def do_POST_check(parameter):
http_request_method = "POST"
# Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided.
parameter = checks.wildcard_character(parameter).replace("'", "\"")
# Check if JSON Object.
if checks.is_JSON_check(parameter):
if not settings.IS_JSON:
checks.process_json_data()
settings.PARAMETER_DELIMITER = ","
# Check if XML Object.
elif checks.is_XML_check(parameter):
if not settings.IS_XML:
checks.process_xml_data()
settings.PARAMETER_DELIMITER = ""
else:
pass
parameters_list = []
# Split multiple parameters
if settings.IS_XML:
_ = []
parameters = re.findall(r'(.*)', parameter)
parameters = [param + "\n" for param in parameters if param]
for value in range(0, len(parameters)):
_.append(parameters[value])
multi_parameters = _
else:
try:
multi_parameters = parameter.split(settings.PARAMETER_DELIMITER)
except ValueError, err_msg:
print settings.print_critical_msg(err_msg)
sys.exit(0)
def do_POST_check(parameter):
http_request_method = "POST"
# Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided.
parameter = checks.wildcard_character(parameter).replace("'","\"")
# Check if JSON Object.
if checks.is_JSON_check(parameter):
if not settings.IS_JSON:
checks.process_json_data()
settings.PARAMETER_DELIMITER = ","
# Check if XML Object.
elif checks.is_XML_check(parameter):
if not settings.IS_XML:
checks.process_xml_data()
settings.PARAMETER_DELIMITER = ""
else:
pass
parameters_list = []
# Split multiple parameters
if settings.IS_XML:
_ = []
parameters = re.findall(r'(.*)', parameter)
parameters = [param + "\n" for param in parameters if param]
for value in range(0,len(parameters)):
_.append(parameters[value])
multi_parameters = _
else:
try:
multi_parameters = parameter.split(settings.PARAMETER_DELIMITER)
multi_parameters = [x for x in multi_parameters if x]
except ValueError, err_msg:
print settings.print_critical_msg(err_msg)
raise SystemExit()
def logfile_parser():
"""
Warning message for mutiple request in same log file.
"""
def multi_requests():
print(settings.SINGLE_WHITESPACE)
err_msg = "Multiple"
if menu.options.requestfile:
err_msg += " requests"
elif menu.options.logfile:
err_msg += " targets"
err_msg += " are not supported, thus all coming"
if menu.options.requestfile:
err_msg += " requests "
elif menu.options.logfile:
err_msg += " targets "
err_msg += "will be ignored."
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
return False
"""
Error message for invalid data.
"""
def invalid_data(request):
print(settings.SINGLE_WHITESPACE)
err_msg = "Specified file "
err_msg += "'" + os.path.split(request_file)[1] + "'"
err_msg += " does not contain a valid HTTP request."
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
raise SystemExit()
if menu.options.requestfile:
info_msg = "Parsing HTTP request "
request_file = menu.options.requestfile
elif menu.options.logfile:
info_msg = "Parsing target "
request_file = menu.options.logfile
info_msg += "using the '" + os.path.split(request_file)[1] + "' file. "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
if not os.path.exists(request_file):
print(settings.SINGLE_WHITESPACE)
err_msg = "It seems that the '" + request_file + "' file, does not exist."
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
raise SystemExit()
else:
try:
if menu.options.requestfile:
with open(request_file, 'r') as file:
settings.RAW_HTTP_HEADERS = [line.strip() for line in file]
settings.RAW_HTTP_HEADERS = [
header for header in settings.RAW_HTTP_HEADERS if header
]
settings.RAW_HTTP_HEADERS = settings.RAW_HTTP_HEADERS[1:]
settings.RAW_HTTP_HEADERS = settings.RAW_HTTP_HEADERS[:-1]
settings.RAW_HTTP_HEADERS = '\\n'.join(
settings.RAW_HTTP_HEADERS)
except IOError as err_msg:
error_msg = "The '" + request_file + "' "
error_msg += str(err_msg.args[1]).lower() + "."
