Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package attack :: Module rfiProxy :: Class rfiProxy
[hide private]

Class rfiProxy



Exploits remote file inclusions to create a proxy server.

Author: Andres Riancho ( andres.riancho@gmail.com )

Instance Methods [hide private]
 
__init__(self)
 
fastExploit(self, url, method, data)
Exploits a web app with osCommanding vuln.
 
getAttackType(self)
Returns the type of exploit, SHELL, PROXY, etc.
 
getVulnName2Exploit(self)
This method should return the vulnerability name (as saved in the kb) to exploit.
 
exploit(self, vulnToExploit=None)
Exploits a rfiVulns that were found and stored in the kb.
 
_generateProxy(self, vuln)
Returns: True if the user can start using the proxy.
 
stop(self)
w3af w3afThreads MUST implment a stop method.
 
rexec(self, command)
The only command available is stop, it will stop the web and proxy server.
 
run(self)
Starts the http server that will become a proxy.
 
getOptions(self)
Returns: A list of option objects for this plugin.
 
getOptionsXML(self)
This method returns a XML containing the Options that the plugin has.
 
getRootProbability(self)
Returns: This method returns the probability of getting a root shell using this attack plugin.
 
setOptions(self, optionsMap)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
 
setUrlOpener(self, urlOpener)
This method should not be overwritten by any plugin (but you are free to do it, for example a good idea is to rewrite this method to change the UrlOpener to do some IDS evasion technic).

Inherited from core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin: GET2POST, canExploit, getExploitableVulns, getType

Inherited from core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin (private): _generateShell

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, end, getDesc, getLongDesc, getName, getPluginDeps, printUniq

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _analyzeResult, _sendMutant

Inherited from core.controllers.misc.commonAttackMethods.commonAttackMethods: getCut, setCut

Inherited from core.controllers.misc.commonAttackMethods.commonAttackMethods (private): _cut, _defineCut

Inherited from core.controllers.threads.w3afThread.w3afThread: start2

Inherited from threading.Thread: __repr__, isAlive, isDaemon, join, setDaemon, setName, start

Inherited from threading.Thread (private): _set_daemon

Inherited from threading._Verbose (private): _note

Inherited from object: __delattr__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __str__

Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self)
(Constructor)

 
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.__init__

fastExploit(self, url, method, data)

 
Exploits a web app with osCommanding vuln.
Parameters:
  • url - A string containing the Url to exploit ( http://somehost.com/foo.php )
  • method - A string containing the method to send the data ( post / get )
  • data - A string containing data to send with a mark that defines which is the vulnerable parameter ( aa=notMe&bb=almost&cc=[VULNERABLE] )
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.fastExploit

getAttackType(self)

 
Returns the type of exploit, SHELL, PROXY, etc.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getAttackType
(inherited documentation)

getVulnName2Exploit(self)

 

This method should return the vulnerability name (as saved in the kb) to exploit. For example, if the audit.osCommanding plugin finds an vuln, and saves it as:

kb.kb.append( 'osCommanding' , 'osCommanding', vuln )

Then the exploit plugin that exploits osCommanding ( attack.osCommandingShell ) should return 'osCommanding' in this method.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getVulnName2Exploit
(inherited documentation)

exploit(self, vulnToExploit=None)

 
Exploits a rfiVulns that were found and stored in the kb.
Returns:
True if the shell is working and the user can start using the proxy.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.exploit

_generateProxy(self, vuln)

 
Parameters:
  • vuln - The vuln to exploit.
Returns:
True if the user can start using the proxy.

stop(self)

 
w3af w3afThreads MUST implment a stop method.
Overrides: core.controllers.threads.w3afThread.w3afThread.stop
(inherited documentation)

run(self)

 
Starts the http server that will become a proxy.
Overrides: core.controllers.threads.w3afThread.w3afThread.run

getOptions(self)

 

This method returns an optionList containing the options objects that the configurable object has. Using this option list the framework will build a window, a menu, or some other input method to retrieve the info from the user.

This method MUST be implemented on every plugin.
Returns:
A list of option objects for this plugin.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptions
(inherited documentation)

getOptionsXML(self)

 
This method returns a XML containing the Options that the plugin has. Using this XML the framework will build a window, a menu, or some other input method to retrieve the info from the user. The XML has to validate against the xml schema file located at : w3af/core/ui/userInterface.dtd
Returns:
XML with the plugin options.

getRootProbability(self)

 
Returns:
This method returns the probability of getting a root shell using this attack plugin. This is used by the "exploit *" function to order the plugins and first try to exploit the more critical ones. This method should return 0 for an exploit that will never return a root shell, and 1 for an exploit that WILL ALWAYS return a root shell.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getRootProbability

setOptions(self, optionsMap)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
Parameters:
  • optionsMap - A dictionary with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

setUrlOpener(self, urlOpener)

 

This method should not be overwritten by any plugin (but you are free to do it, for example a good idea is to rewrite this method to change the UrlOpener to do some IDS evasion technic).

This method takes a CustomUrllib object as parameter and assigns it to itself. Then, on the testUrl method you use self.CustomUrlOpener._custom_urlopen(...) to open a Url and you are sure that the plugin is using the user supplied settings (proxy, user agent, etc).
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setUrlOpener

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0beta1 on Sun Sep 14 17:13:08 2008 http://epydoc.sourceforge.net