def _gen_burpitem(self, output_fn): try: tree = ET.parse(self.find_file(output_fn)) for item in tree.getroot().iter('item'): fr = FuzzRequest() fr.update_from_raw_http( raw=b64decode(item.find('request').text or "").decode('utf-8'), scheme=item.find('protocol').text, raw_response=b64decode(item.find('response').text or "")) fr.wf_ip = { 'ip': item.find('host').attrib.get('ip', None) or item.find('host').text, 'port': item.find('port').text } frr = FuzzResult(history=fr) yield frr.update() return except IOError as e: raise FuzzExceptBadFile( "Error opening Burp items payload file. %s" % str(e)) except EOFError: return
def _gen_burpitem(self, output_fn): try: tree = ET.parse(self.find_file(output_fn)) for item in tree.getroot().iter("item"): fr = FuzzRequest() fr.update_from_raw_http( raw=b64decode(item.find("request").text or "").decode("utf-8"), scheme=item.find("protocol").text, raw_response=b64decode(item.find("response").text or ""), ) fr.wf_ip = { "ip": item.find("host").attrib.get("ip", None) or item.find("host").text, "port": item.find("port").text, } frr = FuzzResult(history=fr) yield frr.update() return except IOError as e: raise FuzzExceptBadFile( "Error opening Burp items payload file. %s" % str(e)) except EOFError: return
def _gen_wfuzz(self, output_fn): try: with open(self.find_file(output_fn), "r") as f: for ( url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2, ) in [re.split(r"\t+", x) for x in f.readlines()]: raw_req1 = base64.decodestring(req2) # raw_res1 = base64.decodestring(res2) item = FuzzResult() item.history = FuzzRequest() item.history.update_from_raw_http(raw_req1, schema1) yield item except IOError as e: raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e)) except EOFError: raise StopIteration
def parse_burp_log(self, burp_log): burp_file = None try: burp_file = open(self.find_file(burp_log), 'rb') history = 'START' rl = burp_file.readline() while rl != "": if history == "START": if rl == DELIMITER: history = "HEADER" elif history == "HEADER": if rl == DELIMITER: raw_request = "" history = "REQUEST" else: matched = HEADER.match(rl) ctime, host, ip_address = matched.group(1, 3, 5) elif history == "REQUEST": if rl == DELIMITER: history = "DELIM1" else: raw_request += rl elif history == "DELIM1": if rl == CRLF: raw_response = "" history = "DELIM3" else: raw_response = rl history = "RESPONSE" elif history == "RESPONSE": if rl == DELIMITER: history = "DELIM2" else: raw_response += rl elif history == "DELIM2": if rl == CRLF: history = "DELIM3" elif history == "DELIM3": if rl == CRLF: history = "DELIM4" elif history == "DELIM4": if rl == CRLF: fr = FuzzRequest() fr.update_from_raw_http(raw_request, host[:host.find("://")], raw_response) frr = FuzzResult(history=fr) yield frr.update() history = "START" rl = burp_file.readline() except IOError as e: raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e)) finally: if burp_file is not None: burp_file.close()
def parse_burp_log(self, burp_log): burp_file = None try: burp_file = open(self.find_file(burp_log), 'rb') history = 'START' rl = burp_file.readline() while rl != "": if history == "START": if rl == DELIMITER: history = "HEADER" elif history == "HEADER": if rl == DELIMITER: raw_request = "" history = "REQUEST" else: matched = HEADER.match(rl) ctime, host, ip_address = matched.group(1, 3, 5) elif history == "REQUEST": if rl == DELIMITER: history = "DELIM1" else: raw_request += rl elif history == "DELIM1": if rl == CRLF: raw_response = "" history = "DELIM3" else: raw_response = rl history = "RESPONSE" elif history == "RESPONSE": if rl == DELIMITER: history = "DELIM2" else: raw_response += rl elif history == "DELIM2": if rl == CRLF: history = "DELIM3" elif history == "DELIM3": if rl == CRLF: history = "DELIM4" elif history == "DELIM4": if rl == CRLF: fr = FuzzRequest() fr.update_from_raw_http(raw_request, host[:host.find("://")], raw_response) frr = FuzzResult(history=fr) yield frr.update() history = "START" rl = burp_file.readline() except IOError, e: raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
def __init__(self, description, show_field): fr = FuzzRequest() fr.url = "http://www.wfuzz.org/path?param=1¶m2=2" fuzz_res = FuzzResult(history=fr) fuzz_res._description = description fuzz_res._show_field = show_field self.outfile = BytesIO() with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f: pickle.dump(fuzz_res, f) self.outfile.seek(0) self.outfile.name = "mockfile"
def _gen_wfuzz(self, output_fn): try: with open(self.find_file(output_fn), 'r') as f: for url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2 in map(lambda x: re.split(r'\t+', x), f.readlines()): raw_req1 = base64.decodestring(req2) raw_res1 = base64.decodestring(res2) item = FuzzResult() item.history = FuzzRequest() item.history.update_from_raw_http(raw_req1, schema1) item.type = FuzzResult.result yield item except IOError, e: raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e))
