当前位置: 首页>>代码示例>>Python>>正文


Python Analyzer.handle_response方法代码示例

本文整理汇总了Python中Analyzer.Analyzer.handle_response方法的典型用法代码示例。如果您正苦于以下问题:Python Analyzer.handle_response方法的具体用法?Python Analyzer.handle_response怎么用?Python Analyzer.handle_response使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Analyzer.Analyzer的用法示例。


在下文中一共展示了Analyzer.handle_response方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: handle_response

# 需要导入模块: from Analyzer import Analyzer [as 别名]
# 或者: from Analyzer.Analyzer import handle_response [as 别名]
 def handle_response(self, flow):
     print "request path is %s " % flow.request.path
     # If it's injectable and it's not the injected request
     requested_site = flow.request.headers["Host"][0]
     if flow.request.scheme.endswith("http") and requested_site.find("www.fundacionsadosky.org.ar") == -1:
         visited_url = base64.b64encode(requested_site + flow.request.path)
         #taken from www.droidsec.org/tests/addjsif/
         script = '''vulnerable=[];for(i in top){el=top[i];if(el==null){continue};if(typeof(el)==='function'){continue}try{top[i].getClass().forName('java.lang.Runtime');vulnerable.push(i)}catch(e){}}if(vulnerable.length>0){var request=new XMLHttpRequest();request.open("GET","http://www.fundacionsadosky.org.ar/?vulnerable_javascript_injection=true&interface="+vulnerable.join()+"&url=''' + visited_url + '''",true);request.onreadystatechange=function(){};request.send()}'''
         content_type = flow.response.headers.get("Content-Type")
         if not content_type:
            content_type = flow.response.headers.get("Content-type")
         if content_type and "text/html" in content_type[0]:
             with decoded(flow.response):  # automatically decode gzipped responses.
                 if flow.response.content:
                     try:
                         response = flow.response.content
                         print "Response is "+response
                         root = lxml.html.fromstring(response)
                         if root.find('.//*') is not None:
                             print  "TRIED MODIFYING /html " + requested_site+ flow.request.path
                             # is HTML, use lxml to insert to head, body or script
                             append_in = root.find('.//head')
                             if append_in is None:
                                 append_in = root.find('.//body')
                             elif append_in is None:
                                 append_in = root.find('.//script').getparent()
                             else:
                                 append_in = root
                             script = lxml.html.fromstring('<script>' + script + '</script>')
                             if append_in is not None:
                                 append_in.append(script)
                                 flow.response.content = lxml.html.tostring(root)
                     except:
                         print "There was a problem parsing the html response, skip it"
                         # mimetype may be application/javascript or text/javascript
         elif content_type and "javascript" in content_type[0]:
             with decoded(flow.response):  # automatically decode gzipped responses.
                 print  "TRIED MODIFYING /javascript " + requested_site + flow.request.path
                 # is searching for library .JS (both cases sensitive) or JQUERY
                 flow.response.content = script.encode("utf-8") + flow.response.content
     Analyzer.handle_response(self,flow)
开发者ID:bigfool,项目名称:Marvin-dynamic-Analyzer,代码行数:43,代码来源:JavascriptInterfaceAnalyzer.py


注:本文中的Analyzer.Analyzer.handle_response方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。