本文整理汇总了Python中glastopf.modules.handlers.request_handler.RequestHandler类的典型用法代码示例。如果您正苦于以下问题:Python RequestHandler类的具体用法?Python RequestHandler怎么用?Python RequestHandler使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了RequestHandler类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_unknown_emulator
def test_unknown_emulator(self):
"""Objective: Emulator testing for non-malicious requests.
Input: http://localhost:8080/
Expected Result: One of the generated attack surfaces.
Notes:"""
os.mkdir(os.path.join(self.data_dir, 'dork_pages'))
tmp_file = os.path.join(self.data_dir, 'dork_pages', format(str(uuid.uuid4())))
with open(tmp_file, 'w+') as f:
f.write("tmpfile")
print "Starting 'unknown' request emulation module"
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.url = "/"
self.event.matched_pattern = "unknown"
self.event.response = ""
self.event.source_addr = ("127.0.0.1", "8080")
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
print "Sending request:", "http://localhost:8080/"
emulator.handle(self.event)
remote_hash = hashlib.md5(self.event.response).hexdigest()
local_hash = hashlib.md5(emulator.template).hexdigest()
print "Hash of the local 'response' file:", local_hash
self.assertEqual(remote_hash, local_hash)
print "Return value:", remote_hash
print "matched a generated attack surface item."
示例2: test_unknown_emulator
def test_unknown_emulator(self):
"""Objective: Emulator testing for non-malicious requests.
Input: http://localhost:8080/
Expected Result: One of the generated attack surfaces.
Notes:"""
tmp_file = os.path.join(self.data_dir, 'dork_pages', format(str(uuid.uuid4())))
with open(tmp_file, 'w+') as f:
f.write("tmpfile")
print "Starting 'unknown' request emulation module"
event = attack.AttackEvent()
event.http_request = HTTPHandler('', None)
event.matched_pattern = "unknown"
event.http_request.path = "/"
event.source_ip = "127.0.0.1"
event.source_port = "8080"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
print "Sending request:", "http://localhost:8080/"
emulator.handle(event)
remote_hash = hashlib.md5(event.http_request.get_response_body()).hexdigest()
local_hash = hashlib.md5(emulator.template).hexdigest()
print "Hash of the local 'response' file:", local_hash
self.assertEqual(remote_hash, local_hash)
print "Return value:", remote_hash
print "matched a generated attack surface item."
示例3: test_sqli_xss
def test_sqli_xss(self):
"""Objective: Injecting JavaScript.
Input: '<script>alert("XSS");</script>'
Expected Results: MySQL syntax error message containing '<script>alert("XSS");</script>'
Notes: The query and identifying string is included in the error message."""
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self.event.http_request.request_query = {"q": ['<script>alert("XSS");</script>']}
self._get_test_request(self.event)
emulator.handle(self.event)
self.assertTrue('<script>alert("XSS");</script>' in self.event.http_request.get_response())
示例4: test_sqli_lexer
def test_sqli_lexer(self):
"""Objective: Tests the SQL injection lexer.
Input: 'SELECT A FROM B'
Expected Results:
Notes:
"""
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self._get_test_request(self.event)
emulator.handle(self.event)
self.assertEqual(emulator.ret["fingerprint"], "Enkn")
示例5: test_sqli_select_user
def test_sqli_select_user(self):
"""Objective: A query with the goal to disclosure the current user.
Input: SELECT user().
Expected Results: Current SQL user name.
Notes: This query is MySQL specific."""
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self.event.http_request.request_query = {"q": ["SELECT user()"]}
self._get_test_request(self.event)
emulator.handle(self.event)
response = "[email protected]"
self.assertEqual(self.event.http_request.get_response().strip(), response)
示例6: test_sqli_emulator
def test_sqli_emulator(self):
"""Objective: Assure that the SQL injection module is integrated.
Input: Inject 'SELECT a FROM b' in parameter q.
Expected Results: MySQL error message.
Notes: As there is no table b, the honeypot returns an error message."""
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self._get_test_request(self.event)
emulator.handle(self.event)
response = "Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your " \
"MySQL server version for the right syntax to use near 'SELECT A FROM B' at line 1"
self.assertEqual(self.event.http_request.get_response(), response)
示例7: test_sqli_mysqld_version
def test_sqli_mysqld_version(self):
"""Objective: A query with the goal to disclose the MySQL server version.
Input: SELECT @@version.
Expected Results: The MySQL server version number.
Notes: The query is MySQL specific."""
