def __testProxy(self):
     """Test if the proxy can be used on the connection, and insert it into the proxies list"""
     try:
         self.testConnection()
         oh.infoBox(f"Proxy {self.__proxy['http://']} worked.")
         self.__proxyList.append(self.__proxy)
     except:
         oh.warningBox(f"Proxy {self.__proxy['http://']} not worked.")
def checkDelay(argv: list, fuzzer: Fuzzer):
    """Check if the --delay argument is present, and set the value into the fuzzer

    @type argv: list
    @param argv: The arguments given in the execution
    @type fuzzer: Fuzzer
    @param fuzzer: The Fuzzer object
    """
    if ('--delay' in argv):
        delay = argv[argv.index('--delay') + 1]
        fuzzer.setDelay(float(delay))
        oh.infoBox(f"Set delay: {delay} second(s)")
def checkNumThreads(argv: list, fuzzer: Fuzzer):
    """Check if the -t argument is present, and set the number of threads in the fuzzer

    @type argv: list
    @param argv: The arguments given in the execution
    @type fuzzer: Fuzzer
    @param fuzzer: The Fuzzer object
    """
    if ('-t' in argv):
        numThreads = argv[argv.index('-t') + 1]
        fuzzer.setNumThreads(int(numThreads))
        oh.infoBox(f"Set number of threads: {numThreads} thread(s)")
def checkCookie(argv: list, requestHandler: RequestHandler):
    """Check if the --cookie argument is present, and set the value into the requestHandler

    @type argv: list
    @param argv: The arguments given in the execution
    @type requestHandler: RequestHandler
    @param requestHandler: The object responsible to handle the requests
    """
    if ('--cookie' in argv):
        cookie = argv[argv.index('--cookie') + 1]
        requestHandler.setCookie(cookie)
        oh.infoBox(f"Set cookie: {cookie}")
def checkProxies(argv: list, requestHandler: RequestHandler):
    """Check if the --proxies argument is present, and open a file

    @type argv: list
    @param argv: The arguments given in the execution
    """
    if ('--proxies' in argv):
        index = argv.index('--proxies') + 1
        proxiesFileName = argv[index]
        fh.openProxies(proxiesFileName)
        oh.infoBox(f"Loading proxies from file '{proxiesFileName}' ...")
        requestHandler.setProxiesFromFile()
Beispiel #6
0
 def prepareApplication(self):
     """Prepares the application"""
     try:
         self.__checkConnectionAndRedirections()
         oh.infoBox(
             f"Starting test on '{self.__requestHandler.getUrl()}' ...")
         self.__startApplication()
     except KeyboardInterrupt:
         oh.abortBox("Test aborted.")
         fh.writeOnOutput(self.__outputFileContent)
     else:
         oh.infoBox("Test completed.")
Beispiel #7
0
 def __openOutput(self):
     """Opens the output file 
        for store the probably vulnerable response data
     """
     now = datetime.now()
     time = now.strftime("%Y-%m-%d_%H:%M")
     try:
         self.__outputFile = open('../output/' + time + '.txt', 'w')
     except FileNotFoundError:
         os.system('mkdir ../output')
         self.__outputFile = open('../output/' + time + '.txt', 'w')
     finally:
         oh.infoBox(f'Saving results on \'{time}.txt\' ...')
Beispiel #8
0
 def __checkConnectionAndRedirections(self):
     """Test the connection and redirection to target"""
     # If we'll not fuzzing the url paths, so
     # test the redirections before start the fuzzing
     rh = self.__requestHandler
     if rh.getUrlIndexToPayload():
         oh.infoBox(
             "Test mode set to URL Fuzzing. No redirection verifications to target are being tested."
         )
         try:
             rh.testConnection()
         except:
             if not oh.askYesNo(
                     "Connection to target failed. Continue anyway? "):
                 exit()
         else:
             oh.infoBox("Connection status: OK")
     else:
         try:
             rh.testConnection()
         except:
             oh.errorBox("Failed to connect to the server.")
         oh.infoBox("Connection status: OK")
         oh.infoBox("Testing redirections ...")
         rh.testRedirection()
 def testRedirection(self):
     """Test if the connection will have a redirection"""
     requestParameters = self.__getRequestParameters(' ')
     response = requests.request(requestParameters['Method'],
                                 requestParameters['Url'],
                                 data=requestParameters['Data'],
                                 params=requestParameters['Data'],
                                 headers=requestParameters['Headers'],
                                 proxies=self.__proxy)
     if ('[302]' in str(response.history)):
         if (not oh.askYesNo(
                 "You was redirected to another page. Continue? (y/N): ")):
             exit(0)
     else:
         oh.infoBox("No redirections.")
Beispiel #10
0
    def writeOnOutput(self, outputContent: list):
        """Write the vulnerable input and response content into a file

        @param type: list
        @param outputContent: The list with probably vulnerable content
        """
        if outputContent:
            self.__openOutput()
            for content in outputContent:
                for key, value in content.items():
                    self.__outputFile.write(key + ': ' + str(value) + '\n')
                self.__outputFile.write('\n')
            self.__close(self.__outputFile)
            global outputHandler
            oh.infoBox('Results saved.')
def checkProxy(argv: list, requestHandler: RequestHandler):
    """Check if the --proxy argument is present, and set the value into the requestHandler

    @type argv: list
    @param argv: The arguments given in the execution
    @type requestHandler: RequestHandler
    @param requestHandler: The object responsible to handle the requests
    """
    if ('--proxy' in argv):
        index = argv.index('--proxy') + 1
        proxy = argv[index]
        requestHandler.setProxy({
            'http://': 'http://' + proxy,
            'https://': 'http://' + proxy
        })
        oh.infoBox(f"Set proxy: {proxy}")
def main(argv: list):
    """The main function

    @type argv: list
    @param argv: The arguments given in the execution
    """
    if (len(argv) < 2):
        oh.errorBox(
            "Invalid format! Use -h on 2nd parameter to show the help menu.")
    if (argv[1] == '-h' or argv[1] == '--help'):
        showHelpMenu()
    if (argv[1] == '-v' or argv[1] == '--version'):
        exit("FuzzingTool v3.1.0")
    url, method, param, headers = getDefaultRequestData(argv)
    defaultParam = getRequestParams(param) if param != '' else {}
    getWordlistFile(argv)
    fuzzer = Fuzzer(RequestHandler(url, method, defaultParam, headers))
    oh.infoBox(f"Set target: {fuzzer.getRequestHandler().getUrl()}")
    oh.infoBox(f"Set request method: {method}")
    oh.infoBox(f"Set request data: {str(defaultParam)}")
    checkCookie(argv, fuzzer.getRequestHandler())
    checkProxy(argv, fuzzer.getRequestHandler())
    checkProxies(argv, fuzzer.getRequestHandler())
    checkDelay(argv, fuzzer)
    checkVerboseMode(argv, fuzzer)
    checkNumThreads(argv, fuzzer)
    fuzzer.prepareApplication()
 def setProxiesFromFile(self):
     """Get the proxies from a file and test each one"""
     oh.infoBox("Testing proxies ...")
     for proxy in fh.readProxies():
         self.setProxy(proxy)
         self.__testProxy()