def test_matches_one_of_false_1(self):
user_value = '[{"action": "/foo"}, {"action": "/bar", "method": "get"}]'
form_list = FormIDMatcherList(user_value)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches_one_of(form_list)
self.assertFalse(match)
def set_default_values(self):
"""
Load all the default settings
:return: None
"""
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('path_max_variants', PATH_MAX_VARIANTS)
cf.cf.save('params_max_variants', PARAMS_MAX_VARIANTS)
cf.cf.save('max_equal_form_variants', MAX_EQUAL_FORM_VARIANTS)
cf.cf.save('max_discovery_time', 120)
cf.cf.save('max_scan_time', 240)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
# The network interface configuration (for advanced exploits)
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('stop_on_first_exception', False)
# Blacklists
cf.cf.save('blacklist_http_request', [])
cf.cf.save('blacklist_audit', [])
# Form exclusion via IDs
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
# Language to use when reading from vulndb
cf.cf.save('vulndb_language', DBVuln.DEFAULT_LANG)
def test_form_exclusions(self):
user_value = '[{"action": "/out.*"}]'
cf.cf.save('form_id_list', FormIDMatcherList(user_value))
cf.cf.save('form_id_action', EXCLUDE)
self._scan(self.scan_config['target'], self.scan_config['plugins'])
# Define the expected/desired output
expected_files = ['', '/in/']
expected_urls = set(
URL(self.target_url).url_join(end).url_string
for end in expected_files)
# pylint: disable=E1101
# Pylint fails to detect the object types that come out of the KB
urls = self.kb.get_all_known_urls()
found_urls = set(str(u).decode('utf-8') for u in urls)
self.assertEquals(found_urls, expected_urls)
# revert any changes to the default so we don't affect other tests
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
def test_matches_one_of_true(self):
user_value = '[{"action": "/foo", "method": "post"}, {"action": "/products/product-.*", "method": "get"}]'
form_list = FormIDMatcherList(user_value)
found_form_id = FormID(
action=URL('http://w3af.org/products/product-132'),
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
method='get',
attributes={'class': 'comment-css'})
match = found_form_id.matches_one_of(form_list)
self.assertTrue(match)
def set_default_values(self):
"""
Load all the default settings
:return: None
"""
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
# The network interface configuration (for advanced exploits)
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
# Form exclusion via IDs
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
def test_form_exclude_zero_of_two(self):
user_value = '[{"action": "/foo", "method": "post"}, {"action": "/nomatch", "method": "post"}]'
cf.cf.save('form_id_list', FormIDMatcherList(user_value))
body = """
<html>
<form action="/foo" method="get">
<input type="text" name="test" value="hello">
<input type="submit" name="submit">
</form>
<form action="/bar" method="post">
<input type="text" name="test" value="hello">
<input type="submit" name="submit">
</form>
</html>"""
r = build_http_response(self.url, body)
p = RaiseHTMLParser(r)
p.parse()
self.assertEqual(len(p.forms), 2)
def validate(self, value):
try:
return FormIDMatcherList(value)
except Exception as e:
msg = 'Invalid form ID list configured by user, error: %s.' % e
raise BaseFrameworkException(msg)
def tearDown(self):
# set the defaults back
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
