class NetworkAccessManager(QNetworkAccessManager): __unique = None def __init__(self): if NetworkAccessManager.__unique: raise NetworkAccessManager.__unique NetworkAccessManager.__unique = self QNetworkAccessManager.__init__(self) self.requestTokensInfo = None self.proxy_instance = QNetworkProxy(QNetworkProxy.NoProxy) # overloaded 'finished' signal so that we can store them in the history self.finished[QNetworkReply].connect(self.finished_overload) # setup network disk cache directoru (./user/cache) self.diskCache = QNetworkDiskCache() self.diskCache.setCacheDirectory(core.management.configuration["path"]["cache"]) self.setCache(self.diskCache) self.sheepURI = QUrl.fromLocalFile(core.management.configuration["path"]["resources"]).toString() # history model keeps all transaction in memory self.history = NetworkHistory(self.diskCache, self) self.post_history = POSTHistory() self.appinfo = SiteInfoStore(self) self.rewrite_stored_url = False self.urlrewriting = URLRewritingStore() # did we enable tampering data? if so, what is the tampering method self.tampering = False self.tampering_method = None self.intercept = False self.disable_referer = False # set the personnal cookie jar if not core.management.cookieJar: core.management.cookieJar = QNetworkCookieJar() self.setCookieJar(core.management.cookieJar) # store the SSL certificates self.sslCfg = QSslConfiguration.defaultConfiguration() sslCa = self.sslCfg.caCertificates() sslNew = QSslCertificate.fromPath(core.management.configuration["path"]["certificates"]) sslCa += sslNew self.sslCfg.setCaCertificates(sslCa) QSslConfiguration.setDefaultConfiguration(self.sslCfg) QObject.connect( self, SIGNAL("authenticationRequired(QNetworkReply*, QAuthenticator*)"), self.authenticationRequired_Slot ) def renew(self): # self.history.renew() # self.post_history.renew() # self.appinfo.renew() # self.urlrewriting.renew() self.rewrite_stored_url = False def setRequestTokensInfoReference(self, requestTokenInfoInstance): self.requestTokensInfo = requestTokenInfoInstance def getHistoryFromURL(self, qurlstr): return self.history.getHistoryFromURL(qurlstr) def setIntercept(self, value): self.intercept = value self.emit(SIGNAL("networkManagerIntercept_Signal"), self.intercept) def toggleIntercept(self): self.intercept = not self.intercept self.emit(SIGNAL("networkManagerIntercept_Signal"), self.intercept) def setURLRewriting(self, value=True): self.rewrite_stored_url = value def toggleDisableReferer(self): self.disable_referer = not self.disable_referer def getDiskCache(self): return self.diskCache def setProxy_Slot(self, proxy_type, host=None, port=None, user=None, password=None): self.proxy_instance = QNetworkProxy() if not QNetworkProxy.NoProxy == proxy_type: self.proxy_instance.setType(proxy_type) self.proxy_instance.setHostName(host) self.proxy_instance.setPort(int(port)) self.proxy_instance.setUser(user) self.proxy_instance.setPassword(password) else: self.proxy_instance.setType(QNetworkProxy.NoProxy) self.setProxy(self.proxy_instance) def getNetworkHistory(self, request_id): return self.history.getHistory(request_id) def getNetworkRequestIDFromURL(self, qurlstr): return self.history.getRequestIDFromURL(qurlstr) def getResponseContent(self, request_id): return self.history.getResponseContent(request_id) def getCookieJar(self): return self.cookieJar() def finished_overload(self, qreply): url = qreply.request().url() if url.toString().contains(self.sheepURI): return qreply qreply, request_id = self.history.processReply(qreply) # query the cache to get the download content by this request data = self.diskCache.data(url) if data: self.history.storeReplyContent(request_id, data.readAll()) if self.tampering: self.emit(SIGNAL("networkManagerInspectContent"), request_id) data.reset() # emit the request_id for the HTTP transactions view widget self.emit(SIGNAL("availableNetworkReply_Signal"), request_id) self.emit(SIGNAL("newUrl_Signal"), request_id) self.appinfo.extractSiteInfo(request_id) return qreply def createRequest(self, op, req, outgoingData=None): if req.url().toString().contains(self.sheepURI): return QNetworkAccessManager.createRequest(self, op, req, outgoingData) # TODO: further test if the user-agent isn't already set in the request # TODP: check for conflicts with existing user-agent from Qt req.setRawHeader("User-Agent", core.management.__default_user_agent__) if self.disable_referer: if req.hasRawHeader("Referer"): req.setRawHeader("Referer", "") elif req.hasRawHeader("Referrer"): req.setRawHeader("Referrer", "") # allow all tampering happening here if self.tampering and self.tampering_method: # automated tampering. last action should be replacement of tokens op, req, outgoingData = self.tampering_method(op, req, outgoingData) # interception code here, after the automated tampering to let flexibility # to the pen-tester if self.intercept: loc_url = req.url() try: outgoingDataList = None if outgoingData: self.post_history.makePost(outgoingData, loc_url) outgoingDataList = self.post_history.getPOSTList(loc_url) tamper_dialog = core.dialog.http_tamper.HTTPTamperDialog( self, op, req, outgoingDataList, core.management.maininstance ) if tamper_dialog.exec_() == QDialog.Accepted: nrequest = tamper_dialog.getHTTPRequest() if nrequest: op, req, outgoingDataByteArray = nrequest.networkRequest() self.emit(SIGNAL("linkTampered_NetManager"), req.url()) if outgoingDataByteArray: self.post_history.makePost(outgoingDataByteArray, loc_url) outgoingData = self.post_history.getQBuffer(loc_url) except Exception, error: core.management.logger.exception( "NetworkManager::createRequest- Exception during the request interception handling. (Exception: " + error + ")" ) # prefer getting data from cache when possible req.setAttribute(QNetworkRequest.CacheLoadControlAttribute, QNetworkRequest.PreferCache) op, req, new_outgoingData = self.history.processRequest(op, req, outgoingData) return QNetworkAccessManager.createRequest(self, op, req, new_outgoingData)
class NetworkAccessManager(QNetworkAccessManager): __unique = None def __init__(self): if NetworkAccessManager.__unique: raise NetworkAccessManager.__unique NetworkAccessManager.__unique = self QNetworkAccessManager.__init__(self) self.requestTokensInfo = None self.proxy_instance = QNetworkProxy(QNetworkProxy.NoProxy) # overloaded 'finished' signal so that we can store them in the history self.finished[QNetworkReply].connect(self.finished_overload) # setup network disk cache directoru (./user/cache) self.diskCache = QNetworkDiskCache() self.diskCache.setCacheDirectory(core.management.configuration['path']['cache']) self.setCache(self.diskCache) self.sheepURI = QUrl.fromLocalFile(core.management.configuration['path']['resources']).toString() # history model keeps all transaction in memory self.history = NetworkHistory(self.diskCache, self) self.post_history = POSTHistory() self.appinfo = SiteInfoStore(self) self.rewrite_stored_url = False self.urlrewriting = URLRewritingStore() # did we enable tampering data? if so, what is the tampering method self.tampering = False self.tampering_method = None self.intercept = False self.disable_referer = False # set the personnal cookie jar if not core.management.cookieJar: core.management.cookieJar = QNetworkCookieJar() self.setCookieJar(core.management.cookieJar) # store the SSL certificates self.sslCfg = QSslConfiguration.defaultConfiguration() sslCa = self.sslCfg.caCertificates() sslNew = QSslCertificate.fromPath(core.management.configuration['path']['certificates']) sslCa +=sslNew self.sslCfg.setCaCertificates(sslCa) QSslConfiguration.setDefaultConfiguration(self.sslCfg) QObject.connect(self, SIGNAL("authenticationRequired(QNetworkReply*, QAuthenticator*)"), self.authenticationRequired_Slot) def renew(self): #self.history.renew() #self.post_history.renew() #self.appinfo.renew() #self.urlrewriting.renew() self.rewrite_stored_url = False def setRequestTokensInfoReference(self, requestTokenInfoInstance): self.requestTokensInfo = requestTokenInfoInstance def getHistoryFromURL(self, qurlstr): return self.history.getHistoryFromURL(qurlstr) def setIntercept(self, value): self.intercept = value self.emit(SIGNAL('networkManagerIntercept_Signal'), self.intercept) def toggleIntercept(self): self.intercept = not self.intercept self.emit(SIGNAL('networkManagerIntercept_Signal'), self.intercept) def setURLRewriting(self, value = True): self.rewrite_stored_url = value def toggleDisableReferer(self): self.disable_referer = not self.disable_referer def getDiskCache(self): return self.diskCache def setProxy_Slot(self, proxy_type, host=None, port=None, user=None, password=None): self.proxy_instance = QNetworkProxy() if not QNetworkProxy.NoProxy == proxy_type: self.proxy_instance.setType(proxy_type) self.proxy_instance.setHostName(host) self.proxy_instance.setPort(int(port)) self.proxy_instance.setUser(user) self.proxy_instance.setPassword(password) else: self.proxy_instance.setType(QNetworkProxy.NoProxy) self.setProxy(self.proxy_instance) def getNetworkHistory(self, request_id): return self.history.getHistory(request_id) def getNetworkRequestIDFromURL(self, qurlstr): return self.history.getRequestIDFromURL(qurlstr) def getResponseContent(self, request_id): return self.history.getResponseContent(request_id) def getCookieJar(self): return self.cookieJar() def finished_overload(self, qreply): url = qreply.request().url() if url.toString().contains(self.sheepURI): return qreply qreply, request_id = self.history.processReply(qreply) # query the cache to get the download content by this request data = self.diskCache.data(url) if data: self.history.storeReplyContent(request_id, data.readAll()) if self.tampering: self.emit(SIGNAL('networkManagerInspectContent'), request_id) data.reset() # emit the request_id for the HTTP transactions view widget self.emit(SIGNAL('availableNetworkReply_Signal'), request_id) self.emit(SIGNAL('newUrl_Signal'), request_id) self.appinfo.extractSiteInfo(request_id) return qreply def createRequest(self, op, req, outgoingData = None): if req.url().toString().contains(self.sheepURI): return QNetworkAccessManager.createRequest(self, op, req, outgoingData) # TODO: further test if the user-agent isn't already set in the request # TODP: check for conflicts with existing user-agent from Qt req.setRawHeader("User-Agent", core.management.__default_user_agent__) if self.disable_referer: if req.hasRawHeader("Referer"): req.setRawHeader("Referer", "") elif req.hasRawHeader("Referrer"): req.setRawHeader("Referrer", "") # allow all tampering happening here if self.tampering and self.tampering_method: # automated tampering. last action should be replacement of tokens op, req, outgoingData = self.tampering_method(op, req, outgoingData) # interception code here, after the automated tampering to let flexibility # to the pen-tester if self.intercept: loc_url = req.url() try: outgoingDataList = None if outgoingData: self.post_history.makePost(outgoingData, loc_url) outgoingDataList = self.post_history.getPOSTList(loc_url) tamper_dialog = core.dialog.http_tamper.HTTPTamperDialog(self, op, req, outgoingDataList, core.management.maininstance) if tamper_dialog.exec_() == QDialog.Accepted: nrequest = tamper_dialog.getHTTPRequest() if nrequest: op, req, outgoingDataByteArray = nrequest.networkRequest() self.emit(SIGNAL('linkTampered_NetManager'), req.url()) if outgoingDataByteArray: self.post_history.makePost(outgoingDataByteArray, loc_url) outgoingData = self.post_history.getQBuffer(loc_url) except Exception, error: core.management.logger.exception("NetworkManager::createRequest- Exception during the request interception handling. (Exception: " + error + ")") # prefer getting data from cache when possible req.setAttribute(QNetworkRequest.CacheLoadControlAttribute, QNetworkRequest.PreferCache) op, req, new_outgoingData = self.history.processRequest(op, req, outgoingData) return QNetworkAccessManager.createRequest(self, op, req, new_outgoingData)