adding switch --skip-urlencode to skip URL encoding of POST data

This commit is contained in:
Miroslav Stampar 2012-05-24 23:30:33 +00:00
parent 7657bbeaf9
commit c394610740
4 changed files with 12 additions and 3 deletions

View File

@ -48,6 +48,7 @@ optDict = {
"scope": "string",
"safUrl": "string",
"saFreq": "integer",
"skipUrlEncode": "boolean",
"evalCode": "string"
},

View File

@ -149,6 +149,10 @@ def cmdLineParser():
request.add_option("--safe-freq", dest="saFreq", type="int",
help="Test requests between two visits to a given safe url")
request.add_option("--skip-urlencode", dest="skipUrlEncode",
action="store_true",
help="Skip URL encoding of POST data")
request.add_option("--eval", dest="evalCode",
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

View File

@ -559,7 +559,7 @@ class Connect:
# addendum: as we support url encoding in tampering
# functions therefore we need to use % as a safe char
if place != PLACE.URI or (value and payload and '?' in value and value.find('?') < value.find(payload)):
payload = urlencode(payload, '%', False, True)
payload = urlencode(payload, '%', False, True) if not place == PLACE.POST and conf.skipUrlEncode else payload
value = agent.replacePayload(value, payload)
elif place == PLACE.SOAP:
@ -653,9 +653,9 @@ class Connect:
get += "%s%s=%s" % (delimiter, name, value)
get = urlencode(get, limit=True)
if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):
if post and place not in (PLACE.POST, PLACE.SOAP) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
post = getattr(post, UNENCODED_ORIGINAL_VALUE)
else:
elif not conf.skipUrlEncode and place not in (PLACE.SOAP,):
post = urlencode(post)
if timeBasedCompare:

View File

@ -138,6 +138,10 @@ safUrl =
# Default: 0
saFreq = 0
# Skip URL encoding of POST data
# Valid: True or False
skipUrlEncode = False
# Evaluate provided Python code before the request.
# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
evalCode =