class TestExtendedUrllibProxy(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
# Start the proxy daemon
self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Configure the proxy
settings = OpenerSettings()
options = settings.get_options()
proxy_address_opt = options['proxy_address']
proxy_port_opt = options['proxy_port']
proxy_address_opt.set_value('127.0.0.1')
proxy_port_opt.set_value(port)
settings.set_options(options)
self.uri_opener.settings = settings
def tearDown(self):
self.uri_opener.end()
def test_http_default_port_via_proxy(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_http_port_specification_via_proxy(self):
url = URL('http://moth:80/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_https_via_proxy(self):
TODO = 'Skip this test because of a strange bug with the extended'\
' url library and w3af\'s local proxy daemon. More info here:'\
' https://github.com/andresriancho/w3af/issues/183'
raise SkipTest(TODO)
url = URL('https://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_offline_port_via_proxy(self):
url = URL('http://127.0.0.1:8181/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(http_response.get_code(), 400)
def test_POST_via_proxy(self):
url = URL('http://moth/w3af/core/echo/post.php')
http_response = self.uri_opener.POST(url, data='abc=123', cache=False)
self.assertIn('[abc] => 123', http_response.body)
class TestExtendedUrllibProxy(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
# Start the proxy daemon
self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler)
self._proxy.start()
self._proxy.wait_for_start()
port = self._proxy.get_port()
# Configure the proxy
settings = OpenerSettings()
options = settings.get_options()
proxy_address_opt = options['proxy_address']
proxy_port_opt = options['proxy_port']
proxy_address_opt.set_value('127.0.0.1')
proxy_port_opt.set_value(port)
settings.set_options(options)
self.uri_opener.settings = settings
def tearDown(self):
self.uri_opener.end()
def test_http_default_port_via_proxy(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_http_port_specification_via_proxy(self):
url = URL('http://moth:80/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_https_via_proxy(self):
TODO = 'Skip this test because of a strange bug with the extended'\
' url library and w3af\'s local proxy daemon. More info here:'\
' https://github.com/andresriancho/w3af/issues/183'
raise SkipTest(TODO)
url = URL('https://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_offline_port_via_proxy(self):
url = URL('http://127.0.0.1:8181/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(http_response.get_code(), 400)
def test_POST_via_proxy(self):
url = URL('http://moth/w3af/core/echo/post.php')
http_response = self.uri_opener.POST(url, data='abc=123', cache=False)
self.assertIn('[abc] => 123', http_response.body)
class TestXUrllib(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
def tearDown(self):
self.uri_opener.end()
def test_basic(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertGreaterEqual(http_response.id, 1)
self.assertNotEqual(http_response.id, None)
def test_cache(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url)
self.assertTrue(self.MOTH_MESSAGE in http_response.body)
url = URL('http://moth/')
http_response = self.uri_opener.GET(url)
self.assertTrue(self.MOTH_MESSAGE in http_response.body)
def test_qs_params(self):
url = URL('http://moth/w3af/audit/local_file_read/local_file_read.php?file=section.txt')
http_response = self.uri_opener.GET(url, cache=False)
self.assertTrue('Showing the section content.' in http_response.body,
http_response.body)
url = URL('http://moth/w3af/audit/local_file_read/local_file_read.php?file=/etc/passwd')
http_response = self.uri_opener.GET(url, cache=False)
self.assertTrue(
'root:x:0:0:' in http_response.body, http_response.body)
def test_POST(self):
url = URL('http://moth/w3af/audit/xss/data_receptor2.php')
data = DataContainer([('empresa', 'abc'), ('firstname', 'def')])
http_response = self.uri_opener.POST(url, data, cache=False)
self.assertTrue('def' in http_response.body, http_response.body)
def test_POST_special_chars(self):
url = URL('http://moth/w3af/audit/xss/data_receptor2.php')
test_data = u'abc<def>"-á-'
data = DataContainer([('empresa', test_data), ('firstname', 'def')])
http_response = self.uri_opener.POST(url, data, cache=False)
self.assertIn(test_data, http_response.body)
def test_unknown_url(self):
url = URL('http://longsitethatdoesnotexistfoo.com/')
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_url_port_closed(self):
# TODO: Change 2312 by an always closed/non-http port
url = URL('http://127.0.0.1:2312/')
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_url_port_not_http(self):
upper_daemon = UpperDaemon(EmptyTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
url = URL('http://127.0.0.1:%s/' % port)
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_url_port_not_http_many(self):
upper_daemon = UpperDaemon(EmptyTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
url = URL('http://127.0.0.1:%s/' % port)
for _ in xrange(MAX_ERROR_COUNT):
try:
self.uri_opener.GET(url)
except w3afMustStopByUnknownReasonExc:
self.assertTrue(False, 'Not expecting this exception type.')