print(settings.SINGLE_WHITESPACE)
print(settings.print_critical_msg(error_msg))
raise SystemExit()
if os.stat(request_file).st_size != 0:
with open(request_file, 'r') as file:
request = file.read()
else:
invalid_data(request_file)
single_request = True
pattern = r'HTTP/([\d.]+)'
if len(re.findall(pattern, request)) > 1:
single_request = multi_requests()
if len(settings.HTTP_METHOD) == 0:
http_method = request.strip().splitlines()[0].split()[0]
settings.HTTP_METHOD = http_method
else:
http_method = settings.HTTP_METHOD
if "\\n" in request:
request = request.replace("\\n", "\n")
request_url = re.findall(r"" + " (.*) HTTP/", request)
if request_url:
# Check last line for POST data
if len(request.splitlines()[-1]) != 0:
result = [item for item in request.splitlines() if item]
multiple_xml = []
for item in result:
if checks.is_XML_check(item):
multiple_xml.append(item)
if len(multiple_xml) != 0:
menu.options.data = '\n'.join(
[str(item) for item in multiple_xml])
else:
menu.options.data = result[len(result) - 1]
else:
try:
# Check if url ends with "=".
if request_url[0].endswith("="):
request_url = request_url[0].replace(
"=", "=" + settings.INJECT_TAG, 1)
except IndexError:
invalid_data(request_file)
# Check if invalid data
if not request_url:
invalid_data(request_file)
else:
request_url = "".join([str(i) for i in request_url])
# Check for other headers
extra_headers = ""
prefix = "http://"
for line in request.splitlines():
if re.findall(r"Host: " + "(.*)", line):
menu.options.host = "".join(
[str(i) for i in re.findall(r"Host: " + "(.*)", line)])
# User-Agent Header
elif re.findall(
r"User-Agent: " + "(.*)",
line) and not (menu.options.agent or menu.options.mobile):
menu.options.agent = "".join([
str(i) for i in re.findall(r"User-Agent: " + "(.*)", line)
])
# Cookie Header
elif re.findall(r"Cookie: " + "(.*)", line):
menu.options.cookie = "".join(
[str(i) for i in re.findall(r"Cookie: " + "(.*)", line)])
# Referer Header
elif re.findall(r"Referer: " + "(.*)", line):
menu.options.referer = "".join(
[str(i) for i in re.findall(r"Referer: " + "(.*)", line)])
if menu.options.referer and "https://" in menu.options.referer:
prefix = "https://"
elif re.findall(r"Authorization: " + "(.*)", line):
auth_provided = "".join([
str(i)
for i in re.findall(r"Authorization: " + "(.*)", line)
]).split()
menu.options.auth_type = auth_provided[0].lower()
if menu.options.auth_type == "basic":
menu.options.auth_cred = base64.b64decode(
auth_provided[1]).decode()
elif menu.options.auth_type == "digest":
if not menu.options.auth_cred:
print(settings.SINGLE_WHITESPACE)
err_msg = "Use the '--auth-cred' option to provide a valid pair of "
err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") "
print(settings.print_critical_msg(err_msg))
raise SystemExit()
# Add extra headers
else:
match = re.findall(r"(.*): (.*)", line)
match = "".join([str(i) for i in match]).replace("', '", ":")
match = match.replace("('", "")
match = match.replace("')", "\\n")
# Ignore some header.
if "Content-Length" or "Accept-Encoding" in match:
extra_headers = extra_headers
else:
extra_headers = extra_headers + match
# Extra headers
menu.options.headers = extra_headers
# Target URL
if not menu.options.host:
invalid_data(request_file)
else:
menu.options.url = prefix + menu.options.host + request_url
if single_request:
sys.stdout.write(settings.SUCCESS_STATUS + "\n")
sys.stdout.flush()
if menu.options.logfile and settings.VERBOSITY_LEVEL != 0:
sub_content = http_method + " " + prefix + menu.options.host + request_url
print(settings.print_sub_content(sub_content))
if menu.options.cookie:
sub_content = "Cookie: " + menu.options.cookie
print(settings.print_sub_content(sub_content))
if menu.options.data:
sub_content = "POST data: " + menu.options.data
print(settings.print_sub_content(sub_content))
# eof
def do_POST_check(parameter):
http_request_method = "POST"
# Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided.
