"Tamper Data" -> python dict

Hab mir mal schnell was gebastelt, um aus Firefox "Tamper Data" Addon Daten für python unittests zu erhalten:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#coding:utf-8

"""
    convert "Tamper Data" -> python dict

    usefull to get unittest data ;)

    firefox "Tamper Data" addon:
    https://addons.mozilla.org/de/firefox/addon/966

    http://jensdiemer.de/de/Blog/147/tamper-data-python-dict/
"""

from pprint import pprint

try:
    from urlparse import parse_qs
except ImportError:
    from cgi import parse_qs


def evaluate_tamperdata(tamperdata):
    tamperdata = tamperdata.strip()
    query_string = tamperdata.split("=",1)[-1] # cut e.g. POSTDATA

    result = {}
    data = parse_qs(query_string, keep_blank_values=True)
    for key, raw_values in data.iteritems():
        values = []
        for value in raw_values:
            if value.isdigit():
                value = int(value)

            values.append(value)

        if len(values)>1:
            result[key] = values
        else:
            result[key] = values[0]

    return result


def evaluate_multipart_tamperdata(tamperdata):
    tamperdata = tamperdata.strip()
    query_string = tamperdata.split("=",1)[-1] # cut e.g. POSTDATA

    result = {}
    for line in query_string.splitlines():
        line = line.strip()
        if not line or line.startswith("---"):
            continue

        if line.startswith("Content-Disposition: form-data; name="):
            key = line[38:-1]
        else:
            result[key] = line

    return result


#-----------------------------------------------------------------------------


tamper_postdata="""
POSTDATA =-----------------------------142200474478686960433644084
Content-Disposition: form-data; name="csrfmiddlewaretoken"

53dba2f54f765f1f5ef5c999c4809233
-----------------------------142200474478686960433644084
Content-Disposition: form-data; name="foo"

bar

"""
pprint(evaluate_multipart_tamperdata(tamper_postdata))


#-----------------------------------------------------------------------------


tamper_postdata="""
POSTDATA=save=save&foo=bar
"""
pprint(evaluate_tamperdata(tamper_postdata))

Ausgabe sieht dann so aus:

1
2
{'csrfmiddlewaretoken': '53dba2f54f765f1f5ef5c999c4809233', 'foo': 'bar'}
{'foo': 'bar', 'save': 'save'}

EDIT: Habe eine zweite Methode eingebaut, für multipart form Daten.

Hab mir mal schnell was gebastelt, um aus Firefox "Tamper Data" Addon Daten für python unittests zu erhalten:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#coding:utf-8

"""
    convert "Tamper Data" -> python dict

    usefull to get unittest data ;)

    firefox "Tamper Data" addon:
    https://addons.mozilla.org/de/firefox/addon/966

    http://jensdiemer.de/de/Blog/147/tamper-data-python-dict/
"""

from pprint import pprint

try:
    from urlparse import parse_qs
except ImportError:
    from cgi import parse_qs


def evaluate_tamperdata(tamperdata):
    tamperdata = tamperdata.strip()
    query_string = tamperdata.split("=",1)[-1] # cut e.g. POSTDATA

    result = {}
    data = parse_qs(query_string, keep_blank_values=True)
    for key, raw_values in data.iteritems():
        values = []
        for value in raw_values:
            if value.isdigit():
                value = int(value)

            values.append(value)

        if len(values)>1:
            result[key] = values
        else:
            result[key] = values[0]

    return result


def evaluate_multipart_tamperdata(tamperdata):
    tamperdata = tamperdata.strip()
    query_string = tamperdata.split("=",1)[-1] # cut e.g. POSTDATA

    result = {}
    for line in query_string.splitlines():
        line = line.strip()
        if not line or line.startswith("---"):
            continue

        if line.startswith("Content-Disposition: form-data; name="):
            key = line[38:-1]
        else:
            result[key] = line

    return result


#-----------------------------------------------------------------------------


tamper_postdata="""
POSTDATA =-----------------------------142200474478686960433644084
Content-Disposition: form-data; name="csrfmiddlewaretoken"

53dba2f54f765f1f5ef5c999c4809233
-----------------------------142200474478686960433644084
Content-Disposition: form-data; name="foo"

bar

"""
pprint(evaluate_multipart_tamperdata(tamper_postdata))


#-----------------------------------------------------------------------------


tamper_postdata="""
POSTDATA=save=save&foo=bar
"""
pprint(evaluate_tamperdata(tamper_postdata))

Ausgabe sieht dann so aus:

1
2
{'csrfmiddlewaretoken': '53dba2f54f765f1f5ef5c999c4809233', 'foo': 'bar'}
{'foo': 'bar', 'save': 'save'}

EDIT: Habe eine zweite Methode eingebaut, für multipart form Daten.