def analyze_state():
# There might be errors that make us stop the process
if self._error_stopped:
msg = 'Exceptions found while sending HTTP requests.'
raise w3afMustStopException(msg)
if self._user_stopped:
msg = 'The user stopped the scan.'
raise w3afMustStopByUserRequest(msg)
def analyze_state():
# There might be errors that make us stop the process
if self._error_stopped:
msg = 'Multiple exceptions found while sending HTTP requests.'
raise w3afMustStopException(msg)
if self._user_stopped:
msg = 'The user stopped the scan.'
raise w3afMustStopByUserRequest(msg)
def _setup_404_detection(self):
#
# NOTE: I need to perform this test here in order to avoid some weird
# thread locking that happens when the webspider calls is_404, and
# because I want to initialize the is_404 database in a controlled
# try/except block.
#
from core.controllers.core_helpers.fingerprint_404 import is_404
for url in cf.cf.get("targets"):
try:
response = self._w3af_core.uri_opener.GET(url, cache=True)
is_404(response)
except w3afMustStopByUserRequest:
raise
except Exception, e:
msg = "Failed to initialize the 404 detection, original" ' exception was: "%s".'
raise w3afMustStopException(msg % e)
def _setup_404_detection(self):
#
# NOTE: I need to perform this test here in order to avoid some weird
# thread locking that happens when the webspider calls is_404, and
# because I want to initialize the is_404 database in a controlled
# try/except block.
#
from core.controllers.core_helpers.fingerprint_404 import is_404
for url in cf.cf.get('targets'):
try:
response = self._w3af_core.uri_opener.GET(url, cache=True)
is_404(response)
except w3afMustStopByUserRequest:
raise
except Exception, e:
msg = 'Failed to initialize the 404 detection, original' \
' exception was: "%s".'
raise w3afMustStopException(msg % e)
def store_in_cache(request, response):
# Create the http response object
resp = HTTPResponse.from_httplib_resp(response,
original_url=request.url_object)
resp.set_id(response.id)
resp.set_alias(gen_hash(request))
hi = HistoryItem()
hi.request = request
hi.response = resp
# Now save them
try:
hi.save()
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise w3afMustStopException(msg)
def store_in_cache(request, response):
# Create the http response object
resp = HTTPResponse.from_httplib_resp(response,
original_url=request.url_object)
resp.set_id(response.id)
resp.set_alias(gen_hash(request))
hi = HistoryItem()
hi.request = request
hi.response = resp
# Now save them
try:
hi.save()
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise w3afMustStopException(msg)
def verify_target_server(self):
"""
Well, it is more common than expected that the user configures a target
which is offline, is not a web server, etc. So we're going to verify
all that before even starting our work, and provide a nice error message
so that users can change their config if needed.
Note that we send MAX_ERROR_COUNT tests to the remote end in order to
trigger any errors in the remote end and have the Extended URL Library
error handle return errors.
:raises: A friendly exception with lots of details of what could have
happen.
"""
sent_requests = 0
msg = (
"The remote web server is not answering our HTTP requests,"
" multiple errors have been found while trying to GET a response"
" from the server.\n\n"
"In most cases this means that the configured target is"
" incorrect, the port is closed, there is a firewall blocking"
" our packets or there is no HTTP daemon listening on that"
" port.\n\n"
"Please verify your target configuration and try again."
)
while sent_requests < MAX_ERROR_COUNT * 1.5:
for url in cf.cf.get("targets"):
try:
self._w3af_core.uri_opener.GET(url, cache=False)
except w3afMustStopByUserRequest:
# Not a real error, the user stopped the scan
raise
except Exception:
raise w3afMustStopException(msg)
else:
sent_requests += 1
def verify_target_server(self):
'''
Well, it is more common than expected that the user configures a target
which is offline, is not a web server, etc. So we're going to verify
all that before even starting our work, and provide a nice error message
so that users can change their config if needed.
Note that we send MAX_ERROR_COUNT tests to the remote end in order to
trigger any errors in the remote end and have the Extended URL Library
error handle return errors.
:raises: A friendly exception with lots of details of what could have
happen.
'''
sent_requests = 0
msg = (
'The remote web server is not answering our HTTP requests,'
' multiple errors have been found while trying to GET a response'
' from the server.\n\n'
'In most cases this means that the configured target is'
' incorrect, the port is closed, there is a firewall blocking'
' our packets or there is no HTTP daemon listening on that'
' port.\n\n'
'Please verify your target configuration and try again.')
while sent_requests < MAX_ERROR_COUNT * 1.5:
for url in cf.cf.get('targets'):
try:
self._w3af_core.uri_opener.GET(url, cache=False)
except w3afMustStopByUserRequest:
# Not a real error, the user stopped the scan
raise
except Exception:
raise w3afMustStopException(msg)
else:
sent_requests += 1
msg = ('Failed to HTTP "%s" "%s". Reason: "%s", going to retry.' %
(req.get_method(), original_url, e.reason))
# Log the errors
om.out.debug(msg)
om.out.debug('Traceback for this error: %s' %
traceback.format_exc())
req._Request__original = original_url
# Then retry!
return self._retry(req, grep, e)
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise w3afMustStopException(msg)
except w3afMustStopException:
raise
except AttributeError:
raise
except Exception, e:
# This except clause will catch unexpected errors
# For the first N errors, return an empty response...
# Then a w3afMustStopException will be raised
msg = ('%s %s returned HTTP code "%s"' %
(req.get_method(), original_url, NO_CONTENT))
om.out.debug(msg)
om.out.debug('Unhandled exception in ExtendedUrllib._send(): %s' % e)
om.out.debug(traceback.format_exc())
# Clear the log of failed requests; this request is done!
msg = ('Failed to HTTP "%s" "%s". Reason: "%s", going to retry.' %
(req.get_method(), original_url, e.reason))
# Log the errors
om.out.debug(msg)
om.out.debug('Traceback for this error: %s' %
traceback.format_exc())
req._Request__original = original_url
# Then retry!
return self._retry(req, grep, e)
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise w3afMustStopException(msg)
except w3afMustStopException:
raise
except AttributeError:
raise
except Exception, e:
# This except clause will catch unexpected errors
# For the first N errors, return an empty response...
# Then a w3afMustStopException will be raised
msg = ('%s %s returned HTTP code "%s"' %
(req.get_method(), original_url, NO_CONTENT))
om.out.debug(msg)
om.out.debug('Unhandled exception in ExtendedUrllib._send(): %s' % e)
om.out.debug(traceback.format_exc())
# Clear the log of failed requests; this request is done!