parameter = checks.wildcard_character(parameter).replace("'", "\"")
# Check if JSON Object.
if checks.is_JSON_check(parameter):
if not settings.IS_JSON:
checks.process_json_data()
settings.PARAMETER_DELIMITER = ","
# Check if XML Object.
elif checks.is_XML_check(parameter):
if not settings.IS_XML:
checks.process_xml_data()
settings.PARAMETER_DELIMITER = ""
else:
pass
parameters_list = []
# Split multiple parameters
if settings.IS_XML:
_ = []
parameters = re.findall(r'(.*)', parameter)
parameters = [param + "\n" for param in parameters if param]
for value in range(0, len(parameters)):
_.append(parameters[value])
multi_parameters = _
else:
multi_parameters = parameter.split(settings.PARAMETER_DELIMITER)
# Check for inappropriate format in provided parameter(s).
if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)) and \
not settings.IS_JSON and \
not settings.IS_XML:
checks.inappropriate_format(multi_parameters)
# Check for empty values (in provided parameters).
# Check if single parameter is supplied.
if len(multi_parameters) == 1:
#Grab the value of parameter.
if settings.IS_JSON:
#Grab the value of parameter.
value = re.findall(r'\"(.*)\"', parameter)
value = ''.join(value)
if value != settings.INJECT_TAG:
value = re.findall(r'\s*\:\s*\"(.*)\"', parameter)
value = ''.join(value)
elif settings.IS_XML:
#Grab the value of parameter.
value = re.findall(r'>(.*)</', parameter)
value = ''.join(value)
else:
_ = []
_.append(parameter)
parameter = ''.join(checks.check_similarities(_))
value = re.findall(r'=(.*)', parameter)
value = ''.join(value)
if checks.is_empty(multi_parameters, http_request_method):
return parameter
else:
# Replace the value of parameter with INJECT tag
inject_value = value.replace(value, settings.INJECT_TAG)
if len(value) == 0:
if settings.IS_JSON:
parameter = parameter.replace(
":\"\"", ":\"" + settings.INJECT_TAG + "\"")
else:
parameter = parameter + settings.INJECT_TAG
else:
parameter = parameter.replace(value, inject_value)
return parameter
else:
# Check if multiple parameters are supplied without the "INJECT_HERE" tag.
if settings.IS_XML:
all_params = multi_parameters
else:
all_params = settings.PARAMETER_DELIMITER.join(multi_parameters)
# Check for similarity in provided parameter name and value.
all_params = all_params.split(settings.PARAMETER_DELIMITER)
all_params = checks.check_similarities(all_params)
# Check if not defined the "INJECT_HERE" tag in parameter
if settings.INJECT_TAG not in parameter:
checks.is_empty(multi_parameters, http_request_method)
for param in range(0, len(all_params)):
if param == 0:
if settings.IS_JSON:
old = re.findall(r'\:\"(.*)\"', all_params[param])
old = ''.join(old)
elif settings.IS_XML:
old = re.findall(r'>(.*)</', all_params[param])
old = ''.join(old)
else:
old = re.findall(r'=(.*)', all_params[param])
old = ''.join(old)
else:
old = value
# Grab the value of parameter.
if settings.IS_JSON:
#Grab the value of parameter.
