def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): fuzzer_report = list() for fuzz in fuzzes: report = dict() if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) report['encoding'] = str(encoding) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) response = requester(url, data, headers, GET, delay / 2, timeout) except: logger.error('WAF is dropping suspicious requests.') if delay == 0: logger.info('Delay has been increased to %s6%s seconds.' % (green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: logger.info( '\rFuzzing will continue after %s%i%s seconds.\t\t\r' % (green, limit, end)) limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) logger.good( 'Pheww! Looks like sleeping for %s%i%s seconds worked!' % (green, ((delay + 1) * 2), end)) except: logger.error( '\nLooks like WAF has blocked our IP Address. Sorry!') break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower( ): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) result_report = 'passed' # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) result_report = 'blocked' else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) result_report = 'filtered' logger.info('%s %s' % (result, fuzz)) report['fuzz_string'] = fuzz report['status'] = result_report fuzzer_report.append(report) return fuzzer_report
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): #遍历fuzz,将fuzz赋值给相关参数 for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) #带着fuzz参数去请求 response = requester(url, data, headers, GET, delay / 2, timeout) except: #若出现异常,说明waf丢弃了恶意请求 logger.error('WAF is dropping suspicious requests.') #等待一段时间后,再请求一下,确认ip是否被屏蔽,被屏蔽了就停止fuzz if delay == 0: logger.info('Delay has been increased to %s6%s seconds.' % (green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: logger.info( '\rFuzzing will continue after %s%i%s seconds.\t\t\r' % (green, limit, end)) limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) logger.good( 'Pheww! Looks like sleeping for %s%i%s seconds worked!' % (green, ((delay + 1) * 2), end)) except: logger.error( '\nLooks like WAF has blocked our IP Address. Sorry!') break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower( ): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) logger.info('%s %s' % (result, fuzz))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) response = requester(url, data, headers, GET, delay / 2, timeout) except: logger.error("WAF is dropping suspicious requests.") if delay == 0: logger.info("Delay has been increased to %s6%s seconds." % (green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: logger.info( "\rFuzzing will continue after %s%i%s seconds.\t\t\r" % (green, limit, end)) limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) logger.good( "Pheww! Looks like sleeping for %s%i%s seconds worked!" % (green, ((delay + 1) * 2), end)) except: logger.error( "\nLooks like WAF has blocked our IP Address. Sorry!") break if encoding: fuzz = encoding(fuzz) if (fuzz.lower() in response.text.lower() ): # if fuzz string is reflected in the response result = "%s[passed] %s" % (green, end) # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != "2": result = "%s[blocked] %s" % (red, end) else: # if the fuzz string was not reflected in the response completely result = "%s[filtered]%s" % (yellow, end) logger.info("%s %s" % (result, fuzz))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) response = requester(url, data, headers, GET, delay/2, timeout) except: print ('\n%s WAF is dropping suspicious requests.' % bad) if delay == 0: print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r') limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % ( good, green, (delay + 1) * 2), end) except: print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad) break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) print ('%s %s' % (result, fuzz))