def get_call(path, headers, data, payloadslist, original_request): url, link_params = path.split('?') params = link_params.split('&') i = 0 while i < len(params): oldparams = params[:] var = params[i].split('=') for payload in payloadslist: var = params[i].split('=') pay_vars = var[:] pay_vars[1] = var[1] + payload[0] pay_params = params[:] pay_params[i] = '='.join(pay_vars) pay_data = '&'.join(pay_params) pay_path = url + '?' + pay_data counter_pay_vars = var[:] counter_pay_vars[1] = var[1] + payload[1] counter_pay_params = params[:] counter_pay_params[i] = '='.join(counter_pay_vars) counter_pay_data = '&'.join(counter_pay_params) counter_pay_path = url + '?' + counter_pay_data HTTPRequester.check_max_threads() new_thread = Thread_types.Threadsi(path, headers, pay_data, counter_pay_data, original_request, var, 'GET', pay_path, counter_pay_path) HTTPRequester.thread_starter(new_thread) params = oldparams[:] i = i + 1 else: # no params to test pass
def common_post_call(path, headers, payloadslist, post_params, original_request): i = 0 while i < len(post_params): oldpost_params = post_params[:] vars = post_params[i].split('=') for payload in payloadslist: vars = post_params[i].split('=') pay_vars = vars[:] pay_vars[1] = vars[1] + payload[0] pay_params = post_params[:] pay_params[i] = '='.join(pay_vars) pay_data = '&'.join(pay_params) counter_pay_vars = vars[:] counter_pay_vars[1] = vars[1] + payload[1] counter_pay_params = post_params[:] counter_pay_params[i] = '='.join(counter_pay_vars) counter_pay_data = '&'.join(counter_pay_params) HTTPRequester.check_max_threads() new_thread = Thread_types.Threadsi(path, headers, pay_data, counter_pay_data, original_request, '='.join(vars), 'POST', None, None) HTTPRequester.thread_starter(new_thread) post_params = oldpost_params[:] i = i + 1
def multi_post_call(path, headers, payloadslist, boundaries, original_request): i = 1 while i < len(boundaries): oldboundaries = boundaries[:] lines = boundaries[i].splitlines() oldline = lines[0][:] j = 0 while j < len(payloadslist): pay_line = lines[:] pay_line[1] = lines[1] + payloadslist[j][0] pay_boundaries = boundaries[:] pay_boundaries[i] = '\n'.join(pay_line) pay_data = '\n\n'.join(pay_boundaries) counter_pay_line = lines[:] counter_pay_line[1] = lines[1] + payloadslist[j][1] counter_pay_boundaries = boundaries[:] counter_pay_boundaries[i] = '\n'.join(counter_pay_line) counter_pay_data = '\n\n'.join(counter_pay_boundaries) HTTPRequester.check_max_threads() new_thread = Thread_types.Threadsi(path, headers, pay_data, counter_pay_data, original_request, lines[0], 'POST', None, None) HTTPRequester.thread_starter(new_thread) lines[0] = oldline j = j + 1 boundaries = oldboundaries i = i + 1
def common_post_call(path, headers, payloadslist, post_params, original_request): i = 0 while i < len(post_params): oldpost_params = post_params[:] vars = post_params[i].split('=') for payload in payloadslist: vars = post_params[i].split('=') gibberish_vars = vars[:] gibberish_vars[1] = vars[1] + "gibberish" gibberish_params = post_params[:] gibberish_params[i] = '='.join(gibberish_vars) gibberish_data = '&'.join(gibberish_params) gibberish_numb_vars = vars[:] gibberish_numb_vars[1] = vars[1] + "777" gibberish_numb_params = post_params[:] gibberish_numb_params[i] = '='.join(gibberish_numb_vars) gibberish_numb_data = '&'.join(gibberish_numb_params) vars[1] = vars[1] + payload post_params[i] = '='.join(vars) data = '&'.join(post_params) HTTPRequester.check_max_threads() new_thread = Thread_types.Threadpp(path, data, headers, original_request, '='.join(vars), 'POST', gibberish_data, gibberish_numb_data) HTTPRequester.thread_starter(new_thread) post_params = oldpost_params[:] i = i + 1
def get_call(path, headers, data, payloadslist, original_request): url, link_params = path.split('?') HTTPRequester.check_max_threads() new_thread = Thread_types.Threadxxe(url, headers, payloadslist, link_params, original_request, 'GET') HTTPRequester.thread_starter(new_thread)
