From f75a76dd19419959b3e297ef6bc8b79af3ee9231 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Mon, 27 Jan 2014 22:09:55 +0100 Subject: [PATCH 1/8] test for session url --- test/test_sessions_url.py | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 test/test_sessions_url.py diff --git a/test/test_sessions_url.py b/test/test_sessions_url.py new file mode 100644 index 0000000..7b2ce34 --- /dev/null +++ b/test/test_sessions_url.py @@ -0,0 +1,39 @@ +import unittest +import sys + +import tutil +import webvulnscan.attacks.session_url + +#Session ID 32 characters mostly with GET method POST also possible + +def make_client(headers): + headers['Content-Type'] = 'text/html; charset=utf-8' + return tutil.TestClient({ + '/':(200, b', headers), + }) + + +class SessionUrl(unittest.TestCase): + def test_static_site(self): + client = make_client({}) + client.run_attack(webvulnscan.attacks.session_url) + client.log.assert_count(0) + + #test site with session id in URI POST + def test_site_with_id(self): + client = make_client({ + "Set-Cookie" : "random = test" + "Method" : "POST" + }) + client.run_attack(webvulnscan.attacks.session_url) + client.log.assert_count(1) + + #test site with session id in URI GET + def test_site_with_id(self): + client = make_client({ + "Set-Cookie" : "random = test" + "Method" : "GET" + }) + client.run_attack(webvulnscan.attacks.session_url) + client.log.assert_count(1) + From 74d2515408828a2121db047b76042313d210a04c Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Fri, 21 Feb 2014 00:49:15 +0100 Subject: [PATCH 2/8] testcase for session url --- test/test_sessions_url.py | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/test/test_sessions_url.py b/test/test_sessions_url.py index 7b2ce34..91647ea 100644 --- a/test/test_sessions_url.py +++ b/test/test_sessions_url.py @@ -4,35 +4,41 @@ import tutil import webvulnscan.attacks.session_url -#Session ID 32 characters mostly with GET method POST also possible - +#creating site without any session def make_client(headers): headers['Content-Type'] = 'text/html; charset=utf-8' return tutil.TestClient({ - '/':(200, b', headers), + '/':(200, b'', headers), }) - + class SessionUrl(unittest.TestCase): + headers = "Set-Cookie" : "random=test" def test_static_site(self): client = make_client({}) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(0) - #test site with session id in URI POST - def test_site_with_id(self): - client = make_client({ - "Set-Cookie" : "random = test" - "Method" : "POST" + #test site/form with session id in URI POST + def test_site_with_post(self): + client = tutil.TestClient({ + '/': u''' +
+ +
+ ''', headers }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) - #test site with session id in URI GET - def test_site_with_id(self): + #test site/form with session id in URI GET + def test_site_with_get(self): client = make_client({ - "Set-Cookie" : "random = test" - "Method" : "GET" + '/': u''' +
+ +
+ ''', headers }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) From d8ba8e066cc2a8b89ad0dac832a51513ffedb47b Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Fri, 21 Feb 2014 00:51:23 +0100 Subject: [PATCH 3/8] attack structure --- webvulnscan/attacks/session_url.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 webvulnscan/attacks/session_url.py diff --git a/webvulnscan/attacks/session_url.py b/webvulnscan/attacks/session_url.py new file mode 100644 index 0000000..7d5f9a0 --- /dev/null +++ b/webvulnscan/attacks/session_url.py @@ -0,0 +1,16 @@ +from ..utils import attack + + + + + + +def attack_get(headers): + + + +def attack_post(headers): + + +@attck() +def session_url(client, log, page) From 970ca68bda2ce568572a58a1983a9073085aba00 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 5 Mar 2014 01:02:35 +0100 Subject: [PATCH 4/8] testcase with 3 different id in url --- test/test_sessions_url.py | 44 +++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/test/test_sessions_url.py b/test/test_sessions_url.py index 91647ea..fdb0598 100644 --- a/test/test_sessions_url.py +++ b/test/test_sessions_url.py @@ -1,45 +1,57 @@ +from __future__ import unicode_literals import unittest import sys import tutil import webvulnscan.attacks.session_url -#creating site without any session +#session id's in URL can appear in various forms +#this test creates forms of sid, sessionid, phpsessid + + def make_client(headers): headers['Content-Type'] = 'text/html; charset=utf-8' return tutil.TestClient({ - '/':(200, b'', headers), + '/': (200, b'', headers), }) - + class SessionUrl(unittest.TestCase): - headers = "Set-Cookie" : "random=test" + #creating site without any session def test_static_site(self): client = make_client({}) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(0) - #test site/form with session id in URI POST + #sid in link def test_site_with_post(self): client = tutil.TestClient({ '/': u''' -
