def httpresponse_bytes_diffratio(helpers, http_bytes_one, http_bytes_two): """ Returns a difference ratio between two byte arrays each representing one http response. Ratio=1.0 is a perfect match. """ http_one_info = helpers.analyzeResponse(http_bytes_one) http_one = StringUtil.fromBytes(http_bytes_one) http_one_body = http_one[http_one_info.getBodyOffset():] http_two_info = helpers.analyzeResponse(http_bytes_two) http_two = StringUtil.fromBytes(http_bytes_two) http_two_body = http_two[http_two_info.getBodyOffset():] s = SequenceMatcher(lambda x: x== " ", http_one_body, http_two_body) return s.ratio()
def httpresponse_bytes_diffratio(helpers, http_bytes_one, http_bytes_two): """ Returns a difference ratio between two byte arrays each representing one http response. Ratio=1.0 is a perfect match. """ http_one_info = helpers.analyzeResponse(http_bytes_one) http_one = StringUtil.fromBytes(http_bytes_one) http_one_body = http_one[http_one_info.getBodyOffset():] http_two_info = helpers.analyzeResponse(http_bytes_two) http_two = StringUtil.fromBytes(http_bytes_two) http_two_body = http_two[http_two_info.getBodyOffset():] s = SequenceMatcher(lambda x: x == " ", http_one_body, http_two_body) return s.ratio()
def map(k, context): result = context.cx.getCurrentValue() meta_data = StringUtil.fromBytes(result.getValue("meta_data", "json")) meta = json.loads(meta_data) product = meta['ProductName'] version = meta['Version'] ispluginhang = meta.get('PluginHang', None) == "1" err = 0 kv = result.getColumnLatest("raw_data", "dump") if kv is None: err += 1 dumplen = 0 else: dumplen = kv.getValueLength() if "additional_minidumps" in meta: extradumps = meta["additional_minidumps"].split(",") for extradump in extradumps: extrakv = result.getColumnLatest( "raw_data", "upload_file_minidump_" + extradump) if extrakv is None: err += 1 else: extralen = extrakv.getValueLength() dumplen += extralen context.write(k, (product, version, ispluginhang, dumplen, err))
def doActiveScan(self, ihrr, isip): withPayload = isip.buildRequest(StringUtil.toBytes('${1336+1}')) newReqRes = self.callbacks.makeHttpRequest(ihrr.getHttpService(), withPayload) variation = self.helpers.analyzeResponseVariations( ihrr.getResponse(), newReqRes.getResponse()) pageChanges = variation.getVariantAttributes() length = False bodyContent = False match = False for change in pageChanges: if change == 'content_length': length = True if change == 'whole_body_content': bodyContent = True match = '1337' in self.helpers.bytesToString(newReqRes.getResponse()) if length and bodyContent and match: issues = ArrayList() issues.add(ELJ(newReqRes, self.callbacks, self.helpers)) return issues else: return None
def send_to_repeater(self, host, payload): req = self._requests[host]['POST'] or self._requests[host][ 'PUT'] or self._requests[host]['GET'] if req and self._callbacks and self._helpers: info = req[0] body = req[1] nobody = body[:info.getBodyOffset()].tostring() rstripoffset = info.getBodyOffset() - len(nobody.rstrip()) headers = body[:info.getBodyOffset() - rstripoffset].tostring() try: self._overrideheaders[host] except KeyError: self._overrideheaders[host] = [] headers = override_headers(headers, self._overrideheaders[host]) repeater_body = StringUtil.toBytes( string_join( headers, body[info.getBodyOffset() - rstripoffset:info.getBodyOffset()].tostring(), payload)) self._callbacks.sendToRepeater( info.getUrl().getHost(), info.getUrl().getPort(), info.getUrl().getProtocol() == 'https', repeater_body, 'GraphQL #%s' % self._index) self._index += 1
def Parse(self, data, isfinal=False): # The 'data' argument should be an encoded text: a str instance that # represents an array of bytes. If instead it is a unicode string, # only the us-ascii range is considered safe enough to be silently # converted. if isinstance(data, unicode): data = data.encode(sys.getdefaultencoding()) self._data.append(data) if isfinal: bytes = StringUtil.toBytes(self._data.toString()) byte_stream = ByteArrayInputStream(bytes) source = InputSource(byte_stream) if self.encoding is not None: source.setEncoding(self.encoding) try: self._reader.parse(source) except SAXParseException, sax_error: # Experiments tend to show that the '_Next*' parser locations # match more closely expat behavior than the 'Current*' or sax # error locations. self.ErrorLineNumber = self._NextLineNumber self.ErrorColumnNumber = self._NextColumnNumber self.ErrorCode = None raise self._expat_error(sax_error) return 1
def doActiveScan(self, ihrr, isip): # 1 - Create a new request with our custom payload (tip: buildRequest) withPayload = isip.buildRequest(StringUtil.toBytes('${1336+1}')) # 2 - Send the HTTP request newReqRes = self.callbacks.makeHttpRequest(ihrr.getHttpService(), withPayload) # 3 - Diff original and new responses (tip: analyzeResponseVariations and getVariantAttributes) variation = self.helpers.analyzeResponseVariations(ihrr.getResponse(), newReqRes.getResponse()) pageChanges = variation.getVariantAttributes() # 4 - Based on page changes, determine whether the page is vulnerable or not length = False bodyContent = False match = False for change in pageChanges: if change == 'content_length': length = True if change == 'whole_body_content': bodyContent = True match = '1337' in self.helpers.bytesToString(newReqRes.getResponse()) # 5 - If vulnerable, create a new IScanIssue and return the List<IScanIssue> if length and bodyContent and match: pass # TODO else: return None
