def test_handle_one(self):
try:
raise Exception('unittest')
except Exception, e:
exec_info = sys.exc_info()
enabled_plugins = ''
exception_handler.handle( self.status, e , exec_info, enabled_plugins )
def _bruteforce(self, fr_list):
'''
@parameter fr_list: A list of fr's to be analyzed by the bruteforce plugins
@return: A list of the URL's that have been successfully bruteforced
'''
res = []
# Status
om.out.debug('Called _bruteforce()' )
self._w3af_core.status.set_phase('bruteforce')
# Progress
bruteforce_plugin_num = len(self._w3af_core.plugins.plugins['bruteforce'])
amount_of_tests = bruteforce_plugin_num * len(fr_list)
self._w3af_core.progress.set_total_amount( amount_of_tests )
for plugin in self._w3af_core.plugins.plugins['bruteforce']:
# Status
self._w3af_core.status.set_running_plugin( plugin.getName() )
for fr in fr_list:
# Status
self._w3af_core.status.set_current_fuzzable_request( fr )
# Sends each URL to the bruteforce plugin
try:
try:
new_frs = plugin.bruteforce_wrapper( fr )
finally:
tm.join( plugin )
except w3afException, e:
om.out.error( str(e) )
except Exception, e:
# Smart error handling, much better than just crashing.
# Doing this here and not with something similar to:
# sys.excepthook = handle_crash because we want to handle
# plugin exceptions in this way, and not framework
# exceptions
exec_info = sys.exc_info()
enabled_plugins = pprint_plugins(self._w3af_core)
exception_handler.handle( self._w3af_core.status, e ,
exec_info, enabled_plugins )
else:
res.extend( new_frs )
# Progress, I performed one test (no matter if it failed or not)
self._w3af_core.progress.inc()
def _audit(self):
om.out.debug('Called _audit()' )
enabled_plugins = self._w3af_core.plugins.getEnabledPlugins('audit')
audit_plugins = self._w3af_core.plugins.plugin_factory( enabled_plugins, 'audit')
# For progress reporting
self._w3af_core.status.set_phase('audit')
amount_of_tests = len(audit_plugins) * len(self._fuzzable_request_set)
self._w3af_core.progress.set_total_amount( amount_of_tests )
# This two loops do all the audit magic [KISS]
for plugin in audit_plugins:
# For status
self._w3af_core.status.set_running_plugin( plugin.getName() )
# Before running each plugin let's make sure we're logged in
self._auth_login()
#TODO: This is a horrible thing to do, we consume lots of memory
# for just a loop. The issue is that we had some strange
# "RuntimeError: Set changed size during iteration" and I had
# no time to solve them.
for fr in set(self._fuzzable_request_set):
# Sends each fuzzable request to the plugin
self._w3af_core.status.set_current_fuzzable_request( fr )
try:
try:
plugin.audit_wrapper( fr )
finally:
tm.join( plugin )
except w3afException, e:
om.out.error( str(e) )
except Exception, e:
# Smart error handling, much better than just crashing.
# Doing this here and not with something similar to:
# sys.excepthook = handle_crash because we want to handle
# plugin exceptions in this way, and not framework
# exceptions
exec_info = sys.exc_info()
enabled_plugins = pprint_plugins(self._w3af_core)
exception_handler.handle( self._w3af_core.status, e ,
exec_info, enabled_plugins )
# Performed one test, report it
self._w3af_core.progress.inc()
def _grep_worker( self , grep_plugin, request, response):
'''
This method applies the grep_plugin to a request / response pair.
@parameter grep_plugin: The grep plugin to run.
@parameter request: The request which generated the response. A request object.
@parameter response: The response which was generated by the request (first parameter).
A httpResponse object.