value = re.findall(r'\:\"(.*)\"', all_params[param])
value = ''.join(value)
elif settings.IS_XML:
value = re.findall(r'>(.*)</', all_params[param])
value = ''.join(value)
else:
value = re.findall(r'=(.*)', all_params[param])
value = ''.join(value)
# Replace the value of parameter with INJECT tag
inject_value = value.replace(value, settings.INJECT_TAG)
# Skip testing the parameter(s) with empty value(s).
if menu.options.skip_empty:
if len(value) == 0:
if settings.IS_JSON:
#Grab the value of parameter.
provided_value = re.findall(
r'\"(.*)\"\:', all_params[param])
provided_value = ''.join(provided_value)
elif settings.IS_XML:
provided_value = re.findall(
r'>(.*)</', all_params[param])
provided_value = ''.join(provided_value)
else:
provided_value = re.findall(
r'(.*)=', all_params[param])
provided_value = ''.join(provided_value)
else:
all_params[param] = all_params[param].replace(
value, inject_value)
all_params[param - 1] = all_params[param - 1].replace(
inject_value, old)
parameter = settings.PARAMETER_DELIMITER.join(
all_params)
parameters_list.append(parameter)
parameter = parameters_list
else:
if len(value) == 0:
if settings.IS_JSON:
all_params[param] = all_params[param].replace(
":\"\"", ":\"" + settings.INJECT_TAG + "\"")
elif settings.IS_XML:
all_params[param] = all_params[param].replace(
"></", ">" + settings.INJECT_TAG + "</")
else:
all_params[param] = all_params[
param] + settings.INJECT_TAG
else:
all_params[param] = all_params[param].replace(
value, inject_value)
all_params[param - 1] = all_params[param - 1].replace(
inject_value, old)
parameter = settings.PARAMETER_DELIMITER.join(all_params)
parameters_list.append(parameter)
parameter = parameters_list
else:
for param in range(0, len(multi_parameters)):
# Grab the value of parameter.
if settings.IS_JSON:
value = re.findall(r'\"(.*)\"', multi_parameters[param])
value = ''.join(value)
if settings.IS_XML:
value = re.findall(r'>(.*)</', all_params[param])
value = ''.join(value)
else:
value = re.findall(r'=(.*)', multi_parameters[param])
value = ''.join(value)
parameter = settings.PARAMETER_DELIMITER.join(multi_parameters)
return parameter
def do_POST_check(parameter, http_request_method):
# Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided.
parameter = checks.wildcard_character(parameter).replace("'", "\"")
# Check if JSON Object.
if checks.is_JSON_check(checks.check_quotes_json_data(parameter)):
parameter = checks.check_quotes_json_data(parameter)
if not settings.IS_JSON:
checks.process_json_data()
settings.PARAMETER_DELIMITER = ","
# Check if XML Object.
elif checks.is_XML_check(parameter):
if not settings.IS_XML:
checks.process_xml_data()
settings.PARAMETER_DELIMITER = ""
else:
pass
parameters_list = []
# Split multiple parameters
if settings.IS_XML:
parameter = re.sub(r">\s*<", '>\n<', parameter).replace("\\n", "\n")
_ = []
parameters = re.findall(r'(.*)', parameter)
parameters = [param + "\n" for param in parameters if param]
for value in range(0, len(parameters)):
_.append(parameters[value])
multi_parameters = _
else:
try:
multi_parameters = parameter.split(settings.PARAMETER_DELIMITER)
multi_parameters = [x for x in multi_parameters if x]
except ValueError as err_msg:
print(settings.print_critical_msg(err_msg))
raise SystemExit()
# Check for inappropriate format in provided parameter(s).
if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)) and \
not settings.IS_JSON and \
not settings.IS_XML:
checks.inappropriate_format(multi_parameters)
# Check if single parameter is supplied.
if len(multi_parameters) == 1:
# Grab the value of parameter.
if settings.IS_JSON:
