本文整理汇总了Python中w3af.core.data.parsers.utils.form_params.FormParameters.add_field_by_attr_items方法的典型用法代码示例。如果您正苦于以下问题:Python FormParameters.add_field_by_attr_items方法的具体用法?Python FormParameters.add_field_by_attr_items怎么用?Python FormParameters.add_field_by_attr_items使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.parsers.utils.form_params.FormParameters的用法示例。
在下文中一共展示了FormParameters.add_field_by_attr_items方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_multipart_post
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_multipart_post(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = 'multipart/form-data; boundary=%s'
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
fr = FuzzableRequest.from_parts(self.url, headers=headers,
post_data=post_data, method='POST')
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
expected_container = MultipartContainer(form_params)
expected_headers = Headers([('content-type',
multipart_boundary % boundary)])
self.assertEqual(fr.get_url(), self.url)
self.assertEqual(fr.get_headers(), expected_headers)
self.assertIn('multipart/form-data', fr.get_headers()['content-type'])
self.assertEqual(fr.get_method(), 'POST')
self.assertIsInstance(fr.get_raw_data(), MultipartContainer)
self.assertEqual(fr.get_raw_data(), expected_container)示例2: test_mutant_creation_repeated_parameter_name
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_mutant_creation_repeated_parameter_name(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "id"), ("value", "")])
form_params.add_field_by_attr_items([("name", "id"), ("value", "")])
form = URLEncodedForm(form_params)
freq = FuzzableRequest(URL('http://w3af.com/?foo=3'), post_data=form,
method='GET')
created_mutants = PostDataMutant.create_mutants(freq, self.payloads, [],
False,
self.fuzzer_config)
expected_dcs = ['id=def&id=3419',
'id=3419&id=def',
'id=3419&id=abc',
'id=abc&id=3419']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEqual(set(created_dcs), set(expected_dcs))
token = created_mutants[0].get_token()
self.assertEqual(token.get_name(), 'id')
self.assertEqual(token.get_original_value(), '')
token = created_mutants[2].get_token()
self.assertEqual(token.get_name(), 'id')
self.assertEqual(token.get_original_value(), '')
for m in created_mutants:
self.assertIsInstance(m, PostDataMutant)
for m in created_mutants:
self.assertEqual(m.get_method(), 'GET')示例3: create_vuln
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def create_vuln(self):
v = super(FileUploadTemplate, self).create_vuln()
form_params = FormParameters()
for file_var in self.file_vars:
form_params.add_field_by_attr_items([("name", file_var), ("type", "file")])
for token in self.data.iter_tokens():
if token.get_name() in self.file_vars:
continue
form_params.add_field_by_attr_items([("name", token.get_name()),
("type", "text"),
("value", token.get_value())])
mpc = MultipartContainer(form_params)
freq = FuzzableRequest(self.url, method=self.method, post_data=mpc)
mutant = PostDataMutant(freq)
mutant.set_dc(mpc)
mutant.set_token((self.vulnerable_parameter, 0))
# User configured settings
v['file_vars'] = self.file_vars
v['file_dest'] = self.file_dest
v.set_mutant(mutant)
return v示例4: test_sent_post_data
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_sent_post_data(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", """d'z"0""")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form = dc_from_form_params(form_params)
f = FuzzableRequest(URL('http://example.com/'), post_data=form)
self.assertTrue(f.sent('d%5C%27z%5C%220'))示例5: create_simple_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def create_simple_fuzzable_request(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)示例6: create_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def create_fuzzable_request(_id):
url_fmt = 'http://example.com/product/%s'
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.set_action(URL(url_fmt % _id))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)示例7: test_dc_from_form_params_without_files_nor_enctype
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_dc_from_form_params_without_files_nor_enctype(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
urlencode_dc = dc_from_form_params(form_params)
self.assertIsInstance(urlencode_dc, URLEncodedForm)
self.assertEqual(urlencode_dc.get_file_vars(), [])
self.assertEqual(urlencode_dc['a'], ['bcd'])示例8: test_is_suitable
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_is_suitable(self):