except w3afMustStopOnUrlError:
self.assertTrue(True)
except w3afMustStopException:
self.assertTrue(True)
break
else:
self.assertTrue(False)
def test_timeout(self):
upper_daemon = UpperDaemon(TimeoutTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
url = URL('http://127.0.0.1:%s/' % port)
self.uri_opener.settings.set_timeout(1)
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
self.uri_opener.settings.set_default_values()
def test_timeout_many(self):
upper_daemon = UpperDaemon(TimeoutTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
self.uri_opener.settings.set_timeout(1)
url = URL('http://127.0.0.1:%s/' % port)
for _ in xrange(MAX_ERROR_COUNT):
try:
self.uri_opener.GET(url)
except w3afMustStopByUnknownReasonExc:
self.assertTrue(False, 'Not expecting this exception type.')
except w3afMustStopOnUrlError:
self.assertTrue(True)
except w3afMustStopException, e:
self.assertTrue(True)
break
else:
class TestXUrllib(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
def tearDown(self):
self.uri_opener.end()
def test_basic(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertGreaterEqual(http_response.id, 1)
self.assertNotEqual(http_response.id, None)
def test_cache(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url)
self.assertTrue(self.MOTH_MESSAGE in http_response.body)
url = URL('http://moth/')
http_response = self.uri_opener.GET(url)
self.assertTrue(self.MOTH_MESSAGE in http_response.body)
def test_qs_params(self):
url = URL('http://moth/w3af/audit/local_file_read/local_file_read.php?file=section.txt')
http_response = self.uri_opener.GET(url, cache=False)
self.assertTrue('Showing the section content.' in http_response.body,
http_response.body)
url = URL('http://moth/w3af/audit/local_file_read/local_file_read.php?file=/etc/passwd')
http_response = self.uri_opener.GET(url, cache=False)
self.assertTrue(
'root:x:0:0:' in http_response.body, http_response.body)
def test_POST(self):
url = URL('http://moth/w3af/audit/xss/data_receptor2.php')
data = DataContainer([('empresa', 'abc'), ('firstname', 'def')])
http_response = self.uri_opener.POST(url, data, cache=False)
self.assertTrue('def' in http_response.body, http_response.body)
def test_POST_special_chars(self):
url = URL('http://moth/w3af/audit/xss/data_receptor2.php')
test_data = u'abc<def>"-á-'
data = DataContainer([('empresa', test_data), ('firstname', 'def')])
http_response = self.uri_opener.POST(url, data, cache=False)
self.assertIn(test_data, http_response.body)
def test_unknown_url(self):
url = URL('http://longsitethatdoesnotexistfoo.com/')
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_stop(self):
self.uri_opener.stop()
url = URL('http://moth/')
self.assertRaises(w3afMustStopByUserRequest, self.uri_opener.GET, url)
def test_pause_stop(self):
self.uri_opener.pause(True)
self.uri_opener.stop()
url = URL('http://moth/')
self.assertRaises(w3afMustStopByUserRequest, self.uri_opener.GET, url)
def test_pause(self):
output = Queue.Queue()
self.uri_opener.pause(True)
def send(uri_opener, output):
url = URL('http://moth/')
http_response = uri_opener.GET(url)
output.put(http_response)
th = Process(target=send, args=(self.uri_opener, output))
th.daemon = True
th.start()
self.assertRaises(Queue.Empty, output.get, True, 2)
def test_pause_unpause(self):
output = Queue.Queue()
self.uri_opener.pause(True)
def send(uri_opener, output):
url = URL('http://moth/')
http_response = uri_opener.GET(url)
output.put(http_response)
th = Process(target=send, args=(self.uri_opener, output))
th.daemon = True
th.start()
self.assertRaises(Queue.Empty, output.get, True, 2)
self.uri_opener.pause(False)
http_response = output.get()
th.join()
self.assertEqual(http_response.get_code(), 200)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
def test_removes_cache(self):
url = URL('http://moth/')
self.uri_opener.GET(url, cache=False)