# Grab the value of parameter.
value = re.findall(r'\"(.*)\"', parameter)
value = ''.join(value)
if value != settings.INJECT_TAG:
value = re.findall(r'\s*\:\s*\"(.*)\"', parameter)
value = ''.join(value)
elif settings.IS_XML:
# Grab the value of parameter.
value = re.findall(r'>(.*)</', parameter)
value = ''.join(value)
else:
_ = []
_.append(parameter)
parameter = ''.join(checks.check_similarities(_))
value = re.findall(r'=(.*)', parameter)
value = ''.join(value)
if checks.is_empty(multi_parameters, http_request_method):
return parameter
else:
# Ignoring the anti-CSRF parameter(s).
if checks.ignore_anticsrf_parameter(parameter):
return parameter
if re.search(settings.VALUE_BOUNDARIES, value):
value = checks.value_boundaries(value)
# Replace the value of parameter with INJECT_HERE tag
if len(value) == 0:
if settings.IS_JSON:
parameter = parameter.replace(
":\"\"", ":\"" + settings.INJECT_TAG + "\"")
else:
parameter = parameter + settings.INJECT_TAG
else:
parameter = parameter.replace(value,
value + settings.INJECT_TAG)
return parameter
else:
# Check if multiple parameters are supplied without the "INJECT_HERE" tag.
if settings.IS_XML:
all_params = multi_parameters
else:
all_params = settings.PARAMETER_DELIMITER.join(multi_parameters)
# Check for similarity in provided parameter name and value.
all_params = all_params.split(settings.PARAMETER_DELIMITER)
all_params = checks.check_similarities(all_params)
# Check if not defined the "INJECT_HERE" tag in parameter
if settings.INJECT_TAG not in parameter:
if checks.is_empty(multi_parameters, http_request_method):
return parameter
for param in range(0, len(all_params)):
if param == 0:
if settings.IS_JSON:
old = re.findall(r'\:(.*)', all_params[param])
old = re.sub(settings.IGNORE_SPECIAL_CHAR_REGEX, '',
''.join(old))
elif settings.IS_XML:
old = re.findall(r'>(.*)</', all_params[param])
old = ''.join(old)
else:
old = re.findall(r'=(.*)', all_params[param])
old = ''.join(old)
else:
old = value
if settings.IS_JSON:
value = re.findall(r'\:(.*)', all_params[param])
if re.findall(r'\\"(.*)\\"', value[0]):
value = re.findall(r'\\"(.*)\\"', value[0])
value = re.sub(settings.IGNORE_SPECIAL_CHAR_REGEX, '',
''.join(value))
elif settings.IS_XML:
value = re.findall(r'>(.*)</', all_params[param])
value = ''.join(value)
else:
value = re.findall(r'=(.*)', all_params[param])
value = ''.join(value)
# Ignoring the anti-CSRF parameter(s).
if checks.ignore_anticsrf_parameter(all_params[param]):
continue
if re.search(settings.VALUE_BOUNDARIES, value):
value = checks.value_boundaries(value)
# Replace the value of parameter with INJECT_HERE tag
# Skip testing the parameter(s) with empty value(s).
if menu.options.skip_empty:
if len(value) != 0:
all_params[param] = all_params[param].replace(
value, value + settings.INJECT_TAG)
all_params[param - 1] = all_params[param - 1].replace(
value, "").replace(settings.INJECT_TAG, "")
parameter = settings.PARAMETER_DELIMITER.join(
all_params)
else:
if len(value) == 0:
if settings.IS_JSON:
all_params[param] = all_params[param].replace(
":\"\"", ":\"" + settings.INJECT_TAG + "\"")
elif settings.IS_XML:
all_params[param] = all_params[param].replace(
"></", ">" + settings.INJECT_TAG + "</")
else:
all_params[param] = all_params[
param] + settings.INJECT_TAG
else:
all_params[param] = all_params[param].replace(
value, value + settings.INJECT_TAG)
all_params[param - 1] = all_params[param - 1].replace(
value, "").replace(settings.INJECT_TAG, "")
parameter = settings.PARAMETER_DELIMITER.join(all_params)
parameter = parameter.replace(settings.RANDOM_TAG, "")
parameters_list.append(parameter)
parameter = parameters_list
else:
for param in range(0, len(multi_parameters)):