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self.event.http_request.request_query = {"q": ["SELECT @@version"]}
self._get_test_request(self.event)
emulator.handle(self.event)
response = "5.1.49-3"
self.assertEqual(self.event.http_request.get_response().strip(), response)
示例8: test_phpinfo_emulator
def test_phpinfo_emulator(self):
"""Objective: Emulator testing for phpinfo.php requests
Input: http://localhost/phpinfo.php
Expected Result: Result of the phpinfo() function
Notes:"""
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.method = 'GET'
self.event.parsed_request.url = "/info.php?param1"
self.event.matched_pattern = "phpinfo"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
emulator.handle(self.event)
self.assertTrue("PHP Version " in self.event.response)
self.assertTrue("Zend Extension" in self.event.response)
示例9: test_phpcgi_source_code_disclosure_emulator
def test_phpcgi_source_code_disclosure_emulator(self):
"""Objective: Emulator testing for PHP CGI source code disclosure CVE-2012-1823
Input: http://localhost:8080/index.php?-s
Expected Result: Source code disclosure
Notes:"""
event = attack.AttackEvent()
event.http_request = HTTPHandler('GET /index.php?-s HTTP/1.0', None)
event.matched_pattern = "php_cgi_rce"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
emulator.handle(event)
self.assertEquals(event.http_request.get_response(), """<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />page </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'page'</span><span style="color: #007700">];<br />include(</span><span style="color: #0000BB">page</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?><br /></span>
</span>""")
示例10: test_dummy_emulator
def test_dummy_emulator(self):
"""Objective: Tests the dummy emulator added to prove extensibility.
Input: http://localhost:8080/
Expected Results: Returns a short message for verification.
Notes: The dummy emulator fulfills minimal emulator requirements."""
print "Starting Dummy emulator module test"
self.event.matched_pattern = "dummy"
print "Loading module"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
print "Trying to handle an event with the dummy module"
emulator.handle(self.event)
self.assertEqual(self.event.response, "dummy response")
print "Return value: '" + self.event.response + "'",
print "equates our expectation."
示例11: test_sqli_error_based
def test_sqli_error_based(self):
"""Objective: A simple query provoking an error message from the database.
Input: Inject a single quotation mark in parameter q.
Expected Results: MySQL syntax error message.
Notes: The query is included in the error message."""
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self.event.http_request.request_query = {"q": ["'"]}
self._get_test_request(self.event)
emulator.handle(self.event)
response = (
"Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your "
"MySQL server version for the right syntax to use near ''' at line 1"
)
self.assertEqual(self.event.http_request.get_response(), response)
示例12: test_phpcgi_source_code_disclosure_emulator
def test_phpcgi_source_code_disclosure_emulator(self):
"""Objective: Emulator testing for PHP CGI source code disclosure CVE-2012-1823
Input: http://localhost:8080/index.php?-s
Expected Result: Source code disclosure
Notes:"""
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.url = "/index.php"
self.event.parsed_request.parameters = "-s"
self.event.matched_pattern = "php_cgi_rce"
self.event.response = ""
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
emulator.handle(self.event)
self.assertEquals(self.event.response, """<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />page </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'page'</span><span style="color: #007700">];<br />include(</span><span style="color: #0000BB">page</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?><br /></span>
</span>""")
示例13: test_phpinfo_emulator
def test_phpinfo_emulator(self):
"""Objective: Emulator testing for phpinfo.php requests
Input: http://localhost/phpinfo.php
Expected Result: Result of the phpinfo() function
Notes:"""
event = attack.AttackEvent()
event.http_request = HTTPHandler('GET /info.php?param1 HTTP/1.0', None)
event.matched_pattern = "phpinfo"
#self.event.http_request.method = 'GET'
#self.event.http_request.url = "/info.php?param1"
event.matched_pattern = "phpinfo"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
emulator.handle(event)
self.assertTrue("PHP Version " in event.http_request.get_response())
self.assertTrue("Zend Extension" in event.http_request.get_response())
示例14: test_phpcgi_rce_emulator
def test_phpcgi_rce_emulator(self):
"""Objective: Emulator testing for PHP CGI remote code execution CVE-2012-1823
Input: http://localhost/-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input POST: <?php echo("rce attempt"); ?>
Expected Result: Remote command execution of a echo command
Notes:"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
os.mkdir(os.path.join(self.data_dir, 'files/'))
request = "POST /index.php?-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input HTTP/1.0\r\n\r\n" \
'<?php echo "testing"; ?>'
event = attack.AttackEvent()
event.http_request = HTTPHandler(request, None)
event.matched_pattern = "php_cgi_rce"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
emulator.handle(event)
print "Return value:", event.http_request.get_response()
self.assertTrue("""testing""" == event.http_request.get_response())
示例15: test_sqli_parser
def test_sqli_parser(self):
"""Objective: Tests the SQL injection parser.
Input: 'SELECT A FROM B'
Expected Results: Parsed tokens (SELECT (SELECT_CORE (COLUMNS (ALIAS (COLUMN_EXPRESSION A))) (FROM (ALIAS B))))
Notes: The Parser turns the tokens into a query"""
print "Starting SQL injection Parser test..."
self.event.matched_pattern = "sqli"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
self._get_test_request(self.event)
print "Sending request:", self.test_request
emulator.handle(self.event)
self.assertEqual(emulator.query_parser.tree,
'(SELECT (SELECT_CORE (COLUMNS (ALIAS (COLUMN_EXPRESSION A))) (FROM (ALIAS B))))')
print "Return value: Parsed tokens:",
print '(SELECT (SELECT_CORE (COLUMNS (ALIAS (COLUMN_EXPRESSION A))) (FROM (ALIAS B))))',
print "equates our expectation."