Ejemplo n.º 1
0
    def _gen_burpitem(self, output_fn):
        try:
            tree = ET.parse(self.find_file(output_fn))
            for item in tree.getroot().iter('item'):
                fr = FuzzRequest()
                fr.update_from_raw_http(
                    raw=b64decode(item.find('request').text
                                  or "").decode('utf-8'),
                    scheme=item.find('protocol').text,
                    raw_response=b64decode(item.find('response').text or ""))
                fr.wf_ip = {
                    'ip':
                    item.find('host').attrib.get('ip', None)
                    or item.find('host').text,
                    'port':
                    item.find('port').text
                }
                frr = FuzzResult(history=fr)

                yield frr.update()
            return
        except IOError as e:
            raise FuzzExceptBadFile(
                "Error opening Burp items payload file. %s" % str(e))
        except EOFError:
            return
Ejemplo n.º 2
0
    def _gen_burpitem(self, output_fn):
        try:
            tree = ET.parse(self.find_file(output_fn))
            for item in tree.getroot().iter("item"):
                fr = FuzzRequest()
                fr.update_from_raw_http(
                    raw=b64decode(item.find("request").text
                                  or "").decode("utf-8"),
                    scheme=item.find("protocol").text,
                    raw_response=b64decode(item.find("response").text or ""),
                )
                fr.wf_ip = {
                    "ip":
                    item.find("host").attrib.get("ip", None)
                    or item.find("host").text,
                    "port":
                    item.find("port").text,
                }
                frr = FuzzResult(history=fr)

                yield frr.update()
            return
        except IOError as e:
            raise FuzzExceptBadFile(
                "Error opening Burp items payload file. %s" % str(e))
        except EOFError:
            return
Ejemplo n.º 3
0
    def _gen_wfuzz(self, output_fn):
        try:

            with open(self.find_file(output_fn), "r") as f:
                for (
                    url1,
                    port1,
                    schema1,
                    req1,
                    resp1,
                    url2,
                    port2,
                    schema2,
                    req2,
                    resp2,
                    url3,
                    port3,
                    schema3,
                    req3,
                    resp3,
                    res1,
                    res2,
                ) in [re.split(r"\t+", x) for x in f.readlines()]:
                    raw_req1 = base64.decodestring(req2)
                    # raw_res1 = base64.decodestring(res2)

                    item = FuzzResult()
                    item.history = FuzzRequest()
                    item.history.update_from_raw_http(raw_req1, schema1)

                    yield item
        except IOError as e:
            raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e))
        except EOFError:
            raise StopIteration
Ejemplo n.º 4
0
    def parse_burp_log(self, burp_log):
        burp_file = None

        try:
            burp_file = open(self.find_file(burp_log), 'rb')

            history = 'START'

            rl = burp_file.readline()
            while rl != "":
                if history == "START":
                    if rl == DELIMITER:
                        history = "HEADER"
                elif history == "HEADER":
                    if rl == DELIMITER:
                        raw_request = ""
                        history = "REQUEST"
                    else:
                        matched = HEADER.match(rl)
                        ctime, host, ip_address = matched.group(1, 3, 5)
                elif history == "REQUEST":
                    if rl == DELIMITER:
                        history = "DELIM1"
                    else:
                        raw_request += rl
                elif history == "DELIM1":
                    if rl == CRLF:
                        raw_response = ""
                        history = "DELIM3"
                    else:
                        raw_response = rl
                        history = "RESPONSE"
                elif history == "RESPONSE":
                    if rl == DELIMITER:
                        history = "DELIM2"
                    else:
                        raw_response += rl
                elif history == "DELIM2":
                    if rl == CRLF:
                        history = "DELIM3"
                elif history == "DELIM3":
                    if rl == CRLF:
                        history = "DELIM4"
                elif history == "DELIM4":
                    if rl == CRLF:
                        fr = FuzzRequest()
                        fr.update_from_raw_http(raw_request, host[:host.find("://")], raw_response)
                        frr = FuzzResult(history=fr)

                        yield frr.update()