- -
- ''', headers + link1 + ''' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) - - #test site/form with session id in URI GET + + #sessionid in link def test_site_with_get(self): - client = make_client({ + client = tutil.TestClient({ '/': u''' -
- -
- ''', headers + link2
+ ''' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) + #phpsessid in link + def test_site_with_get(self): + client = tutil.TestClient({ + '/': u''' + link3
+ ''' + }) + client.run_attack(webvulnscan.attacks.session_url) + client.log.assert_count(1) From 8573ed0d01c7026168950f1bf6d39799e1749fde Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 6 Mar 2014 00:39:55 +0100 Subject: [PATCH 5/8] add session_url to __init__.py --- webvulnscan/attacks/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webvulnscan/attacks/__init__.py b/webvulnscan/attacks/__init__.py index 4af52c1..85dbfc0 100644 --- a/webvulnscan/attacks/__init__.py +++ b/webvulnscan/attacks/__init__.py @@ -6,7 +6,8 @@ from .clickjack import clickjack from .cookiescan import cookiescan from .exotic_characters import exotic_characters +from .session_url import session_url def all_attacks(): - return [xss, csrf, crlf, breach, clickjack, cookiescan, exotic_characters] + return [xss, csrf, crlf, breach, clickjack, cookiescan, exotic_characters, session_url] From f31b3776e2ac68e0b5daa0739f28d80e90837074 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 6 Mar 2014 01:05:43 +0100 Subject: [PATCH 6/8] attacker for session url --- webvulnscan/attacks/session_url.py | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/webvulnscan/attacks/session_url.py b/webvulnscan/attacks/session_url.py index 7d5f9a0..1dbff4e 100644 --- a/webvulnscan/attacks/session_url.py +++ b/webvulnscan/attacks/session_url.py @@ -1,16 +1,19 @@ from ..utils import attack - - - - -def attack_get(headers): - - - -def attack_post(headers): - - -@attck() -def session_url(client, log, page) +def check_id(page): + if "sid" in page.url: + return true + if "sessionid" in page.url: + return true + if "phpsessid" in page.url: + return true + return false + + +@attack() +def session_url(client, log, page): + #session id in url found + if check_id(page): + log('vuln', page.url, u"Session ID in URL") + return From fd1c53982b370d36f84333ca089b83d3abd2bc35 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 20 Mar 2014 17:03:37 +0100 Subject: [PATCH 7/8] String corrected --- test/test_sessions_url.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/test/test_sessions_url.py b/test/test_sessions_url.py index fdb0598..960ddb7 100644 --- a/test/test_sessions_url.py +++ b/test/test_sessions_url.py @@ -26,10 +26,10 @@ def test_static_site(self): #sid in link def test_site_with_post(self): client = tutil.TestClient({ - '/': u''' - link1 - ''' + '/': '\ + link1\ + ' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) @@ -37,10 +37,10 @@ def test_site_with_post(self): #sessionid in link def test_site_with_get(self): client = tutil.TestClient({ - '/': u''' - link2
- ''' + '/': '\ + link2\ + ' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) @@ -48,10 +48,10 @@ def test_site_with_get(self): #phpsessid in link def test_site_with_get(self): client = tutil.TestClient({ - '/': u''' - link3
- ''' + '/': '\ + link3\ + ' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) From dfbfd3aa4e03a85bc30550561062860415eca077 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Tue, 1 Apr 2014 00:36:46 +0200 Subject: [PATCH 8/8] still syntax error --- test/test_sessions_url.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/test/test_sessions_url.py b/test/test_sessions_url.py index 960ddb7..83ca2a7 100644 --- a/test/test_sessions_url.py +++ b/test/test_sessions_url.py @@ -1,4 +1,4 @@ -from __future__ import unicode_literals + import unittest import sys @@ -12,7 +12,7 @@ def make_client(headers): headers['Content-Type'] = 'text/html; charset=utf-8' return tutil.TestClient({ - '/': (200, b'', headers), + '/': b'''(200, b'', headers)''', }) @@ -26,10 +26,10 @@ def test_static_site(self): #sid in link def test_site_with_post(self): client = tutil.TestClient({ - '/': '\ - link1\ - ' + '/': u''' + link1 + ''' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) @@ -37,10 +37,10 @@ def test_site_with_post(self): #sessionid in link def test_site_with_get(self): client = tutil.TestClient({ - '/': '\ - link2\ - ' + '/': u''' + link2 + ''' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1) @@ -48,10 +48,10 @@ def test_site_with_get(self): #phpsessid in link def test_site_with_get(self): client = tutil.TestClient({ - '/': '\ - link3\ - ' + '/': u''' + link3 + ''' }) client.run_attack(webvulnscan.attacks.session_url) client.log.assert_count(1)