Tips - msaindane/IronWASP-Ruby-Plugins GitHub Wiki

This page basically list some tips that might come in handy while creating various plug-ins for IronWASP. These may list certain observations I have made during actual tests.

Scenario 1:

Following multiple 302 redirects.

An application functionality that may be a multi step process which leads to receiving several consecutive 302 redirect responses for a particular sequence of requests. Usually found in multi step form submissions (logins, etc.).

Possible solution:

The Request class has a method call follow which takes a Response object as input and gives back a Response object received after following a 302 redirect. This works well if you have to just follow a single redirect. For creating a sequence of requests whose response is a 302 redirect, you might think of writing the code as follows:

req = Request.new('http://somesite.com/page')
resp = req.send_req

while resp.code == 302
  req = req.follow(resp)
end

return resp

The above code looks at the 'location' header of the response and creates a new Request object assigning it, the cookies received in the response. For multiple requests, if different cookie values are set in each response, the above code will fail because the new Request object (e.g. the last of 3 requests) will not contain the cookie values from the previous responses.

To handle this situation correctly, use the following code:

cookie_store = CookieStore.new
req = Request.new('http://somesite.com/page')
resp = req.send_req
cookie_store.add(req, resp)

while resp.code == 302
  req = req.get_redirect(resp)
  req.set_cookie(cookie_store)
  resp = req.send_req
  cookie_store.add(req, resp)
end
    
return resp

The above code makes use of the CookieStore made especially for such scenarios where you might need a temporary container for collecting cookies required for a particular domain or host. This way any new cookies that are set in different responses will be added to subsequent requests and the sequence of requests will probably not result in an error.

Look at the IronWASP code for more details.