本文整理汇总了Python中w3af.core.data.request.fuzzable_request.FuzzableRequest类的典型用法代码示例。如果您正苦于以下问题:Python FuzzableRequest类的具体用法?Python FuzzableRequest怎么用?Python FuzzableRequest使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了FuzzableRequest类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_export_with_dc
def test_export_with_dc(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"))
d = DataContainer()
d['a'] = ['1',]
fr.set_dc(d)
self.assertEqual(fr.export(),
'GET,http://www.w3af.com/?a=1,')
示例2: __init__
def __init__(self, uri, method="POST", headers=Headers(), cookie=None, dc=None):
if dc is not None and not isinstance(dc, Form):
msg = "The dc parameter for forms needs to be a Form instance," "got %s instead." % type(dc)
TypeError(msg)
FuzzableRequest.__init__(self, uri, method, headers, cookie, dc)
示例3: test_audit_plugin_timeout_threads
def test_audit_plugin_timeout_threads(self):
"""
I want to make sure that when stopit kills the real audit function,
the threads which are called from it won't do anything strange.
The plan is to scan something large with httpretty, with delays in the
HTTP responses to simulate a slow network and a low PLUGIN_TIMEOUT to
make the test quicker.
"""
plugin_inst = self.w3afcore.plugins.get_plugin_inst('audit', 'sqli')
url = URL(self.target_url)
freq = FuzzableRequest(url)
orig_response = plugin_inst.get_original_response(freq)
mod = 'w3af.core.controllers.plugins.audit_plugin.%s'
with patch(mod % 'om.out') as om_mock,\
patch(mod % 'AuditPlugin.PLUGIN_TIMEOUT', new_callable=PropertyMock) as timeout_mock:
timeout_mock.return_value = 2
plugin_inst.audit_with_copy(freq, orig_response)
msg = '[timeout] The "%s" plugin took more than %s seconds to'\
' complete the analysis of "%s", killing it!'
error = msg % (plugin_inst.get_name(),
plugin_inst.PLUGIN_TIMEOUT,
freq.get_url())
self.assertIn(call.debug(error), om_mock.mock_calls)
示例4: test_add_QsRequest
def test_add_QsRequest(self):
ds = DiskSet()
uri = URL('http://w3af.org/?id=2')
hdr = Headers([('Referer', 'http://w3af.org/')])
qsr1 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=3')
qsr2 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=7')
qsr3 = FuzzableRequest(uri, method='FOO', headers=hdr)
ds.add(qsr1)
ds.add(qsr2)
ds.add(qsr2)
ds.add(qsr1)
self.assertEqual(ds[0], qsr1)
self.assertEqual(ds[1], qsr2)
self.assertFalse(qsr3 in ds)
self.assertTrue(qsr2 in ds)
self.assertEqual(len(ds), 2)
# This forces an internal change in the URL object
qsr2.get_url().url_string
self.assertIn(qsr2, ds)
示例5: test_variants_true_similar_params
def test_variants_true_similar_params(self):
