def test_simple_GET_relative(self):
http_request = 'GET / HTTP/1.1\n' \
'Host: www.w3af.org\n' \
'Foo: bar\n'
fuzzable_request = HTTPRequestParser(http_request, '')
exp_headers = Headers([('Host', 'www.w3af.org'), ('Foo', 'bar')])
self.assertEquals(fuzzable_request.get_headers(), exp_headers)
self.assertEqual(fuzzable_request.get_url().get_domain(), 'www.w3af.org')
def test_simple_GET_relative(self):
http_request = 'GET / HTTP/1.1\n' \
'Host: www.w3af.org\n' \
'Foo: bar\n'
fuzzable_request = HTTPRequestParser(http_request, '')
exp_headers = Headers([('Host', 'www.w3af.org'), ('Foo', 'bar')])
self.assertEquals(fuzzable_request.get_headers(), exp_headers)
self.assertEqual(fuzzable_request.get_url().get_domain(),
'www.w3af.org')
def test_POST_request(self):
self.http_daemon = HTTPDaemon()
self.http_daemon.start()
self.http_daemon.wait_for_start()
#
# Send the request to our server using the GUI
#
self.double_click('localhost')
self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False)
# Move to the beginning
self.type(['<PgUp>',], False)
# Replace GET with POST
self.type(['<Delete>',], False)
self.type(['<Delete>',], False)
self.type(['<Delete>',], False)
self.type('POST', False)
# Move to the end (postdata)
self.type(['<PgDn>',], False)
post_data = 'foo=bar&spam=eggs'
self.type(post_data, False)
self.click('send')
# Wait until we actually get the response, and verify we got the
# response body we expected:
self.find('abcdef')
self.find('200_OK')
#
# Assert that it's what we really expected
#
requests = self.http_daemon.requests
self.assertEqual(len(requests), 1)
request = requests[0]
head, postdata = MANUAL_REQUEST_EXAMPLE, ''
http_request = HTTPRequestParser(head, postdata)
self.assertEqual(http_request.get_url().get_path(), request.path)
self.assertEqual('POST', request.command)
for header_name, header_value in http_request.get_headers().iteritems():
self.assertIn(header_name.lower(), request.headers)
self.assertEqual(header_value, request.headers[header_name.lower()])
self.assertEqual(str(len(post_data)), request.headers['content-length'])
self.http_daemon.shutdown()
def ruby_export(request_string):
"""
:param request_string: The string of the request to export
:return: A net/http based ruby script that will perform the same HTTP request.
"""
# get the header and the body
splitted_request = request_string.split('\n\n')
header = splitted_request[0]
body = '\n\n'.join(splitted_request[1:])
http_request = HTTPRequestParser(header, body)
# Now I do the real magic...
res = 'require \'net/https\'\n\n'
res += 'url = URI.parse("' + ruby_escape_string(
http_request.get_uri().url_string) + '")\n'
if http_request.get_data() != '\n' and http_request.get_data() is not None:
escaped_data = ruby_escape_string(str(http_request.get_data()))
res += 'data = "' + escaped_data + '"\n'
else:
res += 'data = nil\n'
res += 'headers = {\n'
headers = http_request.get_headers()
for header_name, header_value in headers.iteritems():
header_value = ruby_escape_string(header_value)
header_name = ruby_escape_string(header_name)
res += ' "' + header_name + '" => "' + header_value + '",\n'
res = res[:-2]
res += '\n}\n'
method = http_request.get_method()
res += 'res = Net::HTTP.start(url.host, url.port) do |http|\n'
res += ' http.use_ssl = '
if http_request.get_url().get_protocol().lower() == 'https':
res += 'true\n'
else:
res += 'false\n'
res += ' http.send_request("' + method + '", url.path, data, headers)\n'
res += 'end\n\n'
res += 'puts res.body\n'
return res
def ruby_export(request_string):
"""
:param request_string: The string of the request to export
:return: A net/http based ruby script that will perform the same HTTP request.