# Please note that this line, together with the tearDown() act as
# a test for a "double call to end()".
self.uri_opener.end()
db_fmt = 'db_unittest-%s'
trace_fmt = 'db_unittest-%s_traces/'
temp_dir = get_temp_dir()
for i in xrange(100):
test_db_path = os.path.join(temp_dir, db_fmt % i)
test_trace_path = os.path.join(temp_dir, trace_fmt % i)
self.assertFalse(os.path.exists(test_db_path), test_db_path)
self.assertFalse(os.path.exists(test_trace_path), test_trace_path)
def test_special_char_header(self):
url = URL('http://moth/w3af/core/header_fuzzing/cookie_echo.php')
header_content = u'á'
headers = Headers([('foo', header_content)])
http_response = self.uri_opener.GET(url, cache=False, headers=headers)
self.assertEqual(header_content, http_response.body)
class TestSQLMapWrapper(unittest.TestCase):
SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php?name=andres'
SSL_SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php?name=andres'
SQLI_POST = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php'
DATA_POST = 'name=andres'
def setUp(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
self.uri_opener = ExtendedUrllib()
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
def tearDown(self):
self.uri_opener.end()
self.sqlmap.cleanup()
@classmethod
def setUpClass(cls):
output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
@classmethod
def tearDownClass(cls):
# Doing this in both setupclass and teardownclass in order to be sure
# that a ctrl+c doesn't break it
output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
def test_verify_vulnerability(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_verify_vulnerability_ssl(self):
uri = URL(self.SSL_SQLI_GET)
target = Target(uri)
self.uri_opener = ExtendedUrllib()
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_verify_vulnerability_false(self):
not_vuln = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php?fake=invalid'
uri = URL(not_vuln)
target = Target(uri)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertFalse(vulnerable)
def test_verify_vulnerability_POST(self):
target = Target(URL(self.SQLI_POST), self.DATA_POST)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_wrapper_invalid_url(self):
self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET, self.uri_opener)
def test_stds(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
prms = ['--batch',]
cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)
self.assertIsInstance(process.stdout, file)
self.assertIsInstance(process.stderr, file)
self.assertIsInstance(process.stdin, file)
self.assertIsInstance(cmd, basestring)
self.assertIn('sqlmap.py', cmd)
def test_target_basic(self):
target = Target(URL(self.SQLI_GET))
params = target.to_params()
self.assertEqual(params, ["--url=%s" % self.SQLI_GET])
def test_target_post_data(self):
target = Target(URL(self.SQLI_GET), self.DATA_POST)
params = target.to_params()
self.assertEqual(params, ["--url=%s" % self.SQLI_GET,
"--data=%s" % self.DATA_POST])
def test_no_coloring(self):
params = self.sqlmap.get_wrapper_params()
self.assertIn('--disable-coloring', params)
def test_always_batch(self):
params = self.sqlmap.get_wrapper_params()
self.assertIn('--batch', params)
def test_use_proxy(self):
params = self.sqlmap.get_wrapper_params()
self.assertTrue(any(i.startswith('--proxy=http://127.0.0.1:') for i in params))
def test_enable_coloring(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
params = sqlmap.get_wrapper_params()
self.assertNotIn('--disable-coloring', params)
def test_dbs(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.dbs()
output = process.stdout.read()
self.assertIn('fetching database names', output)
self.assertIn('available databases', output)
self.assertIn('information_schema', output)
def test_tables(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.tables()
output = process.stdout.read()
self.assertIn('fetching tables for databases:', output)
self.assertIn('Database: information_schema', output)
self.assertIn('COLUMN_PRIVILEGES', output)
def test_users(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.users()
output = process.stdout.read()
self.assertIn('debian-sys-maint', output)
self.assertIn('localhost', output)
self.assertIn('root', output)
def test_dump(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.dump()
output = process.stdout.read()
self.assertIn('email', output)
self.assertIn('phone', output)
self.assertIn('address', output)
self.assertIn('47789900', output)
def test_sqlmap(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.direct('--dump -D w3af_test -T users')
output = process.stdout.read()
self.assertIn('email', output)
self.assertIn('phone', output)
self.assertIn('address', output)
self.assertIn('47789900', output)
self.assertNotIn('information_schema', output)
self.assertNotIn('COLUMN_PRIVILEGES', output)
class TestXUrllib(unittest.TestCase):
MOTH_MESSAGE = 'Welcome to the moth homepage!'
