def test_do_ssl_req_through_proxy(self): resp_body = self.proxy_opener.open(get_moth_https()).read() # Basic check self.assertTrue(len(resp_body) > 0) # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_https()) # Get it without any proxy direct_resp = urllib2.urlopen(get_moth_https()) # Must be equal self.assertEqual(direct_resp.read(), proxy_resp.read()) # Have to remove the Date header because in some cases they differ # because one request was sent in second X and the other in X+1, which # makes the test fail direct_resp_headers = dict(direct_resp.info()) proxy_resp_headers = dict(proxy_resp.info()) del direct_resp_headers['date'] del proxy_resp_headers['date'] del direct_resp_headers['transfer-encoding'] del proxy_resp_headers['content-length'] del proxy_resp_headers['content-encoding'] self.assertEqual(direct_resp_headers, proxy_resp_headers)
def test_basic_ssl(self): url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertGreaterEqual(http_response.id, 1) self.assertNotEqual(http_response.id, None)
def test_https_via_proxy(self): self.assertEqual(self._proxy.total_handled_requests, 0) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertEqual(self._proxy.total_handled_requests, 1)
def test_hmap_https(self): cfg = self._run_configs['cfg'] self._scan(get_moth_https(), cfg['plugins']) infos = self.kb.get('hmap', 'server') self.assertEqual(len(infos), 1, infos) info = infos[0] self.assertIn('WSGIServer/0.1', info.get_desc(), info.get_desc())
def test_https_via_proxy(self): TODO = 'Skip this test because of a strange bug with the extended'\ ' url library and w3af\'s local proxy daemon. More info here:'\ ' https://github.com/andresriancho/w3af/issues/183' raise SkipTest(TODO) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_spiderman_https(self): port = get_unused_port() run_config = { "target": get_moth_https(), "plugins": {"crawl": (PluginConfig("spider_man", ("listen_port", port, PluginConfig.INT)),)}, } self.generic_spiderman_run(run_config, get_moth_https, port)
def test_spiderman_https(self): port = get_unused_port() run_config = { 'target': get_moth_https(), 'plugins': {'crawl': (PluginConfig('spider_man', ('listen_port', port, PluginConfig.INT), ),)} } self.generic_spiderman_run(run_config, get_moth_https, port)
class TestSQLMapWrapper(unittest.TestCase): SQLI_GET = get_moth_http('/audit/sql_injection/' 'where_string_single_qs.py?uname=pablo') SSL_SQLI_GET = get_moth_https('/audit/sql_injection/' 'where_string_single_qs.py?uname=pablo') SQLI_POST = get_moth_http('/audit/sql_injection/where_integer_form.py') DATA_POST = 'text=1' def setUp(self): uri = URL(self.SQLI_GET) target = Target(uri) self.uri_opener = ExtendedUrllib() self.sqlmap = SQLMapWrapper(target, self.uri_opener, debug=True) def tearDown(self): self.uri_opener.end() self.sqlmap.cleanup() @classmethod def setUpClass(cls): output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output') if os.path.exists(output_dir): shutil.rmtree(output_dir) @classmethod def tearDownClass(cls): # Doing this in both setupclass and teardownclass in order to be sure # that a ctrl+c doesn't break it output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output') if os.path.exists(output_dir): shutil.rmtree(output_dir) def test_verify_vulnerability(self): vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable) def test_verify_vulnerability_ssl(self): uri = URL(self.SSL_SQLI_GET) target = Target(uri) self.uri_opener = ExtendedUrllib() self.sqlmap = SQLMapWrapper(target, self.uri_opener) vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable, self.sqlmap.last_stdout) def test_verify_vulnerability_false(self): not_vuln = get_moth_http('/audit/sql_injection/' 'where_string_single_qs.py?fake=pablo') uri = URL(not_vuln) target = Target(uri) self.sqlmap = SQLMapWrapper(target, self.uri_opener) vulnerable = self.sqlmap.is_vulnerable() self.assertFalse(vulnerable) def test_verify_vulnerability_POST(self): target = Target(URL(self.SQLI_POST), self.DATA_POST) self.sqlmap = SQLMapWrapper(target, self.uri_opener) vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable, self.sqlmap.last_stdout) def test_wrapper_invalid_url(self): self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET, self.uri_opener) def test_stds(self): uri = URL(self.SQLI_GET) target = Target(uri) self.sqlmap = SQLMapWrapper(target, self.uri_opener) prms = [ '--batch', ] cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms) self.assertIsInstance(process.stdout, file) self.assertIsInstance(process.stderr, file) self.assertIsInstance(process.stdin, file) self.assertIsInstance(cmd, basestring) self.assertIn('sqlmap.py', cmd) def test_target_basic(self): target = Target(URL(self.SQLI_GET)) params = target.to_params() self.assertEqual(params, ["--url=%s" % self.SQLI_GET]) def test_target_post_data(self): target = Target(URL(self.SQLI_GET), self.DATA_POST) params = target.to_params() self.assertEqual( params, ["--url=%s" % self.SQLI_GET, "--data=%s" % self.DATA_POST]) def test_no_coloring(self): params = self.sqlmap.get_wrapper_params() self.assertIn('--disable-coloring', params) def test_always_batch(self): params = self.sqlmap.get_wrapper_params() self.assertIn('--batch', params) def test_use_proxy(self): params = self.sqlmap.get_wrapper_params() self.assertTrue( any(i.startswith('--proxy=http://127.0.0.1:') for i in params)) def test_enable_coloring(self): uri = URL(self.SQLI_GET) target = Target(uri) sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True) params = sqlmap.get_wrapper_params() self.assertNotIn('--disable-coloring', params) def test_dbs(self): vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable) cmd, process = self.sqlmap.dbs() output = process.stdout.read() self.assertIn('on SQLite it is not possible to enumerate databases', output) def test_tables(self): vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable) cmd, process = self.sqlmap.tables() output = process.stdout.read() self.assertIn('auth_group_permissions', output) self.assertIn('Database: SQLite_masterdb', output) self.assertIn('django_content_type', output) def test_users(self): vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable) cmd, process = self.sqlmap.users() output = process.stdout.read() self.assertIn('on SQLite it is not possible to enumerate the users', output) def test_dump(self): vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable) cmd, process = self.sqlmap.dump() output = process.stdout.read() self.assertIn('django_session', output) self.assertIn('auth_user_user_permissions', output) def test_sqlmap(self): vulnerable = self.sqlmap.is_vulnerable() self.assertTrue(vulnerable, self.sqlmap.last_stdout) cmd, process = self.sqlmap.direct('--tables') output = process.stdout.read() self.assertIn('django_session', output) self.assertIn('auth_user_user_permissions', output) self.assertNotIn('COLUMN_PRIVILEGES', output)
def test_https_via_proxy(self): raise SkipTest(TODO_183) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body)