"""
# get the header and the body
splitted_request = request_string.split('\n\n')
header = splitted_request[0]
body = '\n\n'.join(splitted_request[1:])
http_request = HTTPRequestParser(header, body)
# Now I do the real magic...
res = 'require \'net/https\'\n\n'
res += 'url = URI.parse("' + ruby_escape_string(
http_request.get_uri().url_string) + '")\n'
if http_request.get_data() != '\n' and http_request.get_data() is not None:
escaped_data = ruby_escape_string(str(http_request.get_data()))
res += 'data = "' + escaped_data + '"\n'
else:
res += 'data = nil\n'
res += 'headers = {\n'
headers = http_request.get_headers()
for header_name, header_value in headers.iteritems():
header_value = ruby_escape_string(header_value)
header_name = ruby_escape_string(header_name)
res += ' "' + header_name + '" => "' + header_value + '",\n'
res = res[:-2]
res += '\n}\n'
method = http_request.get_method()
res += 'res = Net::HTTP.start(url.host, url.port) do |http|\n'
res += ' http.use_ssl = '
if http_request.get_url().get_protocol().lower() == 'https':
res += 'true\n'
else:
res += 'false\n'
res += ' http.send_request("' + method + '", url.path, data, headers)\n'
res += 'end\n\n'
res += 'puts res.body\n'
return res
def test_GET_request(self):
self.http_daemon = HTTPDaemon()
self.http_daemon.start()
self.http_daemon.wait_for_start()
#
# Send the request to our server using the GUI
#
self.double_click('localhost')
self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False)
self.click('send')
# Wait until we actually get the response, and verify we got the
# response body we expected:
self.find('abcdef')
self.find('200_OK')
#
# Assert that it's what we really expected
#
requests = self.http_daemon.requests
self.assertEqual(len(requests), 1)
request = requests[0]
head, postdata = MANUAL_REQUEST_EXAMPLE, ''
http_request = HTTPRequestParser(head, postdata)
self.assertEqual(http_request.get_url().get_path(), request.path)
self.assertEqual(http_request.get_method(), request.command)
for header_name, header_value in http_request.get_headers().iteritems(
):
self.assertIn(header_name.lower(), request.headers)
self.assertEqual(header_value,
request.headers[header_name.lower()])
self.http_daemon.shutdown()
def test_GET_request(self):
self.http_daemon = HTTPDaemon()
self.http_daemon.start()
self.http_daemon.wait_for_start()
#
# Send the request to our server using the GUI
#
self.double_click('localhost')
self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False)
self.click('send')
# Wait until we actually get the response, and verify we got the
# response body we expected:
self.find('abcdef')
self.find('200_OK')
#
# Assert that it's what we really expected
#
requests = self.http_daemon.requests
self.assertEqual(len(requests), 1)
request = requests[0]
head, postdata = MANUAL_REQUEST_EXAMPLE, ''
http_request = HTTPRequestParser(head, postdata)
self.assertEqual(http_request.get_url().get_path(), request.path)
self.assertEqual(http_request.get_method(), request.command)
for header_name, header_value in http_request.get_headers().iteritems():
self.assertIn(header_name.lower(), request.headers)
self.assertEqual(header_value, request.headers[header_name.lower()])
self.http_daemon.shutdown()
def test_POST_request(self):
self.http_daemon = HTTPDaemon()
self.http_daemon.start()
self.http_daemon.wait_for_start()
#
# Send the request to our server using the GUI
#
self.double_click('localhost')
self.type('127.0.0.1:%s' % self.http_daemon.get_port(), False)
# Move to the beginning
self.type([
'<PgUp>',
], False)
# Replace GET with POST
self.type([
'<Delete>',
], False)
self.type([
'<Delete>',
], False)
self.type([
'<Delete>',
], False)
self.type('POST', False)
# Move to the end (postdata)
self.type([
'<PgDn>',
], False)
post_data = 'foo=bar&spam=eggs'
self.type(post_data, False)
self.click('send')
# Wait until we actually get the response, and verify we got the
# response body we expected:
self.find('abcdef')
self.find('200_OK')
#
# Assert that it's what we really expected
#
requests = self.http_daemon.requests
self.assertEqual(len(requests), 1)
request = requests[0]
head, postdata = MANUAL_REQUEST_EXAMPLE, ''
http_request = HTTPRequestParser(head, postdata)
self.assertEqual(http_request.get_url().get_path(), request.path)
self.assertEqual('POST', request.command)
for header_name, header_value in http_request.get_headers().iteritems(
):
self.assertIn(header_name.lower(), request.headers)
self.assertEqual(header_value,
request.headers[header_name.lower()])
self.assertEqual(str(len(post_data)),
request.headers['content-length'])
self.http_daemon.shutdown()