def test_basic(self): freq = FuzzableRequest(URL('http://www.w3af.com/')) fake_ref = 'http://w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') original_referer = freq.get_referer() mutant.set_original_value(original_referer) mutant.set_mod_value(fake_ref) self.assertEqual(mutant.get_headers()['Referer'], fake_ref) self.assertEqual(mutant.get_original_value(), original_referer)
def test_basic(self): freq = FuzzableRequest(URL('http://www.w3af.com/')) fake_ref = 'http://w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') original_referer = freq.get_referer() mutant.set_original_value(original_referer) mutant.set_mod_value(fake_ref) self.assertEqual(mutant.get_headers()['Referer'], fake_ref) self.assertEqual(mutant.get_original_value(), original_referer)
def test_mutant_creation(self): url = URL('http://moth/?a=1&b=2') original_referer = 'http://moths/' headers = Headers([('Referer', original_referer)]) freq = FuzzableRequest(url, headers=headers) created_mutants = HeadersMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_strs = {'Referer: abc\r\n', 'Referer: def\r\n'} expected_dcs = [ Headers([('Referer', 'abc')]), Headers([('Referer', 'def')]) ] created_dcs = [i.get_dc() for i in created_mutants] created_strs = set([str(i.get_dc()) for i in created_mutants]) self.assertEqual(created_dcs, expected_dcs) self.assertEqual(created_strs, expected_strs) token = created_mutants[0].get_token() self.assertEqual(token.get_name(), 'Referer') self.assertEqual(token.get_original_value(), original_referer) self.assertEqual(token.get_value(), 'abc') token = created_mutants[1].get_token() self.assertEqual(token.get_name(), 'Referer') self.assertEqual(token.get_original_value(), original_referer) self.assertEqual(token.get_value(), 'def') for m in created_mutants: self.assertIsInstance(m, HeadersMutant)
def test_mutant_creation(self): url = URL('http://moth/?a=1&b=2') headers = Headers([('Referer', 'http://moth/')]) freq = HTTPQSRequest(url, headers=headers) created_mutants = HeadersMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dc_lst = [ Headers([('Referer', 'abc')]), Headers([('Referer', 'def')]) ] created_dc_lst = [i.get_dc() for i in created_mutants] self.assertEqual(created_dc_lst, expected_dc_lst) self.assertEqual(created_mutants[0].get_var(), 'Referer') self.assertEqual(created_mutants[0].get_var_index(), 0) self.assertEqual(created_mutants[0].get_original_value(), '') self.assertEqual(created_mutants[1].get_var(), 'Referer') self.assertEqual(created_mutants[1].get_var_index(), 0) self.assertEqual(created_mutants[1].get_original_value(), '') self.assertTrue( all(isinstance(m, HeadersMutant) for m in created_mutants))
def test_mutant_creation(self): url = URL('http://moth/?a=1&b=2') original_referer = 'http://moths/' headers = Headers([('Referer', original_referer)]) freq = FuzzableRequest(url, headers=headers) created_mutants = HeadersMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_strs = {'Referer: abc\r\n', 'Referer: def\r\n'} expected_dcs = [Headers([('Referer', 'abc')]), Headers([('Referer', 'def')])] created_dcs = [i.get_dc() for i in created_mutants] created_strs = set([str(i.get_dc()) for i in created_mutants]) self.assertEqual(created_dcs, expected_dcs) self.assertEqual(created_strs, expected_strs) token = created_mutants[0].get_token() self.assertEqual(token.get_name(), 'Referer') self.assertEqual(token.get_original_value(), original_referer) self.assertEqual(token.get_value(), 'abc') token = created_mutants[1].get_token() self.assertEqual(token.get_name(), 'Referer') self.assertEqual(token.get_original_value(), original_referer) self.assertEqual(token.get_value(), 'def') for m in created_mutants: self.assertIsInstance(m, HeadersMutant)
def _is_origin_checked(self, freq, orig_response): """ :return: True if the remote web application verifies the Referer before processing the HTTP request. """ fake_ref = 'http://www.w3af.org/' mutant = HeadersMutant(copy.deepcopy(freq)) headers = mutant.get_dc() headers['Referer'] = fake_ref mutant.set_token(('Referer',)) mutant_response = self._uri_opener.send_mutant(mutant) if not self._is_resp_equal(orig_response, mutant_response): return True return False