def _get_examples(): names_and_bytes = None # z is the zip file containing the examples z = None if app_in_jar.startedFromJar(): # App started from JAR; attempt to acquire through java.lang.Class.getResourceAsStream() stream = Column.getResourceAsStream('/mallard_examples.zip') if stream is not None: # Convert to cStringIO; FileUtil.wrap does not seem to work well with ZipFile fbytes = StringUtil.fromBytes(FileUtil.readBytes(stream)) f = cStringIO.StringIO(fbytes) try: z = zipfile.ZipFile(f, 'r') except zipfile.BadZipfile: pass # App was not started from JAR, or loading failed; see if the ZIP file can be found in the file system if z is None: if os.path.isfile('mallard_examples.zip'): try: z = zipfile.ZipFile('mallard_examples.zip', 'r') except zipfile.BadZipfile: pass if z is not None: names_and_bytes = [] infos = z.infolist() for info in infos: if info.filename.lower().endswith('.page'): names_and_bytes.append((info.filename, z.read(info))) return names_and_bytes
def map(k, context): result = context.cx.getCurrentValue() meta_data = StringUtil.fromBytes(result.getValue("meta_data", "json")) meta = json.loads(meta_data) product = meta['ProductName'] version = meta['Version'] ispluginhang = meta.get('PluginHang', None) == "1" err = 0 kv = result.getColumnLatest("raw_data", "dump") if kv is None: err += 1 dumplen = 0 else: dumplen = kv.getValueLength() if "additional_minidumps" in meta: extradumps = meta["additional_minidumps"].split(",") for extradump in extradumps: extrakv = result.getColumnLatest("raw_data", "upload_file_minidump_" + extradump) if extrakv is None: err += 1 else: extralen = extrakv.getValueLength() dumplen += extralen context.write(k, (product, version, ispluginhang, dumplen, err))
def actionPerformed(self, e): """ Overrides ActionListener behaviour. Send current query to repeater. :param e: unused :return: None """ req = self.requests[self._host]['POST'] or self.requests[ self._host]['PUT'] or self.requests[self._host]['GET'] if req: info = req[0] body = req[1] nobody = body[:info.getBodyOffset()].tostring() rstripoffset = info.getBodyOffset() - len(nobody.rstrip()) headers = body[:info.getBodyOffset() - rstripoffset].tostring() try: self._overrideheaders[self._host] except KeyError: self._overrideheaders[self._host] = [] repeater_body = StringUtil.toBytes( string_join( override_headers(headers, self._overrideheaders[self._host]), body[info.getBodyOffset() - rstripoffset:info.getBodyOffset()].tostring(), self._payload)) self._callbacks.sendToRepeater( info.getUrl().getHost(), info.getUrl().getPort(), info.getUrl().getProtocol() == 'https', repeater_body, 'GraphQL #%s' % self._index) self._index += 1
def getNextPayload(self, baseValue): '''Interface method to return the next generated payload''' strinput = StringUtil.fromBytes(baseValue) if not self.unicodePayload: strinput = str(strinput) bv = self.decode(strinput) (self.morePayloads, output) = self.process(bv) return self.encode(output)
def read(filePath): bytes = Files.readAllBytes(filePath) content = StringUtil.fromBytes(bytes) if content.find(Strings.FileUtils_separator) != -1: (vars, script) = content.split(Strings.FileUtils_separator, 2) return (vars, script) else: return (None, None)
def read(fd, buffersize): """read(fd, buffersize) -> string Read a file descriptor. """ from org.python.core.util import StringUtil rawio = FileDescriptors.get(fd) buf = _handle_oserror(rawio.read, buffersize) return asPyString(StringUtil.fromBytes(buf))
def load_image(name, data): var_name = "_{}_img".format(name) if _USE_EMBEDDED_IMAGES: globals()[var_name] = ImageIcon( StringUtil.toBytes(base64.b64decode(data))) else: globals()[var_name] = ImageIcon( file=os.path.join(os.path.dirname(__file__), name + ".gif"))
def set_response_tab_pane(self, request_response): raw_response = request_response.getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = JTextArea(response_body) response_tab_textarea.setLineWrap(True) return JScrollPane(response_tab_textarea)
def write(fd, string): """write(fd, string) -> byteswritten Write a string to a file descriptor. """ from java.nio import ByteBuffer from org.python.core.util import StringUtil rawio = FileDescriptors.get(fd) return _handle_oserror(rawio.write, ByteBuffer.wrap(StringUtil.toBytes(string)))
def test_bmp_utf8stream(self): # Program written in Unicode with codes above 255 a = u"畫蛇添足 Λόγος" prog = u'a = u"{:s}"\nprint repr(a)'.format(a) # Program as bytes with declared encoding for execfile(InputStream) progbytes = '# coding: utf-8\n' + prog.encode('utf-8') stream = java.io.ByteArrayInputStream(StringUtil.toBytes(progbytes)) self.do_test(stream, u'{}\n'.format(repr(a)), {'a': a})
def prepareForStep(self, configurationAttributes, requestParameters, step): extensionResult = self.extensionPrepareForStep(configurationAttributes, requestParameters, step) if extensionResult != None: return extensionResult if (step == 1): print "Passport-saml: Prepare for Step 1 method call" identity = CdiUtil.bean(Identity) sessionId = identity.getSessionId() sessionAttribute = sessionId.getSessionAttributes() print "Passport-saml: session %s" % sessionAttribute oldState = sessionAttribute.get("state") if (oldState == None): print "Passport-saml: old state is none" return True else: print "Passport-saml: state is obtained" try: stateBytes = Base64Util.base64urldecode(oldState) state = StringUtil.fromBytes(stateBytes) stateObj = json.loads(state) print stateObj["provider"] for y in stateObj: print(y, ':', stateObj[y]) httpService = CdiUtil.bean(HttpService) facesService = CdiUtil.bean(FacesService) facesContext = CdiUtil.bean(FacesContext) httpclient = httpService.getHttpsClient() headersMap = HashMap() headersMap.put("Accept", "text/json") host = facesContext.getExternalContext().getRequest( ).getServerName() url = "https://" + host + "/passport/token" print "Passport-saml: url %s" % url resultResponse = httpService.executeGet( httpclient, url, headersMap) http_response = resultResponse.getHttpResponse() response_bytes = httpService.getResponseContent( http_response) szResponse = httpService.convertEntityToString( response_bytes) print "Passport-saml: szResponse %s" % szResponse tokenObj = json.loads(szResponse) print "Passport-saml: /passport/auth/saml/" + stateObj[ "provider"] + "/" + tokenObj["token_"] facesService.redirectToExternalURL("/passport/auth/saml/" + stateObj["provider"] + "/" + tokenObj["token_"]) except Exception, err: print str(err) return True return True
