コード例 #1
0
ファイル: test_xss.py プロジェクト: 1d3df9903ad/w3af
    def test_repeated_tmb(self):
        cf.save('fuzzRepeatedParameters', 'tmb')
        cfg = self._run_configs['cfg2']
        self._scan(self.repeated_url + 'qs_repeat_all.php?a=1&a=2&a=3', cfg['plugins'])

        xssvulns = self.kb.getData('xss', 'xss')
        for xss in xssvulns:
            print xss
        #  
        # FIXME
        # Very strange but because of
        # fake_mutants = createMutants(freq, ['',]) in xss plugin
        # we have here 6 vulns
        #
        self.assertEquals( len(xssvulns), 3 )
        expected = [
            ('qs_repeat_all.php', 'a', ('a',)),
        ]
        res = [(str(m.getURL()), m.getVar(), tuple(sorted(m.getDc().keys())))
                        for m in (xv.getMutant() for xv in xssvulns)]

        self.assertEquals(
            set([(self.repeated_url + e[0], e[1], tuple(sorted(e[2]))) for e in expected]),
            set(res),
        )

        # Restore the default
        cf.save('fuzzRepeatedParameters', 'tmb')
コード例 #2
0
ファイル: test_xss.py プロジェクト: 1d3df9903ad/w3af
    def test_repeated_b(self):
        cf.save('fuzzRepeatedParameters', 'b')
        cfg = self._run_configs['cfg2']
        self._scan(self.repeated_url + 'qs_repeat.php?a=1&a=2&a=3', cfg['plugins'])

        xssvulns = self.kb.getData('xss', 'xss')
        self.assertEquals( len(xssvulns), 0 )

        # Restore the default
        cf.save('fuzzRepeatedParameters', 'tmb')
コード例 #3
0
ファイル: test_xss.py プロジェクト: 1d3df9903ad/w3af
    def test_repeated_t(self):
        cf.save('fuzzRepeatedParameters', 't')
        cfg = self._run_configs['cfg2']
        self._scan(self.repeated_url + 'qs_repeat.php?a=1&a=2&a=3', cfg['plugins'])

        xssvulns = self.kb.getData('xss', 'xss')
        self.assertEquals( len(xssvulns), 1 )
        expected = [
            ('qs_repeat.php', 'a', ('a',)),
        ]
        res = [(str(m.getURL()), m.getVar(), tuple(sorted(m.getDc().keys())))
                        for m in (xv.getMutant() for xv in xssvulns)]
        self.assertEquals(
            set([(self.repeated_url + e[0], e[1], tuple(sorted(e[2]))) for e in expected]),
            set(res),
        )

        # Restore the default
        cf.save('fuzzRepeatedParameters', 'tmb')
コード例 #4
0
    def test_fuzz_headers_no_headers(self):
        cf_singleton.save('fuzzable_headers', ['Referer'])  # This one changed
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # No headers in the original request
        #headers = Headers([('Referer', 'http://moth/foo/bar/')])
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def',
                         'http://moth/?id=1',
                         'http://moth/?id=1', ]
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        expected_headers = [Headers(),
                            Headers(),
                            Headers([('Referer', 'abc')]),
                            Headers([('Referer', 'def')]), ]

        generated_headers = [m.get_headers() for m in generated_mutants]

        self.assertEqual(expected_headers, generated_headers)

        self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, HeadersMutant)
                            for m in generated_mutants))
コード例 #5
0
    def test_simple(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def']
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)
        self.assertTrue(
            all(isinstance(m, QSMutant) for m in generated_mutants))
コード例 #6
0
    def test_urlparts_filename_path_qs(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', True)  # This one changed
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', True)  # This one changed

        url = URL('http://moth/foo/bar.htm?id=1')
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        generated_uris = [m.get_uri().url_string for m in generated_mutants]
        expected_uris = [
            'http://moth/foo/bar.htm?id=abc',
            'http://moth/foo/bar.htm?id=def',
            'http://moth/foo/abc.htm',
            'http://moth/foo/def.htm',
            'http://moth/foo/bar.abc',
            'http://moth/foo/bar.def',
            'http://moth/abc/bar.htm',
            'http://moth/def/bar.htm',
            'http://moth/foo/abc',
            'http://moth/foo/def',
        ]
        self.assertEqual(generated_uris, expected_uris)
コード例 #7
0
    def test_urlparts_no_path(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', True)  # This one changed

        url = URL('http://moth/')
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        self.assertEqual(generated_mutants, [])
コード例 #8
0
    def test_form_file_post_no_files(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', True)  # This one changed
        cf_singleton.save('fuzz_url_parts', False)

        form = Form()
        form.add_input([("name", "username"), ("value", "")])
        form.add_input([("name", "address"), ("value", "")])

        freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'), dc=form,
                                   method='PUT')

        generated_mutants = create_mutants(freq, self.payloads)

        self.assertTrue(all('http://www.w3af.com/?id=3' == m.get_uri().url_string
                            for m in generated_mutants))

        self.assertTrue(all(isinstance(m, PostDataMutant)
                            for m in generated_mutants), generated_mutants)

        self.assertTrue(
            all(m.get_method() == 'PUT' for m in generated_mutants))

        expected_dc_lst = [Form(
            [('username', ['abc']), ('address', ['Bonsai Street 123'])]),
            Form([('username', [
                   'def']), ('address', ['Bonsai Street 123'])]),
            Form([('username', [
                   'John8212']), ('address', ['abc'])]),
            Form([('username', ['John8212']), ('address', ['def'])])]

        created_dc_lst = [i.get_dc() for i in generated_mutants]

        self.assertEqual(created_dc_lst, expected_dc_lst)
コード例 #9
0
    def test_filename_fname_qs(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', False)
        cf_singleton.save('fuzz_url_filenames', True)  # This one changed
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/foo.htm?id=1')
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [u'http://moth/foo.htm?id=abc',
                         u'http://moth/foo.htm?id=def',
                         u'http://moth/abc.htm',
                         u'http://moth/def.htm',
                         u'http://moth/foo.abc',
                         u'http://moth/foo.def',
                         ]

        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, FileNameMutant)
                            for m in generated_mutants))
コード例 #10
0
    def test_qs_and_cookie(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # And now there is a cookie
        cookie = Cookie('foo=bar')
        freq = HTTPQSRequest(url, cookie=cookie)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = [u'http://moth/?id=abc',
                         u'http://moth/?id=def',
                         u'http://moth/?id=1',
                         u'http://moth/?id=1']

        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)

        expected_cookies = ['foo=bar;',
                            'foo=bar;',
                            'foo=abc;',
                            'foo=def;']

        generated_cookies = [str(m.get_cookie()) for m in generated_mutants]

        self.assertEqual(expected_cookies, generated_cookies)

        self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, CookieMutant)
                            for m in generated_mutants))
コード例 #11
0
    def test_qs_and_no_cookie(self):
        cf_singleton.save('fuzzable_headers', [])
        cf_singleton.save('fuzz_cookies', True)  # This one changed
        cf_singleton.save('fuzz_url_filenames', False)
        cf_singleton.save('fuzzed_files_extension', 'gif')
        cf_singleton.save('fuzz_form_files', False)
        cf_singleton.save('fuzz_url_parts', False)

        url = URL('http://moth/?id=1')
        # But there is no cookie
        freq = HTTPQSRequest(url)
        generated_mutants = create_mutants(freq, self.payloads)

        expected_urls = ['http://moth/?id=abc',
                         'http://moth/?id=def']
        generated_urls = [m.get_uri().url_string for m in generated_mutants]

        self.assertEqual(generated_urls, expected_urls)