def toggle_bookmark(self, cell, path, model): """Toggle bookmark.""" model[path][1] = not model[path][1] historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.toggle_mark(True) return
def __init__(self, w3af, request_id, enableWidget=None, withManual=True, withFuzzy=True, withCompare=True, withAudit=True, editableRequest=False, editableResponse=False, widgname="default"): # Create the window RememberingWindow.__init__(self, w3af, "reqResWin", _("w3af - HTTP Request/Response"), "Browsing_the_Knowledge_Base") # Create the request response viewer rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy, withCompare, withAudit, editableRequest, editableResponse, widgname) # Search the id in the DB historyItem = HistoryItem() historyItem.load(request_id) # Set rrViewer.request.show_object(historyItem.request) rrViewer.response.show_object(historyItem.response) rrViewer.show() self.vbox.pack_start(rrViewer) # Show the window self.show()
def edit_tag(self, cell, path, new_text, model): """Edit tag.""" model[path][4] = new_text historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.update_tag(new_text, True) return
def store_in_cache(request, response): hi = HistoryItem() # Set the request headers = dict(request.headers) headers.update(request.unredirected_hdrs) req = createFuzzableRequestRaw(method=request.get_method(), url=request.url_object, postData=str(request.get_data() or ''), headers=headers) hi.request = req # Set the response resp = response code, msg, hdrs, url, body, id = (resp.code, resp.msg, resp.info(), resp.geturl(), resp.read(), resp.id) # BUGBUG: This is where I create/log the responses that always have # 0.2 as the time! url_instance = url_object( url ) resp = httpResponse.httpResponse(code, body, hdrs, url_instance, request.url_object, msg=msg, id=id, alias=gen_hash(request)) hi.response = resp # Now save them try: hi.save() except KeyboardInterrupt, k: raise k
def logHttp( self, request, response): historyItem = HistoryItem() try: historyItem.request = request historyItem.response = response historyItem.save() except KeyboardInterrupt, k: raise k
def __init__(self, w3af, kbbrowser, ifilter): super(FullKBTree, self).__init__(w3af, ifilter, 'Knowledge Base', strict=False) self._historyItem = HistoryItem() self.kbbrowser = kbbrowser self.connect('cursor-changed', self._showDesc) self.show()
def test_history_access(self): self.count_plugin.loops = 1 self.w3afcore.start() history_item = HistoryItem() self.assertTrue(history_item.load(1)) self.assertEqual(history_item.id, 1) self.assertEqual(history_item.get_request().get_uri().url_string, 'http://moth/') self.assertEqual(history_item.get_response().get_uri().url_string, 'http://moth/')
def _impactDone(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by audit plugins... # not just the ones with vulnerabilities. # for result in impact.result: for itemId in result.getId(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.updateTag(historyItem.tag + result.plugin_name) historyItem.info = result.getDesc() historyItem.save() else: if impact.exception.__class__ == w3afException: msg = str(impact.exception) elif impact.exception.__class__ == w3afMustStopException: msg = "Stopped sending requests because " + str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.friendlyException(msg) gtk.gdk.threads_leave() return False
def test_mark(self): mark_id = random.randint(1, 499) url = url_object('http://w3af.org/a/b/c.php') for i in xrange(0, 500): fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res if i == mark_id: h1.toggleMark() h1.save() h2 = HistoryItem() h2.load(mark_id) self.assertTrue(h2.mark)
def __init__(self): OutputPlugin.__init__(self) # These attributes hold the file pointers self._file = None # User configured parameters self._file_name = 'report.xml' self._timeFormat = '%a %b %d %H:%M:%S %Y' self._longTimestampString = str( time.strftime(self._timeFormat, time.localtime())) self._timestampString = str(int(time.time())) # List with additional xml elements self._errorXML = [] # xml self._xmldoc = xml.dom.minidom.Document() self._topElement = self._xmldoc.createElement("w3afrun") self._topElement.setAttribute("start", self._timestampString) self._topElement.setAttribute("startstr", self._longTimestampString) self._topElement.setAttribute("xmloutputversion", "2.0") # Add in the version details version_element = self._xmldoc.createElement("w3af-version") version_data = self._xmldoc.createTextNode( str(get_w3af_version.get_w3af_version())) version_element.appendChild(version_data) self._topElement.appendChild(version_element) self._scanInfo = self._xmldoc.createElement("scaninfo") # HistoryItem to get requests/responses self._history = HistoryItem()
def test_clear(self): url = URL("http://w3af.com/a/b/c.php") request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(1) h1.response = res h1.save() table_name = h1.get_table_name() db = get_default_temp_db_instance() self.assertTrue(db.table_exists(table_name)) clear_result = h1.clear() self.assertTrue(clear_result) self.assertFalse(os.path.exists(h1._session_dir), "%s exists." % h1._session_dir) # Changed the meaning of clear a little bit... now it simply removes # all rows from the table, not the table itself self.assertTrue(db.table_exists(table_name))
def store_in_cache(request, response): hi = HistoryItem() # Set the request req = create_fuzzable_request(request, add_headers=request.unredirected_hdrs) hi.request = req # Set the response resp = httpResponse.from_httplib_resp(response, original_url=request.url_object) resp.setId(response.id) resp.setAlias(gen_hash(request)) hi.response = resp # Now save them try: hi.save() except KeyboardInterrupt, k: raise k
def test_tag(self): tag_id = random.randint(501, 999) tag_value = createRandAlNum(10) url = url_object('http://w3af.org/a/b/c.php') for i in xrange(501, 1000): fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res if i == tag_id: h1.updateTag(tag_value) h1.save() h2 = HistoryItem() h2.load(tag_id) self.assertEqual(h2.tag, tag_value)
def test_tag(self): tag_id = random.randint(501, 999) tag_value = rand_alnum(10) url = URL("http://w3af.org/a/b/c.php") for i in xrange(501, 1000): request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res if i == tag_id: h1.update_tag(tag_value) h1.save() h2 = HistoryItem() h2.load(tag_id) self.assertEqual(h2.tag, tag_value)
def __init__(self, w3af, padding=10, time_refresh=False): """Init object.""" super(httpLogTab, self).__init__(w3af, "pane-httplogtab", 300) self.w3af = w3af self._padding = padding self._lastId = 0 self._historyItem = HistoryItem() if time_refresh: gobject.timeout_add(1000, self.refresh_results) # Create the main container mainvbox = gtk.VBox() mainvbox.set_spacing(self._padding) # Add the menuHbox, Req/Res viewer and the R/R selector on the bottom self._initSearchBox(mainvbox) self._initFilterBox(mainvbox) self._initReqResViewer(mainvbox) mainvbox.show() # Add everything self.add(mainvbox) self.show()
def store_in_cache(request, response): # Create the http response object resp = HTTPResponse.from_httplib_resp(response, original_url=request.url_object) resp.set_id(response.id) resp.set_alias(gen_hash(request)) hi = HistoryItem() hi.request = request hi.response = resp # Now save them try: hi.save() except Exception, ex: msg = ( "Exception while inserting request/response to the" " database: %s\nThe request/response that generated" " the error is: %s %s %s" % (ex, resp.get_id(), request.get_uri(), resp.get_code()) ) om.out.error(msg) raise Exception(msg)