def set_response_tab_pane(self, request_response): raw_response = request_response.getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = self.callbacks.createTextEditor() component = response_tab_textarea.getComponent() response_tab_textarea.setText(response_body) response_tab_textarea.setEditable(False) return component
def set_response_tab_pane(self, scanner_issue): raw_response = scanner_issue.getRequestResponse().getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = JTextArea(response_body) response_tab_textarea.setLineWrap(True) # Set a context menu self.set_context_menu(response_tab_textarea, scanner_issue) return JScrollPane(response_tab_textarea)
def process(self, inputStream, outputStream): try: # Read input FlowFile content input_text = IOUtils.toString(inputStream, StandardCharsets.UTF_8) input_obj = json.loads(input_text) # Transform content # for i in range(0, len(input_obj)): output_arr = [] count = 0 while (count <= 59): detester = input_obj['create_time'] date = (datetime.datetime.strptime(detester, '%Y-%m-%d %H:%M:%S.%f') + datetime.timedelta( minutes=count)) output_obj = { "id": input_obj['id'], "meas_type": input_obj['meas_type'], "create_time": date.strftime("%Y-%m-%d %H:%M:%S.%f"), "create_day": datetime.datetime.strptime(date.strftime("%Y-%m-%d"), '%Y-%m-%d').strftime( "%Y-%m-%d %H:%M:%S.%f"), "create_minute": date.strftime("%H:%M:%S.%f") } if count == 0: output_obj['vtype'] = '时间' elif count == 1: output_obj['vtype'] = '最大值' elif count == 2: output_obj['vtype'] = '最小值' else: output_obj['vtype'] = '平均值' if count < 10: objkey = 'v0' + str(count) if input_obj[objkey] is None: output_obj['val'] = 0 else: output_obj['val'] = input_obj[objkey] else: objkey = 'v' + str(count) if input_obj[objkey] is None: output_obj['val'] = 0 else: output_obj['val'] = input_obj[objkey] # Write output content output_arr.append(output_obj) count = count + 1 output_text = json.dumps(output_arr) outputStream.write(StringUtil.toBytes(output_text)) except: traceback.print_exc(file=sys.stdout) raise
def do_test(self, source, ref_out=u'', ref_var={}, inp=None): out = java.io.StringWriter() err = java.io.StringWriter() var = {} if inp is not None: if isinstance(inp, bytes): inp = java.io.ByteArrayInputStream(StringUtil.toBytes(inp)) elif isinstance(inp, unicode): inp = java.io.StringReader(inp) exec_code_in_pi(source, inp, out, err, var) self.assertEquals(ref_var, var) self.assertEquals(ref_out, out.toString())
def __post(self): if (self.ready): while self.qbuff.qsize(): msg = self.qbuff.get() #print("[->] " + msg) try: self.postpv.write(StringUtil.toBytes(msg)) except: pass sleep(0.250) else: while self.qbuff.qsize(): discard = self.qbuff.get()
def buildRequest(self, payload): # Gross workaround via Dafydd - https://support.portswigger.net/customer/portal/questions/12431820-design-of-active-scanner-plugin-vs-insertionpoints if payload.tostring() not in methods: raise Exception( 'Just stopping Burp from using our custom insertion point') else: requestStr = self._baseRequest.tostring() newRequest = requestStr.replace(self._baseValue, payload) newRequestB = StringUtil.toBytes(newRequest) # update the request with the new parameter value return newRequestB
def set_response_tab_pane(self, scanner_issue): raw_response = scanner_issue.getRequestResponse().getResponse() response_body = StringUtil.fromBytes(raw_response) response_body = response_body.encode("utf-8") response_tab_textarea = self.callbacks.createTextEditor() component = response_tab_textarea.getComponent() response_tab_textarea.setText(response_body) response_tab_textarea.setEditable(False) # Set a context menu self.set_context_menu(component, scanner_issue) return component
def process(self, input, output) : try : comp = bz2.BZ2Decompressor() buf = zeros(8192, "b") while True : bytes_read = input.read(buf) if(bytes_read == -1) : break output.write(comp.decompress(StringUtil.fromBytes(buf, 0, bytes_read))) except : print "Exception in Decompress:" print '-' * 60 traceback.print_exc(file=sys.stdout) print '-' * 60 raise
def jconst(f): if f.func_defaults: numdefaults = len(f.func_defaults) else: numdefaults = 0 if f.__name__ == "__init__": f._clamp = JavaConstructorInfo(numdefaults, argtypes, **kwargs) else: if not StringUtil.isJavaIdentifier(f.func_name): raise ValueError("clamped method name '%s' isn't a valid Java identifier" % f.func_name) if len(argtypes) == 0: raise ValueError("clamped methods must specify a return type as their first arg. \ Use java.lang.Void to indicate returning nothing.") f._clamp = JavaMethodInfo(numdefaults, argtypes[0], argtypes[1:], **kwargs) return f
def process(self, input, output): try: comp = bz2.BZ2Decompressor() buf = zeros(8192, "b") while True: bytes_read = input.read(buf) if (bytes_read == -1): break output.write( comp.decompress(StringUtil.fromBytes(buf, 0, bytes_read))) except: print "Exception in Decompress:" print '-' * 60 traceback.print_exc(file=sys.stdout) print '-' * 60 raise
