def add_poc_data(url, data, http_method, content_type, poc):
"""
在原来数据的基础上替换成poc数据
:param url: get类型下完整url post为请求数据
:param http_method:
:param content_type:
:param poc:
:return:
"""
try:
poc_result = ChromeTrafficParser.simplify_request(
url=url,
data=data,
http_method=http_method,
content_type=content_type)
if (http_method and http_method.lower()
== HttpMethod.GET) or content_type is None:
poc_result["url"] = BaseTrafficParser.replace(
poc_result["url"], poc)
elif http_method and http_method.lower() == HttpMethod.POST:
poc_result["data"] = BaseTrafficParser.replace(
poc_result["data"], poc)
except Exception:
poc_result = {
"url": url,
"data": data,
"http_method": http_method,
"content_type": content_type
}
return poc_result
def simplify_request(url, data=None, http_method=HttpMethod.GET, content_type=None):
"""
解析请求参数,将数据转换成 requests能解析的类型
:param url:
:param data:
:param http_method:
:param content_type:
:return:
"""
if (http_method and http_method.lower() == HttpMethod.GET) or content_type is None:
return {"url": BaseTrafficParser._simplify_get_request(url), "data": data, "http_method": http_method,
"content_type": None}
elif http_method and http_method.lower() == HttpMethod.POST:
if ContentType.ResourceContentType.DEFAULT in content_type.lower():
return {"url": url, "data": ChromeTrafficParser._simplify_post_request_default(data),
"http_method": http_method, "content_type": ContentType.ResourceContentType.DEFAULT}
elif ContentType.ResourceContentType.JSON in content_type.lower():
return {"url": url, "data": ChromeTrafficParser._get_json_parameter(
ChromeTrafficParser._parse_post_parameter(data, content_type)), "http_method": http_method,
"content_type": ContentType.ResourceContentType.JSON}
elif ContentType.ResourceContentType.XML in content_type.lower():
return {"url": url, "data": ChromeTrafficParser._parse_post_parameter(data, content_type),
"http_method": http_method, "content_type": ContentType.ResourceContentType.XML}
elif ContentType.ResourceContentType.FORM in content_type.lower():
# 暂时不处理
return {"url": url, "data": data, "http_method": http_method,
"content_type": ContentType.ResourceContentType.FORM}
elif ContentType.ResourceContentType.TXT in content_type.lower():
return {"url": url, "data": data, "http_method": http_method,
"content_type": ContentType.ResourceContentType.TXT}
async def hook_request(req, url, method, data, headers, payload):
"""
修改请求方式和请求头,请求数据,修复重复跳转问题
await req.respond({'body': 'YO, GOOGLE.COM'})
data = {
'method': 'POST',
'postData': 'paramFoo=valueBar¶mThis=valueThat'
}
await req.continue_(data)
:param req:
:return:
"""
if req.method == method and req.url == url and req.postData == data:
content_type, headers_dic = get_content_type_headers(method, headers)
poc_result = BaseTrafficParser.add_poc_data(url=url,
data=data,
content_type=content_type,
http_method=method,
poc=payload)
try:
overrides = dict()
if poc_result["data"]:
overrides["postData"] = poc_result["data"]
if headers_dic:
overrides["headers"] = headers_dic
if method:
overrides["method"] = method
if poc_result["url"]:
overrides["url"] = poc_result["url"]
await req.continue_(overrides)
except PyppeteerError:
await req.continue_()
else:
await req.continue_()
def _simplify_post_request_default(data):
"""
对 application/x-www-form-urlencoded类型参数解析
:param data:
:param http_method:
:param content_type:
:return:
"""
result_urls_key = None
have_parameter = False
result_parameter = ""
http_parameter = BaseTrafficParser._get_json_parameter(data)
http_parameter = BaseTrafficParser._replace_param_val_to_identification(http_parameter)
for key, value in http_parameter.items():
result_parameter += "{}={}&".format(key, value)
have_parameter = True
if have_parameter:
result_urls_key = result_parameter[:-1]
return result_urls_key if result_urls_key else data
def get_parameter(url, data, http_method, content_type):
"""
get和BaseTrafficParser一致, post不一致
:param url:
:param data:
:param http_method:
:param content_type:
:return:
"""
if (http_method and http_method.lower() == HttpMethod.GET) or content_type is None:
return BaseTrafficParser.get_parameter(url=url, data=data, http_method=http_method,
content_type=content_type)
elif http_method and http_method == HttpMethod.POST:
return ChromeTrafficParser._parse_post_parameter(data, content_type)
async def hook_dialog(dialog, url, method, data, headers, celery_task_id,
payload):
"""
hook dialog事件,然后输出payload
:param dialog:
:return:
"""
if dialog.message == PAYLOAD_TAG:
content_type, headers_dic = get_content_type_headers(method, headers)
poc_result = BaseTrafficParser.add_poc_data(url=url,
data=data,
content_type=content_type,
http_method=method,
poc=payload)
poc_result["headers"] = headers_dic
# notify(poc_result, headers, celery_task_id)
add_result_queue(poc_result)
await dialog.dismiss()
def test1SimplifyRequest(self):
"""
测试对url或者参数进行归类
:return:
"""
from common.http_util import HttpMethod
from common.http_util import ContentType
from parser.base_traffic_parser import BaseTrafficParser
# 测试get 请求
simplify_request0 = BaseTrafficParser.simplify_request(
url="http://127.0.0.1:8889/?name=23232&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None)
print(simplify_request0)
# self.send_data(simplify_request0)
"""
print(BaseTrafficParser.simplify_request(url="http://127.0.0.1/?name.jsp", http_method=HttpMethod.GET, data=None, content_type=None))
