def test_filter_by_raw_headers_response(): f1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:') fn1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:', negate=True) f2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader') fn2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader', negate=True) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) rsp.headers['OtherHeader'] = 'sexy' rsp.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def async_mangle_request(self, request): # This function gets called to mangle/edit requests passed through the proxy retreq = request # Write original request to the temp file with tempfile.NamedTemporaryFile(delete=False) as tf: tfName = tf.name tf.write(request.full_request) # Have the console edit the file yield edit_file(tfName) # Create new mangled request from edited file with open(tfName, 'r') as f: text = f.read() os.remove(tfName) # Check if dropped if text == '': pappyproxy.proxy.log('Request dropped!') defer.returnValue(None) mangled_req = Request(text, update_content_length=True) mangled_req._host = request.host mangled_req.port = request.port mangled_req.is_ssl = request.is_ssl # Check if it changed if mangled_req.full_request != request.full_request: retreq = mangled_req defer.returnValue(retreq)
def test_gen_filter_by_submitted_cookies(): f1 = context.gen_filter_by_submitted_cookies(context.cmp_contains, 'Session') f2 = context.gen_filter_by_submitted_cookies(context.cmp_contains, 'Cookie', context.cmp_contains, 'CookieVal') r = Request(('GET / HTTP/1.1\r\n' 'Cookie: foo=bar\r\n' '\r\n')) assert not f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Cookie: Session=bar\r\n' '\r\n')) assert f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Cookie: Session=bar; CookieThing=NoMatch\r\n' '\r\n')) assert f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Cookie: Session=bar; CookieThing=CookieValue\r\n' '\r\n')) assert f1(r) assert f2(r)
def test_proxy_server_macro_multiple(mocker): proxy = TestProxyConnection() new_req_contents1 = 'GET / HTTP/1.1\r\nMangled: Very yes\r\n\r\n' new_rsp_contents1 = 'HTTP/1.1 200 OKILIE DOKILIE\r\nMangled: Very yes\r\n\r\n' new_req1 = Request(new_req_contents1) new_rsp1 = Response(new_rsp_contents1) new_req_contents2 = 'GET / HTTP/1.1\r\nMangled: Very very yes\r\n\r\n' new_rsp_contents2 = 'HTTP/1.1 200 OKILIE DOKILIE\r\nMangled: Very very yes\r\n\r\n' new_req2 = Request(new_req_contents2) new_rsp2 = Response(new_rsp_contents2) test_macro1 = InterceptMacroTest(new_req=new_req1, new_rsp=new_rsp1) test_macro2 = InterceptMacroTest(new_req=new_req2, new_rsp=new_rsp2) macros = collections.OrderedDict() macros['macro1'] = test_macro1 macros['macro2'] = test_macro2 proxy.setUp(mocker, int_macros=macros) proxy.write_as_browser('GET /serious.php HTTP/1.1\r\n\r\n') assert proxy.read_as_server() == new_req_contents2 proxy.write_as_server('HTTP/1.1 404 NOT FOUND\r\n\r\n') assert proxy.read_as_browser() == new_rsp_contents2
def test_filter_by_raw_headers_response(): f1 = context.gen_filter_by_raw_headers(['ct', 'Sexy:']) fn1 = context.gen_filter_by_raw_headers(['nct', 'Sexy:']) f2 = context.gen_filter_by_raw_headers(['ct', 'sexy\r\nHeader']) fn2 = context.gen_filter_by_raw_headers(['nct', 'sexy\r\nHeader']) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp rsp.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) rsp.headers['OtherHeader'] = 'sexy' rsp.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def test_filter_by_raw_headers_request(): f1 = context.gen_filter_by_raw_headers(['ct', 'Sexy:']) fn1 = context.gen_filter_by_raw_headers(['nct', 'Sexy:']) f2 = context.gen_filter_by_raw_headers(['ct', 'sexy\r\nHeader']) fn2 = context.gen_filter_by_raw_headers(['nct', 'sexy\r\nHeader']) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) r.headers['OtherHeader'] = 'sexy' r.