def httpresponse_bytes_diffratio(helpers, http_bytes_one, http_bytes_two):
""" Returns a difference ratio between two byte arrays each representing
one http response. Ratio=1.0 is a perfect match.
"""
http_one_info = helpers.analyzeResponse(http_bytes_one)
http_one = StringUtil.fromBytes(http_bytes_one)
http_one_body = http_one[http_one_info.getBodyOffset():]
http_two_info = helpers.analyzeResponse(http_bytes_two)
http_two = StringUtil.fromBytes(http_bytes_two)
http_two_body = http_two[http_two_info.getBodyOffset():]
s = SequenceMatcher(lambda x: x== " ", http_one_body, http_two_body)
return s.ratio()
def httpresponse_bytes_diffratio(helpers, http_bytes_one, http_bytes_two):
""" Returns a difference ratio between two byte arrays each representing
one http response. Ratio=1.0 is a perfect match.
"""
http_one_info = helpers.analyzeResponse(http_bytes_one)
http_one = StringUtil.fromBytes(http_bytes_one)
http_one_body = http_one[http_one_info.getBodyOffset():]
http_two_info = helpers.analyzeResponse(http_bytes_two)
http_two = StringUtil.fromBytes(http_bytes_two)
http_two_body = http_two[http_two_info.getBodyOffset():]
s = SequenceMatcher(lambda x: x == " ", http_one_body, http_two_body)
return s.ratio()
def _get_examples():
names_and_bytes = None
# z is the zip file containing the examples
z = None
if app_in_jar.startedFromJar():
# App started from JAR; attempt to acquire through java.lang.Class.getResourceAsStream()
stream = Column.getResourceAsStream('/mallard_examples.zip')
if stream is not None:
# Convert to cStringIO; FileUtil.wrap does not seem to work well with ZipFile
fbytes = StringUtil.fromBytes(FileUtil.readBytes(stream))
f = cStringIO.StringIO(fbytes)
try:
z = zipfile.ZipFile(f, 'r')
except zipfile.BadZipfile:
pass
# App was not started from JAR, or loading failed; see if the ZIP file can be found in the file system
if z is None:
if os.path.isfile('mallard_examples.zip'):
try:
z = zipfile.ZipFile('mallard_examples.zip', 'r')
except zipfile.BadZipfile:
pass
if z is not None:
names_and_bytes = []
infos = z.infolist()
for info in infos:
if info.filename.lower().endswith('.page'):
names_and_bytes.append((info.filename, z.read(info)))
return names_and_bytes
def map(k, context):
result = context.cx.getCurrentValue()
meta_data = StringUtil.fromBytes(result.getValue("meta_data", "json"))
meta = json.loads(meta_data)
product = meta['ProductName']
version = meta['Version']
ispluginhang = meta.get('PluginHang', None) == "1"
err = 0
kv = result.getColumnLatest("raw_data", "dump")
if kv is None:
err += 1
dumplen = 0
else:
dumplen = kv.getValueLength()
if "additional_minidumps" in meta:
extradumps = meta["additional_minidumps"].split(",")
for extradump in extradumps:
extrakv = result.getColumnLatest(
"raw_data", "upload_file_minidump_" + extradump)
if extrakv is None:
err += 1
else:
extralen = extrakv.getValueLength()
dumplen += extralen
context.write(k, (product, version, ispluginhang, dumplen, err))
def map(k, context):
result = context.cx.getCurrentValue()
meta_data = StringUtil.fromBytes(result.getValue("meta_data", "json"))
meta = json.loads(meta_data)
product = meta['ProductName']
version = meta['Version']
ispluginhang = meta.get('PluginHang', None) == "1"
err = 0
kv = result.getColumnLatest("raw_data", "dump")
if kv is None:
err += 1
dumplen = 0
else:
dumplen = kv.getValueLength()
if "additional_minidumps" in meta:
extradumps = meta["additional_minidumps"].split(",")
for extradump in extradumps:
extrakv = result.getColumnLatest("raw_data", "upload_file_minidump_" + extradump)
if extrakv is None:
err += 1
else:
extralen = extrakv.getValueLength()
dumplen += extralen
context.write(k, (product, version, ispluginhang, dumplen, err))
def read(filePath):
bytes = Files.readAllBytes(filePath)
content = StringUtil.fromBytes(bytes)
if content.find(Strings.FileUtils_separator) != -1:
(vars, script) = content.split(Strings.FileUtils_separator, 2)
return (vars, script)
else:
return (None, None)
def getNextPayload(self, baseValue):
'''Interface method to return the next generated payload'''
strinput = StringUtil.fromBytes(baseValue)
if not self.unicodePayload:
strinput = str(strinput)
bv = self.decode(strinput)
(self.morePayloads, output) = self.process(bv)
return self.encode(output)
def read(fd, buffersize):
"""read(fd, buffersize) -> string
Read a file descriptor.