def runMessage(self, messageIndex): messageEntry = self._db.arrayOfMessages[messageIndex] # Clear Previous Results: messageEntry._roleResults = {} messageEntry._userRuns = {} messageInfo = messageEntry._requestResponse requestInfo = self._helpers.analyzeRequest(messageInfo) reqBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] for userIndex in self._db.getActiveUserIndexes(): userEntry = self._db.arrayOfUsers[userIndex] headers = self.getNewHeader(requestInfo, userEntry) # Add static CSRF token if available # TODO: Kinda hacky, but for now it will add the token as long as there is some content in the post body # Even if its a GET request. This screws up when original requests have no body though... oh well... newBody = reqBody if userEntry._staticcsrf and len(reqBody): delimeter = userEntry._staticcsrf.find("=") if delimeter >= 0: csrfname = userEntry._staticcsrf[0:delimeter] csrfvalue = userEntry._staticcsrf[delimeter+1:] params = requestInfo.getParameters() for param in params: if str(param.getName())==csrfname: # Handle CSRF Tokens in Body if param.getType() == 1: newBody = reqBody[0:param.getValueStart()-requestInfo.getBodyOffset()] + StringUtil.toBytes(csrfvalue) + reqBody[param.getValueEnd()-requestInfo.getBodyOffset():] # Handle CSRF Tokens in Cookies (for Cookie==Body mitigation technique): if param.getType() == 2: # TODO: required moving above portion to a function # TODO: also need to think about when cookie name != postarg name print "Cookie CSRF Tokens are not currently supported" if newBody == reqBody: newBody = reqBody+StringUtil.toBytes("&"+userEntry._staticcsrf) # Construct and send a message with the new headers message = self._helpers.buildHttpMessage(headers, newBody) requestResponse = self._callbacks.makeHttpRequest(messageInfo.getHttpService(),message) messageEntry.addRunByUserIndex(userIndex, self._callbacks.saveBuffersToTempFiles(requestResponse)) # Grab all active roleIndexes that should succeed activeSuccessRoles = [index for index in messageEntry._roles.keys() if messageEntry._roles[index] and not self._db.arrayOfRoles[index].isDeleted()] # Check Role Results of message for roleIndex in self._db.getActiveRoleIndexes(): success = self.checkResult(messageEntry, roleIndex, activeSuccessRoles) messageEntry.setRoleResultByRoleIndex(roleIndex, success)
def process(self, inputStream, outputStream): try: # Read input FlowFile content input_text = IOUtils.toString(inputStream, StandardCharsets.UTF_8) input_obj = json.loads(input_text) # Transform content output_obj = input_obj output_obj['value'] = output_obj['value'] * output_obj['value'] output_obj['message'] = 'Hello World' # Write output content output_text = json.dumps(output_obj) outputStream.write(StringUtil.toBytes(output_text)) except: traceback.print_exc(file=sys.stdout) raise
def __init__(self, callbacks, attack, unicodePayload=False): self.callbacks = callbacks # use Unicode strings in Jython? self.unicodePayload = unicodePayload # this is all the stuff from attack so we dont need to store it httpService = attack.getHttpService() self.httpHost = httpService.getHost() # java.lang.String self.httpPort = httpService.getPort() # int self.httpProtocol = httpService.getProtocol() # java.lang.String self.requestTemplate = StringUtil.fromBytes( attack.getRequestTemplate()) # python unicode if self.unicodePayload: self.self.requestTemplate = str(self.requestTemplate) self.morePayloads = True self.init()
def handleReceivedResponseForModifiedRequest(self, requestResponse): #Get original HTTP Request requestData = StringUtil.fromBytes(requestResponse.getRequest()) requestId = re.search(b"^X-REQUEST-ID: ([^\r]*)", requestData, flags=re.MULTILINE).group(1).encode('ascii') origRequestId = re.search(b"^X-REQUEST-ORIG-ID: ([^\r]*)", requestData, flags=re.MULTILINE).group(1).encode('ascii') print("Keys") print(requestId) print(origRequestId) print(self.requestResponseCache.keys()) self.requestResponseCache[requestId] = requestResponse origRequestResponse = self.requestResponseCache[origRequestId] analyzedOrigResponse = self.helpers.analyzeResponse( origRequestResponse.getResponse()) analayzeMutatedResponse = self.helpers.analyzeResponse( requestResponse.getResponse()) origResponseHeaders = self._buildResponseHeadersDictionary( analyzedOrigResponse.getHeaders()) mutatedResponseHeaders = self._buildResponseHeadersDictionary( analayzeMutatedResponse.getHeaders()) mutatedRequestInfo = self.helpers.analyzeRequest( requestResponse.getHttpService(), requestResponse.getRequest()) model = self.jtable.getModel() model.addRow([ str(mutatedRequestInfo.getUrl()), str(analayzeMutatedResponse.getStatusCode()), self._getDictValueOrEmptyStr(mutatedResponseHeaders, "content-length"), self._getDictValueOrEmptyStr(mutatedResponseHeaders, "location"), requestId, origRequestId ]) print("Modified Request Found: %s %s" % (requestId, origRequestId))
def process(self, inputStream, outputStream): try: # Read input FlowFile content input_text = IOUtils.toString(inputStream, StandardCharsets.UTF_8) input_obj = json.loads(input_text) # Transform content output_arr = [] start_time = input_obj['start_time'] end_time = input_obj['end_time'] id = input_obj['id'] meas_type = input_obj['meas_type'] date = datetime.datetime.strptime(start_time, '%Y-%m-%d %H:%M:%S') endtime = datetime.datetime.strptime(end_time, '%Y-%m-%d %H:%M:%S') while date < endtime: output_obj = { "id": id, "meas_type": meas_type, "val": 0, "create_time": date.strftime("%Y-%m-%d %H:%M:%S"), "create_day": datetime.datetime.strptime(date.strftime("%Y-%m-%d"), '%Y-%m-%d').strftime( "%Y-%m-%d %H:%M:%S"), "create_minute": date.strftime("%H:%M:%S") } if date.strftime("%M") == "00": output_obj['vtype'] = '时间' elif date.strftime("%M") == "01": output_obj['vtype'] = '最大值' elif date.strftime("%M") == "02": output_obj['vtype'] = '最小值' else: output_obj['vtype'] = '平均值' date = date + datetime.timedelta(minutes=1) print(output_obj) # Write output content output_arr.append(output_obj) output_text = json.dumps(output_arr) outputStream.write(StringUtil.toBytes(output_text)) except: traceback.print_exc(file=sys.stdout) raise
