def _createFuzzableRequest(self): ''' Based on the attributes, return a fuzzable request object. Important variables used here: - self.headers : Stores the headers for the request - self.rfile : A file like object that stores the postdata - self.path : Stores the URL that was requested by the browser ''' # See HTTPWrapperClass if hasattr(self.server, 'chainedHandler'): basePath = "https://" + self.server.chainedHandler.path path = basePath + self.path else: path = self.path fuzzReq = fuzzableRequest( url_object(path), self.command, self.headers.dict ) postData = self._getPostData() if postData: fuzzReq.setData(postData) return fuzzReq
def test_no_code_disclosure_blank(self): body = '' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertTrue( len(kb.kb.getData('codeDisclosure', 'codeDisclosure')) == 0 )
def test_ASP_code_disclosure(self): body = 'header <% Response.Write("Hello World!") %> footer' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertTrue( len(kb.kb.getData('codeDisclosure', 'codeDisclosure')) == 1 )
def test_none(self): body = '<an object="1"> <or applet=2> <apple>' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEquals( len(kb.kb.getData('objects', 'objects')), 0 )
def test_no_feeds(self): body = 'header <nofeed version="3" foo="4"> footer' url = url_object("http://www.w3af.com/") headers = {"content-type": "text/html"} response = httpResponse(200, body, headers, url, url) request = fuzzableRequest(url, method="GET") self.plugin.grep(request, response) self.assertEquals(len(kb.kb.getData("feeds", "feeds")), 0)
def test_none(self): body = 'header <form><noinput type="file"></form> footer' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEquals( len(kb.kb.getData('fileUpload', 'fileUpload')), 0 )
def test_PHP_code_disclosure(self): body = 'header <? echo $a; ?> footer' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest() request.setURL( url ) request.setMethod( 'GET' ) self.plugin.grep(request, response) self.assertTrue( len(kb.kb.getData('codeDisclosure', 'codeDisclosure')) == 1 )
def test_no_version(self): body = 'header <rss foo="3"> footer' url = url_object("http://www.w3af.com/") headers = {"content-type": "text/html"} response = httpResponse(200, body, headers, url, url) request = fuzzableRequest(url, method="GET") self.plugin.grep(request, response) self.assertEquals(len(kb.kb.getData("feeds", "feeds")), 1) i = kb.kb.getData("feeds", "feeds")[0] self.assertTrue("RSS" in i.getDesc()) self.assertTrue("unknown" in i.getDesc())
def test_applet(self): body = '''header <APPLET code="XYZApp.class" codebase="html/" align="baseline" width="200" height="200"> <PARAM name="model" value="models/HyaluronicAcid.xyz"> No Java 2 SDK, Standard Edition v 1.4.2 support for APPLET!! </APPLET> footer''' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEquals( len(kb.kb.getData('objects', 'applet')), 1 ) i = kb.kb.getData('objects', 'applet')[0] self.assertTrue( '"applet"' in i.getDesc() )
def test_object(self): body = '''header <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" width="200" height="200"> <PARAM name="code" value="Applet1.class"> </OBJECT> footer''' url = url_object('http://www.w3af.com/') headers = {'content-type': 'text/html'} response = httpResponse(200, body , headers, url, url) request = fuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEquals( len(kb.kb.getData('objects', 'object')), 1 ) i = kb.kb.getData('objects', 'object')[0] self.assertTrue( '"object"' in i.getDesc() )
def _urllibReq2fr( self, request ): ''' Convert a urllib2 request object to a fuzzableRequest. Used in http_request. @parameter request: A urllib2 request obj. @return: A fuzzableRequest. ''' headers = request.headers headers.update(request.unredirected_hdrs) fr = fuzzableRequest.fuzzableRequest( request.url_object, request.get_method(), headers ) fr.setData(request.get_data() or '') return fr
def profile_me(): ''' To be profiled ''' for _ in xrange(1): for counter in xrange(1,5): file_name = 'test-' + str(counter) + '.html' file_path = os.path.join('plugins','tests','grep',file_name) body = file( file_path ).read() response = httpResponse(200, body, {'Content-Type': 'text/html'}, url_object( self.url_str + str(counter) ), url_object( self.url_str + str(counter) ) ) request = fuzzableRequest(self.url_inst) for pinst in self._plugins: pinst.grep( request, response )
def _urllibReq2fr( self, request ): ''' Convert a urllib2 request object to a fuzzableRequest. Used in http_request. @parameter request: A urllib2 request obj. @return: A fuzzableRequest. ''' fr = fuzzableRequest.fuzzableRequest() fr.setURI( request.url_object ) fr.setMethod( request.get_method() ) headers = request.headers for i in request.unredirected_hdrs.keys(): headers[ i ] = request.unredirected_hdrs[ i ] fr.setHeaders( headers ) if request.get_data() is None: fr.setData( '' ) else: fr.setData( request.get_data() ) return fr