"""
from org.python.core.util import StringUtil
rawio = FileDescriptors.get(fd)
buf = _handle_oserror(rawio.read, buffersize)
return asPyString(StringUtil.fromBytes(buf))
def set_response_tab_pane(self, request_response):
raw_response = request_response.getResponse()
response_body = StringUtil.fromBytes(raw_response)
response_body = response_body.encode("utf-8")
response_tab_textarea = JTextArea(response_body)
response_tab_textarea.setLineWrap(True)
return JScrollPane(response_tab_textarea)
def read(fd, buffersize):
"""read(fd, buffersize) -> string
Read a file descriptor.
"""
from org.python.core.util import StringUtil
rawio = FileDescriptors.get(fd)
buf = _handle_oserror(rawio.read, buffersize)
return asPyString(StringUtil.fromBytes(buf))
def prepareForStep(self, configurationAttributes, requestParameters, step):
extensionResult = self.extensionPrepareForStep(configurationAttributes,
requestParameters, step)
if extensionResult != None:
return extensionResult
if (step == 1):
print "Passport-saml: Prepare for Step 1 method call"
identity = CdiUtil.bean(Identity)
sessionId = identity.getSessionId()
sessionAttribute = sessionId.getSessionAttributes()
print "Passport-saml: session %s" % sessionAttribute
oldState = sessionAttribute.get("state")
if (oldState == None):
print "Passport-saml: old state is none"
return True
else:
print "Passport-saml: state is obtained"
try:
stateBytes = Base64Util.base64urldecode(oldState)
state = StringUtil.fromBytes(stateBytes)
stateObj = json.loads(state)
print stateObj["provider"]
for y in stateObj:
print(y, ':', stateObj[y])
httpService = CdiUtil.bean(HttpService)
facesService = CdiUtil.bean(FacesService)
facesContext = CdiUtil.bean(FacesContext)
httpclient = httpService.getHttpsClient()
headersMap = HashMap()
headersMap.put("Accept", "text/json")
host = facesContext.getExternalContext().getRequest(
).getServerName()
url = "https://" + host + "/passport/token"
print "Passport-saml: url %s" % url
resultResponse = httpService.executeGet(
httpclient, url, headersMap)
http_response = resultResponse.getHttpResponse()
response_bytes = httpService.getResponseContent(
http_response)
szResponse = httpService.convertEntityToString(
response_bytes)
print "Passport-saml: szResponse %s" % szResponse
tokenObj = json.loads(szResponse)
print "Passport-saml: /passport/auth/saml/" + stateObj[
"provider"] + "/" + tokenObj["token_"]
facesService.redirectToExternalURL("/passport/auth/saml/" +
stateObj["provider"] +
"/" +
tokenObj["token_"])
except Exception, err:
print str(err)
return True
return True
def set_response_tab_pane(self, request_response):
raw_response = request_response.getResponse()
response_body = StringUtil.fromBytes(raw_response)
response_body = response_body.encode("utf-8")
response_tab_textarea = self.callbacks.createTextEditor()
component = response_tab_textarea.getComponent()
response_tab_textarea.setText(response_body)
response_tab_textarea.setEditable(False)
return component
def set_response_tab_pane(self, scanner_issue):
raw_response = scanner_issue.getRequestResponse().getResponse()
response_body = StringUtil.fromBytes(raw_response)
response_body = response_body.encode("utf-8")
response_tab_textarea = JTextArea(response_body)
response_tab_textarea.setLineWrap(True)
# Set a context menu
self.set_context_menu(response_tab_textarea, scanner_issue)
return JScrollPane(response_tab_textarea)
def set_response_tab_pane(self, scanner_issue):
raw_response = scanner_issue.getRequestResponse().getResponse()
response_body = StringUtil.fromBytes(raw_response)
response_body = response_body.encode("utf-8")
response_tab_textarea = self.callbacks.createTextEditor()
component = response_tab_textarea.getComponent()
response_tab_textarea.setText(response_body)
response_tab_textarea.setEditable(False)
# Set a context menu
self.set_context_menu(component, scanner_issue)
return component
def process(self, input, output) :
try :
comp = bz2.BZ2Decompressor()
buf = zeros(8192, "b")
while True :
bytes_read = input.read(buf)
if(bytes_read == -1) :
break
output.write(comp.decompress(StringUtil.fromBytes(buf, 0, bytes_read)))
except :
print "Exception in Decompress:"
print '-' * 60
traceback.print_exc(file=sys.stdout)
print '-' * 60
raise
def process(self, input, output):
try:
comp = bz2.BZ2Decompressor()
buf = zeros(8192, "b")
while True:
bytes_read = input.read(buf)
if (bytes_read == -1):
break
output.write(
comp.decompress(StringUtil.fromBytes(buf, 0, bytes_read)))
except:
print "Exception in Decompress:"
print '-' * 60
traceback.print_exc(file=sys.stdout)
print '-' * 60
raise
def __init__(self, callbacks, attack, unicodePayload=False):
