- Offsets are calculated relative to the base message, before any injections or other transforms - are applied. They have 3 flavors: + Offsets are calculated relative to the base message, before any injections or other + transforms are applied. They have 3 flavors:
- You can load a value from a specified file path. To do so, you have to specify a _staticdir_ - option to pathod on the command-line, like so: + You can load a value from a specified file path. To do so, you have to specify a + _staticdir_ option to pathod on the command-line, like so:
pathod -d ~/myassets@@ -88,8 +88,8 @@
An @-symbol lead-in specifies that generated data should be used. There are two components - to a generator specification - a size, and a data type. By default pathod assumes - a data type of "bytes". + to a generator specification - a size, and a data type. By default pathod + assumes a data type of "bytes".
Here's a value specifier for generating 100 bytes: @@ -98,15 +98,15 @@
- You can use standard suffixes to indicate larger values. Here, for instance, is a specifier - for generating 100 megabytes: + You can use standard suffixes to indicate larger values. Here, for instance, is a + specifier for generating 100 megabytes:
@100m
- Data is generated and served efficiently - if you really want to send a terabyte of data - to a client, pathod can do it. The supported suffixes are: + Data is generated and served efficiently - if you really want to send a terabyte + of data to a client, pathod can do it. The supported suffixes are:
- Data types are separated from the size specification by a comma. This specification generates - 100mb of ASCII: + Data types are separated from the size specification by a comma. This specification + generates 100mb of ASCII:
@100m,asciidiff --git a/libpathod/templates/docs_lang_requests.html b/libpathod/templates/docs_lang_requests.html index 92921ec44..81aff5358 100644 --- a/libpathod/templates/docs_lang_requests.html +++ b/libpathod/templates/docs_lang_requests.html @@ -7,16 +7,17 @@
- A VALUE specifying the HTTP method to use. Standard - methods do not need to be enclosed in quotes, while non-standard methods - can be specified as quoted strings. + A VALUE specifying the HTTP method to + use. Standard methods do not need to be enclosed in quotes, while + non-standard methods can be specified as quoted strings.
- The special method ws creates a valid websocket upgrade GET - request, and signals to pathoc to switch to websocket recieve mode - if the server responds correctly. Apart from that, websocket requests - are just like any other, and all aspects of the request can be over-ridden. + The special method ws creates a valid websocket upgrade + GET request, and signals to pathoc to switch to websocket recieve + mode if the server responds correctly. Apart from that, websocket + requests are just like any other, and all aspects of the request + can be over-ridden.
An integer specifying the HTTP response code.
- The special method ws creates a valid websocket upgrade response - (code 101), and moves pathod to websocket mode. Apart from that, websocket - responses are just like any other, and all aspects of the response - can be over-ridden. + The special method ws creates a valid websocket upgrade + response (code 101), and moves pathod to websocket mode. Apart + from that, websocket responses are just like any other, and all + aspects of the response can be over-ridden.
- Behind the pathod and pathoc command-line tools lurks libpathod, a - powerful library for manipulating and serving HTTP requests and responses. - The canonical documentation for the library is in the code, and can be accessed - using pydoc. + Behind the pathod and pathoc command-line tools lurks libpathod, + a powerful library for manipulating and serving HTTP requests and responses. + The canonical documentation for the library is in the code, and can be + accessed using pydoc.
- Pathoc is a perverse HTTP daemon designed to let you craft almost any conceivable HTTP - request, including ones that creatively violate the standards. HTTP requests are specified - using a - small, terse language, which pathod shares with its server-side - twin pathod. To view pathoc's complete range of options, - use the command-line help: + Pathoc is a perverse HTTP daemon designed to let you craft almost any conceivable + HTTP request, including ones that creatively violate the standards. HTTP requests + are specified using a + small, terse language, which pathod shares with + its server-side twin pathod. To view pathoc's complete + range of options, use the command-line help:
pathoc --help@@ -27,8 +27,8 @@
pathoc hostname request [request ...]
