Beispiel #1
0
 def _add_writeup(self):
     os.mkdir(self.writeup)
     Writer.Replace(os.path.join(self.writeup, "report.md"),
                    ("\n" * 5).join([
                        "# NAME:", "# DESCRIPTION:", "# IMPACT",
                        "# RECOMMENDED FIX:", ""
                    ]))
     Writer.Replace(os.path.join(self.writeup, "payload"), "")
     Writer.Replace(os.path.join(self.writeup, "request"), "")
Beispiel #2
0
 def extract_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("fp", str)], 2)
         if self._validate(args, "log_id"):
             content = self.logs.Get(args.log_id).response.body
             if isinstance(content, (list, dict)):
                 Writer.Json(args.fp, content)
             else:
                 Writer.Replace(args.fp, content)
             self.display.Format("Log: {0} Extracted: {1}", True,
                                 args.log_id, args.fp)
             return True
     except:
         self._error()
     return False
Beispiel #3
0
    def Run(self):
            s = time.time()
            t = Threader(15,self.results)

            for w in self._wl:
                url = self.build_url(w)
                t.add((self.req,{"url" : url}))

            t.start()
            elapsed = time.gmtime(time.time() - s)
            final = self.update_display(True)

            Writer.Replace(self.options.output,final)
Beispiel #4
0
    def Code(logs,fp):
        mapped = []
        multi = False
        jpad = 4
        opad = 0
        tpl = "single"
    
        if not isinstance(logs,list): 
            logs = [logs]

        if len(logs) > 1:
            multi = True
            jpad = 8
            opad = 4
            tpl = "multiple"
    

        for log in logs:
            mapped.append(Generate.substitute_map(log,jpad))
        const_header = "None"
        const_cookies = "None"

        if multi: 
            if len(set(map(lambda x: x["@@HEADER"],mapped))) == 1:
                const_header = To.Code(logs[0].request.HeaderNoCookies())
                for m in mapped:
                   m["@@HEADER"] = "header"
                
            if len(set(map(lambda x: x["@@COOKIES"],mapped))) == 1:
                const_cookies =  To.Code(logs[0].request.cookies)
                for m in mapped:
                   m["@@COOKIES"] = "cookies"

        t = Reader.Read("{0}/{1}.pyt".format(os.path.dirname(__file__),tpl))
        req_objs = [Generate.gen_request_object(m,opad) for m in mapped]
        
        if multi: 
            t = Reader.Substitute(t,"@@HEADER",const_header)
            t = Reader.Substitute(t,"@@COOKIES",const_cookies)
            t = Reader.Substitute(t,"@@REQOBJS",",\n".join(req_objs))
        else: 
            t = Reader.Substitute(t,"@@REQOBJ",req_objs[0])
        
        Writer.Replace(fp,t)
        return "Python Script Written to: {0}".format(fp)
Beispiel #5
0
 def Run(self):
     hr = "-" * 80
     if os.path.isdir(self.path):
         print("\nTarget: {0} already exists...\n".format(self.name))
         sys.exit()
     print(hr)
     print("Creating Target: {0}".format(self.name))
     print("Path: {0}".format(self.path))
     os.mkdir(self.path)
     print(hr)
     self._accept_scope()
     Writer.Replace(self.notes, "\n")
     self._add_writeup()
     print("Target Created: {0}".format(self.name))
     print("Path: {0}".format(self.path))
     print(hr)
     print("Starting belch CLI ...")
     self._change_working()
     self._start_belch()
Beispiel #6
0
    def _accept_scope(self):
        parsed = self._parse_lines(
            "http[s]*\:\/\/[^\s\*]+",
            self._multi_line_input("Enter Target Scope:"),
        )

