def test_simple_GET_relative(self): http_request = 'GET / HTTP/1.1\n' \ 'Host: www.w3af.org\n' \ 'Foo: bar\n' fuzzable_request = HTTPRequestParser(http_request, '') exp_headers = Headers([('Host', 'www.w3af.org'), ('Foo', 'bar')]) self.assertEquals(fuzzable_request.get_headers(), exp_headers) self.assertEqual(fuzzable_request.get_url().get_domain(), 'www.w3af.org')
def test_POST_request(self): self.http_daemon = HTTPDaemon() self.http_daemon.start() self.http_daemon.wait_for_start() # # Send the request to our server using the GUI # self.double_click('localhost') self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False) # Move to the beginning self.type(['<PgUp>',], False) # Replace GET with POST self.type(['<Delete>',], False) self.type(['<Delete>',], False) self.type(['<Delete>',], False) self.type('POST', False) # Move to the end (postdata) self.type(['<PgDn>',], False) post_data = 'foo=bar&spam=eggs' self.type(post_data, False) self.click('send') # Wait until we actually get the response, and verify we got the # response body we expected: self.find('abcdef') self.find('200_OK') # # Assert that it's what we really expected # requests = self.http_daemon.requests self.assertEqual(len(requests), 1) request = requests[0] head, postdata = MANUAL_REQUEST_EXAMPLE, '' http_request = HTTPRequestParser(head, postdata) self.assertEqual(http_request.get_url().get_path(), request.path) self.assertEqual('POST', request.command) for header_name, header_value in http_request.get_headers().iteritems(): self.assertIn(header_name.lower(), request.headers) self.assertEqual(header_value, request.headers[header_name.lower()]) self.assertEqual(str(len(post_data)), request.headers['content-length']) self.http_daemon.shutdown()
def ruby_export(request_string): """ :param request_string: The string of the request to export :return: A net/http based ruby script that will perform the same HTTP request. """ # get the header and the body splitted_request = request_string.split('\n\n') header = splitted_request[0] body = '\n\n'.join(splitted_request[1:]) http_request = HTTPRequestParser(header, body) # Now I do the real magic... res = 'require \'net/https\'\n\n' res += 'url = URI.parse("' + ruby_escape_string( http_request.get_uri().url_string) + '")\n' if http_request.get_data() != '\n' and http_request.get_data() is not None: escaped_data = ruby_escape_string(str(http_request.get_data())) res += 'data = "' + escaped_data + '"\n' else: res += 'data = nil\n' res += 'headers = {\n' headers = http_request.get_headers() for header_name, header_value in headers.iteritems(): header_value = ruby_escape_string(header_value) header_name = ruby_escape_string(header_name) res += ' "' + header_name + '" => "' + header_value + '",\n' res = res[:-2] res += '\n}\n' method = http_request.get_method() res += 'res = Net::HTTP.start(url.host, url.port) do |http|\n' res += ' http.use_ssl = ' if http_request.get_url().get_protocol().lower() == 'https': res += 'true\n' else: res += 'false\n' res += ' http.send_request("' + method + '", url.path, data, headers)\n' res += 'end\n\n' res += 'puts res.body\n' return res
def test_GET_request(self): self.http_daemon = HTTPDaemon() self.http_daemon.start() self.http_daemon.wait_for_start() # # Send the request to our server using the GUI # self.double_click('localhost') self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False) self.click('send') # Wait until we actually get the response, and verify we got the # response body we expected: self.find('abcdef') self.find('200_OK') # # Assert that it's what we really expected # requests = self.http_daemon.requests self.assertEqual(len(requests), 1) request = requests[0] head, postdata = MANUAL_REQUEST_EXAMPLE, '' http_request = HTTPRequestParser(head, postdata) self.assertEqual(http_request.get_url().get_path(), request.path) self.assertEqual(http_request.get_method(), request.command) for header_name, header_value in http_request.get_headers().iteritems( ): self.assertIn(header_name.lower(), request.headers) self.assertEqual(header_value, request.headers[header_name.lower()]) self.http_daemon.shutdown()
def test_GET_request(self): self.http_daemon = HTTPDaemon() self.http_daemon.start() self.http_daemon.wait_for_start() # # Send the request to our server using the GUI # self.double_click('localhost') self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False) self.click('send') # Wait until we actually get the response, and verify we got the # response body we expected: self.find('abcdef') self.find('200_OK') # # Assert that it's what we really expected # requests = self.http_daemon.requests self.assertEqual(len(requests), 1) request = requests[0] head, postdata = MANUAL_REQUEST_EXAMPLE, '' http_request = HTTPRequestParser(head, postdata) self.assertEqual(http_request.get_url().get_path(), request.path) self.assertEqual(http_request.get_method(), request.command) for header_name, header_value in http_request.get_headers().iteritems(): self.assertIn(header_name.lower(), request.headers) self.assertEqual(header_value, request.headers[header_name.lower()]) self.http_daemon.shutdown()
def test_POST_request(self): self.http_daemon = HTTPDaemon() self.http_daemon.start() self.http_daemon.wait_for_start() # # Send the request to our server using the GUI # self.double_click('localhost') self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False) # Move to the beginning self.type([ '<PgUp>', ], False) # Replace GET with POST self.type([ '<Delete>', ], False) self.type([ '<Delete>', ], False) self.type([ '<Delete>', ], False) self.type('POST', False) # Move to the end (postdata) self.type([ '<PgDn>', ], False) post_data = 'foo=bar&spam=eggs' self.type(post_data, False) self.click('send') # Wait until we actually get the response, and verify we got the # response body we expected: self.find('abcdef') self.find('200_OK') # # Assert that it's what we really expected # requests = self.http_daemon.requests self.assertEqual(len(requests), 1) request = requests[0] head, postdata = MANUAL_REQUEST_EXAMPLE, '' http_request = HTTPRequestParser(head, postdata) self.assertEqual(http_request.get_url().get_path(), request.path) self.assertEqual('POST', request.command) for header_name, header_value in http_request.get_headers().iteritems( ): self.assertIn(header_name.lower(), request.headers) self.assertEqual(header_value, request.headers[header_name.lower()]) self.assertEqual(str(len(post_data)), request.headers['content-length']) self.http_daemon.shutdown()