print(BaseTrafficParser.simplify_request(url="http://127.0.0.1/name.jsp", http_method=HttpMethod.GET, data=None, content_type=None))
print(BaseTrafficParser.simplify_request(url="http://127.0.0.1/name.jsp中文哦", http_method=HttpMethod.GET, data=None, content_type=None))
"""
# 测试post 请求
print("=========post=========")
# 测试 post 请求
# 普通 application/x-www-form-urlencoded 类型
simplify_request1 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data="name=23333&pass=1",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.DEFAULT)
self.send_data(simplify_request1)
simplify_request2 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data="name=23333&pass=1&&",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.DEFAULT)
self.send_data(simplify_request2)
simplify_request3 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data="name=23333",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.DEFAULT)
self.send_data(simplify_request3)
simplify_request4 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data="name=23333&",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.DEFAULT)
self.send_data(simplify_request4)
# 普通 application/json 类型
print(
BaseTrafficParser.simplify_request(
url=
"http://10.211.55.2:8887/v1/os_command_injection/test_case3",
data='{"name":"23333"}',
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.JSON))
json1 = '{"name":{"pass": {"bb": 12222, "aa": {"hello": "xxx"}}}, "hello": "ssss"}'
simplify_request5 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data=json1,
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.JSON)
print(simplify_request5)
self.send_data(simplify_request5)
json2 = '{"name":"chenming","whoamo":"xxxx344"}'
simplify_request6 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data=json2,
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.JSON)
self.send_data(simplify_request6)
# 普通 text/xml 类型,暂不支持
print(
BaseTrafficParser.simplify_request(
url=
"http://10.211.55.2:8887/v1/os_command_injection/test_case3",
data="<name>23333</name>",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.XML))
upload_data1 = """------WebKitFormBoundaryH0TGOzR6zJhOJSVB \nContent-Disposition: form-data; name="file"; filename="5.png" \nContent-Type: image/png \nXXXXXX \n------WebKitFormBoundaryH0TGOzR6zJhOJSVB--"""
upload_data2 = """
------WebKitFormBoundarydnAY6LXdz8oOOXxy\\r\\nContent-Disposition: form-data; name=\\\"file\\\"; filename=\\\"5.png\\\"\\r\\nContent-Type: image/png\\r\\n\\r\\n\
"""
# 普通上传文件表单 multipart/form-data; boundary=----WebKitFormBoundaryH0TGOzR6zJhOJSVB,
simplify_request7 = BaseTrafficParser.simplify_request(
url="http://10.211.55.2:8889/v1/os_command_injection/test_case3",
data=upload_data1,
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.FORM)
print(simplify_request7)
def testADDPocData(self):
# 测试增加poc
from common.http_util import HttpMethod
from common.http_util import ContentType
from parser.base_traffic_parser import BaseTrafficParser
# 测试get 请求
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=23232&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=中文&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=%E4%B8%AD%E6%96%87&password=78812",
data=None,
http_method=HttpMethod.GET,
content_type=None,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=中文&password=78812#",
data=None,
content_type=None,
http_method=HttpMethod.GET,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/?name=中文……**$$$&password=78812、#",
data=None,
content_type=None,
http_method=HttpMethod.GET,
poc="eval"))
print(
BaseTrafficParser.add_poc_data(
url=
"http://127.0.0.1/?name=中文&password=78812!@#¥%……*()_+|}{QASDFGHJK<>MNZXCVBN#",
http_method=HttpMethod.GET,
data=None,
content_type=None,
poc="eval"))
print("=========post2=========")
# 测试 post 请求
# 普通 application/x-www-form-urlencoded 类型
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login",
data="name=23333&",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.DEFAULT,
poc="hack"))
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login?name=23333&",
data=None,
http_method=HttpMethod.POST,
content_type=None,
poc="hack"))
# 普通 application/json 类型
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login",
data='{"name":"23333"}',
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.JSON,
poc="hack"))
# print(BaseTrafficParser.get_parameter(url='{\\\"username\\\":\\\"admin\\\",\\\"password\\\":\\\"passss\\\"}', http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON))
# 普通 text/xml 类型,暂不支持
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/login",
data="<name>23333</name>",
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.XML,
poc="hack"))
upload_data1 = """------WebKitFormBoundaryH0TGOzR6zJhOJSVB \n Content-Disposition: form-data; name="file"; filename="5.png" \n Content-Type: image/png \n XXXXXX \n ------WebKitFormBoundaryH0TGOzR6zJhOJSVB-- """
upload_data2 = """
------WebKitFormBoundarydnAY6LXdz8oOOXxy\\r\\nContent-Disposition: form-data; name=\\\"file\\\"; filename=\\\"5.png\\\"\\r\\nContent-Type: image/png\\r\\n\\r\\n\
"""
# 普通上传文件表单 multipart/form-data; boundary=----WebKitFormBoundaryH0TGOzR6zJhOJSVB,
print(
BaseTrafficParser.add_poc_data(
url="http://127.0.0.1/upload",
data=upload_data1,
http_method=HttpMethod.POST,
content_type=ContentType.ResourceContentType.FORM,
poc="hack"))