self.callbacks = callbacks
# use Unicode strings in Jython?
self.unicodePayload = unicodePayload
# this is all the stuff from attack so we dont need to store it
httpService = attack.getHttpService()
self.httpHost = httpService.getHost() # java.lang.String
self.httpPort = httpService.getPort() # int
self.httpProtocol = httpService.getProtocol() # java.lang.String
self.requestTemplate = StringUtil.fromBytes(
attack.getRequestTemplate()) # python unicode
if self.unicodePayload:
self.self.requestTemplate = str(self.requestTemplate)
self.morePayloads = True
self.init()
def handleReceivedResponseForModifiedRequest(self, requestResponse):
#Get original HTTP Request
requestData = StringUtil.fromBytes(requestResponse.getRequest())
requestId = re.search(b"^X-REQUEST-ID: ([^\r]*)",
requestData,
flags=re.MULTILINE).group(1).encode('ascii')
origRequestId = re.search(b"^X-REQUEST-ORIG-ID: ([^\r]*)",
requestData,
flags=re.MULTILINE).group(1).encode('ascii')
print("Keys")
print(requestId)
print(origRequestId)
print(self.requestResponseCache.keys())
self.requestResponseCache[requestId] = requestResponse
origRequestResponse = self.requestResponseCache[origRequestId]
analyzedOrigResponse = self.helpers.analyzeResponse(
origRequestResponse.getResponse())
analayzeMutatedResponse = self.helpers.analyzeResponse(
requestResponse.getResponse())
origResponseHeaders = self._buildResponseHeadersDictionary(
analyzedOrigResponse.getHeaders())
mutatedResponseHeaders = self._buildResponseHeadersDictionary(
analayzeMutatedResponse.getHeaders())
mutatedRequestInfo = self.helpers.analyzeRequest(
requestResponse.getHttpService(), requestResponse.getRequest())
model = self.jtable.getModel()
model.addRow([
str(mutatedRequestInfo.getUrl()),
str(analayzeMutatedResponse.getStatusCode()),
self._getDictValueOrEmptyStr(mutatedResponseHeaders,
"content-length"),
self._getDictValueOrEmptyStr(mutatedResponseHeaders, "location"),
requestId, origRequestId
])
print("Modified Request Found: %s %s" % (requestId, origRequestId))
def processHttpMessage(self, toolFlag, messageIsRequest, requestResponse):
if not messageIsRequest:
requestData = StringUtil.fromBytes(requestResponse.getRequest())
#We generated the request, process it
if requestData.find(b"X-REQUEST-ID") != -1:
self.handleReceivedResponseForModifiedRequest(requestResponse)
#Response received for non-mutated request.
#Mutate request and send it.
else:
origRequestResponseUUID = str(uuid.uuid4())
reload(replacements)
print("Looking for replacements")
for replacement in self.replacements:
newRequestData = re.sub(self.origSearchString, replacement,
requestData)
#If no replacemnets made, don't send any requests
if newRequestData != requestData:
newRequestUUID = str(uuid.uuid4())
newRequestData = re.sub(
b"Host",
b"X-REQUEST-ID: " + newRequestUUID + "\r\nHost",
requestData)
newRequestData = re.sub(
b"Host", b"X-REQUEST-ORIG-ID: " +
origRequestResponseUUID + "\r\nHost",
newRequestData)
print("Sending Mutated Request")
print(newRequestData)
self.requestResponseCache[
origRequestResponseUUID] = requestResponse
httpService = requestResponse.getHttpService()
self.callbacks.makeHttpRequest(httpService,
newRequestData)
print("Got here")
def checkResult(self, messageEntry, roleIndex, activeSuccessRoles):
for userIndex in self._db.getActiveUserIndexes():
userEntry = self._db.arrayOfUsers[userIndex]
ignoreUser = False
# if user is not in this role, ignore it
if not userEntry._roles[roleIndex]:
ignoreUser = True
# If user is in any other role that should succeed, then ignore it
for index in userEntry._roles.keys():
if not index == roleIndex and userEntry._roles[index] and index in activeSuccessRoles:
ignoreUser = True
if not ignoreUser:
shouldSucceed = roleIndex in activeSuccessRoles
requestResponse = messageEntry._userRuns[userEntry._index]
resp = StringUtil.fromBytes(requestResponse.getResponse())
found = re.search(messageEntry._successRegex, resp, re.DOTALL)
succeeds = found if shouldSucceed else not found
if not succeeds:
return False
return True
def checkResult(self, messageEntry, roleIndex, activeSuccessRoles):
for userIndex in self._db.getActiveUserIndexes():
userEntry = self._db.arrayOfUsers[userIndex]
ignoreUser = False
# if user is not in this role, ignore it
if not userEntry._roles[roleIndex]:
ignoreUser = True
# If user is in any other role that should succeed, then ignore it
for index in userEntry._roles.keys():
if not index == roleIndex and userEntry._roles[
index] and index in activeSuccessRoles:
ignoreUser = True
if not ignoreUser:
shouldSucceed = roleIndex in activeSuccessRoles
requestResponse = messageEntry._userRuns[userEntry._index]
resp = StringUtil.fromBytes(requestResponse.getResponse())
found = re.search(messageEntry._successRegex, resp, re.DOTALL)
succeeds = found if shouldSucceed else not found
if not succeeds:
return False
return True
consumer = QueueingConsumer(channel)
# Declare as exclusive consumer of queue
channel.basicConsume(queueName, True, "consumer", False, True, None, consumer)
print " [*] Waiting for messages."
