line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package WWW::TamperData; |
2
|
|
|
|
|
|
|
|
3
|
1
|
|
|
1
|
|
23671
|
use warnings; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
35
|
|
4
|
1
|
|
|
1
|
|
37
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
42
|
|
5
|
1
|
|
|
1
|
|
7
|
use Carp; |
|
1
|
|
|
|
|
6
|
|
|
1
|
|
|
|
|
109
|
|
6
|
1
|
|
|
1
|
|
645
|
use XML::Simple; |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
7
|
|
|
|
|
|
|
use HTTP::Request; |
8
|
|
|
|
|
|
|
use LWP::UserAgent; |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
=head1 NAME |
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
WWW::TamperData - Replay tamper data XML files |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
=head1 VERSION |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
Version 0.09 |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
=cut |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
# Globals |
21
|
|
|
|
|
|
|
our $VERSION = '0.09'; |
22
|
|
|
|
|
|
|
our $AUTHOR = 'Eldar Marcussen - http://www.justanotherhacker.com'; |
23
|
|
|
|
|
|
|
our $_tamperagent; |
24
|
|
|
|
|
|
|
our $_tamperxml; |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
=head1 SYNOPSIS |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
use WWW::TamperData; |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
my $foo = WWW::TamperData->new(transcript => "myfile.xml"); |
31
|
|
|
|
|
|
|
my %data = $foo->replay(); |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
=head1 DESCRIPTION |
34
|
|
|
|
|
|
|
Tamperdata is a firefox extension that lets you intercept or inspect browser requests and the server responses. WWW::TamperData can replay |
35
|
|
|
|
|
|
|
requests exported to an XML file from Tamperdata. |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
=head1 SUBROUTINES/METHODS |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
=head2 new |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
Initializes the new object, it takes some options; |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
=over 4 |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
=item WWW::TamperData->new(%options); |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
KEY DEFAULT USE |
48
|
|
|
|
|
|
|
--------------- ----------------- -------------------------------------------------- |
49
|
|
|
|
|
|
|
transcript undef Filename to read tamperdata xml from |
50
|
|
|
|
|
|
|
timeout 60 LWP connection timeout |
51
|
|
|
|
|
|
|
requestfilter undef Name of function to call before making the request |
52
|
|
|
|
|
|
|
responsefilter undef Name of function to call after making the request |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
=back |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
=cut |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
sub new { |
59
|
|
|
|
|
|
|
my ($class, %options) = @_; |
60
|
|
|
|
|
|
|
my $self = {}; |
61
|
|
|
|
|
|
|
|
62
|
|
|
|
|
|
|
if ($options{'transcript'}) { |
63
|
|
|
|
|
|
|
$self->{'transcript'} = $options{'transcript'}; |
64
|
|
|
|
|
|
|
$_tamperxml = XMLin($self->{'transcript'}); |
65
|
|
|
|
|
|
|
} |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
$self->{'timeout'} = $options{'timeout'} ? $options{'timeout'} : 60; |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
if ($options{'requestfilter'}) { |
70
|
|
|
|
|
|
|
$self->{requestfilter}{module} = caller; |
71
|
|
|
|
|
|
|
$self->{requestfilter}{function} = $options{'requestfilter'}; |
72
|
|
|
|
|
|
|
} |
73
|
|
|
|
|
|
|
|
74
|
|
|
|
|
|
|
if ($options{'responsefilter'}) { |
75
|
|
|
|
|
|
|
$self->{responsefilter}{module} = caller; |
76
|
|
|
|
|
|
|
$self->{responsefilter}{function} = $options{'responsefilter'}; |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
$_tamperagent = LWP::UserAgent->new; |
80
|
|
|
|
|
|
|
$_tamperagent->timeout($self->{'timeout'}); |
81
|
|
|
|
|
|
|
return bless $self, $class; |
82
|
|
|
|
|
|
|
} |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
=head2 replay |
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
This function will replay all the requests provided in the xml file in sequential order. |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
=cut |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
#TODO: Add delay between requests |
91
|
|
|
|
|
|
|
sub replay { |
92
|
|
|
|
|
|
|
my $self = shift; |
93
|
|
|
|
|
|
|
if (ref($_tamperxml->{tdRequest}) eq 'ARRAY') { |
94
|
|
|
|
|
|
|
for my $x (0..scalar $_tamperxml->{tdRequest}) { |
95
|
|
|
|
|
|
|
$self->_make_request($_tamperxml->{tdRequest}->[$x]); |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
} |
98
|
|
|
|
|
|
|
} else { |
99
|
|
|
|
|
|
|
$self->_make_request($_tamperxml->{tdRequest}); |
100
|
|
|
|
|
|
|
} |
101
|
|
|
|
|
|
|
return 1; |
102
|
|
|
|
|
|
|
} |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
=head2 requestfilter |
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
Callback function that allows inspection/tampering of the uri and parameters before the request is performed. |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
