class TestExtendedUrllibProxy(unittest.TestCase): MOTH_MESSAGE = '<title>moth: vulnerable web application</title>' def setUp(self): self.uri_opener = ExtendedUrllib() # Start the proxy daemon self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Configure the proxy settings = OpenerSettings() options = settings.get_options() proxy_address_opt = options['proxy_address'] proxy_port_opt = options['proxy_port'] proxy_address_opt.set_value('127.0.0.1') proxy_port_opt.set_value(port) settings.set_options(options) self.uri_opener.settings = settings def tearDown(self): self.uri_opener.end() def test_http_default_port_via_proxy(self): url = URL(get_moth_http()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_http_port_specification_via_proxy(self): url = URL(get_moth_http()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_https_via_proxy(self): TODO = 'Skip this test because of a strange bug with the extended'\ ' url library and w3af\'s local proxy daemon. More info here:'\ ' https://github.com/andresriancho/w3af/issues/183' raise SkipTest(TODO) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_offline_port_via_proxy(self): url = URL('http://127.0.0.1:8181/') http_response = self.uri_opener.GET(url, cache=False) self.assertEqual(http_response.get_code(), 400) def test_POST_via_proxy(self): url = URL(get_moth_http('/audit/xss/simple_xss_form.py')) http_response = self.uri_opener.POST(url, data='text=123456abc', cache=False) self.assertIn('123456abc', http_response.body)
class TestExtendedUrllibProxy(unittest.TestCase): MOTH_MESSAGE = '<title>moth: vulnerable web application</title>' def setUp(self): self.uri_opener = ExtendedUrllib() # Start the proxy daemon self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Configure the proxy settings = OpenerSettings() options = settings.get_options() proxy_address_opt = options['proxy_address'] proxy_port_opt = options['proxy_port'] proxy_address_opt.set_value('127.0.0.1') proxy_port_opt.set_value(port) settings.set_options(options) self.uri_opener.settings = settings def tearDown(self): self.uri_opener.end() def test_http_default_port_via_proxy(self): url = URL(get_moth_http()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_http_port_specification_via_proxy(self): url = URL(get_moth_http()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_https_via_proxy(self): TODO = 'Skip this test because of a strange bug with the extended'\ ' url library and w3af\'s local proxy daemon. More info here:'\ ' https://github.com/andresriancho/w3af/issues/183' raise SkipTest(TODO) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_offline_port_via_proxy(self): url = URL('http://127.0.0.1:8181/') http_response = self.uri_opener.GET(url, cache=False) self.assertEqual(http_response.get_code(), 400) def test_POST_via_proxy(self): url = URL(get_moth_http('/audit/xss/simple_xss_form.py')) http_response = self.uri_opener.POST(url, data='text=123456abc', cache=False) self.assertIn('123456abc', http_response.body)
class TestProxy(unittest.TestCase): IP = '127.0.0.1' def setUp(self): # Start the proxy server create_temp_dir() self._proxy = Proxy(self.IP, 0, ExtendedUrllib(), w3afProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Build the proxy opener proxy_handler = urllib2.ProxyHandler( {"http": "http://%s:%s" % (self.IP, port)}) self.proxy_opener = urllib2.build_opener(proxy_handler, urllib2.HTTPHandler) def test_do_req_through_proxy(self): resp_body = self.proxy_opener.open(get_moth_http()).read() # Basic check self.assertTrue(len(resp_body) > 0) # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_http()) # Get it without any proxy direct_resp = urllib2.urlopen(get_moth_http()) # Must be equal self.assertEqual(direct_resp.read(), proxy_resp.read()) # Have to remove the Date header because in some cases they differ # because one request was sent in second X and the other in X+1, which # makes the test fail direct_resp_headers = dict(direct_resp.info()) proxy_resp_headers = dict(proxy_resp.info()) # Make sure that a change in the seconds returned in date doesn't break # the test del direct_resp_headers['date'] del proxy_resp_headers['date'] del direct_resp_headers['transfer-encoding'] del proxy_resp_headers['content-length'] self.assertEqual(direct_resp_headers, proxy_resp_headers) def test_do_ssl_req_through_proxy(self): resp_body = self.proxy_opener.open(get_moth_https()).read() # Basic check self.assertTrue(len(resp_body) > 0) # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_https()) # Get it without any proxy direct_resp = urllib2.urlopen(get_moth_https()) # Must be equal self.assertEqual(direct_resp.read(), proxy_resp.read()) # Have to remove the Date header because in some cases they differ # because one request was sent in second X and the other in X+1, which # makes the test fail direct_resp_headers = dict(direct_resp.info()) proxy_resp_headers = dict(proxy_resp.info()) del direct_resp_headers['date'] del proxy_resp_headers['date'] self.assertEqual(direct_resp_headers, proxy_resp_headers) def test_proxy_req_ok(self): """Test if self._proxy.stop() works as expected. Note that the check content is the same as the previous check, but it might be that this check fails because of some error in start() or stop() which is run during setUp and tearDown.""" # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_http()).read() # Get it the other way resp = urllib2.urlopen(get_moth_http()).read() # They must be very similar self.assertEqual(resp, proxy_resp) def test_stop_no_requests(self): """Test what happens if I stop the proxy without sending any requests through it""" # Note that the test is completed by self._proxy.stop() in tearDown pass def test_stop_stop(self): """Test what happens if I stop the proxy twice.""" # Note that the test is completed by self._proxy.stop() in tearDown self._proxy.stop() def tearDown(self): # Shutdown the proxy server self._proxy.stop()
