Пример #1
0
    def _login(self, function_id):
        """
        This is the method that actually calls the plugins in order to login
        to the web application.
        """
        for plugin in self._consumer_plugins:

            debugging_id = rand_alnum(8)
            args = (plugin.get_name(), plugin.get_name(), debugging_id)
            msg = 'auth consumer is calling %s.has_active_session() and %s.login() (did:%s)'

            om.out.debug(msg % args)

            took_line = TookLine(self._w3af_core,
                                 'auth',
                                 '_login',
                                 debugging_id=debugging_id)

            try:
                if not plugin.has_active_session(debugging_id=debugging_id):
                    plugin.login(debugging_id=debugging_id)
            except Exception as e:
                self.handle_exception('auth', plugin.get_name(), None, e)

            took_line.send()
Пример #2
0
    def test_took_simple(self):
        w3af_core = w3afCore()

        took_line = TookLine(w3af_core,
                             'plugin_name',
                             'method_name',
                             debugging_id='ML7aEYsa',
                             method_params={'test': 'yes'})

        with patch('w3af.core.controllers.profiling.took_helper.om.out') as om_mock:
            took_line.send()

            self.assertEqual(om_mock.debug.call_count, 1)
            sent_message = om_mock.debug.call_args[0][0]

            self.assertRegexpMatches(sent_message,
                                     'plugin_name.method_name\(test="yes",did="ML7aEYsa"\)'
                                     ' took .*? seconds to run \(.*? seconds / .*?% consuming CPU cycles\)')
Пример #3
0
    def _login(self, function_id):
        """
        This is the method that actually calls the plugins in order to login
        to the web application.
        """
        for plugin in self._consumer_plugins:

            args = (plugin.get_name(), plugin.get_name())
            om.out.debug('%s.is_logged() and %s.login()' % args)
            took_line = TookLine(self._w3af_core, plugin.get_name(), '_login')

            try:
                if not plugin.is_logged():
                    plugin.login()
            except Exception, e:
                self.handle_exception('auth', plugin.get_name(), None, e)

            took_line.send()
Пример #4
0
    def _bruteforce(self, function_id, plugin, fuzzable_request):
        """
        Since threadpool's apply_async runs the callback only when the call to
        this method ends without any exceptions, it is *very important* to
        handle exceptions correctly here. Failure to do so will end up in
        _task_done not called, which will make has_pending_work always return
        True.

        Python 3 has an error_callback in the apply_async method, which we could
        use in the future.

        :param fuzzable_request: The fuzzable request that (if suitable) will be
                                 bruteforced by @plugin.
        :return: A list of the URL's that have been successfully bruteforced
        """
        res = set()

        # Logging
        args = (plugin.get_name(), fuzzable_request.get_uri())
        om.out.debug('%s.bruteforce(%s)' % args)
        took_line = TookLine(self._w3af_core,
                             plugin.get_name(),
                             'bruteforce',
                             method_params={'uri': fuzzable_request.get_uri()})

        # Status
        self._w3af_core.status.set_running_plugin('bruteforce',
                                                  plugin.get_name())
        self._w3af_core.status.set_current_fuzzable_request(
            'bruteforce', fuzzable_request)

        # TODO: Report progress to the core.
        try:
            new_frs = plugin.bruteforce_wrapper(fuzzable_request)
        except Exception as e:
            self.handle_exception('bruteforce', plugin.get_name(),
                                  fuzzable_request, e)
        else:
            res.update(new_frs)

        took_line.send()
        return res
Пример #5
0
    def _login(self, function_id):
        """
        This is the method that actually calls the plugins in order to login
        to the web application.
        """
        for plugin in self._consumer_plugins:

            args = (plugin.get_name(), plugin.get_name())
            om.out.debug('%s.is_logged() and %s.login()' % args)
            took_line = TookLine(self._w3af_core,
                                 plugin.get_name(),
                                 '_login')

            try:
                if not plugin.is_logged():
                    plugin.login()
            except Exception, e:
                self.handle_exception('auth', plugin.get_name(), None, e)

            took_line.send()
Пример #6
0
    def _inner_consume(self, request, response):
        """
        Run one plugin against a request/response.

        :param request: The HTTP request
        :param response: The HTTP response
        :return: None, results are saved to KB
        """
        for plugin in self._consumer_plugins:

            took_line = TookLine(self._w3af_core,
                                 plugin.get_name(),
                                 'grep',
                                 debugging_id=None,
                                 method_params={'uri': request.get_uri()})

            try:
                plugin.grep_wrapper(request, response)
            except Exception, e:
                self.handle_exception('grep', plugin.get_name(), request, e)
            else:
                took_line.send()