except IOError:
print "Unable to connect to queue."
connection.close()
sys.exit(1)
writer = WriteMsgToFile(HOME_FILE)
while True:
try:
delivery = consumer.nextDelivery()
message = delivery.getBody()
message = StringUtil.fromBytes(message)
token = message.split(":",1)[0]
rest = message.split(":",1)[1]
message = str(message)
# If message is a "token_request", process request and add new token to hashmap
if message[0:13] == ("TOKEN_REQUEST"):
makeToken = ProcessTokenRequest(message, channel)
tokenID = makeToken.sendToken()
permissions.put(tokenID[0], tokenID[1])
# Otherwise, check if message has valid token (token in hashmap).
# If so, accept message, then delete token from valid list.
else:
if permissions.containsKey(token):
print (" [x] Received '" + rest + "' from: " + permissions.get(token))
# Declare as exclusive consumer of queue
channel.basicConsume(queueName, True, "consumer", False, True, None,
consumer)
print " [*] Waiting for messages."
except IOError:
print "Unable to connect to queue."
connection.close()
sys.exit(1)
writer = WriteMsgToFile(HOME_FILE)
while True:
try:
delivery = consumer.nextDelivery()
message = delivery.getBody()
message = StringUtil.fromBytes(message)
token = message.split(":", 1)[0]
rest = message.split(":", 1)[1]
message = str(message)
# If message is a "token_request", process request and add new token to hashmap
if message[0:13] == ("TOKEN_REQUEST"):
makeToken = ProcessTokenRequest(message, channel)
tokenID = makeToken.sendToken()
permissions.put(tokenID[0], tokenID[1])
# Otherwise, check if message has valid token (token in hashmap).
# If so, accept message, then delete token from valid list.
else:
if permissions.containsKey(token):
print(" [x] Received '" + rest + "' from: " +
def getEntryS(self, key):
val = self.getEntry(key)
if val == None : return None
return StringUtil.fromBytes(val)
def renderMap(self, connection_parameters=None, sql=None, geom_id_entity=None, geom_entity=None, data_entity=None, map_parameters={}):
# Put connection parameters into a java HashMap.
params_hashmap = HashMap()
for param, value in connection_parameters.items():
if value:
params_hashmap.put(param, value)
# Get data store.
data_store = DataStoreFinder.getDataStore(params_hashmap)
# Create VirtualTable from sql.
vtable = VirtualTable("vtable", sql)
# Set primary key.
vtable.setPrimaryKeyColumns([geom_id_entity['ID']])
# metadatata = intententional typo. GT needs to fix the name.
vtable.addGeometryMetadatata(geom_entity['ID'], JPolygon, 4326)
# Create feature source from virtual table.
data_store.addVirtualTable(vtable)
feature_source = data_store.getFeatureSource("vtable")
# Add styling classes if there was a value entity.
if data_entity:
# Generate class bounds.
num_classes = data_entity.get('num_classes', 25)
vmin = float(data_entity.get('min', 0))
vmax = float(data_entity.get('max', 1))
vrange = vmax - vmin
class_width = vrange/num_classes
classes = [(None, vmin)]
for i in range(num_classes):
classes.append((vmin + i * class_width, vmin + (i + 1) * class_width))
classes.append((vmax, None))
