def _analyze_echo_result(self, mutant, response):
"""
Do we have a reflected XSS?
:return: None, record all the results in the kb.
"""
# Add data for the persistent xss checking
if self._check_persistent_xss:
self._xss_mutants.append((mutant, response.id))
with self._plugin_lock:
if self._has_bug(mutant):
return
sent_payload = mutant.get_token_payload()
# TODO: https://github.com/andresriancho/w3af/issues/12305
body_lower = response.get_body().lower()
sent_payload_lower = sent_payload.lower()
for context in get_context_iter(body_lower, sent_payload_lower):
if context.is_executable() or context.can_break():
self._report_vuln(mutant, response, sent_payload)
return
def _analyze_persistent_result(self, fuzzable_request, response):
"""
After performing an HTTP request to "fuzzable_request" and getting
"response" analyze if the response contains any of the information sent
by any of the mutants.
:return: None, Vuln (if any) are saved to the kb.
"""
msg = 'Analyzing HTTP response %s to verify if XSS token was persisted'
om.out.debug(msg % response.get_uri())
if self._is_json_response(response):
return
body = response.get_body()
for mutant, mutant_response_id in self._xss_mutants:
sent_payload = mutant.get_token_payload()
for context in get_context_iter(body, sent_payload):
if context.is_executable() or context.can_break():
self._report_persistent_vuln(mutant, response,
mutant_response_id,
sent_payload,
fuzzable_request)
break
def _analyze_echo_result(self, mutant, response):
"""
Do we have a reflected XSS?
:return: None, record all the results in the kb.
"""
# Add data for the persistent xss checking
if self._check_persistent_xss:
self._xss_mutants.append((mutant, response.id))
with self._plugin_lock:
if self._has_bug(mutant):
return
sent_payload = mutant.get_token_payload()
# TODO: https://github.com/andresriancho/w3af/issues/12305
body_lower = response.get_body().lower()
sent_payload_lower = sent_payload.lower()
for context in get_context_iter(body_lower, sent_payload_lower):
if context.is_executable() or context.can_break():
self._report_vuln(mutant, response, sent_payload)
return
def _analyze_persistent_result(self, fuzzable_request, response):
"""
After performing an HTTP request to "fuzzable_request" and getting
"response" analyze if the response contains any of the information sent
by any of the mutants.
:return: None, Vuln (if any) are saved to the kb.
"""
response_body = response.get_body()
for mutant, mutant_response_id in self._xss_mutants:
mod_value = mutant.get_mod_value()
for context in get_context_iter(response_body, mod_value):
if context.is_executable() or context.can_break(mod_value):
self._report_persistent_vuln(mutant, response,
mutant_response_id, mod_value,
fuzzable_request)
break
def _analyze_echo_result(self, mutant, response):
"""
Do we have a reflected XSS?
:return: None, record all the results in the kb.
"""
# Add data for the persistent xss checking
if self._check_persistent_xss:
self._xss_mutants.append((mutant, response.id))
with self._plugin_lock:
if self._has_bug(mutant):
return
mod_value = mutant.get_mod_value()
for context in get_context_iter(response.get_body(), mod_value):
if context.is_executable() or context.can_break(mod_value):
self._report_vuln(mutant, response, mod_value)
return
def _analyze_persistent_result(self, fuzzable_request, response):
"""
After performing an HTTP request to "fuzzable_request" and getting
"response" analyze if the response contains any of the information sent
by any of the mutants.
:return: None, Vuln (if any) are saved to the kb.
"""
response_body = response.get_body()
for mutant, mutant_response_id in self._xss_mutants:
mod_value = mutant.get_mod_value()
for context in get_context_iter(response_body, mod_value):
if context.is_executable() or context.can_break(mod_value):
self._report_persistent_vuln(mutant, response,
mutant_response_id,
mod_value,
fuzzable_request)
break
def _analyze_echo_result(self, mutant, response):
"""
Do we have a reflected XSS?
:return: None, record all the results in the kb.
"""
# Add data for the persistent xss checking
if self._check_persistent_xss:
self._xss_mutants.append((mutant, response.id))
with self._plugin_lock:
if self._has_bug(mutant):
return
mod_value = mutant.get_mod_value()
for context in get_context_iter(response.get_body(), mod_value):
if context.is_executable() or context.can_break(mod_value):
self._report_vuln(mutant, response, mod_value)
return
def _analyze_persistent_result(self, fuzzable_request, response):
"""
After performing an HTTP request to "fuzzable_request" and getting
"response" analyze if the response contains any of the information sent
by any of the mutants.
:return: None, Vuln (if any) are saved to the kb.
"""
body_lower = response.get_body().lower()
for mutant, mutant_response_id in self._xss_mutants:
sent_payload = mutant.get_token_payload()
sent_payload_lower = sent_payload.lower()
for context in get_context_iter(body_lower, sent_payload):
if context.is_executable() or context.can_break(sent_payload_lower):
self._report_persistent_vuln(mutant, response,
mutant_response_id,
sent_payload_lower,
fuzzable_request)
break
def _analyze_persistent_result(self, fuzzable_request, response):
"""
After performing an HTTP request to "fuzzable_request" and getting
"response" analyze if the response contains any of the information sent
by any of the mutants.
:return: None, Vuln (if any) are saved to the kb.
"""
om.out.debug('Analyzing HTTP response %s to verify if XSS token was persisted.')
body = response.get_body()
for mutant, mutant_response_id in self._xss_mutants:
sent_payload = mutant.get_token_payload()
for context in get_context_iter(body, sent_payload):
if context.is_executable() or context.can_break():
self._report_persistent_vuln(mutant, response,
mutant_response_id,
sent_payload,
fuzzable_request)
break
