def do_POST_check(parameter): http_request_method = "POST" # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'", "\"") # Check if JSON Object. if checks.is_JSON_check(parameter): if not settings.IS_JSON: checks.process_json_data() settings.PARAMETER_DELIMITER = "," # Check if XML Object. elif checks.is_XML_check(parameter): if not settings.IS_XML: checks.process_xml_data() settings.PARAMETER_DELIMITER = "" else: pass parameters_list = [] # Split multiple parameters if settings.IS_XML: _ = [] parameters = re.findall(r'(.*)', parameter) parameters = [param + "\n" for param in parameters if param] for value in range(0, len(parameters)): _.append(parameters[value]) multi_parameters = _ else: try: multi_parameters = parameter.split(settings.PARAMETER_DELIMITER) except ValueError, err_msg: print settings.print_critical_msg(err_msg) sys.exit(0)
def do_POST_check(parameter): http_request_method = "POST" # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'","\"") # Check if JSON Object. if checks.is_JSON_check(parameter): if not settings.IS_JSON: checks.process_json_data() settings.PARAMETER_DELIMITER = "," # Check if XML Object. elif checks.is_XML_check(parameter): if not settings.IS_XML: checks.process_xml_data() settings.PARAMETER_DELIMITER = "" else: pass parameters_list = [] # Split multiple parameters if settings.IS_XML: _ = [] parameters = re.findall(r'(.*)', parameter) parameters = [param + "\n" for param in parameters if param] for value in range(0,len(parameters)): _.append(parameters[value]) multi_parameters = _ else: try: multi_parameters = parameter.split(settings.PARAMETER_DELIMITER) multi_parameters = [x for x in multi_parameters if x] except ValueError, err_msg: print settings.print_critical_msg(err_msg) raise SystemExit()
def logfile_parser(): """ Warning message for mutiple request in same log file. """ def multi_requests(): print(settings.SINGLE_WHITESPACE) err_msg = "Multiple" if menu.options.requestfile: err_msg += " requests" elif menu.options.logfile: err_msg += " targets" err_msg += " are not supported, thus all coming" if menu.options.requestfile: err_msg += " requests " elif menu.options.logfile: err_msg += " targets " err_msg += "will be ignored." sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() return False """ Error message for invalid data. """ def invalid_data(request): print(settings.SINGLE_WHITESPACE) err_msg = "Specified file " err_msg += "'" + os.path.split(request_file)[1] + "'" err_msg += " does not contain a valid HTTP request." sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() raise SystemExit() if menu.options.requestfile: info_msg = "Parsing HTTP request " request_file = menu.options.requestfile elif menu.options.logfile: info_msg = "Parsing target " request_file = menu.options.logfile info_msg += "using the '" + os.path.split(request_file)[1] + "' file. " sys.stdout.write(settings.print_info_msg(info_msg)) sys.stdout.flush() if not os.path.exists(request_file): print(settings.SINGLE_WHITESPACE) err_msg = "It seems that the '" + request_file + "' file, does not exist." sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() raise SystemExit() else: try: if menu.options.requestfile: with open(request_file, 'r') as file: settings.RAW_HTTP_HEADERS = [line.strip() for line in file] settings.RAW_HTTP_HEADERS = [ header for header in settings.RAW_HTTP_HEADERS if header ] settings.RAW_HTTP_HEADERS = settings.RAW_HTTP_HEADERS[1:] settings.RAW_HTTP_HEADERS = settings.RAW_HTTP_HEADERS[:-1] settings.RAW_HTTP_HEADERS = '\\n'.join( settings.RAW_HTTP_HEADERS) except IOError as err_msg: error_msg = "The '" + request_file + "' " error_msg += str(err_msg.args[1]).lower() + "." print(settings.SINGLE_WHITESPACE) print(settings.print_critical_msg(error_msg)) raise SystemExit() if os.stat(request_file).st_size != 0: with open(request_file, 'r') as file: request = file.read() else: invalid_data(request_file) single_request = True pattern = r'HTTP/([\d.]+)' if len(re.findall(pattern, request)) > 1: single_request = multi_requests() if len(settings.HTTP_METHOD) == 0: http_method = request.strip().splitlines()[0].split()[0] settings.HTTP_METHOD = http_method else: http_method = settings.HTTP_METHOD if "\\n" in request: request = request.replace("\\n", "\n") request_url = re.findall(r"" + " (.