def from_httplib_resp(cls, httplibresp, original_url=None): """ Factory function. Build a HTTPResponse object from a httplib.HTTPResponse instance :param httplibresp: httplib.HTTPResponse instance :param original_url: Optional 'url_object' instance. :return: A HTTPResponse instance """ resp = httplibresp code, msg, hdrs, body = (resp.code, resp.msg, resp.info(), resp.read()) hdrs = Headers(hdrs.items()) if original_url: url_inst = URL(resp.geturl(), original_url.encoding) url_inst = url_inst.url_decode() else: url_inst = original_url = URL(resp.geturl()) httplib_time = DEFAULT_WAIT_TIME if hasattr(httplibresp, 'get_wait_time'): # This is defined in the keep alive http response object httplib_time = httplibresp.get_wait_time() if isinstance(resp, urllib2.HTTPError): # This is possible because in errors.py I do: # err = urllib2.HTTPError(req.get_full_url(), code, msg, hdrs, resp) charset = getattr(resp.fp, 'encoding', None) else: # The encoding attribute is only set on CachedResponse instances charset = getattr(resp, 'encoding', None) return cls(code, body, hdrs, url_inst, original_url, msg, charset=charset, time=httplib_time)
def test_http_auth_detect_simple(self): body = '' hdrs = {'content-type': 'text/html', 'www-authenticate': 'realm-w3af'} hdrs = Headers(hdrs.items()) response = HTTPResponse(401, body, hdrs, self.url, self.url, _id=1) self.plugin.grep(self.request, response) self.assertEqual(len(kb.kb.get('http_auth_detect', 'auth')), 1) self.assertEqual(len(kb.kb.get('http_auth_detect', 'userPassUri')), 0)
def from_http_request(cls, request): """ :param request: The instance we'll use as base :return: An instance of FuzzableRequest based on a urllib2 HTTP request instance. """ headers = request.headers headers.update(request.unredirected_hdrs) headers = Headers(headers.items()) post_data = request.get_data() or "" return cls.from_parts(request.url_object, method=request.get_method(), headers=headers, post_data=post_data)
def test_analyze_cookies_with_httponly_case_sensitive_expires(self): body = '' url = URL('https://www.w3af.com/') headers = {'content-type': 'text/html', 'Set-Cookie': 'name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly'} headers = Headers(headers.items()) response = HTTPResponse(200, body, headers, url, url, _id=1) request = FuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEqual(len(kb.kb.get('analyze_cookies', 'cookies')), 1) self.assertEqual(len(kb.kb.get('analyze_cookies', 'security')), 0)
def test_analyze_cookies_with_httponly_case_sensitive_expires(self): body = '' url = URL('https://www.w3af.com/') c = 'name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT;Secure;HttpOnly' headers = {'content-type': 'text/html', 'Set-Cookie': c} headers = Headers(headers.items()) response = HTTPResponse(200, body, headers, url, url, _id=1) request = FuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEqual(len(kb.kb.get('analyze_cookies', 'cookies')), 1) self.assertEqual(len(kb.kb.get('analyze_cookies', 'security')), 0)
def from_http_request(cls, request): """ :param request: The instance we'll use as base :return: An instance of FuzzableRequest based on a urllib2 HTTP request instance. """ headers = request.headers headers.update(request.unredirected_hdrs) headers = Headers(headers.items()) post_data = request.get_data() or '' return cls.from_parts(request.url_object, method=request.get_method(), headers=headers, post_data=post_data)
def _urllib_request_to_fr(self, request): """ Convert a urllib2 request object to a FuzzableRequest. Used in http_request. :param request: A urllib2 request obj. :return: A FuzzableRequest. """ headers = request.headers headers.update(request.unredirected_hdrs) headers = Headers(headers.items()) fr = FuzzableRequest(request.url_object, request.get_method(), headers) fr.set_data(request.get_data() or '') return fr
def add_req(): url = request.json["url"] method = request.json["method"] post_data = request.json["post_data"] headers = request.json["headers"] cookie_string = request.json['cookie'] headers = Headers(headers.items()) freq = FuzzableRequest(URL(url), method, headers, Cookie(cookie_string), dc_from_hdrs_post(headers, post_data)) urllist.req_queue.put_nowait(freq) print("req size %d" % urllist.req_queue.qsize()) return jsonify({"status": True})
def http_response(self, request, response): if len(self._plugin_list) and response._connection.sock is not None: # Create the HTTPResponse object code, msg, hdrs = response.code, response.msg, response.info() hdrs = Headers(hdrs.items()) url_instance = URL(response.geturl()) body = response.read() # Id is not here, the mangle is done BEFORE logging # id = response.id http_resp = HTTPResponse(code, body, hdrs, url_instance, request.url_object, msg=msg) for plugin in self._plugin_list: plugin.mangle_response(http_resp) response = self._HTTPResponse2httplib(response, http_resp) return response