# Grab the value of parameter.
if settings.IS_JSON:
value = re.findall(r'\"(.*)\"', multi_parameters[param])
value = ''.join(value)
if settings.IS_XML:
value = re.findall(r'>(.*)</', all_params[param])
value = ''.join(value)
else:
value = re.findall(r'=(.*)', multi_parameters[param])
value = ''.join(value)
parameter = settings.PARAMETER_DELIMITER.join(multi_parameters)
return parameter
def logfile_parser():
"""
Warning message for mutiple request in same log file.
"""
def multi_requests():
print "[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]"
warn_msg = "Multiple"
if menu.options.requestfile:
warn_msg += " requests"
elif menu.options.logfile:
warn_msg += " targets"
warn_msg += " are not supported, thus all coming"
if menu.options.requestfile:
warn_msg += " requests "
elif menu.options.logfile:
warn_msg += " targets "
warn_msg += "will be ignored."
sys.stdout.write(settings.print_warning_msg(warn_msg) + "\n")
sys.stdout.flush()
return False
"""
Error message for invalid data.
"""
def invalid_data(request, single_request):
if single_request:
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "Something seems to be wrong with "
err_msg += "the '" + os.path.split(request_file)[1] + "' file. "
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
sys.exit(0)
if menu.options.requestfile:
request_file = menu.options.requestfile
info_msg = "Parsing HTTP request "
elif menu.options.logfile:
request_file = menu.options.logfile
info_msg = "Parsing target "
info_msg += "using the '" + os.path.split(request_file)[1] + "' file... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
if not os.path.exists(request_file):
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "It seems that the '" + request_file + "' file, does not exist."
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
sys.exit(0)
else:
# Check for multiple hosts
try:
request = open(request_file, "r")
except IOError, err_msg:
try:
error_msg = str(err_msg.args[0]).split("] ")[1] + "."
except:
error_msg = str(err_msg.args[0]) + "."
print settings.print_critical_msg(error_msg)
raise SystemExit()
words_dict = {}
for word in request.read().strip().splitlines():
if word[:4].strip() == "GET" or word[:4].strip() == "POST":
words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1
# Check if same header appears more than once.
single_request = True
if len(words_dict.keys()) > 1:
single_request = multi_requests()
for key in words_dict.keys():
if words_dict[key] > 1:
single_request = multi_requests()
# Check for GET / POST HTTP Header
for http_header in ["GET","POST"]:
request = open(request_file, "r")
request = request.read()
if "\\n" in request:
request = request.replace("\\n","\n")
request_url = re.findall(r"" + http_header + " (.*) ", request)
if request_url:
if not single_request:
request_url = request_url[0]
if http_header == "POST":
# Check for POST Data.
result = [item for item in request.splitlines() if item]
multiple_xml = []
for item in result:
if checks.is_XML_check(item):
multiple_xml.append(item)
if len(multiple_xml) != 0:
menu.options.data = '\n'.join([str(item) for item in multiple_xml])
else:
menu.options.data = result[len(result)-1]
else:
try:
