def test_mutant_creation(self):
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'),
dc=form,
method='PUT')
created_mutants = PostDataMutant.create_mutants(
freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
Form([('username', ['abc']), ('address', ['Bonsai Street 123'])]),
Form([('username', ['def']), ('address', ['Bonsai Street 123'])]),
Form([('username', ['John8212']), ('address', ['abc'])]),
Form([('username', ['John8212']), ('address', ['def'])])
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), 'username')
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), '')
self.assertEqual(created_mutants[2].get_var(), 'address')
self.assertEqual(created_mutants[2].get_var_index(), 0)
self.assertEqual(created_mutants[2].get_original_value(), '')
for m in created_mutants:
self.assertIsInstance(m, PostDataMutant)
for m in created_mutants:
self.assertEqual(m.get_method(), 'PUT')
def test_mutant_smart_fill_simple(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
filled_form = mutant_smart_fill(freq, original_form, "username", 0, self.fuzzer_config)
self.assertEqual(id(original_form), id(filled_form))
self.assertEqual(filled_form["username"], [""])
self.assertEqual(filled_form["address"], ["Bonsai Street 123"])
def test_is_suitable(self):
# False because no cookie is set and no QS nor post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False because no cookie is set
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
url_sends_cookie = URL(
'http://moth/w3af/core/cookie_handler/set-cookie.php')
self.uri_opener.GET(url_sends_cookie)
# Still false because it doesn't have any QS or POST data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
self.csrf_plugin._strict_mode = True
# Still false because of the strict mode
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False, no items in dc
url = URL('http://moth/')
req = FuzzableRequest(url, method='POST', dc=Form())
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# True, items in DC, POST (passes strict mode) and cookies
url = URL('http://moth/')
form = Form()
form.add_input([('name', 'test'), ('type', 'text')])
req = FuzzableRequest(url, method='POST', dc=form)
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
self.csrf_plugin._strict_mode = False
# True now that we have strict mode off, cookies and QS
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
def test_is_suitable(self):
# False because no cookie is set and no QS nor post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False because no cookie is set
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
url_sends_cookie = URL(
'http://moth/w3af/core/cookie_handler/set-cookie.php')
self.uri_opener.GET(url_sends_cookie)
# Still false because it doesn't have any QS or POST data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
self.csrf_plugin._strict_mode = True
# Still false because of the strict mode
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False, no items in dc
url = URL('http://moth/')
req = FuzzableRequest(url, method='POST', dc=Form())
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# True, items in DC, POST (passes strict mode) and cookies
url = URL('http://moth/')
form = Form()
form.add_input([('name', 'test'), ('type', 'text')])
req = FuzzableRequest(url, method='POST', dc=form)
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
self.csrf_plugin._strict_mode = False
# True now that we have strict mode off, cookies and QS
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
def test_mutant_creation_qs_and_postdata(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "password"), ("value", "")])
url = URL('http://moth/foo.bar?action=login')
freq = HTTPPostDataRequest(url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
expected_dc_lst = [
Form([('username', ['abc']), ('password', ['FrAmE30.'])]),
Form([('username', ['def']), ('password', ['FrAmE30.'])]),
Form([('username', ['John8212']), ('password', ['abc'])]),
Form([('username', ['John8212']), ('password', ['def'])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
created_urls = [i.get_uri() for i in created_mutants]
self.assertEqual(created_urls, [
url,
] * 4)
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_creation_post_data(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
original_form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)
self.assertEqual(len(created_mutants), 4, created_mutants)
expected_username_values = self.payloads + ['John8212'] * 2
expected_address_values = ['Bonsai Street 123'] * 2 + self.payloads
expected_file_values = ['GIF89a'] * 4
created_dc_lst = [i.get_dc() for i in created_mutants]
generated_username_values = [
dc['username'][0] for dc in created_dc_lst
]
generated_address_values = [dc['address'][0] for dc in created_dc_lst]
generated_file_values = [dc['file'][0] for dc in created_dc_lst]
self.assertEqual(expected_username_values, generated_username_values)
self.assertEqual(expected_address_values, generated_address_values)
for index, gen_file_value in enumerate(generated_file_values):
startswith = gen_file_value.startswith(expected_file_values[index])
self.assertTrue(startswith, gen_file_value)
self.assertTrue(
all(str_file.name[-4:].startswith('.gif')
for str_file in generated_file_values))
def test_mutant_creation_repeated_parameter_name(self):
