def mangle_response(self, response): """ This method mangles the response. :param response: This is the response to mangle. :return: A mangled version of the response. """ body = response.get_body() for regex, string in self._manglers['s']['b']: body = regex.sub(string, body) response.set_body(body) header_string = str(response.get_headers()) for regex, string in self._manglers['s']['h']: header_string = regex.sub(string, header_string) try: mangled_header = Headers.from_string(header_string) except ValueError: error = 'Your header modifications created an invalid header'\ ' string that could NOT be parsed back to a Header object.' om.out.error(error) else: response.set_headers(mangled_header) if self._user_option_fix_content_len: response = self._fix_content_len(response) return response
def validate(self, value): if isinstance(value, Headers): return value try: return Headers.from_string(value) except Exception: msg = 'Invalid HTTP header configured by user.' raise BaseFrameworkException(msg)
class import_sqlite(CrawlPlugin): """ Import requests (method,uri,headers,data) stored in sqlite database. :author: @s0i37 """ def __init__(self): CrawlPlugin.__init__(self) self._input_sqlite = '' @runonce(exc_class=RunOnce) def crawl(self, fuzzable_request): """ Read the input file, and create the fuzzable_request_list based on that information. :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. In this case it is simply ignored and data is read from the input files. """ self._load_data_from_sqlite() def _load_data_from_sqlite(self): """ Load data from the csv file """ if not self._input_sqlite: return try: db = sqlite3.connect(self._input_sqlite) except BaseFrameworkException, e: msg = 'An error was found while trying to read "%s": "%s".' om.out.error(msg % (self._input_csv, e)) return sql = db.cursor() for method, uri, headers, data in sql.execute( "select method,uri,headers,data from requests"): try: self.debug("+ %s %s" % (method, uri)) headers = Headers.from_string(str(headers)) self.output_queue.put( FuzzableRequest.from_parts(uri, method=method, post_data=str(data), headers=headers)) except Exception as e: import traceback traceback.print_exc() msg = 'import_sqlite: %s' self.debug(msg % str(e)) db.close()
def mangle_request(self, request): """ This method mangles the request. :param request: This is the request to mangle. :return: A mangled version of the request. """ data = request.get_data() for regex, string in self._manglers['q']['b']: data = regex.sub(string, data) header_string = str(request.get_headers()) for regex, string in self._manglers['q']['h']: header_string = regex.sub(string, header_string) headers_inst = Headers.from_string(header_string) request.set_headers(headers_inst) request.add_data(data) return request
def mangle_request(self, request): """ This method mangles the request. :param request: This is the request to mangle. :return: A mangled version of the request. """ data = request.get_data() for regex, string in self._manglers['q']['b']: data = regex.sub(string, data) header_string = str(request.get_headers()) for regex, string in self._manglers['q']['h']: header_string = regex.sub(string, header_string) headers_inst = Headers.from_string(header_string) return FuzzableRequest.from_parts(request.get_uri(), method=request.get_method(), post_data=data, headers=headers_inst)
def test_to_str_from_string(self): headers_from_obj = Headers([('a', 'b')]) headers_from_str = Headers.from_string(str(headers_from_obj)) self.assertEqual(headers_from_str, headers_from_obj)
def test_from_string(self): headers_from_str = Headers.from_string('a: b\r\n') headers_from_obj = Headers([('a', 'b')]) self.assertEqual(headers_from_str, headers_from_obj)
return except ValueError, value_error: msg = 'The file format is incorrect, an error was found while'\ ' parsing: "%s". Exception: "%s".' om.out.error(msg % (csv_row, value_error)) else: # Create the obj based on the information uri = URL(uri) if not uri.is_valid_domain(): return # If there is postdata, force parsing using urlencoded form if headers: if headers.find('\r\n') == -1: headers = headers.replace('\n','\r\n') headers = Headers.from_string( str(headers) ) else: if postdata: headers = Headers([('content-type', URLEncodedForm.ENCODING)]) return FuzzableRequest.from_parts(uri, method=method, post_data=postdata, headers=headers) def _objs_from_burp_log(self, burp_file): """ Read a burp log (XML) and extract the information. """ xp = BurpParser() parser = etree.XMLParser(target=xp, huge_tree=True)
def validate(self, value): try: return Headers.from_string(value) except Exception: msg = 'Invalid HTTP header configured by user.' raise BaseFrameworkException(msg)