def _createFuzzableRequest(self):
'''
Based on the attributes, return a fuzzable request object.
Important variables used here:
- self.headers : Stores the headers for the request
- self.rfile : A file like object that stores the postdata
- self.path : Stores the URL that was requested by the browser
'''
# See HTTPWrapperClass
if hasattr(self.server, 'chainedHandler'):
basePath = "https://" + self.server.chainedHandler.path
path = basePath + self.path
else:
path = self.path
fuzzReq = fuzzableRequest(
url_object(path),
self.command,
self.headers.dict
)
postData = self._getPostData()
if postData:
fuzzReq.setData(postData)
return fuzzReq
def test_no_code_disclosure_blank(self):
body = ''
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertTrue( len(kb.kb.getData('codeDisclosure', 'codeDisclosure')) == 0 )
def test_ASP_code_disclosure(self):
body = 'header <% Response.Write("Hello World!") %> footer'
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertTrue( len(kb.kb.getData('codeDisclosure', 'codeDisclosure')) == 1 )
def test_none(self):
body = '<an object="1"> <or applet=2> <apple>'
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertEquals( len(kb.kb.getData('objects', 'objects')), 0 )
def test_no_feeds(self):
body = 'header <nofeed version="3" foo="4"> footer'
url = url_object("http://www.w3af.com/")
headers = {"content-type": "text/html"}
response = httpResponse(200, body, headers, url, url)
request = fuzzableRequest(url, method="GET")
self.plugin.grep(request, response)
self.assertEquals(len(kb.kb.getData("feeds", "feeds")), 0)
def test_none(self):
body = 'header <form><noinput type="file"></form> footer'
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertEquals( len(kb.kb.getData('fileUpload', 'fileUpload')), 0 )
def test_PHP_code_disclosure(self):
body = 'header <? echo $a; ?> footer'
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest()
request.setURL( url )
request.setMethod( 'GET' )
self.plugin.grep(request, response)
self.assertTrue( len(kb.kb.getData('codeDisclosure', 'codeDisclosure')) == 1 )
def test_no_version(self):
body = 'header <rss foo="3"> footer'
url = url_object("http://www.w3af.com/")
headers = {"content-type": "text/html"}
response = httpResponse(200, body, headers, url, url)
request = fuzzableRequest(url, method="GET")
self.plugin.grep(request, response)
self.assertEquals(len(kb.kb.getData("feeds", "feeds")), 1)
i = kb.kb.getData("feeds", "feeds")[0]
self.assertTrue("RSS" in i.getDesc())
self.assertTrue("unknown" in i.getDesc())
def test_applet(self):
body = '''header
<APPLET code="XYZApp.class" codebase="html/" align="baseline"
width="200" height="200">
<PARAM name="model" value="models/HyaluronicAcid.xyz">
No Java 2 SDK, Standard Edition v 1.4.2 support for APPLET!!
</APPLET>
footer'''
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertEquals( len(kb.kb.getData('objects', 'applet')), 1 )
i = kb.kb.getData('objects', 'applet')[0]
self.assertTrue( '"applet"' in i.getDesc() )
def test_object(self):
body = '''header
<OBJECT
classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
width="200" height="200">
<PARAM name="code" value="Applet1.class">
</OBJECT>
footer'''
url = url_object('http://www.w3af.com/')
headers = {'content-type': 'text/html'}
response = httpResponse(200, body , headers, url, url)
request = fuzzableRequest(url, method='GET')
self.plugin.grep(request, response)
self.assertEquals( len(kb.kb.getData('objects', 'object')), 1 )
i = kb.kb.getData('objects', 'object')[0]
self.assertTrue( '"object"' in i.getDesc() )
def _urllibReq2fr( self, request ):
'''
Convert a urllib2 request object to a fuzzableRequest.
Used in http_request.
@parameter request: A urllib2 request obj.
@return: A fuzzableRequest.
'''
headers = request.headers
headers.update(request.unredirected_hdrs)
fr = fuzzableRequest.fuzzableRequest(
request.url_object,
request.get_method(),
headers
)
fr.setData(request.get_data() or '')
return fr
def profile_me():
'''
To be profiled
'''
for _ in xrange(1):
for counter in xrange(1,5):
file_name = 'test-' + str(counter) + '.html'
file_path = os.path.join('plugins','tests','grep',file_name)
body = file( file_path ).read()
response = httpResponse(200, body, {'Content-Type': 'text/html'},
url_object( self.url_str + str(counter) ),
url_object( self.url_str + str(counter) ) )
request = fuzzableRequest(self.url_inst)
for pinst in self._plugins:
pinst.grep( request, response )
def _urllibReq2fr( self, request ):
'''
Convert a urllib2 request object to a fuzzableRequest.
Used in http_request.
@parameter request: A urllib2 request obj.
@return: A fuzzableRequest.
'''
fr = fuzzableRequest.fuzzableRequest()
fr.setURI( request.url_object )
fr.setMethod( request.get_method() )
headers = request.headers
for i in request.unredirected_hdrs.keys():
headers[ i ] = request.unredirected_hdrs[ i ]
fr.setHeaders( headers )
if request.get_data() is None:
fr.setData( '' )
else:
fr.setData( request.get_data() )
return fr