def multi_post_call(path, headers, payloadslist, boundaries, original_request): i = 1 while i < len(boundaries): oldboundaries = boundaries[:] lines = boundaries[i].splitlines() oldline = lines[0][:] j = 0 while j < len(payloadslist): gibberish_line = lines[:] gibberish_line[1] = lines[1] + "gibberish" gibberish_boundaries = boundaries[:] gibberish_boundaries[i] = '\n'.join(gibberish_line) gibberish_data = '\n\n'.join(gibberish_boundaries) gibberish_numb_line = lines[:] gibberish_numb_line[1] = lines[1] + "777" gibberish_numb_boundaries = boundaries[:] gibberish_numb_boundaries[i] = '\n'.join(gibberish_numb_line) gibberish_numb_data = '\n\n'.join(gibberish_numb_boundaries) lines[0] = lines[0] + payloadslist[j] boundaries[i] = '\n'.join(lines) data = '\n\n'.join(boundaries) HTTPRequester.check_max_threads() new_thread = Thread_types.Threadpp(path, data, headers, original_request, lines[0], 'POST', gibberish_data, gibberish_numb_data) HTTPRequester.thread_starter(new_thread) lines[0] = oldline j = j + 1 boundaries = oldboundaries i = i + 1
def multi_post_call(path, headers, payloadslist, boundaries, original_request): #boundaries = array of post parameters HTTPRequester.check_max_threads() #check if all the threads are being used new_thread = Thread_types.Threadsr(path, headers, payloadslist, boundaries, original_request, 'POST') HTTPRequester.thread_starter(new_thread)
def common_post_call(path, headers, payloadslist, post_params, original_request): HTTPRequester.check_max_threads() new_thread = Thread_types.Threadsr(path, headers, payloadslist, post_params, original_request, 'POST') HTTPRequester.thread_starter(new_thread)
def get_call(path, headers, data, payloadslist, original_request): url, link_params = path.split('?') params = link_params.split('&') i = 0 while i < len(params): oldparams = params[:] var = params[i].split('=') for payload in payloadslist: var = params[i].split('=') gibberish_vars = var[:] gibberish_vars[1] = var[1] + "gibberish" gibberish_params = params[:] gibberish_params[i] = '='.join(gibberish_vars) gibberish_data = '&'.join(gibberish_params) gibberish_path = url + '?' + gibberish_data gibberish_numb_vars = var[:] gibberish_numb_vars[1] = var[1] + "777" gibberish_numb_params = params[:] gibberish_numb_params[i] = '='.join(gibberish_numb_vars) gibberish_numb_data = '&'.join(gibberish_numb_params) gibberish_numb_path = url + '?' + gibberish_numb_data var[1] = var[1] + payload var = '='.join(var) params[i] = var params = '&'.join(params) path = url + '?' + params HTTPRequester.check_max_threads() new_thread = Thread_types.Threadpp(path, data, headers, original_request, var, 'GET', gibberish_path, gibberish_numb_path) HTTPRequester.thread_starter(new_thread) params = oldparams[:] i = i + 1 else: # no params to test pass
def common_post_call(path, headers, payloadslist, post_params, original_request): i = 0 #shoud work with json and XML try: while i < len(post_params): oldpost_params = post_params[:] vars0 = post_params[i].split('=', 1) if len(vars0) == 1: vars0.append("fillparam") pay_vars0 = vars0[:] payload_to_get_region = "bar1337FOO1337bar" pay_vars0[1] = payload_to_get_region pay_params0 = post_params[:] pay_params0[i] = '='.join(pay_vars0) pay_data0 = '&'.join(pay_params0) response_compare = HTTPRequester.post_call(path, pay_data0, headers) response_html = response_compare.read() if response_compare.headers.get('Content-Encoding') != None: if 'gzip' in response_compare.headers.get('Content-Encoding'): response_html = zlib.decompress(response_html, 16 + zlib.MAX_WBITS) occurrances = [ m.start() for m in re.finditer(payload_to_get_region, response_html) ] list_regions = [] for occ in occurrances: list_regions.append([ response_html[(occ - 20):occ], response_html[(occ + len(payload_to_get_region)):( (occ + len(payload_to_get_region)) + 20)] ]) j = 0 while j < len(payloadslist[0]): payload = payloadslist[0][j] vars1 = post_params[i].split('=') if len(vars1) == 1: vars1.append("fillparam") pay_vars1 = vars1[:] pay_vars1[1] = payload pay_params1 = post_params[:] pay_params1[i] = '='.join(pay_vars1) pay_data1 = '&'.join(pay_params1) HTTPRequester.check_max_threads() new_thread = Thread_types.Threadti(path, headers, pay_data1, original_request, '='.join(pay_vars1), 'POST', None, 0, list_regions) HTTPRequester.thread_starter(new_thread) post_params = oldpost_params[:] j = j + 1 j = 0 while j < len(payloadslist[1]): payload = payloadslist[1][j] vars2 = post_params[i].split('=') if len(vars2) == 1: vars2.append("fillparam") pay_vars2 = vars2[:] pay_vars2[1] = payload pay_params2 = post_params[:] pay_params2[i] = '='.join(pay_vars2) pay_data2 = '&'.join(pay_params2) HTTPRequester.check_max_threads() new_thread = Thread_types.Threadti(path, headers, pay_data2, original_request, '='.join(pay_vars2), 'POST', None, 1, list_regions) HTTPRequester.thread_starter(new_thread) post_params = oldpost_params[:] j = j + 1 i = i + 1 except Exception as msg: print msg print post_params
