def _is_suitable(self, freq): """ For CSRF attack we need request with payload and persistent/session cookies. :return: True if the request can have a CSRF vulnerability """ # Does the application send cookies? # # By checking like this we're loosing the opportunity to detect any # CSRF vulnerabilities in non-authenticated parts of the application for cookie in self._uri_opener.get_cookies(): if freq.get_url().get_domain() in cookie.domain: break else: return False # Strict mode on/off - do we need to audit GET requests? Not always... if freq.get_method() == 'GET' and self._strict_mode: return False # Does the request have a payload? # # By checking like this we're loosing the opportunity to find CSRF vulns # in applications that use mod_rewrite. Example: A CSRF in this URL: # http://host.tld/users/remove/id/123 if not freq.get_uri().has_query_string() and not freq.get_raw_data(): if 'date' in freq.get_uri().url_string: req = HTTPRequest.from_fuzzable_request(freq) return False om.out.debug('%s is suitable for CSRF attack' % freq.get_url()) return True
def test_to_dict_msgpack_with_data_token(self): token = DataToken('Host', 'www.w3af.com', ('Host', )) headers = Headers([('Host', token)]) freq = FuzzableRequest(URL("http://www.w3af.com/"), headers=headers) req = HTTPRequest.from_fuzzable_request(freq) msgpack.dumps(req.to_dict())
def test_to_dict_msgpack_with_data_token(self): token = DataToken('Host', 'www.w3af.com', ('Host',)) headers = Headers([('Host', token)]) freq = FuzzableRequest(URL("http://www.w3af.com/"), headers=headers) req = HTTPRequest.from_fuzzable_request(freq) msgpack.dumps(req.to_dict())
def http_request(self, request): if self._plugin_list: fr = FuzzableRequest.from_urllib2_request(request) for plugin in self._plugin_list: fr = plugin.mangle_request(fr) request = HTTPRequest.from_fuzzable_request(fr) return request