class reqResViewer(gtk.VBox):
'''
A widget with the request and the response inside.
:author: Andres Riancho ([email protected])
:author: Facundo Batista ( [email protected] )
'''
def __init__(self,
w3af,
enableWidget=None,
withManual=True,
withFuzzy=True,
withCompare=True,
withAudit=True,
editableRequest=False,
editableResponse=False,
widgname="default",
layout='Tabbed'):
super(reqResViewer, self).__init__()
self.w3af = w3af
# Request
self.request = requestPart(self,
w3af,
enableWidget,
editableRequest,
widgname=widgname)
self.request.show()
# Response
self.response = responsePart(self,
w3af,
editableResponse,
widgname=widgname)
self.response.show()
self.layout = layout
if layout == 'Tabbed':
self._initTabbedLayout()
else:
self._initSplittedLayout()
# Init req toolbox
self._initToolBox(withManual, withFuzzy, withCompare, withAudit)
self.show()
def _initTabbedLayout(self):
'''Init Tabbed layout. It's more convenient for quick view.'''
nb = gtk.Notebook()
nb.show()
self.nb = nb
self.pack_start(nb, True, True)
nb.append_page(self.request, gtk.Label(_("Request")))
nb.append_page(self.response, gtk.Label(_("Response")))
# Info
self.info = HttpEditor(self.w3af)
self.info.set_editable(False)
#self.info.show()
nb.append_page(self.info, gtk.Label(_("Info")))
def _initSplittedLayout(self):
'''Init Splitted layout. It's more convenient for intercept.'''
self._vpaned = RememberingVPaned(self.w3af, 'trap_view')
self._vpaned.show()
self.pack_start(self._vpaned, True, True)
self._vpaned.add(self.request)
self._vpaned.add(self.response)
def focus_response(self):
if self.layout == 'Tabbed':
self.nb.set_current_page(1)
def focus_request(self):
if self.layout == 'Tabbed':
self.nb.set_current_page(0)
def _initToolBox(self, withManual, withFuzzy, withCompare, withAudit):
# Buttons
# This import needs to be here in order to avoid an import loop
from core.ui.gui.tools.fuzzy_requests import FuzzyRequests
from core.ui.gui.tools.manual_requests import ManualRequests
hbox = gtk.HBox()
if withManual or withFuzzy or withCompare:
if withManual:
b = SemiStockButton("", gtk.STOCK_INDEX,
_("Send Request to Manual Editor"))
b.connect("clicked", self._send_request, ManualRequests)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
if withFuzzy:
b = SemiStockButton("", gtk.STOCK_PROPERTIES,
_("Send Request to Fuzzy Editor"))
b.connect("clicked", self._send_request, FuzzyRequests)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
if withCompare:
b = SemiStockButton(
"", gtk.STOCK_ZOOM_100,
_("Send Request and Response to Compare Tool"))
b.connect("clicked", self._sendReqResp)
self.response.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
# I always can export requests
b = SemiStockButton("", gtk.STOCK_COPY, _("Export Request"))
b.connect("clicked", self._send_request, export_request)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
self.pack_start(hbox, False, False, padding=5)
hbox.show()
if withAudit:
# Add everything I need for the audit request thing:
# The button that shows the menu
b = SemiStockButton("", gtk.STOCK_EXECUTE,
_("Audit Request with..."))
b.connect("button-release-event", self._popupMenu)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
# The throbber (hidden!)
self.throbber = helpers.Throbber()
hbox.pack_start(self.throbber, True, True)
self.draw_area = helpers.DrawingAreaStringRepresentation()
hbox.pack_end(self.draw_area, False, False)
self.pack_start(hbox, False, False, padding=5)
hbox.show()
def _popupMenu(self, widget, event):
'''Show a Audit popup menu.'''
_time = event.time
# Get the information about the click
#requestId = self._lstore[path][0]
# Create the popup menu
gm = gtk.Menu()
plugin_type = "audit"
for plugin_name in sorted(
self.w3af.plugins.get_plugin_list(plugin_type)):
e = gtk.MenuItem(plugin_name)
e.connect('activate', self._auditRequest, plugin_name, plugin_type)
gm.append(e)
# Add a separator
gm.append(gtk.SeparatorMenuItem())
# Add a special item
e = gtk.MenuItem('All audit plugins')
e.connect('activate', self._auditRequest, 'All audit plugins',
'audit_all')
gm.append(e)
# show
gm.show_all()
gm.popup(None, None, None, event.button, _time)
def _auditRequest(self, menuItem, plugin_name, plugin_type):
"""
Audit a request using one or more plugins.
