''' blindSqli.py Copyright 2006 Andres Riancho This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' import core.controllers.outputManager as om from core.controllers.basePlugin.baseAuditPlugin import baseAuditPlugin from core.controllers.w3afException import w3afException from core.controllers.sqlTools.blindSqli import blindSqli as blindSqliTools class blindSqli(baseAuditPlugin): ''' This plugin tests for blind SQL injection bugs. @author: Andres Riancho ( andres.riancho@gmail.com ) ''' def __init__(self): baseAuditPlugin.__init__(self) self._bsqliTools = blindSqliTools() # User configured variables self._equalLimit = 0.8 self._equAlgorithm = 'stringEq' def _fuzzRequests(self, freq ): ''' Tests an URL for blind Sql injection vulnerabilities. @param freq: A fuzzableRequest ''' om.out.debug( 'blindSqli plugin is testing: ' + freq.getURL() ) self._bsqliTools.setUrlOpener( self._urlOpener ) self._bsqliTools.setEqualLimit( self._equalLimit ) self._bsqliTools.setEquAlgorithm( self._equAlgorithm ) # If you are searching for the bsql finding algorithm, its in "core.controllers.sqlTools.blindSqli" self._bsqliTools.findBlindSQL( freq, saveToKb=True ) def getOptionsXML(self): ''' This method returns a XML containing the Options that the plugin has. Using this XML the framework will build a window, a menu, or some other input method to retrieve the info from the user. The XML has to validate against the xml schema file located at : w3af/core/ui/userInterface.dtd @return: XML with the plugin options. ''' return '\ \ \ \ \ ' def setOptions( self, optionsMap ): ''' This method sets all the options that are configured using the user interface generated by the framework using the result of getOptionsXML(). @parameter OptionList: A dictionary with the options for the plugin. @return: No value is returned. ''' self._equAlgorithm = optionsMap['equAlgorithm'] self._equalLimit = optionsMap['equalLimit'] def getPluginDeps( self ): ''' @return: A list with the names of the plugins that should be runned before the current one. ''' return [ ] def getLongDesc( self ): ''' @return: A DETAILED description of the plugin functions and features. ''' return ''' This plugin finds blind sql injections. Two configurable parameters exist: - equAlgorithm - equalLimit The equAlgorithm parameter configures how the comparison of pages is done, the options for equAlgorithm are: - stringEq - setIntersection - intelligentCut The classic way of matching two strings is "stringEq" , in python this is "string1 == string2" , but other ways have been developed for sites that have changing banners and random data on their HTML response. "setIntersection" will create two different sets with the words inside the two HTML responses, and do an intersection. If number of words that are in the intersection set divided by the total words are more than "equalLimit", then the responses are equal. "intelligentCut" aint implemented yet. '''