# Generate style rules for classes.
rules = []
for c in classes:
rule = self.create_rule(c[0], c[1], vmin, vrange, attr=data_entity['ID'])
rules.append(rule)
feature_type_style = self.style_factory.createFeatureTypeStyle(rules)
style = self.style_factory.createStyle()
style.featureTypeStyles().add(feature_type_style)
else:
style = None
# Setup map.
gt_map = DefaultMapContext()
gt_map.addLayer(feature_source, style)
gt_renderer = StreamingRenderer()
gt_renderer.setMapContent(gt_map)
image_bounds = Rectangle(0, 0, map_parameters.get('WIDTH', 100), map_parameters.get('HEIGHT', 100))
# Set image type based on format.
image_format = map_parameters.get('FORMAT', 'image/png')
if image_format == 'image/jpeg':
image_type = BufferedImage.TYPE_INT_RGB
else:
image_type = BufferedImage.TYPE_INT_ARGB
buffered_image = BufferedImage(image_bounds.width, image_bounds.height, image_type)
graphics = buffered_image.createGraphics()
# Set background color if not transparent.
if not map_parameters.get('TRANSPARENT'):
graphics.setPaint(Color.WHITE)
graphics.fill(image_bounds)
crs = CRS.decode(map_parameters.get('SRS', "EPSG:4326"))
bbox = map_parameters.get('BBOX', '-180,-90,180,90')
coords = [float(coord) for coord in bbox.split(",")]
map_bounds = ReferencedEnvelope(coords[0], coords[2], coords[1], coords[3], crs)
gt_renderer.paint(graphics, image_bounds, map_bounds)
# Release the JDBC connection and map content.
data_store.dispose()
gt_renderer.getMapContent().dispose()
# Return raw image.
byte_array_output_stream = ByteArrayOutputStream()
informal_format = re.match('image/(.*)', image_format).group(1)
ImageIO.write(buffered_image, informal_format, byte_array_output_stream)
byte_array = byte_array_output_stream.toByteArray()
raw_image = Py.newString(StringUtil.fromBytes(byte_array))
return raw_image
def replaceDomain(requestData, oldDomain, newDomain):
reqstr = StringUtil.fromBytes(requestData)
reqstr = reqstr.replace(oldDomain, newDomain)
newreq = StringUtil.toBytes(reqstr)
return newreq
def findBlobS(self,realm,key):
b = self.findBlob(realm,key)
if b == None : return None
return StringUtil.fromBytes(b)
def getEntryS(self, key):
val = self.getEntry(key)
if val == None: return None
return StringUtil.fromBytes(val)
def dialogaction(action, var):
cutil.printVar("testmail", action, var)
if action == "sendmail":
C = cmail.CMAIL(var)
res = C.sendMail("Mail from hotel", "What do you think about us ?",
"*****@*****.**", "Jython")
print res.getSendResult()
assert res.getSendResult() == None
assert res.getName() != None
var["OK"] = True
if action == "checkmail":
C = cmail.CMAIL(var)
li = C.getList()
print li
for l in li:
print l.getDescription(), l.getContent()
assert len(li) == 1
var["OK"] = True
if action == "sendmailattach":
C = cmail.CMAIL(var)
li = C.getList()
for l in li:
C.removeElem(l)
li = C.getList()
assert len(li) == 0
s = "Attachment"
key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY, "TESTJ",
StringUtil.toBytes(s))
aList = cmail.createAttachList(None, cutil.PDFTEMPORARY, key,
"attach.txt")
res = C.sendMail("Mail from hotel with attachment",
"Nothing interesting ",
"*****@*****.**", "Jython", aList)
print res.getSendResult()
assert res.getSendResult() == None
var["OK"] = True
if action == "checkmailattach":
B = SHolder.getBlobHandler()
C = cmail.CMAIL(var)
li = C.getList()
assert len(li) == 1
l = li[0]
att = l.getaList()
assert len(att) == 1
for a in att:
print a.getFileName(), a.getRealm(), a.getBlobKey()
va = B.findBlob(a.getRealm(), a.getBlobKey())
assert va != None
ss = StringUtil.fromBytes(va)
print ss
assert ss == "Attachment"
var["OK"] = True
if action == "sendmultiattach":
C = cmail.CMAIL(var)
li = C.getList()
for l in li:
C.removeElem(l)
li = C.getList()
assert len(li) == 0
aList = None
for i in range(20):
s = "Attachment content" + str(i)
key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY, "TESTJ",
StringUtil.toBytes(s))
aList = cmail.createAttachList(aList, cutil.PDFTEMPORARY, key,
"attach" + str(i) + ".txt")
res = C.sendMail("Mail from hotel with 20 attachment",
"Nothing interesting inside ",
"*****@*****.**", "Jython", aList)
print res.getSendResult()
assert res.getSendResult() == None
var["OK"] = True
if action == "checkmultiattach":
B = SHolder.getBlobHandler()
C = cmail.CMAIL(var)
li = C.getList()
assert len(li) == 1
l = li[0]
att = l.getaList()
assert len(att) == 20
for a in att:
print a.getFileName(), a.getRealm(), a.getBlobKey()
va = B.findBlob(a.getRealm(), a.getBlobKey())
assert va != None
ss = StringUtil.fromBytes(va)
print ss
assert not cutil.emptyS(ss)
var["OK"] = True
def run(self):
"""
Where all the work is done.