def processHttpMessage(self, toolFlag, messageIsRequest, requestResponse): if not messageIsRequest: requestData = StringUtil.fromBytes(requestResponse.getRequest()) #We generated the request, process it if requestData.find(b"X-REQUEST-ID") != -1: self.handleReceivedResponseForModifiedRequest(requestResponse) #Response received for non-mutated request. #Mutate request and send it. else: origRequestResponseUUID = str(uuid.uuid4()) reload(replacements) print("Looking for replacements") for replacement in self.replacements: newRequestData = re.sub(self.origSearchString, replacement, requestData) #If no replacemnets made, don't send any requests if newRequestData != requestData: newRequestUUID = str(uuid.uuid4()) newRequestData = re.sub( b"Host", b"X-REQUEST-ID: " + newRequestUUID + "\r\nHost", requestData) newRequestData = re.sub( b"Host", b"X-REQUEST-ORIG-ID: " + origRequestResponseUUID + "\r\nHost", newRequestData) print("Sending Mutated Request") print(newRequestData) self.requestResponseCache[ origRequestResponseUUID] = requestResponse httpService = requestResponse.getHttpService() self.callbacks.makeHttpRequest(httpService, newRequestData) print("Got here")
def jconst(f): if f.func_defaults: numdefaults = len(f.func_defaults) else: numdefaults = 0 if f.__name__ == "__init__": f._clamp = JavaConstructorInfo(numdefaults, argtypes, **kwargs) else: if not StringUtil.isJavaIdentifier(f.func_name): raise ValueError( "clamped method name '%s' isn't a valid Java identifier" % f.func_name) if len(argtypes) == 0: raise ValueError( "clamped methods must specify a return type as their first arg. \ Use java.lang.Void to indicate returning nothing.") f._clamp = JavaMethodInfo(numdefaults, argtypes[0], argtypes[1:], **kwargs) return f
def checkResult(self, messageEntry, roleIndex, activeSuccessRoles): for userIndex in self._db.getActiveUserIndexes(): userEntry = self._db.arrayOfUsers[userIndex] ignoreUser = False # if user is not in this role, ignore it if not userEntry._roles[roleIndex]: ignoreUser = True # If user is in any other role that should succeed, then ignore it for index in userEntry._roles.keys(): if not index == roleIndex and userEntry._roles[index] and index in activeSuccessRoles: ignoreUser = True if not ignoreUser: shouldSucceed = roleIndex in activeSuccessRoles requestResponse = messageEntry._userRuns[userEntry._index] resp = StringUtil.fromBytes(requestResponse.getResponse()) found = re.search(messageEntry._successRegex, resp, re.DOTALL) succeeds = found if shouldSucceed else not found if not succeeds: return False return True
# setup namespaces ElementTree._namespace_map["http://www.loc.gov/MARC21/slim"] = "marc" ElementTree._namespace_map["http://www.w3.org/2001/XMLSchema-instance"] = "xsi" # parse the marc payload and reserialize with proper namespaces props = object.getMetadata() try: #sourcePayload = object.getPayload(object.getSourceId()) sourcePayload = object.getPayload("DS1") tree = ElementTree.ElementTree() elem = tree.parse(FileUtil.wrap(sourcePayload.open())) xml = ElementTree.tostring(elem) sourcePayload.close() # save to new payload xmlBytes = ByteArrayInputStream(StringUtil.toBytes(xml)) try: newPayloadId = "MARC" props.setProperty("modified", "true"); #Can be processing multiple payload... props.setProperty("payloadToDelete.1", "DS1") props.setProperty("payloadToExport.1", "MARC") fixedPayload = object.createStoredPayload(newPayloadId, xmlBytes) except: print "Fail to create new payload, '%s' is already exist" % newPayloadId #revert back the properties as this object might be modified before but not exported yet restoreProperty(props, "indexOnHarvest") restoreProperty(props, "harvestQueue") restoreProperty(props, "renderQueue") restoreProperty(props, "jythonScript")
def runMessage(self, messageIndex): messageEntry = self._db.arrayOfMessages[messageIndex] # Clear Previous Results: messageEntry._roleResults = {} messageEntry._userRuns = {} messageInfo = messageEntry._requestResponse requestInfo = self._helpers.analyzeRequest(messageInfo) reqBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] for userIndex in self._db.getActiveUserIndexes(): userEntry = self._db.arrayOfUsers[userIndex] headers = requestInfo.getHeaders() if userEntry.isCookie(): cookieHeader = "Cookie:" newheader = cookieHeader # getHeaders has to be called again here cuz of java references for header in requestInfo.getHeaders(): if str(header).startswith(cookieHeader): newheader = str(header).strip() headers.remove(header) # If its a valid cookie equals = userEntry._token.find("=") if equals >= 0: cookieIndex = newheader.find(userEntry._token[0:equals+1]) # Cookie already exists and must be removed if cookieIndex >= 0: semicolon = newheader.find(";",cookieIndex) if semicolon >=0: # Remove extra whitespace if newheader[semicolon+1:semicolon+2] == " ": newheader = newheader.replace(newheader[cookieIndex:semicolon+2],"") else: newheader = newheader.replace(newheader[cookieIndex:semicolon+1],"") else: newheader = newheader.replace(newheader[cookieIndex:],"") # Removing tailing semicolon and white space newheader = newheader.rstrip("; ") # Handle when the only cookie is the target cookie if not newheader == cookieHeader: newheader += ";" newheader += " "+userEntry._token # Header else: newheader = userEntry._token colon = newheader.find(":") if colon >= 0: # getHeaders has to be called again here cuz of java references for header in requestInfo.getHeaders(): if str(header).startswith(newheader[0:colon+1]): headers.remove(header) headers.add(newheader) # Add static CSRF token if available # TODO: Kinda hacky, but