def create_mutant(self, freq, header_name): headers = freq.get_headers() headers[header_name] = "" freq.set_headers(headers) fuzzer_config = {"fuzzable_headers": [TEST_HEADER]} mutant = HeadersMutant.create_mutants(freq, [""], [TEST_HEADER], False, fuzzer_config)[0] return mutant
def create_mutant(self, freq, header_name): headers = freq.get_headers() headers[header_name] = '' freq.set_headers(headers) fuzzer_config = {'fuzzable_headers': [TEST_HEADER]} mutant = HeadersMutant.create_mutants(freq, [''], [TEST_HEADER], False, fuzzer_config)[0] return mutant
def create_mutants(self, freq, headers_name): for header_name in headers_name: headers = freq.get_headers() headers[header_name] = '' freq.set_headers(headers) fuzzer_config = {'fuzzable_headers': [header_name]} mutant = HeadersMutant.create_mutants(freq, [''], [header_name], False, fuzzer_config)[0] yield mutant
def test_found_at(self): headers = Headers([('Referer', 'http://moth/')]) freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), headers=headers) m = HeadersMutant(freq) m.get_dc().set_token(('Referer', )) m.set_token_value('foo') expected = '"http://www.w3af.com/", using HTTP method GET. The'\ ' modified header was: "Referer" and it\'s value was: "foo".' self.assertEqual(m.found_at(), expected)
def _is_origin_checked(self, freq, orig_response): """ :return: True if the remote web application verifies the Referer before processing the HTTP request. """ fake_ref = 'http://www.w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') mutant.set_original_value(freq.get_referer()) mutant.set_mod_value(fake_ref) mutant_response = self._uri_opener.send_mutant(mutant) if not self._is_resp_equal(orig_response, mutant_response): return True return False
def test_basic(self): referer_1 = 'http://w3af.org/' referer_2 = 'http://spam.w3af.org/' freq = FuzzableRequest(URL('http://www.w3af.com/'), headers=Headers([('Referer', referer_1)])) self.assertEqual(freq.get_referer(), referer_1) m = HeadersMutant(freq) m.get_dc().set_token(('Referer', )) m.set_token_value(referer_2) self.assertEqual(m.get_token_value(), referer_2)
def test_found_at(self): headers = Headers([('Referer', 'http://moth/')]) freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), headers=headers) m = HeadersMutant(freq) m.set_var('Referer') m.set_mod_value('foo') expected = '"http://www.w3af.com/", using HTTP method GET. The modified'\ ' header was: "Referer" and it\'s value was: "foo".' self.assertEqual(m.found_at(), expected)
def _is_origin_checked(self, freq, orig_response): """ :return: True if the remote web application verifies the Referer before processing the HTTP request. """ fake_ref = 'http://www.w3af.org/' mutant = HeadersMutant(freq.copy()) mutant.set_var('Referer') mutant.set_original_value(freq.get_referer()) mutant.set_mod_value(fake_ref) mutant_response = self._uri_opener.send_mutant(mutant) if not self._is_resp_equal(orig_response, mutant_response): return True return False
def test_basic(self): referer_1 = 'http://w3af.org/' referer_2 = 'http://spam.w3af.org/' freq = FuzzableRequest(URL('http://www.w3af.com/'), headers=Headers([('Referer', referer_1)])) self.assertEqual(freq.get_referer(), referer_1) m = HeadersMutant(freq) m.get_dc().set_token(('Referer',)) m.set_token_value(referer_2) self.assertEqual(m.get_token_value(), referer_2)
def test_mutant_creation(self): url = URL('http://moth/?a=1&b=2') headers = Headers([('Referer', 'http://moth/')]) freq = HTTPQSRequest(url, headers=headers) created_mutants = HeadersMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dc_lst = [Headers([('Referer', 'abc')]), Headers([('Referer', 'def')])] created_dc_lst = [i.get_dc() for i in created_mutants] self.assertEqual(created_dc_lst, expected_dc_lst) self.assertEqual(created_mutants[0].get_var(), 'Referer') self.assertEqual(created_mutants[0].get_var_index(), 0) self.assertEqual(created_mutants[0].get_original_value(), '') self.assertEqual(created_mutants[1].get_var(), 'Referer') self.assertEqual(created_mutants[1].get_var_index(), 0) self.assertEqual(created_mutants[1].get_original_value(), '') self.assertTrue( all(isinstance(m, HeadersMutant) for m in created_mutants))