def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
if compare_diff:
body1, body2 = diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
self.debug('Result: %s' % cmp_res)
return cmp_res
def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
if compare_diff:
body1, body2 = diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
self.debug("Result: %s" % cmp_res)
return cmp_res
def _is_resp_equal(self, res1, res2):
"""
@see: unittest for this method in test_csrf.py
"""
if res1.get_code() != res2.get_code():
return False
if not relative_distance_boolean(res1.body, res2.body, self._equal_limit):
return False
return True
def _is_resp_equal(self, res1, res2):
"""
@see: unittest for this method in test_csrf.py
"""
if res1.get_code() != res2.get_code():
return False
if not relative_distance_boolean(res1.body, res2.body,
self._equal_limit):
return False
return True
def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
if compare_diff:
body1, body2 = chunked_diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
args = (self._eq_limit, cmp_res)
self.debug('Strings are similar enough with limit %s? %s' % args, None)
return cmp_res
def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
if compare_diff:
body1, body2 = chunked_diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
args = (self._eq_limit, cmp_res)
self.debug('Strings are similar enough with limit %s? %s' % args, None)
return cmp_res
def test_all(self):
acceptance_tests = []
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a', 'a', 0.1))
acceptance_tests.append(('a', 'a', 0.0))
acceptance_tests.append(('a', 'b', 1.0))
acceptance_tests.append(('a', 'b', 0.1))
acceptance_tests.append(('a', 'b', 0.0))
acceptance_tests.append(('a', 'ab', 1.0))
acceptance_tests.append(('a', 'ab', 0.1))
acceptance_tests.append(('a', 'b', 0.0000000000000000001))
acceptance_tests.append(('a', 'b' * 100, 1.0))
acceptance_tests.append(('a', 'ab', 0.66666666666))
acceptance_tests.append(('a', 'aab', 0.5))
acceptance_tests.append(('a', 'aaab', 0.4))
acceptance_tests.append(
('a', 'aaaab',
0.33333333333333333333333333333333333333333333333333333333))
acceptance_tests.append(('a' * 25, 'a', 1.0))
acceptance_tests.append(('aaa', 'aa', 1.0))
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927))
acceptance_tests.append(('aaa', 'aa', 0.8))
acceptance_tests.append(('a', 'a', 0.0))
for e, d, f in acceptance_tests:
res1 = relative_distance_boolean(e, d, f)
res2 = relative_distance(e, d) >= f
msg = ('relative_distance_boolean and relative_distance returned'
' different results for the same parameters:\n'
' - Parameter #1: %s\n'
' - Parameter #2: %s\n'
' - Threshold: %s\n'
' - Result relative_distance_boolean: %s\n'
' - Result relative_distance: %s\n')
self.assertEqual(res1, res2,
msg % (e, d, f, res1, relative_distance(e, d)))
def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
start = time.time()
if compare_diff:
body1, body2 = diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
are = 'ARE' if cmp_res else 'ARE NOT'
args = (are, self._eq_limit)
self.debug('Strings %s similar enough (limit: %s)' % args)
spent = time.time() - start
self.debug('Took %.2f seconds to run equal_with_limit' % spent)
return cmp_res
def equal_with_limit(self, body1, body2, compare_diff=False):
"""
Determines if two pages are equal using a ratio.
"""
start = time.time()
if compare_diff:
body1, body2 = diff(body1, body2)
cmp_res = relative_distance_boolean(body1, body2, self._eq_limit)
are = 'ARE' if cmp_res else 'ARE NOT'
args = (are, self._eq_limit)
self.debug('Strings %s similar enough (limit: %s)' % args)
spent = time.time() - start
self.debug('Took %.2f seconds to run equal_with_limit' % spent)
return cmp_res
def test_all(self):
acceptance_tests = []
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a', 'a', 0.1))
acceptance_tests.append(('a', 'a', 0.0))
acceptance_tests.append(('a', 'b', 1.0))
acceptance_tests.append(('a', 'b', 0.1))
acceptance_tests.append(('a', 'b', 0.0))
acceptance_tests.append(('a', 'ab', 1.0))
acceptance_tests.append(('a', 'ab', 0.1))
acceptance_tests.append(('a', 'b', 0.0000000000000000001))
acceptance_tests.append(('a', 'b' * 100, 1.0))
acceptance_tests.append(('a', 'ab', 0.66666666666))
acceptance_tests.append(('a', 'aab', 0.5))
acceptance_tests.append(('a', 'aaab', 0.4))
acceptance_tests.append(('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333))
acceptance_tests.append(('a' * 25, 'a', 1.0))
acceptance_tests.append(('aaa', 'aa', 1.0))
acceptance_tests.append(('a', 'a', 1.0))
acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927))
acceptance_tests.append(('aaa', 'aa', 0.8))
acceptance_tests.append(('a', 'a', 0.0))