def setUp(self):
self.uri_opener = ExtendedUrllib()
def tearDown(self):
self.uri_opener.end()
def test_basic(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url, cache=False)
self.assertIn(self.MOTH_MESSAGE, http_response.body)
self.assertGreaterEqual(http_response.id, 1)
self.assertNotEqual(http_response.id, None)
def test_cache(self):
url = URL('http://moth/')
http_response = self.uri_opener.GET(url)
self.assertTrue(self.MOTH_MESSAGE in http_response.body)
url = URL('http://moth/')
http_response = self.uri_opener.GET(url)
self.assertTrue(self.MOTH_MESSAGE in http_response.body)
def test_qs_params(self):
url = URL(
'http://moth/w3af/audit/local_file_read/local_file_read.php?file=section.txt'
)
http_response = self.uri_opener.GET(url, cache=False)
self.assertTrue('Showing the section content.' in http_response.body,
http_response.body)
url = URL(
'http://moth/w3af/audit/local_file_read/local_file_read.php?file=/etc/passwd'
)
http_response = self.uri_opener.GET(url, cache=False)
self.assertTrue('root:x:0:0:' in http_response.body,
http_response.body)
def test_POST(self):
url = URL('http://moth/w3af/audit/xss/data_receptor2.php')
data = DataContainer([('empresa', 'abc'), ('firstname', 'def')])
http_response = self.uri_opener.POST(url, data, cache=False)
self.assertTrue('def' in http_response.body, http_response.body)
def test_POST_special_chars(self):
url = URL('http://moth/w3af/audit/xss/data_receptor2.php')
test_data = u'abc<def>"-á-'
data = DataContainer([('empresa', test_data), ('firstname', 'def')])
http_response = self.uri_opener.POST(url, data, cache=False)
self.assertIn(test_data, http_response.body)
def test_unknown_url(self):
url = URL('http://longsitethatdoesnotexistfoo.com/')
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_url_port_closed(self):
# TODO: Change 2312 by an always closed/non-http port
url = URL('http://127.0.0.1:2312/')
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_url_port_not_http(self):
upper_daemon = UpperDaemon(EmptyTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
url = URL('http://127.0.0.1:%s/' % port)
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
def test_url_port_not_http_many(self):
upper_daemon = UpperDaemon(EmptyTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
url = URL('http://127.0.0.1:%s/' % port)
for _ in xrange(MAX_ERROR_COUNT):
try:
self.uri_opener.GET(url)
except w3afMustStopByUnknownReasonExc:
self.assertTrue(False, 'Not expecting this exception type.')
except w3afMustStopOnUrlError:
self.assertTrue(True)
except w3afMustStopException:
self.assertTrue(True)
break
else:
self.assertTrue(False)
def test_timeout(self):
upper_daemon = UpperDaemon(TimeoutTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
url = URL('http://127.0.0.1:%s/' % port)
self.uri_opener.settings.set_timeout(1)
self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url)
self.uri_opener.settings.set_default_values()
def test_timeout_many(self):
upper_daemon = UpperDaemon(TimeoutTCPHandler)
upper_daemon.start()
upper_daemon.wait_for_start()
port = upper_daemon.get_port()
self.uri_opener.settings.set_timeout(1)
url = URL('http://127.0.0.1:%s/' % port)
for _ in xrange(MAX_ERROR_COUNT):
try:
self.uri_opener.GET(url)
except w3afMustStopByUnknownReasonExc:
self.assertTrue(False, 'Not expecting this exception type.')