form = Form()
form.add_input([("name", "id"), ("value", "")])
form.add_input([("name", "id"), ("value", "")])
freq = HTTPPostDataRequest(URL('http://w3af.com/?foo=3'),
dc=form,
method='GET')
created_mutants = PostDataMutant.create_mutants(
freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
Form([('id', ['abc', '3419'])]),
Form([('id', ['def', '3419'])]),
Form([('id', ['3419', 'abc'])]),
Form([('id', ['3419', 'def'])])
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), 'id')
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), '')
self.assertEqual(created_mutants[2].get_var(), 'id')
self.assertEqual(created_mutants[2].get_var_index(), 1)
self.assertEqual(created_mutants[2].get_original_value(), '')
for m in created_mutants:
self.assertIsInstance(m, PostDataMutant)
for m in created_mutants:
self.assertEqual(m.get_method(), 'GET')
def test_mutant_creation_post_data(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
original_form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
self.assertEqual(len(created_mutants), 4, created_mutants)
expected_username_values = self.payloads + ["John8212"] * 2
expected_address_values = ["Bonsai Street 123"] * 2 + self.payloads
expected_file_values = ["GIF89a"] * 4
created_dc_lst = [i.get_dc() for i in created_mutants]
generated_username_values = [dc["username"][0] for dc in created_dc_lst]
generated_address_values = [dc["address"][0] for dc in created_dc_lst]
generated_file_values = [dc["file"][0] for dc in created_dc_lst]
self.assertEqual(expected_username_values, generated_username_values)
self.assertEqual(expected_address_values, generated_address_values)
for index, gen_file_value in enumerate(generated_file_values):
startswith = gen_file_value.startswith(expected_file_values[index])
self.assertTrue(startswith, gen_file_value)
self.assertTrue(all(str_file.name[-4:].startswith(".gif") for str_file in generated_file_values))
def test_form_file_post_no_files(self):
cf_singleton.save('fuzzable_headers', [])
cf_singleton.save('fuzz_cookies', False)
cf_singleton.save('fuzz_url_filenames', False)
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', True) # This one changed
cf_singleton.save('fuzz_url_parts', False)
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'),
dc=form,
method='PUT')
generated_mutants = create_mutants(freq, self.payloads)
self.assertTrue(
all('http://www.w3af.com/?id=3' == m.get_uri().url_string
for m in generated_mutants))
self.assertTrue(
all(isinstance(m, PostDataMutant) for m in generated_mutants),
generated_mutants)
self.assertTrue(all(m.get_method() == 'PUT'
for m in generated_mutants))
expected_dc_lst = [
Form([('username', ['abc']), ('address', ['Bonsai Street 123'])]),
Form([('username', ['def']), ('address', ['Bonsai Street 123'])]),
Form([('username', ['John8212']), ('address', ['abc'])]),
Form([('username', ['John8212']), ('address', ['def'])])
]
created_dc_lst = [i.get_dc() for i in generated_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_form_file_post_no_files(self):
cf_singleton.save('fuzzable_headers', [])
cf_singleton.save('fuzz_cookies', False)
cf_singleton.save('fuzz_url_filenames', False)
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', True) # This one changed
cf_singleton.save('fuzz_url_parts', False)
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'), dc=form,
method='PUT')
generated_mutants = create_mutants(freq, self.payloads)
self.assertTrue(all('http://www.w3af.com/?id=3' == m.get_uri().url_string
for m in generated_mutants))
self.assertTrue(all(isinstance(m, PostDataMutant)
for m in generated_mutants), generated_mutants)
self.assertTrue(
all(m.get_method() == 'PUT' for m in generated_mutants))
expected_dc_lst = [Form([('username', ['abc']),
('address', ['Bonsai Street 123'])]),
Form([('username', ['def']),
('address', ['Bonsai Street 123'])]),
Form([('username', ['John8212']),
('address', ['abc'])]),
Form([('username', ['John8212']),
('address', ['def'])])]
created_dc_lst = [i.get_dc() for i in generated_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_creation_qs_and_postdata(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "password"), ("value", "")])
url = URL("http://moth/foo.bar?action=login")
freq = HTTPPostDataRequest(url, dc=original_form)
created_mutants = Mutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
Form([("username", ["abc"]), ("password", ["FrAmE30."])]),
Form([("username", ["def"]), ("password", ["FrAmE30."])]),
Form([("username", ["John8212"]), ("password", ["abc"])]),
Form([("username", ["John8212"]), ("password", ["def"])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
created_urls = [i.get_uri() for i in created_mutants]
self.assertEqual(created_urls, [url] * 4)
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_valid_results(self):
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=form)
generated_mutants = FileContentMutant.create_mutants(
freq, self.payloads, [],
False, self.fuzzer_config)
self.assertEqual(len(generated_mutants), 2, generated_mutants)
expected_data = [Form([('username', ['John8212']), ('file', ['abc'])]),
Form([('username', ['John8212']), ('file', ['def'])]), ]
generated_data = [m.get_data() for m in generated_mutants]
self.assertEqual(expected_data, generated_data)
str_file = generated_data[0]['file'][0]
self.assertEqual(str_file.name[-4:], '.gif')
