def test_bad_file_descriptor_8125_local(self):
"""
8125 is basically an issue with the way HTTP SSL connections handle the
Connection: Close header.
:see: https://github.com/andresriancho/w3af/issues/8125
"""
raw_http_response = ('HTTP/1.1 200 Ok\r\n'
'Connection: close\r\n'
'Content-Type: text/html\r\n'
'Content-Length: 3\r\n\r\nabc')
certfile = os.path.join(ROOT_PATH, 'plugins', 'tests', 'audit',
'certs', 'invalid_cert.pem')
port = get_unused_port()
s = SSLServer('localhost', port, certfile,
http_response=raw_http_response)
s.start()
body = 'abc'
mock_url = 'https://localhost:%s/' % port
url = URL(mock_url)
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(body, http_response.body)
s.stop()
# This error is expected, it's generated when the xurllib negotiates
# the different SSL protocols with the server
self.assertEqual(set([e.strerror for e in s.errors]),
{'Bad file descriptor'})
def test_bad_file_descriptor_8125_local(self):
"""
:see: https://github.com/andresriancho/w3af/issues/8125
"""
port = get_unused_port()
raw_http_response = "HTTP/1.1 200 Ok\r\n"\
"Connection: close\r\n"\
"Content-Type: text/html\r\n"\
"Content-Length: 3\r\n\r\nabc"
certfile = os.path.join(ROOT_PATH, 'plugins', 'tests', 'audit',
'certs', 'invalid_cert.pem')
s = SSLServer('localhost',
port,
certfile,
http_response=raw_http_response)
s.start()
body = 'abc'
mock_url = 'https://localhost:%s/' % port
url = URL(mock_url)
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(body, http_response.body)
s.stop()
def test_ssl_certificate_local(self):
# Start the HTTPS server
certfile = os.path.join(ROOT_PATH, 'plugins', 'tests', 'audit',
'certs', 'invalid_cert.pem')
s = SSLServer('localhost', 0, certfile)
s.start()
s.wait_for_start()
port = s.get_port()
cfg = self._run_configs['cfg']
self._scan(self.local_target_url % port, cfg['plugins'])
s.stop()
#
# Check the vulnerability
#
vulns = self.kb.get('ssl_certificate', 'invalid_ssl_cert')
self.assertEquals(1, len(vulns))
# Now some tests around specific details of the found vuln
vuln = vulns[0]
self.assertEquals('Self-signed SSL certificate', vuln.get_name())
self.assertEquals(self.local_target_url % port, str(vuln.get_url()))
def test_bad_file_descriptor_8125_local(self):
"""
8125 is basically an issue with the way HTTP SSL connections handle the
Connection: Close header.
:see: https://github.com/andresriancho/w3af/issues/8125
"""
raw_http_response = ('HTTP/1.1 200 Ok\r\n'
'Connection: close\r\n'
'Content-Type: text/html\r\n'
'Content-Length: 3\r\n\r\nabc')
certfile = os.path.join(ROOT_PATH, 'plugins', 'tests', 'audit',
'certs', 'invalid_cert.pem')
port = get_unused_port()
s = SSLServer('localhost',
port,
certfile,
http_response=raw_http_response)
s.start()
body = 'abc'
mock_url = 'https://localhost:%s/' % port
url = URL(mock_url)
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(body, http_response.body)
s.stop()
# This error is expected, it's generated when the xurllib negotiates
# the different SSL protocols with the server
self.assertEqual(set([e.strerror for e in s.errors]),
{'Bad file descriptor'})
def test_ssl_certificate_local(self):
# Start the HTTPS server
certfile = os.path.join(ROOT_PATH, 'plugins', 'tests', 'audit',
'certs', 'invalid_cert.pem')
s = SSLServer('localhost', 0, certfile)
s.start()
s.wait_for_start()
port = s.get_port()
cfg = self._run_configs['cfg']
self._scan(self.local_target_url % port, cfg['plugins'])
s.stop()
#
# Check the vulnerability
#
vulns = self.kb.get('ssl_certificate', 'invalid_ssl_cert')
self.assertEquals(1, len(vulns))
# Now some tests around specific details of the found vuln
vuln = vulns[0]
self.assertEquals('Self-signed SSL certificate', vuln.get_name())
self.assertEquals(self.local_target_url % port, str(vuln.get_url()))
def test_bad_file_descriptor_8125_local(self):
"""
:see: https://github.com/andresriancho/w3af/issues/8125
"""
port = get_unused_port()
raw_http_response = "HTTP/1.1 200 Ok\r\n"\
"Connection: close\r\n"\
"Content-Type: text/html\r\n"\
"Content-Length: 3\r\n\r\nabc"
certfile = os.path.join(ROOT_PATH, 'plugins', 'tests', 'audit',
'certs', 'invalid_cert.pem')
s = SSLServer('localhost', port, certfile,
http_response=raw_http_response)
s.start()
body = 'abc'
mock_url = 'https://localhost:%s/' % port
url = URL(mock_url)
http_response = self.uri_opener.GET(url, cache=False)
self.assertEqual(body, http_response.body)
s.stop()