def getObject(self): '''Return object (request or resoponse).''' head, body = self.get_text(splitted=True) if self.is_request: return httpRequestParser(head, body) else: raise Exception('HttpResponseParser is not implemented!:(')
def html_export(request_string): ''' @parameter request_string: The string of the request to export @return: A HTML that will perform the same HTTP request. ''' requestLines = request_string.split('\n\n') header = requestLines[0] body = '\n\n'.join(requestLines[1:]) httpRequest = httpRequestParser( header, body) res = '''<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Exported HTTP Request from W3AF</title> </head> <body>''' res += '<form action="' + httpRequest.getURI() +'" method="' + httpRequest.getMethod() + '">\n' if httpRequest.getData() and httpRequest.getData() != '\n': postData = httpRequest.getDc() for i in postData: res += '<label>' + i + '</label>\n' res += '<input type="text" name="' + i.strip() + '" value="' + postData[i][0] + '">\n' res += '<input type="submit">\n' res += '</form>\n' res += '''</body>\n</html>''' return res
def sendRawRequest( self, head, postdata, fixContentLength=True): ''' In some cases the xUrllib user wants to send a request that was typed in a textbox or is stored in a file. When something like that happens, this library allows the user to send the request by specifying two parameters for the sendRawRequest method: @parameter head: "<method> <URI> <HTTP version>\r\nHeader: Value\r\nHeader2: Value2..." @parameter postdata: The postdata, if any. If set to '' or None, no postdata is sent. @parameter fixContentLength: Indicates if the content length has to be fixed or not. @return: An httpResponse object. ''' # Parse the two strings fuzzReq = httpRequestParser(head, postdata) # Fix the content length if fixContentLength: headers = fuzzReq.getHeaders() fixed = False for h in headers: if h.lower() == 'content-length': headers[ h ] = str(len(postdata)) fixed = True if not fixed and postdata: headers[ 'content-length' ] = str(len(postdata)) fuzzReq.setHeaders(headers) # Send it function_reference = getattr( self , fuzzReq.getMethod() ) return function_reference( fuzzReq.getURI(), data=fuzzReq.getData(), headers=fuzzReq.getHeaders(), useCache=False, grepResult=False)
def getObject(self): '''Return object (request or resoponse).''' head = self.startLine; for header in self._headersStore: head += header[0] + ':' + header[1] + CRLF if self.is_request: return httpRequestParser(head, self._raw.get_text()) else: raise Exception('HttpResponseParser is not implemented')
def ruby_export( request_string ): ''' @parameter request_string: The string of the request to export @return: A net/http based ruby script that will perform the same HTTP request. ''' # get the header and the body splitted_request = request_string.split('\n\n') header = splitted_request[0] body = '\n\n'.join(splitted_request[1:]) http_request = httpRequestParser( header, body) # Now I do the real magic... res = 'require \'net/https\'\n\n' res += 'url = URI.parse("' + ruby_escape_string(http_request.getURI().url_string) + '")\n' if http_request.getData() != '\n' and http_request.getData() is not None: escaped_data = ruby_escape_string( str(http_request.getData()) ) res += 'data = "' + escaped_data + '"\n' else: res += 'data = nil\n' res += 'headers = { \n' headers = http_request.getHeaders() for header_name in headers: header_value = ruby_escape_string(headers[header_name]) header_name = ruby_escape_string(header_name) res += '\t"' + header_name + '" => "' + header_value + '",\n' res = res [:-2] res += '\n}\n' method = http_request.getMethod() res += 'res = Net::HTTP.start(url.host, url.port) do |http|\n' res += '\thttp.use_ssl = ' if http_request.getURL().getProtocol().lower() == 'https': res += 'true\n' else: res += 'false\n' res += '\thttp.send_request("' + method + '", url.path, data, headers)\n' res += 'end\n\n' res += 'puts res.body\n' return res
def python_export( request_string ): ''' @parameter request_string: The string of the request to export @return: A urllib2 based python script that will perform the same HTTP request. ''' # get the header and the body splitted_request = request_string.split('\n\n') header = splitted_request[0] body = '\n\n'.join(splitted_request[1:]) http_request = httpRequestParser( header, body) # Now I do the real magic... res = 'import urllib2\n\n' res += 'url = "' + python_escape_string(http_request.getURI()) + '"\n' if http_request.getData() != '\n' and http_request.getData() is not None: escaped_data = python_escape_string(str(http_request.getData()) ) res += 'data = "' + escaped_data + '"\n' else: res += 'data = None\n' res += 'headers = { \n' headers = http_request.getHeaders() for header_name in headers: header_value = python_escape_string(headers[header_name]) header_name = python_escape_string(header_name) res += '\t"' + header_name + '" : "' + header_value + '",\n' res = res [:-2] res += '\n}\n' res += ''' request = urllib2.Request(url, data, headers) response = urllib2.urlopen(request) response_body = response.read() ''' res += 'print response_body\n' return res
def _fixContentLength(self, head, postdata): ''' The user may have changed the postdata of the request, and not the content-length header; so we are going to fix that problem. ''' fuzzReq = httpRequestParser(head, postdata) headers = fuzzReq.getHeaders() for h in headers: if h.lower() == 'content-length': length = headers[ h ] try: length = int(length) except Exception, e: om.out.debug('Failed to fix the content length, the value of the header is: "'+ length +'".') else: if length == len(fuzzReq.getData()): # I don't have to fix anything pass else: # fixing length! headers[ h ] = str(len(fuzzReq.getData())) fuzzReq.setHeaders(headers)
def showRaw(self, head, body): self._obj = httpRequestParser(head, body) self.synchronize()
def ajax_export(request_string): """ @parameter request_string: The string of the request to export @return: A javascript that will perform the same HTTP request. """ # get the header and the body splitted_request = request_string.split("\n\n") header = splitted_request[0] body = "\n\n".join(splitted_request[1:]) http_request = httpRequestParser(header, body) # Now I do the real magic... # This is the header, to include the AJAX stuff: res = """/* Init AJAX stuff */ var xmlhttp=false; /*@cc_on @*/ /*@if (@_jscript_version >= 5) // JScript gives us Conditional compilation, we can cope with old IE versions. // and security blocked creation of the objects. try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } } @end @*/ if (!xmlhttp && typeof XMLHttpRequest!='undefined') { try { xmlhttp = new XMLHttpRequest(); } catch (e) { xmlhttp=false; } } if (!xmlhttp && window.createRequest) { try { xmlhttp = window.createRequest(); } catch (e) { xmlhttp=false; } } /* Finished AJAX initialization */ /* Create the request */ """ # Set the method and the path res += 'xmlhttp.open("' + http_request.getMethod() + '", "' res += ajax_escape_string(http_request.getURI().url_string) + '",true);\n' # For debugging res += """ /* Debugging code, this should be removed for real life XSS exploits */ xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4) { alert(xmlhttp.responseText) } } /* Add headers to the request and send it */ """ # Now I add the headers: headers = http_request.getHeaders() for header_name in headers: res += 'xmlhttp.setRequestHeader("' + ajax_escape_string(header_name) + '", "' res += ajax_escape_string(headers[header_name]) + '");\n' # And finally the post data (if any) if http_request.getData() and http_request.getData() != "\n": res += "var post_data = (<r><![CDATA[" + str(http_request.getData()) + "]]></r>).toString();\n" res += "xmlhttp.send(post_data);\n" else: res += "xmlhttp.send(null);\n" return res
def showRaw(self, head, body): self._obj = httpRequestParser(head, body) ### FIXME: REMOVE ME ### self._set_vals.append((True, str(self._obj))) ####################### self.synchronize()