def multi_post_call(path, headers, payloadslist, boundaries, original_request): i = 1 while i < len(boundaries): oldboundaries = boundaries[:] lines = boundaries[i].splitlines() oldline = lines[0][:] #gotta identify the region where it gets substituted pay_line0 = lines[:] payload_to_get_region = "bar1337FOO1337bar" pay_line0[1] = payload_to_get_region pay_boundaries0 = boundaries[:] pay_boundaries0[i] = '\n'.join(pay_line0) pay_data0 = '\n\n'.join(pay_boundaries0) response_compare = HTTPRequester.post_call(path, pay_data0, headers) response_html = response_compare.read() if response_compare.headers.get('Content-Encoding') != None: if 'gzip' in response_compare.headers.get('Content-Encoding'): response_html = zlib.decompress(response_html, 16 + zlib.MAX_WBITS) occurrances = [ m.start() for m in re.finditer(payload_to_get_region, response_html) ] list_regions = [] for occ in occurrances: list_regions.append([ response_html[(occ - 20):occ], response_html[(occ + len(payload_to_get_region)):( (occ + len(payload_to_get_region)) + 20)] ]) j = 0 while j < len(payloadslist[0]): pay_line1 = lines[:] pay_line1[1] = payloadslist[0][j] pay_boundaries1 = boundaries[:] pay_boundaries1[i] = '\n'.join(pay_line1) pay_data1 = '\n\n'.join(pay_boundaries1) HTTPRequester.check_max_threads( ) #check if all the threads are being used new_thread = Thread_types.Threadti(path, headers, pay_data1, original_request, pay_line1, 'POST', None, 0, list_regions) HTTPRequester.thread_starter(new_thread) lines[0] = oldline boundaries = oldboundaries j = j + 1 j = 0 while j < len(payloadslist[1]): pay_line2 = lines[:] pay_line2[1] = payloadslist[1][j] pay_boundaries2 = boundaries[:] pay_boundaries2[i] = '\n'.join(pay_line2) pay_data2 = '\n\n'.join(pay_boundaries2) HTTPRequester.check_max_threads( ) #check if all the threads are being used new_thread = Thread_types.Threadti(path, headers, pay_data2, original_request, pay_line2, 'POST', None, 1, list_regions) HTTPRequester.thread_starter(new_thread) lines[0] = oldline boundaries = oldboundaries j = j + 1 i = i + 1
def get_call(path, headers, data, payloadslist, original_request): url, link_params = path.split('?', 1) params = link_params.split('&') i = 0 while i < len(params): oldparams = params[:] var0 = params[i].split('=', 1) if len(var0) == 1: var0.append("fillparam") pay_vars0 = var0[:] payload_to_get_region = "bar1337FOO1337bar" pay_vars0[1] = payload_to_get_region pay_params0 = params[:] pay_params0[i] = '='.join(pay_vars0) pay_data0 = '&'.join(pay_params0) pay_path0 = url + '?' + pay_data0 response_compare = HTTPRequester.get_call(pay_path0, headers) response_html = response_compare.read() if response_compare.headers.get('Content-Encoding') != None: if 'gzip' in response_compare.headers.get('Content-Encoding'): response_html = zlib.decompress(response_html, 16 + zlib.MAX_WBITS) occurrances = [ m.start() for m in re.finditer(payload_to_get_region, response_html) ] list_regions = [] for occ in occurrances: list_regions.append([ response_html[(occ - 20):occ], response_html[(occ + len(payload_to_get_region)):( (occ + len(payload_to_get_region)) + 20)] ]) j = 0 while j < len(payloadslist[0]): payload = payloadslist[0][j] var1 = params[i].split('=') if len(var1) == 1: var1.append("fillparam") pay_vars1 = var1[:] pay_vars1[1] = payload pay_params1 = params[:] pay_params1[i] = '='.join(pay_vars1) pay_data1 = '&'.join(pay_params1) pay_path1 = url + '?' + pay_data1 HTTPRequester.check_max_threads() new_thread = Thread_types.Threadti(path, headers, pay_data1, original_request, pay_params1[i], 'GET', pay_path1, 0, list_regions) HTTPRequester.thread_starter(new_thread) params = oldparams[:] j = j + 1 j = 0 while j < len(payloadslist[1]): payload = payloadslist[1][j] var2 = params[i].split('=') if len(var2) == 1: var2.append("fillparam") pay_vars2 = var2[:] pay_vars2[1] = payload pay_params2 = params[:] pay_params2[i] = '='.join(pay_vars2) pay_data2 = '&'.join(pay_params2) pay_path2 = url + '?' + pay_data2 HTTPRequester.check_max_threads() new_thread = Thread_types.Threadti(path, headers, pay_data2, original_request, pay_params2[i], 'GET', pay_path2, 0, list_regions) HTTPRequester.thread_starter(new_thread) params = oldparams[:] j = j + 1 i = i + 1 else: # no params to test pass