Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deve #244

Merged
merged 93 commits into from
Nov 6, 2020
Merged

Deve #244

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
93 commits
Select commit Hold shift + click to select a range
18a608c
Update common.txt
laramies Apr 2, 2020
fc2c5fd
show diff when prev and verbose
xmendez Sep 23, 2020
abf7964
add prev,AA option to wfpayload
xmendez Sep 24, 2020
76c9da0
Merge branch 'master' of https://github.com/xmendez/wfuzz
laramies Sep 27, 2020
58afda9
fix payman when using fuzzres seed
xmendez Sep 28, 2020
d8b4752
links plugin to parse links on header
xmendez Sep 28, 2020
3d8f323
fix links test
xmendez Sep 28, 2020
275ff65
add word boundary to links re
xmendez Sep 28, 2020
13473ff
only enqueue plugin results on http transport
xmendez Oct 1, 2020
a571b30
refactor header plugin
xmendez Oct 2, 2020
f39ff7b
use constants for kbase entries
xmendez Oct 2, 2020
c1e1e8b
change A,AA,AAA categories
xmendez Oct 2, 2020
44d7fd3
change plugin categories
xmendez Oct 2, 2020
978a12c
minor change to headers plugin
xmendez Oct 2, 2020
aaddcba
new uncommon headers plugins
xmendez Oct 2, 2020
dc2f41b
change npm deps category
xmendez Oct 2, 2020
7d6725b
change title category
xmendez Oct 2, 2020
a8f08a4
increase words width
xmendez Oct 6, 2020
eba16d7
add header
xmendez Oct 6, 2020
d37d022
black formatting
xmendez Oct 8, 2020
bda110d
plugin split data and msg
xmendez Oct 8, 2020
cb3612d
plugins field as dotdict
xmendez Oct 8, 2020
1afe2ee
return url instead of default
xmendez Oct 10, 2020
dedbd10
fix description when no marker
xmendez Oct 10, 2020
7ff658a
description for list with diff separator
xmendez Oct 10, 2020
3d9f47c
verbose msgs from plugins
xmendez Oct 10, 2020
a3c3ccb
do not include output in plugins
xmendez Oct 10, 2020
47423ab
found instead of added
xmendez Oct 10, 2020
f288817
regex and new msg links
xmendez Oct 10, 2020
53f6495
headers in one plugin
xmendez Oct 10, 2020
9742492
not show summary when verbose
xmendez Oct 10, 2020
017b125
recursive when transport and rlevel
xmendez Oct 10, 2020
0e74b47
only add routingq when transport is http
xmendez Oct 13, 2020
fc738a1
remove discarded type
xmendez Oct 13, 2020
a523de1
fix interact q
xmendez Oct 14, 2020
1106b9e
name all seed queues, seed_queue
xmendez Oct 14, 2020
24be728
fix interactive s
xmendez Oct 14, 2020
1b34d05
partial time in get stats
xmendez Oct 14, 2020
95efe68
get stats from fuzzer
xmendez Oct 14, 2020
f563ad6
remove httpreceiver queue limit
xmendez Oct 19, 2020
5d7f874
basic queue size profiling
xmendez Oct 19, 2020
b517e20
add lower in comparison
xmendez Oct 19, 2020
ad3b9c0
dont print empty values
xmendez Oct 19, 2020
234d659
fix prev in wfpayload
xmendez Oct 19, 2020
56e1c16
change npm_deps to verbose result
xmendez Oct 19, 2020
8ff85dd
Merge branch 'master' into deve
xmendez Oct 24, 2020
120367a
Merge branch 'master' into deve
xmendez Oct 24, 2020
71eacd6
Merge branch 'deve' of github.com:xmendez/wfuzz into deve
xmendez Oct 24, 2020
679124c
refactor plugin-help
xmendez Oct 24, 2020
7dbc014
enqueue param in links plugin
xmendez Oct 24, 2020
d21f7d7
black format
xmendez Oct 24, 2020
2f9dcc8
summary only in res __str__
xmendez Oct 24, 2020
85d3753
test docker
xmendez Oct 24, 2020
1a65c93
test docker
xmendez Oct 24, 2020
ee25382
add jsparse regex to links
xmendez Oct 25, 2020
0fdfe2d
add plugin data in raw printer
xmendez Oct 27, 2020
56f9add
field printer
xmendez Oct 27, 2020
078d332
revert workflow
xmendez Oct 29, 2020
9b821bd
black formatting
xmendez Oct 29, 2020
57ad3f1
verbose options
Oct 31, 2020
51c5b24
is_visible in plugin
Oct 31, 2020
b6a776e
black format
Oct 31, 2020
0cad4b4
reinstalling pycurl instructions
Oct 31, 2020
8245875
fix test
Oct 31, 2020
a124724
test for is_visible
Oct 31, 2020
b6429c4
fix latest release link
Oct 31, 2020
5f04595
change enqueue message
Oct 31, 2020
39db477
add result in robots
Oct 31, 2020
3980861
use python3 notation
Oct 31, 2020
52b649e
only add server value
Oct 31, 2020
6e791e4
only print if result
Oct 31, 2020
0481301
handle exceptions in wfencode
Nov 1, 2020
4cc75e2
wfencode stdin
Nov 1, 2020
7ee1aa0
change plugins filter doc
Nov 1, 2020
d2e0d8b
burplog test and fix
xmendez Nov 2, 2020
d65e49b
burplog test and fix
xmendez Nov 2, 2020
6b3bf8c
formatting
xmendez Nov 2, 2020
353f01e
fix duplicated test
xmendez Nov 2, 2020
2b547b9
add tests and tox action
xmendez Nov 2, 2020
7d52087
fix --slice when using fuzzres payload
xmendez Nov 2, 2020
546bc11
remove wfuzz-cli ref
xmendez Nov 2, 2020
48d99f4
add test for previous payload filter
xmendez Nov 2, 2020
a3458bf
add operators tests
xmendez Nov 2, 2020
5dafaa5
diff operator test
xmendez Nov 2, 2020
768c048
formatting
xmendez Nov 2, 2020
b1a7ccb
diff operator
xmendez Nov 2, 2020
e387672
fix py34 tests
xmendez Nov 3, 2020
43bd5f0
text parses does not update index when reading full string
Nov 5, 2020
d02966a
more restrictive http protocol regex
Nov 5, 2020
f6ae038
remove future lib
Nov 5, 2020
4aec2b1
add burplog test
Nov 5, 2020
c765e87
bump version
Nov 5, 2020
3198d60
black format
Nov 6, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
burplog test and fix
  • Loading branch information
xmendez committed Nov 2, 2020
commit d2e0d8bbad27c94bf8374ed42a12aec0e2e31cfc
2 changes: 1 addition & 1 deletion src/wfuzz/plugins/payloads/burplog.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ def parse_burp_log(self, burp_log):
if rl == CRLF:
fr = FuzzRequest()
fr.update_from_raw_http(
raw_request, host[: host.find("://")], raw_response
raw_request, host[: host.find("://")], raw_response.rstrip()
)
frr = FuzzResult(history=fr)

