示例#1
0
文件: unSSL.py 项目: 1d3df9903ad/w3af
    def audit(self, freq ):
        '''
        Check if the protocol specified in freq is https and fetch the same URL using http. 
        ie:
            - input: https://a/
            - check: http://a/
        
        @param freq: A fuzzableRequest
        '''
        if self._ignore_next_calls:
            return
        else:            
            # Define some variables
            secure = freq.getURL()
            insecure = secure.setProtocol('http')
            
            if self._first_run:
                try:
                    self._uri_opener.GET( insecure )
                except:
                    # The request failed because the HTTP port is closed or something like that
                    # we shouldn't test any other fuzzable requests.
                    self._ignore_next_calls = True
                    msg = 'HTTP port seems to be closed. Not testing any other URLs in unSSL.'
                    om.out.debug( msg )
                    return
                else:
                    # Only perform the initial check once.
                    self._first_run = False
                
            # It seems that we can request the insecure HTTP URL
            # (checked with the GET request)
            if 'HTTPS' == freq.getURL().getProtocol().upper():

                # We are going to perform requests that (in normal cases)
                # are going to fail, so we set the ignore errors flag to True
                self._uri_opener.ignore_errors( True )
                
                https_response = self._uri_opener.send_mutant(freq)
                freq.setURL( insecure )
                http_response = self._uri_opener.send_mutant(freq)
                
                if http_response.getCode() == https_response.getCode():
                    
                    if relative_distance_boolean( http_response.getBody(),
                                                  https_response.getBody(),
                                                  0.97 ):
                        v = vuln.vuln( freq )
                        v.setPluginName(self.getName())
                        v.setName( 'Secure content over insecure channel' )
                        v.setSeverity(severity.MEDIUM)
                        msg = 'Secure content can be accesed using the insecure protocol HTTP.'
                        msg += ' The vulnerable URLs are: "' + secure + '" - "' + insecure + '" .'
                        v.setDesc( msg )
                        v.setId( [http_response.id, https_response.id] )
                        kb.kb.append( self, 'unSSL', v )
                        om.out.vulnerability( v.getDesc(), severity=v.getSeverity() )

                # Disable error ignoring
                self._uri_opener.ignore_errors( False )
示例#2
0
    def equal_with_limit(self, body1, body2, compare_diff=False):
        '''
        Determines if two pages are equal using a ratio.
        '''
        if compare_diff:
            body1, body2 = diff(body1, body2)

        cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
        self.debug('Result: %s' % cmp_res)

        return cmp_res
示例#3
0
    def equal_with_limit(self, body1, body2, compare_diff=False):
        '''
        Determines if two pages are equal using a ratio.
        '''
        if compare_diff:
            body1, body2 = diff(body1, body2)

        cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
        self.debug('Result: %s' % cmp_res)

        return cmp_res
示例#4
0
文件: csrf.py 项目: weisst/w3af
    def _is_resp_equal(self, res1, res2):
        '''
        @see: unittest for this method in test_csrf.py
        '''
        if res1.get_code() != res2.get_code():
            return False

        if not relative_distance_boolean(res1.body, res2.body,
                                         self._equal_limit):
            return False

        return True
示例#5
0
文件: csrf.py 项目: Adastra-thw/w3af
    def _is_resp_equal(self, res1, res2):
        '''
        @see: unittest for this method in test_csrf.py
        '''
        if res1.get_code() != res2.get_code():
            return False

        if not relative_distance_boolean(res1.body, res2.body,
                                         self._equal_limit):
            return False

        return True
示例#6
0
    def test_all(self):
        acceptance_tests = []
        acceptance_tests.append(('a', 'a', 1.0))
        acceptance_tests.append(('a', 'a', 0.1))
        acceptance_tests.append(('a', 'a', 0.0))

        acceptance_tests.append(('a', 'b', 1.0))
        acceptance_tests.append(('a', 'b', 0.1))
        acceptance_tests.append(('a', 'b', 0.0))

        acceptance_tests.append(('a', 'ab', 1.0))
        acceptance_tests.append(('a', 'ab', 0.1))

        acceptance_tests.append(('a', 'b', 0.0000000000000000001))
        acceptance_tests.append(('a', 'b' * 100, 1.0))

        acceptance_tests.append(('a', 'ab', 0.66666666666))
        acceptance_tests.append(('a', 'aab', 0.5))
        acceptance_tests.append(('a', 'aaab', 0.4))
        acceptance_tests.append(
            ('a', 'aaaab',
             0.33333333333333333333333333333333333333333333333333333333))

        acceptance_tests.append(('a' * 25, 'a', 1.0))
        acceptance_tests.append(('aaa', 'aa', 1.0))
        acceptance_tests.append(('a', 'a', 1.0))

        acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927))
        acceptance_tests.append(('aaa', 'aa', 0.8))

        acceptance_tests.append(('a', 'a', 0.0))

        for e, d, f in acceptance_tests:
            res1 = relative_distance_boolean(e, d, f)
            res2 = relative_distance(e, d) >= f

            msg = 'relative_distance_boolean and relative_distance returned'\
                  ' different results for the same parameters:\n'\
                  '    - %s\n'\
                  '    - %s\n'\
                  '    - Threshold: %s\n'\

            self.assertEqual(res1, res2, msg % (e, d, f))
示例#7
0
    def test_all(self):
        acceptance_tests = []
        acceptance_tests.append(('a', 'a', 1.0))
        acceptance_tests.append(('a', 'a', 0.1))
        acceptance_tests.append(('a', 'a', 0.0))

