Python dc示例，core.data.dc.dataContainer.dc Python示例

示例#1

0

显示文件

文件： fuzzer.py 项目： adambaldwin2/test

def _createFileNameMutants(freq, mutantClass, mutant_str_list, fuzzableParamList, append):
    """
    @parameter freq: A fuzzable request with a dataContainer inside.
    @parameter mutantClass: The class to use to create the mutants
    @parameter fuzzableParamList: What parameters should be fuzzed
    @parameter append: True/False, if we should append the value or replace it.
    @parameter mutant_str_list: a list with mutant strings to use
    
    @return: Mutants that have the filename URL changed with the strings at mutant_str_list
    
    >>> from core.data.parsers.urlParser import url_object
    >>> from core.data.request.fuzzableRequest import fuzzableRequest
    >>> url = url_object('http://www.w3af.com/abc/def.html')
    >>> fr = fuzzableRequest()
    >>> fr.setURL( url )

    >>> mutant_list = _createFileNameMutants( fr, mutantFileName, ['ping!','pong-'], [], False )
    >>> [ m.getURL().url_string for m in mutant_list]
    ['http://www.w3af.com/abc/ping%21.html', 'http://www.w3af.com/abc/pong-.html', 'http://www.w3af.com/abc/def.ping%21', 'http://www.w3af.com/abc/def.pong-']
    
    >>> mutant_list = _createFileNameMutants( fr, mutantFileName, ['/etc/passwd',], [], False )
    >>> [ m.getURL().url_string for m in mutant_list]
    ['http://www.w3af.com/abc/%2Fetc%2Fpasswd.html', 'http://www.w3af.com/abc//etc/passwd.html', 'http://www.w3af.com/abc/def.%2Fetc%2Fpasswd', 'http://www.w3af.com/abc/def./etc/passwd']

    """
    res = []
    fileName = freq.getURL().getFileName()
    splittedFileName = [x for x in re.split(r"([a-zA-Z0-9]+)", fileName) if x != ""]
    for i in xrange(len(splittedFileName)):
        for mutant_str in mutant_str_list:
            if re.match("[a-zA-Z0-9]", splittedFileName[i]):
                divided_file_name = dc()
                divided_file_name["start"] = "".join(splittedFileName[:i])
                if append:
                    divided_file_name["fuzzedFname"] = splittedFileName[i] + urllib.quote_plus(mutant_str)
                else:
                    divided_file_name["fuzzedFname"] = urllib.quote_plus(mutant_str)
                divided_file_name["end"] = "".join(splittedFileName[i + 1 :])

                freq_copy = freq.copy()
                freq_copy.setURL(freq.getURL())

                # Create the mutant
                m = mutantClass(freq_copy)
                m.setOriginalValue(splittedFileName[i])
                m.setVar("fuzzedFname")
                m._mutant_dc = divided_file_name
                m.setModValue(mutant_str)
                # Special for filename fuzzing and some configurations of mod_rewrite
                m.setDoubleEncoding(False)
                res.append(m)

                # The same but with a different type of encoding! (mod_rewrite)
                m2 = m.copy()
                m2.setSafeEncodeChars("/")

                if m2.getURL() != m.getURL():
                    res.append(m2)
    return res

示例#2

0

显示文件

文件： fuzzableRequest.py 项目： adambaldwin2/test

    def __init__(self):
        
        # Internal variables
        self._url = None
        self._uri = None
        self._method = 'GET'
        self._data = ''
        self._headers = {}
        self._cookie = None
        self._dc = dc()

        # Set the internal variables
        self._sent_information_comparable = None

示例#3

0

显示文件

文件： fuzzer.py 项目： DavisHevin/sqli_benchmark

def _createFileNameMutants( freq, mutantClass, mutant_str_list, fuzzableParamList , append ):
    '''
    @parameter freq: A fuzzable request with a dataContainer inside.
    @parameter mutantClass: The class to use to create the mutants
    @parameter fuzzableParamList: What parameters should be fuzzed
    @parameter append: True/False, if we should append the value or replace it.
    @parameter mutant_str_list: a list with mutant strings to use
    
    @return: Mutants that have the filename URL changed with the strings at mutant_str_list
    '''
    res = []
    fileName = urlParser.getFileName( freq.getURL() )
    splittedFileName = [ x for x in re.split( r'([a-zA-Z0-9]+)', fileName ) if x != '' ]
    for i in xrange( len( splittedFileName ) ):
        for mutant_str in mutant_str_list:
            if re.match('[a-zA-Z0-9]', splittedFileName[i] ):
                divided_file_name = dc()
                divided_file_name['start'] = ''.join( splittedFileName[: i] )
                if append:
                    divided_file_name['fuzzedFname'] = splittedFileName[i] + urllib.quote_plus( mutant_str )
                else:
                    divided_file_name['fuzzedFname'] = urllib.quote_plus( mutant_str )
                divided_file_name['end'] = ''.join( splittedFileName[i+1:] )
                
                freq_copy = freq.copy()
                freq_copy.setURL( freq.getURL() )
                
                # Create the mutant
                m = mutantClass( freq_copy ) 
                m.setOriginalValue( splittedFileName[i] )
                m.setVar( 'fuzzedFname' )
                m._mutant_dc = divided_file_name
                m.setModValue( mutant_str )
                # Special for filename fuzzing and some configurations of mod_rewrite
                m.setDoubleEncoding( False )
                
                # The same but with a different type of encoding! (mod_rewrite)
                m2 = m.copy()
                m2.setSafeEncodeChars('/')
                
                res.append( m )
                res.append( m2 )
    return res