def test_basic(self): freq = FuzzableRequest(URL('http://www.w3af.com/')) fake_ref = 'http://w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') original_referer = freq.get_referer() mutant.set_original_value(original_referer) mutant.set_mod_value(fake_ref) self.assertEqual(mutant.get_headers()['Referer'], fake_ref) self.assertEqual(mutant.get_original_value(), original_referer)
def _is_origin_checked(self, freq, orig_response): ''' :return: True if the remote web application verifies the Referer before processing the HTTP request. ''' fake_ref = 'http://www.w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') mutant.set_original_value(freq.get_referer()) mutant.set_mod_value(fake_ref) mutant_response = self._uri_opener.send_mutant(mutant) if not self._is_resp_equal(orig_response, mutant_response): return True return False