def burp_to_xml(self, filename): '''Unzip Burp's file, remove non-printable characters, CDATA any HTML, include a valid XML header and trailer, and return a valid XML string.''' z = zipfile.ZipFile(self.find_file(filename)) # Open Burp's zip file burp = z.read('burp', 'rb') # Read-in the main burp file m = TAG.match(burp, 0) # Match a tag at the start of the string while m: index = m.end() etag = m.group().replace('<', '</') # Matching tag m = TAG.match(burp, index) # Attempt to get the next tag if not m: # Data folows # Read the type of data using Burp's binary data headers value, length = self.burp_binary_field(burp, index) if value is None: break index += length + len(etag) # Point our index to the next tag m = TAG.match(burp, index) # And retrieve it if self.params[ "checkversion"] and etag == "</version>" and value not in [ "65", "67" ]: raise FuzzExceptBadFile("Unknown burp log version %s" % value) if etag == "</https>": https_tag = value == "True" if etag in self.request_tags: raw_request = self.strip_cdata(value) if etag in self.response_tags: fr = FuzzRequest() fr.update_from_raw_http( raw_request, "http" if not https_tag else "https", self.strip_cdata(value)) frr = FuzzResult(history=fr) raw_request = "" https_tag = "" yield frr.update()
def _gen_wfuzz(self, output_fn): try: with open(self.find_file(output_fn), 'r') as f: for url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2 in map( lambda x: re.split(r'\t+', x), f.readlines()): raw_req1 = base64.decodestring(req2) raw_res1 = base64.decodestring(res2) item = FuzzResult() item.history = FuzzRequest() item.history.update_from_raw_http(raw_req1, schema1) item.type = FuzzResult.result yield item except IOError, e: raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e))
def get_filtered_fuzzrequest(self, filter_str): fr = FuzzRequest() fr.update_from_raw_http(raw_req, "http", raw_resp, b"") fuzz_res = FuzzResult(history=fr) ffilter = FuzzResFilter(filter_string=filter_str) ffilter.is_visible(fuzz_res) return fuzz_res
def burp_to_xml(self, filename): '''Unzip Burp's file, remove non-printable characters, CDATA any HTML, include a valid XML header and trailer, and return a valid XML string.''' z = zipfile.ZipFile(self.find_file(filename)) # Open Burp's zip file burp = z.read('burp', 'rb') # Read-in the main burp file m = TAG.match(burp, 0) # Match a tag at the start of the string while m: index = m.end() etag = m.group().replace('<', '</') # Matching tag m = TAG.match(burp, index) # Attempt to get the next tag if not m: # Data folows # Read the type of data using Burp's binary data headers value, length = self.burp_binary_field(burp, index) if value is None: break index += length + len(etag) # Point our index to the next tag m = TAG.match(burp, index) # And retrieve it if self.params["checkversion"] and etag == "</version>" and value not in ["65", "67"]: raise FuzzExceptBadFile("Unknown burp log version %s" % value) if etag == "</https>": https_tag = value == "True" if etag in self.request_tags: raw_request = self.strip_cdata(value) if etag in self.response_tags: fr = FuzzRequest() fr.update_from_raw_http(raw_request, "http" if not https_tag else "https", self.strip_cdata(value)) frr = FuzzResult(history=fr) raw_request = "" https_tag = "" yield frr.update()
def test_nonexisting(self): fr = FuzzRequest() fr.url = "http://www.wfuzz.org/path?param=1¶m2=2" fuzz_res = FuzzResult(history=fr) with self.assertRaises(Exception) as context: ffilter = FuzzResFilter(filter_string="url=-'test'") ffilter.is_visible(fuzz_res) self.assertTrue("rsetattr: Can't set" in str(context.exception)) with self.assertRaises(Exception) as context: ffilter = FuzzResFilter(filter_string="notthere=-'test'") ffilter.is_visible(fuzz_res) self.assertTrue("rgetattr: Can't get" in str(context.exception)) with self.assertRaises(Exception) as context: ffilter = FuzzResFilter( filter_string="r.params.get.notthere=-'test'") ffilter.is_visible(fuzz_res) self.assertTrue( "DotDict: Non-existing field" in str(context.exception))
def parse_burp_log(self, burp_log): burp_file = None try: burp_file = open( self.find_file(burp_log), "r", encoding="utf-8", errors="surrogateescape", ) history = "START" rl = burp_file.readline() while rl != "": if history == "START": if rl == DELIMITER: history = "HEADER" elif history == "HEADER": if rl == DELIMITER: raw_request = "" history = "REQUEST" else: matched = HEADER.match(rl) ctime, host, ip_address = matched.group(1, 3, 5) elif history == "REQUEST": if rl == DELIMITER: history = "DELIM1" else: raw_request += rl elif history == "DELIM1": if rl == CRLF: raw_response = "" history = "DELIM3" else: raw_response = rl history = "RESPONSE" elif history == "RESPONSE": if rl == DELIMITER: history = "DELIM2" else: raw_response += rl elif history == "DELIM2": if rl == CRLF: history = "DELIM3" elif history == "DELIM3": if rl == CRLF: history = "DELIM4" elif history == "DELIM4": if rl == CRLF: fr = FuzzRequest() # last read line contains an extra CRLF fr.update_from_raw_http(raw_request, host[:host.find("://")], raw_response[:-1]) frr = FuzzResult(history=fr) yield frr.update() history = "START" rl = burp_file.readline() except IOError as e: raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e)) finally: if burp_file is not None: burp_file.close()