self.assertIn('abc', str_file)
def test_config_true(self):
fuzzer_config = {
'fuzz_form_files': True,
'fuzzed_files_extension': 'gif'
}
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=form)
generated_mutants = FileContentMutant.create_mutants(
freq, self.payloads, [], False, fuzzer_config)
self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def test_config_true(self):
fuzzer_config = {'fuzz_form_files': True,
'fuzzed_files_extension': 'gif'}
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=form)
generated_mutants = FileContentMutant.create_mutants(
freq, self.payloads, [],
False, fuzzer_config)
self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def test_mutant_smart_fill_with_file(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
original_form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
filled_form = mutant_smart_fill(freq, original_form, "username", 0, self.fuzzer_config)
self.assertEqual(id(original_form), id(filled_form))
self.assertEqual(filled_form["username"], [""])
self.assertEqual(filled_form["address"], ["Bonsai Street 123"])
str_file = filled_form["file"][0]
self.assertEqual(str_file.name[-4:], ".gif")
self.assertIn("GIF", str_file)
def test_mutant_smart_fill_with_file(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
original_form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
filled_form = mutant_smart_fill(freq, original_form, 'username', 0,
self.fuzzer_config)
self.assertEqual(id(original_form), id(filled_form))
self.assertEqual(filled_form['username'], [
'',
])
self.assertEqual(filled_form['address'], [
'Bonsai Street 123',
])
str_file = filled_form['file'][0]
self.assertEqual(str_file.name[-4:], '.gif')
self.assertIn('GIF', str_file)
def test_found_at(self):
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
freq = HTTPPostDataRequest(URL('http://www.w3af.com/?id=3'),
dc=form,
method='PUT')
m = PostDataMutant(freq)
m.set_var('username')
expected = '"http://www.w3af.com/?id=3", using HTTP method PUT. '\
'The sent post-data was: "username=&address=" '\
'which modifies the "username" parameter.'
self.assertEqual(m.found_at(), expected)
def test_valid_results(self):
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=form)
generated_mutants = FileContentMutant.create_mutants(
freq, self.payloads, [], False, self.fuzzer_config)
self.assertEqual(len(generated_mutants), 2, generated_mutants)
expected_data = [
Form([('username', ['John8212']), ('file', ['abc'])]),
Form([('username', ['John8212']), ('file', ['def'])]),
]
generated_data = [m.get_data() for m in generated_mutants]
self.assertEqual(expected_data, generated_data)
str_file = generated_data[0]['file'][0]
self.assertEqual(str_file.name[-4:], '.gif')
self.assertIn('abc', str_file)
def test_mutant_smart_fill_simple(self):
original_form = Form()
original_form.add_input([("name", "username"), ("value", "")])
original_form.add_input([("name", "address"), ("value", "")])
freq = HTTPPostDataRequest(self.url, dc=original_form)
filled_form = mutant_smart_fill(freq, original_form, 'username', 0,
self.fuzzer_config)
self.assertEqual(id(original_form), id(filled_form))
self.assertEqual(filled_form['username'], [
'',
])
self.assertEqual(filled_form['address'], [
'Bonsai Street 123',
])
def test_basics(self):
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=form)
m = FileContentMutant(freq)
m.set_var('file', 0)
m.set_mod_value('abc')
self.assertEqual(m.get_url().url_string, 'http://moth/')
expected_mod_value = 'The data that was sent is: "username=&file=abc&address=".'
generated_mod_value = m.print_mod_value()
self.assertEqual(generated_mod_value, expected_mod_value)
expected_found_at = u'"http://moth/", using HTTP method POST. The'\
' sent post-data was: "username=&file=abc&address="'\
' which modifies the uploaded file content.'
generated_found_at = m.found_at()
self.assertEqual(generated_found_at, expected_found_at)
def test_basics(self):
form = Form()
form.add_input([("name", "username"), ("value", "")])
form.add_input([("name", "address"), ("value", "")])
form.add_file_input([("name", "file"), ("type", "file")])
freq = HTTPPostDataRequest(self.url, dc=form)
m = FileContentMutant(freq)
m.set_var('file', 0)
m.set_mod_value('abc')
self.assertEqual(m.get_url().url_string, 'http://moth/')
expected_mod_value = 'The data that was sent is: "username=&file=abc&address=".'
generated_mod_value = m.print_mod_value()
self.assertEqual(generated_mod_value, expected_mod_value)
expected_found_at = u'"http://moth/", using HTTP method POST. The'\
' sent post-data was: "username=&file=abc&address="'\
' which modifies the uploaded file content.'
generated_found_at = m.found_at()
self.assertEqual(generated_found_at, expected_found_at)
def test_mutant_creation_file(self):
form = Form()
form.add_input([("name", "username"), ("value", "default")])
form.add_file_input([("name", "file_upload")])
freq = HTTPPostDataRequest(URL('http://www.w3af.com/upload'),
dc=form,
method='POST')
payloads = [
file(__file__),
]
created_mutants = PostDataMutant.create_mutants(
freq, payloads, [
'file_upload',
], False, self.fuzzer_config)
self.assertEqual(len(created_mutants), 1, created_mutants)
mutant = created_mutants[0]
self.assertIsInstance(mutant.get_dc()['file_upload'][0], file)
self.assertEqual(mutant.get_dc()['username'][0], 'default')