def processResponse(self, toolFlag, messageInfo):
try:
response = messageInfo.getResponse()
responseStr = self._helpers.bytesToString(response)
responseInfo = self._helpers.analyzeResponse(response)
body = responseStr[responseInfo.getBodyOffset():]
headers = responseInfo.getHeaders()
for (i, header) in enumerate(headers):
if header.lower().startswith("content-type:"):
content_type = header.split(":")[1].lower()
if content_type.find(
"application/x-thrift") > 0 or content_type.find(
"text/x-thrift") > 0:
break
else:
return
msg, msglen = ThriftMessage.read(body, read_values=True)
response = self._helpers.buildHttpMessage(
headers, self._helpers.stringToBytes(format_msg(msg)))
messageInfo.setResponse(response)
except Exception as ex:
print "problem parsing data in processResponse"
if DEBUG:
print ex, traceback.format_exc()
def sendIntruderStartScan(self, scan=False):
for item in self._messages:
try:
request = item.getRequest()
requestInfo = self._helpers.analyzeRequest(item)
headers = requestInfo.getHeaders()
msgBody = self._helpers.bytesToString(
request[requestInfo.getBodyOffset():])
for (i, header) in enumerate(headers):
if header.lower().startswith("content-type:"):
content_type = header.split(":")[1].lower()
if content_type.find("application/x-thrift"
) > 0 or content_type.find(
"text/x-thrift") > 0:
headers[
i] = "Content-Type: application/x-thrift-decoded"
break
else:
return
msg, msglen = ThriftMessage.read(msgBody, read_values=True)
int_msg = format_msg(msg, intruder=True)
pos = [m.start() for m in re.finditer('§', int_msg)]
# create body now to get the offset
int_msg = int_msg.replace('§', '')
response = self._helpers.buildHttpMessage(
headers, self._helpers.stringToBytes(int_msg))
requestInfo = self._helpers.analyzeRequest(response)
offset = requestInfo.getBodyOffset()
# add offset to each position
pos = [offset + p for p in pos]
payloadPositionOffsets = ArrayList()
for i in range(0, len(pos), 2):
payloadPositionOffsets.add(
array((pos[i] - (i * 2), pos[i + 1] - ((i + 1) * 2)),
'i'))
httpService = item.getHttpService()
secure = httpService.getProtocol() == "https"
if scan:
self._callbacks.doActiveScan(httpService.getHost(),
httpService.getPort(), secure,
response,
payloadPositionOffsets)
else:
self._callbacks.sendToIntruder(httpService.getHost(),
httpService.getPort(),
secure, response,
payloadPositionOffsets)
except Exception as ex:
print "problem sending item to intruder"
if DEBUG:
print ex, traceback.format_exc()
def test_is_diff_compatible(self):
def _diff_compatibility(msg1, msg2, allowed):
ok_to_diff, reason = Diff.can_diff(msg1, msg2)
if allowed:
self.assertTrue(ok_to_diff, reason)
else:
self.assertFalse(ok_to_diff)
self.assertIsNotNone(reason)
# Method name doesn't match
rpc1 = ThriftMessage("ping", None, None, ThriftStruct([]))
rpc2 = ThriftMessage("pong", None, None, ThriftStruct([]))
_diff_compatibility(rpc1, rpc2, False)
# Method names match, so does argument signature
rpc1 = ThriftMessage("ping", None, None,
ThriftStruct([ThriftField("string", 1, "a")]))
rpc2 = ThriftMessage("ping", None, None,
ThriftStruct([ThriftField("string", 1, "b")]))
_diff_compatibility(rpc1, rpc2, True)
# Method names match, but argument signature is different
rpc1 = ThriftMessage("ping", None, None,
ThriftStruct([ThriftField("string", 1, "a")]))
rpc2 = ThriftMessage("ping", None, None,
ThriftStruct([ThriftField("i32", 1, "b")]))
_diff_compatibility(rpc1, rpc2, False)
def test_diff_of_messages(self):
f1 = ThriftField("string", 1, "one")
f2 = ThriftField("i32", 2, 2)
s1 = ThriftStruct([f1])
s2 = ThriftStruct([f2])
m1 = ThriftMessage("ping", "call", 1, s1)
m2 = ThriftMessage("ping", "call", 2, s2)
with self.assertRaisesRegexp(ValueError, 'argument signature'):
Diff.of_messages(m1, m2)
# Diff messages with all primitive args
self.assertEqual(0, len(Diff.of_messages(m1, m1)),
"Message based diff only consider args of type struct")
# Diff messages with mixed type of args
f3 = ThriftField("struct", 1, ThriftStruct([f1, f2]))
m3 = ThriftMessage("ping", "call", 2, ThriftStruct([f1, f2, f3, f3]))
diffs = Diff.of_messages(m3, m3)
self.assertEqual(2, len(diffs))
# We diffed identical messages, verify that diff reflects that
self.assertListEqual([f1, f2], diffs[0].fields_with_same_value)
self.assertEqual(0, len(diffs[0].field_with_different_value))
def setMessage(self, content, isRequest):
if content is None:
self._txtInput.setText(None)
self._txtInput.setEditable(False)
else:
if isRequest:
r = self._helpers.analyzeRequest(content)
else:
r = self._helpers.analyzeResponse(content)
data = content[r.getBodyOffset():].tostring()
try:
msg, msglen = ThriftMessage.read(data, read_values=True)
except Exception as ex:
print "problem parsing data in setMessage"
if DEBUG:
print ex, traceback.format_exc()
self._txtInput.setText(format_msg(msg))
self._txtInput.setEditable(self._editable)
self._currentMessage = content
parser.add_argument("-c", "--nocolor", help="turnoff color output", action="store_true")
parser.add_argument("--json", help="json output, no colors", action="store_true")
args = parser.parse_args()
data = []
if args.infile==sys.stdin:
if args.debug:
print "Reading from stdin"
data = args.infile.read()
# a bit of brute force to find the start of a message.
for offset in range(len(data)):
try:
data_slice = data[offset:]
msg, msglen = ThriftMessage.read( data_slice, read_values=True )
except Exception as ex:
continue
if args.debug:
print "Found Thrift Message at offest:%d" % offset
break
# now we have the parsed Thrift message in 'msg'
"""
msg.as_dict = {
"args": {
"fields": [
{
"field_type": "i32",