except w3afMustStopOnUrlError:
self.assertTrue(True)
except w3afMustStopException, e:
self.assertTrue(True)
break
else:
class TestSQLMapWrapper(unittest.TestCase):
SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php?name=andres'
SSL_SQLI_GET = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php?name=andres'
SQLI_POST = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php'
DATA_POST = 'name=andres'
def setUp(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
self.uri_opener = ExtendedUrllib()
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
def tearDown(self):
self.uri_opener.end()
self.sqlmap.cleanup()
@classmethod
def setUpClass(cls):
output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
@classmethod
def tearDownClass(cls):
# Doing this in both setupclass and teardownclass in order to be sure
# that a ctrl+c doesn't break it
output_dir = os.path.join(SQLMapWrapper.SQLMAP_LOCATION, 'output')
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
def test_verify_vulnerability(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_verify_vulnerability_ssl(self):
uri = URL(self.SSL_SQLI_GET)
target = Target(uri)
self.uri_opener = ExtendedUrllib()
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_verify_vulnerability_false(self):
not_vuln = 'http://moth/w3af/audit/sql_injection/select/'\
'sql_injection_string.php?fake=invalid'
uri = URL(not_vuln)
target = Target(uri)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertFalse(vulnerable)
def test_verify_vulnerability_POST(self):
target = Target(URL(self.SQLI_POST), self.DATA_POST)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
def test_wrapper_invalid_url(self):
self.assertRaises(TypeError, SQLMapWrapper, self.SQLI_GET,
self.uri_opener)
def test_stds(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
self.sqlmap = SQLMapWrapper(target, self.uri_opener)
prms = [
'--batch',
]
cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)
self.assertIsInstance(process.stdout, file)
self.assertIsInstance(process.stderr, file)
self.assertIsInstance(process.stdin, file)
self.assertIsInstance(cmd, basestring)
self.assertIn('sqlmap.py', cmd)
def test_target_basic(self):
target = Target(URL(self.SQLI_GET))
params = target.to_params()
self.assertEqual(params, ["--url=%s" % self.SQLI_GET])
def test_target_post_data(self):
target = Target(URL(self.SQLI_GET), self.DATA_POST)
params = target.to_params()
self.assertEqual(
params, ["--url=%s" % self.SQLI_GET,
"--data=%s" % self.DATA_POST])
def test_no_coloring(self):
params = self.sqlmap.get_wrapper_params()
self.assertIn('--disable-coloring', params)
def test_always_batch(self):
params = self.sqlmap.get_wrapper_params()
self.assertIn('--batch', params)
def test_use_proxy(self):
params = self.sqlmap.get_wrapper_params()
self.assertTrue(
any(i.startswith('--proxy=http://127.0.0.1:') for i in params))
def test_enable_coloring(self):
uri = URL(self.SQLI_GET)
target = Target(uri)
sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
params = sqlmap.get_wrapper_params()
self.assertNotIn('--disable-coloring', params)
def test_dbs(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.dbs()
output = process.stdout.read()
self.assertIn('fetching database names', output)
self.assertIn('available databases', output)
self.assertIn('information_schema', output)
def test_tables(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.tables()
output = process.stdout.read()
self.assertIn('fetching tables for databases:', output)
self.assertIn('Database: information_schema', output)
self.assertIn('COLUMN_PRIVILEGES', output)
def test_users(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.users()
output = process.stdout.read()
self.assertIn('debian-sys-maint', output)
self.assertIn('localhost', output)
self.assertIn('root', output)
def test_dump(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.dump()
output = process.stdout.read()
self.assertIn('email', output)
self.assertIn('phone', output)
self.assertIn('address', output)
self.assertIn('47789900', output)
def test_sqlmap(self):
vulnerable = self.sqlmap.is_vulnerable()
self.assertTrue(vulnerable)
cmd, process = self.sqlmap.direct('--dump -D w3af_test -T users')
output = process.stdout.read()
self.assertIn('email', output)
self.assertIn('phone', output)
self.assertIn('address', output)
self.assertIn('47789900', output)
self.assertNotIn('information_schema', output)
self.assertNotIn('COLUMN_PRIVILEGES', output)