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def test_filter_by_raw_headers_request(): f1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:') fn1 = context.gen_filter_by_raw_headers(context.cmp_contains, 'Sexy:', negate=True) f2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader') fn2 = context.gen_filter_by_raw_headers(context.cmp_contains, 'sexy\r\nHeader', negate=True) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Header'] = 'Sexy' assert not f1(r) assert fn1(r) assert not f2(r) assert fn2(r) r = Request('GET / HTTP/1.1\r\n') rsp = Response('HTTP/1.1 200 OK\r\n') r.response = rsp r.headers['Sexy'] = 'sexy' assert f1(r) assert not fn1(r) assert not f2(r) assert fn2(r) r.headers['OtherHeader'] = 'sexy' r.headers['Header'] = 'foo' assert f1(r) assert not fn1(r) assert f2(r) assert not fn2(r)
def test_filter_by_body(): f = context.gen_filter_by_body(['ct', 'sexy']) fn = context.gen_filter_by_body(['nct', 'sexy']) # Test request bodies r = Request() r.start_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.body = 'foo' assert not f(r) assert fn(r) r.body = 'sexy' assert f(r) assert not fn(r) # Test response bodies r = Request() rsp = Response() rsp.start_line = 'HTTP/1.1 200 OK' rsp.headers['sexy'] = 'sexy' r.start_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.response = rsp assert not f(r) assert fn(r) rsp.body = 'sexy' assert f(r) assert not fn(r)
def test_filter_by_body(): f = context.gen_filter_by_body(context.cmp_contains, 'sexy') fn = context.gen_filter_by_body(context.cmp_contains, 'sexy', negate=True) # Test request bodies r = Request() r.status_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.raw_data = 'foo' assert not f(r) assert fn(r) r.raw_data = 'sexy' assert f(r) assert not fn(r) # Test response bodies r = Request() rsp = Response() rsp.status_line = 'HTTP/1.1 200 OK' rsp.headers['sexy'] = 'sexy' r.status_line = 'GET /sexy HTTP/1.1' r.headers['Header'] = 'sexy' r.response = rsp assert not f(r) assert fn(r) rsp.raw_data = 'sexy' assert f(r) assert not fn(r)
def test_filter_by_params_post(): f1 = context.gen_filter_by_params(context.cmp_contains, 'Session') f2 = context.gen_filter_by_params(context.cmp_contains, 'Cookie', context.cmp_contains, 'CookieVal') r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.raw_data = 'foo=bar' assert not f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.raw_data = 'Session=bar' assert f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.raw_data = 'Session=bar&Cookie=foo' assert f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.raw_data = 'Session=bar&CookieThing=CookieValue' assert f1(r) assert f2(r)
def untag(line): """ Remove a tag from requests Usage: untag <tag> <request ids> You can provide as many request ids as you want and the tag will be removed from all of them. If no ids are given, the tag will be removed from all in-context requests. """ args = shlex.split(line) if len(args) == 0: raise PappyException("Tag and request ids are required") tag = args[0] ids = [] if len(args) > 1: reqids = yield load_reqlist(args[1], False, ids_only=True) print 'Removing tag %s from %s' % (tag, ', '.join(reqids)) else: print "Removing tag %s from all in-context requests" % tag reqids = yield main_context_ids() for reqid in reqids: req = yield Request.load_request(reqid) if tag in req.tags: req.tags.discard(tag) if req.saved: yield req.async_save() if ids: print 'Tag %s removed from %s' % (tag, ', '.join(ids))
def tag(line): """ Add a tag to requests. Usage: tag <tag> [request ids] You can tag as many requests as you want at the same time. If no ids are given, the tag will be applied to all in-context requests. """ args = shlex.split(line) if len(args) == 0: raise PappyException('Tag name is required') tag = args[0] if len(args) > 1: reqids = yield load_reqlist(args[1], False, ids_only=True) print 'Tagging %s with %s' % (', '.join(reqids), tag) else: print "Tagging all in-context requests with %s" % tag reqids = yield main_context_ids() for reqid in reqids: req = yield Request.load_request(reqid) if tag not in req.tags: req.tags.add(tag) if req.saved: yield req.async_save() else: print 'Request %s already has tag %s' % (req.reqid, tag)
def untag(line): """ Remove a tag from requests Usage: untag <tag> <request ids> You can provide as many request ids as you want and the tag will be removed from all of them. If no ids are given, the tag will be removed from all in-context requests. """ args = shlex.split(line) if len(args) == 0: raise PappyException("Tag and request ids are required") tag = args[0] ids = [] if len(args) > 1: reqids = yield load_reqlist(args[1], False, ids_only=True) print 'Removing tag %s from %s' % (tag, ', '.join(reqids)) else: print "Removing tag %s from all in-context requests" % tag reqids = yield async_main_context_ids() for reqid in reqids: req = yield Request.load_request(reqid) if tag in req.tags: req.tags.discard(tag) if req.saved: yield req.async_save() if ids: print 'Tag %s removed from %s' % (tag, ', '.join(ids))
def list_reqs(line): """ List the most recent in-context requests. By default shows the most recent 25 Usage: list [a|num] If `a` is given, all the in-context requests are shown. If a number is given, that many requests will be shown. """ args = shlex.split(line) if len(args) > 0: if args[0][0].lower() == 'a': print_count = -1 else: try: print_count = int(args[0]) except: print "Please enter a valid argument for list" return else: print_count = 25 rows = [] ids = yield async_main_context_ids(print_count) for i in ids: req = yield Request.load_request(i) rows.append(get_req_data_row(req)) print_request_rows(rows)
def submit(line): """ Resubmit some requests, optionally with modified headers and cookies. Usage: submit reqids [-h] [-m] [-u] [-p] [-o REQID] [-c [COOKIES [COOKIES ...]]] [-d [HEADERS [HEADERS ...]]] """ parser = argparse.ArgumentParser(prog="submit", usage=submit.__doc__) parser.add_argument('reqids') parser.add_argument('-m', '--inmem', action='store_true', help='Store resubmitted requests in memory without storing them in the data file') parser.add_argument('-u', '--unique', action='store_true', help='Only resubmit one request per endpoint (different URL parameters are different endpoints)') parser.add_argument('-p', '--uniquepath', action='store_true', help='Only resubmit one request per endpoint (ignoring URL parameters)') parser.add_argument('-c', '--cookies', nargs='*', help='Apply a cookie to requests before submitting') parser.add_argument('-d', '--headers', nargs='*', help='Apply a header to requests before submitting') parser.add_argument('-o', '--copycookies', help='Copy the cookies used in another request') args = parser.parse_args(shlex.split(line)) headers = {} cookies = {} clear_cookies = False if args.headers: for h in args.headers: k, v = h.split('=', 1) headers[k] = v if args.copycookies: reqid = args.copycookies req = yield Request.load_request(reqid) clear_cookies = True for k, v in req.cookies.all_pairs(): cookies[k] = v if args.cookies: for c in args.cookies: k, v = c.split('=', 1) cookies[k] = v if args.unique and args.uniquepath: raise PappyException('Both -u and -p cannot be given as arguments') newsession = Session(cookie_vals=cookies, header_vals=headers) reqs = yield load_reqlist(args.reqids) for req in reqs: if clear_cookies: req.cookies.clear() newsession.apply_req(req) conf_message = "You're about to submit %d requests, continue?" % len(reqs) if not confirm(conf_message): defer.returnValue(None) for r in reqs: r.tags.add('resubmitted') save = not args.inmem yield async_submit_requests(reqs, save=save, save_in_mem=args.inmem, unique_paths=args.uniquepath, unique_path_and_args=args.unique)
def tag(line): """ Add a tag to requests. Usage: tag <tag> [request ids] You can tag as many requests as you want at the same time. If no ids are given, the tag will be applied to all in-context requests. """ args = shlex.split(line) if len(args) == 0: raise PappyException('Tag name is required') tag = args[0] if len(args) > 1: reqids = yield load_reqlist(args[1], False, ids_only=True) print 'Tagging %s with %s' % (', '.join(reqids), tag) else: print "Tagging all in-context requests with %s" % tag reqids = yield async_main_context_ids() for reqid in reqids: req = yield Request.load_request(reqid) if tag not in req.tags: req.tags.add(tag) if req.saved: yield req.async_save() else: print 'Request %s already has tag %s' % (req.reqid, tag)