for e, d, f in acceptance_tests:
res1 = relative_distance_boolean(e, d, f)
res2 = relative_distance(e, d) >= f
msg = ('relative_distance_boolean and relative_distance returned'
' different results for the same parameters:\n'
' - Parameter #1: %s\n'
' - Parameter #2: %s\n'
' - Threshold: %s\n'
' - Result relative_distance_boolean: %s\n'
' - Result relative_distance: %s\n')
self.assertEqual(res1, res2, msg % (e, d, f, res1, relative_distance(e, d)))
def audit(self, freq, orig_response):
"""
Check if the protocol specified in freq is https and fetch the same URL
using http. ie:
- input: https://w3af.org/
- check: http://w3af.org/
:param freq: A FuzzableRequest
"""
if not self._should_run:
return
initial_uri = freq.get_uri()
if initial_uri.get_port() not in {80, 443}:
# We get here then the original URL looks like http://foo:3921/
#
# It's really strange (maybe not even possible?) to find a server
# that listens for HTTP and HTTPS connections on the same port,
# since we don't want to guess the port, nor generate errors such
# as #8871 we just ignore this case
self._should_run = False
return
# Define some variables
insecure_uri = initial_uri.copy()
secure_uri = initial_uri.copy()
insecure_uri.set_protocol('http')
insecure_fr = copy.deepcopy(freq)
insecure_fr.set_url(insecure_uri)
secure_uri.set_protocol('https')
secure_fr = copy.deepcopy(freq)
secure_fr.set_url(secure_uri)
# Make sure that we disable error handling during these tests, we want
# the requests to fail quickly and without affecting the library's error
# rate
send_mutant = self._uri_opener.send_mutant
kwargs = {'grep': False, 'error_handling': False}
try:
insecure_response = send_mutant(insecure_fr, **kwargs)
secure_response = send_mutant(secure_fr, **kwargs)
except (HTTPRequestException, ScanMustStopException):
# No vulnerability to report since one of these threw an error
# (because there is nothing listening on that port). It makes
# no sense to keep running since we already got an error
self._should_run = False
else:
if insecure_response is None or secure_response is None:
# No vulnerability to report since one of these threw an
# error (because there is nothing listening on that port).
# It makes no sense to keep running since we already got an
# error
self._should_run = False
return
if self._redirects_to_secure(insecure_response, secure_response):
return
if insecure_response.get_code() == secure_response.get_code()\
and relative_distance_boolean(insecure_response.get_body(),
secure_response.get_body(),
0.95):
desc = 'Secure content can be accessed using the insecure'\
' protocol HTTP. The vulnerable URLs are:'\
' "%s" - "%s" .'
desc = desc % (secure_uri, insecure_uri)
response_ids = [insecure_response.id, secure_response.id]
v = Vuln.from_fr('Secure content over insecure channel',
desc, severity.MEDIUM, response_ids,
self.get_name(), freq)
self.kb_append(self, 'un_ssl', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
# In most cases, when one resource is available, all are
# so we just stop searching for this vulnerability
self._should_run = False
def audit(self, freq, orig_response):
"""
Check if the protocol specified in freq is https and fetch the same URL
using http. ie:
- input: https://w3af.org/
- check: http://w3af.org/
:param freq: A FuzzableRequest
"""
if not self._should_run:
return
initial_uri = freq.get_uri()
if initial_uri.get_port() not in {80, 443}:
# We get here then the original URL looks like http://foo:3921/
#
# It's really strange (maybe not even possible?) to find a server
# that listens for HTTP and HTTPS connections on the same port,
# since we don't want to guess the port, nor generate errors such
# as #8871 we just ignore this case
self._should_run = False
return
# Define some variables
insecure_uri = initial_uri.copy()
secure_uri = initial_uri.copy()
insecure_uri.set_protocol('http')
insecure_fr = copy.deepcopy(freq)
insecure_fr.set_url(insecure_uri)
secure_uri.set_protocol('https')
secure_fr = copy.deepcopy(freq)
secure_fr.set_url(secure_uri)
# Make sure that we disable error handling during these tests, we want
# the requests to fail quickly and without affecting the library's error
# rate
send_mutant = self._uri_opener.send_mutant
kwargs = {'grep': False, 'error_handling': False}
try:
insecure_response = send_mutant(insecure_fr, **kwargs)
secure_response = send_mutant(secure_fr, **kwargs)
except (HTTPRequestException, ScanMustStopException):
# No vulnerability to report since one of these threw an error
# (because there is nothing listening on that port). It makes
# no sense to keep running since we already got an error
self._should_run = False
else:
if insecure_response is None or secure_response is None:
