def equal_with_limit(self, body1, body2, compare_diff=False): """ Determines if two pages are equal using a ratio. """ if compare_diff: body1, body2 = diff(body1, body2) cmp_res = relative_distance_boolean(body1, body2, self._eq_limit) self.debug('Result: %s' % cmp_res) return cmp_res
def equal_with_limit(self, body1, body2, compare_diff=False): """ Determines if two pages are equal using a ratio. """ if compare_diff: body1, body2 = diff(body1, body2) cmp_res = relative_distance_boolean(body1, body2, self._eq_limit) self.debug("Result: %s" % cmp_res) return cmp_res
def _is_resp_equal(self, res1, res2): """ @see: unittest for this method in test_csrf.py """ if res1.get_code() != res2.get_code(): return False if not relative_distance_boolean(res1.body, res2.body, self._equal_limit): return False return True
def equal_with_limit(self, body1, body2, compare_diff=False): """ Determines if two pages are equal using a ratio. """ if compare_diff: body1, body2 = chunked_diff(body1, body2) cmp_res = relative_distance_boolean(body1, body2, self._eq_limit) args = (self._eq_limit, cmp_res) self.debug('Strings are similar enough with limit %s? %s' % args, None) return cmp_res
def test_all(self): acceptance_tests = [] acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a', 'a', 0.1)) acceptance_tests.append(('a', 'a', 0.0)) acceptance_tests.append(('a', 'b', 1.0)) acceptance_tests.append(('a', 'b', 0.1)) acceptance_tests.append(('a', 'b', 0.0)) acceptance_tests.append(('a', 'ab', 1.0)) acceptance_tests.append(('a', 'ab', 0.1)) acceptance_tests.append(('a', 'b', 0.0000000000000000001)) acceptance_tests.append(('a', 'b' * 100, 1.0)) acceptance_tests.append(('a', 'ab', 0.66666666666)) acceptance_tests.append(('a', 'aab', 0.5)) acceptance_tests.append(('a', 'aaab', 0.4)) acceptance_tests.append( ('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333)) acceptance_tests.append(('a' * 25, 'a', 1.0)) acceptance_tests.append(('aaa', 'aa', 1.0)) acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927)) acceptance_tests.append(('aaa', 'aa', 0.8)) acceptance_tests.append(('a', 'a', 0.0)) for e, d, f in acceptance_tests: res1 = relative_distance_boolean(e, d, f) res2 = relative_distance(e, d) >= f msg = ('relative_distance_boolean and relative_distance returned' ' different results for the same parameters:\n' ' - Parameter #1: %s\n' ' - Parameter #2: %s\n' ' - Threshold: %s\n' ' - Result relative_distance_boolean: %s\n' ' - Result relative_distance: %s\n') self.assertEqual(res1, res2, msg % (e, d, f, res1, relative_distance(e, d)))
def equal_with_limit(self, body1, body2, compare_diff=False): """ Determines if two pages are equal using a ratio. """ start = time.time() if compare_diff: body1, body2 = diff(body1, body2) cmp_res = relative_distance_boolean(body1, body2, self._eq_limit) are = 'ARE' if cmp_res else 'ARE NOT' args = (are, self._eq_limit) self.debug('Strings %s similar enough (limit: %s)' % args) spent = time.time() - start self.debug('Took %.2f seconds to run equal_with_limit' % spent) return cmp_res
def test_all(self): acceptance_tests = [] acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a', 'a', 0.1)) acceptance_tests.append(('a', 'a', 0.0)) acceptance_tests.append(('a', 'b', 1.0)) acceptance_tests.append(('a', 'b', 0.1)) acceptance_tests.append(('a', 'b', 0.0)) acceptance_tests.append(('a', 'ab', 1.0)) acceptance_tests.append(('a', 'ab', 0.1)) acceptance_tests.append(('a', 'b', 0.0000000000000000001)) acceptance_tests.append(('a', 'b' * 100, 1.0)) acceptance_tests.append(('a', 'ab', 0.66666666666)) acceptance_tests.append(('a', 'aab', 0.5)) acceptance_tests.append(('a', 'aaab', 0.4)) acceptance_tests.append(('a', 'aaaab', 0.33333333333333333333333333333333333333333333333333333333)) acceptance_tests.append(('a' * 25, 'a', 1.0)) acceptance_tests.append(('aaa', 'aa', 1.0)) acceptance_tests.append(('a', 'a', 1.0)) acceptance_tests.append(('a' * 25, 'a', 0.076923076923076927)) acceptance_tests.append(('aaa', 'aa', 0.8)) acceptance_tests.append(('a', 'a', 0.0)) for e, d, f in acceptance_tests: res1 = relative_distance_boolean(e, d, f) res2 = relative_distance(e, d) >= f msg = ('relative_distance_boolean and relative_distance returned' ' different results for the same parameters:\n' ' - Parameter #1: %s\n' ' - Parameter #2: %s\n' ' - Threshold: %s\n' ' - Result relative_distance_boolean: %s\n' ' - Result relative_distance: %s\n') self.assertEqual(res1, res2, msg % (e, d, f, res1, relative_distance(e, d)))