def test_mangle_request_single(httprequest): orig_req = httprequest.copy() # in case it gets mangled macro = mock_int_macro(modified_req=('GET /modified HTTP/1.1\r\n\r\n')) expected_req = Request('GET /modified HTTP/1.1\r\n\r\n') (new_req, mangled) = yield macros.mangle_request(orig_req, {'testmacro': macro}) assert new_req == expected_req assert httprequest == orig_req assert httprequest.unmangled is None assert new_req.unmangled == orig_req assert mangled
def test_filter_by_params_get(): f1 = context.gen_filter_by_params(['ct', 'Session']) f2 = context.gen_filter_by_params(['ct', 'Cookie', 'ct', 'CookieVal']) r = Request('GET / HTTP/1.1\r\n\r\n') assert not f1(r) assert not f2(r) r = Request('GET /?Session=foo HTTP/1.1\r\n\r\n') assert f1(r) assert not f2(r) r = Request('GET /?Session=foo&CookieThing=Fail HTTP/1.1\r\n\r\n') assert f1(r) assert not f2(r) r = Request('GET /?Session=foo&CookieThing=CookieValue HTTP/1.1\r\n\r\n') assert f1(r) assert f2(r)
def http_request(): req = Request('GET / HTTP/1.1\r\n\r\n') req.host = 'www.foo.faketld' req.port = '1337' req.is_ssl = True req.reqid = 123 rsp = Response('HTTP/1.1 200 OK\r\n\r\n') req.response = rsp return req
def site_map(line): """ Print the site map. Only includes requests in the current context. Usage: site_map """ ids = yield main_context_ids() paths_set = set() for reqid in ids: req = yield Request.load_request(reqid) if req.response and req.response.response_code != 404: paths_set.add(req.path_tuple) tree = sorted(list(paths_set)) print_tree(tree)
def test_proxy_server_macro_360_noscope(mocker): proxy = TestProxyConnection() new_req_contents = 'GET / HTTP/1.1\r\nMangled: Very yes\r\n\r\n' new_rsp_contents = 'HTTP/1.1 200 OKILIE DOKILIE\r\nMangled: Very yes\r\n\r\n' new_req = Request(new_req_contents) new_rsp = Response(new_rsp_contents) test_macro = InterceptMacroTest(new_req=new_req, new_rsp=new_rsp) proxy.setUp(mocker, int_macros={'test_macro': test_macro}, in_scope=False) proxy.write_as_browser('GET /serious.php HTTP/1.1\r\n\r\n') assert proxy.read_as_server() == 'GET /serious.php HTTP/1.1\r\n\r\n' proxy.write_as_server('HTTP/1.1 404 NOT FOUND\r\n\r\n') assert proxy.read_as_browser() == 'HTTP/1.1 404 NOT FOUND\r\n\r\n'
def test_mangle_request_multiple(httprequest): orig_req = httprequest.copy() # in case it gets mangled macro = mock_int_macro(modified_req=('GET /cloud HTTP/1.1\r\n\r\n')) macro2 = CloudToButtMacro() intmacros = OrderedDict() intmacros['testmacro'] = macro intmacros['testmacro2'] = macro2 (new_req, mangled) = yield macros.mangle_request(orig_req, intmacros) expected_req = Request('GET /butt HTTP/1.1\r\n\r\n') assert new_req == expected_req assert httprequest == orig_req assert httprequest.unmangled is None assert new_req.unmangled == orig_req assert mangled
def dump_response(line): """ Dump the data of the response to a file. Usage: dump_response <id> <filename> """ # dump the data of a response args = shlex.split(line) reqid = args[0] req = yield Request.load_request(reqid) rsp = req.response if len(args) >= 2: fname = args[1] else: fname = req.path.split('/')[-1] with open(fname, 'w') as f: f.write(rsp.body) print 'Response data written to %s' % fname
def test_gen_filter_by_set_cookies(): f1 = context.gen_filter_by_set_cookies(context.cmp_contains, 'Session') f2 = context.gen_filter_by_set_cookies(context.cmp_contains, 'Cookie', context.cmp_contains, 'CookieVal') r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' '\r\n')) r.response = rsp assert not f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' '\r\n')) r.response = rsp assert f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' 'Set-Cookie: CookieThing=NoMatch\r\n' '\r\n')) r.response = rsp assert f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' 'Set-Cookie: CookieThing=CookieValue\r\n' '\r\n')) r.response = rsp assert f1(r) assert f2(r)