# Check if url ends with "=".
if request_url[0].endswith("="):
request_url = request_url[0].replace("=","=" + settings.INJECT_TAG, 1)
except IndexError:
invalid_data(request_file, single_request)
break
# Check if invalid data
if not request_url:
invalid_data(request_file, single_request)
else:
request_url = "".join([str(i) for i in request_url])
# Check for other headers
extra_headers = ""
prefix = "http://"
for line in request.splitlines():
if re.findall(r"Host: " + "(.*)", line):
menu.options.host = "".join([str(i) for i in re.findall(r"Host: " + "(.*)", line)])
# User-Agent Header
elif re.findall(r"User-Agent: " + "(.*)", line):
menu.options.agent = "".join([str(i) for i in re.findall(r"User-Agent: " + "(.*)", line)])
# Cookie Header
elif re.findall(r"Cookie: " + "(.*)", line):
menu.options.cookie = "".join([str(i) for i in re.findall(r"Cookie: " + "(.*)", line)])
# Referer Header
elif re.findall(r"Referer: " + "(.*)", line):
menu.options.referer = "".join([str(i) for i in re.findall(r"Referer: " + "(.*)", line)])
if menu.options.referer and "https://" in menu.options.referer:
prefix = "https://"
elif re.findall(r"Authorization: " + "(.*)", line):
auth_provided = "".join([str(i) for i in re.findall(r"Authorization: " + "(.*)", line)]).split()
menu.options.auth_type = auth_provided[0].lower()
if menu.options.auth_type == "basic":
menu.options.auth_cred = base64.b64decode(auth_provided[1])
elif menu.options.auth_type == "digest":
if not menu.options.auth_cred:
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "Use the '--auth-cred' option to provide a valid pair of "
err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") "
print settings.print_critical_msg(err_msg)
sys.exit(0)
# Add extra headers
else:
match = re.findall(r"(.*): (.*)", line)
match = "".join([str(i) for i in match]).replace("', '",":")
match = match.replace("('","")
match = match.replace("')","\\n")
# Ignore some header.
if "Content-Length" or "Accept-Encoding" in match:
extra_headers = extra_headers
else:
extra_headers = extra_headers + match
# Extra headers
menu.options.headers = extra_headers
# Target URL
if not menu.options.host:
invalid_data(request_file, single_request)
else:
menu.options.url = prefix + menu.options.host + request_url
if single_request:
sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n")
sys.stdout.flush()
if menu.options.logfile:
info_msg = "Parsed target from '" + os.path.split(request_file)[1] + "' for tests :"
print settings.print_info_msg(info_msg)
print settings.SUB_CONTENT_SIGN + http_header + " " + prefix + menu.options.host + request_url
if http_header == "POST":
print settings.SUB_CONTENT_SIGN + "Data: " + menu.options.data
# eof
def logfile_parser():
"""
Warning message for mutiple request in same log file.
"""
def multi_requests():
print "[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]"
warn_msg = "Multiple"
if menu.options.requestfile:
warn_msg += " requests"
elif menu.options.logfile:
warn_msg += " targets"
warn_msg += " are not supported, thus all coming"
if menu.options.requestfile:
warn_msg += " requests "
elif menu.options.logfile:
warn_msg += " targets "
warn_msg += "will be ignored."
sys.stdout.write(settings.print_warning_msg(warn_msg) + "\n")
sys.stdout.flush()
return False
"""
Error message for invalid data.
"""
def invalid_data(request, single_request):
if single_request:
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "Something seems to be wrong with "
err_msg += "the '" + os.path.split(request_file)[1] + "' file. "
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
raise SystemExit()
if menu.options.requestfile:
request_file = menu.options.requestfile
info_msg = "Parsing HTTP request "
elif menu.options.logfile:
request_file = menu.options.logfile
info_msg = "Parsing target "
info_msg += "using the '" + os.path.split(request_file)[1] + "' file... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
if not os.path.exists(request_file):
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "It seems that the '" + request_file + "' file, does not exist."
sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
sys.stdout.flush()
raise SystemExit()
else:
# Check for multiple hosts
try:
request = open(request_file, "r")
except IOError, err_msg:
try:
error_msg = str(err_msg.args[0]).split("] ")[1] + "."
except:
error_msg = str(err_msg.args[0]) + "."
