XSStrike/core/fuzzer.py

import copy
from random import randint
from time import sleep
from urllib.parse import unquote

from core.colors import end, red, green, yellow, bad, good, info
from core.config import fuzzes, xsschecker
from core.requester import requester
from core.utils import replacer

def counter(string):
    special = '\'"=/:*&)(}{][><'
    count = 0
    for char in list(string):
        if char in special:
            count += 1
    return count

def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
    for fuzz in fuzzes:
        if delay == 0:
            delay = 0
        t = delay + randint(delay, delay * 2) + counter(fuzz)
        sleep(t)
        paramsCopy = copy.deepcopy(params)
        try:
            if encoding:
                fuzz = encoding(unquote(fuzz))
            data = replacer(paramsCopy, xsschecker, fuzz)
            response = requester(url, data, headers, GET, delay/2, timeout)
        except:
            print ('\n%s WAF is dropping suspicious requests.' % bad)
            if delay == 0:
                print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end))
                delay += 6
            limit = (delay + 1) * 50
            timer = -1
            while timer < limit:
                print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r')
                limit -= 1
                sleep(1)
            try:
                requester(url, params, headers, GET, 0, 10)
                print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
            except:
                print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
                break
        if encoding:
            fuzz = encoding(fuzz)
        if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response
            result = ('%s[passed]  %s' % (green, end))
        elif str(response.status_code)[:1] != '2': # if the server returned an error (Maybe WAF blocked it)
            result = ('%s[blocked] %s' % (red, end))
        else: # if the fuzz string was not reflected in the response completely
            result = ('%s[filtered]%s' % (yellow, end))
        print ('%s %s' % (result, fuzz))
Add files via upload 2018-10-27 18:58:52 +05:30			`import copy`
			`from random import randint`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`from time import sleep`
Clearer argument handling, pep8, import order, less unused vars (#123) * Proposal for less redundant argument handling, autopep8, sorted imports, etc. * dest labels in sync with local target vars and safe names * only one special handling before transfer of values to local vars (headers prompt) * some initial comments - there was a quest for help on documentation ;-) * few oneliners from if else variable setters * left the simple script style as is (might be a preference for author and users) * Adapted code for static checks and removed unused mports sys and requests, many unused variables remain 2018-11-15 10:37:38 +01:00			`from urllib.parse import unquote`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30
Clearer argument handling, pep8, import order, less unused vars (#123) * Proposal for less redundant argument handling, autopep8, sorted imports, etc. * dest labels in sync with local target vars and safe names * only one special handling before transfer of values to local vars (headers prompt) * some initial comments - there was a quest for help on documentation ;-) * few oneliners from if else variable setters * left the simple script style as is (might be a preference for author and users) * Adapted code for static checks and removed unused mports sys and requests, many unused variables remain 2018-11-15 10:37:38 +01:00			`from core.colors import end, red, green, yellow, bad, good, info`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`from core.config import fuzzes, xsschecker`
			`from core.requester import requester`
			`from core.utils import replacer`
Add files via upload 2018-10-27 18:58:52 +05:30
			`def counter(string):`
			`special = '\'"=/:*&)(}{][><'`
			`count = 0`
			`for char in list(string):`
			`if char in special:`
			`count += 1`
			`return count`

Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):`
Add files via upload 2018-10-27 18:58:52 +05:30			`for fuzz in fuzzes:`
			`if delay == 0:`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`delay = 0`
Add files via upload 2018-10-27 18:58:52 +05:30			`t = delay + randint(delay, delay * 2) + counter(fuzz)`
			`sleep(t)`
			`paramsCopy = copy.deepcopy(params)`
			`try:`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`fuzz = encoding(unquote(fuzz))`
			`data = replacer(paramsCopy, xsschecker, fuzz)`
			`response = requester(url, data, headers, GET, delay/2, timeout)`
Add files via upload 2018-10-27 18:58:52 +05:30			`except:`
			`print ('\n%s WAF is dropping suspicious requests.' % bad)`
			`if delay == 0:`
			`print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end))`
			`delay += 6`
			`limit = (delay + 1) * 50`
			`timer = -1`
			`while timer < limit:`
			`print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r')`
			`limit -= 1`
			`sleep(1)`
			`try:`
Add files via upload 2018-11-14 23:53:18 +05:30			`requester(url, params, headers, GET, 0, 10)`
Add files via upload 2018-10-27 18:58:52 +05:30			`print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)`
			`except:`
			`print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)`
			`break`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`fuzz = encoding(fuzz)`
Add files via upload 2018-10-27 18:58:52 +05:30			`if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response`
			`result = ('%s[passed] %s' % (green, end))`
			`elif str(response.status_code)[:1] != '2': # if the server returned an error (Maybe WAF blocked it)`
			`result = ('%s[blocked] %s' % (red, end))`
			`else: # if the fuzz string was not reflected in the response completely`
			`result = ('%s[filtered]%s' % (yellow, end))`
added missing import 2018-10-27 20:00:29 +05:30			`print ('%s %s' % (result, fuzz))`