def create_thread(self, payloads_num):
for _ in range(self._thread_num):
fuzz_thread = FuzzTask(self._complete_packet, self._payloads_queue,
self.kill_threads, payloads_num)
self._fuzz_threads.append(fuzz_thread)
XssVulnerability.add_observer(fuzz_thread)
fuzz_thread.start()
def main(self):
if self._complete_packet.url is not None:
self.check_complete_packet_is_alive()
self.check_has_params()
if self._use_api:
payloads = PayLoads.get_single_instance().get_payloads(
self._tempers,
self._use_api,
self._model,
)
else:
payloads = PayLoads.get_single_instance().get_payloads(
self._tempers,
False,
self._model,
)
self.create_thread(len(payloads))
self.add_payloads_queue(payloads)
try:
self.monitor_exit(len(payloads))
self._payloads_queue.join()
XssVulnerability.notif_all(self.kill_threads)
except KeyboardInterrupt:
self._canceled = True
XssVulnerability.notif_all(self.kill_threads)
def __init__(self, url, destination, level, cookie, data, tempers, model):
self._payloads_queue = Queue.Queue()
self._fuzz_threads = list()
self._canceled = False
self._model = model
self._tempers = tempers
self._thread_num = TaskSchedule.get_thread_num_by_level(int(level))
self._complete_packet = CompletePacket(url=url,
destination=destination,
cookie=cookie,
data=data)
XssVulnerability.add_observer(self)
def check_xss(self, payload):
if self._stop is False:
try:
child_process = None
while child_process is None:
child_process, payload = self.sub_process_open(payload)
response = self.get_exec_result(child_process)
FuzzTask.print_fuzz_progress(self._payloads_num)
for hook_string in hook_list:
if hook_string in response:
XssVulnerability.add_xss_payload(payload)
self._stop = True
break
except OSError as e:
traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))