def bruteforce_wrapper(self, fuzzable_request): """ :param fuzzable_request: The FuzzableRequest instance to analyze :return: A list with FuzzableRequests (if we were able to bruteforce any forms/basic auth present in fuzzable_request). """ self.audit(safe_deepcopy(fuzzable_request)) res = [] for v in kb.kb.get(self.get_name(), 'auth'): if v.get_url() not in self._already_reported: self._already_reported.append(v.get_url()) res.append(v['request']) return res
def discover_wrapper(self, fuzzable_request): """ Wrapper around the discover method in order to perform some generic tasks. """ # I copy the fuzzable request, to avoid cross plugin contamination # in other words, if one plugin modified the fuzzable request object # INSIDE that plugin, I don't want the next plugin to suffer from that fuzzable_request_copy = safe_deepcopy(fuzzable_request) try: return self.discover(fuzzable_request_copy) except FourOhFourDetectionException, ffde: # We simply ignore any exceptions we find during the 404 detection # process. FYI: This doesn't break the xurllib error handling which # happens at lower layers. # # https://github.com/andresriancho/w3af/issues/8949 om.out.debug('%s' % ffde)
def audit_with_copy(self, fuzzable_request, orig_resp): """ :param freq: A FuzzableRequest :param orig_resp: The HTTP response we get from sending the freq Copy the FuzzableRequest before auditing. I copy the fuzzable request, to avoid cross plugin contamination. In other words, if one plugins modified the fuzzable request object INSIDE that plugin, I don't want the next plugin to suffer from that. """ fuzzable_request = safe_deepcopy(fuzzable_request) try: return self.audit(fuzzable_request, orig_resp) except FourOhFourDetectionException, ffde: # We simply ignore any exceptions we find during the 404 detection # process. FYI: This doesn't break the xurllib error handling which # happens at lower layers. # # https://github.com/andresriancho/w3af/issues/8949 om.out.debug('%s' % ffde)
def discover_wrapper(self, fuzzable_request, debugging_id): """ Wrapper around the discover method to perform generic tasks such as cloning the fuzzable request. :param fuzzable_request: The target to use for infrastructure plugins. :param debugging_id: A unique identifier for this call to discover() """ # I copy the fuzzable request, to avoid cross plugin contamination # in other words, if one plugin modified the fuzzable request object # INSIDE that plugin, I don't want the next plugin to suffer from that fuzzable_request_copy = safe_deepcopy(fuzzable_request) try: return self.discover(fuzzable_request_copy, debugging_id) except FourOhFourDetectionException, ffde: # We simply ignore any exceptions we find during the 404 detection # process. FYI: This doesn't break the xurllib error handling which # happens at lower layers. # # https://github.com/andresriancho/w3af/issues/8949 om.out.debug('%s' % ffde)
def crawl_wrapper(self, fuzzable_request): """ Wrapper around the crawl method in order to perform some generic tasks. """ om.out.debug('[%s] Crawling "%s"' % (self.get_name(), fuzzable_request.get_uri())) # I copy the fuzzable request, to avoid cross plugin contamination # in other words, if one plugin modified the fuzzable request object # INSIDE that plugin, I don't want the next plugin to suffer from that fuzzable_request_copy = safe_deepcopy(fuzzable_request) # Crawl with timeout try: with ThreadingTimeout(self.PLUGIN_TIMEOUT, swallow_exc=False): return self.crawl(fuzzable_request_copy) except FourOhFourDetectionException, ffde: # We simply ignore any exceptions we find during the 404 detection # process. FYI: This doesn't break the xurllib error handling which # happens at lower layers. # # https://github.com/andresriancho/w3af/issues/8949 om.out.debug('%s' % ffde)