class TestExtendedUrllibProxy(unittest.TestCase): MOTH_MESSAGE = '<title>moth: vulnerable web application</title>' def setUp(self): self.uri_opener = ExtendedUrllib() # Start the proxy daemon self._proxy = Proxy('127.0.0.2', 0, ExtendedUrllib(), ProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Configure the proxy settings = OpenerSettings() options = settings.get_options() proxy_address_opt = options['proxy_address'] proxy_port_opt = options['proxy_port'] proxy_address_opt.set_value('127.0.0.2') proxy_port_opt.set_value(port) settings.set_options(options) self.uri_opener.settings = settings def tearDown(self): self.uri_opener.end() def test_http_default_port_via_proxy(self): # TODO: Write this test pass def test_http_port_specification_via_proxy(self): self.assertEqual(self._proxy.total_handled_requests, 0) url = URL(get_moth_http()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertEqual(self._proxy.total_handled_requests, 1) def test_https_via_proxy(self): self.assertEqual(self._proxy.total_handled_requests, 0) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertEqual(self._proxy.total_handled_requests, 1) def test_offline_port_via_proxy(self): url = URL('http://127.0.0.1:8181/') http_response = self.uri_opener.GET(url, cache=False) self.assertEqual(http_response.get_code(), 500) self.assertIn('Connection refused', http_response.body) def test_POST_via_proxy(self): url = URL(get_moth_http('/audit/xss/simple_xss_form.py')) http_response = self.uri_opener.POST(url, data='text=123456abc', cache=False) self.assertIn('123456abc', http_response.body)
class TestProxy(unittest.TestCase): IP = '127.0.0.1' def setUp(self): # Start the proxy server create_temp_dir() self._proxy = Proxy(self.IP, 0, ExtendedUrllib(), w3afProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Build the proxy opener proxy_handler = urllib2.ProxyHandler({"http": "http://%s:%s" % (self.IP, port)}) self.proxy_opener = urllib2.build_opener(proxy_handler, urllib2.HTTPHandler) def test_do_req_through_proxy(self): resp_body = self.proxy_opener.open(get_moth_http()).read() # Basic check self.assertTrue(len(resp_body) > 0) # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_http()) # Get it without any proxy direct_resp = urllib2.urlopen(get_moth_http()) # Must be equal self.assertEqual(direct_resp.read(), proxy_resp.read()) # Have to remove the Date header because in some cases they differ # because one request was sent in second X and the other in X+1, which # makes the test fail direct_resp_headers = dict(direct_resp.info()) proxy_resp_headers = dict(proxy_resp.info()) # Make sure that a change in the seconds returned in date doesn't break # the test del direct_resp_headers['date'] del proxy_resp_headers['date'] del direct_resp_headers['transfer-encoding'] del proxy_resp_headers['content-length'] self.assertEqual(direct_resp_headers, proxy_resp_headers) def test_do_ssl_req_through_proxy(self): resp_body = self.proxy_opener.open(get_moth_https()).read() # Basic check self.assertTrue(len(resp_body) > 0) # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_https()) # Get it without any proxy direct_resp = urllib2.urlopen(get_moth_https()) # Must be equal self.assertEqual(direct_resp.read(), proxy_resp.read()) # Have to remove the Date header because in some cases they differ # because one request was sent in second X and the other in X+1, which # makes the test fail direct_resp_headers = dict(direct_resp.info()) proxy_resp_headers = dict(proxy_resp.info()) del direct_resp_headers['date'] del proxy_resp_headers['date'] self.assertEqual(direct_resp_headers, proxy_resp_headers) def test_proxy_req_ok(self): """Test if self._proxy.stop() works as expected. Note that the check content is the same as the previous check, but it might be that this check fails because of some error in start() or stop() which is run during setUp and tearDown.""" # Get response using the proxy proxy_resp = self.proxy_opener.open(get_moth_http()).read() # Get it the other way resp = urllib2.urlopen(get_moth_http()).read() # They must be very similar self.assertEqual(resp, proxy_resp) def test_stop_no_requests(self): """Test what happens if I stop the proxy without sending any requests through it""" # Note that the test is completed by self._proxy.stop() in tearDown pass def test_stop_stop(self): """Test what happens if I stop the proxy twice.""" # Note that the test is completed by self._proxy.stop() in tearDown self._proxy.stop() def tearDown(self): # Shutdown the proxy server self._proxy.stop()
class TestExtendedUrllibProxy(unittest.TestCase): MOTH_MESSAGE = '<title>moth: vulnerable web application</title>' def setUp(self): self.uri_opener = ExtendedUrllib() # Start the proxy daemon self._proxy = Proxy('127.0.0.2', 0, ExtendedUrllib(), ProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Configure the proxy settings = OpenerSettings() options = settings.get_options() proxy_address_opt = options['proxy_address'] proxy_port_opt = options['proxy_port'] proxy_address_opt.set_value('127.0.0.2') proxy_port_opt.set_value(port) settings.set_options(options) self.uri_opener.settings = settings def tearDown(self): self.uri_opener.end() def test_http_default_port_via_proxy(self): # TODO: Write this test pass def test_http_port_specification_via_proxy(self): self.assertEqual(self._proxy.total_handled_requests, 0) url = URL(get_moth_http()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertEqual(self._proxy.total_handled_requests, 1) def test_https_via_proxy(self): self.assertEqual(self._proxy.total_handled_requests, 0) url = URL(get_moth_https()) http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertEqual(self._proxy.total_handled_requests, 1) def test_offline_port_via_proxy(self): url = URL('http://127.0.0.1:8181/') http_response = self.uri_opener.GET(url, cache=False) self.assertEqual(http_response.get_code(), 500) self.assertIn('Connection refused', http_response.body) def test_POST_via_proxy(self): url = URL(get_moth_http('/audit/xss/simple_xss_form.py')) http_response = self.uri_opener.POST(url, data='text=123456abc', cache=False) self.assertIn('123456abc', http_response.body)