def full_request_received(self): from pappyproxy.http import Request global cached_certs self.log('End of request', verbosity_level=3) forward = True if self._request_obj.verb.upper() == 'CONNECT': self._connect_okay() self._start_tls() self._connect_uri = self._request_obj.url self._connect_host = self._request_obj.host self._connect_ssl = True # do we just assume connect means ssl? self._connect_port = self._request_obj.port self.log( 'uri=%s, ssl=%s, connect_port=%s' % (self._connect_uri, self._connect_ssl, self._connect_port), verbosity_level=3) forward = False if self._request_obj.host == 'pappy': yield self.factory.web_server.handle_request(self._request_obj) self.transport.write(self._request_obj.response.full_message) forward = False # if _request_obj.host is a listener, forward = False if self.factory.intercepting_macros: return_transport = None else: return_transport = self.transport if forward: d = Request.submit_request( self._request_obj, save_request=True, intercepting_macros=self.factory.intercepting_macros, stream_transport=return_transport) if return_transport is None: d.addCallback(self.send_response_back) d.addErrback(self.send_error_back) self._reset()
def full_request_received(self): from pappyproxy.http import Request global cached_certs self.log('End of request', verbosity_level=3) forward = True if self._request_obj.verb.upper() == 'CONNECT': self._connect_okay() self._start_tls() self._connect_uri = self._request_obj.url self._connect_host = self._request_obj.host self._connect_ssl = True # do we just assume connect means ssl? self._connect_port = self._request_obj.port self.log('uri=%s, ssl=%s, connect_port=%s' % (self._connect_uri, self._connect_ssl, self._connect_port), verbosity_level=3) forward = False if self._request_obj.host == 'pappy': yield self.factory.web_server.handle_request(self._request_obj) self.transport.write(self._request_obj.response.full_message) forward = False # if _request_obj.host is a listener, forward = False if self.factory.intercepting_macros: return_transport = None else: return_transport = self.transport if forward: d = Request.submit_request(self._request_obj, save_request=True, intercepting_macros=self.factory.intercepting_macros, stream_transport=return_transport) if return_transport is None: d.addCallback(self.send_response_back) d.addErrback(self.send_error_back) self._reset()
def site_map(line): """ Print the site map. Only includes requests in the current context. Usage: site_map """ args = shlex.split(line) if len(args) > 0 and args[0] == 'p': paths = True else: paths = False ids = yield async_main_context_ids() paths_set = set() for reqid in ids: req = yield Request.load_request(reqid) if req.response and req.response.response_code != 404: paths_set.add(req.path_tuple) tree = sorted(list(paths_set)) if paths: for p in tree: print('/'.join(list(p))) else: print_tree(tree)
def site_map(line): """ Print the site map. Only includes requests in the current context. Usage: site_map """ args = shlex.split(line) if len(args) > 0 and args[0] == 'p': paths = True else: paths = False ids = yield async_main_context_ids() paths_set = set() for reqid in ids: req = yield Request.load_request(reqid) if req.response and req.response.response_code != 404: paths_set.add(req.path_tuple) tree = sorted(list(paths_set)) if paths: for p in tree: print ('/'.join(list(p))) else: print_tree(tree)
