Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package discovery :: Module urlFuzzer :: Class urlFuzzer
[hide private]
[frames] | no frames]

Class urlFuzzer



This plugin takes an url and tries to find backups, and other related files.

Author: Andres Riancho ( andres.riancho@gmail.com )

Instance Methods [hide private]
  __init__(self)
  discover(self, fuzzableRequest)
Searches for new Url's using fuzzing.
  _doRequest(self, url, mutant)
  _returnWithoutEval(self, uri)
This method tries to lower the false positives.
  _mutate(self, url)
Mutate this URL !
  _mutateDomainName(self, url)
If the url is : "http://www.foobar.com/asd.txt" this method returns:
  _mutateByAppending(self, url)
Adds something to the end of the url (mutate the file being requested)
  _mutateFileType(self, url)
Mutates a URL by changing its filetype, example : url = http://g.ar/foo.php result = http://g.ar/foo.zip , http://g.ar/foo.tgz , etc...
  _mutatePath(self, url)
Mutate the path instead of the file.
  _getBackupExtensions(self)
  _getFileTypes(self)
  _getToAppend(self)
  _verifyHeadEnabled(self, url)
Verifies if the requested URL permits a HEAD request.
  _headEnabled(self)
  getOptionsXML(self)
This method returns a XML containing the Options that the plugin has.
  setOptions(self, optionsMap)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptionsXML().
  getPluginDeps(self)
  getLongDesc(self)

Inherited from core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin: getType

Inherited from core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin (private): _createFuzzableRequests

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, getDesc, getName, printUniq, setUrlOpener

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _sendMutant


Method Details [hide private]

__init__(self)
(Constructor)

 
None
Overrides: core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin.__init__

discover(self, fuzzableRequest)

 
Searches for new Url's using fuzzing.
Parameters:
  • fuzzableRequest - A fuzzableRequest instance that contains (among other things) the URL to test.
Returns:
A list :
  1. New Url's found by plugin, could be empty when method ends.
Overrides: core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin.discover

_doRequest(self, url, mutant)

 
None

_returnWithoutEval(self, uri)

 
This method tries to lower the false positives.

_mutate(self, url)

 
Mutate this URL !
Parameters:
  • url - The original url
Returns:
A list of bad looking mutant URL's.

_mutateDomainName(self, url)

 
If the url is : "http://www.foobar.com/asd.txt" this method returns:
  • http://www.foobar.com/foobar.zip
  • http://www.foobar.com/foobar.rar
  • http://www.foobar.com/www.foobar.zip
  • http://www.foobar.com/www.foobar.rar
  • etc...
Returns:
A list of mutants.

_mutateByAppending(self, url)

 
Adds something to the end of the url (mutate the file being requested)
Returns:
A list of mutants.

_mutateFileType(self, url)

 
Mutates a URL by changing its filetype, example : url = http://g.ar/foo.php result = http://g.ar/foo.zip , http://g.ar/foo.tgz , etc...
Returns:
A mutant list.

_mutatePath(self, url)

 
Mutate the path instead of the file.
Returns:
A list of mutants.

_getBackupExtensions(self)

 
None

_getFileTypes(self)

 
Returns:
A list with filetypes commonly used in web apps.

_getToAppend(self)

 
Returns:
A list of strings to append to the URL.

_verifyHeadEnabled(self, url)

 

Verifies if the requested URL permits a HEAD request. This was saved inside the KB by the plugin allowedMethods

@return : Sets self._head to the correct value, nothing is returned.

_headEnabled(self)

 
None

getOptionsXML(self)

 
This method returns a XML containing the Options that the plugin has. Using this XML the framework will build a window, a menu, or some other input method to retrieve the info from the user. The XML has to validate against the xml schema file located at : w3af/core/ui/userInterface.dtd
Returns:
XML with the plugin options.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptionsXML

setOptions(self, optionsMap)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptionsXML().
Parameters:
  • OptionList - A dictionary with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

getPluginDeps(self)

 
Returns:
A list with the names of the plugins that should be runned before the current one.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getPluginDeps

getLongDesc(self)

 
Returns:
A DETAILED description of the plugin functions and features.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getLongDesc

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0alpha3 on Thu Oct 18 19:41:26 2007 http://epydoc.sourceforge.net