83 lines
2.5 KiB
Plaintext
83 lines
2.5 KiB
Plaintext
<testcase>
|
|
# perl:
|
|
#
|
|
#for(1 .. 20) {
|
|
# print join("\t",
|
|
# "attack.invalid", "TRUE", "/", "FALSE", "0",
|
|
# "huge-$_", ('a' x 500)."-$_")."\n";
|
|
#}
|
|
#
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
cookies
|
|
--resolve
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
HTTP/1.1 200 OK
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Length: 6
|
|
|
|
-foo-
|
|
</data>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
Cookie header in request no longer than 8K
|
|
</name>
|
|
<command>
|
|
http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b %LOGDIR/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
|
|
</command>
|
|
<file name="%LOGDIR/cookie%TESTNUMBER" mode="text">
|
|
attack.invalid TRUE / FALSE 0 huge-1 %repeat[500 x a]%-1
|
|
attack.invalid TRUE / FALSE 0 huge-2 %repeat[500 x a]%-2
|
|
attack.invalid TRUE / FALSE 0 huge-3 %repeat[500 x a]%-3
|
|
attack.invalid TRUE / FALSE 0 huge-4 %repeat[500 x a]%-4
|
|
attack.invalid TRUE / FALSE 0 huge-5 %repeat[500 x a]%-5
|
|
attack.invalid TRUE / FALSE 0 huge-6 %repeat[500 x a]%-6
|
|
attack.invalid TRUE / FALSE 0 huge-7 %repeat[500 x a]%-7
|
|
attack.invalid TRUE / FALSE 0 huge-8 %repeat[500 x a]%-8
|
|
attack.invalid TRUE / FALSE 0 huge-9 %repeat[500 x a]%-9
|
|
attack.invalid TRUE / FALSE 0 huge-10 %repeat[500 x a]%-10
|
|
attack.invalid TRUE / FALSE 0 huge-11 %repeat[500 x a]%-11
|
|
attack.invalid TRUE / FALSE 0 huge-12 %repeat[500 x a]%-12
|
|
attack.invalid TRUE / FALSE 0 huge-13 %repeat[500 x a]%-13
|
|
attack.invalid TRUE / FALSE 0 huge-14 %repeat[500 x a]%-14
|
|
attack.invalid TRUE / FALSE 0 huge-15 %repeat[500 x a]%-15
|
|
attack.invalid TRUE / FALSE 0 huge-16 %repeat[500 x a]%-16
|
|
attack.invalid TRUE / FALSE 0 huge-17 %repeat[500 x a]%-17
|
|
attack.invalid TRUE / FALSE 0 huge-18 %repeat[500 x a]%-18
|
|
attack.invalid TRUE / FALSE 0 huge-19 %repeat[500 x a]%-19
|
|
attack.invalid TRUE / FALSE 0 huge-20 %repeat[500 x a]%-20
|
|
</file>
|
|
<features>
|
|
cookies
|
|
</features>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol crlf="headers">
|
|
GET /a/b/%TESTNUMBER HTTP/1.1
|
|
Host: attack.invalid:%HTTPPORT
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
Cookie: huge-20=%repeat[500 x a]%-20; huge-19=%repeat[500 x a]%-19; huge-18=%repeat[500 x a]%-18; huge-17=%repeat[500 x a]%-17; huge-16=%repeat[500 x a]%-16; huge-15=%repeat[500 x a]%-15; huge-14=%repeat[500 x a]%-14; huge-13=%repeat[500 x a]%-13; huge-12=%repeat[500 x a]%-12; huge-11=%repeat[500 x a]%-11; huge-10=%repeat[500 x a]%-10; huge-9=%repeat[500 x a]%-9; huge-8=%repeat[500 x a]%-8; huge-7=%repeat[500 x a]%-7; huge-6=%repeat[500 x a]%-6
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|