def test_mutant_creation(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['a=abc&b=2', 'a=1&b=abc',
'a=def&b=2', 'a=1&b=def']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
token_0 = created_mutants[0].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_0.get_name(), 'a')
self.assertEqual(token_0.get_original_value(), '1')
self.assertEqual(token_0.get_value(), 'abc')
token_2 = created_mutants[1].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_2.get_name(), 'b')
self.assertEqual(token_2.get_original_value(), '2')
self.assertEqual(token_2.get_value(), 'abc')
self.assertTrue(all(isinstance(m, Mutant) for m in created_mutants))
self.assertTrue(all(m.get_mutant_class() == 'FakeMutant' for m in created_mutants))
def test_mutant_creation_repeated_params(self):
qs = QueryString([('a', ['1', '2']), ('b', ['3'])])
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['a=abc&a=2&b=3',
'a=1&a=abc&b=3',
'a=1&a=2&b=abc',
'a=def&a=2&b=3',
'a=1&a=def&b=3',
'a=1&a=2&b=def']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
token_0 = created_mutants[0].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_0.get_name(), 'a')
self.assertEqual(token_0.get_original_value(), '1')
self.assertEqual(token_0.get_value(), 'abc')
token_1 = created_mutants[1].get_token()
self.assertIsInstance(token_1, DataToken)
self.assertEqual(token_1.get_name(), 'a')
self.assertEqual(token_1.get_original_value(), '2')
self.assertEqual(token_1.get_value(), 'abc')
def test_mutant_creation_repeated_params(self):
qs = QueryString([('a', ['1', '2']), ('b', ['3'])])
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['a=abc&a=2&b=3',
'a=1&a=abc&b=3',
'a=1&a=2&b=abc',
'a=def&a=2&b=3',
'a=1&a=def&b=3',
'a=1&a=2&b=def']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
token_0 = created_mutants[0].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_0.get_name(), 'a')
self.assertEqual(token_0.get_original_value(), '1')
self.assertEqual(token_0.get_value(), 'abc')
token_1 = created_mutants[1].get_token()
self.assertIsInstance(token_1, DataToken)
self.assertEqual(token_1.get_name(), 'a')
self.assertEqual(token_1.get_original_value(), '2')
self.assertEqual(token_1.get_value(), 'abc')
def test_mutant_creation(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['a=abc&b=2', 'a=1&b=abc',
'a=def&b=2', 'a=1&b=def']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
token_0 = created_mutants[0].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_0.get_name(), 'a')
self.assertEqual(token_0.get_original_value(), '1')
self.assertEqual(token_0.get_value(), 'abc')
token_2 = created_mutants[1].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_2.get_name(), 'b')
self.assertEqual(token_2.get_original_value(), '2')
self.assertEqual(token_2.get_value(), 'abc')
self.assertTrue(all(isinstance(m, Mutant) for m in created_mutants))
self.assertTrue(all(m.get_mutant_class() == 'FakeMutant' for m in created_mutants))
def test_find_csrf_token_true_simple(self):
url = URL('http://moth/w3af/audit/csrf/')
query_string = parse_qs('secret=f842eb01b87a8ee18868d3bf80a558f3')
freq = FuzzableRequest(url, method='GET')
freq.set_querystring(query_string)
token = self.csrf_plugin._find_csrf_token(freq)
self.assertIn('secret', token)
def test_find_csrf_token_false(self):
url = URL('http://moth/w3af/audit/csrf/')
query_string = parse_qs('secret=not a token')
freq = FuzzableRequest(url, method='GET')
freq.set_querystring(query_string)
token = self.csrf_plugin._find_csrf_token(freq)
self.assertIn('secret', token)
def test_find_csrf_token_false(self):
url = URL('http://moth/w3af/audit/csrf/')
query_string = parse_qs('secret=not a token')
freq = FuzzableRequest(url, method='GET')
freq.set_querystring(query_string)
token = self.csrf_plugin._find_csrf_token(freq)
self.assertNotIn('secret', token)
def test_find_csrf_token_true_simple(self):
url = URL('http://moth/w3af/audit/csrf/')
query_string = parse_qs('secret=f842eb01b87a8ee18868d3bf80a558f3')
freq = FuzzableRequest(url, method='GET')
freq.set_querystring(query_string)
token = self.csrf_plugin._find_csrf_token(freq)
self.assertIn('secret', token)
def test_mutant_creation_empty_dc(self):
qs = QueryString()
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dc_lst = []
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_creation_empty_dc(self):
qs = QueryString()
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dc_lst = []
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_creation_ignore_params(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, ['a'],
False, self.fuzzer_config)
expected_dcs = ['a=abc&b=2', 'a=def&b=2']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEqual(expected_dcs, created_dcs)
def test_mutant_creation_ignore_params(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, ['a'],
False, self.fuzzer_config)
expected_dcs = ['a=abc&b=2', 'a=def&b=2']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEqual(expected_dcs, created_dcs)
def test_mutant_copy(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
mutant = FakeMutant(freq)
mutant.set_token(('a', 0))
mutant_copy = mutant.copy()
self.assertEqual(mutant, mutant_copy)
self.assertEqual(mutant.get_token(), mutant_copy.get_token())
self.assertIsNot(None, mutant_copy.get_token())
def test_mutant_copy(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
mutant = FakeMutant(freq)
mutant.set_token(('a', 0))
mutant_copy = mutant.copy()
self.assertEqual(mutant, mutant_copy)
self.assertEqual(mutant.get_token(), mutant_copy.get_token())
self.assertIsNot(None, mutant_copy.get_token())
def test_mutant_creation_append(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
True, self.fuzzer_config)
expected_dcs = ['a=1abc&b=2', 'a=1&b=2abc',
'a=1def&b=2', 'a=1&b=2def', ]
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
def test_mutant_creation_append(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
True, self.fuzzer_config)
expected_dcs = ['a=1abc&b=2', 'a=1&b=2abc',
'a=1def&b=2', 'a=1&b=2def',]
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
def test_mutant_generic_methods(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
mutant = created_mutants[0]
self.assertEqual(repr(mutant),
'<mutant-generic | GET | http://moth/?a=abc&b=2 >')
self.assertNotEqual(id(mutant.copy()), id(mutant))
self.assertRaises(ValueError, mutant.get_original_response_body)
body = 'abcdef123'
mutant.set_original_response_body(body)
self.assertEqual(mutant.get_original_response_body(), body)
def test_mutant_generic_methods(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
mutant = created_mutants[0]
self.assertEqual(repr(mutant),
'<mutant-generic | GET | http://moth/?a=abc&b=2 >')
self.assertNotEqual(id(mutant.copy()), id(mutant))
self.assertRaises(ValueError, mutant.get_original_response_body)
body = 'abcdef123'
mutant.set_original_response_body(body)
self.assertEqual(mutant.get_original_response_body(), body)