'''
# Create a wrapper that will timeout in "timeout_seconds" seconds.
#
# TODO:
# For now I leave it at 5, but I have to debug grep plugins and I will lower this eventually
#
timeout_seconds = 5
timedout_grep_wrapper = TimeLimited( grep_plugin.grep_wrapper, timeout_seconds)
try:
timedout_grep_wrapper(request, response)
except KeyboardInterrupt:
# Correct control+c handling...
raise
except TimeLimitExpired:
msg = 'The "%s" plugin took more than %s seconds to run. ' \
'For a plugin that should only perform pattern matching, ' \
'this is too much, please review its source code.' % \
(grep_plugin.getName(), timeout_seconds)
om.out.error(msg)
except Exception, e:
# Smart error handling, much better than just crashing.
# Doing this here and not with something similar to:
# sys.excepthook = handle_crash because we want to handle
# plugin exceptions in this way, and not framework
# exceptions
class fake_status(w3af_core_status):
pass
status = fake_status()
status.set_running_plugin( grep_plugin.getName() )
status.set_phase( 'grep' )
status.set_current_fuzzable_request( request )
exec_info = sys.exc_info()
from core.controllers.w3afCore import w3af_core as w3af_core
enabled_plugins = pprint_plugins(w3af_core)
exception_handler.handle( status, e , exec_info, enabled_plugins )
def _auth_login(self):
'''
Make login to the web application when it is needed.
'''
for plugin in self._w3af_core.plugins.plugins['auth']:
try:
try:
if not plugin.is_logged():
plugin.login()
finally:
tm.join(plugin)
except Exception, e:
# Smart error handling, much better than just crashing.
# Doing this here and not with something similar to:
# sys.excepthook = handle_crash because we want to handle
# plugin exceptions in this way, and not framework
# exceptions
exec_info = sys.exc_info()
enabled_plugins = pprint_plugins(self._w3af_core)
exception_handler.handle( self._w3af_core.status, e ,
exec_info, enabled_plugins )
def _discover_worker(self, to_walk):
'''
This method will run discovery plugins in a loop until no new knowledge
(ie fuzzable requests) is found.
TODO: unit-test this method
@return: A list with the found fuzzable requests.
'''
om.out.debug('Called _discover_worker()' )
result = []
while to_walk:
# Progress stuff, do this inside the while loop, because the to_walk
# variable changes in each loop
amount_of_tests = len(self._w3af_core.plugins.plugins['discovery']) * len(to_walk)
self._w3af_core.progress.set_total_amount(amount_of_tests)
plugins_to_remove_list = []
fuzz_reqs = {}
for plugin in self._w3af_core.plugins.plugins['discovery']:
# Login is needed,
self._auth_login()
for fr in to_walk:
# Should I continue with the discovery phase? If not, return
# what I know for now and forget about all the remaining work
if self._should_stop_discovery(): return result
# Status reporting
status = self._w3af_core.status
status.set_running_plugin(plugin.getName())
status.set_current_fuzzable_request(fr)
try:
try:
# Perform the actual work
plugin_result = plugin.discover_wrapper(fr)
finally:
tm.join(plugin)
except KeyboardInterrupt:
om.out.information('The user interrupted the discovery phase, '
'continuing with audit.')
return result
except w3afException,e:
om.out.error(str(e))
except w3afRunOnce:
# Some plugins are meant to be run only once
# that is implemented by raising a w3afRunOnce
# exception
plugins_to_remove_list.append(plugin)
except Exception, e:
# Smart error handling, much better than just crashing.
# Doing this here and not with something similar to:
# sys.excepthook = handle_crash because we want to handle
# plugin exceptions in this way, and not framework
# exceptions
exec_info = sys.exc_info()
enabled_plugins = pprint_plugins(self._w3af_core)
exception_handler.handle( self._w3af_core.status, e ,
exec_info, enabled_plugins )
else:
# We don't trust plugins, i'll only work if this
# is a list or something else that is iterable
lst = fuzz_reqs.setdefault(plugin.getName(), [])
if hasattr(plugin_result, '__iter__'):
lst.extend(fr for fr in plugin_result)
# Finished one loop, inc!
self._w3af_core.progress.inc()