        working = []
        consolidated = []
        project = {
            "proxy": {
                "http_history_display_filter": {
                    "by_request_type": {
                        "show_only_in_scope_items": True
                    }
                },
                "match_replace_rules": [{
                    "comment": "Add QWERTY Query String Exists",
                    "enabled": True,
                    "is_simple_match": False,
                    "rule_type": "request_first_line",
                    "string_match": "^(\\w+\\s[^\\s]+\\?[^\\s]+)(\\sHTTP.+)$",
                    "string_replace": "$1&qwerty=ytrewq$2"
                }, {
                    "comment": "Add QWERTY No Query String",
                    "enabled": True,
                    "is_simple_match": False,
                    "rule_type": "request_first_line",
                    "string_match": "^(\\w+\\s[^\\?]+)(\\sHTTP.+)$",
                    "string_replace": "$1?qwerty=ytrewq$2"
                }, {
                    "comment": "Add QWERTY Query (?) exists with no query",
                    "enabled": True,
                    "is_simple_match": False,
                    "rule_type": "request_first_line",
                    "string_match": "^(\\w+\\s[^\\s]+\\?)(\\sHTTP.+)$",
                    "string_replace": "$1qwerty=ytrewq$2"
                }, {
                    "comment": "Add QWERTY Remove Doubled query",
                    "enabled": True,
                    "is_simple_match": False,
                    "rule_type": "request_first_line",
                    "string_match":
                    "^(\\w+\\s[^\\s]+\\?[^\\s]*)qwerty\\=ytrewq\\&qwerty\\=ytrewq([^\\s]*\\sHTTP.+)$",
                    "string_replace": "$1qwerty=ytrewq$2"
                }, {
                    "comment":
                    "Emulate IE",
                    "enabled":
                    False,
                    "is_simple_match":
                    False,
                    "rule_type":
                    "request_header",
                    "string_match":
                    "^User-Agent.*$",
                    "string_replace":
                    "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
                }, {
                    "comment":
                    "Emulate iOS",
                    "enabled":
                    False,
                    "is_simple_match":
                    False,
                    "rule_type":
                    "request_header",
                    "string_match":
                    "^User-Agent.*$",
                    "string_replace":
                    "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3"
                }, {
                    "comment":
                    "Emulate Android",
                    "enabled":
                    False,
                    "is_simple_match":
                    False,
                    "rule_type":
                    "request_header",
                    "string_match":
                    "^User-Agent.*$",
                    "string_replace":
                    "User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
                }, {
                    "comment": "Require non-cached response",
                    "enabled": False,
                    "is_simple_match": False,
                    "rule_type": "request_header",
                    "string_match": "^If-Modified-Since.*$"
                }, {
                    "comment": "Require non-cached response",
                    "enabled": False,
                    "is_simple_match": False,
                    "rule_type": "request_header",
                    "string_match": "^If-None-Match.*$"
                }, {
                    "comment": "Hide Referer header",
                    "enabled": False,
                    "is_simple_match": False,
                    "rule_type": "request_header",
                    "string_match": "^Referer.*$"
                }, {
                    "comment": "Require non-compressed responses",
                    "enabled": False,
                    "is_simple_match": False,
                    "rule_type": "request_header",
                    "string_match": "^Accept-Encoding.*$"
                }, {
                    "comment": "Ignore cookies",
                    "enabled": False,
                    "is_simple_match": False,
                    "rule_type": "response_header",
                    "string_match": "^Set-Cookie.*$"
                }, {
                    "comment":
                    "Rewrite Host header",
                    "enabled":
                    False,
                    "is_simple_match":
                    False,
                    "rule_type":
                    "request_header",
                    "string_match":
                    "^Host: foo.example.org$",
                    "string_replace":
                    "Host: bar.example.org"
                }, {
                    "comment":
                    "Add spoofed CORS origin",
                    "enabled":
                    False,
                    "is_simple_match":
                    True,
                    "rule_type":
                    "request_header",
                    "string_replace":
                    "Origin: foo.example.org"
                }, {
                    "comment":
                    "Remove HSTS headers",
                    "enabled":
                    False,
                    "is_simple_match":
                    False,
                    "rule_type":
                    "response_header",
                    "string_match":
                    "^Strict\\-Transport\\-Security.*$"
                }, {
                    "comment": "Disable browser XSS protection",
                    "enabled": False,
                    "is_simple_match": True,
                    "rule_type": "response_header",
                    "string_replace": "X-XSS-Protection: 0"
                }]
            },
            "target": {
                "scope": {
                    "exclude": [],
                    "include": []
                },
                "filter": {
                    "by_request_type": {
                        "show_only_in_scope_items": True
                    }
                }
            }
        }
        scope = []

        for r in parsed:
            u = urlparse(r)
            pp = u.path.split("/")

            if pp[-1].find(".") > -1:
                pp[-1] = ""
            working.append("https://{0}{1}".format(u.netloc,
                                                   "/".join(pp)).rstrip("/"))

        for w in sorted(set(working), key=len):
            found = False
            for c in consolidated:
                if w.find(c) == 0:
                    found = True
            if not found:
                consolidated.append(w)

        for x in consolidated:
            u = urlparse(x)
            scope.append("https://{0}{1}".format(u.netloc, u.path))
            scope.append("http://{0}{1}".format(u.netloc, u.path))
            project["target"]["scope"]["include"].append({
                "enabled": "true",
                "protocol": "any",
                "host": u.netloc,
                "file": u.path
            })
        Writer.Replace(self.scope, "\n".join(scope))
        Writer.Json(self.project, project)
        Writer.Replace(self.orig, "\n".join(parsed))
Beispiel #7
0
 def _start_belch(self):
     time.sleep(2)
     Writer.Replace(self.burp, "<?xml version=\"1.0\"?>\n<items></items>")
     waabi.belch.Cli().Start(self.burp, None)
Beispiel #8
0
 def Header(record,fp):
     Writer.Json(fp,record.request.header)
     return "Header Written to: {0}".format(fp)
Beispiel #9
0
 def Save(self):
     Writer.Json(self._file, self._options)