# False because no cookie is set and no QS nor post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False because no cookie is set
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
url_sends_cookie = URL(
'http://moth/w3af/core/cookie_handler/set-cookie.php')
self.uri_opener.GET(url_sends_cookie)
# Still false because it doesn't have any QS or POST data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
self.csrf_plugin._strict_mode = True
# Still false because of the strict mode
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False, no items in post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='POST', post_data=URLEncodedForm())
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# True, items in DC, POST (passes strict mode) and cookies
url = URL('http://moth/')
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'test'), ('type', 'text')])
form = URLEncodedForm(form_params)
req = FuzzableRequest(url, method='POST', post_data=form)
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
self.csrf_plugin._strict_mode = False
# True now that we have strict mode off, cookies and QS
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)示例9: test_dc_from_form_params_without_files_with_multipart_enctype
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_dc_from_form_params_without_files_with_multipart_enctype(self):
form_params = FormParameters()
form_params.set_form_encoding('multipart/form-data')
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
mpdc = dc_from_form_params(form_params)
self.assertIsInstance(mpdc, MultipartContainer)
self.assertEqual(mpdc.get_file_vars(), [])
self.assertEqual(mpdc['a'], ['bcd'])示例10: upload_file
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def upload_file(self, _file):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'uploadedfile')])
form_params.add_field_by_attr_items([('name', 'MAX_FILE_SIZE'),
('type', 'hidden'),
('value', '10000')])
mpc = MultipartContainer(form_params)
mpc['uploadedfile'][0] = _file
resp = self.opener.POST(self.MOTH_FILE_UP_URL, data=str(mpc),
headers=Headers(mpc.get_headers()))
self.assertIn('was successfully uploaded', resp.get_body())示例11: test_clean_form_fuzzable_request_form
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_clean_form_fuzzable_request_form(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected = u'(POST)-http://example.com/' \
u'?id=number!username=string&address=string'
self.assertEqual(clean_fuzzable_request(fr), expected)示例12: test_found_at
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_found_at(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form = URLEncodedForm(form_params)
freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'), post_data=form,
method='PUT')
m = PostDataMutant(freq)
m.get_dc().set_token(('username', 0))
expected = '"http://www.w3af.com/?id=3", using HTTP method PUT. '\
'The sent post-data was: "username=&address=" '\
'which modifies the "username" parameter.'
self.assertEqual(m.found_at(), expected)示例13: test_from_form_POST
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_from_form_POST(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
self.assertIs(fr.get_uri(), form.get_action())
self.assertIs(fr.get_raw_data(), form)
self.assertEqual(fr.get_method(), 'POST')
self.assertEqual(fr.get_uri().querystring, QueryString([('id', ['1'])]))示例14: test_dc_from_form_params_with_files
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_dc_from_form_params_with_files(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'b'),
('type', 'file')])
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
form_params.set_file_name('b', 'hello.txt')
mpdc = dc_from_form_params(form_params)
self.assertIsInstance(mpdc, MultipartContainer)
self.assertEqual(mpdc.get_file_vars(), ['b'])
self.assertEqual(mpdc['a'], ['bcd'])示例15: test_upload_file_using_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_field_by_attr_items [as 别名]
def test_upload_file_using_fuzzable_request(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'uploadedfile')])
form_params['uploadedfile'][0] = NamedStringIO('file content', name='test.txt')
form_params.add_field_by_attr_items([('name', 'MAX_FILE_SIZE'),
('type', 'hidden'),
('value', '10000')])
mpc = MultipartContainer(form_params)
freq = FuzzableRequest(self.MOTH_FILE_UP_URL, post_data=mpc,
method='POST')
resp = self.opener.send_mutant(freq)
self.assertIn('was successfully uploaded', resp.get_body())