Http Requests

Known Tests (request variations)
======================================================================
These are the Requests that are currently used for probing for
characteristics from a target server. All of them claim to be HTTP/1.0
compliant unless otherwise indicated.
BASIC_GET
A simple GET method
BASIC_OPTIONS
A simple OPTIONS method
UNKNOWN_METHOD
Try QWERTY as if it was a legal method
UNAUTHORIZED_ACTIVITY
Try every known semantically legal method, many (most) of which won't be
allowed by most servers in the most common configurations.
('OPTIONS', 'TRACE', 'GET', 'HEAD', 'DELETE', 'PUT', 'POST', 'COPY',
'MOVE', 'MKCOL', 'PROPFIND', 'PROPPATCH', 'LOCK', 'UNLOCK', 'SEARCH')
NONEXISTANT_OBJECT
request a URL that won't be found.
MALFORMED_METHOD_LINE
A legal request method line has the following syntax:
(nothing)METHOD(space)RELATIVE-URI(space)VERSION(line-sep)
There are many ways to create malformed variations of the method line:
- put something where nothing is expected
- put nothing where something is expected
- numbers where letters are expected or vice versa
- really LONG things
- invalid characters
- different file system conventions
- e.g. "/" vs. "\"
- illegal paths htm"../../../"
- url encoding (hex, unicode, invalid forms of each)
- uppercase/lowercase
- etc.
Examples from code:
'GET',
'GET /',
'GET / HTTP/999.99',
'GET / HHTP/1.0',
'GET / HTP/1.0',
'GET / HHTP/999.99',
'GET / hhtp/999.99',
'GET / http/999.99',
'GET / HTTP/Q.9',
'GET / HTTP/9.Q',
'GET / HTTP/Q.Q',
'GET / HTTP/1.X',
'GET / HTTP/1.10',
'GET / HTTP/1.1.0',
'GET / HTTP/1.2',
'GET / HTTP/2.1',
'GET / HTTP/1,0',
'GET / HTTP/1.0X',
'GET / HTTP/',
'GET/HTTP/1.0' ,
'GET/ HTTP/1.0' ,
'GET /HTTP/1.0' ,
'GET/HTTP /1.0' ,
'GET/HTTP/1 .0' ,
'GET/HTTP/1. 0' ,
'GET/HTTP/1.0 ' ,
'GET / HTTP /1.0',
'HEAD /.\\ HTTP/1.0',
'HEAD /asdfasdfasdfasdfasdf/../ HTTP/1.0',
'HEAD /asdfasdfasdfasdfasdf/.. HTTP/1.0',
'HEAD /./././././././././././././././ HTTP/1.0',
'HEAD /././././././qwerty/.././././././././ HTTP/1.0',
'HEAD /.. HTTP/1.0',
'HEAD /../ HTTP/1.0',
'HEAD /../../../../../ HTTP/1.0',
'HEAD .. HTTP/1.0',
'HEAD\t/\tHTTP/1.0',
'HEAD ///////////// HTTP/1.0',
'Head / HTTP/1.0',
'\nHEAD / HTTP/1.0',
' \nHEAD / HTTP/1.0',
' HEAD / HTTP/1.0',
'HEAD / HQWERTY/1.0',
'HEAD %s HTTP/1.0' % url,
'HEAD %s' % url,
'HEAD http:// HTTP/1.0',
'HEAD http:/ HTTP/1.0',
'HEAD http: HTTP/1.0',
'HEAD http HTTP/1.0',
'HEAD h HTTP/1.0',
'HEAD HTTP://qwerty.asdfg.com/ HTTP/1.0',
'GET GET GET',
'HELLO',
'GET \0 / HTTP/1.0',
'GET / \0 HTTP/1.0',
'GET / HTTP/1.0\0',
'GET / H',
' GET / HTTP/1.0',
' '*1000 + 'GET / HTTP/1.0',
'GET'+' '*1000+'/ HTTP/1.0',
'GET '+'/'*1000+' HTTP/1.0',
'GET /'+' '*1000+'HTTP/1.0',
'GET / '+'H'*1000+'TTP/1.0',
'GET / '+'HTTP'+'/'*1000+'1.0',
'GET / '+'HTTP/'+'1'*1000+'.0',
'GET / '+'HTTP/1'+'.'*1000+'0',
'GET / '+'HTTP/1.'+'0'*1000,
'GET / HTTP/1.0' + ' ' * 1000,
'12345 GET / HTTP/1.0',
'12345 / HTTP/1.0',
'\0',#70
'\0'*1000,
'\0'+'GET / HTTP/1.0',
'\0'*1000+'GET / HTTP/1.0',
'\r\n'*1000+'GET / HTTP/1.0',
'Get / HTTP/1.0',
'GET\0/\0HTTP/1.0',
'GET . HTTP/1.0',
'GET index.html HTTP/1.0',
'GET / HTTP/1.',
'',
' ',
' '*1000,
'/',
'/' * 1000,
'GET FTP://asdfasdf HTTP/1.0',
'GET / HTTP/1.0 X',
'%47ET / HTTP/1.0',
'%47%45%54 / HTTP/1.0',
'GET %2f HTTP/1.0',
'GET %2F HTTP/1.0',
'GET%20/ HTTP/1.0',
'GET / FTP/1.0',
'GET \ HTTP/1.0',
'GET C:\ HTTP/1.0',
'HTTP/1.0 / GET',
'ALL YOUR BASE ARE BELONG TO US',
'GET "/" HTTP/1.0',
"GET '/' HTTP/1.0",
'GET `/` HTTP/1.0',
'"GET / HTTP/1.0"',
'"GET / HTTP/1.0',
'"GET" / HTTP/1.0',
'""GET / HTTP/1.0',
'GEX\bT / HTTP/1.0',
LONG_URL_RANGES
LONG_DEFAULT_RANGES
MANY_HEADER_RANGES
LARGE_HEADER_RANGES
each of the previous tests vary the length of some feature and find the
ranges over which certain characteristics are found.
e.g.
- the number of "a"s given in a URL
- number of "/"s used for the root
- number of headers added to a request
- the absolute size of data added to a header
UNAVAILABLE_ACCEPT
Use an invalid value ('qwer/asdf') in an Accept header.
FAKE_CONTENT_LENGTH
Use the wrong value for "Content-Length" when sending a body to a
server.