Andre, On Fri, Mar 21, 2014 at 2:47 PM, Andre Daniels <andre...@ucsc.edu> wrote: > > Hello All, > > I have not been able to find one so I am attempting to build a SAML-based > auth plugin. I am digging around in the object hierarchy but I have not yet > fully understood a couple of things and was hoping someone could give me > some guidance. I have tested this script that can perform a SAML login using > a urllib2 object and a CookieJar but I am not yet sure how to integrate this > with the AuthPlugin class. > > The script executes this code: > > cj = cookielib.CookieJar() > self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) > > I am not sure how to intercept the urllib2 object that has the context of > the actual tests being performed. I need to process a login and then set > cookies for that object. > > I think I just need to use self.url_opener, yes? This object is the one > actually performing the tests?
Yes, the self.url_opener of the auth plugins is the HTTP client used to send requests during the whole test. You need to use that one to authenticate with SAML, OR authenticate with a different one and then set the cookies in self.url_opener. > Additionally, how can I get the url being > tested from that object? Well, you don't get it from there because... it's not there! I recommend you to use the plugin configuration (see: get_options / set_options) to set the URL, username and password. > I am currently attempting to use self.url_opener to login into our IDP and > then set it's internal cookie jar with the cookies needed to perform further > authenticated tests. If you post your code to a gist, then I might be able to be of more help > Let me know if you have an suggestions. Also, are there any additional > documents describing the object model in w3af that I should view? Nope, but I'm always here to help and we can write a nice RST document for other auth plugin writers when we finish Regards, > Thanks, > Andre > > -- > Andre Daniels > Sr. Developer/Security Analyst > University of California Santa Cruz > (831)459-1980 > andre...@ucsc.edu > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
