def test(request, vector_id, context_id, encoding_id, verdict): b = Browser.objects.get(id=request.session["browser"]) v = Vector.objects.get(id=vector_id) wc = WebContext.objects.get(id=context_id) enc = Encoding.objects.get(id=encoding_id) if verdict == "pass": # todo: refactoring test object update t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "PASS" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS") t.save() return HttpResponseRedirect("/test/next") elif verdict == "xhrpass": # todo: refactoring test object update t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "PASS" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS") t.save() return HttpResponse("test n°" + str(vector_id) + " passed via xhttprequest") elif verdict == "imgpass": t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "PASS" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS") t.save() # TODO: Fix this f*****g path deployment issue !!! image_data = open("static/img/pass.png", "rb").read() return HttpResponse(image_data, mimetype="image/png") else: # todo: refactoring test object update baseurl = request.build_absolute_uri("/") domain = Site.objects.get_current() xss_instance = build_vector( v, test_payload(vector_id, context_id, encoding_id, baseurl, domain), "test", context_id, encoding_id, baseurl, ) t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "SENT" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="SENT") t.save() # source=str(wc.source).replace("%(xss)s",xss_instance) source = wc.source % {"xss": xss_instance} resp = HttpResponse(source.decode("string_escape"), content_type=wc.mimetype + "; " + enc.web_encoding) return resp
def test(request, vector_id, context_id, encoding_id, verdict): b = Browser.objects.get(id=request.session['browser']) v = Vector.objects.get(id=vector_id) wc = WebContext.objects.get(id=context_id) enc = Encoding.objects.get(id=encoding_id) if verdict == "pass": #todo: refactoring test object update t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "PASS" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS") t.save() return HttpResponseRedirect("/test/next") elif verdict == "xhrpass": #todo: refactoring test object update t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "PASS" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS") t.save() return HttpResponse("test n°" + str(vector_id) + " passed via xhttprequest") elif verdict == "imgpass": t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "PASS" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS") t.save() #TODO: Fix this f*****g path deployment issue !!! image_data = open("static/img/pass.png", "rb").read() return HttpResponse(image_data, mimetype="image/png") else: #todo: refactoring test object update baseurl = request.build_absolute_uri("/") domain = Site.objects.get_current() xss_instance = build_vector( v, test_payload(vector_id, context_id, encoding_id, baseurl, domain), "test", context_id, encoding_id, baseurl) t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc) if t: t = t[0] t.result = "SENT" else: t = Test(browser=b, vector=v, context=wc, encoding=enc, result="SENT") t.save() #source=str(wc.source).replace("%(xss)s",xss_instance) source = wc.source % {"xss": xss_instance} resp = HttpResponse(source.decode('string_escape'), content_type=wc.mimetype + "; " + enc.web_encoding) return resp
def xss(request, vector_id): v = Vector.objects.get(id=vector_id) xss_instance = build_vector(v, xss_payload(), "xss") return HttpResponse(xss_instance.decode('string_escape'))
def xss(request, vector_id): v = Vector.objects.get(id=vector_id) xss_instance = build_vector(v, xss_payload(), "xss") return HttpResponse(xss_instance.decode("string_escape"))