def get_fuzzable_request(self,
discover_fuzzable_headers=False,
discover_fuzzable_url_parts=False):
"""
Creates a fuzzable request by querying different parts of the spec
parameters, operation, etc.
:param discover_fuzzable_headers: If it's set to true,
then all fuzzable headers will be added to the fuzzable request.
:param discover_fuzzable_url_parts: If it's set to true,
then all fuzzable url parts will be added to the fuzzable request.
:return: A fuzzable request.
"""
method = self.get_method()
uri = self.get_uri()
headers = self.get_headers()
data_container = self.get_data_container(headers)
fuzzable_request = FuzzableRequest(uri,
headers=headers,
post_data=data_container,
method=method)
if discover_fuzzable_headers:
fuzzable_request.set_force_fuzzing_headers(
self._get_parameter_headers())
if discover_fuzzable_url_parts:
fuzzable_request.set_force_fuzzing_url_parts(self._get_url_parts())
return fuzzable_request
def test_forced_url_parts(self):
freq = FuzzableRequest(URL('http://www.w3af.com/static/foo/bar.ext'))
freq.set_force_fuzzing_url_parts([('/static/', False), ('foo', True),
('/bar.', False), ('ext', True)])
generated_mutants = URLPartsMutant.create_mutants(
freq, self.payloads, [], False, self.fuzzer_config)
expected_urls = [
'http://www.w3af.com/static/abc/bar.ext',
'http://www.w3af.com/static/def/bar.ext',
'http://www.w3af.com/static/foo/bar.abc',
'http://www.w3af.com/static/foo/bar.def'
]
generated_urls = set(
[m.get_url().url_string for m in generated_mutants])
self.assertEqual(set(expected_urls), generated_urls)