def store_in_cache(request, response): # Create the http response object resp = HTTPResponse.from_httplib_resp(response, original_url=request.url_object) resp.set_id(response.id) resp.set_alias(gen_hash(request)) hi = HistoryItem() hi.request = request hi.response = resp # Now save them try: hi.save() except sqlite3.Error, e: msg = 'A sqlite3 error was raised: "%s".' % e if 'disk' in str(e).lower(): msg += ' Please check if your disk is full.' raise w3afMustStopException(msg)
def test_save_load(self): i = random.randint(1, 499) url = url_object('http://w3af.com/a/b/c.php') fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res h1.save() h2 = HistoryItem() h2.load(i) self.assertEqual(h1.request, h2.request) self.assertEqual(h1.response.body, h2.response.body)
def __init__(self): baseOutputPlugin.__init__(self) if not kb.kb.getData('gtkOutput', 'db') == []: # Restore it from the kb self._db = kb.kb.getData('gtkOutput', 'db') self.queue = kb.kb.getData('gtkOutput', 'queue') else: self.queue = Queue.Queue() kb.kb.save('gtkOutput', 'queue' , self.queue) # Create DB and add tables sessionName = cf.cf.getData('sessionName') dbName = os.path.join(get_home_dir(), 'sessions', 'db_' + sessionName) # Just in case the directory doesn't exist... try: os.mkdir(os.path.join(get_home_dir() , 'sessions')) except OSError, oe: # [Errno 17] File exists if oe.errno != 17: msg = 'Unable to write to the user home directory: ' + get_home_dir() raise w3afException( msg ) self._db = DB() # Check if the database already exists if os.path.exists(dbName): # Find one that doesn't exist for i in xrange(100): newDbName = dbName + '-' + str(i) if not os.path.exists(newDbName): dbName = newDbName break # Create DB! self._db.open(dbName) # Create table historyItem = HistoryItem(self._db) self._db.createTable(historyItem.getTableName(), historyItem.getColumns(), historyItem.getPrimaryKeyColumns()) kb.kb.save('gtkOutput', 'db', self._db)
def test_save_load(self): i = random.randint(1, 499) url = URL("http://w3af.com/a/b/c.php") request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res h1.save() h2 = HistoryItem() h2.load(i) self.assertEqual(h1.request, h2.request) self.assertEqual(h1.response.body, h2.response.body)
def test_delete(self): i = random.randint(1, 499) url = url_object('http://w3af.com/a/b/c.php') fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res h1.save() h1.delete(i) try: h2 = h1.read(i) except: h2 = None self.assertEqual(h2, None)
def _impact_done(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by audit plugins... # not just the ones with vulnerabilities. # for result in impact.result: # TODO: I'm not sure when this is None bug it appeared in Trac bug #167736 if result.get_id() is not None: for itemId in result.get_id(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.update_tag(historyItem.tag + result.plugin_name) historyItem.info = result.get_desc() historyItem.save() else: if impact.exception.__class__ == w3afException: msg = str(impact.exception) elif impact.exception.__class__ == w3afMustStopException: msg = "Stopped sending requests because " + \ str(impact.exception) elif impact.exception.__class__ == w3afMustStopOnUrlError: msg = "Not sending requests because " + str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.FriendlyExceptionDlg(msg) gtk.gdk.threads_leave() return False
def test_clear_clear(self): url = URL("http://w3af.com/a/b/c.php") request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(1) h1.response = res h1.save() h1.clear() h1.clear()
def test_delete(self): i = random.randint(1, 499) url = URL("http://w3af.com/a/b/c.php") request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) res.set_id(i) h1 = HistoryItem() h1.request = request h1.response = res h1.save() fname = h1._get_fname_for_id(i) self.assertTrue(os.path.exists(fname)) h1.delete(i) self.assertRaises(DBException, h1.read, i) self.assertFalse(os.path.exists(fname))
def store_in_cache(request, response): # Create the http response object resp = HTTPResponse.from_httplib_resp(response, original_url=request.url_object) resp.set_id(response.id) resp.set_alias(gen_hash(request)) hi = HistoryItem() hi.request = request hi.response = resp # Now save them try: hi.save() except Exception, ex: msg = ('Exception while inserting request/response to the' ' database: %s\nThe request/response that generated' ' the error is: %s %s %s' % (ex, resp.get_id(), request.get_uri(), resp.get_code())) om.out.error(msg) raise
def __init__(self, w3af): super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250) # Internal variables: # # Here I save the request and response ids to be used in the page control self.req_res_ids = [] # This is to search the DB and print the different request and responses as they are # requested from the page control, "_pageChange" method. self._historyItem = HistoryItem() # the filter to the tree filterbox = gtk.HBox() self.filters = {} def make_but(label, signal, initial): but = gtk.CheckButton(label) but.set_active(initial) but.connect("clicked", self.type_filter, signal) self.filters[signal] = initial but.show() filterbox.pack_start(but, expand=False, fill=False, padding=2) make_but("Vulnerabilities", "vuln", True) make_but("Informations", "info", True) filterbox.show() # the kb tree self.kbtree = FullKBTree(w3af, self, self.filters) # all in the first pane scrollwin21 = gtk.ScrolledWindow() scrollwin21.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) scrollwin21.add(self.kbtree) scrollwin21.show() # the filter and tree box treebox = gtk.VBox() treebox.pack_start(filterbox, expand=False, fill=False) treebox.pack_start(scrollwin21) treebox.show() # the explanation explan_tv = gtk.TextView() explan_tv.set_editable(False) explan_tv.set_cursor_visible(False) explan_tv.set_wrap_mode(gtk.WRAP_WORD) self.explanation = explan_tv.get_buffer() explan_tv.show() scrollwin22 = gtk.ScrolledWindow() scrollwin22.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) scrollwin22.add_with_viewport(explan_tv) scrollwin22.show() # The request/response viewer self.rrV = reqResViewer.reqResViewer(w3af, withAudit=False) self.rrV.set_sensitive(False) # Create the title label to show the request id self.title0 = gtk.Label() self.title0.show() # Create page changer to handle info/vuln objects that have MORE THAN ONE # related request/response self.pagesControl = entries.PagesControl(w3af, self._pageChange, 0) self.pagesControl.deactivate() self._pageChange(0) centerbox = gtk.HBox() centerbox.pack_start(self.pagesControl, True, False) # Add everything to a vbox vbox_rrv_centerbox = gtk.VBox() vbox_rrv_centerbox.pack_start(self.title0, False, True) vbox_rrv_centerbox.pack_start(self.rrV, True, True) vbox_rrv_centerbox.pack_start(centerbox, False, False) # and show vbox_rrv_centerbox.show() self.pagesControl.show() centerbox.show() # And now put everything inside the vpaned vpanedExplainAndView = entries.RememberingVPaned( w3af, "pane-kbbexplainview", 100) vpanedExplainAndView.pack1(scrollwin22) vpanedExplainAndView.pack2(vbox_rrv_centerbox) vpanedExplainAndView.show() # pack & show self.pack1(treebox) self.pack2(vpanedExplainAndView) self.show()