def audit(self, freq, orig_response): """ Check if the protocol specified in freq is https and fetch the same URL using http. ie: - input: https://w3af.org/ - check: http://w3af.org/ :param freq: A FuzzableRequest """ if not self._should_run: return initial_uri = freq.get_uri() if initial_uri.get_port() not in {80, 443}: # We get here then the original URL looks like http://foo:3921/ # # It's really strange (maybe not even possible?) to find a server # that listens for HTTP and HTTPS connections on the same port, # since we don't want to guess the port, nor generate errors such # as #8871 we just ignore this case self._should_run = False return # Define some variables insecure_uri = initial_uri.copy() secure_uri = initial_uri.copy() insecure_uri.set_protocol('http') insecure_fr = copy.deepcopy(freq) insecure_fr.set_url(insecure_uri) secure_uri.set_protocol('https') secure_fr = copy.deepcopy(freq) secure_fr.set_url(secure_uri) # Make sure that we disable error handling during these tests, we want # the requests to fail quickly and without affecting the library's error # rate send_mutant = self._uri_opener.send_mutant kwargs = {'grep': False, 'error_handling': False} try: insecure_response = send_mutant(insecure_fr, **kwargs) secure_response = send_mutant(secure_fr, **kwargs) except (HTTPRequestException, ScanMustStopException): # No vulnerability to report since one of these threw an error # (because there is nothing listening on that port). It makes # no sense to keep running since we already got an error self._should_run = False else: if insecure_response is None or secure_response is None: # No vulnerability to report since one of these threw an # error (because there is nothing listening on that port). # It makes no sense to keep running since we already got an # error self._should_run = False return if self._redirects_to_secure(insecure_response, secure_response): return if insecure_response.get_code() == secure_response.get_code()\ and relative_distance_boolean(insecure_response.get_body(), secure_response.get_body(), 0.95): desc = 'Secure content can be accessed using the insecure'\ ' protocol HTTP. The vulnerable URLs are:'\ ' "%s" - "%s" .' desc = desc % (secure_uri, insecure_uri) response_ids = [insecure_response.id, secure_response.id] v = Vuln.from_fr('Secure content over insecure channel', desc, severity.MEDIUM, response_ids, self.get_name(), freq) self.kb_append(self, 'un_ssl', v) om.out.vulnerability(v.get_desc(), severity=v.get_severity()) # In most cases, when one resource is available, all are # so we just stop searching for this vulnerability self._should_run = False
def audit(self, freq, orig_response): """ Check if the protocol specified in freq is https and fetch the same URL using http. ie: - input: https://w3af.org/ - check: http://w3af.org/ :param freq: A FuzzableRequest """ if not self._should_run: return initial_uri = freq.get_uri() if initial_uri.get_port() not in {80, 443}: # We get here then the original URL looks like http://foo:3921/ # # It's really strange (maybe not even possible?) to find a server # that listens for HTTP and HTTPS connections on the same port, # since we don't want to guess the port, nor generate errors such # as #8871 we just ignore this case self._should_run = False return # Define some variables insecure_uri = initial_uri.copy() secure_uri = initial_uri.copy() insecure_uri.set_protocol('http') insecure_fr = copy.deepcopy(freq) insecure_fr.set_url(insecure_uri) secure_uri.set_protocol('https') secure_fr = copy.deepcopy(freq) secure_fr.set_url(secure_uri) # Make sure that we disable error handling during these tests, we want # the requests to fail quickly and without affecting the library's error # rate send_mutant = self._uri_opener.send_mutant kwargs = {'grep': False, 'error_handling': False} try: insecure_response = send_mutant(insecure_fr, **kwargs) secure_response = send_mutant(secure_fr, **kwargs) except (HTTPRequestException, ScanMustStopException): # No vulnerability to report since one of these threw an error # (because there is nothing listening on that port). It makes # no sense to keep running since we already got an error self._should_run = False else: if insecure_response is None or secure_response is None: # No vulnerability to report since one of these threw an # error (because there is nothing listening on that port). # It makes no sense to keep running since we already got an # error self._should_run = False return if self._redirects_to_secure(insecure_response, secure_response): return if insecure_response.get_code() == secure_response.get_code() \ and relative_distance_boolean(insecure_response.get_body(), secure_response.get_body(), 0.95): desc = ('Secure content can be accessed using the insecure' ' HTTP protocol. The vulnerable URLs used to verify' ' this vulnerability are:\n' ' - %s\n' ' - %s\n') desc %= (secure_uri, insecure_uri) response_ids = [insecure_response.id, secure_response.id] v = Vuln.from_fr('Secure content over insecure channel', desc, severity.MEDIUM, response_ids, self.get_name(), freq) self.kb_append(self, 'un_ssl', v) # In most cases, when one resource is available, all are # so we just stop searching for this vulnerability self._should_run = False
def audit(self, freq, orig_response): """ Check if the protocol specified in freq is https and fetch the same URL using http. ie: - input: https://w3af.org/ - check: http://w3af.org/ :param freq: A FuzzableRequest """ if not self._run: return else: # Define some variables initial_uri = freq.get_uri() insecure_uri = initial_uri.copy() secure_uri = initial_uri.copy() insecure_uri.set_protocol('http') insecure_fr = copy.deepcopy(freq) insecure_fr.set_url(insecure_uri) secure_uri.set_protocol('https') secure_fr = copy.deepcopy(freq) secure_fr.set_url(secure_uri) # Make sure that we ignore errors during this test send_mutant = self._uri_opener.send_mutant kwargs = {'grep': False, 'ignore_errors': True} try: insecure_response = send_mutant(insecure_fr, **kwargs) secure_response = send_mutant(secure_fr, **kwargs) except (HTTPRequestException, ScanMustStopException): # No vulnerability to report since one of these threw an error # (because there is nothing listening on that port). It makes # no sense to keep running since we already got an error self._run = False else: if insecure_response is None or secure_response is None: # No vulnerability to report since one of these threw an # error (because there is nothing listening on that port). # It makes no sense to keep running since we already got an # error self._run = False return if self._redirects_to_secure(insecure_response, secure_response): return if insecure_response.get_code() == secure_response.get_code()\ and relative_distance_boolean(insecure_response.get_body(), secure_response.get_body(), 0.95): desc = 'Secure content can be accessed using the insecure'\ ' protocol HTTP. The vulnerable URLs are:'\ ' "%s" - "%s" .' desc = desc % (secure_uri, insecure_uri) response_ids = [insecure_response.id, secure_response.id] v = Vuln.from_fr('Secure content over insecure channel', desc, severity.MEDIUM, response_ids, self.get_name(), freq) self.kb_append(self, 'un_ssl', v) om.out.vulnerability(v.get_desc(), severity=v.get_severity()) # In most cases, when one resource is available, all are # so we just stop searching for this vulnerability self._run = False