*) HTTP/", request) if request_url: # Check last line for POST data if len(request.splitlines()[-1]) != 0: result = [item for item in request.splitlines() if item] multiple_xml = [] for item in result: if checks.is_XML_check(item): multiple_xml.append(item) if len(multiple_xml) != 0: menu.options.data = '\n'.join( [str(item) for item in multiple_xml]) else: menu.options.data = result[len(result) - 1] else: try: # Check if url ends with "=". if request_url[0].endswith("="): request_url = request_url[0].replace( "=", "=" + settings.INJECT_TAG, 1) except IndexError: invalid_data(request_file) # Check if invalid data if not request_url: invalid_data(request_file) else: request_url = "".join([str(i) for i in request_url]) # Check for other headers extra_headers = "" prefix = "http://" for line in request.splitlines(): if re.findall(r"Host: " + "(.*)", line): menu.options.host = "".join( [str(i) for i in re.findall(r"Host: " + "(.*)", line)]) # User-Agent Header elif re.findall( r"User-Agent: " + "(.*)", line) and not (menu.options.agent or menu.options.mobile): menu.options.agent = "".join([ str(i) for i in re.findall(r"User-Agent: " + "(.*)", line) ]) # Cookie Header elif re.findall(r"Cookie: " + "(.*)", line): menu.options.cookie = "".join( [str(i) for i in re.findall(r"Cookie: " + "(.*)", line)]) # Referer Header elif re.findall(r"Referer: " + "(.*)", line): menu.options.referer = "".join( [str(i) for i in re.findall(r"Referer: " + "(.*)", line)]) if menu.options.referer and "https://" in menu.options.referer: prefix = "https://" elif re.findall(r"Authorization: " + "(.*)", line): auth_provided = "".join([ str(i) for i in re.findall(r"Authorization: " + "(.*)", line) ]).split() menu.options.auth_type = auth_provided[0].lower() if menu.options.auth_type == "basic": menu.options.auth_cred = base64.b64decode( auth_provided[1]).decode() elif menu.options.auth_type == "digest": if not menu.options.auth_cred: print(settings.SINGLE_WHITESPACE) err_msg = "Use the '--auth-cred' option to provide a valid pair of " err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") " print(settings.print_critical_msg(err_msg)) raise SystemExit() # Add extra headers else: match = re.findall(r"(.*): (.*)", line) match = "".join([str(i) for i in match]).replace("', '", ":") match = match.replace("('", "") match = match.replace("')", "\\n") # Ignore some header. if "Content-Length" or "Accept-Encoding" in match: extra_headers = extra_headers else: extra_headers = extra_headers + match # Extra headers menu.options.headers = extra_headers # Target URL if not menu.options.host: invalid_data(request_file) else: menu.options.url = prefix + menu.options.host + request_url if single_request: sys.stdout.write(settings.SUCCESS_STATUS + "\n") sys.stdout.flush() if menu.options.logfile and settings.VERBOSITY_LEVEL != 0: sub_content = http_method + " " + prefix + menu.options.host + request_url print(settings.print_sub_content(sub_content)) if menu.options.cookie: sub_content = "Cookie: " + menu.options.cookie print(settings.print_sub_content(sub_content)) if menu.options.data: sub_content = "POST data: " + menu.options.data print(settings.print_sub_content(sub_content)) # eof
def do_POST_check(parameter): http_request_method = "POST" # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'", "\"") # Check if JSON Object. if checks.is_JSON_check(parameter): if not settings.IS_JSON: checks.process_json_data() settings.PARAMETER_DELIMITER = "," # Check if XML Object. elif checks.is_XML_check(parameter): if not settings.IS_XML: checks.process_xml_data() settings.PARAMETER_DELIMITER = "" else: pass parameters_list = [] # Split multiple parameters if settings.IS_XML: _ = [] parameters = re.findall(r'(.*)', parameter) parameters = [param + "\n" for param in parameters if param] for value in range(0, len(parameters)): _.append(parameters[value]) multi_parameters = _ else: multi_parameters = parameter.split(settings.PARAMETER_DELIMITER) # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)) and \ not settings.IS_JSON and \ not settings.IS_XML: checks.inappropriate_format(multi_parameters) # Check for empty values (in provided parameters). # Check if single parameter is supplied. if len(multi_parameters) == 1: #Grab the value of parameter. if settings.IS_JSON: #Grab the value of parameter. value = re.findall(r'\"(.*)\"', parameter) value = ''.join(value) if value != settings.INJECT_TAG: value = re.findall(r'\s*\:\s*\"(.*)\"', parameter) value = ''.join(value) elif settings.IS_XML: #Grab the value of parameter. value = re.findall(r'>(.*)</', parameter) value = ''.join(value) else: _ = [] _.append(parameter) parameter = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameter) value = ''.join(value) if checks.is_empty(multi_parameters, http_request_method): return parameter else: # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) if len(value) == 0: if settings.IS_JSON: parameter = parameter.replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") else: parameter = parameter + settings.INJECT_TAG else: parameter = parameter.replace(value, inject_value) return parameter else: # Check if multiple parameters are supplied without the "INJECT_HERE" tag. if settings.IS_XML: all_params = multi_parameters else: all_params = settings.PARAMETER_DELIMITER.join(multi_parameters) # Check for similarity in provided parameter name and value. all_params = all_params.split(settings.PARAMETER_DELIMITER) all_params = checks.check_similarities(all_params) # Check if not defined the "INJECT_HERE" tag in parameter if settings.INJECT_TAG not in parameter: checks.is_empty(multi_parameters, http_request_method) for param in range(0, len(all_params)): if param == 0: if settings.IS_JSON: old = re.findall(r'\:\"(.*)\"', all_params[param]) old = ''.join(old) elif settings.IS_XML: old = re.findall(r'>(.*)</', all_params[param]) old = ''.join(old) else: old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else: old = value # Grab the value of parameter. if settings.IS_JSON: #Grab the value of parameter. value = re.findall(r'\:\"(.*)\"', all_params[param]) value = ''.join(value) elif settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) == 0: if settings.IS_JSON: #Grab the value of parameter. provided_value = re.findall( r'\"(.*)\"\:', all_params[param]) provided_value = ''.join(provided_value) elif settings.IS_XML: provided_value = re.findall( r'>(.*)</', all_params[param]) provided_value = ''.join(provided_value) else: provided_value = re.findall( r'(.*)=', all_params[param]) provided_value = ''.join(provided_value) else: all_params[param] = all_params[param].replace( value, inject_value) all_params[param - 1] = all_params[param - 1].replace( inject_value, old) parameter = settings.PARAMETER_DELIMITER.join( all_params) parameters_list.append(parameter) parameter = parameters_list else: if len(value) == 0: if settings.IS_JSON: all_params[param] = all_params[param].replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") elif settings.IS_XML: all_params[param] = all_params[param].replace( "></", ">" + settings.INJECT_TAG + "</") else: all_params[param] = all_params[ param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace( value, inject_value) all_params[param - 1] = all_params[param - 1].replace( inject_value, old) parameter = settings.PARAMETER_DELIMITER.join(all_params) parameters_list.append(parameter) parameter = parameters_list else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. if settings.IS_JSON: value = re.findall(r'\"(.*)\"', multi_parameters[param]) value = ''.join(value) if settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) parameter = settings.PARAMETER_DELIMITER.join(multi_parameters) return parameter
def do_POST_check(parameter, http_request_method): # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'", "\"") # Check if JSON Object. if checks.is_JSON_check(checks.check_quotes_json_data(parameter)): parameter = checks.check_quotes_json_data(parameter) if not settings.IS_JSON: checks.process_json_data() settings.PARAMETER_DELIMITER = "," # Check if XML Object. elif checks.is_XML_check(parameter): if not settings.IS_XML: checks.process_xml_data() settings.PARAMETER_DELIMITER = "" else: pass parameters_list = [] # Split multiple parameters if settings.IS_XML: parameter = re.sub(r">\s*<", '>\n<', parameter).replace("\\n", "\n") _ = [] parameters = re.findall(r'(.*)', parameter) parameters = [param + "\n" for param in parameters if param] for value in range(0, len(parameters)): _.append(parameters[value]) multi_parameters = _ else: try: multi_parameters = parameter.split(settings.PARAMETER_DELIMITER) multi_parameters = [x for x in multi_parameters if x] except ValueError as err_msg: print(settings.print_critical_msg(err_msg)) raise SystemExit() # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)) and \ not settings.IS_JSON and \ not settings.IS_XML: checks.inappropriate_format(multi_parameters) # Check if single parameter is supplied. if len(multi_parameters) == 1: # Grab the value of parameter. if settings.IS_JSON: # Grab the value of parameter. value = re.findall(r'\"(.*)\"', parameter) value = ''.join(value) if value != settings.INJECT_TAG: value = re.findall(r'\s*\:\s*\"(.*)\"', parameter) value = ''.join(value) elif settings.IS_XML: # Grab the value of parameter. value = re.findall(r'>(.*)</', parameter) value = ''.join(value) else: _ = [] _.append(parameter) parameter = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameter) value = ''.join(value) if checks.is_empty(multi_parameters, http_request_method): return parameter else: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(parameter): return parameter if re.search(settings.VALUE_BOUNDARIES, value): value = checks.value_boundaries(value) # Replace the value of parameter with INJECT_HERE tag if len(value) == 0: if settings.IS_JSON: parameter = parameter.replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") else: parameter = parameter + settings.INJECT_TAG else: parameter = parameter.replace(value, value + settings.INJECT_TAG) return parameter else: # Check if multiple parameters are supplied without the "INJECT_HERE" tag. if settings.IS_XML: all_params = multi_parameters else: all_params = settings.PARAMETER_DELIMITER.join(multi_parameters) # Check for similarity in provided parameter name and value. all_params = all_params.split(settings.PARAMETER_DELIMITER) all_params = checks.check_similarities(all_params) # Check if not defined the "INJECT_HERE" tag in parameter if settings.INJECT_TAG not in parameter: if checks.is_empty(multi_parameters, http_request_method): return parameter for param in range(0, len(all_params)): if param == 0: if settings.IS_JSON: old = re.findall(r'\:(.*)', all_params[param]) old = re.sub(settings.IGNORE_SPECIAL_CHAR_REGEX, '', ''.join(old)) elif settings.IS_XML: old = re.findall(r'>(.*)</', all_params[param]) old = ''.join(old) else: old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else: old = value if settings.IS_JSON: value = re.findall(r'\:(.*)', all_params[param]) if re.findall(r'\\"(.*)\\"', value[0]): value = re.findall(r'\\"(.*)\\"', value[0]) value = re.sub(settings.IGNORE_SPECIAL_CHAR_REGEX, '', ''.join(value)) elif settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(all_params[param]): continue if re.search(settings.VALUE_BOUNDARIES, value): value = checks.value_boundaries(value) # Replace the value of parameter with INJECT_HERE tag # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) != 0: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") parameter = settings.PARAMETER_DELIMITER.join( all_params) else: if len(value) == 0: if settings.IS_JSON: all_params[param] = all_params[param].replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") elif settings.IS_XML: all_params[param] = all_params[param].replace( "></", ">" + settings.INJECT_TAG + "</") else: all_params[param] = all_params[ param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") parameter = settings.PARAMETER_DELIMITER.join(all_params) parameter = parameter.replace(settings.RANDOM_TAG, "") parameters_list.append(parameter) parameter = parameters_list else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. if settings.IS_JSON: value = re.findall(r'\"(.*)\"', multi_parameters[param]) value = ''.join(value) if settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) parameter = settings.PARAMETER_DELIMITER.join(multi_parameters) return parameter
def logfile_parser(): """ Warning message for mutiple request in same log file. """ def multi_requests(): print "[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]" warn_msg = "Multiple" if menu.options.requestfile: warn_msg += " requests" elif menu.options.logfile: warn_msg += " targets" warn_msg += " are not supported, thus all coming" if menu.options.requestfile: warn_msg += " requests " elif menu.options.logfile: warn_msg += " targets " warn_msg += "will be ignored." sys.stdout.write(settings.print_warning_msg(warn_msg) + "\n") sys.stdout.flush() return False """ Error message for invalid data. """ def invalid_data(request, single_request): if single_request: print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" err_msg = "Something seems to be wrong with " err_msg += "the '" + os.path.split(request_file)[1] + "' file. " sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() sys.exit(0) if menu.options.requestfile: request_file = menu.options.requestfile info_msg = "Parsing HTTP request " elif menu.options.logfile: request_file = menu.options.logfile info_msg = "Parsing target " info_msg += "using the '" + os.path.split(request_file)[1] + "' file... " sys.stdout.write(settings.print_info_msg(info_msg)) sys.stdout.flush() if not os.path.exists(request_file): print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" err_msg = "It seems that the '" + request_file + "' file, does not exist." sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() sys.exit(0) else: # Check for multiple hosts try: request = open(request_file, "r") except IOError, err_msg: try: error_msg = str(err_msg.args[0]).split("] ")[1] + "." except: error_msg = str(err_msg.args[0]) + "." print settings.print_critical_msg(error_msg) raise SystemExit() words_dict = {} for word in request.read().strip().splitlines(): if word[:4].strip() == "GET" or word[:4].strip() == "POST": words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1 # Check if same header appears more than once. single_request = True if len(words_dict.keys()) > 1: single_request = multi_requests() for key in words_dict.keys(): if words_dict[key] > 1: single_request = multi_requests() # Check for GET / POST HTTP Header for http_header in ["GET","POST"]: request = open(request_file, "r") request = request.read() if "\\n" in request: request = request.replace("\\n","\n") request_url = re.findall(r"" + http_header + " (.*) ", request) if request_url: if not single_request: request_url = request_url[0] if http_header == "POST": # Check for POST Data. result = [item for item in request.splitlines() if item] multiple_xml = [] for item in result: if checks.is_XML_check(item): multiple_xml.append(item) if len(multiple_xml) != 0: menu.options.data = '\n'.join([str(item) for item in multiple_xml]) else: menu.options.data = result[len(result)-1] else: try: # Check if url ends with "=". if request_url[0].endswith("="): request_url = request_url[0].replace("=","=" + settings.INJECT_TAG, 1) except IndexError: invalid_data(request_file, single_request) break # Check if invalid data if not request_url: invalid_data(request_file, single_request) else: request_url = "".join([str(i) for i in request_url]) # Check for other headers extra_headers = "" prefix = "http://" for line in request.splitlines(): if re.findall(r"Host: " + "(.*)", line): menu.options.host = "".join([str(i) for i in re.findall(r"Host: " + "(.*)", line)]) # User-Agent Header elif re.findall(r"User-Agent: " + "(.*)", line): menu.options.agent = "".join([str(i) for i in re.findall(r"User-Agent: " + "(.*)", line)]) # Cookie Header elif re.findall(r"Cookie: " + "(.*)", line): menu.options.cookie = "".join([str(i) for i in re.findall(r"Cookie: " + "(.*)", line)]) # Referer Header elif re.findall(r"Referer: " + "(.*)", line): menu.options.referer = "".join([str(i) for i in re.findall(r"Referer: " + "(.*)", line)]) if menu.options.referer and "https://" in menu.options.referer: prefix = "https://" elif re.findall(r"Authorization: " + "(.*)", line): auth_provided = "".join([str(i) for i in re.findall(r"Authorization: " + "(.*)", line)]).split() menu.options.auth_type = auth_provided[0].lower() if menu.options.auth_type == "basic": menu.options.auth_cred = base64.b64decode(auth_provided[1]) elif menu.options.auth_type == "digest": if not menu.options.auth_cred: print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" err_msg = "Use the '--auth-cred' option to provide a valid pair of " err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") " print settings.print_critical_msg(err_msg) sys.exit(0) # Add extra headers else: match = re.findall(r"(.*): (.*)", line) match = "".join([str(i) for i in match]).replace("', '",":") match = match.replace("('","") match = match.replace("')","\\n") # Ignore some header. if "Content-Length" or "Accept-Encoding" in match: extra_headers = extra_headers else: extra_headers = extra_headers + match # Extra headers menu.options.headers = extra_headers # Target URL if not menu.options.host: invalid_data(request_file, single_request) else: menu.options.url = prefix + menu.options.host + request_url if single_request: sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") sys.stdout.flush() if menu.options.logfile: info_msg = "Parsed target from '" + os.path.split(request_file)[1] + "' for tests :" print settings.print_info_msg(info_msg) print settings.SUB_CONTENT_SIGN + http_header + " " + prefix + menu.options.host + request_url if http_header == "POST": print settings.SUB_CONTENT_SIGN + "Data: " + menu.options.data # eof
def logfile_parser(): """ Warning message for mutiple request in same log file. """ def multi_requests(): print "[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]" warn_msg = "Multiple" if menu.options.requestfile: warn_msg += " requests" elif menu.options.logfile: warn_msg += " targets" warn_msg += " are not supported, thus all coming" if menu.options.requestfile: warn_msg += " requests " elif menu.options.logfile: warn_msg += " targets " warn_msg += "will be ignored." sys.stdout.write(settings.print_warning_msg(warn_msg) + "\n") sys.stdout.flush() return False """ Error message for invalid data. """ def invalid_data(request, single_request): if single_request: print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" err_msg = "Something seems to be wrong with " err_msg += "the '" + os.path.split(request_file)[1] + "' file. " sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() raise SystemExit() if menu.options.requestfile: request_file = menu.options.requestfile info_msg = "Parsing HTTP request " elif menu.options.logfile: request_file = menu.options.logfile info_msg = "Parsing target " info_msg += "using the '" + os.path.split(request_file)[1] + "' file... " sys.stdout.write(settings.print_info_msg(info_msg)) sys.stdout.flush() if not os.path.exists(request_file): print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" err_msg = "It seems that the '" + request_file + "' file, does not exist." sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") sys.stdout.flush() raise SystemExit() else: # Check for multiple hosts try: request = open(request_file, "r") except IOError, err_msg: try: error_msg = str(err_msg.args[0]).split("] ")[1] + "." except: error_msg = str(err_msg.args[0]) + "." print settings.print_critical_msg(error_msg) raise SystemExit() words_dict = {} for word in request.read().strip().splitlines(): if word[:4].strip() == "GET" or word[:4].strip() == "POST": words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1 # Check if same header appears more than once. single_request = True if len(words_dict.keys()) > 1: single_request = multi_requests() for key in words_dict.keys(): if words_dict[key] > 1: single_request = multi_requests() # Check for GET / POST HTTP Header for http_header in ["GET","POST"]: request = open(request_file, "r") request = request.read() if "\\n" in request: request = request.replace("\\n","\n") request_url = re.findall(r"" + http_header + " (.*) ", request) if request_url: if not single_request: request_url = request_url[0] if http_header == "POST": # Check for POST Data. result = [item for item in request.splitlines() if item] multiple_xml = [] for item in result: if checks.is_XML_check(item): multiple_xml.append(item) if len(multiple_xml) != 0: menu.options.data = '\n'.join([str(item) for item in multiple_xml]) else: menu.options.data = result[len(result)-1] else: try: # Check if url ends with "=". if request_url[0].endswith("="): request_url = request_url[0].replace("=","=" + settings.INJECT_TAG, 1) except IndexError: invalid_data(request_file, single_request) break # Check if invalid data if not request_url: invalid_data(request_file, single_request) else: request_url = "".join([str(i) for i in request_url]) # Check for other headers extra_headers = "" prefix = "http://" for line in request.splitlines(): if re.findall(r"Host: " + "(.*)", line): menu.options.host = "".join([str(i) for i in re.findall(r"Host: " + "(.*)", line)]) # User-Agent Header elif re.findall(r"User-Agent: " + "(.*)", line): menu.options.agent = "".join([str(i) for i in re.findall(r"User-Agent: " + "(.*)", line)]) # Cookie Header elif re.findall(r"Cookie: " + "(.*)", line): menu.options.cookie = "".join([str(i) for i in re.findall(r"Cookie: " + "(.*)", line)]) # Referer Header elif re.findall(r"Referer: " + "(.*)", line): menu.options.referer = "".join([str(i) for i in re.findall(r"Referer: " + "(.*)", line)]) if menu.options.referer and "https://" in menu.options.referer: prefix = "https://" elif re.findall(r"Authorization: " + "(.*)", line): auth_provided = "".join([str(i) for i in re.findall(r"Authorization: " + "(.*)", line)]).split() menu.options.auth_type = auth_provided[0].lower() if menu.options.auth_type == "basic": menu.options.auth_cred = base64.b64decode(auth_provided[1]) elif menu.options.auth_type == "digest": if not menu.options.auth_cred: print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" err_msg = "Use the '--auth-cred' option to provide a valid pair of " err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") " print settings.print_critical_msg(err_msg) raise SystemExit() # Add extra headers else: match = re.findall(r"(.*): (.*)", line) match = "".join([str(i) for i in match]).replace("', '",":") match = match.replace("('","") match = match.replace("')","\\n") # Ignore some header. if "Content-Length" or "Accept-Encoding" in match: extra_headers = extra_headers else: extra_headers = extra_headers + match # Extra headers menu.options.headers = extra_headers # Target URL if not menu.options.host: invalid_data(request_file, single_request) else: menu.options.url = prefix + menu.options.host + request_url if single_request: sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") sys.stdout.flush() if menu.options.logfile: info_msg = "Parsed target from '" + os.path.split(request_file)[1] + "' for tests :" print settings.print_info_msg(info_msg) print settings.SUB_CONTENT_SIGN + http_header + " " + prefix + menu.options.host + request_url if http_header == "POST": print settings.SUB_CONTENT_SIGN + "Data: " + menu.options.data # eof