def test_no_cookie(self): freq = HTTPQSRequest(self.url) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, self.fuzzer_config) self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_no_cookie(self): freq = FuzzableRequest(self.url) generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_not_qs_request(self): fuzzer_config = {'fuzz_cookies': True} freq = HTTPPostDataRequest(URL('http://www.w3af.com/foo/bar')) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, fuzzer_config) self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_not_qs_request(self): fuzzer_config = {'fuzz_cookies': True} freq = FuzzableRequest(URL('http://www.w3af.com/foo/bar')) generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [], False, fuzzer_config) self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_config_false(self): fuzzer_config = {'fuzz_cookies': False} freq = FuzzableRequest(URL('http://www.w3af.com/foo/bar')) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, fuzzer_config) self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_config_true(self): fuzzer_config = {'fuzz_cookies': True} cookie = Cookie('foo=bar; spam=eggs') freq = HTTPQSRequest(self.url, cookie=cookie) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, fuzzer_config) self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def test_config_true(self): fuzzer_config = {'fuzz_cookies': True} cookie = Cookie('foo=bar; spam=eggs') freq = FuzzableRequest(self.url, cookie=cookie) generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [], False, fuzzer_config) self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def test_basics(self): cookie = Cookie('foo=bar; spam=eggs') freq = FuzzableRequest(self.url, cookie=cookie) m = CookieMutant(freq) m.get_dc().set_token(('foo', 0)) m.set_token_value('abc') self.assertEqual(m.get_url().url_string, 'http://moth/') self.assertEqual(str(m.get_cookie()), 'foo=abc; spam=eggs') expected_found_at = '"http://moth/", using HTTP method GET. The modified'\ ' parameter was the session cookie with value: '\ '"foo=abc; spam=eggs".' generated_found_at = m.found_at() self.assertEqual(generated_found_at, expected_found_at)
def test_basics(self): cookie = Cookie('foo=bar; spam=eggs') freq = HTTPQSRequest(self.url, cookie=cookie) m = CookieMutant(freq) m.set_var('foo', 0) m.set_mod_value('abc') self.assertEqual(m.get_url().url_string, 'http://moth/') self.assertEqual(str(m.get_cookie()), 'foo=abc; spam=eggs;') expected_mod_value = 'The cookie data that was sent is: "foo=abc;'\ ' spam=eggs;".' generated_mod_value = m.print_mod_value() self.assertEqual(generated_mod_value, expected_mod_value) expected_found_at = '"http://moth/", using HTTP method GET. The modified'\ ' parameter was the session cookie with value: '\ '"foo=abc; spam=eggs;".' generated_found_at = m.found_at() self.assertEqual(generated_found_at, expected_found_at)
def test_should_inject_cookie_value(self): b64data = base64.b64encode( cPickle.dumps({ 'data': 'here', 'cookie': 'A' * 16 })) url = URL('http://moth/') cookie = Cookie('foo=%s' % b64data) freq = FuzzableRequest(url, cookie=cookie) mutant = CookieMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)[0] self.assertTrue(self.plugin._should_inject(mutant, 'python'))
def test_valid_results(self): cookie = Cookie('foo=bar; spam=eggs') freq = HTTPQSRequest(self.url, cookie=cookie) generated_mutants = CookieMutant.create_mutants( freq, self.payloads, [], False, self.fuzzer_config) self.assertEqual(len(generated_mutants), 4, generated_mutants) expected_cookies = [ 'foo=abc; spam=eggs;', 'foo=def; spam=eggs;', 'foo=bar; spam=abc;', 'foo=bar; spam=def;' ] generated_cookies = [str(m.get_cookie()) for m in generated_mutants] self.assertEqual(expected_cookies, generated_cookies) generated_cookies = [str(m.get_dc()) for m in generated_mutants] self.assertEqual(expected_cookies, generated_cookies)
def test_valid_results(self): cookie = Cookie('foo=bar; spam=eggs') freq = FuzzableRequest(self.url, cookie=cookie) generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) self.assertEqual(len(generated_mutants), 4, generated_mutants) expected_cookies = ['foo=bar; spam=abc', 'foo=def; spam=eggs', 'foo=abc; spam=eggs', 'foo=bar; spam=def'] generated_cookies = [str(m.get_cookie()) for m in generated_mutants] self.assertEqual(set(expected_cookies), set(generated_cookies)) generated_cookies = [str(m.get_dc()) for m in generated_mutants] self.assertEqual(set(expected_cookies), set(generated_cookies))