- That is, we specify the hostname to connect to, followed by one or more requests. Lets - start with a simple example: + That is, we specify the hostname to connect to, followed by one or more requests. + Lets start with a simple example:
@@ -36,10 +36,10 @@
- Here, we make a GET request to the path / on port 80 of google.com. Pathoc's output tells - us that the server responded with a 301. We can tell pathoc to connect using SSL, - in which case the default port is changed to 443 (you can over-ride the default - port with the -p command-line option): + Here, we make a GET request to the path / on port 80 of google.com. Pathoc's output + tells us that the server responded with a 301. We can tell pathoc to connect + using SSL, in which case the default port is changed to 443 (you can over-ride + the default port with the -p command-line option):
@@ -64,8 +64,8 @@
- In this case, pathoc issues the specified requests over the same TCP connection - so in - the above example only one connection is made to google.com + In this case, pathoc issues the specified requests over the same TCP connection - + so in the above example only one connection is made to google.com
The other way to issue multiple requets is to use the -n flag:
@@ -76,8 +76,8 @@- The output is identical, but two separate TCP connections are made to the upstream server. - These two specification styles can be combined: + The output is identical, but two separate TCP connections are made to the upstream + server. These two specification styles can be combined:
@@ -96,8 +96,9 @@
- The combination of pathoc's powerful request specification language and a few of its command-line - options makes for quite a powerful basic fuzzer. Here's an example: + The combination of pathoc's powerful request specification language and a few of + its command-line options makes for quite a powerful basic fuzzer. Here's + an example:
@@ -105,18 +106,18 @@
- The request specified here is a valid GET with a body consisting of 10 random bytes, but - with 1 random byte inserted in a random place. This could be in the headers, in - the initial request line, or in the body itself. There are a few things to note - here: + The request specified here is a valid GET with a body consisting of 10 random bytes, + but with 1 random byte inserted in a random place. This could be in the headers, + in the initial request line, or in the body itself. There are a few things + to note here:
Pathoc has a reasonably sophisticated suite of features for interacting with proxies. - The proxy request syntax very closely mirrors that of straight HTTP, which means - that it is possible to make proxy-style requests using pathoc without any additional - syntax, by simply specifying a full URL instead of a simple path: + The proxy request syntax very closely mirrors that of straight HTTP, which + means that it is possible to make proxy-style requests using pathoc without + any additional syntax, by simply specifying a full URL instead of a simple + path:
> pathoc -p 8080 localhost "get:'http://google.com'"
- Another common use case is to use an HTTP CONNECT request to probe remote servers via - a proxy. This is done with the -c command-line option, which allows - you to specify a remote host and port pair: + Another common use case is to use an HTTP CONNECT request to probe remote servers + via a proxy. This is done with the -c command-line option, + which allows you to specify a remote host and port pair:
> pathoc -c google.com:80 -p 8080 localhost get:/
Note that pathoc does not negotiate SSL without being explictly instructed - to do so. If you're making a CONNECT request to an SSL-protected resource, you - must also pass the -s flag: + to do so. If you're making a CONNECT request to an SSL-protected resource, + you must also pass the -s flag:
> pathoc -sc google.com:443 -p 8080 localhost get:/@@ -177,33 +179,33 @@
- One interesting feature of the Request sppecification language is that you can embed a - response specifcation in it, which is then added to the request path. Here's an - example: + One interesting feature of the Request sppecification language is that you can embed + a response specifcation in it, which is then added to the request path. Here's + an example:
> pathoc localhost:9999 "get:/p/:s'401:ir,@1'"
- This crafts a request that connects to the pathod server, and which then crafts a response - that generates a 401, with one random byte embedded at a random point. The response - specification is parsed and expanded by pathoc, so you see syntax errors immediately. - This really becomes handy when combined with the -e flag to show - the expanded request: + This crafts a request that connects to the pathod server, and which then crafts a + response that generates a 401, with one random byte embedded at a random + point. The response specification is parsed and expanded by pathoc, so you + see syntax errors immediately. This really becomes handy when combined with + the -e flag to show the expanded request:
> > pathoc -e localhost:9999 "get:/p/:s'401:ir,@1'" >> Spec: get:/p/:s'401:i15,\'o\':h\'Content-Length\'=\'0\'':h'Content-Length'='0'
<< 401 Unoauthorized: 0 bytes
- - Note that the embedded response has been resolved before being - sent to the server, so that "ir,@1" (embed a random byte at a random location) - has become "i15,\'o\'" (embed the character "o" at offset 15). You now - have a pathoc request specification that is precisely reproducable, even - with random components. This feature comes in terribly handy when testing - a proxy, since you can now drive the server repsonse completely from the - client, and have a complete log of reproducible requests to analyse afterwards. -
++ Note that the embedded response has been resolved before being sent + to the server, so that "ir,@1" (embed a random byte at a random location) + has become "i15,\'o\'" (embed the character "o" at offset 15). You now have + a pathoc request specification that is precisely reproducable, even with + random components. This feature comes in terribly handy when testing a proxy, + since you can now drive the server repsonse completely from the client, and + have a complete log of reproducible requests to analyse afterwards. +
{% endblock %} diff --git a/libpathod/templates/docs_pathod.html b/libpathod/templates/docs_pathod.html index 21e7919a5..0d0ae9332 100644 --- a/libpathod/templates/docs_pathod.html +++ b/libpathod/templates/docs_pathod.html @@ -10,8 +10,8 @@ Pathod is a pathological HTTP daemon designed to let you craft almost any conceivable HTTP response, including ones that creatively violate the standards. HTTP responses are specified using a - small, terse language, which pathod shares with its evil - twin pathoc. + small, terse language, which pathod shares with + its evil twin pathoc../pathod
- By default, the service listens on port 9999 of localhost. Pathod's documentation is self-hosting, - and the pathod daemon exposes an interface that lets you play with the specifciation - language, preview what responses and requests would look like on the wire, and - view internal logs. To access all of this, just fire up your browser, and point - it to the following URL: + By default, the service listens on port 9999 of localhost. Pathod's documentation + is self-hosting, and the pathod daemon exposes an interface that lets you + play with the specifciation language, preview what responses and requests + would look like on the wire, and view internal logs. To access all of this, + just fire up your browser, and point it to the following URL:
http://localhost:9999
- The default crafting anchor point is the path /p/. Anything after this - URL prefix is treated as a response specifier. So, hitting the following URL will - generate an HTTP 200 response with 100 bytes of random data: + The default crafting anchor point is the path /p/. Anything after + this URL prefix is treated as a response specifier. So, hitting the following + URL will generate an HTTP 200 response with 100 bytes of random data:
http://localhost:9999/p/200:b@100
- See the language documentation to get (much) fancier. - The pathod daemon also takes a range of configuration options. To view those, - use the command-line help: + See the language documentation to get (much) + fancier. The pathod daemon also takes a range of configuration options. To + view those, use the command-line help:
./pathod --help@@ -57,17 +57,17 @@
- Pathod automatically responds to both straight HTTP and proxy requests. For proxy requests, - the upstream host is ignored, and the path portion of the URL is used to match - anchors. This lets you test software that supports a proxy configuration by spoofing - responses from upstream servers. + Pathod automatically responds to both straight HTTP and proxy requests. For proxy + requests, the upstream host is ignored, and the path portion of the URL is + used to match anchors. This lets you test software that supports a proxy + configuration by spoofing responses from upstream servers.
By default, we treat all proxy CONNECT requests as HTTPS traffic, serving the response - using either pathod's built-in certificates, or the cert/key pair specified by - the user. You can over-ride this behaviour if you're testing a client that makes - a non-SSL CONNECT request using the -C command-line option. + using either pathod's built-in certificates, or the cert/key pair specified + by the user. You can over-ride this behaviour if you're testing a client + that makes a non-SSL CONNECT request using the -C command-line option.
- Anchors provide an alternative to specifying the response in the URL. Instead, you attach - a response to a pre-configured anchor point, specified with a regex. When a URL - matching the regex is requested, the specified response is served. + Anchors provide an alternative to specifying the response in the URL. Instead, you + attach a response to a pre-configured anchor point, specified with a regex. + When a URL matching the regex is requested, the specified response is served.
./pathod -a "/foo=200"
- Here, "/foo" is the regex specifying the anchor path, and the part after the "=" is a - response specifier. + Here, "/foo" is the regex specifying the anchor path, and the part after the "=" + is a response specifier.
@@ -98,11 +98,11 @@- There are two operators in the language that load - contents from file - the + operator to load an entire request specification - from file, and the > value specifier. In pathod, both of these operators - are restricted to a directory specified at startup, or disabled if no directory - is specified:
+ There are two operators in the language that + load contents from file - the + operator to load an entire request + specification from file, and the > value specifier. In pathod, + both of these operators are restricted to a directory specified at startup, + or disabled if no directory is specified:./pathod -d ~/staticdir"@@ -131,8 +131,8 @@
- pathod exposes a simple API, intended to make it possible to drive and inspect the daemon - remotely for use in unit testing and the like. + pathod exposes a simple API, intended to make it possible to drive and inspect the + daemon remotely for use in unit testing and the like.
- Returns the current log buffer. At the moment the buffer size is 500 entries - when the
- log grows larger than this, older entries are discarded. The returned
- data is a JSON dictionary, with the form:
+ Returns the current log buffer. At the moment the buffer size is 500 entries - when
+ the log grows larger than this, older entries are discarded.
+ The returned data is a JSON dictionary, with the form:
- { 'log': [ ENTRIES ] }
-
- You can preview the JSON data returned for a log entry through the built-in web interface.
+ { 'log': [ ENTRIES ] } You can preview the JSON data
+ returned for a log entry through the built-in web interface.
|
diff --git a/libpathod/templates/docs_test.html b/libpathod/templates/docs_test.html
index 5db45f3fe..0502c984c 100644
--- a/libpathod/templates/docs_test.html
+++ b/libpathod/templates/docs_test.html
@@ -7,10 +7,10 @@