class KBBrowser(entries.RememberingHPaned): '''Show the Knowledge Base, with the filter and the tree. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> ''' def __init__(self, w3af): super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250) # Internal variables: # # Here I save the request and response ids to be used in the page control self.req_res_ids = [] # This is to search the DB and print the different request and responses as they are # requested from the page control, "_pageChange" method. self._historyItem = HistoryItem() # the filter to the tree filterbox = gtk.HBox() self.filters = {} def make_but(label, signal, initial): but = gtk.CheckButton(label) but.set_active(initial) but.connect("clicked", self.type_filter, signal) self.filters[signal] = initial but.show() filterbox.pack_start(but, expand=False, fill=False, padding=2) make_but("Vulnerabilities", "vuln", True) make_but("Informations", "info", True) filterbox.show() # the kb tree self.kbtree = FullKBTree(w3af, self, self.filters) # all in the first pane scrollwin21 = gtk.ScrolledWindow() scrollwin21.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) scrollwin21.add(self.kbtree) scrollwin21.show() # the filter and tree box treebox = gtk.VBox() treebox.pack_start(filterbox, expand=False, fill=False) treebox.pack_start(scrollwin21) treebox.show() # the explanation explan_tv = gtk.TextView() explan_tv.set_editable(False) explan_tv.set_cursor_visible(False) explan_tv.set_wrap_mode(gtk.WRAP_WORD) self.explanation = explan_tv.get_buffer() explan_tv.show() scrollwin22 = gtk.ScrolledWindow() scrollwin22.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) scrollwin22.add_with_viewport(explan_tv) scrollwin22.show() # The request/response viewer self.rrV = reqResViewer.reqResViewer(w3af, withAudit=False) self.rrV.set_sensitive(False) # Create the title label to show the request id self.title0 = gtk.Label() self.title0.show() # Create page changer to handle info/vuln objects that have MORE THAN ONE # related request/response self.pagesControl = entries.PagesControl(w3af, self._pageChange, 0) self.pagesControl.deactivate() self._pageChange(0) centerbox = gtk.HBox() centerbox.pack_start(self.pagesControl, True, False) # Add everything to a vbox vbox_rrv_centerbox = gtk.VBox() vbox_rrv_centerbox.pack_start(self.title0, False, True) vbox_rrv_centerbox.pack_start(self.rrV, True, True) vbox_rrv_centerbox.pack_start(centerbox, False, False) # and show vbox_rrv_centerbox.show() self.pagesControl.show() centerbox.show() # And now put everything inside the vpaned vpanedExplainAndView = entries.RememberingVPaned( w3af, "pane-kbbexplainview", 100) vpanedExplainAndView.pack1(scrollwin22) vpanedExplainAndView.pack2(vbox_rrv_centerbox) vpanedExplainAndView.show() # pack & show self.pack1(treebox) self.pack2(vpanedExplainAndView) self.show() def type_filter(self, button, ptype): '''Changes the filter of the KB in the tree.''' self.filters[ptype] = button.get_active() self.kbtree.set_filter(self.filters) def _pageChange(self, page): ''' Handle the page change in the page control. ''' # Only do something if I have a list of request and responses if self.req_res_ids: request_id = self.req_res_ids[page] try: historyItem = self._historyItem.read(request_id) except: # the request brought problems self.rrV.request.clear_panes() self.rrV.response.clear_panes() self.rrV.set_sensitive(False) self.title0.set_markup("<b>Error</b>") else: self.title0.set_markup("<b>Id: %d</b>" % request_id) self.rrV.request.show_object(historyItem.request) self.rrV.response.show_object(historyItem.response) self.rrV.set_sensitive(True)
def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton( 'Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = reqResViewer.requestPart( self, w3af, [ analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial(self.sSB_state.change, "rRV") ], editable=True, widgname="fuzzyrequest") if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZYHELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = reqResViewer.reqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self._pageChange) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file( os.path.join('core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show()
def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__( w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton('Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = reqResViewer.requestPart(self, w3af, [analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial( self.sSB_state.change, "rRV")], editable=True, widgname="fuzzyrequest") if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZYHELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = reqResViewer.reqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self._pageChange) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file(os.path.join('core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show()
class httpLogTab(entries.RememberingHPaned): """A tab that shows all HTTP requests and responses made by the framework. :author: Andres Riancho ([email protected]) """ def __init__(self, w3af, padding=10, time_refresh=False): """Init object.""" super(httpLogTab, self).__init__(w3af, "pane-httplogtab", 300) self.w3af = w3af self._padding = padding self._lastId = 0 self._historyItem = HistoryItem() if time_refresh: gobject.timeout_add(1000, self.refresh_results) # Create the main container mainvbox = gtk.VBox() mainvbox.set_spacing(self._padding) # Add the menuHbox, Req/Res viewer and the R/R selector on the bottom self._initSearchBox(mainvbox) self._initFilterBox(mainvbox) self._initReqResViewer(mainvbox) mainvbox.show() # Add everything self.add(mainvbox) self.show() def _initReqResViewer(self, mainvbox): """Create the req/res viewer.""" self._reqResViewer = reqResViewer.reqResViewer(self.w3af, editableRequest=False, editableResponse=False) self._reqResViewer.set_sensitive(False) # Create the req/res selector (when a search with more # than one result is done, this window appears) self._sw = gtk.ScrolledWindow() self._sw.set_shadow_type(gtk.SHADOW_ETCHED_IN) self._sw.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) self._lstore = gtk.ListStore( gobject.TYPE_UINT, gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_UINT, gobject.TYPE_STRING, gobject.TYPE_UINT, gobject.TYPE_STRING, gobject.TYPE_FLOAT, ) # Create tree view self._lstoreTreeview = gtk.TreeView(self._lstore) self._lstoreTreeview.set_rules_hint(True) self._lstoreTreeview.set_search_column(0) self.