# No vulnerability to report since one of these threw an
# error (because there is nothing listening on that port).
# It makes no sense to keep running since we already got an
# error
self._should_run = False
return
if self._redirects_to_secure(insecure_response, secure_response):
return
if insecure_response.get_code() == secure_response.get_code() \
and relative_distance_boolean(insecure_response.get_body(),
secure_response.get_body(),
0.95):
desc = ('Secure content can be accessed using the insecure'
' HTTP protocol. The vulnerable URLs used to verify'
' this vulnerability are:\n'
' - %s\n'
' - %s\n')
desc %= (secure_uri, insecure_uri)
response_ids = [insecure_response.id, secure_response.id]
v = Vuln.from_fr('Secure content over insecure channel',
desc, severity.MEDIUM, response_ids,
self.get_name(), freq)
self.kb_append(self, 'un_ssl', v)
# In most cases, when one resource is available, all are
# so we just stop searching for this vulnerability
self._should_run = False
def audit(self, freq, orig_response):
"""
Check if the protocol specified in freq is https and fetch the same URL
using http. ie:
- input: https://w3af.org/
- check: http://w3af.org/
:param freq: A FuzzableRequest
"""
if not self._run:
return
else:
# Define some variables
initial_uri = freq.get_uri()
insecure_uri = initial_uri.copy()
secure_uri = initial_uri.copy()
insecure_uri.set_protocol('http')
insecure_fr = copy.deepcopy(freq)
insecure_fr.set_url(insecure_uri)
secure_uri.set_protocol('https')
secure_fr = copy.deepcopy(freq)
secure_fr.set_url(secure_uri)
# Make sure that we ignore errors during this test
send_mutant = self._uri_opener.send_mutant
kwargs = {'grep': False, 'ignore_errors': True}
try:
insecure_response = send_mutant(insecure_fr, **kwargs)
secure_response = send_mutant(secure_fr, **kwargs)
except (HTTPRequestException, ScanMustStopException):
# No vulnerability to report since one of these threw an error
# (because there is nothing listening on that port). It makes
# no sense to keep running since we already got an error
self._run = False
else:
if insecure_response is None or secure_response is None:
# No vulnerability to report since one of these threw an
# error (because there is nothing listening on that port).
# It makes no sense to keep running since we already got an
# error
self._run = False
return
if self._redirects_to_secure(insecure_response,
secure_response):
return
if insecure_response.get_code() == secure_response.get_code()\
and relative_distance_boolean(insecure_response.get_body(),
secure_response.get_body(),
0.95):
desc = 'Secure content can be accessed using the insecure'\
' protocol HTTP. The vulnerable URLs are:'\
' "%s" - "%s" .'
desc = desc % (secure_uri, insecure_uri)
response_ids = [insecure_response.id, secure_response.id]
v = Vuln.from_fr('Secure content over insecure channel',
desc, severity.MEDIUM, response_ids,
self.get_name(), freq)
self.kb_append(self, 'un_ssl', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
# In most cases, when one resource is available, all are
# so we just stop searching for this vulnerability
self._run = False
def audit(self, freq, orig_response):
"""
Check if the protocol specified in freq is https and fetch the same URL
using http. ie:
- input: https://w3af.org/
- check: http://w3af.org/
:param freq: A FuzzableRequest
"""
if not self._run:
return
else:
# Define some variables
initial_uri = freq.get_uri()
insecure_uri = initial_uri.copy()
secure_uri = initial_uri.copy()
insecure_uri.set_protocol('http')
insecure_fr = copy.deepcopy(freq)
insecure_fr.set_url(insecure_uri)
secure_uri.set_protocol('https')
secure_fr = copy.deepcopy(freq)
secure_fr.set_url(secure_uri)
# Make sure that we ignore errors during this test
send_mutant = self._uri_opener.send_mutant
kwargs = {'grep': False, 'ignore_errors': True}
try:
insecure_response = send_mutant(insecure_fr, **kwargs)
secure_response = send_mutant(secure_fr, **kwargs)
except (HTTPRequestException, ScanMustStopException):
# No vulnerability to report since one of these threw an error
# (because there is nothing listening on that port). It makes
# no sense to keep running since we already got an error
self._run = False
else:
if insecure_response is None or secure_response is None:
# No vulnerability to report since one of these threw an
# error (because there is nothing listening on that port).
# It makes no sense to keep running since we already got an
# error
self._run = False
return
if self._redirects_to_secure(insecure_response, secure_response):
return
if insecure_response.get_code() == secure_response.get_code()\
and relative_distance_boolean(insecure_response.get_body(),
secure_response.get_body(),
0.95):
desc = 'Secure content can be accessed using the insecure'\
' protocol HTTP. The vulnerable URLs are:'\
' "%s" - "%s" .'
desc = desc % (secure_uri, insecure_uri)
response_ids = [insecure_response.id, secure_response.id]
v = Vuln.from_fr('Secure content over insecure channel',
desc, severity.MEDIUM, response_ids,
self.get_name(), freq)
self.kb_append(self, 'un_ssl', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
# In most cases, when one resource is available, all are
# so we just stop searching for this vulnerability
self._run = False