for now it will add the token as long as there is some content in the post body # Even if its a GET request. This screws up when original requests have no body though... oh well... newBody = reqBody if userEntry._staticcsrf and len(reqBody): delimeter = userEntry._staticcsrf.find("=") if delimeter >= 0: csrfname = userEntry._staticcsrf[0:delimeter] csrfvalue = userEntry._staticcsrf[delimeter+1:] params = requestInfo.getParameters() for param in params: if str(param.getName())==csrfname: # Handle CSRF Tokens in Body if param.getType() == 1: newBody = reqBody[0:param.getValueStart()-requestInfo.getBodyOffset()] + StringUtil.toBytes(csrfvalue) + reqBody[param.getValueEnd()-requestInfo.getBodyOffset():] # Handle CSRF Tokens in Cookies (for Cookie==Body mitigation technique): if param.getType() == 2: # TODO: required moving above portion to a function # TODO: also need to think about when cookie name != postarg name print "Cookie CSRF Tokens are not currently supported" if newBody == reqBody: newBody = reqBody+StringUtil.toBytes("&"+userEntry._staticcsrf) # Construct and send a message with the new headers message = self._helpers.buildHttpMessage(headers, newBody) requestResponse = self._callbacks.makeHttpRequest(messageInfo.getHttpService(),message) messageEntry.addRunByUserIndex(userIndex, self._callbacks.saveBuffersToTempFiles(requestResponse)) # Grab all active roleIndexes that should succeed activeSuccessRoles = [index for index in messageEntry._roles.keys() if messageEntry._roles[index] and not self._db.arrayOfRoles[index].isDeleted()] # Check Role Results of message for roleIndex in self._db.getActiveRoleIndexes(): success = self.checkResult(messageEntry, roleIndex, activeSuccessRoles) messageEntry.setRoleResultByRoleIndex(roleIndex, success)
def run(self): """ Where all the work is done. Three steps 1) Make the request again to make sure it's stable (We use python difflib) 2) Make the request without any cookies, if it's similar the cookies aren't required 3) Loop through removing one cookie at a time, if the diff isn't big we leave it out, if it is we can figure that it's required and we leave it in At the end we're left with the required cookies. """ selected_message = self.selected_message original_request_bytes = selected_message.getRequest() original_request = StringUtil.fromBytes(original_request_bytes) original_response_bytes = selected_message.getResponse() original_response = StringUtil.fromBytes(original_response_bytes) http_service = selected_message.getHttpService() helpers = self.callbacks.getHelpers() request_info = helpers.analyzeRequest(http_service, original_request_bytes) parameters = request_info.getParameters(); cookie_parameters = [parameter for parameter in parameters if parameter.getType() == IParameter.PARAM_COOKIE] num_requests_needed = len(cookie_parameters) + 2 num_requests_made = 0 self.progressBar.setMaximum(num_requests_needed) self.progressBar.setValue(num_requests_made) #=========================================================== # We will resubmit the request to make sure it is somewhat stable self.statusTextArea.append("Making baseline request which we will compare to original request (1 of 1)") self.statusTextArea.append("\n") baseline_reqres_pair = self.callbacks.makeHttpRequest(http_service, original_request) threshold = httpresponse_bytes_diffratio(helpers, original_response_bytes, baseline_reqres_pair.getResponse()) if (threshold < 0.6): self.statusTextArea.append("ERROR: Not a stable HTTP request, try another where it's nearly the same every request") self.statusTextArea.append("\n") self.progressBar.setValue(num_requests_needed) return # Pad it a little by decreasing the threshold... threshold = threshold * 0.8 #TODO: We should automate discovering the right threshold self.statusTextArea.append("...Complete, threshold ratio is %s" % (threshold)) self.statusTextArea.append("\n") #=========================================================== if (cancelThread is True): print "Canceled" return num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== # Now we'll check if it actually requires authentication by removing all cookies nocookies_request_bytes = StringUtil.toBytes(original_request) for parameter in cookie_parameters: nocookies_request_bytes = helpers.removeParameter(nocookies_request_bytes, parameter) self.statusTextArea.append("Making no-cookie request to make sure it requires them (1 of 1)") self.statusTextArea.append("\n") nocookie_reqres_pair = self.callbacks.makeHttpRequest(http_service, nocookies_request_bytes) nocookiediff = httpresponse_bytes_diffratio(helpers, original_response_bytes, nocookie_reqres_pair.getResponse()) if (nocookiediff > threshold): self.statusTextArea.append("ERROR: Cookies don't seem to be required or it's too close to tell") self.statusTextArea.append("\n") self.progressBar.setValue(num_requests_needed) return self.statusTextArea.append("...Complete, confirmed at least one cookie is required") self.statusTextArea.append("\n") #=========================================================== if (cancelThread is True): print "Canceled" return num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== # Now iterate over all the cookie values, removing one at a time until left with required ones self.statusTextArea.append("Making requests, removing each cookie one at a time. (%d requests)" % (len(cookie_parameters))) self.statusTextArea.append("\n") minimumcookies_request_bytes = StringUtil.toBytes(original_request) for parameter in cookie_parameters: if (cancelThread is True): print "Canceled" return missingcookie_request_bytes = helpers.removeParameter(minimumcookies_request_bytes, parameter) missingcookie_reqres_pair = self.callbacks.makeHttpRequest(http_service, missingcookie_request_bytes) missingcookiediff = httpresponse_bytes_diffratio(helpers, original_response_bytes, missingcookie_reqres_pair.getResponse()) if (missingcookiediff > threshold): self.statusTextArea.append(" Cookie '%s' is not required (%s similarity ratio)" % (parameter.getName(), missingcookiediff)) self.statusTextArea.append("\n") minimumcookies_request_bytes = missingcookie_request_bytes else: self.statusTextArea.append("* Cookie '%s' is required (%s similarity ratio)" % (parameter.getName(), missingcookiediff)) self.statusTextArea.append("\n") num_requests_made = num_requests_made + 1 self.progressBar.setValue(num_requests_made) #=========================================================== #=========================================================== # minimumcookies_request_bytes now contains a request with the minimum number # of cookies needed to maintain the session. #=========================================================== # Display the results self.statusTextArea.append("== Required Cookies ==") self.statusTextArea.append("\n") mininumcookies_request_info = helpers.analyzeRequest(http_service, minimumcookies_request_bytes) minimum_cookie_parameters = [parameter for parameter in mininumcookies_request_info.getParameters() if parameter.getType() == IParameter.PARAM_COOKIE] for cookie_parameter in minimum_cookie_parameters: self.statusTextArea.append(cookie_parameter.getName()) self.statusTextArea.append("\n") #=========================================================== return
# Create connection (doesn't have to be a ssl one, despite the name) factory = SSLConnection(broker).createConnection() connection = factory.newConnection() channel = connection.createChannel() # Get token from consumer tokenGetter = CreateToken(broker, channel, queueName) token = tokenGetter.getToken() # Attach token to message message = token + ":" messages = messages+[message] for arg in command_args[2:]: messages = messages + [str(arg)] parsedMessage = ParseMessage(messages) sendMessage = parsedMessage.getMessage() channel.queueDeclare(queueName, False, False, True, None) channel.basicPublish("", queueName, None, StringUtil.toBytes(str(sendMessage))) print (" [x] Sent " + sendMessage ) channel.close() connection.close()
def renderMap(self, connection_parameters=None, sql=None, geom_id_entity=None, geom_entity=None, data_entity=None, map_parameters={}): # Put connection parameters into a java HashMap. params_hashmap = HashMap() for param, value in connection_parameters.items(): if value: params_hashmap.put(param, value) # Get data store. data_store = DataStoreFinder.getDataStore(params_hashmap) # Create VirtualTable from sql. vtable = VirtualTable("vtable", sql) # Set primary key. vtable.setPrimaryKeyColumns([geom_id_entity['ID']]) # metadatata = intententional typo. GT needs to fix the name. vtable.addGeometryMetadatata(geom_entity['ID'], JPolygon, 4326) # Create feature source from virtual table. data_store.addVirtualTable(vtable) feature_source = data_store.getFeatureSource("vtable") # Add styling classes if there was a value entity. if data_entity: # Generate class bounds. num_classes = data_entity.get('num_classes', 25) vmin = float(data_entity.get('min', 0)) vmax = float(data_entity.get('max', 1)) vrange = vmax - vmin class_width = vrange/num_classes classes = [(None, vmin)] for i in range(num_classes): classes.append((vmin + i * class_width, vmin + (i + 1) * class_width)) classes.append((vmax, None)) # Generate style rules for classes. rules = [] for c in classes: rule = self.create_rule(c[0], c[1], vmin, vrange, attr=data_entity['ID']) rules.append(rule) feature_type_style = self.style_factory.createFeatureTypeStyle(rules) style = self.style_factory.createStyle() style.featureTypeStyles().add(feature_type_style) else: style = None # Setup map. gt_map = DefaultMapContext() gt_map.addLayer(feature_source, style) gt_renderer = StreamingRenderer() gt_renderer.setMapContent(gt_map) image_bounds = Rectangle(0, 0, map_parameters.get('WIDTH', 100), map_parameters.get('HEIGHT', 100)) # Set image type based on format. image_format = map_parameters.get('FORMAT', 'image/png') if image_format == 'image/jpeg': image_type = BufferedImage.TYPE_INT_RGB else: image_type = BufferedImage.TYPE_INT_ARGB buffered_image = BufferedImage(image_bounds.width, image_bounds.height, image_type) graphics = buffered_image.createGraphics() # Set background color if not transparent. if not map_parameters.get('TRANSPARENT'): graphics.setPaint(Color.WHITE) graphics.fill(image_bounds) crs = CRS.decode(map_parameters.get('SRS', "EPSG:4326")) bbox = map_parameters.get('BBOX', '-180,-90,180,90') coords = [float(coord) for coord in bbox.split(",")] map_bounds = ReferencedEnvelope(coords[0], coords[2], coords[1], coords[3], crs) gt_renderer.paint(graphics, image_bounds, map_bounds) # Release the JDBC connection and map content. data_store.dispose() gt_renderer.getMapContent().dispose() # Return raw image. byte_array_output_stream = ByteArrayOutputStream() informal_format = re.match('image/(.*)', image_format).group(1) ImageIO.write(buffered_image, informal_format, byte_array_output_stream) byte_array = byte_array_output_stream.toByteArray() raw_image = Py.newString(StringUtil.fromBytes(byte_array)) return raw_image