__add_columns(self._lstoreTreeview) self._lstoreTreeview.show() self._lstoreTreeview.connect("cursor-changed", self._view_in_req_res_viewer) # Popup menu self._rightButtonMenu = None self._lstoreTreeview.connect("button-press-event", self._popupMenu) # # # Selection # treeselection = self._lstoreTreeview.get_selection() treeselection.set_mode(gtk.SELECTION_MULTIPLE) self._sw.add(self._lstoreTreeview) # self._sw.set_sensitive(False) self._sw.show_all() # I want all sections to be resizable self._vpan = entries.RememberingVPaned(self.w3af, "pane-swandrRV", 100) self._vpan.pack1(self._sw) self._vpan.pack2(self._reqResViewer) self._vpan.show() mainvbox.pack_start(self._vpan) def _popupMenu(self, tv, event): """Generate and show popup menu.""" if event.button != 3: return # creates the whole menu only once if self._rightButtonMenu is None: gm = gtk.Menu() self._rightButtonMenu = gm # the items e = gtk.MenuItem(_("Delete selected items")) e.connect("activate", self._deleteSelected) gm.append(e) gm.show_all() else: gm = self._rightButtonMenu gm.popup(None, None, None, event.button, event.time) return True def _deleteSelected(self, widg=None): """Delete selected transactions.""" ids = [] iters = [] sel = self._lstoreTreeview.get_selection() (model, pathlist) = sel.get_selected_rows() for path in pathlist: iters.append(self._lstore.get_iter(path)) itemNumber = path[0] iid = self._lstore[itemNumber][0] ids.append(iid) for i in iters: self._lstore.remove(i) # TODO Move this action to separate thread for iid in ids: self._historyItem.delete(iid) def _initSearchBox(self, mainvbox): """Init Search box.""" # The search entry self._searchText = gtk.Entry() self._searchText.connect("activate", self.find_request_response) # The button that is used to advanced search filterBtn = gtk.ToggleButton(label=_("_Filter Options")) filterBtn.connect("toggled", self._showHideFilterBox) filterImg = gtk.Image() filterImg.set_from_stock(gtk.STOCK_FIND, gtk.ICON_SIZE_MENU) filterBtn.set_image(filterImg) # Clear button close = gtk.Image() close.set_from_stock(gtk.STOCK_CLEAR, gtk.ICON_SIZE_MENU) clearBox = gtk.EventBox() clearBox.add(close) clearBox.connect("button-release-event", self._showAllRequestResponses) # Create the container that has the menu menuHbox = gtk.HBox() menuHbox.set_spacing(self._padding) menuHbox.pack_start(gtk.Label(_("Search:")), False) menuHbox.pack_start(self._searchText) menuHbox.pack_start(clearBox, False) menuHbox.pack_start(filterBtn, False) menuHbox.show_all() mainvbox.pack_start(menuHbox, False, True) def _initFilterBox(self, mainvbox): """Init advanced search options.""" self._advSearchBox = gtk.HBox() self._advSearchBox.set_spacing(self._padding) self.pref = FilterOptions(self) # Filter options self._filterMethods = [("GET", "GET", False), ("POST", "POST", False)] filterMethods = OptionList() for method in self._filterMethods: filterMethods.add(opt_factory(method[0], method[2], method[1], "boolean")) self.pref.add_section("methods", _("Request Method"), filterMethods) filterId = OptionList() filterId.add(opt_factory("min", "0", "Min ID", "string")) filterId.add(opt_factory("max", "0", "Max ID", "string")) self.pref.add_section("trans_id", _("Transaction ID"), filterId) filterCodes = OptionList() codes = [ ("1xx", "1xx", False), ("2xx", "2xx", False), ("3xx", "3xx", False), ("4xx", "4xx", False), ("5xx", "5xx", False), ] for code in codes: filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean")) self.pref.add_section("codes", _("Response Code"), filterCodes) filterMisc = OptionList() filterMisc.add(opt_factory("tag", False, "Tag", "boolean")) filterMisc.add(opt_factory("has_qs", False, "Request has Query String", "boolean")) self.pref.add_section("misc", _("Misc"), filterMisc) filterTypes = OptionList() self._filterTypes = [ ("html", "HTML", False), ("javascript", "JavaScript", False), ("image", "Images", False), ("flash", "Flash", False), ("css", "CSS", False), ("text", "Text", False), ] for filterType in self._filterTypes: filterTypes.add(opt_factory(filterType[0], filterType[2], filterType[1], "boolean")) self.pref.add_section("types", _("Response Content Type"), filterTypes) filterSize = OptionList() filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean")) self.pref.add_section("sizes", _("Response Size"), filterSize) self.pref.show() self._advSearchBox.pack_start(self.pref, False, False) self._advSearchBox.hide_all() mainvbox.pack_start(self._advSearchBox, False, False) def __add_columns(self, treeview): """Add columns to main log table.""" model = treeview.get_model() # Column for id's column = gtk.TreeViewColumn(_("ID"), gtk.CellRendererText(), text=0) column.set_sort_column_id(0) treeview.append_column(column) # Column for bookmark # TODO: Find a better way to do this. The "B" and the checkbox aren't nice # what we aim for is something like the stars in gmail. """ renderer = gtk.CellRendererToggle() renderer.set_property('activatable', True) renderer.connect('toggled', self.toggle_bookmark, model) column = gtk.TreeViewColumn(_('B'), renderer) column.add_attribute(renderer, "active", 1) column.set_sort_column_id(1) treeview.append_column(column) """ # Column for METHOD column = gtk.TreeViewColumn(_("Method"), gtk.CellRendererText(), text=2) column.set_sort_column_id(2) treeview.append_column(column) # Column for URI renderer = gtk.CellRendererText() renderer.set_property("ellipsize", pango.ELLIPSIZE_END) column = gtk.TreeViewColumn("URI", renderer, text=3) column.set_sort_column_id(3) column.set_expand(True) column.set_resizable(True) treeview.append_column(column) # Column for Tag renderer = gtk.CellRendererText() # renderer.set_property('ellipsize', pango.ELLIPSIZE_END) renderer.set_property("editable", True) renderer.connect("edited", self.edit_tag, model) column = gtk.TreeViewColumn(_("Tag"), renderer, text=4) column.set_sort_column_id(4) column.set_resizable(True) column.set_sizing(gtk.TREE_VIEW_COLUMN_GROW_ONLY) treeview.append_column(column) extColumns = [ (5, _("Code")), (6, _("Message")), (7, _("Content-Length")), (8, _("Content-Type")), (9, _("Time (ms)")), ] for n, title in extColumns: column = gtk.TreeViewColumn(title, gtk.CellRendererText(), text=n) column.set_sort_column_id(n) treeview.append_column(column) def toggle_bookmark(self, cell, path, model): """Toggle bookmark.""" model[path][1] = not model[path][1] historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.toggle_mark(True) return def edit_tag(self, cell, path, new_text, model): """Edit tag.""" model[path][4] = new_text historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.update_tag(new_text, True) return def _showHideFilterBox(self, widget): """Show/hide advanced options.""" if not widget.get_active(): self._advSearchBox.hide_all() else: self._advSearchBox.show_all() def _showAllRequestResponses(self, widget=None, event=None): """Show all results.""" self._searchText.set_text("") try: self.find_request_response() except w3afException, w3: self._empty_results() return
class FuzzyRequests(entries.RememberingWindow): '''Infrastructure to generate fuzzy HTTP requests. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> ''' def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__(w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton( 'Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = reqResViewer.requestPart( self, w3af, [ analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial(self.sSB_state.change, "rRV") ], editable=True, widgname="fuzzyrequest") if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZYHELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = reqResViewer.reqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self._pageChange) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file( os.path.join('core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show() def _populate_popup(self, textview, menu): '''Populates the menu with the fuzzing items.''' menu.append(gtk.SeparatorMenuItem()) main_generator_menu = gtk.MenuItem(_("Generators")) main_generator_menu.set_submenu(create_generator_menu(self)) menu.append(main_generator_menu) menu.show_all() def _clearResponses(self, widg): '''Clears all the responses from the fuzzy window.''' self.responses = [] self.resultReqResp.request.clear_panes() self.resultReqResp.response.clear_panes() self.resultReqResp.set_sensitive(False) self.clusterButton.set_sensitive(False) self.clearButton.set_sensitive(False) self.pagesControl.deactivate() def _clusterData(self, widg): '''Analyze if we can cluster the responses and do it.''' data = [] for resp in self.responses: if resp[0]: reqid = resp[1] historyItem = self.historyItem.read(reqid) data.append(historyItem.response) if data: distance_function_selector(self.w3af, data) else: # Let the user know ahout the problem msg = "There are no HTTP responses available to cluster." dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, msg) opt = dlg.run() dlg.destroy() def _analyze(self, widg): '''Handles the Analyze part.''' (request, postbody) = self.originalReq.get_both_texts() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return self.analyzefb.set_text("%d requests" % fg.calculate_quantity()) self.analyzefb.set_sensitive(True) # raise the window only if preview is active if self.preview.get_active(): PreviewWindow(self.w3af, self, fg) def _send_stop(self, widg=None): '''Stop the requests being sent.''' self._sendStopped = True self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) self.sSB_state.change(self, False) self.throbber.running(False) def _send_pause(self, widg): '''Pause the requests being sent.''' self._sendPaused = True self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_play) self.throbber.running(False) def _send_play(self, widg): '''Continue sending the requests.''' self._sendPaused = False self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PAUSE, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause) self.throbber.running(True) def _send_start(self, widg): '''Start sending the requests.''' (request, postbody) = self.originalReq.get_both_texts() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return quant = fg.calculate_quantity() if quant > 20: msg = "Are you sure you want to send %d requests?" % quant dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_YES_NO, msg) opt = dlg.run() dlg.destroy() if opt != gtk.RESPONSE_YES: return # Get the fix content length value fixContentLength = self._fix_content_lengthCB.get_active() # initial state self.result_ok = 0 self.result_err = 0 self._sendPaused = False self._sendStopped = False requestGenerator = fg.generate() # change the buttons self.sendPlayBut.change_internals("", gtk.STOCK_MEDIA_PAUSE, "Pauses the requests sending") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause) self.sSB_state.change(self, True) self.throbber.running(True) # let's send the requests! gobject.timeout_add(100, self._real_send, fixContentLength, requestGenerator) def _real_send(self, fixContentLength, requestGenerator): '''This is the one that actually sends the requests, if corresponds. :param fixContentLength: if the lenght should be fixed by the core. :param requestGenerator: where to ask for the requests ''' if self._sendStopped: return False if self._sendPaused: return True try: (realreq, realbody) = requestGenerator.next() except StopIteration: # finished with all the requests! self._send_stop() return False try: httpResp = self.w3af.uri_opener.send_raw_request( realreq, realbody, fixContentLength) errorMsg = None self.result_ok += 1 except w3afException, e: errorMsg = str(e) httpResp = None self.result_err += 1 except w3afMustStopException, e: errorMsg = str(e) httpResp = None self.result_err += 1 # Let the user know about the problem msg = "Stopped sending requests because of the following"\ " unexpected error:\n\n%s" % str(e) helpers.FriendlyExceptionDlg(msg) return False
class FuzzyRequests(entries.RememberingWindow): '''Infrastructure to generate fuzzy HTTP requests. :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> ''' def __init__(self, w3af, initial_request=None): super(FuzzyRequests, self).__init__( w3af, "fuzzyreq", "w3af - Fuzzy Requests", "Fuzzy_Requests") self.w3af = w3af self.historyItem = HistoryItem() mainhbox = gtk.HBox() # To store the responses self.responses = [] # ---- left pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox, False, False) # we create the buttons first, to pass them analyzBut = gtk.Button("Analyze") self.sendPlayBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendStopBut = entries.SemiStockButton( "", gtk.STOCK_MEDIA_STOP, "Stops the request being sent") self.sSB_state = helpers.PropagateBuffer( self.sendStopBut.set_sensitive) self.sSB_state.change(self, False) # Fix content length checkbox self._fix_content_lengthCB = gtk.CheckButton('Fix content length header') self._fix_content_lengthCB.set_active(True) self._fix_content_lengthCB.show() # request self.originalReq = reqResViewer.requestPart(self, w3af, [analyzBut.set_sensitive, self.sendPlayBut.set_sensitive, functools.partial( self.sSB_state.change, "rRV")], editable=True, widgname="fuzzyrequest") if initial_request is None: self.originalReq.show_raw(FUZZY_REQUEST_EXAMPLE, '') else: (initialUp, initialDn) = initial_request self.originalReq.show_raw(initialUp, initialDn) # Add the right button popup menu to the text widgets rawTextView = self.originalReq.get_view_by_id('HttpRawView') rawTextView.textView.connect("populate-popup", self._populate_popup) # help helplabel = gtk.Label() helplabel.set_selectable(True) helplabel.set_markup(FUZZYHELP) self.originalReq.append_page(helplabel, gtk.Label("Syntax help")) helplabel.show() self.originalReq.show() vbox.pack_start(self.originalReq, True, True, padding=5) vbox.show() # the commands t = gtk.Table(2, 4) analyzBut.connect("clicked", self._analyze) t.attach(analyzBut, 0, 2, 0, 1) self.analyzefb = gtk.Label("0 requests") self.analyzefb.set_sensitive(False) t.attach(self.analyzefb, 2, 3, 0, 1) self.preview = gtk.CheckButton("Preview") t.attach(self.preview, 3, 4, 0, 1) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) t.attach(self.sendPlayBut, 0, 1, 1, 2) self.sendStopBut.connect("clicked", self._send_stop) t.attach(self.sendStopBut, 1, 2, 1, 2) self.sendfb = gtk.Label("0 ok, 0 errors") self.sendfb.set_sensitive(False) t.attach(self.sendfb, 2, 3, 1, 2) t.attach(self._fix_content_lengthCB, 3, 4, 1, 2) t.show_all() vbox.pack_start(t, False, False, padding=5) # ---- throbber pane ---- vbox = gtk.VBox() self.throbber = helpers.Throbber() self.throbber.set_sensitive(False) vbox.pack_start(self.throbber, False, False) vbox.show() mainhbox.pack_start(vbox, False, False) # ---- right pane ---- vbox = gtk.VBox() mainhbox.pack_start(vbox) # A label to show the id of the response self.title0 = gtk.Label() self.title0.show() vbox.pack_start(self.title0, False, True) # result itself self.resultReqResp = reqResViewer.reqResViewer(w3af, withFuzzy=False, editableRequest=False, editableResponse=False) self.resultReqResp.set_sensitive(False) vbox.pack_start(self.resultReqResp, True, True, padding=5) vbox.show() # result control centerbox = gtk.HBox() self.pagesControl = entries.PagesControl(w3af, self._pageChange) centerbox.pack_start(self.pagesControl, True, False) centerbox.show() # cluster responses button image = gtk.Image() image.set_from_file(os.path.join('core', 'ui', 'gui', 'data', 'cluster_data.png')) image.show() self.clusterButton = gtk.Button(label='Cluster responses') self.clusterButton.connect("clicked", self._clusterData) self.clusterButton.set_sensitive(False) self.clusterButton.set_image(image) self.clusterButton.show() centerbox.pack_start(self.clusterButton, True, False) # clear responses button self.clearButton = entries.SemiStockButton( 'Clear Responses', gtk.STOCK_CLEAR, tooltip='Clear all HTTP responses from fuzzer window') self.clearButton.connect("clicked", self._clearResponses) self.clearButton.set_sensitive(False) self.clearButton.show() centerbox.pack_start(self.clearButton, True, False) vbox.pack_start(centerbox, False, False, padding=5) # Show all! self._sendPaused = True self.vbox.pack_start(mainhbox) self.vbox.show() mainhbox.show() self.show() def _populate_popup(self, textview, menu): '''Populates the menu with the fuzzing items.''' menu.append(gtk.SeparatorMenuItem()) main_generator_menu = gtk.MenuItem(_("Generators")) main_generator_menu.set_submenu(create_generator_menu(self)) menu.append(main_generator_menu) menu.show_all() def _clearResponses(self, widg): '''Clears all the responses from the fuzzy window.''' self.responses = [] self.resultReqResp.request.clear_panes() self.resultReqResp.response.clear_panes() self.resultReqResp.set_sensitive(False) self.clusterButton.set_sensitive(False) self.clearButton.set_sensitive(False) self.pagesControl.deactivate() def _clusterData(self, widg): '''Analyze if we can cluster the responses and do it.''' data = [] for resp in self.responses: if resp[0]: reqid = resp[1] historyItem = self.historyItem.read(reqid) data.append(historyItem.response) if data: distance_function_selector(self.w3af, data) else: # Let the user know ahout the problem msg = "There are no HTTP responses available to cluster." dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, msg) opt = dlg.run() dlg.destroy() def _analyze(self, widg): '''Handles the Analyze part.''' (request, postbody) = self.originalReq.get_both_texts() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return self.analyzefb.set_text("%d requests" % fg.calculate_quantity()) self.analyzefb.set_sensitive(True) # raise the window only if preview is active if self.preview.get_active(): PreviewWindow(self.w3af, self, fg) def _send_stop(self, widg=None): '''Stop the requests being sent.''' self._sendStopped = True self.sendPlayBut.change_internals( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_start) self.sSB_state.change(self, False) self.throbber.running(False) def _send_pause(self, widg): '''Pause the requests being sent.''' self._sendPaused = True self.sendPlayBut.change_internals( "", gtk.STOCK_MEDIA_PLAY, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_play) self.throbber.running(False) def _send_play(self, widg): '''Continue sending the requests.''' self._sendPaused = False self.sendPlayBut.change_internals( "", gtk.STOCK_MEDIA_PAUSE, "Sends the pending requests") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause) self.throbber.running(True) def _send_start(self, widg): '''Start sending the requests.''' (request, postbody) = self.originalReq.get_both_texts() try: fg = helpers.coreWrap(fuzzygen.FuzzyGenerator, request, postbody) except fuzzygen.FuzzyError: return quant = fg.calculate_quantity() if quant > 20: msg = "Are you sure you want to send %d requests?" % quant dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_WARNING, gtk.BUTTONS_YES_NO, msg) opt = dlg.run() dlg.destroy() if opt != gtk.RESPONSE_YES: return # Get the fix content length value fixContentLength = self._fix_content_lengthCB.get_active() # initial state self.result_ok = 0 self.result_err = 0 self._sendPaused = False self._sendStopped = False requestGenerator = fg.generate() # change the buttons self.sendPlayBut.change_internals( "", gtk.STOCK_MEDIA_PAUSE, "Pauses the requests sending") self.sendPlayBut.disconnect(self.sPB_signal) self.sPB_signal = self.sendPlayBut.connect("clicked", self._send_pause) self.sSB_state.change(self, True) self.throbber.running(True) # let's send the requests! gobject.timeout_add( 100, self._real_send, fixContentLength, requestGenerator) def _real_send(self, fixContentLength, requestGenerator): '''This is the one that actually sends the requests, if corresponds. :param fixContentLength: if the lenght should be fixed by the core. :param requestGenerator: where to ask for the requests ''' if self._sendStopped: return False if self._sendPaused: return True try: (realreq, realbody) = requestGenerator.next() except StopIteration: # finished with all the requests! self._send_stop() return False try: httpResp = self.w3af.uri_opener.send_raw_request( realreq, realbody, fixContentLength) errorMsg = None self.result_ok += 1 except w3afException, e: errorMsg = str(e) httpResp = None self.result_err += 1 except w3afMustStopException, e: errorMsg = str(e) httpResp = None self.result_err += 1 # Let the user know about the problem msg = "Stopped sending requests because of the following"\ " unexpected error:\n\n%s" % str(e) helpers.FriendlyExceptionDlg(msg) return False
class FullKBTree(kbtree.KBTree): '''A tree showing all the info. This also gives a long description of the element when clicked. @param kbbrowser: The KB Browser @param filter: The filter to show which elements @author: Facundo Batista <facundobatista =at= taniquetil.com.ar> ''' def __init__(self, w3af, kbbrowser, ifilter): super(FullKBTree,self).__init__(w3af, ifilter, 'Knowledge Base', strict=False) self._historyItem = HistoryItem() self.kbbrowser = kbbrowser self.connect('cursor-changed', self._showDesc) self.show() def _showDesc(self, tv): '''Shows the description at the right @param tv: the treeview. ''' (path, column) = tv.get_cursor() if path is None: return instance = self.getInstance(path) if hasattr(instance, "getDesc"): longdesc = str(instance.getDesc()) else: longdesc = "" self.kbbrowser.explanation.set_text(longdesc) success = False if hasattr(instance, "getId" ): if instance.getId() is not None: # # We have two different cases: # # 1) The object is related to ONLY ONE request / response # 2) The object is related to MORE THAN ONE request / response # # For 1), we show the classic view, and for 2) we show the classic # view with a "page control" # # Work: # if len( instance.getId() ) == 1: # There is ONLY ONE id related to the object # This is 1) self.kbbrowser.pagesControl.deactivate() self.kbbrowser._pageChange(0) self.kbbrowser.pagesControl.hide() self.kbbrowser.title0.hide() # This handles a special case, where the plugin writer made a mistake and # failed to set an id to the info / vuln object: if instance.getId()[0] is None: raise Exception('Exception - The id should not be None! "' + str(instance._desc) + '".') success = False else: # ok, we don't have None in the id: historyItem = self._historyItem.read(instance.getId()[0]) if historyItem: self.kbbrowser.rrV.request.showObject(historyItem.request) self.kbbrowser.rrV.response.showObject(historyItem.response) # Don't forget to highlight if neccesary severity = instance.getSeverity() for s in instance.getToHighlight(): self.kbbrowser.rrV.response.highlight( s, severity ) success = True else: om.out.error(_('Failed to find request/response with id: ') + str(instance.getId()) + _(' in the database.') ) else: # There are MORE THAN ONE ids related to the object # This is 2) self.kbbrowser.pagesControl.show() self.kbbrowser.title0.show() self.kbbrowser.req_res_ids = instance.getId() self.kbbrowser.pagesControl.activate(len(instance.getId())) self.kbbrowser._pageChange(0) success = True if success: self.kbbrowser.rrV.set_sensitive(True) else: self.kbbrowser.rrV.request.clearPanes() self.kbbrowser.rrV.response.clearPanes() self.kbbrowser.rrV.set_sensitive(False)
