def get_fuzzable_request(self,
discover_fuzzable_headers=False,
discover_fuzzable_url_parts=False):
"""
Creates a fuzzable request by querying different parts of the spec
parameters, operation, etc.
:param discover_fuzzable_headers: If it's set to true,
then all fuzzable headers will be added to the fuzzable request.
:param discover_fuzzable_url_parts: If it's set to true,
then all fuzzable url parts will be added to the fuzzable request.
:return: A fuzzable request.
"""
method = self.get_method()
uri = self.get_uri()
headers = self.get_headers()
data_container = self.get_data_container(headers)
fuzzable_request = FuzzableRequest(uri,
headers=headers,
post_data=data_container,
method=method)
if discover_fuzzable_headers:
fuzzable_request.set_force_fuzzing_headers(
self._get_parameter_headers())
if discover_fuzzable_url_parts:
fuzzable_request.set_force_fuzzing_url_parts(self._get_url_parts())
return fuzzable_request
def test_force_fuzzing_headers(self):
fr = FuzzableRequest(URL('http://www.w3af.com/'),
headers=Headers([('Host', 'www.w3af.com')]))
self.assertEquals(fr.get_force_fuzzing_headers(), [])
with self.assertRaises(TypeError):
fr.set_force_fuzzing_headers(None)
with self.assertRaises(TypeError):
fr.set_force_fuzzing_headers(1)
fr.set_force_fuzzing_headers([
'X-Foo-Header', 'X-Bar-Header', 'X-Awesome-Header', 'X-Bar-Header'
])
force_fuzzing_headers = fr.get_force_fuzzing_headers()
self.assertEquals(len(force_fuzzing_headers), 3)
self.assertIn('X-Foo-Header', force_fuzzing_headers)
self.assertIn('X-Bar-Header', force_fuzzing_headers)
self.assertIn('X-Awesome-Header', force_fuzzing_headers)
modified_force_fuzzing_headers = fr.get_force_fuzzing_headers()
modified_force_fuzzing_headers.append('X-Another-Header')
force_fuzzing_headers = fr.get_force_fuzzing_headers()
self.assertEquals(len(force_fuzzing_headers), 3)
self.assertNotIn('X-Another-Header', force_fuzzing_headers)
fr.set_force_fuzzing_headers(tuple())
self.assertEquals(fr.get_force_fuzzing_headers(), [])
def get_fuzzable_request(self, discover_fuzzable_headers=False):
"""
Creates a fuzzable request by querying different parts of the spec
parameters, operation, etc.
:param discover_fuzzable_headers: If it's set to true,
then all fuzzable headers will be added to the fuzzable request.
:return: A fuzzable request.
"""
method = self.get_method()
uri = self.get_uri()
headers = self.get_headers()
data_container = self.get_data_container(headers)
fuzzable_request = FuzzableRequest(uri,
headers=headers,
post_data=data_container,
method=method)
if discover_fuzzable_headers:
fuzzable_request.set_force_fuzzing_headers(self._get_parameter_headers())
return fuzzable_request
