Actually that isn't a syntax error, just bad form :), it's been working for
me for a few days. The +''+ in the line containing
original_value+''+mutant_str is actually two single quotations, not a
double quotation. It is just concatenating an empty string in between. I've
removed that useless piece and here is the updated (and retested) diff:
Index: core/data/fuzzer/fuzzer.py
===================================================================
--- core/data/fuzzer/fuzzer.py (revision 5002)
+++ core/data/fuzzer/fuzzer.py (working copy)
@@ -498,7 +498,10 @@
m.setVar( pname, index=element_index )
m.setDc( dc_copy )
m.setOriginalValue( original_value )
- m.setModValue( mutant_str )
+ if(append):
+ m.setModValue(original_value+mutant_str)
+ else:
+ m.setModValue( mutant_str )
# Done, add it to the result
result.append( m )
On Tue, May 15, 2012 at 11:44 AM, Andres Riancho
<andres.rian...@gmail.com>wrote:
> Stephen,
>
> On Wed, May 9, 2012 at 2:58 PM, Stephen Breen <breen.mach...@gmail.com>
> wrote:
> > I've been working on an HTTP Parameter Pollution plugin a little bit
> lately
> > and noticed that the append functionality of createMutants in
> > core/data/fuzzer/fuzzer.py doesn't seem to work, unless I'm
> misunderstanding
> > its use. I've fixed it for my current purposes (simple query string
> mutants)
> > by changing line 501 in fuzzer.py which is part of the
> _createMutantsWorker
> > method as follows:
>
> I think your finding is correct, it seems to be a bug.
>
> > Index: core/data/fuzzer/fuzzer.py
> > ===================================================================
> > --- core/data/fuzzer/fuzzer.py (revision 5000)
> > +++ core/data/fuzzer/fuzzer.py (working copy)
> > @@ -498,7 +498,10 @@
> > m.setVar( pname, index=element_index )
> > m.setDc( dc_copy )
> > m.setOriginalValue( original_value )
> > - m.setModValue( mutant_str )
> > + if(append):
> > + m.setModValue( original_value+''+mutant_str )
> > + else:
> > + m.setModValue( mutant_str )
> >
> > # Done, add it to the result
> > result.append( m )
>
> The patch seems to have a syntax error here:
> original_value+''+mutant_str (note the " in the middle of the two
> +).
>
> It looks like we need more unit-testing for the fuzzer in order to
> avoid things like this! Any takers for that task?
>
> Once the patch is fixed and tested, please send again and I'll commit it.
>
> > I'm not sure if any other methods in fuzzer.py should also be fixed since
> > I've never used them before. Looking at the code it's a little unclear;
> > _createFileNameMutants and _createUrlPartsMutants do something with the
> > append flag but I haven't tested it to be sure.
> >
> >
> >
> ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > W3af-develop mailing list
> > W3af-develop@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
