def test_found_at(self): headers = Headers([('Referer', 'http://moth/')]) freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), headers=headers) m = HeadersMutant(freq) m.set_var('Referer') m.set_mod_value('foo') expected = '"http://www.w3af.com/", using HTTP method GET. The modified'\ ' header was: "Referer" and it\'s value was: "foo".' self.assertEqual(m.found_at(), expected)
def test_basic(self): freq = FuzzableRequest(URL('http://www.w3af.com/')) fake_ref = 'http://w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') original_referer = freq.get_referer() mutant.set_original_value(original_referer) mutant.set_mod_value(fake_ref) self.assertEqual(mutant.get_headers()['Referer'], fake_ref) self.assertEqual(mutant.get_original_value(), original_referer)
def _is_origin_checked(self, freq, orig_response): ''' :return: True if the remote web application verifies the Referer before processing the HTTP request. ''' fake_ref = 'http://www.w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') mutant.set_original_value(freq.get_referer()) mutant.set_mod_value(fake_ref) mutant_response = self._uri_opener.send_mutant(mutant) if not self._is_resp_equal(orig_response, mutant_response): return True return False