consumer = QueueingConsumer(channel) # Declare as exclusive consumer of queue channel.basicConsume(queueName, True, "consumer", False, True, None, consumer) print " [*] Waiting for messages." except IOError: print "Unable to connect to queue." connection.close() sys.exit(1) writer = WriteMsgToFile(HOME_FILE) while True: try: delivery = consumer.nextDelivery() message = delivery.getBody() message = StringUtil.fromBytes(message) token = message.split(":",1)[0] rest = message.split(":",1)[1] message = str(message) # If message is a "token_request", process request and add new token to hashmap if message[0:13] == ("TOKEN_REQUEST"): makeToken = ProcessTokenRequest(message, channel) tokenID = makeToken.sendToken() permissions.put(tokenID[0], tokenID[1]) # Otherwise, check if message has valid token (token in hashmap). # If so, accept message, then delete token from valid list. else: if permissions.containsKey(token): print (" [x] Received '" + rest + "' from: " + permissions.get(token))
def replaceDomain(requestData, oldDomain, newDomain): reqstr = StringUtil.fromBytes(requestData) reqstr = reqstr.replace(oldDomain, newDomain) newreq = StringUtil.toBytes(reqstr) return newreq
def dialogaction(action,var): cutil.printVar("test mail",action,var) if action == "sendmail" : res = cmail.sendMail("hello","Sending from Jython","*****@*****.**","test.jython") print res assert res == None var["OK"] = True if action == "getmailno" : no = cmail.getMailNo() print no var["OK"] = True if action == "getlist" : li = cmail.getMailList() for l in li : print l.getHeader() print l.getSentDate() var["OK"] = True if action == "sendmailattachment" : s = "I'm your attachment sent from Jython code.\n What do you think about it ?\n Do you like me ?" key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) print key res = cmail.sendMailSingleAttach("Attachment from Jython","Sending from Jython","*****@*****.**","test.jython",cutil.PDFTEMPORARY,key,"my.txt") print res assert res == None var["OK"] = True if action == "sendmailattachment3" : s = "First attachment" key1 = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(None,cutil.PDFTEMPORARY,key1,"attach1.txt") s = "Second attachment" key2 = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(aList,cutil.PDFTEMPORARY,key2,"attach2.txt") s = "Third attachment" key3 = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(aList,cutil.PDFTEMPORARY,key3,"attach3.txt") res = cmail.sendMail("3 attachments from Jython","Sending from Jython","*****@*****.**","test.jython",aList) print res assert res == None var["OK"] = True if action == "createbloblist" : B.removeBlob(var) for a in range(10) : s = "Attachment no " + str(a) key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTCREATE",StringUtil.toBytes(s)) B.addBlob(var,"Hello",key) var["OK"] = True if action == "sendbloblist" : B.readBlobList(var) li = var["JLIST_MAP"]["blist"] print li realM = B.getRealm(var) aList = None no = 0 for l in li : key = l["blob_key"] aList = cmail.createAttachList(aList,realM,key,"attach" + str(no) +".txt") no = no + 1 res = cmail.sendMail("A lot of attachments BLOB","Sending from Jython","*****@*****.**","test.jython",aList) print res assert res == None var["OK"] = True if action == "setxmail" : M = cmail.CMAIL(var) res = M.sendMail("hello","Sending from CMAIL class","*****@*****.**","test.jython") print res assert res != None resmail = res.getSendResult() print resmail assert resmail == None var["OK"] = True if action == "readxmail" : M = cmail.CMAIL(var) li = M.getList() print li for l in li : print l.getDescription() assert len(li) == 1 var["OK"] = True if action == "removexmail" : M = cmail.CMAIL(var) li = M.getList() assert len(li) == 1 li = M.getList() l = li[0] M.deleteElem(l) li = M.getList() assert len(li) == 0 var["OK"] = True
def getEntryS(self, key): val = self.getEntry(key) if val == None : return None return StringUtil.fromBytes(val)
def dialogaction(action,var): cutil.printVar("testmail",action,var) if action == "sendmail" : C = cmail.CMAIL(var) res = C.sendMail("Mail from hotel","What do you think about us ?","*****@*****.**","Jython") print res.getSendResult() assert res.getSendResult() == None assert res.getName() != None var["OK"] = True if action == "checkmail": C = cmail.CMAIL(var) li = C.getList() print li for l in li : print l.getDescription(),l.getContent() assert len(li) == 1 var["OK"] = True if action == "sendmailattach" : C = cmail.CMAIL(var) li = C.getList() for l in li : C.removeElem(l) li = C.getList() assert len(li) == 0 s = "Attachment" key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(None,cutil.PDFTEMPORARY,key,"attach.txt") res = C.sendMail("Mail from hotel with attachment","Nothing interesting ","*****@*****.**","Jython",aList) print res.getSendResult() assert res.getSendResult() == None var["OK"] = True if action == "checkmailattach" : B = SHolder.getBlobHandler() C = cmail.CMAIL(var) li = C.getList() assert len(li) == 1 l = li[0] att = l.getaList() assert len(att) == 1 for a in att : print a.getFileName(),a.getRealm(),a.getBlobKey() va = B.findBlob(a.getRealm(),a.getBlobKey()) assert va != None ss = StringUtil.fromBytes(va) print ss assert ss == "Attachment" var["OK"] = True if action == "sendmultiattach" : C = cmail.CMAIL(var) li = C.getList() for l in li : C.removeElem(l) li = C.getList() assert len(li) == 0 aList = None for i in range(20) : s = "Attachment content" + str(i) key = ADDBLOB.addNewBlob(cutil.PDFTEMPORARY,"TESTJ",StringUtil.toBytes(s)) aList = cmail.createAttachList(aList,cutil.PDFTEMPORARY,key,"attach" + str(i) + ".txt") res = C.sendMail("Mail from hotel with 20 attachment","Nothing interesting inside ","*****@*****.**","Jython",aList) print res.getSendResult() assert res.getSendResult() == None var["OK"] = True if action == "checkmultiattach" : B = SHolder.getBlobHandler() C = cmail.CMAIL(var) li = C.getList() assert len(li) == 1 l = li[0] att = l.getaList() assert len(att) == 20 for a in att : print a.getFileName(),a.getRealm(),a.getBlobKey() va = B.findBlob(a.getRealm(),a.getBlobKey()) assert va != None ss = StringUtil.fromBytes(va) print ss assert not cutil.emptyS(ss) var["OK"] = True