def setup_oauth():
"""Authorize your app via identifier."""
# Request token
oauth = OAuth1(CONSUMER_KEY, client_secret=CONSUMER_SECRET)
r = requests.post(url=REQUEST_TOKEN_URL, auth=oauth)
credentials = parse_qs(r.content)
resource_owner_key = credentials.get('oauth_token')[0]
resource_owner_secret = credentials.get('oauth_token_secret')[0]
# Authorize
authorize_url = AUTHORIZE_URL + resource_owner_key
print 'Please go here and authorize: ' + authorize_url
verifier = raw_input('Please input the verifier: ')
oauth = OAuth1(CONSUMER_KEY,
client_secret=CONSUMER_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=verifier)
# Finally, Obtain the Access Token
r = requests.post(url=ACCESS_TOKEN_URL, auth=oauth)
credentials = parse_qs(r.content)
token = credentials.get('oauth_token')[0]
secret = credentials.get('oauth_token_secret')[0]
return token, secret
def step_impl(context, method):
"""Store a list of valid form submissions (used for valid cases for
fuzz generation)
"""
if hasattr(context, 'timeout') is False:
context.timeout = 5 # Sensible default
if hasattr(context, 'targeturi') is False:
assert False, "Target URI not specified"
context.submission = []
context.submission_method = method
context.type = 'urlencode' # Used downstream for selecting encoding
context.content_type = 'application/x-www-form-urlencoded; charset=utf-8'
# Add all valid cases into a list as unserialised data structures
for row in context.table:
context.submission.append(urlparse2.parse_qs(row['submission']))
test_valid_submission(context)
assert True
def step_impl(context, method):
"""Store a list of valid form submissions (used for valid cases for
fuzz generation)
"""
if hasattr(context, 'timeout') is False:
context.timeout = 5 # Sensible default
if hasattr(context, 'targeturi') is False:
assert False, "Target URI not specified"
context.submission = []
context.submission_method = method
context.type = 'urlencode' # Used downstream for selecting encoding
context.content_type = 'application/x-www-form-urlencoded; charset=utf-8'
# Add all valid cases into a list as unserialised data structures
for row in context.table:
context.submission.append(urlparse2.parse_qs(row['submission']))
test_valid_submission(context)
assert True
def step_impl(context, submission, method):
"""For static injection, store a valid form where elements are replaced with
injections and test it once. This is also used for the valid case
instrumentation.
"""
if hasattr(context, 'timeout') is False:
context.timeout = 5 # Sensible default
if hasattr(context, 'targeturi') is False:
assert False, "Target URI not specified"
# Unserialise into a data structure and store in a list
# (one valid case is just a special case of providing
# several valid cases)
context.submission = [urlparse2.parse_qs(submission)]
context.submission_method = method
context.type = 'urlencode' # Used downstream for selecting encoding
context.content_type = 'application/x-www-form-urlencoded; charset=utf-8'
test_valid_submission(context)
assert True
def step_impl(context, submission, method):
"""For static injection, store a valid form where elements are replaced with
injections and test it once. This is also used for the valid case
instrumentation.
"""
if hasattr(context, 'timeout') is False:
context.timeout = 5 # Sensible default
if hasattr(context, 'targeturi') is False:
assert False, "Target URI not specified"
# Unserialise into a data structure and store in a list
# (one valid case is just a special case of providing
# several valid cases)
context.submission = [urlparse2.parse_qs(submission)]
context.submission_method = method
context.type = 'urlencode' # Used downstream for selecting encoding
context.content_type = 'application/x-www-form-urlencoded; charset=utf-8'
test_valid_submission(context)
assert True
def getID(url):
pUrl=urlparse2.urlparse(url)
return urlparse2.parse_qs(pUrl.query)['id'][0]