=cut |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
sub requestfilter { |
111
|
|
|
|
|
|
|
my ($self, $callback) = @_; |
112
|
|
|
|
|
|
|
$self->{requestfilter}{module} = caller; |
113
|
|
|
|
|
|
|
$self->{requestfilter}{function} = $callback; |
114
|
|
|
|
|
|
|
return 1; |
115
|
|
|
|
|
|
|
} |
116
|
|
|
|
|
|
|
|
117
|
|
|
|
|
|
|
=head2 responsefilter |
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
Callback function that allows inspection of the response object. |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
=cut |
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
sub responsefilter { |
124
|
|
|
|
|
|
|
my ($self, $callback) = @_; |
125
|
|
|
|
|
|
|
$self->{responsefilter}{module} = caller; |
126
|
|
|
|
|
|
|
$self->{responsefilter}{function} = $callback; |
127
|
|
|
|
|
|
|
return 1; |
128
|
|
|
|
|
|
|
} |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
# Internal functions |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
sub _make_request { |
133
|
|
|
|
|
|
|
my ($self, $uriobj) = @_; |
134
|
|
|
|
|
|
|
# TODO: Make this _process_request_filter() & support multiple filters |
135
|
|
|
|
|
|
|
if ($self->{requestfilter}) { |
136
|
|
|
|
|
|
|
my $rqfclass = $self->{requestfilter}{module}; |
137
|
|
|
|
|
|
|
my $rqfmethod = $self->{requestfilter}{function}; |
138
|
|
|
|
|
|
|
eval { $rqfclass->$rqfmethod($uriobj); }; |
139
|
|
|
|
|
|
|
carp "Request filter errors:\n $@" if ($@); |
140
|
|
|
|
|
|
|
} |
141
|
|
|
|
|
|
|
$uriobj->{uri} =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/gei; |
142
|
|
|
|
|
|
|
my $request = HTTP::Request->new($uriobj->{tdRequestMethod} => "$uriobj->{uri}"); |
143
|
|
|
|
|
|
|
my $request_headers = $uriobj->{tdRequestHeaders}{tdRequestHeader}; |
144
|
|
|
|
|
|
|
foreach my $header (keys %{$request_headers} ) { |
145
|
|
|
|
|
|
|
$request_headers->{$header}{content} =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/gei; |
146
|
|
|
|
|
|
|
$request->push_header($header => $request_headers->{$header}{content}); |
147
|
|
|
|
|
|
|
} |
148
|
|
|
|
|
|
|
my $response = $_tamperagent->request($request); |
149
|
|
|
|
|
|
|
# TODO: Make this into _process_response_filter() & support multiple filters |
150
|
|
|
|
|
|
|
if ($self->{responsefilter}) { |
151
|
|
|
|
|
|
|
my $rpfclass = $self->{responsefilter}{module}; |
152
|
|
|
|
|
|
|
my $rpfmethod = $self->{responsefilter}{function}; |
153
|
|
|
|
|
|
|
eval { $rpfclass->$rpfmethod($uriobj, $response); }; |
154
|
|
|
|
|
|
|
carp "Response filter errors:\n $@\n" if ($@); |
155
|
|
|
|
|
|
|
} |
156
|
|
|
|
|
|
|
if (!$response->is_success) { |
157
|
|
|
|
|
|
|
croak $response->status_line; |
158
|
|
|
|
|
|
|
} |
159
|
|
|
|
|
|
|
return $response; |
160
|
|
|
|
|
|
|
} |
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
sub _process_request_filter { |
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
sub _process_response_filter { |
166
|
|
|
|
|
|
|
} |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
=head1 AUTHOR |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
Eldar Marcussen, C<< >> |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
=head1 BUGS AND LIMITATIONS |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
Please report any bugs or feature requests to C, or through |
177
|
|
|
|
|
|
|
the web interface at L. I will be notified, and then you'll |
178
|
|
|
|
|
|
|
automatically be notified of progress on your bug as I make changes. |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
=head1 SUPPORT |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
You can find documentation for this module with the perldoc command. |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
perldoc WWW::TamperData |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
You can also look for information at: |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
=over 4 |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
=item * RT: CPAN's request tracker |
192
|
|
|
|
|
|
|
|
193
|
|
|
|
|
|
|
L |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
=item * AnnoCPAN: Annotated CPAN documentation |
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
L |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
=item * CPAN Ratings |
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
L |
202
|
|
|
|
|
|
|
|
203
|
|
|
|
|
|
|
=item * Search CPAN |
204
|
|
|
|
|
|
|
|
205
|
|
|
|
|
|
|
L |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
=back |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
|
210
|
|
|
|
|
|
|
=head1 LICENSE AND COPYRIGHT |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
Copyright 2009 Eldar Marcussen, all rights reserved. |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify it |
215
|
|
|
|
|
|
|
under the same terms as Perl itself. |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
|
218
|
|
|
|
|
|
|
=cut |
219
|
|
|
|
|
|
|
|
220
|
|
|
|
|
|
|
1; # End of WWW::TamperData |