request_generator is an object tree builder and code generator for raw HTTP requests.
request_generator builds an object tree and generates code from it for specific languages/frameworks like HTML form, jQuery or XHR. The tree is built using an HttpRequest
object.
To use request_generator, make sure to have request_parser installed or present in PYTHONPATH
.
git clone
the repository and copy the library directory request_generator to a location that is present in PYTHONPATH
or copy somewhere and add that location to PYTHONPATH
and use it as follows,
from io import BytesIO
from request_parser.http.request import HttpRequest
from request_generator.html.html_request_builder import RequestBuilder, TargetType
from request_generator.html.jquery.jquery_request_builder import JQueryRequestBuilder
from request_generator.builders import Type
def parse_and_build(requests=None):
# create an array of HttpRequest objects
http_requests = []
for request in requests:
# create an iterable object out of request bytes
request_stream = BytesIO(request)
# create an HttpRequest object for the request
http_request = HttpRequest(request_stream=request_stream)
http_requests.append(http_request)
# parse all the HttpRequest object
for http_request in http_requests:
http_request.parse()
# build an HTML request builder
html_builder = HtmlRequestBuilder(requests=http_requests)
# build object tree for from-based request and target as iframe with auto submit to true
html_builder.build(type=Type.form_request, target_type=TargetType.iframe, auto_submit=auto_submit)
# generate code
html_code = html_builder.generate()
# build a jQuery request builder
jquery_builder = HtmlRequestBuilder(requests=http_requests)
# build object tree for jQuery based request and target as iframe with auto submit to true
jquery_builder.build(target_type=TargetType.iframe, auto_submit=auto_submit)
# generate code
jquery_html_code = jquery_builder.generate()
A basic unit in an object tree is a Tag
object defined in the tag
module under the dom
package. A Tag
object can be used to define a building unit for any type of object tree. For example, this might be a statement in a programming language like Java or Python or an HTML element.
Tag
class defines basic navigation, search, modification and code generation methods for an object tree. This Tag
class is created by forking beautifulsoup's PageElement
.
Specializations and extensions of a Tag
is possible by inherting it to change the behavior. The SimpleHTMLElement
from simple_html_element
for example, forms the basic unit in an HTML object tree. This SimpleHTMLElement
is further customized in simple_html_elements
module to create other HTML elements like IFrame
, Img
, Input
etc that make up an HTML object tree.
The builders
module enumerates the available build types in the Type
class.
The request_generator
module's RequestGenerator
class defines the genereate_request(requests=None, type=None, target_type=None, auto_submit=None)
method which is a single-point entry to build an object-tree and generate the code in a single call.
requests |
an array of HttpRequest objects |
type |
one of the build types from Type |
target_type |
one of the value from TargetType from html_request_builder module |
auto_submit |
True or False if auto submit of request is desired |
The request_builder
module defines the RequestBuilder
class which defines a minimum API any request builder implementation needs to provide.
build(*args, **kwargs) |
generate(*args, **kwargs) |
The utils.utils
module contains the function get_abs_path(*dirs)
which returns the absolute path constructed by appending a list of dirs
one after another under the request_generator
module.
html.dom.*
- DOM/object tree implementation for HTMLhtml.html_request_builder
- HTML request builder/generatorhtml.js_statements_template
- template code for JS statementshtml.xhr_js_template
- template code for XHR JS statementshtml.jquery.jquery_request_builder
- jQuery request builder/generatorhtml.jquery.jquery_js_template
- jQuery statements template
html.html_request_builder
module defines the HtmlRequestBuilder
class. This class implements the RequestBuilder
interface for a builder-generator for form-based and XHR based HTML code. These two types are listed in the Type
as form_request = 0
and xhr_request = 1
.
build(type=Type.form_request, target_type=TargetType.iframe, auto_submit=False) |
type , the request type - form based request (Type.form_request ) and XHR based request (Type.xhr_request )target_type , where responses should be loaded - iframe (TargetType.iframe ) and new tab (TargetType.new_tab )auto_submit , when True generate JavaScript code to submit requests when page is loaded |
generate() |
generate code from the object tree built |
Usage
# build an HTML request builder
html_builder = HtmlRequestBuilder(requests=http_requests)
# build object tree for from-based request and target as iframe with auto submit to true
# TargetType.new_tab for loading responses in new tab
builder.build(type=Type.form_request, target_type=TargetType.iframe, auto_submit=auto_submit)
# generate code
html_code = html_builder.generate()
html.jquery.jquery_request_builder
module defines the JQueryRequestBuilder
class. This class inherits HtmlRequestBuilder
for a builder-generator for jQuery based HTML code. This type is listed in the Type
as jquery_request = 2
.
build(target_type=TargetType.iframe, auto_submit=False) |
target_type , where responses should be loaded - iframe (TargetType.iframe ) and new tab (TargetType.new_tab )auto_submit , when True generate JavaScript code to submit requests when page is loaded |
generate() |
generate code from the object tree built |
Usage
# build an HTML request builder
jquery_builder = JQueryRequestBuilder(requests=http_requests)
# build object tree for from-based request and target as iframe with auto submit to true
# TargetType.new_tab for loading responses in new tab
jquery_builder.build(target_type=TargetType.iframe, auto_submit=auto_submit)
# generate code
jquery_code = jquery_builder.generate()
The html.dom
package has an Encoder
class that implements encoding methods based on OWASP's XSS Prevention Cheatsheet to help with proper output encoding during HTML/JS object tree building. This helps prevent context escaping in generated code.