                        history = "START"

                rl = burp_file.readline()

        except IOError as e:
            raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
        finally:
            if burp_file is not None:
                burp_file.close()
Ejemplo n.º 5
0
    def parse_burp_log(self, burp_log):
        burp_file = None

        try:
            burp_file = open(self.find_file(burp_log), 'rb')

            history = 'START'

            rl = burp_file.readline()
            while rl != "":
                if history == "START":
                    if rl == DELIMITER:
                        history = "HEADER"
                elif history == "HEADER":
                    if rl == DELIMITER:
                        raw_request = ""
                        history = "REQUEST"
                    else:
                        matched = HEADER.match(rl)
                        ctime, host, ip_address = matched.group(1, 3, 5)
                elif history == "REQUEST":
                    if rl == DELIMITER:
                        history = "DELIM1"
                    else:
                        raw_request += rl
                elif history == "DELIM1":
                    if rl == CRLF:
                        raw_response = ""
                        history = "DELIM3"
                    else:
                        raw_response = rl
                        history = "RESPONSE"
                elif history == "RESPONSE":
                    if rl == DELIMITER:
                        history = "DELIM2"
                    else:
                        raw_response += rl
                elif history == "DELIM2":
                    if rl == CRLF:
                        history = "DELIM3"
                elif history == "DELIM3":
                    if rl == CRLF:
                        history = "DELIM4"
                elif history == "DELIM4":
                    if rl == CRLF:
                        fr = FuzzRequest()
                        fr.update_from_raw_http(raw_request,
                                                host[:host.find("://")],
                                                raw_response)
                        frr = FuzzResult(history=fr)

                        yield frr.update()

                        history = "START"

                rl = burp_file.readline()

        except IOError, e:
            raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
Ejemplo n.º 6
0
            def __init__(self, description, show_field):
                fr = FuzzRequest()
                fr.url = "http://www.wfuzz.org/path?param=1&param2=2"
                fuzz_res = FuzzResult(history=fr)
                fuzz_res._description = description
                fuzz_res._show_field = show_field

                self.outfile = BytesIO()

                with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f:
                    pickle.dump(fuzz_res, f)

                self.outfile.seek(0)
                self.outfile.name = "mockfile"
Ejemplo n.º 7
0
    def _gen_wfuzz(self, output_fn):
	try:

            with open(self.find_file(output_fn), 'r') as f:
                for url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2 in map(lambda x: re.split(r'\t+', x), f.readlines()):
                    raw_req1 = base64.decodestring(req2)
                    raw_res1 = base64.decodestring(res2)

                    item = FuzzResult()
                    item.history = FuzzRequest()
                    item.history.update_from_raw_http(raw_req1, schema1)

                    item.type = FuzzResult.result

		    yield item
	except IOError, e:
	    raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e))
Ejemplo n.º 8
0
    def burp_to_xml(self, filename):
        '''Unzip Burp's file, remove non-printable characters, CDATA any HTML,
            include a valid XML header and trailer, and return a valid XML string.'''

        z = zipfile.ZipFile(self.find_file(filename))  # Open Burp's zip file
        burp = z.read('burp', 'rb')  # Read-in the main burp file
        m = TAG.match(burp, 0)  # Match a tag at the start of the string
        while m:
            index = m.end()
            etag = m.group().replace('<', '</')  # Matching tag

            m = TAG.match(burp, index)  # Attempt to get the next tag
            if not m:  # Data folows
                # Read the type of data using Burp's binary data headers
                value, length = self.burp_binary_field(burp, index)
                if value is None:
                    break

                index += length + len(etag)  # Point our index to the next tag
                m = TAG.match(burp, index)  # And retrieve it

                if self.params[
                        "checkversion"] and etag == "</version>" and value not in [
                            "65", "67"
                        ]:
                    raise FuzzExceptBadFile("Unknown burp log version %s" %
                                            value)

                if etag == "</https>":
                    https_tag = value == "True"

                if etag in self.request_tags:
                    raw_request = self.strip_cdata(value)

                if etag in self.response_tags:
                    fr = FuzzRequest()
                    fr.update_from_raw_http(
                        raw_request, "http" if not https_tag else "https",
                        self.strip_cdata(value))
                    frr = FuzzResult(history=fr)

                    raw_request = ""
                    https_tag = ""

                    yield frr.update()
Ejemplo n.º 9
0
    def _gen_wfuzz(self, output_fn):
        try:

            with open(self.find_file(output_fn), 'r') as f:
                for url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2 in map(
                        lambda x: re.split(r'\t+', x), f.readlines()):
                    raw_req1 = base64.decodestring(req2)
                    raw_res1 = base64.decodestring(res2)

                    item = FuzzResult()
                    item.history = FuzzRequest()
                    item.history.update_from_raw_http(raw_req1, schema1)

                    item.type = FuzzResult.result

                    yield item
        except IOError, e:
            raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" %
                                    str(e))
Ejemplo n.º 10
0
    def get_filtered_fuzzrequest(self, filter_str):
        fr = FuzzRequest()
        fr.update_from_raw_http(raw_req, "http", raw_resp, b"")

        fuzz_res = FuzzResult(history=fr)

        ffilter = FuzzResFilter(filter_string=filter_str)
        ffilter.is_visible(fuzz_res)

        return fuzz_res
Ejemplo n.º 11
0
    def burp_to_xml(self, filename):
        '''Unzip Burp's file, remove non-printable characters, CDATA any HTML,
        include a valid XML header and trailer, and return a valid XML string.'''