def get_param_info(line): args = shlex.split(line) if args and args[0] == 'ct': contains = True args = args[1:] else: contains = False if args: params = tuple(args) else: params = None def check_key(k, params, contains): if contains: for p in params: if p.lower() in k.lower(): return True else: if params is None or k in params: return True return False found_params = {} ids = yield async_main_context_ids() for i in ids: req = yield Request.load_request(i) for k, v in req.url_params.all_pairs(): if check_key(k, params, contains): add_param(found_params, 'Url Parameter', k, v, req.reqid) for k, v in req.post_params.all_pairs(): if check_key(k, params, contains): add_param(found_params, 'POST Parameter', k, v, req.reqid) for k, v in req.cookies.all_pairs(): if check_key(k, params, contains): add_param(found_params, 'Cookie', k, v, req.reqid) print_param_info(found_params)
def req(): r = Request() r.start_line = "GET / HTTP/1.1" r.host = "www.ffffff.eeeeee" r.body = "AAAA" return r
def req(): r = Request() r.status_line = 'GET / HTTP/1.1' r.host = 'www.ffffff.eeeeee' r.raw_data = 'AAAA' return r
def req(): r = Request() r.start_line = 'GET / HTTP/1.1' return r
def test_gen_filter_by_all_request(): f = context.gen_filter_by_all(context.cmp_contains, 'hello') fn = context.gen_filter_by_all(context.cmp_contains, 'hello', negate=True) # Nowhere r = Request('GET / HTTP/1.1\r\n') assert not f(r) assert fn(r) # Verb r = Request('hello / HTTP/1.1\r\n') assert f(r) assert not fn(r) # Path r = Request('GET /hello HTTP/1.1\r\n') assert f(r) assert not fn(r) # Data r = Request('GET / HTTP/1.1\r\n') r.raw_data = 'hello' assert f(r) assert not fn(r) # Header key r = Request('GET / HTTP/1.1\r\n') r.headers['hello'] = 'goodbye' assert f(r) assert not fn(r) # Header value r = Request('GET / HTTP/1.1\r\n') r.headers['goodbye'] = 'hello' assert f(r) assert not fn(r) # Nowhere in headers r = Request('GET / HTTP/1.1\r\n') r.headers['goodbye'] = 'for real' assert not f(r) assert fn(r) # Cookie key r = Request('GET / HTTP/1.1\r\n') r.cookies['hello'] = 'world' r.update_from_objects() assert f(r) assert not fn(r) # Cookie value r = Request('GET / HTTP/1.1\r\n') r.cookies['world'] = 'hello' r.update_from_objects() assert f(r) assert not fn(r) # Nowhere in cookie r = Request('GET / HTTP/1.1\r\n') r.cookies['world'] = 'sucks' r.update_from_objects() assert not f(r) assert fn(r)
def submit(line): """ Resubmit some requests, optionally with modified headers and cookies. Usage: submit reqids [-h] [-m] [-u] [-p] [-o REQID] [-c [COOKIES [COOKIES ...]]] [-d [HEADERS [HEADERS ...]]] """ parser = argparse.ArgumentParser(prog="submit", usage=submit.__doc__) parser.add_argument('reqids') parser.add_argument( '-m', '--inmem', action='store_true', help= 'Store resubmitted requests in memory without storing them in the data file' ) parser.add_argument( '-u', '--unique', action='store_true', help= 'Only resubmit one request per endpoint (different URL parameters are different endpoints)' ) parser.add_argument( '-p', '--uniquepath', action='store_true', help='Only resubmit one request per endpoint (ignoring URL parameters)' ) parser.add_argument('-c', '--cookies', nargs='*', help='Apply a cookie to requests before submitting') parser.add_argument('-d', '--headers', nargs='*', help='Apply a header to requests before submitting') parser.add_argument('-o', '--copycookies', help='Copy the cookies used in another request') args = parser.parse_args(shlex.split(line)) headers = {} cookies = {} clear_cookies = False if args.headers: for h in args.headers: k, v = h.split('=', 1) headers[k] = v if args.copycookies: reqid = args.copycookies req = yield Request.load_request(reqid) clear_cookies = True for k, v in req.cookies.all_pairs(): cookies[k] = v if args.cookies: for c in args.cookies: k, v = c.split('=', 1) cookies[k] = v if args.unique and args.uniquepath: raise PappyException('Both -u and -p cannot be given as arguments') newsession = Session(cookie_vals=cookies, header_vals=headers) reqs = yield load_reqlist(args.reqids) for req in reqs: if clear_cookies: req.cookies.clear() newsession.apply_req(req) conf_message = "You're about to submit %d requests, continue?" % len(reqs) if not confirm(conf_message): defer.returnValue(None) for r in reqs: r.tags.add('resubmitted') save = not args.inmem yield async_submit_requests(reqs, save=save, save_in_mem=args.inmem, unique_paths=args.uniquepath, unique_path_and_args=args.unique)
