Skip to content
David edited this page May 5, 2013 · 5 revisions

Path State Object

Intro

Basic modules are run on path state nodes. A basic module can obtain the object storing information about the path state node from the context object.

Methods

IWebPath pathstate.getPath()

Returns the IWebPath object representing the path of the path state node.

boolean pathstate.isParametric()

Returns false if the path state node is a directory or file. Returns true if the path state node corresponds to a parameter for another path state node.

boolean pathstate.isSureDirectory()

This returns true if the path state node is a known directory.

boolean pathstate.isRootPath()

Returns true if the current path state node is the root path (e.g. /).

NameValuePair pathstate.getFuzzableParameter()

Returns a [http://hc.apache.org/httpcomponents-core-ga/httpcore/apidocs/org/apache/http/class-use/NameValuePair.html org.apache.http.NameValuePair] object storing the parameter name and value associated with the path state node.

Creating the Original Request for the Path State Node

It is possible to obtain a request object identical to the one that was first sent by Vega when the path state node was created.

ps.createBasicRequest()

Cross-Site Scripting Methods

int ps.allocateXssId()

Allocates an integer for a unique XSS string.

String ps.createXssTag(xid)

String ps.createXssTag(String prefix, int Xid)

These two methods create the XSS injection string. A string value can be prepended to the XSS injection string if passed as the prefix parameter.

void ps.registerXssRequest(Request req, int xid)

Once an altered request has been created via ps.createdAlteredRequest, it must be registered. This function will register the Request and the integer associated with the XSS.

Creating an Altered Request for the Path State Node

ps.createAlteredRequest(String value, boolean append)

Creates an altered request with "value" as the fuzz value.

  • If the path state node represents a parameter, "value" will either replace or be appended to the parameter.
  • If the path state node is a directory, "value" will be added to the end of the path.

Obtaining the Path Fingerprint

The fingerprint of the response from the original request sent for the path state node can be obtained and used for comparison within a module:

IPageFingerprint ps.getPathFingerPrint()
Clone this wiki locally