Three steps
1) Make the request again to make sure it's stable (We use python difflib)
2) Make the request without any cookies, if it's similar the cookies aren't required
3) Loop through removing one cookie at a time, if the diff isn't big we leave it out, if
it is we can figure that it's required and we leave it in
At the end we're left with the required cookies.
"""
selected_message = self.selected_message
original_request_bytes = selected_message.getRequest()
original_request = StringUtil.fromBytes(original_request_bytes)
original_response_bytes = selected_message.getResponse()
original_response = StringUtil.fromBytes(original_response_bytes)
http_service = selected_message.getHttpService()
helpers = self.callbacks.getHelpers()
request_info = helpers.analyzeRequest(http_service, original_request_bytes)
parameters = request_info.getParameters();
cookie_parameters = [parameter for parameter in parameters if parameter.getType() == IParameter.PARAM_COOKIE]
num_requests_needed = len(cookie_parameters) + 2
num_requests_made = 0
self.progressBar.setMaximum(num_requests_needed)
self.progressBar.setValue(num_requests_made)
#===========================================================
# We will resubmit the request to make sure it is somewhat stable
self.statusTextArea.append("Making baseline request which we will compare to original request (1 of 1)")
self.statusTextArea.append("\n")
baseline_reqres_pair = self.callbacks.makeHttpRequest(http_service, original_request)
threshold = httpresponse_bytes_diffratio(helpers, original_response_bytes, baseline_reqres_pair.getResponse())
if (threshold < 0.6):
self.statusTextArea.append("ERROR: Not a stable HTTP request, try another where it's nearly the same every request")
self.statusTextArea.append("\n")
self.progressBar.setValue(num_requests_needed)
return
# Pad it a little by decreasing the threshold...
threshold = threshold * 0.8 #TODO: We should automate discovering the right threshold
self.statusTextArea.append("...Complete, threshold ratio is %s" % (threshold))
self.statusTextArea.append("\n")
#===========================================================
if (cancelThread is True):
print "Canceled"
return
num_requests_made = num_requests_made + 1
self.progressBar.setValue(num_requests_made)
#===========================================================
# Now we'll check if it actually requires authentication by removing all cookies
nocookies_request_bytes = StringUtil.toBytes(original_request)
for parameter in cookie_parameters:
nocookies_request_bytes = helpers.removeParameter(nocookies_request_bytes, parameter)
self.statusTextArea.append("Making no-cookie request to make sure it requires them (1 of 1)")
self.statusTextArea.append("\n")
nocookie_reqres_pair = self.callbacks.makeHttpRequest(http_service, nocookies_request_bytes)
nocookiediff = httpresponse_bytes_diffratio(helpers, original_response_bytes, nocookie_reqres_pair.getResponse())
if (nocookiediff > threshold):
self.statusTextArea.append("ERROR: Cookies don't seem to be required or it's too close to tell")
self.statusTextArea.append("\n")
self.progressBar.setValue(num_requests_needed)
return
self.statusTextArea.append("...Complete, confirmed at least one cookie is required")
self.statusTextArea.append("\n")
#===========================================================
if (cancelThread is True):
print "Canceled"
return
num_requests_made = num_requests_made + 1
self.progressBar.setValue(num_requests_made)
#===========================================================
# Now iterate over all the cookie values, removing one at a time until left with required ones
self.statusTextArea.append("Making requests, removing each cookie one at a time. (%d requests)" % (len(cookie_parameters)))
self.statusTextArea.append("\n")
minimumcookies_request_bytes = StringUtil.toBytes(original_request)
for parameter in cookie_parameters:
if (cancelThread is True):
print "Canceled"
return
missingcookie_request_bytes = helpers.removeParameter(minimumcookies_request_bytes, parameter)
missingcookie_reqres_pair = self.callbacks.makeHttpRequest(http_service, missingcookie_request_bytes)
missingcookiediff = httpresponse_bytes_diffratio(helpers, original_response_bytes, missingcookie_reqres_pair.getResponse())
if (missingcookiediff > threshold):
self.statusTextArea.append(" Cookie '%s' is not required (%s similarity ratio)" % (parameter.getName(), missingcookiediff))
self.statusTextArea.append("\n")
minimumcookies_request_bytes = missingcookie_request_bytes
else:
self.statusTextArea.append("* Cookie '%s' is required (%s similarity ratio)" % (parameter.getName(), missingcookiediff))
self.statusTextArea.append("\n")
num_requests_made = num_requests_made + 1
self.progressBar.setValue(num_requests_made)
