本文整理汇总了Python中w3af.core.data.url.extended_urllib.ExtendedUrllib.send_mutant方法的典型用法代码示例。如果您正苦于以下问题:Python ExtendedUrllib.send_mutant方法的具体用法?Python ExtendedUrllib.send_mutant怎么用?Python ExtendedUrllib.send_mutant使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.url.extended_urllib.ExtendedUrllib的用法示例。
在下文中一共展示了ExtendedUrllib.send_mutant方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_delay_controlled_random
# 需要导入模块: from w3af.core.data.url.extended_urllib import ExtendedUrllib [as 别名]
# 或者: from w3af.core.data.url.extended_urllib.ExtendedUrllib import send_mutant [as 别名]
def test_delay_controlled_random(self):
for expected_result, delays in self.TEST_SUITE:
urllib = ExtendedUrllib()
side_effect = generate_delays(delays, rand_range=(0, 2))
urllib.send_mutant = MagicMock(side_effect=side_effect)
delay_obj = ExactDelay('sleep(%s)')
url = URL('http://moth/?id=1')
req = FuzzableRequest(url)
mutant = QSMutant(req)
mutant.set_dc(url.querystring)
mutant.set_token(('id', 0))
ed = ExactDelayController(mutant, delay_obj, urllib)
controlled, responses = ed.delay_is_controlled()
# This is where we change from test_delay_controlled, the basic
# idea is that we'll allow false negatives but no false positives
if expected_result:
expected_result = [True, False]
else:
expected_result = [False]
self.assertIn(controlled, expected_result, delays)示例2: test_delay_controlled
# 需要导入模块: from w3af.core.data.url.extended_urllib import ExtendedUrllib [as 别名]
# 或者: from w3af.core.data.url.extended_urllib.ExtendedUrllib import send_mutant [as 别名]
def test_delay_controlled(self):
for expected_result, delays in self.TEST_SUITE:
urllib = ExtendedUrllib()
side_effect = generate_delays(delays)
urllib.send_mutant = MagicMock(side_effect=side_effect)
delay_obj = ExactDelay('sleep(%s)')
url = URL('http://moth/?id=1')
req = FuzzableRequest(url)
mutant = QSMutant(req)
mutant.set_dc(url.querystring)
mutant.set_token(('id', 0))
ed = ExactDelayController(mutant, delay_obj, urllib)
controlled, responses = ed.delay_is_controlled()
self.assertEqual(expected_result, controlled, delays)示例3: TestMultipartPostUpload
# 需要导入模块: from w3af.core.data.url.extended_urllib import ExtendedUrllib [as 别名]
# 或者: from w3af.core.data.url.extended_urllib.ExtendedUrllib import send_mutant [as 别名]
class TestMultipartPostUpload(unittest.TestCase):
"""
In the new architecture I've been working on, the HTTP requests are almost
completely created by serializing two objects:
* FuzzableRequest
* DataContainer (stored in FuzzableRequest._post_data)
There is a special DataContainer sub-class for MultipartPost file uploads
called MultipartContainer, which holds variables and files and when
serialized will be encoded as multipart.
These test cases try to make sure that the file upload feature works by
sending a POST request with a MultipartContainer to moth.
"""
MOTH_FILE_UP_URL = URL(get_moth_http('/core/file_upload/upload.py'))
def setUp(self):
self.opener = ExtendedUrllib()
def tearDown(self):
self.opener.end()
def test_multipart_without_file(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'uploadedfile')])
form_params['uploadedfile'][0] = 'this is not a file'
form_params.add_field_by_attr_items([('name', 'MAX_FILE_SIZE'),
('type', 'hidden'),
('value', '10000')])
mpc = MultipartContainer(form_params)
resp = self.opener.POST(self.MOTH_FILE_UP_URL, data=str(mpc),
headers=Headers(mpc.get_headers()))
self.assertNotIn('was successfully uploaded', resp.get_body())
def test_file_upload(self):
temp = tempfile.mkstemp(suffix=".tmp")
os.write(temp[0], 'file content')
_file = open(temp[1], "rb")
self.upload_file(_file)
def test_stringio_upload(self):
_file = NamedStringIO('file content', name='test.txt')
self.upload_file(_file)
def upload_file(self, _file):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'uploadedfile')])
form_params.add_field_by_attr_items([('name', 'MAX_FILE_SIZE'),
('type', 'hidden'),
('value', '10000')])
mpc = MultipartContainer(form_params)
mpc['uploadedfile'][0] = _file
resp = self.opener.POST(self.MOTH_FILE_UP_URL, data=str(mpc),
headers=Headers(mpc.get_headers()))
self.assertIn('was successfully uploaded', resp.get_body())
def test_upload_file_using_fuzzable_request(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'uploadedfile')])
form_params['uploadedfile'][0] = NamedStringIO('file content', name='test.txt')
form_params.add_field_by_attr_items([('name', 'MAX_FILE_SIZE'),
('type', 'hidden'),
('value', '10000')])
mpc = MultipartContainer(form_params)
freq = FuzzableRequest(self.MOTH_FILE_UP_URL, post_data=mpc,
method='POST')
resp = self.opener.send_mutant(freq)
self.assertIn('was successfully uploaded', resp.get_body())示例4: TestCSRF
# 需要导入模块: from w3af.core.data.url.extended_urllib import ExtendedUrllib [as 别名]
# 或者: from w3af.core.data.url.extended_urllib.ExtendedUrllib import send_mutant [as 别名]
#.........这里部分代码省略.........
