def bruteforce_wrapper(self, fuzzable_request):
"""
:param fuzzable_request: The FuzzableRequest instance to analyze
:return: A list with FuzzableRequests (if we were able to bruteforce
any forms/basic auth present in fuzzable_request).
"""
self.audit(safe_deepcopy(fuzzable_request))
res = []
for v in kb.kb.get(self.get_name(), 'auth'):
if v.get_url() not in self._already_reported:
self._already_reported.append(v.get_url())
res.append(v['request'])
return res
def bruteforce_wrapper(self, fuzzable_request):
"""
:param fuzzable_request: The FuzzableRequest instance to analyze
:return: A list with FuzzableRequests (if we were able to bruteforce
any forms/basic auth present in fuzzable_request).
"""
self.audit(safe_deepcopy(fuzzable_request))
res = []
for v in kb.kb.get(self.get_name(), 'auth'):
if v.get_url() not in self._already_reported:
self._already_reported.append(v.get_url())
res.append(v['request'])
return res
def discover_wrapper(self, fuzzable_request):
"""
Wrapper around the discover method in order to perform some generic
tasks.
"""
# I copy the fuzzable request, to avoid cross plugin contamination
# in other words, if one plugin modified the fuzzable request object
# INSIDE that plugin, I don't want the next plugin to suffer from that
fuzzable_request_copy = safe_deepcopy(fuzzable_request)
try:
return self.discover(fuzzable_request_copy)
except FourOhFourDetectionException, ffde:
# We simply ignore any exceptions we find during the 404 detection
# process. FYI: This doesn't break the xurllib error handling which
# happens at lower layers.
#
# https://github.com/andresriancho/w3af/issues/8949
om.out.debug('%s' % ffde)
def audit_with_copy(self, fuzzable_request, orig_resp):
"""
:param freq: A FuzzableRequest
:param orig_resp: The HTTP response we get from sending the freq
Copy the FuzzableRequest before auditing.
I copy the fuzzable request, to avoid cross plugin contamination.
In other words, if one plugins modified the fuzzable request object
INSIDE that plugin, I don't want the next plugin to suffer from that.
"""
fuzzable_request = safe_deepcopy(fuzzable_request)
try:
return self.audit(fuzzable_request, orig_resp)
except FourOhFourDetectionException, ffde:
# We simply ignore any exceptions we find during the 404 detection
# process. FYI: This doesn't break the xurllib error handling which
# happens at lower layers.
#
# https://github.com/andresriancho/w3af/issues/8949
om.out.debug('%s' % ffde)
def discover_wrapper(self, fuzzable_request, debugging_id):
"""
Wrapper around the discover method to perform generic tasks such
as cloning the fuzzable request.
:param fuzzable_request: The target to use for infrastructure plugins.
:param debugging_id: A unique identifier for this call to discover()
"""
# I copy the fuzzable request, to avoid cross plugin contamination
# in other words, if one plugin modified the fuzzable request object
# INSIDE that plugin, I don't want the next plugin to suffer from that
fuzzable_request_copy = safe_deepcopy(fuzzable_request)
try:
return self.discover(fuzzable_request_copy, debugging_id)
except FourOhFourDetectionException, ffde:
# We simply ignore any exceptions we find during the 404 detection
# process. FYI: This doesn't break the xurllib error handling which
# happens at lower layers.
#
# https://github.com/andresriancho/w3af/issues/8949
om.out.debug('%s' % ffde)
def crawl_wrapper(self, fuzzable_request):
"""
Wrapper around the crawl method in order to perform some generic tasks.
"""
om.out.debug('[%s] Crawling "%s"' % (self.get_name(),
fuzzable_request.get_uri()))
# I copy the fuzzable request, to avoid cross plugin contamination
# in other words, if one plugin modified the fuzzable request object
# INSIDE that plugin, I don't want the next plugin to suffer from that
fuzzable_request_copy = safe_deepcopy(fuzzable_request)
# Crawl with timeout
try:
with ThreadingTimeout(self.PLUGIN_TIMEOUT, swallow_exc=False):
return self.crawl(fuzzable_request_copy)
except FourOhFourDetectionException, ffde:
# We simply ignore any exceptions we find during the 404 detection
# process. FYI: This doesn't break the xurllib error handling which
# happens at lower layers.
#
# https://github.com/andresriancho/w3af/issues/8949
om.out.debug('%s' % ffde)
