2018-10-27 18:58:52 +05:30
|
|
|
import copy
|
|
|
|
|
from random import randint
|
2018-11-15 15:41:01 +05:30
|
|
|
from time import sleep
|
2018-11-15 10:37:38 +01:00
|
|
|
from urllib.parse import unquote
|
2018-11-15 15:41:01 +05:30
|
|
|
|
2019-01-21 04:57:55 +05:30
|
|
|
from core.colors import end, red, green, yellow
|
2018-11-15 15:41:01 +05:30
|
|
|
from core.config import fuzzes, xsschecker
|
|
|
|
|
from core.requester import requester
|
2018-11-22 13:43:25 +05:30
|
|
|
from core.utils import replaceValue, counter
|
2019-01-21 04:57:55 +05:30
|
|
|
from core.log import setup_logger
|
|
|
|
|
|
|
|
|
|
logger = setup_logger(__name__)
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
|
2018-11-13 16:47:00 +05:30
|
|
|
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
|
2018-10-27 18:58:52 +05:30
|
|
|
for fuzz in fuzzes:
|
|
|
|
|
if delay == 0:
|
2018-11-13 16:47:00 +05:30
|
|
|
delay = 0
|
2018-10-27 18:58:52 +05:30
|
|
|
t = delay + randint(delay, delay * 2) + counter(fuzz)
|
|
|
|
|
sleep(t)
|
|
|
|
|
try:
|
2018-11-13 16:47:00 +05:30
|
|
|
if encoding:
|
|
|
|
|
fuzz = encoding(unquote(fuzz))
|
2018-11-18 22:46:31 +01:00
|
|
|
data = replaceValue(params, xsschecker, fuzz, copy.deepcopy)
|
2018-11-13 16:47:00 +05:30
|
|
|
response = requester(url, data, headers, GET, delay/2, timeout)
|
2018-10-27 18:58:52 +05:30
|
|
|
except:
|
2019-01-21 04:57:55 +05:30
|
|
|
logger.error('WAF is dropping suspicious requests.')
|
2018-10-27 18:58:52 +05:30
|
|
|
if delay == 0:
|
2019-01-21 04:57:55 +05:30
|
|
|
logger.info('Delay has been increased to %s6%s seconds.' % (green, end))
|
2018-10-27 18:58:52 +05:30
|
|
|
delay += 6
|
|
|
|
|
limit = (delay + 1) * 50
|
|
|
|
|
timer = -1
|
|
|
|
|
while timer < limit:
|
2019-01-21 04:57:55 +05:30
|
|
|
logger.info('\rFuzzing will continue after %s%i%s seconds.\t\t\r' % (green, limit, end))
|
2018-10-27 18:58:52 +05:30
|
|
|
limit -= 1
|
|
|
|
|
sleep(1)
|
|
|
|
|
try:
|
2018-11-14 23:53:18 +05:30
|
|
|
requester(url, params, headers, GET, 0, 10)
|
2019-01-21 04:57:55 +05:30
|
|
|
logger.good('Pheww! Looks like sleeping for %s%i%s seconds worked!' % (
|
|
|
|
|
green, ((delay + 1) * 2), end))
|
2018-10-27 18:58:52 +05:30
|
|
|
except:
|
2019-01-21 04:57:55 +05:30
|
|
|
logger.error('\nLooks like WAF has blocked our IP Address. Sorry!')
|
2018-10-27 18:58:52 +05:30
|
|
|
break
|
2018-11-13 16:47:00 +05:30
|
|
|
if encoding:
|
|
|
|
|
fuzz = encoding(fuzz)
|
2018-11-16 21:13:45 +05:30
|
|
|
if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response
|
2018-10-27 18:58:52 +05:30
|
|
|
result = ('%s[passed] %s' % (green, end))
|
2018-11-16 21:13:45 +05:30
|
|
|
# if the server returned an error (Maybe WAF blocked it)
|
|
|
|
|
elif str(response.status_code)[:1] != '2':
|
2018-10-27 18:58:52 +05:30
|
|
|
result = ('%s[blocked] %s' % (red, end))
|
2018-11-16 21:13:45 +05:30
|
|
|
else: # if the fuzz string was not reflected in the response completely
|
2018-10-27 18:58:52 +05:30
|
|
|
result = ('%s[filtered]%s' % (yellow, end))
|
2019-01-21 04:57:55 +05:30
|
|
|
logger.info('%s %s' % (result, fuzz))
|