#===========================================================
#===========================================================
# minimumcookies_request_bytes now contains a request with the minimum number
# of cookies needed to maintain the session.
#===========================================================
# Display the results
self.statusTextArea.append("== Required Cookies ==")
self.statusTextArea.append("\n")
mininumcookies_request_info = helpers.analyzeRequest(http_service, minimumcookies_request_bytes)
minimum_cookie_parameters = [parameter for parameter in mininumcookies_request_info.getParameters() if parameter.getType() == IParameter.PARAM_COOKIE]
for cookie_parameter in minimum_cookie_parameters:
self.statusTextArea.append(cookie_parameter.getName())
self.statusTextArea.append("\n")
#===========================================================
return
def dialogaction(action,var):
cutil.printVar("testmail",action,var)
if action == "sendmail" :
C = cmail.CMAIL(var)
res = C.sendMail("Mail from hotel","What do you think about us ?","*****@*****.**","Jython")
print res.getSendResult()
assert res.getSendResult() == None
assert res.getName() != None
var["OK"] = True
if action == "checkmail":
C = cmail.CMAIL(var)
li = C.getList()
print li
for l in li :
print l.getDescription(),l.getContent()
assert len(li) == 1
var["OK"] = True
if action == "sendmailattach" :
C = cmail.CMAIL(var)
li = C.getList()
for l in li :
C.removeElem(l)
li = C.getList()
assert len(li) == 0
s = "Attachment"
key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s))
aList = cmail.createAttachList(None,cutil.PDFTEMPORARY,key,"attach.txt")
res = C.sendMail("Mail from hotel with attachment","Nothing interesting ","*****@*****.**","Jython",aList)
print res.getSendResult()
assert res.getSendResult() == None
var["OK"] = True
if action == "checkmailattach" :
B = SHolder.getBlobHandler()
C = cmail.CMAIL(var)
li = C.getList()
assert len(li) == 1
l = li[0]
att = l.getaList()
assert len(att) == 1
for a in att :
print a.getFileName(),a.getRealm(),a.getBlobKey()
va = B.findBlob(a.getRealm(),a.getBlobKey())
assert va != None
ss = StringUtil.fromBytes(va)
print ss
assert ss == "Attachment"
var["OK"] = True
if action == "sendmultiattach" :
C = cmail.CMAIL(var)
li = C.getList()
for l in li :
C.removeElem(l)
li = C.getList()
assert len(li) == 0
aList = None
for i in range(20) :
s = "Attachment content" + str(i)
key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s))
aList = cmail.createAttachList(aList,cutil.PDFTEMPORARY,key,"attach" + str(i) + ".txt")
res = C.sendMail("Mail from hotel with 20 attachment","Nothing interesting inside ","*****@*****.**","Jython",aList)
print res.getSendResult()
assert res.getSendResult() == None
var["OK"] = True
if action == "checkmultiattach" :
B = SHolder.getBlobHandler()
C = cmail.CMAIL(var)
li = C.getList()
assert len(li) == 1
l = li[0]
att = l.getaList()
assert len(att) == 20
for a in att :
print a.getFileName(),a.getRealm(),a.getBlobKey()
va = B.findBlob(a.getRealm(),a.getBlobKey())
assert va != None
ss = StringUtil.fromBytes(va)
print ss
assert not cutil.emptyS(ss)
var["OK"] = True
def run(self):
"""
Where all the work is done.
Three steps
1) Make the request again to make sure it's stable (We use python difflib)
2) Make the request without any cookies, if it's similar the cookies aren't required
3) Loop through removing one cookie at a time, if the diff isn't big we leave it out, if
it is we can figure that it's required and we leave it in
At the end we're left with the required cookies.
