cf_singleton.save('fuzz_form_files', False) cf_singleton.save('fuzz_url_parts', False) url = URL('http://moth/?id=1') # But there is no cookie freq = HTTPQSRequest(url) generated_mutants = create_mutants(freq, self.payloads) expected_urls = ['http://moth/?id=abc', 'http://moth/?id=def'] generated_urls = [m.get_uri().url_string for m in generated_mutants] self.assertEqual(generated_urls, expected_urls)