示例#1
0
    def test_no_cookie(self):
        freq = HTTPQSRequest(self.url)

        generated_mutants = CookieMutant.create_mutants(
            freq, self.payloads, [], False, self.fuzzer_config)

        self.assertEqual(len(generated_mutants), 0, generated_mutants)
示例#2
0
    def test_no_cookie(self):
        freq = FuzzableRequest(self.url)

        generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
                                                        False,
                                                        self.fuzzer_config)

        self.assertEqual(len(generated_mutants), 0, generated_mutants)
示例#3
0
    def test_not_qs_request(self):
        fuzzer_config = {'fuzz_cookies': True}
        freq = HTTPPostDataRequest(URL('http://www.w3af.com/foo/bar'))

        generated_mutants = CookieMutant.create_mutants(
            freq, self.payloads, [], False, fuzzer_config)

        self.assertEqual(len(generated_mutants), 0, generated_mutants)
示例#4
0
    def test_not_qs_request(self):
        fuzzer_config = {'fuzz_cookies': True}
        freq = FuzzableRequest(URL('http://www.w3af.com/foo/bar'))

        generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
                                                        False, fuzzer_config)

        self.assertEqual(len(generated_mutants), 0, generated_mutants)
示例#5
0
    def test_config_false(self):
        fuzzer_config = {'fuzz_cookies': False}
        freq = FuzzableRequest(URL('http://www.w3af.com/foo/bar'))

        generated_mutants = CookieMutant.create_mutants(
            freq, self.payloads, [], False, fuzzer_config)

        self.assertEqual(len(generated_mutants), 0, generated_mutants)
示例#6
0
    def test_config_true(self):
        fuzzer_config = {'fuzz_cookies': True}

        cookie = Cookie('foo=bar; spam=eggs')
        freq = HTTPQSRequest(self.url, cookie=cookie)

        generated_mutants = CookieMutant.create_mutants(
            freq, self.payloads, [], False, fuzzer_config)

        self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
示例#7
0
    def test_config_true(self):
        fuzzer_config = {'fuzz_cookies': True}

        cookie = Cookie('foo=bar; spam=eggs')
        freq = FuzzableRequest(self.url, cookie=cookie)

        generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
                                                        False, fuzzer_config)

        self.assertNotEqual(len(generated_mutants), 0, generated_mutants)
示例#8
0
    def test_should_inject_cookie_value(self):
        b64data = base64.b64encode(
            cPickle.dumps({
                'data': 'here',
                'cookie': 'A' * 16
            }))

        url = URL('http://moth/')
        cookie = Cookie('foo=%s' % b64data)
        freq = FuzzableRequest(url, cookie=cookie)

        mutant = CookieMutant.create_mutants(freq, self.payloads, [], False,
                                             self.fuzzer_config)[0]

        self.assertTrue(self.plugin._should_inject(mutant, 'python'))
示例#9
0
    def test_valid_results(self):
        cookie = Cookie('foo=bar; spam=eggs')
        freq = HTTPQSRequest(self.url, cookie=cookie)

        generated_mutants = CookieMutant.create_mutants(
            freq, self.payloads, [], False, self.fuzzer_config)

        self.assertEqual(len(generated_mutants), 4, generated_mutants)

        expected_cookies = [
            'foo=abc; spam=eggs;', 'foo=def; spam=eggs;', 'foo=bar; spam=abc;',
            'foo=bar; spam=def;'
        ]

        generated_cookies = [str(m.get_cookie()) for m in generated_mutants]
        self.assertEqual(expected_cookies, generated_cookies)

        generated_cookies = [str(m.get_dc()) for m in generated_mutants]
        self.assertEqual(expected_cookies, generated_cookies)
示例#10
0
    def test_valid_results(self):
        cookie = Cookie('foo=bar; spam=eggs')
        freq = FuzzableRequest(self.url, cookie=cookie)

        generated_mutants = CookieMutant.create_mutants(freq, self.payloads, [],
                                                        False,
                                                        self.fuzzer_config)

        self.assertEqual(len(generated_mutants), 4, generated_mutants)

        expected_cookies = ['foo=bar; spam=abc',
                            'foo=def; spam=eggs',
                            'foo=abc; spam=eggs',
                            'foo=bar; spam=def']


        generated_cookies = [str(m.get_cookie()) for m in generated_mutants]
        self.assertEqual(set(expected_cookies), set(generated_cookies))

        generated_cookies = [str(m.get_dc()) for m in generated_mutants]
        self.assertEqual(set(expected_cookies), set(generated_cookies))