# change the url by adding a querystring. shouldn't affect anything.
url = self.url.url_join('?a=z')
fr = FuzzableRequest(url, method='GET', dc={'a': ['1'], 'b': ['bb']})
fr_other = FuzzableRequest(
self.url, method='GET', dc={'a': ['2'], 'b': ['cc']})
self.assertTrue(fr.is_variant_of(fr_other))
示例6: test_mutant_creation
def test_mutant_creation(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['a=abc&b=2', 'a=1&b=abc',
'a=def&b=2', 'a=1&b=def']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
token_0 = created_mutants[0].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_0.get_name(), 'a')
self.assertEqual(token_0.get_original_value(), '1')
self.assertEqual(token_0.get_value(), 'abc')
token_2 = created_mutants[1].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_2.get_name(), 'b')
self.assertEqual(token_2.get_original_value(), '2')
self.assertEqual(token_2.get_value(), 'abc')
self.assertTrue(all(isinstance(m, Mutant) for m in created_mutants))
self.assertTrue(all(m.get_mutant_class() == 'FakeMutant' for m in created_mutants))
示例7: test_mutant_creation_repeated_params
def test_mutant_creation_repeated_params(self):
qs = QueryString([('a', ['1', '2']), ('b', ['3'])])
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['a=abc&a=2&b=3',
'a=1&a=abc&b=3',
'a=1&a=2&b=abc',
'a=def&a=2&b=3',
'a=1&a=def&b=3',
'a=1&a=2&b=def']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEquals(expected_dcs, created_dcs)
token_0 = created_mutants[0].get_token()
self.assertIsInstance(token_0, DataToken)
self.assertEqual(token_0.get_name(), 'a')
self.assertEqual(token_0.get_original_value(), '1')
self.assertEqual(token_0.get_value(), 'abc')
token_1 = created_mutants[1].get_token()
self.assertIsInstance(token_1, DataToken)
self.assertEqual(token_1.get_name(), 'a')
self.assertEqual(token_1.get_original_value(), '2')
self.assertEqual(token_1.get_value(), 'abc')
示例8: test_find_csrf_token_false
def test_find_csrf_token_false(self):
url = URL('http://moth/w3af/audit/csrf/')
query_string = parse_qs('secret=not a token')
freq = FuzzableRequest(url, method='GET')
freq.set_querystring(query_string)
token = self.csrf_plugin._find_csrf_token(freq)
self.assertNotIn('secret', token)
示例9: test_find_csrf_token_true_simple
def test_find_csrf_token_true_simple(self):
url = URL('http://moth/w3af/audit/csrf/')
query_string = parse_qs('secret=f842eb01b87a8ee18868d3bf80a558f3')
freq = FuzzableRequest(url, method='GET')
freq.set_querystring(query_string)
token = self.csrf_plugin._find_csrf_token(freq)
self.assertIn('secret', token)
示例10: test_export_import_with_post_data
def test_export_import_with_post_data(self):
dc = KeyValueContainer(init_val=[('a', ['1'])])
fr = FuzzableRequest(URL("http://www.w3af.com/"), post_data=dc)
self.assertEqual(fr.to_csv(), '"GET","http://www.w3af.com/","a=1"')
raise SkipTest('Failing because we do NOT export headers')
imported_fr = fr.from_csv(fr.to_csv())
self.assertEqual(imported_fr, fr)
示例11: test_sent_post_data
def test_sent_post_data(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", """d'z"0""")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form = dc_from_form_params(form_params)
f = FuzzableRequest(URL('http://example.com/'), post_data=form)
self.assertTrue(f.sent('d%5C%27z%5C%220'))
示例12: test_mutant_creation_ignore_params
def test_mutant_creation_ignore_params(self):
qs = QueryString(self.SIMPLE_KV)
freq = FuzzableRequest(self.url)
freq.set_querystring(qs)
created_mutants = FakeMutant.create_mutants(freq, self.payloads, ['a'],
False, self.fuzzer_config)
expected_dcs = ['a=abc&b=2', 'a=def&b=2']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEqual(expected_dcs, created_dcs)
示例13: test_dump_case02
def test_dump_case02(self):
expected = u'\r\n'.join([u'GET http://w3af.com/a/b/c.php HTTP/1.1',
u'Hola: Múndo',
u'',
u''])
headers = Headers([(u'Hola', u'Múndo')])
#TODO: Note that I'm passing a dc to the FuzzableRequest and it's not
# appearing in the dump. It might be a bug...
fr = FuzzableRequest(self.url, method='GET', dc={u'á': ['b']},
headers=headers)
self.assertEqual(fr.dump(), expected)
示例14: test_dump_case01
def test_dump_case01(self):
expected = '\r\n'.join(['GET http://w3af.com/a/b/c.php HTTP/1.1',
'Hello: World',
'',
''])
headers = Headers([('Hello', 'World')])
#TODO: Note that I'm passing a dc to the FuzzableRequest and it's not
# appearing in the dump. It might be a bug...
fr = FuzzableRequest(self.url, method='GET', dc={'a': ['b']},
headers=headers)
self.assertEqual(fr.dump(), expected)
示例15: test_dump_case02
def test_dump_case02(self):
expected = u'\r\n'.join([u'GET http://w3af.com/a/b/c.php HTTP/1.1',
u'Hola: Múndo',
u'',
u'a=b'])
headers = Headers([(u'Hola', u'Múndo')])
post_data = KeyValueContainer(init_val=[('a', ['b'])])
fr = FuzzableRequest(self.url, method='GET', post_data=post_data,
headers=headers)
self.assertEqual(fr.dump(), expected.encode('utf-8'))