def _get_hist_obj(self): hist_obj = self._hist_obj if hist_obj is None: historyobjs = HistoryItem().find([('alias', self._hash_id, "=")]) self._hist_obj = hist_obj = historyobjs[0] if historyobjs else None return hist_obj
class FullKBTree(KBTree): '''A tree showing all the info. This also gives a long description of the element when clicked. :param kbbrowser: The KB Browser :param filter: The filter to show which elements :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> ''' def __init__(self, w3af, kbbrowser, ifilter): super(FullKBTree, self).__init__(w3af, ifilter, 'Knowledge Base', strict=False) self._historyItem = HistoryItem() self.kbbrowser = kbbrowser self.connect('cursor-changed', self._showDesc) self.show() def _showDesc(self, tv): '''Shows the description at the right :param tv: the treeview. ''' (path, column) = tv.get_cursor() if path is None: return instance = self.get_instance(path) if not isinstance(instance, Info): return longdesc = instance.get_desc() self.kbbrowser.explanation.set_text(longdesc) success = False if instance.get_id(): # # We have two different cases: # # 1) The object is related to ONLY ONE request / response # 2) The object is related to MORE THAN ONE request / response # # For 1), we show the classic view, and for 2) we show the classic # view with a "page control" # # Work: # if len(instance.get_id()) == 1: # There is ONLY ONE id related to the object # This is 1) self.kbbrowser.pagesControl.deactivate() self.kbbrowser._pageChange(0) self.kbbrowser.pagesControl.hide() self.kbbrowser.title0.hide() historyItem = self._historyItem.read(instance.get_id()[0]) if historyItem: self.kbbrowser.rrV.request.show_object(historyItem.request) self.kbbrowser.rrV.response.show_object( historyItem.response) # Don't forget to highlight if neccesary severity = instance.get_severity() for s in instance.get_to_highlight(): self.kbbrowser.rrV.response.highlight(s, severity) success = True else: msg = _('Failed to find request/response with id' '%s in the database.' % instance.get_id()) om.out.error(msg) else: # There are MORE THAN ONE ids related to the object # This is 2) self.kbbrowser.pagesControl.show() self.kbbrowser.title0.show() self.kbbrowser.req_res_ids = instance.get_id() self.kbbrowser.pagesControl.activate( len(instance.get_id())) self.kbbrowser._pageChange(0) success = True if success: self.kbbrowser.rrV.set_sensitive(True) else: self.kbbrowser.rrV.request.clear_panes() self.kbbrowser.rrV.response.clear_panes() self.kbbrowser.rrV.set_sensitive(False)
def clear(): ''' Clear the cache (remove all files and directories associated with it). ''' return HistoryItem().clear()
def init(): create_temp_dir() HistoryItem().init()
def test_find(self): find_id = random.randint(1, 499) url = url_object('http://w3af.org/a/b/foobar.php?foo=123') tag_value = createRandAlNum(10) for i in xrange(0, 500): fr = FuzzReq(url, dc={'a': ['1']}) code = 200 if i == find_id: code = 302 res = httpResponse(code, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res if i == find_id: h1.toggleMark() h1.updateTag(tag_value) h1.save() h2 = HistoryItem() self.assertEqual(len(h2.find([('tag', "%"+tag_value+"%", 'like')])), 1) self.assertEqual(len(h2.find([('code', 302, '=')])), 1) self.assertEqual(len(h2.find([('mark', 1, '=')])), 1) self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500) self.assertEqual(len(h2.find([('has_qs', 1, '=')], resultLimit=10)), 10) results = h2.find([('has_qs', 1, '=')], resultLimit=1, orderData=[('id','desc')]) self.assertEqual(results[0].id, 499) search_data = [] search_data.append(('id', find_id + 1, "<")) search_data.append(('id', find_id - 1, ">")) self.assertEqual(len(h2.find(search_data)), 1)
class FullKBTree(KBTree): '''A tree showing all the info. This also gives a long description of the element when clicked. :param kbbrowser: The KB Browser :param filter: The filter to show which elements :author: Facundo Batista <facundobatista =at= taniquetil.com.ar> ''' def __init__(self, w3af, kbbrowser, ifilter): super(FullKBTree, self).__init__(w3af, ifilter, 'Knowledge Base', strict=False) self._historyItem = HistoryItem() self.kbbrowser = kbbrowser self.connect('cursor-changed', self._showDesc) self.show() def _showDesc(self, tv): '''Shows the description at the right :param tv: the treeview. ''' (path, column) = tv.get_cursor() if path is None: return instance = self.get_instance(path) if not isinstance(instance, Info): return longdesc = instance.get_desc() self.kbbrowser.explanation.set_text(longdesc) success = False if instance.get_id(): # # We have two different cases: # # 1) The object is related to ONLY ONE request / response # 2) The object is related to MORE THAN ONE request / response # # For 1), we show the classic view, and for 2) we show the classic # view with a "page control" # # Work: # if len(instance.get_id()) == 1: # There is ONLY ONE id related to the object # This is 1) self.kbbrowser.pagesControl.deactivate() self.kbbrowser._pageChange(0) self.kbbrowser.pagesControl.hide() self.kbbrowser.title0.hide() historyItem = self._historyItem.read(instance.get_id()[0]) if historyItem: self.kbbrowser.rrV.request.show_object(historyItem.request) self.kbbrowser.rrV.response.show_object( historyItem.response) # Don't forget to highlight if neccesary severity = instance.get_severity() for s in instance.get_to_highlight(): self.kbbrowser.rrV.response.highlight(s, severity) success = True else: msg = _('Failed to find request/response with id' '%s in the database.' % instance.get_id()) om.out.error(msg) else: # There are MORE THAN ONE ids related to the object # This is 2) self.kbbrowser.pagesControl.show() self.kbbrowser.title0.show() self.kbbrowser.req_res_ids = instance.get_id() self.kbbrowser.pagesControl.activate(len(instance.get_id())) self.kbbrowser._pageChange(0) success = True if success: self.kbbrowser.rrV.set_sensitive(True) else: self.kbbrowser.rrV.request.clear_panes() self.kbbrowser.rrV.response.clear_panes() self.kbbrowser.rrV.set_sensitive(False)
class httpLogTab(entries.RememberingHPaned): '''A tab that shows all HTTP requests and responses made by the framework. :author: Andres Riancho ([email protected]) ''' def __init__(self, w3af, padding=10, time_refresh=False): """Init object.""" super(httpLogTab, self).__init__(w3af, "pane-httplogtab", 300) self.w3af = w3af self._padding = padding self._lastId = 0 self._historyItem = HistoryItem() if time_refresh: gobject.timeout_add(1000, self.refresh_results) # Create the main container mainvbox = gtk.VBox() mainvbox.set_spacing(self._padding) # Add the menuHbox, Req/Res viewer and the R/R selector on the bottom self._initSearchBox(mainvbox) self._initFilterBox(mainvbox) self._initReqResViewer(mainvbox) mainvbox.show() # Add everything self.add(mainvbox) self.show() def _initReqResViewer(self, mainvbox): """Create the req/res viewer.""" self._reqResViewer = reqResViewer.reqResViewer(self.w3af, editableRequest=False, editableResponse=False) self._reqResViewer.set_sensitive(False) # Create the req/res selector (when a search with more # than one result is done, this window appears) self._sw = gtk.ScrolledWindow() self._sw.set_shadow_type(gtk.SHADOW_ETCHED_IN) self._sw.