:param menuItem: The name of the audit plugin, or the 'All audit plugins' wildcard
:param plugin_name: The name of the plugin
:param plugin_type: The type of plugin
:return: None
"""
# We show a throbber, and start it
self.throbber.show()
self.throbber.running(True)
request = self.request.get_object()
# Now I start the analysis of this request in a new thread,
# threading game (copied from craftedRequests)
event = threading.Event()
impact = ThreadedURLImpact(self.w3af, request, plugin_name,
plugin_type, event)
impact.start()
gobject.timeout_add(200, self._impact_done, event, impact)
def _impact_done(self, event, impact):
# Keep calling this from timeout_add until isSet
if not event.isSet():
return True
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
# Analyze the impact
if impact.ok:
# Lets check if we found any vulnerabilities
#
# TODO: I should actually show ALL THE REQUESTS generated by audit plugins...
# not just the ones with vulnerabilities.
#
for result in impact.result:
# TODO: I'm not sure when this is None bug it appeared in Trac bug #167736
if result.get_id() is not None:
for itemId in result.get_id():
historyItem = HistoryItem()
historyItem.load(itemId)
historyItem.update_tag(historyItem.tag +
result.plugin_name)
historyItem.info = result.get_desc()
historyItem.save()
else:
if impact.exception.__class__ == w3afException:
msg = str(impact.exception)
elif impact.exception.__class__ == w3afMustStopException:
msg = "Stopped sending requests because " + \
str(impact.exception)
elif impact.exception.__class__ == w3afMustStopOnUrlError:
msg = "Not sending requests because " + str(impact.exception)
else:
raise impact.exception
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
gtk.gdk.threads_enter()
helpers.FriendlyExceptionDlg(msg)
gtk.gdk.threads_leave()
return False
def _send_request(self, widg, func):
"""Sends the texts to the manual or fuzzy request.
:param func: where to send the request.
"""
headers, data = self.request.get_both_texts()
func(self.w3af, (headers, data))
def _sendReqResp(self, widg):
"""Sends the texts to the compare tool."""
headers, data = self.request.get_both_texts()
self.w3af.mainwin.commCompareTool(
(headers, data, self.response.get_object()))
def set_sensitive(self, how):
"""Sets the pane on/off."""
self.request.set_sensitive(how)
self.response.set_sensitive(how)
class reqResViewer(gtk.VBox):
'''
A widget with the request and the response inside.
:author: Andres Riancho ([email protected])
:author: Facundo Batista ( [email protected] )
'''
def __init__(self, w3af, enableWidget=None, withManual=True,
withFuzzy=True, withCompare=True, withAudit=True,
editableRequest=False, editableResponse=False,
widgname="default", layout='Tabbed'):
super(reqResViewer, self).__init__()
self.w3af = w3af
# Request
self.request = requestPart(self, w3af, enableWidget, editableRequest,
widgname=widgname)
self.request.show()
# Response
self.response = responsePart(
self, w3af, editableResponse, widgname=widgname)
self.response.show()
self.layout = layout
if layout == 'Tabbed':
self._initTabbedLayout()
else:
self._initSplittedLayout()
# Init req toolbox
self._initToolBox(withManual, withFuzzy, withCompare, withAudit)
self.show()
def _initTabbedLayout(self):
'''Init Tabbed layout. It's more convenient for quick view.'''
nb = gtk.Notebook()
nb.show()
self.nb = nb
self.pack_start(nb, True, True)
nb.append_page(self.request, gtk.Label(_("Request")))
nb.append_page(self.response, gtk.Label(_("Response")))
# Info
self.info = HttpEditor(self.w3af)
self.info.set_editable(False)
#self.info.show()
nb.append_page(self.info, gtk.Label(_("Info")))
def _initSplittedLayout(self):
'''Init Splitted layout. It's more convenient for intercept.'''