print settings.print_critical_msg(error_msg)
raise SystemExit()
words_dict = {}
for word in request.read().strip().splitlines():
if word[:4].strip() == "GET" or word[:4].strip() == "POST":
words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1
# Check if same header appears more than once.
single_request = True
if len(words_dict.keys()) > 1:
single_request = multi_requests()
for key in words_dict.keys():
if words_dict[key] > 1:
single_request = multi_requests()
# Check for GET / POST HTTP Header
for http_header in ["GET","POST"]:
request = open(request_file, "r")
request = request.read()
if "\\n" in request:
request = request.replace("\\n","\n")
request_url = re.findall(r"" + http_header + " (.*) ", request)
if request_url:
if not single_request:
request_url = request_url[0]
if http_header == "POST":
# Check for POST Data.
result = [item for item in request.splitlines() if item]
multiple_xml = []
for item in result:
if checks.is_XML_check(item):
multiple_xml.append(item)
if len(multiple_xml) != 0:
menu.options.data = '\n'.join([str(item) for item in multiple_xml])
else:
menu.options.data = result[len(result)-1]
else:
try:
# Check if url ends with "=".
if request_url[0].endswith("="):
request_url = request_url[0].replace("=","=" + settings.INJECT_TAG, 1)
except IndexError:
invalid_data(request_file, single_request)
break
# Check if invalid data
if not request_url:
invalid_data(request_file, single_request)
else:
request_url = "".join([str(i) for i in request_url])
# Check for other headers
extra_headers = ""
prefix = "http://"
for line in request.splitlines():
if re.findall(r"Host: " + "(.*)", line):
menu.options.host = "".join([str(i) for i in re.findall(r"Host: " + "(.*)", line)])
# User-Agent Header
elif re.findall(r"User-Agent: " + "(.*)", line):
menu.options.agent = "".join([str(i) for i in re.findall(r"User-Agent: " + "(.*)", line)])
# Cookie Header
elif re.findall(r"Cookie: " + "(.*)", line):
menu.options.cookie = "".join([str(i) for i in re.findall(r"Cookie: " + "(.*)", line)])
# Referer Header
elif re.findall(r"Referer: " + "(.*)", line):
menu.options.referer = "".join([str(i) for i in re.findall(r"Referer: " + "(.*)", line)])
if menu.options.referer and "https://" in menu.options.referer:
prefix = "https://"
elif re.findall(r"Authorization: " + "(.*)", line):
auth_provided = "".join([str(i) for i in re.findall(r"Authorization: " + "(.*)", line)]).split()
menu.options.auth_type = auth_provided[0].lower()
if menu.options.auth_type == "basic":
menu.options.auth_cred = base64.b64decode(auth_provided[1])
elif menu.options.auth_type == "digest":
if not menu.options.auth_cred:
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "Use the '--auth-cred' option to provide a valid pair of "
err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") "
print settings.print_critical_msg(err_msg)
raise SystemExit()
# Add extra headers
else:
match = re.findall(r"(.*): (.*)", line)
match = "".join([str(i) for i in match]).replace("', '",":")
match = match.replace("('","")
match = match.replace("')","\\n")
# Ignore some header.
if "Content-Length" or "Accept-Encoding" in match:
extra_headers = extra_headers
else:
extra_headers = extra_headers + match
# Extra headers
menu.options.headers = extra_headers
# Target URL
if not menu.options.host:
invalid_data(request_file, single_request)
else:
menu.options.url = prefix + menu.options.host + request_url
if single_request:
sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n")
sys.stdout.flush()
if menu.options.logfile:
info_msg = "Parsed target from '" + os.path.split(request_file)[1] + "' for tests :"
print settings.print_info_msg(info_msg)
print settings.SUB_CONTENT_SIGN + http_header + " " + prefix + menu.options.host + request_url
if http_header == "POST":
print settings.SUB_CONTENT_SIGN + "Data: " + menu.options.data
# eof