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) self._lstore = gtk.ListStore(gobject.TYPE_UINT, gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_UINT, gobject.TYPE_STRING, gobject.TYPE_UINT, gobject.TYPE_STRING, gobject.TYPE_FLOAT) # Create tree view self._lstoreTreeview = gtk.TreeView(self._lstore) self._lstoreTreeview.set_rules_hint(True) self._lstoreTreeview.set_search_column(0) self.__add_columns(self._lstoreTreeview) self._lstoreTreeview.show() self._lstoreTreeview.connect('cursor-changed', self._view_in_req_res_viewer) # Popup menu self._rightButtonMenu = None self._lstoreTreeview.connect('button-press-event', self._popupMenu) # # # Selection # treeselection = self._lstoreTreeview.get_selection() treeselection.set_mode(gtk.SELECTION_MULTIPLE) self._sw.add(self._lstoreTreeview) #self._sw.set_sensitive(False) self._sw.show_all() # I want all sections to be resizable self._vpan = entries.RememberingVPaned(self.w3af, "pane-swandrRV", 100) self._vpan.pack1(self._sw) self._vpan.pack2(self._reqResViewer) self._vpan.show() mainvbox.pack_start(self._vpan) def _popupMenu(self, tv, event): '''Generate and show popup menu.''' if event.button != 3: return # creates the whole menu only once if self._rightButtonMenu is None: gm = gtk.Menu() self._rightButtonMenu = gm # the items e = gtk.MenuItem(_("Delete selected items")) e.connect('activate', self._deleteSelected) gm.append(e) gm.show_all() else: gm = self._rightButtonMenu gm.popup(None, None, None, event.button, event.time) return True def _deleteSelected(self, widg=None): '''Delete selected transactions.''' ids = [] iters = [] sel = self._lstoreTreeview.get_selection() (model, pathlist) = sel.get_selected_rows() for path in pathlist: iters.append(self._lstore.get_iter(path)) itemNumber = path[0] iid = self._lstore[itemNumber][0] ids.append(iid) for i in iters: self._lstore.remove(i) # TODO Move this action to separate thread for iid in ids: self._historyItem.delete(iid) def _initSearchBox(self, mainvbox): """Init Search box.""" # The search entry self._searchText = gtk.Entry() self._searchText.connect("activate", self.find_request_response) # The button that is used to advanced search filterBtn = gtk.ToggleButton(label=_("_Filter Options")) filterBtn.connect("toggled", self._showHideFilterBox) filterImg = gtk.Image() filterImg.set_from_stock(gtk.STOCK_FIND, gtk.ICON_SIZE_MENU) filterBtn.set_image(filterImg) # Clear button close = gtk.Image() close.set_from_stock(gtk.STOCK_CLEAR, gtk.ICON_SIZE_MENU) clearBox = gtk.EventBox() clearBox.add(close) clearBox.connect("button-release-event", self._showAllRequestResponses) # Create the container that has the menu menuHbox = gtk.HBox() menuHbox.set_spacing(self._padding) menuHbox.pack_start(gtk.Label(_("Search:")), False) menuHbox.pack_start(self._searchText) menuHbox.pack_start(clearBox, False) menuHbox.pack_start(filterBtn, False) menuHbox.show_all() mainvbox.pack_start(menuHbox, False, True) def _initFilterBox(self, mainvbox): """Init advanced search options.""" self._advSearchBox = gtk.HBox() self._advSearchBox.set_spacing(self._padding) self.pref = FilterOptions(self) # Filter options self._filterMethods = [ ('GET', 'GET', False), ('POST', 'POST', False), ] filterMethods = OptionList() for method in self._filterMethods: filterMethods.add( opt_factory(method[0], method[2], method[1], "boolean")) self.pref.add_section('methods', _('Request Method'), filterMethods) filterId = OptionList() filterId.add(opt_factory("min", "0", "Min ID", "string")) filterId.add(opt_factory("max", "0", "Max ID", "string")) self.pref.add_section('trans_id', _('Transaction ID'), filterId) filterCodes = OptionList() codes = [ ("1xx", "1xx", False), ("2xx", "2xx", False), ("3xx", "3xx", False), ("4xx", "4xx", False), ("5xx", "5xx", False), ] for code in codes: filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean")) self.pref.add_section('codes', _('Response Code'), filterCodes) filterMisc = OptionList() filterMisc.add(opt_factory("tag", False, "Tag", "boolean")) filterMisc.add( opt_factory("has_qs", False, "Request has Query String", "boolean")) self.pref.add_section('misc', _('Misc'), filterMisc) filterTypes = OptionList() self._filterTypes = [ ('html', 'HTML', False), ('javascript', 'JavaScript', False), ('image', 'Images', False), ('flash', 'Flash', False), ('css', 'CSS', False), ('text', 'Text', False), ] for filterType in self._filterTypes: filterTypes.add( opt_factory(filterType[0], filterType[2], filterType[1], "boolean")) self.pref.add_section('types', _('Response Content Type'), filterTypes) filterSize = OptionList() filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean")) self.pref.add_section('sizes', _('Response Size'), filterSize) self.pref.show() self._advSearchBox.pack_start(self.pref, False, False) self._advSearchBox.hide_all() mainvbox.pack_start(self._advSearchBox, False, False) def __add_columns(self, treeview): """Add columns to main log table.""" model = treeview.get_model() # Column for id's column = gtk.TreeViewColumn(_('ID'), gtk.CellRendererText(), text=0) column.set_sort_column_id(0) treeview.append_column(column) # Column for bookmark #TODO: Find a better way to do this. The "B" and the checkbox aren't nice #what we aim for is something like the stars in gmail. ''' renderer = gtk.CellRendererToggle() renderer.set_property('activatable', True) renderer.connect('toggled', self.toggle_bookmark, model) column = gtk.TreeViewColumn(_('B'), renderer) column.add_attribute(renderer, "active", 1) column.set_sort_column_id(1) treeview.append_column(column) ''' # Column for METHOD column = gtk.TreeViewColumn(_('Method'), gtk.CellRendererText(), text=2) column.set_sort_column_id(2) treeview.append_column(column) # Column for URI renderer = gtk.CellRendererText() renderer.set_property('ellipsize', pango.ELLIPSIZE_END) column = gtk.TreeViewColumn('URI', renderer, text=3) column.set_sort_column_id(3) column.set_expand(True) column.set_resizable(True) treeview.append_column(column) # Column for Tag renderer = gtk.CellRendererText() #renderer.set_property('ellipsize', pango.ELLIPSIZE_END) renderer.set_property('editable', True) renderer.connect('edited', self.edit_tag, model) column = gtk.TreeViewColumn(_('Tag'), renderer, text=4) column.set_sort_column_id(4) column.set_resizable(True) column.set_sizing(gtk.TREE_VIEW_COLUMN_GROW_ONLY) treeview.append_column(column) extColumns = [ (5, _('Code')), (6, _('Message')), (7, _('Content-Length')), (8, _('Content-Type')), (9, _('Time (ms)')), ] for n, title in extColumns: column = gtk.TreeViewColumn(title, gtk.CellRendererText(), text=n) column.set_sort_column_id(n) treeview.append_column(column) def toggle_bookmark(self, cell, path, model): """Toggle bookmark.""" model[path][1] = not model[path][1] historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.toggle_mark(True) return def edit_tag(self, cell, path, new_text, model): """Edit tag.""" model[path][4] = new_text historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.update_tag(new_text, True) return def _showHideFilterBox(self, widget): """Show/hide advanced options.""" if not widget.get_active(): self._advSearchBox.hide_all() else: self._advSearchBox.show_all() def _showAllRequestResponses(self, widget=None, event=None): """Show all results.""" self._searchText.set_text("") try: self.find_request_response() except w3afException, w3: self._empty_results() return