def test_matches_one_of_false_1(self): user_value = '[{"action": "/foo"}, {"action": "/bar", "method": "get"}]' form_list = FormIDMatcherList(user_value) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, attributes={'class': 'comment-css'}) match = found_form_id.matches_one_of(form_list) self.assertFalse(match)
def set_default_values(self): """ Load all the default settings :return: None """ cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('path_max_variants', PATH_MAX_VARIANTS) cf.cf.save('params_max_variants', PARAMS_MAX_VARIANTS) cf.cf.save('max_equal_form_variants', MAX_EQUAL_FORM_VARIANTS) cf.cf.save('max_discovery_time', 120) cf.cf.save('max_scan_time', 240) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # The network interface configuration (for advanced exploits) # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('stop_on_first_exception', False) # Blacklists cf.cf.save('blacklist_http_request', []) cf.cf.save('blacklist_audit', []) # Form exclusion via IDs cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE) # Language to use when reading from vulndb cf.cf.save('vulndb_language', DBVuln.DEFAULT_LANG)
def test_form_exclusions(self): user_value = '[{"action": "/out.*"}]' cf.cf.save('form_id_list', FormIDMatcherList(user_value)) cf.cf.save('form_id_action', EXCLUDE) self._scan(self.scan_config['target'], self.scan_config['plugins']) # Define the expected/desired output expected_files = ['', '/in/'] expected_urls = set( URL(self.target_url).url_join(end).url_string for end in expected_files) # pylint: disable=E1101 # Pylint fails to detect the object types that come out of the KB urls = self.kb.get_all_known_urls() found_urls = set(str(u).decode('utf-8') for u in urls) self.assertEquals(found_urls, expected_urls) # revert any changes to the default so we don't affect other tests cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE)
def test_matches_one_of_true(self): user_value = '[{"action": "/foo", "method": "post"}, {"action": "/products/product-.*", "method": "get"}]' form_list = FormIDMatcherList(user_value) found_form_id = FormID( action=URL('http://w3af.org/products/product-132'), inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, method='get', attributes={'class': 'comment-css'}) match = found_form_id.matches_one_of(form_list) self.assertTrue(match)
def set_default_values(self): """ Load all the default settings :return: None """ cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('max_discovery_time', 120) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # The network interface configuration (for advanced exploits) # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('non_targets', []) cf.cf.save('stop_on_first_exception', False) # Form exclusion via IDs cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE)
def test_form_exclude_zero_of_two(self): user_value = '[{"action": "/foo", "method": "post"}, {"action": "/nomatch", "method": "post"}]' cf.cf.save('form_id_list', FormIDMatcherList(user_value)) body = """ <html> <form action="/foo" method="get"> <input type="text" name="test" value="hello"> <input type="submit" name="submit"> </form> <form action="/bar" method="post"> <input type="text" name="test" value="hello"> <input type="submit" name="submit"> </form> </html>""" r = build_http_response(self.url, body) p = RaiseHTMLParser(r) p.parse() self.assertEqual(len(p.forms), 2)
def validate(self, value): try: return FormIDMatcherList(value) except Exception as e: msg = 'Invalid form ID list configured by user, error: %s.' % e raise BaseFrameworkException(msg)
def tearDown(self): # set the defaults back cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE)