def Code(logs,fp):
mapped = []
multi = False
jpad = 4
opad = 0
tpl = "single"
if not isinstance(logs,list):
logs = [logs]
if len(logs) > 1:
multi = True
jpad = 8
opad = 4
tpl = "multiple"
for log in logs:
mapped.append(Generate.substitute_map(log,jpad))
const_header = "None"
const_cookies = "None"
if multi:
if len(set(map(lambda x: x["@@HEADER"],mapped))) == 1:
const_header = To.Code(logs[0].request.HeaderNoCookies())
for m in mapped:
m["@@HEADER"] = "header"
if len(set(map(lambda x: x["@@COOKIES"],mapped))) == 1:
const_cookies = To.Code(logs[0].request.cookies)
for m in mapped:
m["@@COOKIES"] = "cookies"
t = Reader.Read("{0}/{1}.pyt".format(os.path.dirname(__file__),tpl))
req_objs = [Generate.gen_request_object(m,opad) for m in mapped]
if multi:
t = Reader.Substitute(t,"@@HEADER",const_header)
t = Reader.Substitute(t,"@@COOKIES",const_cookies)
t = Reader.Substitute(t,"@@REQOBJS",",\n".join(req_objs))
else:
t = Reader.Substitute(t,"@@REQOBJ",req_objs[0])
Writer.Replace(fp,t)
return "Python Script Written to: {0}".format(fp)
def load(self):
try:
if os.path.isfile(self._file):
t = Reader.Json(self._file)
for k, v in t.items():
self.Set(k, v)
else:
self.Save()
except:
self.Save()
def Init(self):
if self.options.wordlist:
self._wl = Reader.List(self.options.wordlist)
else:
self._wl = WordList.Get("web-common")
if not self.options.output:
self.options.output = "./dirscan.txt"
if self.options.header:
self._header = Reader.Json(self.options.header)
else:
self._header = waabi.globals.default_header
if not self.options.threads:
self.options.threads = 5
self._counter = 0
self._errors = 0
self._found = []
self._counts = {}
def WithMockOauth(self, issuer, private_key_file, kid):
iat = int(datetime.datetime.now().timestamp())
headers = {"kid": kid}
payload = self.payload
payload["iss"] = issuer
payload["iat"] = iat
payload["exp"] = iat + 3600
try:
token = jwt.encode(payload,
Reader.Read(private_key_file),
algorithm="RS256",
headers=headers)
return token
except Exception as ex:
return "Error encoding token: {0}".format(ex)
def gen_request_object(s_map,pad):
lpad = " " * pad
t = [
"ReqObj(",
" url = @@URL,",
" method = @@METHOD,",
" header = @@HEADER,",
" cookies = @@COOKIES,",
" query = @@QUERY,",
" body = @@BODY",
")"
]
tpl = "\n".join([lpad + l for l in t])
for k,v in s_map.items():
tpl = Reader.Substitute(tpl,k,v)
return tpl
def Construct(payload, keyfile, kid, issuer, header, secret, signature):
alg = header["alg"] if header and "alg" in header.keys() else False
if secret:
if not alg:
return "Error: Header containing an alg must be present when supplying secret."
else:
try:
if alg in ("HS256", "HS512"):
alg_enc = hashlib.sha512 if alg == "HS512" else hashlib.sha256
return Jwty.SignAsHS(header, payload, secret.encode(),
alg_enc)
header.pop("alg", None)
token = jwt.encode(payload,
secret,
algorithm=alg,
headers=header)
return token
except Exception as ex:
return "Error encoding token: {0}".format(ex)
if signature:
eh = Jwty.Uenc(header)
ep = Jwty.Uenc(payload)
return "{0}.{1}.{2}".format(eh.decode(), ep.decode(), signature)
header = header if header else {}
header["alg"] = "RS256"
header["kid"] = kid
payload["iss"] = issuer
try:
token = jwt.encode(payload,
Reader.Read(keyfile),
algorithm="RS256",
headers=header)
return token
except Exception as ex:
return "Error encoding token: {0}".format(ex)
def Reload(self):
self._logs = Parser.ParseBurpLog(Reader.Xml(self.source))
def Get(name):
if name in Payload.GetNames():
return Reader.ReadBytes(
os.path.join(waabi.globals.payload_path, name))
return False
def Init(self):
if self.options.parameter not in ["header", "code", "cli"]:
raise ValueError("Invalid Action parameter")
if not self.options.input:
raise ValueError("Missing required option -i Burp xml export ")
self._burp_xml = Reader.Xml(self.options.input)
def Get(name):
if name in WordList.GetNames():
return Reader.List(
os.path.join(waabi.globals.wordlist_path,
"{0}.txt".format(name)))
return False