def handle_request_in_thread(self, flow): """ This method handles EVERY request that was send by the browser, we receive the request and: * Check if it's a request to indicate we should finish, if not * Parse it and send to the core :param flow: A libmproxy flow containing the request """ http_request = self._to_w3af_request(flow.request) uri = http_request.get_uri() msg = '[spider_man] Handling request: %s %s' om.out.debug(msg % (http_request.get_method(), uri)) if uri.get_domain() == self.parent_process.target_domain: grep = True else: grep = False try: if self._is_terminate_favicon(http_request): http_response = self._create_favicon_response(http_request) elif self._is_terminate_request(http_request): self._terminate() http_response = self._create_terminate_response(http_request) else: # Send the request to the core freq = FuzzableRequest.from_http_request(http_request) self.parent_process.plugin.send_fuzzable_request_to_core(freq) # Send the request to the remote webserver http_response = self._send_http_request(http_request, grep=grep) except Exception as e: trace = str(traceback.format_exc()) http_response = self._create_error_response(http_request, None, e, trace=trace) # Useful logging headers = http_response.get_headers() cookie_value, cookie_header = headers.iget('cookie', None) if cookie_value is not None: msg = ('The remote web application sent the following' ' cookie: "%s" through the spider-man proxy.\nw3af will use' ' it during the rest of the scan process in order to' ' maintain the session.') om.out.information(msg % cookie_value) # Send the response (success|error) to the browser http_response = self._to_libmproxy_response(flow.request, http_response) flow.reply(http_response)
def handle_request_in_thread(self, flow): """ This method handles EVERY request that was send by the browser, we receive the request and: * Check if it's a request to indicate we should finish, if not * Parse it and send to the core :param flow: A libmproxy flow containing the request """ http_request = self._to_w3af_request(flow.request) uri = http_request.get_uri() msg = '[spider_man] Handling request: %s %s' om.out.debug(msg % (http_request.get_method(), uri)) if uri.get_domain() == self.parent_process.target_domain: grep = True else: grep = False try: if self._is_terminate_favicon(http_request): http_response = self._create_favicon_response(http_request) elif self._is_terminate_request(http_request): self._terminate() http_response = self._create_terminate_response(http_request) else: # Send the request to the core freq = FuzzableRequest.from_http_request(http_request) self.parent_process.plugin.send_fuzzable_request_to_core(freq) # Send the request to the remote webserver http_response = self._send_http_request(http_request, grep=grep) except Exception, e: trace = str(traceback.format_exc()) http_response = self._create_error_response(http_request, None, e, trace=trace)