        z = zipfile.ZipFile(self.find_file(filename))  # Open Burp's zip file
        burp = z.read('burp', 'rb')  # Read-in the main burp file
        m = TAG.match(burp, 0)  # Match a tag at the start of the string
        while m:
            index = m.end()
            etag = m.group().replace('<', '</')  # Matching tag

            m = TAG.match(burp, index)  # Attempt to get the next tag
            if not m:  # Data folows
                # Read the type of data using Burp's binary data headers
                value, length = self.burp_binary_field(burp, index)
                if value is None:
                    break

                index += length + len(etag)  # Point our index to the next tag
                m = TAG.match(burp, index)  # And retrieve it

                if self.params["checkversion"] and etag == "</version>" and value not in ["65", "67"]:
                    raise FuzzExceptBadFile("Unknown burp log version %s" % value)

                if etag == "</https>":
                    https_tag = value == "True"

                if etag in self.request_tags:
                    raw_request = self.strip_cdata(value)

                if etag in self.response_tags:
                    fr = FuzzRequest()
                    fr.update_from_raw_http(raw_request, "http" if not https_tag else "https", self.strip_cdata(value))
                    frr = FuzzResult(history=fr)

                    raw_request = ""
                    https_tag = ""

                    yield frr.update()
Ejemplo n.º 12
0
    def test_nonexisting(self):
        fr = FuzzRequest()
        fr.url = "http://www.wfuzz.org/path?param=1&param2=2"

        fuzz_res = FuzzResult(history=fr)

        with self.assertRaises(Exception) as context:
            ffilter = FuzzResFilter(filter_string="url=-'test'")
            ffilter.is_visible(fuzz_res)
            self.assertTrue("rsetattr: Can't set" in str(context.exception))

        with self.assertRaises(Exception) as context:
            ffilter = FuzzResFilter(filter_string="notthere=-'test'")
            ffilter.is_visible(fuzz_res)
            self.assertTrue("rgetattr: Can't get" in str(context.exception))

        with self.assertRaises(Exception) as context:
            ffilter = FuzzResFilter(
                filter_string="r.params.get.notthere=-'test'")
            ffilter.is_visible(fuzz_res)
            self.assertTrue(
                "DotDict: Non-existing field" in str(context.exception))
Ejemplo n.º 13
0
    def parse_burp_log(self, burp_log):
        burp_file = None

        try:
            burp_file = open(
                self.find_file(burp_log),
                "r",
                encoding="utf-8",
                errors="surrogateescape",
            )

            history = "START"

            rl = burp_file.readline()
            while rl != "":
                if history == "START":
                    if rl == DELIMITER:
                        history = "HEADER"
                elif history == "HEADER":
                    if rl == DELIMITER:
                        raw_request = ""
                        history = "REQUEST"
                    else:
                        matched = HEADER.match(rl)
                        ctime, host, ip_address = matched.group(1, 3, 5)
                elif history == "REQUEST":
                    if rl == DELIMITER:
                        history = "DELIM1"
                    else:
                        raw_request += rl
                elif history == "DELIM1":
                    if rl == CRLF:
                        raw_response = ""
                        history = "DELIM3"
                    else:
                        raw_response = rl
                        history = "RESPONSE"
                elif history == "RESPONSE":
                    if rl == DELIMITER:
                        history = "DELIM2"
                    else:
                        raw_response += rl
                elif history == "DELIM2":
                    if rl == CRLF:
                        history = "DELIM3"
                elif history == "DELIM3":
                    if rl == CRLF:
                        history = "DELIM4"
                elif history == "DELIM4":
                    if rl == CRLF:
                        fr = FuzzRequest()
                        # last read line contains an extra CRLF
                        fr.update_from_raw_http(raw_request,
                                                host[:host.find("://")],
                                                raw_response[:-1])
                        frr = FuzzResult(history=fr)

                        yield frr.update()

                        history = "START"

                rl = burp_file.readline()

        except IOError as e:
            raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
        finally:
            if burp_file is not None:
                burp_file.close()