        acceptance_tests.append(('a', 'b', 1.0))
        acceptance_tests.append(('a', 'b', 0.1))
        acceptance_tests.append(('a', 'b', 0.0))

        acceptance_tests.append(('a', 'ab', 1.0))
        acceptance_tests.append(('a', 'ab', 0.1))

        acceptance_tests.append(('a', 'b', 0.0000000000000000001))
        acceptance_tests.append(('a', 'b' * 100, 1.0))

        acceptance_tests.append(('a', 'ab', 0.66666666666))
        acceptance_tests.append(('a', 'aab', 0.5))
        acceptance_tests.append(('a', 'aaab', 0.4))
        acceptance_tests.append(('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333))

        acceptance_tests.append(('a' * 25, 'a', 1.0))
        acceptance_tests.append(('aaa', 'aa', 1.0))
        acceptance_tests.append(('a', 'a', 1.0))

        acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927))
        acceptance_tests.append(('aaa', 'aa', 0.8))

        acceptance_tests.append(('a', 'a', 0.0))

        for e, d, f in acceptance_tests:
            res1 = relative_distance_boolean(e, d, f)
            res2 = relative_distance(e, d) >= f
            
            msg = 'relative_distance_boolean and relative_distance returned'\
                  ' different results for the same parameters:\n'\
                  '    - %s\n'\
                  '    - %s\n'\
                  '    - Threshold: %s\n'\
            
            self.assertEqual(res1, res2, msg % (e, d, f))
示例#8
0
    def audit(self, freq, orig_response):
        '''
        Check if the protocol specified in freq is https and fetch the same URL
        using http. ie:
            - input: https://w3af.org/
            - check: http://w3af.org/

        :param freq: A FuzzableRequest
        '''
        if not self._run:
            return
        else:
            # Define some variables
            initial_uri = freq.get_uri()
            insecure_uri = initial_uri.copy()
            secure_uri = initial_uri.copy()

            insecure_uri.set_protocol('http')
            insecure_fr = freq.copy()
            insecure_fr.set_url(insecure_uri)

            secure_uri.set_protocol('https')
            secure_fr = freq.copy()
            secure_fr.set_url(secure_uri)

            send_mutant = self._uri_opener.send_mutant

            try:
                insecure_response = send_mutant(insecure_fr, grep=False)
                secure_response = send_mutant(secure_fr, grep=False)
            except w3afException:
                # No vulnerability to report since one of these threw an error
                # (because there is nothing listening on that port). It makes
                # no sense to keep running since we already got an error
                self._run = False
                
            else:
                if self._redirects_to_secure(insecure_response, secure_response):
                    return
                
                if insecure_response.get_code() == secure_response.get_code()\
                and relative_distance_boolean(insecure_response.get_body(),
                                              secure_response.get_body(),
                                              0.95):
                    desc = 'Secure content can be accessed using the insecure'\
                           ' protocol HTTP. The vulnerable URLs are:'\
                           ' "%s" - "%s" .'
                    desc = desc % (secure_uri, insecure_uri)
                    
                    response_ids = [insecure_response.id, secure_response.id]
                    
                    v = Vuln.from_fr('Secure content over insecure channel',
                                     desc, severity.MEDIUM, response_ids,
                                     self.get_name(), freq)

                    self.kb_append(self, 'un_ssl', v)
                    
                    om.out.vulnerability(v.get_desc(),
                                         severity=v.get_severity())
                    
                    # In most cases, when one resource is available, all are
                    # so we just stop searching for this vulnerability
                    self._run = False
示例#9
0
文件: un_ssl.py 项目: weisst/w3af
    def audit(self, freq, orig_response):
        '''
        Check if the protocol specified in freq is https and fetch the same URL
        using http. ie:
            - input: https://w3af.org/
            - check: http://w3af.org/

        :param freq: A FuzzableRequest
        '''
        if not self._run:
            return
        else:
            # Define some variables
            initial_uri = freq.get_uri()
            insecure_uri = initial_uri.copy()
            secure_uri = initial_uri.copy()

            insecure_uri.set_protocol('http')
            insecure_fr = freq.copy()
            insecure_fr.set_url(insecure_uri)

            secure_uri.set_protocol('https')
            secure_fr = freq.copy()
            secure_fr.set_url(secure_uri)

            send_mutant = self._uri_opener.send_mutant

            try:
                insecure_response = send_mutant(insecure_fr, grep=False)
                secure_response = send_mutant(secure_fr, grep=False)
            except w3afException:
                # No vulnerability to report since one of these threw an error
                # (because there is nothing listening on that port). It makes
                # no sense to keep running since we already got an error
                self._run = False

            else:
                if self._redirects_to_secure(insecure_response,
                                             secure_response):
                    return

                if insecure_response.get_code() == secure_response.get_code()\
                and relative_distance_boolean(insecure_response.get_body(),
                                              secure_response.get_body(),
                                              0.95):
                    desc = 'Secure content can be accessed using the insecure'\
                           ' protocol HTTP. The vulnerable URLs are:'\
                           ' "%s" - "%s" .'
                    desc = desc % (secure_uri, insecure_uri)

                    response_ids = [insecure_response.id, secure_response.id]

                    v = Vuln.from_fr('Secure content over insecure channel',
                                     desc, severity.MEDIUM, response_ids,
                                     self.get_name(), freq)

                    self.kb_append(self, 'un_ssl', v)

                    om.out.vulnerability(v.get_desc(),
                                         severity=v.get_severity())

                    # In most cases, when one resource is available, all are
                    # so we just stop searching for this vulnerability
                    self._run = False