"""
selected_message = self.selected_message
original_request_bytes = selected_message.getRequest()
original_request = StringUtil.fromBytes(original_request_bytes)
original_response_bytes = selected_message.getResponse()
original_response = StringUtil.fromBytes(original_response_bytes)
http_service = selected_message.getHttpService()
helpers = self.callbacks.getHelpers()
request_info = helpers.analyzeRequest(http_service,
original_request_bytes)
parameters = request_info.getParameters()
cookie_parameters = [
parameter for parameter in parameters
if parameter.getType() == IParameter.PARAM_COOKIE
]
num_requests_needed = len(cookie_parameters) + 2
num_requests_made = 0
self.progressBar.setMaximum(num_requests_needed)
self.progressBar.setValue(num_requests_made)
#===========================================================
# We will resubmit the request to make sure it is somewhat stable
self.statusTextArea.append(
"Making baseline request which we will compare to original request (1 of 1)"
)
self.statusTextArea.append("\n")
baseline_reqres_pair = self.callbacks.makeHttpRequest(
http_service, original_request)
threshold = httpresponse_bytes_diffratio(
helpers, original_response_bytes,
baseline_reqres_pair.getResponse())
if (threshold < 0.6):
self.statusTextArea.append(
"ERROR: Not a stable HTTP request, try another where it's nearly the same every request"
)
self.statusTextArea.append("\n")
self.progressBar.setValue(num_requests_needed)
return
# Pad it a little by decreasing the threshold...
threshold = threshold * 0.8 #TODO: We should automate discovering the right threshold
self.statusTextArea.append("...Complete, threshold ratio is %s" %
(threshold))
self.statusTextArea.append("\n")
#===========================================================
if (cancelThread is True):
print "Canceled"
return
num_requests_made = num_requests_made + 1
self.progressBar.setValue(num_requests_made)
#===========================================================
# Now we'll check if it actually requires authentication by removing all cookies
nocookies_request_bytes = StringUtil.toBytes(original_request)
for parameter in cookie_parameters:
nocookies_request_bytes = helpers.removeParameter(
nocookies_request_bytes, parameter)
self.statusTextArea.append(
"Making no-cookie request to make sure it requires them (1 of 1)")
self.statusTextArea.append("\n")
nocookie_reqres_pair = self.callbacks.makeHttpRequest(
http_service, nocookies_request_bytes)
nocookiediff = httpresponse_bytes_diffratio(
helpers, original_response_bytes,
nocookie_reqres_pair.getResponse())
if (nocookiediff > threshold):
self.statusTextArea.append(
"ERROR: Cookies don't seem to be required or it's too close to tell"
)
self.statusTextArea.append("\n")
self.progressBar.setValue(num_requests_needed)
return
self.statusTextArea.append(
"...Complete, confirmed at least one cookie is required")
self.statusTextArea.append("\n")
#===========================================================
if (cancelThread is True):
print "Canceled"
return
num_requests_made = num_requests_made + 1
self.progressBar.setValue(num_requests_made)
#===========================================================
# Now iterate over all the cookie values, removing one at a time until left with required ones
self.statusTextArea.append(
"Making requests, removing each cookie one at a time. (%d requests)"
% (len(cookie_parameters)))
self.statusTextArea.append("\n")
minimumcookies_request_bytes = StringUtil.toBytes(original_request)
for parameter in cookie_parameters:
if (cancelThread is True):
print "Canceled"
return
missingcookie_request_bytes = helpers.removeParameter(
minimumcookies_request_bytes, parameter)
missingcookie_reqres_pair = self.callbacks.makeHttpRequest(
http_service, missingcookie_request_bytes)
missingcookiediff = httpresponse_bytes_diffratio(
helpers, original_response_bytes,
missingcookie_reqres_pair.getResponse())
if (missingcookiediff > threshold):
self.statusTextArea.append(
" Cookie '%s' is not required (%s similarity ratio)" %
(parameter.getName(), missingcookiediff))
self.statusTextArea.append("\n")
minimumcookies_request_bytes = missingcookie_request_bytes
else:
self.statusTextArea.append(
"* Cookie '%s' is required (%s similarity ratio)" %
(parameter.getName(), missingcookiediff))
self.statusTextArea.append("\n")
num_requests_made = num_requests_made + 1
self.progressBar.setValue(num_requests_made)
#===========================================================
#===========================================================
# minimumcookies_request_bytes now contains a request with the minimum number
# of cookies needed to maintain the session.
#===========================================================
# Display the results
self.statusTextArea.append("== Required Cookies ==")
self.statusTextArea.append("\n")
mininumcookies_request_info = helpers.analyzeRequest(
http_service, minimumcookies_request_bytes)
minimum_cookie_parameters = [
parameter
for parameter in mininumcookies_request_info.getParameters()
if parameter.getType() == IParameter.PARAM_COOKIE
]
for cookie_parameter in minimum_cookie_parameters:
self.statusTextArea.append(cookie_parameter.getName())
self.statusTextArea.append("\n")
#===========================================================
return
def _update_content(self):
self.script.content = StringUtil.fromBytes(self.scriptEditor.text)
