def test_no_cookie(self):
freq = HTTPQSRequest(self.url)
generated_mutants = CookieMutant.create_mutants(
freq, self.payloads, [], False, self.fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_no_cookie(self):
freq = FuzzableRequest(self.url)
generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
False,
self.fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_not_qs_request(self):
fuzzer_config = {'fuzz_cookies': True}
freq = HTTPPostDataRequest(URL('http://www.w3af.com/foo/bar'))
generated_mutants = CookieMutant.create_mutants(
freq, self.payloads, [], False, fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_not_qs_request(self):
fuzzer_config = {'fuzz_cookies': True}
freq = FuzzableRequest(URL('http://www.w3af.com/foo/bar'))
generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
False, fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_config_false(self):
fuzzer_config = {'fuzz_cookies': False}
freq = FuzzableRequest(URL('http://www.w3af.com/foo/bar'))
generated_mutants = CookieMutant.create_mutants(
freq, self.payloads, [], False, fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_config_true(self):
fuzzer_config = {'fuzz_cookies': True}
cookie = Cookie('foo=bar; spam=eggs')
freq = HTTPQSRequest(self.url, cookie=cookie)
generated_mutants = CookieMutant.create_mutants(
freq, self.payloads, [], False, fuzzer_config)
self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def test_config_true(self):
fuzzer_config = {'fuzz_cookies': True}
cookie = Cookie('foo=bar; spam=eggs')
freq = FuzzableRequest(self.url, cookie=cookie)
generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
False, fuzzer_config)
self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
def test_should_inject_cookie_value(self):
b64data = base64.b64encode(
cPickle.dumps({
'data': 'here',
'cookie': 'A' * 16
}))
url = URL('http://moth/')
cookie = Cookie('foo=%s' % b64data)
freq = FuzzableRequest(url, cookie=cookie)
mutant = CookieMutant.create_mutants(freq, self.payloads, [], False,
self.fuzzer_config)[0]
self.assertTrue(self.plugin._should_inject(mutant, 'python'))
def test_valid_results(self):
cookie = Cookie('foo=bar; spam=eggs')
freq = HTTPQSRequest(self.url, cookie=cookie)
generated_mutants = CookieMutant.create_mutants(
freq, self.payloads, [], False, self.fuzzer_config)
self.assertEqual(len(generated_mutants), 4, generated_mutants)
expected_cookies = [
'foo=abc; spam=eggs;', 'foo=def; spam=eggs;', 'foo=bar; spam=abc;',
'foo=bar; spam=def;'
]
generated_cookies = [str(m.get_cookie()) for m in generated_mutants]
self.assertEqual(expected_cookies, generated_cookies)
generated_cookies = [str(m.get_dc()) for m in generated_mutants]
self.assertEqual(expected_cookies, generated_cookies)
def test_valid_results(self):
cookie = Cookie('foo=bar; spam=eggs')
freq = FuzzableRequest(self.url, cookie=cookie)
generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
False,
self.fuzzer_config)
self.assertEqual(len(generated_mutants), 4, generated_mutants)
expected_cookies = ['foo=bar; spam=abc',
'foo=def; spam=eggs',
'foo=abc; spam=eggs',
'foo=bar; spam=def']
generated_cookies = [str(m.get_cookie()) for m in generated_mutants]
self.assertEqual(set(expected_cookies), set(generated_cookies))
generated_cookies = [str(m.get_dc()) for m in generated_mutants]
self.assertEqual(set(expected_cookies), set(generated_cookies))
