Hi all, I hope I don't make myself unpopular with my first email to this list by adding Ruby stuff to a Python project ;).
First of all: The new request export feature is really nice. My first language is Ruby though, with Python being a close second. So I adapted the Python export plugin for Ruby, see the attachments. BTW, is sending this stuff to the mailing list the preferred way for you to get new code Andrés? Otherwise, please tell me how you'd like to receive any contributions. Some more thoughts: 1. There also seems to be a bug in line 47 of python_export.py: escaped_data = http_request.getData().replace('"', '\\"') This gives you the error AttributeError: 'queryString' object has no attribute 'replace' if you have POST data in the request. I fixed this with a simple call to str(): escaped_data = str(http_request.getData()).replace('"', '\\"') 2. There are more things I'd like to see in w3af: - There was a contribution to w3af to import Burp logs. I'd like to have this for WebScarab, too. - I'd love to have a JavaScript pretty printer as one of the Encode/Decode plugins. At least for me, there are so many times that I have compressed JavaScript in a response that is barely readable. At the moment, I run those through http://jsbeautifier.org/ with the Rhino script I wrote for it, but having this in the framework would be neat. So, what do you think, do these sound interesting? If so, I'm gonna start coding in the little spare time I have ;). Patrick -- The Plague: You wanted to know who I am, Zero Cool? Well, let me explain the New World Order. Governments and corporations need people like you and me. We are Samurai... the Keyboard Cowboys... and all those other people who have no idea what's going on are the cattle... Moooo. (Hackers)
# -*- coding: utf8 -*- ''' ruby_export.py Copyright 2009 Patrick Hof This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' from core.data.parsers.httpRequestParser import httpRequestParser import re def ruby_export( request_string ): ''' @parameter request_string: The string of the request to export @return: A net/http based ruby script that will perform the same HTTP request. ''' # get the header and the body splitted_request = request_string.split('\n\n') header = splitted_request[0] body = '\n\n'.join(splitted_request[1:]) http_request = httpRequestParser( header, body) # Now I do the real magic... res = 'require \'net/https\'\n\n' res += 'url = URI.parse("' + http_request.getURI() + '")\n' if http_request.getData() != '\n': escaped_data = str(http_request.getData()).replace('"', '\\"') res += 'data = "' + escaped_data + '"\n' else: res += 'data = nil\n' res += 'headers = { \n' headers = http_request.getHeaders() for header_name in headers: header_name = header_name.replace('"', '\\"') header_value = headers[header_name].replace('"', '\\"') res += '\t"' + header_name + '" => "' + header_value + '",\n' res = res [:-2] res += '\n}\n' method = http_request.getMethod() res += 'res = Net::HTTP.start(url.host, url.port) do |http|\n' res += '\thttp.use_ssl = ' if http_request.getURL()[:5] == 'https': res += 'true\n' else: res += 'false\n' res += '\thttp.send_request("' + method + '", url.path, data, headers)\n' res += 'end\n\n' res += 'puts res.body\n' return res
''' export_request.py Copyright 2008 Andres Riancho This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' import gtk from . import entries from .encdec import SimpleTextView from core.data.export.ajax_export import ajax_export from core.data.export.python_export import python_export from core.data.export.ruby_export import ruby_export export_request_example = """\ GET http://localhost/script.php HTTP/1.0 Host: www.some_host.com User-Agent: w3af.sf.net Pragma: no-cache Content-Type: application/x-www-form-urlencoded """ class export_request(entries.RememberingWindow): '''Infrastructure to export HTTP requests. @author: Andres Riancho < andres.riancho | gmail.com > ''' def __init__(self, w3af, initialRequest=None): super(export_request,self).__init__( w3af, "exportreq", "w3af - Export Requests", "Export_Requests") self.set_icon_from_file('core/ui/gtkUi/data/w3af_icon.png') self.w3af = w3af # different ways of exporting data self._exporters = [('Ajax', ajax_export), ('Python', python_export), ('Ruby', ruby_export)] # splitted panes vpan = entries.RememberingVPaned(w3af, "pane-exportrequests") # upper pane that shows HTTP request vbox = gtk.VBox() sw = gtk.ScrolledWindow() sw.set_shadow_type(gtk.SHADOW_ETCHED_IN) sw.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) self.http_request = SimpleTextView() sw.add(self.http_request) vbox.pack_start(sw, True, True, padding=5) # middle widgets that show the export method table = gtk.Table(1, 6, homogeneous=True) cb = gtk.combo_box_new_text() for (lab, fnc) in self._exporters: cb.append_text(lab) b = gtk.Button(lab) cb.set_active(0) table.attach(cb, 2, 3, 0, 1) b = entries.SemiStockButton("Export", gtk.STOCK_GO_DOWN, _("Export the request")) b.connect("clicked", self._export, cb) table.attach(b, 3, 4, 0, 1) vbox.pack_start(table, False, False, padding=5) vpan.pack1(vbox) # lower pane with exported data and save button vbox = gtk.VBox() sw = gtk.ScrolledWindow() sw.set_shadow_type(gtk.SHADOW_ETCHED_IN) sw.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC) self.exported_text = SimpleTextView() sw.add(self.exported_text) vbox.pack_start( sw, True, True, padding=5) b = entries.SemiStockButton("Save request as...", gtk.STOCK_SAVE_AS, _("Save request as...")) b.connect("clicked", self._save_as) vbox.pack_start( b, False, False, padding=5) vpan.pack2(vbox) # Show the data if initialRequest is None: self.http_request.setText( export_request_example ) else: (request_header, request_body) = initialRequest self.http_request.setText(request_header + '\n\n' + request_body ) func = self._exporters[0][1] self.exported_text.setText(func(self.http_request.getText())) self.vbox.pack_start(vpan, padding=10) self.show_all() def _export(self, widg, combo): '''Exports the upper text.''' opc = combo.get_active() func = self._exporters[opc][1] self.exported_text.setText(func(self.http_request.getText())) def _save_as(self, widg): ''' Save the exported data to a file using a file chooser. ''' chooser = gtk.FileChooserDialog(title='Save as...',action=gtk.FILE_CHOOSER_ACTION_SAVE, buttons=(gtk.STOCK_CANCEL,gtk.RESPONSE_CANCEL,gtk.STOCK_OPEN,gtk.RESPONSE_OK)) response = chooser.run() if response == gtk.RESPONSE_OK: # Save the contents of the self.exported_text to the selected file filename = chooser.get_filename() try: fh = file(filename, 'w') fh.write(self.exported_text.getText()) except: msg = _("Failed to save exported data to file") dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL, gtk.MESSAGE_ERROR, gtk.BUTTONS_OK, msg) opt = dlg.run() dlg.destroy() elif response == gtk.RESPONSE_CANCEL: pass chooser.destroy()
------------------------------------------------------------------------------
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop