Module: Arachni::Element::Cookie::Capabilities::Mutable

Includes:
Arachni::Element::Capabilities::Mutable
Defined in:
lib/arachni/element/cookie/capabilities/mutable.rb

Overview

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Constant Summary

Constants included from Arachni::Element::Capabilities::Mutable

Arachni::Element::Capabilities::Mutable::EXTRA_NAME, Arachni::Element::Capabilities::Mutable::FUZZ_NAME, Arachni::Element::Capabilities::Mutable::FUZZ_NAME_VALUE, Arachni::Element::Capabilities::Mutable::MUTATION_OPTIONS

Instance Attribute Summary

Attributes included from Arachni::Element::Capabilities::Mutable

#affected_input_name, #format, #seed

Instance Method Summary collapse

Methods included from Arachni::Element::Capabilities::Mutable

#affected_input_value, #affected_input_value=, #dup, #immutables, #inspect, #mutation?, #mutations, #parameter_name_audit?, #reset, #switch_method, #to_h, #to_rpc_data, #with_raw_payload, #with_raw_payload?

Instance Method Details

#each_extensive_mutation(mutation) ⇒ Object



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# File 'lib/arachni/element/cookie/capabilities/mutable.rb', line 75

def each_extensive_mutation( mutation )
    return if orphan?

    (auditor.page.links | auditor.page.forms).each do |e|
        next if e.inputs.empty?

        c = e.dup
        c.affected_input_name = "Mutation for the '#{name}' cookie"
        c.auditor = auditor
        c.audit_options[:submit] ||= {}
        c.audit_options[:submit][:cookies] = mutation.inputs.dup
        c.inputs = Arachni::Options.input.fill( c.inputs.dup )

        yield c
    end
end

#each_mutation(payload, options = {}) {|mutation| ... } ⇒ Object

Overrides Arachni::Element::Capabilities::Mutable#each_mutation to handle cookie-specific limitations and the OptionGroups::Audit#cookies_extensively option.

Parameters:

Yields:

  • (mutation)

    Each generated mutation.

Yield Parameters:

See Also:



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/arachni/element/cookie/capabilities/mutable.rb', line 29

def each_mutation( payload, options = {}, &block )
    options              = prepare_mutation_options( options )
    parameter_names      = options.delete( :parameter_names )
    with_extra_parameter = options.delete( :with_extra_parameter )
    extensively          = options[:extensively]
    extensively          = Arachni::Options.audit.cookies_extensively? if extensively.nil?

    super( payload, options ) do |element|
        yield element

        next if !extensively
        element.each_extensive_mutation( element, &block )
    end

    if with_extra_parameter
        if valid_input_name?( EXTRA_NAME )
            each_formatted_payload( payload, options[:format] ) do |format, formatted_payload|

                element                     = self.dup
                element.affected_input_name = EXTRA_NAME
                element.inputs              = { EXTRA_NAME => formatted_payload }
                element.format              = format
                yield element if block_given?
            end
        else
            print_debug_level_2 'Extra name not supported as input name by' <<
                                    " #{audit_id}: #{payload.inspect}"
        end
    end

    if parameter_names
        if valid_input_name_data?( payload )
            element                     = self.dup
            element.affected_input_name = FUZZ_NAME
            element.inputs              = { payload => FUZZ_NAME_VALUE }
            element.seed                = payload
            yield element if block_given?
        else
            print_debug_level_2 'Payload not supported as input name by' <<
                                    " #{audit_id}: #{payload.inspect}"
        end
    end

    nil
end