Permalink
Browse files

Change injectable page location (#155)

* Add proper injectable page

* fix tests

* add test for set_injectable_page
  • Loading branch information...
rnehra01 authored and afeena committed Jun 20, 2017
1 parent 4df7fcb commit df372e53b83a1603239b14c3200e6b7149b4734b
View
@@ -1,4 +1,5 @@
import asyncio
import mimetypes
import re
import urllib.parse
import yarl
@@ -90,11 +91,27 @@ def extract_get_data(self, path):
return detection
@staticmethod
def set_injectable_page(session):
injectable_page = None
if session:
for page in reversed(session.paths):
if mimetypes.guess_type(page['path'])[0] == 'text/html':
injectable_page = page['path']
return injectable_page
async def emulate(self, data, session):
if data['method'] == 'POST':
detection = await self.handle_post(session, data)
else:
detection = await self.handle_get(session, data)
if 'payload' in detection and type(detection['payload']) is dict:
injectable_page = self.set_injectable_page(session)
if injectable_page is None:
injectable_page = '/index.html'
detection['payload']['page'] = injectable_page
return detection
@@ -64,7 +64,7 @@ def __init__(self):
container.kill()
except docker.errors.APIError as server_error:
self.logger.error('Error while executing command %s in container %s', cmd, server_error)
result = dict(value= execute_result, page= '/index.html')
result = dict(value= execute_result)
return result
async def delete_env(self, container_name):
View
@@ -52,7 +52,7 @@ def map_query(self, attack_value):
execute_result = await self.sqli_emulator.execute_query(db_query, attacker_db)
if isinstance(execute_result, list):
execute_result = ' '.join([str(x) for x in execute_result])
result = dict(value=execute_result, page='/index.html')
result = dict(value=execute_result)
return result
async def handle(self, attack_params, session):
View
@@ -15,26 +15,12 @@ def scan(self, value):
def get_xss_result(self, session, attack_params):
result = None
injectable_page = None
value = ''
if session:
injectable_page = self.set_xss_page(session)
if injectable_page is None:
injectable_page = '/index.html'
for param in attack_params:
value += param['value'] if not value else '\n' + param['value']
result = dict(value=value,
page=injectable_page)
result = dict(value=value)
return result
@staticmethod
def set_xss_page(session):
injectable_page = None
for page in reversed(session.paths):
if mimetypes.guess_type(page['path'])[0] == 'text/html':
injectable_page = page['path']
return injectable_page
async def handle(self, attack_params, session):
xss_result = None
xss_result = self.get_xss_result(session, attack_params)
View
@@ -2,6 +2,7 @@
import unittest
from unittest import mock
from tanner import session
from tanner.emulators import base
@@ -112,4 +113,14 @@ def mock_rfi_scan(value):
detection = self.loop.run_until_complete(self.handler.handle_get(self.session, data))
assert_detection = {'name': 'rfi', 'order': 2, 'payload': 'rfi_test_payload'}
self.assertDictEqual(detection, assert_detection)
self.assertDictEqual(detection, assert_detection)
def test_set_injectable_page(self):
paths = [{'path': '/python.html', 'timestamp': 1465851064.2740946},
{'path': '/python.php/?foo=bar', 'timestamp': 1465851065.2740946},
{'path': '/python.html/?foo=bar', 'timestamp': 1465851065.2740946}]
with mock.patch('tanner.session.Session') as mock_session:
mock_session.return_value.paths = paths
sess = session.Session(None)
injectable_page = self.handler.set_injectable_page(sess)
self.assertEqual(injectable_page, '/python.html')
@@ -47,9 +47,7 @@ def test_get_sqli_result(self):
self.handler.sqli_emulator = mock.Mock()
self.handler.sqli_emulator.execute_query = mock_execute_query
assert_result = dict(value="[1, 'name', 'email@mail.com', 'password'] [1, '2', '3', '4']",
page='/index.html'
)
assert_result = dict(value="[1, 'name', 'email@mail.com', 'password'] [1, '2', '3', '4']")
result = self.loop.run_until_complete(self.handler.get_sqli_result(attack_value, 'foo.db'))
self.assertEqual(assert_result, result)
@@ -3,7 +3,6 @@
import unittest
from unittest import mock
from tanner import session
from tanner.emulators import xss
@@ -25,17 +24,5 @@ def test_xss(self):
attack_params = [dict(id= 'foo', value= '<script>alert(\'xss\');</script>')]
xss = self.loop.run_until_complete(self.handler.handle(attack_params, None))
assert_result = dict(value=attack_params[0]['value'],
page='/index.html')
assert_result = dict(value=attack_params[0]['value'])
self.assertDictEqual(xss, assert_result)
def test_set_xss_page(self):
paths = [{'path': '/python.html', 'timestamp': 1465851064.2740946},
{'path': '/python.php/?foo=bar', 'timestamp': 1465851065.2740946},
{'path': '/python.html/?foo=bar', 'timestamp': 1465851065.2740946}]
with mock.patch('tanner.session.Session') as mock_session:
mock_session.return_value.paths = paths
sess = session.Session(None)
attack_params = [dict(id= 'foo', value= '<script>alert(\'xss\');</script>')]
xss = self.loop.run_until_complete(self.handler.handle(attack_params, sess))
self.assertEqual(xss['page'], '/python.html')

0 comments on commit df372e5

Please sign in to comment.