Expand Down
132 changes: 132 additions & 0 deletions tests/plugins/test_burplog.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
import pytest
import sys
from io import BytesIO

import wfuzz
from wfuzz.facade import Facade

try:
# Python >= 3.3
from unittest import mock
except ImportError:
# Python < 3.3
import mock


@pytest.fixture
def burp_log_raw():
return """======================================================
22:35:55 https://aus5.mozilla.org:443 [35.244.181.201]
======================================================
GET /update/3/SystemAddons/81.0/20200917005511/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%205.4.0-48-generic%20(GTK%203.24.20%2Clibpulse%2013.99.0)/canonical/1.0/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
Connection: close


======================================================
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 01 Nov 2020 21:35:08 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 42
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
X-Proxy-Cache-Status: EXPIRED
Via: 1.1 google
Age: 47
Cache-Control: public, max-age=90
Alt-Svc: clear
Connection: close

<?xml version="1.0"?>
<updates>
</updates>
======================================================



"""


class mock_saved_session(object):
def __init__(self, infile):
self.outfile = BytesIO(bytes(infile, "ascii"))
self.outfile.seek(0)
self.outfile.name = "mockfile"

def close(self):
pass

def read(self, *args, **kwargs):
return self.outfile.read(*args, **kwargs)

def seek(self, *args, **kwargs):
return self.outfile.seek(*args, **kwargs)

def tell(self):
return self.outfile.tell()

def readline(self, *args, **kwargs):
line = self.outfile.readline()
if line:
return line.decode("utf-8")
return ""


def test_burplog(burp_log_raw):
# load plugins before mocking file object
Facade().payloads

m = mock.MagicMock(name="open", spec=open)
m.return_value = mock_saved_session(burp_log_raw)

mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open"
with mock.patch(mocked_fun, m, create=True):
payload_list = list(
wfuzz.payload(
**{
"payloads": [
("burplog", {"default": "mockedfile", "encoder": None}, None)
],
}
)
)

fres = payload_list[0][0]

assert fres.history.headers.response["Server"] == "nginx/1.17.9"
assert fres.history.headers.response["server"] == "nginx/1.17.9"
assert fres.history.content == '<?xml version="1.0"?>\n<updates>\n</updates>'
assert fres.history.headers.request == {
"Host": "aus5.mozilla.org",
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0",
"Accept": "*/*",
"Accept-Language": "en-GB,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Cache-Control": "no-cache",
"Pragma": "no-cache",
"Connection": "close",
}

assert fres.history.headers.response == {
'Server': 'nginx/1.17.9',
'Date': 'Sun, 01 Nov 2020 21:35:08 GMT',
'Content-Type': 'text/xml; charset=utf-8',
'Content-Length': '42',
'Strict-Transport-Security': 'max-age=31536000;',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': "default-src 'none'; frame-ancestors 'none'",
'X-Proxy-Cache-Status': 'EXPIRED',
'Via': '1.1 google',
'Age': '47',
'Cache-Control': 'public, max-age=90',
'Alt-Svc': 'clear',
'Connection': 'close',
}