def httprequest(): return Request(('POST /test-request HTTP/1.1\r\n' 'Content-Length: 4\r\n' '\r\n' 'AAAA'))
def test_gen_filter_by_all_request(): f = context.gen_filter_by_all(['ct', 'hello']) fn = context.gen_filter_by_all(['nct', 'hello']) # Nowhere r = Request('GET / HTTP/1.1\r\n') assert not f(r) assert fn(r) # Verb r = Request('hello / HTTP/1.1\r\n') assert f(r) assert not fn(r) # Path r = Request('GET /hello HTTP/1.1\r\n') assert f(r) assert not fn(r) # Data r = Request('GET / HTTP/1.1\r\n') r.body = 'hello' assert f(r) assert not fn(r) # Header key r = Request('GET / HTTP/1.1\r\n') r.headers['hello'] = 'goodbye' assert f(r) assert not fn(r) # Header value r = Request('GET / HTTP/1.1\r\n') r.headers['goodbye'] = 'hello' assert f(r) assert not fn(r) # Nowhere in headers r = Request('GET / HTTP/1.1\r\n') r.headers['goodbye'] = 'for real' assert not f(r) assert fn(r) # Cookie key r = Request('GET / HTTP/1.1\r\n') r.cookies['hello'] = 'world' assert f(r) assert not fn(r) # Cookie value r = Request('GET / HTTP/1.1\r\n') r.cookies['world'] = 'hello' assert f(r) assert not fn(r) # Nowhere in cookie r = Request('GET / HTTP/1.1\r\n') r.cookies['world'] = 'sucks' assert not f(r) assert fn(r)
def mangle_request(self, request): return Request(string.replace(request.full_message, 'cloud', 'butt'))
def http_request(): return Request('GET / HTTP/1.1\r\n')
def test_gen_filter_by_set_cookies(): f1 = context.gen_filter_by_set_cookies(['ct', 'Session']) f2 = context.gen_filter_by_set_cookies(['ct', 'Cookie', 'ct', 'CookieVal']) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' '\r\n')) r.response = rsp assert not f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' '\r\n')) r.response = rsp assert f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' 'Set-Cookie: CookieThing=NoMatch\r\n' '\r\n')) r.response = rsp assert f1(r) assert not f2(r) r = Request('GET / HTTP/1.1\r\n\r\n') rsp = Response(('HTTP/1.1 200 OK\r\n' 'Set-Cookie: foo=bar\r\n' 'Set-Cookie: Session=Banana\r\n' 'Set-Cookie: CookieThing=CookieValue\r\n' '\r\n')) r.response = rsp assert f1(r) assert f2(r)
def test_gen_filter_by_all_request(): f = context.gen_filter_by_all(context.cmp_contains, 'hello') fn = context.gen_filter_by_all(context.cmp_contains, 'hello', negate=True) # Nowhere r = Request('GET / HTTP/1.1\r\n') assert not f(r) assert fn(r) # Verb r = Request('hello / HTTP/1.1\r\n') assert f(r) assert not fn(r) # Path r = Request('GET /hello HTTP/1.1\r\n') assert f(r) assert not fn(r) # Data r = Request('GET / HTTP/1.1\r\n') r.raw_data = 'hello' assert f(r) assert not fn(r) # Header key r = Request('GET / HTTP/1.1\r\n') r.headers['hello'] = 'goodbye' assert f(r) assert not fn(r) # Header value r = Request('GET / HTTP/1.1\r\n') r.headers['goodbye'] = 'hello' assert f(r) assert not fn(r) # Nowhere in headers r = Request('GET / HTTP/1.1\r\n') r.headers['goodbye'] = 'for real' assert not f(r) assert fn(r) # Cookie key r = Request('GET / HTTP/1.1\r\n') r.cookies['hello'] = 'world' assert f(r) assert not fn(r) # Cookie value r = Request('GET / HTTP/1.1\r\n') r.cookies['world'] = 'hello' assert f(r) assert not fn(r) # Nowhere in cookie r = Request('GET / HTTP/1.1\r\n') r.cookies['world'] = 'sucks' assert not f(r) assert fn(r)
def test_filter_by_params_post(): f1 = context.gen_filter_by_params(['ct', 'Session']) f2 = context.gen_filter_by_params(['ct', 'Cookie', 'ct', 'CookieVal']) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.body = 'foo=bar' assert not f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.body = 'Session=bar' assert f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.body = 'Session=bar&Cookie=foo' assert f1(r) assert not f2(r) r = Request(('GET / HTTP/1.1\r\n' 'Content-Type: application/x-www-form-urlencoded\r\n\r\n')) r.body = 'Session=bar&CookieThing=CookieValue' assert f1(r) assert f2(r)
def req(): r = Request() r.start_line = 'GET / HTTP/1.1' r.host = 'www.ffffff.eeeeee' r.body = 'AAAA' return r