Пример #1
0
    def bruteforce_wrapper(self, fuzzable_request):
        """
        :param fuzzable_request: The FuzzableRequest instance to analyze
        :return: A list with FuzzableRequests (if we were able to bruteforce
                 any forms/basic auth present in fuzzable_request).
        """
        self.audit(safe_deepcopy(fuzzable_request))

        res = []

        for v in kb.kb.get(self.get_name(), 'auth'):

            if v.get_url() not in self._already_reported:
                self._already_reported.append(v.get_url())
                res.append(v['request'])

        return res
Пример #2
0
    def bruteforce_wrapper(self, fuzzable_request):
        """
        :param fuzzable_request: The FuzzableRequest instance to analyze
        :return: A list with FuzzableRequests (if we were able to bruteforce
                 any forms/basic auth present in fuzzable_request).
        """
        self.audit(safe_deepcopy(fuzzable_request))

        res = []

        for v in kb.kb.get(self.get_name(), 'auth'):

            if v.get_url() not in self._already_reported:
                self._already_reported.append(v.get_url())
                res.append(v['request'])

        return res
Пример #3
0
    def discover_wrapper(self, fuzzable_request):
        """
        Wrapper around the discover method in order to perform some generic
        tasks.
        """
        # I copy the fuzzable request, to avoid cross plugin contamination
        # in other words, if one plugin modified the fuzzable request object
        # INSIDE that plugin, I don't want the next plugin to suffer from that
        fuzzable_request_copy = safe_deepcopy(fuzzable_request)

        try:
            return self.discover(fuzzable_request_copy)
        except FourOhFourDetectionException, ffde:
            # We simply ignore any exceptions we find during the 404 detection
            # process. FYI: This doesn't break the xurllib error handling which
            # happens at lower layers.
            #
            # https://github.com/andresriancho/w3af/issues/8949
            om.out.debug('%s' % ffde)
Пример #4
0
    def audit_with_copy(self, fuzzable_request, orig_resp):
        """
        :param freq: A FuzzableRequest
        :param orig_resp: The HTTP response we get from sending the freq
        
        Copy the FuzzableRequest before auditing.

        I copy the fuzzable request, to avoid cross plugin contamination.
        In other words, if one plugins modified the fuzzable request object
        INSIDE that plugin, I don't want the next plugin to suffer from that.
        """
        fuzzable_request = safe_deepcopy(fuzzable_request)

        try:
            return self.audit(fuzzable_request, orig_resp)
        except FourOhFourDetectionException, ffde:
            # We simply ignore any exceptions we find during the 404 detection
            # process. FYI: This doesn't break the xurllib error handling which
            # happens at lower layers.
            #
            # https://github.com/andresriancho/w3af/issues/8949
            om.out.debug('%s' % ffde)
Пример #5
0
    def discover_wrapper(self, fuzzable_request, debugging_id):
        """
        Wrapper around the discover method to perform generic tasks such
        as cloning the fuzzable request.

        :param fuzzable_request: The target to use for infrastructure plugins.
        :param debugging_id: A unique identifier for this call to discover()
        """
        # I copy the fuzzable request, to avoid cross plugin contamination
        # in other words, if one plugin modified the fuzzable request object
        # INSIDE that plugin, I don't want the next plugin to suffer from that
        fuzzable_request_copy = safe_deepcopy(fuzzable_request)

        try:
            return self.discover(fuzzable_request_copy, debugging_id)
        except FourOhFourDetectionException, ffde:
            # We simply ignore any exceptions we find during the 404 detection
            # process. FYI: This doesn't break the xurllib error handling which
            # happens at lower layers.
            #
            # https://github.com/andresriancho/w3af/issues/8949
            om.out.debug('%s' % ffde)
Пример #6
0
    def crawl_wrapper(self, fuzzable_request):
        """
        Wrapper around the crawl method in order to perform some generic tasks.
        """
        om.out.debug('[%s] Crawling "%s"' % (self.get_name(),
                                             fuzzable_request.get_uri()))

        # I copy the fuzzable request, to avoid cross plugin contamination
        # in other words, if one plugin modified the fuzzable request object
        # INSIDE that plugin, I don't want the next plugin to suffer from that
        fuzzable_request_copy = safe_deepcopy(fuzzable_request)

        # Crawl with timeout
        try:
            with ThreadingTimeout(self.PLUGIN_TIMEOUT, swallow_exc=False):
                return self.crawl(fuzzable_request_copy)
        except FourOhFourDetectionException, ffde:
            # We simply ignore any exceptions we find during the 404 detection
            # process. FYI: This doesn't break the xurllib error handling which
            # happens at lower layers.
            #
            # https://github.com/andresriancho/w3af/issues/8949
            om.out.debug('%s' % ffde)