本文整理汇总了Python中w3af.core.data.dc.headers.Headers.get方法的典型用法代码示例。如果您正苦于以下问题:Python Headers.get方法的具体用法?Python Headers.get怎么用?Python Headers.get使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.dc.headers.Headers
的用法示例。
在下文中一共展示了Headers.get方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: FuzzableRequest
# 需要导入模块: from w3af.core.data.dc.headers import Headers [as 别名]
# 或者: from w3af.core.data.dc.headers.Headers import get [as 别名]
class FuzzableRequest(RequestMixIn, DiskItem):
"""
This class represents a fuzzable request. Fuzzable requests were created
to allow w3af plugins to be much simpler and don't really care if the
vulnerability is in the postdata, querystring, header, cookie or any other
variable.
Other classes should inherit from this one and change the behaviour of
get_uri() and get_data(). For example: the class HTTPQSRequest should return
the _dc in the querystring (get_uri) and HTTPPostDataRequest should return
the _dc in the POSTDATA (get_data()).
:author: Andres Riancho ([email protected])
"""
def __init__(self, uri, method='GET',
headers=None, cookie=None, dc=None):
super(FuzzableRequest, self).__init__()
# Internal variables
self._dc = dc or DataContainer()
self._method = method
self._headers = Headers(headers or ())
self._cookie = cookie or Cookie()
self._data = None
self.set_uri(uri)
# Set the internal variables
self._sent_info_comp = None
def export(self):
"""
Generic version of how they are exported:
METHOD,URL,DC
Example:
GET,http://localhost/index.php?abc=123&def=789,
POST,http://localhost/index.php,abc=123&def=789
:return: a csv str representation of the request
"""
#
# FIXME: What if a comma is inside the URL or DC?
# TODO: Why don't we export headers and cookies?
#
meth = self._method
str_res = [meth, ',', str(self._url)]
if meth == 'GET':
if self._dc:
str_res.extend(('?', str(self._dc)))
str_res.append(',')
else:
str_res.append(',')
if self._dc:
str_res.append(str(self._dc))
return ''.join(str_res)
def sent(self, smth_instng):
"""
Checks if something similar to `smth_instng` was sent in the request.
This is used to remove false positives, e.g. if a grep plugin finds a "strange"
string and wants to be sure it was not generated by an audit plugin.
This method should only be used by grep plugins which often have false
positives.
The following example shows that we sent d'z"0 but d\'z"0 will
as well be recognised as sent
TODO: This function is called MANY times, and under some circumstances it's
performance REALLY matters. We need to review this function.
>>> f = FuzzableRequest(URL('''http://example.com/a?p=d'z"0&paged=2'''))
>>> f.sent('d%5C%27z%5C%220')
True
>>> f._data = 'p=<SCrIPT>alert("bsMs")</SCrIPT>'
>>> f.sent('<SCrIPT>alert(\"bsMs\")</SCrIPT>')
True
>>> f = FuzzableRequest(URL('http://example.com/?p=<ScRIPT>a=/PlaO/%0Afake_alert(a.source)</SCRiPT>'))
>>> f.sent('<ScRIPT>a=/PlaO/fake_alert(a.source)</SCRiPT>')
True
:param smth_instng: The string
:return: True if something similar was sent
"""
def make_comp(heterogen_string):
"""
This basically removes characters that are hard to compare
"""
heterogen_characters = ('\\', '\'', '"', '+', ' ', chr(0),
chr(int("0D", 16)), chr(int("0A", 16)))
#heterogen_characters.extend(string.whitespace)
for hetero_char in heterogen_characters:
heterogen_string = heterogen_string.replace(hetero_char, '')
return heterogen_string
#.........这里部分代码省略.........