Beispiel #1
0
def scan_get_request_from_path(request_info):
    """Scan all parameters in url for GET request

    Examples:
        GET /dvwa/vulnerabilities/xss_r/?name=helloworld HTTP/1.1
        Host: test.avfisher.win
        Cookie: security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32

        Parameters in URL:
            name

    """

    path = request_info['path']
    #if "?" in path and "&" in path:
    if path and "?" in path:  # Example of path: http://abc.xyz/index.html?para=test
        paras = path.split('?')[-1].split('&')
        for para in paras:
            if para:
                for payload in payloads:
                    payload_para = "{}{}".format(para, payload)
                    path_str = path.replace(para, payload_para)
                    request_info['path'] = path_str.strip()
                    type = "Path"
                    r_1 = HackRequests(request_info, LIB_1).get_request()
                    r_2 = HackRequests(request_info, LIB_2).get_request()
                    if print_scan_result(
                            type, r_1, path_str, payload,
                            request_info) == "vulnerable" or print_scan_result(
                                type, r_2, path_str, payload,
                                request_info) == "vulnerable":
                        break
Beispiel #2
0
def scan_request_from_cookie(request_info):
    """ Scan all cookies except exclusions in list 'cookie_exclusion' for GET/POST request

    Examples:
        POST /dvwa/login.php HTTP/1.1
        Host: test.avfisher.win
        Cookie: security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32

        Cookies:
            security
            PHPSESSID

    """

    cookie = request_info['cookie']
    if cookie:
        cookies = cookie.split('; ')
        for ck in cookies:
            if ck and ck.strip().split('=', 1)[0].lower() not in cookie_exclusion:
                for payload in payloads:
                    payload_cookie = "{}{}".format(ck, payload)
                    cookie_str = cookie.replace(ck, payload_cookie)
                    request_info['cookie'] = cookie_str.strip()
                    type = "Cookie"
                    if request_info['method'] == "GET":
                        r_1 = HackRequests(request_info, LIB_1).get_request()
                        r_2 = HackRequests(request_info, LIB_2).get_request()
                        if print_scan_result(type, r_1, cookie_str, payload, request_info) == "vulnerable" or print_scan_result(type, r_2, cookie_str, payload, request_info) == "vulnerable":
                            break
                    elif request_info['method'] == "POST":
                        r = HackRequests(request_info).post_request()
                        if print_scan_result(type, r, cookie_str, payload, request_info) == "vulnerable":
                            break
Beispiel #3
0
def scan_post_request_from_post_data(request_info):
    """Scan all parameters in post data for POST request

    Examples:
        POST /dvwa/vulnerabilities/xss_s/ HTTP/1.1
        Host: test.avfisher.win
        Cookie: security=impossible; security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32
        Post Data:txtName=whatsup&mtxMessage=man&btnSign=Sign+Guestbook&user_token=b1ce437384e1bb75bdc8a3f02babe157

        Parameters in post data:
            txtName
            mtxMessage
            btnSign
            user_token

    """

    post_data = request_info['post_data']
    if post_data and "&" in post_data:
        paras = request_info['post_data'].split('&')
        for para in paras:
            if para:
                for payload in payloads:
                    payload_para = "{}{}".format(para, payload)
                    post_data_str = post_data.replace(para, payload_para)
                    request_info['post_data'] = post_data_str.strip()
                    type = "Post"
                    r = HackRequests(request_info).post_request()
                    if print_scan_result(type, r, post_data_str, payload,
                                         request_info) == "vulnerable":
                        break