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False, no items in post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='POST', post_data=URLEncodedForm())
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# True, items in DC, POST (passes strict mode) and cookies
url = URL('http://moth/')
form_params = FormParameters()
form_params.add_input([('name', 'test'), ('type', 'text')])
form = URLEncodedForm(form_params)
req = FuzzableRequest(url, method='POST', post_data=form)
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
self.csrf_plugin._strict_mode = False
# True now that we have strict mode off, cookies and QS
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
@attr('ci_fails')
def test_is_origin_checked_true_case01(self):
url = URL('http://moth/w3af/audit/csrf/referer/buy.php?shares=123')
headers = Headers([('Referer', 'http://moth/w3af/audit/csrf/referer/')])
freq = FuzzableRequest(url, method='GET', headers=headers)
orig_response = self.uri_opener.send_mutant(freq)
origin_checked = self.csrf_plugin._is_origin_checked(freq, orig_response)
self.assertTrue(origin_checked)
@attr('ci_fails')
def test_is_origin_checked_true_case02(self):
url = URL('http://moth/w3af/audit/csrf/referer-rnd/buy.php?shares=123')
headers = Headers([('Referer', 'http://moth/w3af/audit/csrf/referer-rnd/')])
freq = FuzzableRequest(url, method='GET', headers=headers)
orig_response = self.uri_opener.send_mutant(freq)
origin_checked = self.csrf_plugin._is_origin_checked(freq, orig_response)
self.assertTrue(origin_checked)
@attr('ci_fails')
def test_is_origin_checked_false(self):
url = URL('http://moth/w3af/audit/csrf/vulnerable/buy.php?shares=123')
headers = Headers([('Referer', 'http://moth/w3af/audit/csrf/referer-rnd/')])
freq = FuzzableRequest(url, method='GET', headers=headers)
orig_response = self.uri_opener.send_mutant(freq)
origin_checked = self.csrf_plugin._is_origin_checked(freq, orig_response)
self.assertFalse(origin_checked)
def test_is_csrf_token_true_case01(self):
self.csrf_plugin.is_csrf_token('token', 'f842eb01b87a8ee18868d3bf80a558f3')
def test_is_csrf_token_true_case02(self):
self.csrf_plugin.is_csrf_token('secret', 'f842eb01b87a8ee18868d3bf80a558f3')
示例5: TestCSRF
# 需要导入模块: from w3af.core.data.url.extended_urllib import ExtendedUrllib [as 别名]
# 或者: from w3af.core.data.url.extended_urllib.ExtendedUrllib import send_mutant [as 别名]
#.........这里部分代码省略.........
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False, no items in post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='POST', post_data=URLEncodedForm())
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# True, items in DC, POST (passes strict mode) and cookies
url = URL('http://moth/')
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'test'), ('type', 'text')])
form = URLEncodedForm(form_params)
req = FuzzableRequest(url, method='POST', post_data=form)
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
self.csrf_plugin._strict_mode = False
# True now that we have strict mode off, cookies and QS
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
@attr('ci_fails')
def test_is_origin_checked_true_case01(self):
url = URL('http://moth/w3af/audit/csrf/referer/buy.php?shares=123')
headers = Headers([('Referer', 'http://moth/w3af/audit/csrf/referer/')])
freq = FuzzableRequest(url, method='GET', headers=headers)
orig_response = self.uri_opener.send_mutant(freq)
origin_checked = self.csrf_plugin._is_origin_checked(freq, orig_response, None)
self.assertTrue(origin_checked)
@attr('ci_fails')
def test_is_origin_checked_true_case02(self):
url = URL('http://moth/w3af/audit/csrf/referer-rnd/buy.php?shares=123')
headers = Headers([('Referer', 'http://moth/w3af/audit/csrf/referer-rnd/')])
freq = FuzzableRequest(url, method='GET', headers=headers)
orig_response = self.uri_opener.send_mutant(freq)
origin_checked = self.csrf_plugin._is_origin_checked(freq, orig_response, None)
self.assertTrue(origin_checked)
@attr('ci_fails')
def test_is_origin_checked_false(self):
url = URL('http://moth/w3af/audit/csrf/vulnerable/buy.php?shares=123')
headers = Headers([('Referer', 'http://moth/w3af/audit/csrf/referer-rnd/')])
freq = FuzzableRequest(url, method='GET', headers=headers)
orig_response = self.uri_opener.send_mutant(freq)
origin_checked = self.csrf_plugin._is_origin_checked(freq, orig_response, None)
self.assertFalse(origin_checked)
@attr('ci_fails')
def test_is_token_checked_true(self):
generator = URL('http://moth/w3af/audit/csrf/secure-replay-allowed/')
http_response = self.uri_opener.GET(generator)
# Please note that this freq holds a fresh/valid CSRF token