def _login(self, function_id): """ This is the method that actually calls the plugins in order to login to the web application. """ for plugin in self._consumer_plugins: debugging_id = rand_alnum(8) args = (plugin.get_name(), plugin.get_name(), debugging_id) msg = 'auth consumer is calling %s.has_active_session() and %s.login() (did:%s)' om.out.debug(msg % args) took_line = TookLine(self._w3af_core, 'auth', '_login', debugging_id=debugging_id) try: if not plugin.has_active_session(debugging_id=debugging_id): plugin.login(debugging_id=debugging_id) except Exception as e: self.handle_exception('auth', plugin.get_name(), None, e) took_line.send()
def test_took_simple(self): w3af_core = w3afCore() took_line = TookLine(w3af_core, 'plugin_name', 'method_name', debugging_id='ML7aEYsa', method_params={'test': 'yes'}) with patch('w3af.core.controllers.profiling.took_helper.om.out') as om_mock: took_line.send() self.assertEqual(om_mock.debug.call_count, 1) sent_message = om_mock.debug.call_args[0][0] self.assertRegexpMatches(sent_message, 'plugin_name.method_name\(test="yes",did="ML7aEYsa"\)' ' took .*? seconds to run \(.*? seconds / .*?% consuming CPU cycles\)')
def _login(self, function_id): """ This is the method that actually calls the plugins in order to login to the web application. """ for plugin in self._consumer_plugins: args = (plugin.get_name(), plugin.get_name()) om.out.debug('%s.is_logged() and %s.login()' % args) took_line = TookLine(self._w3af_core, plugin.get_name(), '_login') try: if not plugin.is_logged(): plugin.login() except Exception, e: self.handle_exception('auth', plugin.get_name(), None, e) took_line.send()
def _bruteforce(self, function_id, plugin, fuzzable_request): """ Since threadpool's apply_async runs the callback only when the call to this method ends without any exceptions, it is *very important* to handle exceptions correctly here. Failure to do so will end up in _task_done not called, which will make has_pending_work always return True. Python 3 has an error_callback in the apply_async method, which we could use in the future. :param fuzzable_request: The fuzzable request that (if suitable) will be bruteforced by @plugin. :return: A list of the URL's that have been successfully bruteforced """ res = set() # Logging args = (plugin.get_name(), fuzzable_request.get_uri()) om.out.debug('%s.bruteforce(%s)' % args) took_line = TookLine(self._w3af_core, plugin.get_name(), 'bruteforce', method_params={'uri': fuzzable_request.get_uri()}) # Status self._w3af_core.status.set_running_plugin('bruteforce', plugin.get_name()) self._w3af_core.status.set_current_fuzzable_request( 'bruteforce', fuzzable_request) # TODO: Report progress to the core. try: new_frs = plugin.bruteforce_wrapper(fuzzable_request) except Exception as e: self.handle_exception('bruteforce', plugin.get_name(), fuzzable_request, e) else: res.update(new_frs) took_line.send() return res
def _login(self, function_id): """ This is the method that actually calls the plugins in order to login to the web application. """ for plugin in self._consumer_plugins: args = (plugin.get_name(), plugin.get_name()) om.out.debug('%s.is_logged() and %s.login()' % args) took_line = TookLine(self._w3af_core, plugin.get_name(), '_login') try: if not plugin.is_logged(): plugin.login() except Exception, e: self.handle_exception('auth', plugin.get_name(), None, e) took_line.send()
def _inner_consume(self, request, response): """ Run one plugin against a request/response. :param request: The HTTP request :param response: The HTTP response :return: None, results are saved to KB """ for plugin in self._consumer_plugins: took_line = TookLine(self._w3af_core, plugin.get_name(), 'grep', debugging_id=None, method_params={'uri': request.get_uri()}) try: plugin.grep_wrapper(request, response) except Exception, e: self.handle_exception('grep', plugin.get_name(), request, e) else: took_line.send()