self._vpaned = RememberingVPaned(self.w3af, 'trap_view')
self._vpaned.show()
self.pack_start(self._vpaned, True, True)
self._vpaned.add(self.request)
self._vpaned.add(self.response)
def focus_response(self):
if self.layout == 'Tabbed':
self.nb.set_current_page(1)
def focus_request(self):
if self.layout == 'Tabbed':
self.nb.set_current_page(0)
def _initToolBox(self, withManual, withFuzzy, withCompare, withAudit):
# Buttons
# This import needs to be here in order to avoid an import loop
from core.ui.gui.tools.fuzzy_requests import FuzzyRequests
from core.ui.gui.tools.manual_requests import ManualRequests
hbox = gtk.HBox()
if withManual or withFuzzy or withCompare:
if withManual:
b = SemiStockButton(
"", gtk.STOCK_INDEX, _("Send Request to Manual Editor"))
b.connect("clicked", self._send_request, ManualRequests)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
if withFuzzy:
b = SemiStockButton("", gtk.STOCK_PROPERTIES,
_("Send Request to Fuzzy Editor"))
b.connect("clicked", self._send_request, FuzzyRequests)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
if withCompare:
b = SemiStockButton("", gtk.STOCK_ZOOM_100, _(
"Send Request and Response to Compare Tool"))
b.connect("clicked", self._sendReqResp)
self.response.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
# I always can export requests
b = SemiStockButton("", gtk.STOCK_COPY, _("Export Request"))
b.connect("clicked", self._send_request, export_request)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
self.pack_start(hbox, False, False, padding=5)
hbox.show()
if withAudit:
# Add everything I need for the audit request thing:
# The button that shows the menu
b = SemiStockButton(
"", gtk.STOCK_EXECUTE, _("Audit Request with..."))
b.connect("button-release-event", self._popupMenu)
self.request.childButtons.append(b)
b.show()
hbox.pack_start(b, False, False, padding=2)
# The throbber (hidden!)
self.throbber = helpers.Throbber()
hbox.pack_start(self.throbber, True, True)
self.draw_area = helpers.DrawingAreaStringRepresentation()
hbox.pack_end(self.draw_area, False, False)
self.pack_start(hbox, False, False, padding=5)
hbox.show()
def _popupMenu(self, widget, event):
'''Show a Audit popup menu.'''
_time = event.time
# Get the information about the click
#requestId = self._lstore[path][0]
# Create the popup menu
gm = gtk.Menu()
plugin_type = "audit"
for plugin_name in sorted(self.w3af.plugins.get_plugin_list(plugin_type)):
e = gtk.MenuItem(plugin_name)
e.connect('activate', self._auditRequest, plugin_name, plugin_type)
gm.append(e)
# Add a separator
gm.append(gtk.SeparatorMenuItem())
# Add a special item
e = gtk.MenuItem('All audit plugins')
e.connect('activate', self._auditRequest, 'All audit plugins',
'audit_all')
gm.append(e)
# show
gm.show_all()
gm.popup(None, None, None, event.button, _time)
def _auditRequest(self, menuItem, plugin_name, plugin_type):
"""
Audit a request using one or more plugins.
:param menuItem: The name of the audit plugin, or the 'All audit plugins' wildcard
:param plugin_name: The name of the plugin
:param plugin_type: The type of plugin
:return: None
"""
# We show a throbber, and start it
self.throbber.show()
self.throbber.running(True)
request = self.request.get_object()
# Now I start the analysis of this request in a new thread,
# threading game (copied from craftedRequests)
event = threading.Event()
impact = ThreadedURLImpact(self.w3af, request, plugin_name,
plugin_type, event)
impact.start()
gobject.timeout_add(200, self._impact_done, event, impact)
def _impact_done(self, event, impact):
# Keep calling this from timeout_add until isSet
if not event.isSet():
return True
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
# Analyze the impact
if impact.ok:
# Lets check if we found any vulnerabilities
#
# TODO: I should actually show ALL THE REQUESTS generated by audit plugins...
# not just the ones with vulnerabilities.
#
for result in impact.result:
# TODO: I'm not sure when this is None bug it appeared in Trac bug #167736
if result.get_id() is not None:
for itemId in result.get_id():
historyItem = HistoryItem()
historyItem.load(itemId)
historyItem.update_tag(
historyItem.tag + result.plugin_name)
historyItem.info = result.get_desc()
historyItem.save()
else:
if impact.exception.__class__ == w3afException:
msg = str(impact.exception)
elif impact.exception.__class__ == w3afMustStopException:
msg = "Stopped sending requests because " + \
str(impact.exception)
elif impact.exception.__class__ == w3afMustStopOnUrlError:
msg = "Not sending requests because " + str(impact.exception)
else:
raise impact.exception
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
gtk.gdk.threads_enter()
helpers.FriendlyExceptionDlg(msg)
gtk.gdk.threads_leave()
return False
def _send_request(self, widg, func):
"""Sends the texts to the manual or fuzzy request.
:param func: where to send the request.
"""
headers, data = self.request.get_both_texts()
func(self.w3af, (headers, data))
def _sendReqResp(self, widg):
"""Sends the texts to the compare tool."""
headers, data = self.request.get_both_texts()
self.w3af.mainwin.commCompareTool((headers, data,
self.response.get_object()))
def set_sensitive(self, how):
"""Sets the pane on/off."""
self.request.set_sensitive(how)
self.response.set_sensitive(how)