def create_fuzzable_requests(resp, request=None, add_self=True): """ Generates the fuzzable requests based on an HTTP response instance. :param resp: An HTTPResponse instance. :param request: The HTTP request that generated the resp :param add_self: If I should add the current HTTP request (:param request) to the result on not. :return: A list of fuzzable requests. """ res = [] # Headers for all fuzzable requests created here: # And add the fuzzable headers to the dict req_headers = dict((h, '') for h in cf.cf.get('fuzzable_headers')) req_headers.update(request and request.get_headers() or {}) req_headers = Headers(req_headers.items()) # Get the cookie! cookieObj = _create_cookie(resp) # Create the fuzzable request that represents the request object # passed as parameter if add_self: qsr = HTTPQSRequest(resp.get_uri(), headers=req_headers, cookie=cookieObj) res.append(qsr) # If response was a 30X (i.e. a redirect) then include the # corresponding fuzzable request. resp_headers = resp.get_headers() for url_header_name in URL_HEADERS: url_header_value, _ = resp_headers.iget(url_header_name, '') if url_header_value: url = smart_unicode(url_header_value, encoding=resp.charset) try: absolute_location = resp.get_url().url_join(url) except ValueError: msg = 'The application sent a "%s" redirect that w3af' \ ' failed to correctly parse as an URL, the header' \ ' value was: "%s"' om.out.debug(msg % (url_header_name, url)) else: qsr = HTTPQSRequest(absolute_location, headers=req_headers, cookie=cookieObj) res.append(qsr) # Try to find forms in the document try: dp = parser_cache.dpc.get_document_parser_for(resp) except BaseFrameworkException: # Failed to find a suitable parser for the document form_list = [] else: form_list = dp.get_forms() same_domain = lambda f: f.get_action().get_domain() == \ resp.get_url().get_domain() form_list = [f for f in form_list if same_domain(f)] if not form_list: # Check if its a wsdl file #TODO: Rewrite web service support """ wsdlp = WSDLParser() try: wsdlp.set_wsdl(resp.get_body()) except BaseFrameworkException: pass else: for rem_meth in wsdlp.get_methods(): wspdr = WebServiceRequest( rem_meth.get_location(), rem_meth.get_action(), rem_meth.get_parameters(), rem_meth.get_namespace(), rem_meth.get_methodName(), req_headers ) res.append(wspdr) """ else: # Create one HTTPPostDataRequest for each form variant mode = cf.cf.get('form_fuzzing_mode') for form in form_list: for variant in form.get_variants(mode): if form.get_method().upper() == 'POST': r = HTTPPostDataRequest(variant.get_action(), variant.get_method(), req_headers, cookieObj, variant) else: # The default is a GET request r = HTTPQSRequest(variant.get_action(), headers=req_headers, cookie=cookieObj) r.set_dc(variant) res.append(r) return res
def create_fuzzable_requests(resp, request=None, add_self=True): """ Generates the fuzzable requests based on an HTTP response instance. :param resp: An HTTPResponse instance. :param request: The HTTP request that generated the resp :param add_self: If I should add the current HTTP request (:param request) to the result on not. :return: A list of fuzzable requests. """ res = [] # Headers for all fuzzable requests created here: # And add the fuzzable headers to the dict req_headers = dict((h, '') for h in cf.cf.get('fuzzable_headers')) req_headers.update(request and request.get_headers() or {}) req_headers = Headers(req_headers.items()) # Get the cookie! cookie_obj = _create_cookie(resp) # Create the fuzzable request that represents the request object # passed as parameter if add_self: qsr = HTTPQSRequest( resp.get_uri(), headers=req_headers, cookie=cookie_obj ) res.append(qsr) # If response was a 30X (i.e. a redirect) then include the # corresponding fuzzable request. resp_headers = resp.get_headers() for url_header_name in URL_HEADERS: url_header_value, _ = resp_headers.iget(url_header_name, '') if url_header_value: url = smart_unicode(url_header_value, encoding=resp.charset) try: absolute_location = resp.get_url().url_join(url) except ValueError: msg = 'The application sent a "%s" redirect that w3af' \ ' failed to correctly parse as an URL, the header' \ ' value was: "%s"' om.out.debug(msg % (url_header_name, url)) else: qsr = HTTPQSRequest( absolute_location, headers=req_headers, cookie=cookie_obj ) res.append(qsr) # Try to find forms in the document try: dp = parser_cache.dpc.get_document_parser_for(resp) except BaseFrameworkException: # Failed to find a suitable parser for the document form_list = [] else: form_list = dp.get_forms() same_domain = lambda f: f.get_action().get_domain() == \ resp.get_url().get_domain() form_list = [f for f in form_list if same_domain(f)] if not form_list: # Check if its a wsdl file #TODO: Rewrite web service support """ wsdlp = WSDLParser() try: wsdlp.set_wsdl(resp.get_body()) except BaseFrameworkException: pass else: for rem_meth in wsdlp.get_methods(): wspdr = WebServiceRequest( rem_meth.get_location(), rem_meth.get_action(), rem_meth.get_parameters(), rem_meth.get_namespace(), rem_meth.get_methodName(), req_headers ) res.append(wspdr) """ else: # Create one HTTPPostDataRequest for each form variant mode = cf.cf.get('form_fuzzing_mode') for form in form_list: for variant in form.get_variants(mode): if form.get_method().upper() == 'POST': r = HTTPPostDataRequest( variant.get_action(), variant.get_method(), req_headers, cookie_obj, variant) else: # The default is a GET request r = HTTPQSRequest( variant.get_action(), headers=req_headers, cookie=cookie_obj ) r.set_dc(variant) res.append(r) return res