def checker(url, params, headers, GET, delay, payload, positions, timeout, encoding):
checkString = 'st4r7s' + payload + '3nd'
if encoding:
checkString = encoding(unquote(checkString))
response = requester(url, replaceValue(
params, xsschecker, checkString, copy.deepcopy), headers, GET, delay, timeout).text.lower()
reflectedPositions = []
for match in re.finditer('st4r7s', response):
reflectedPositions.append(match.start())
filledPositions = fillHoles(positions, reflectedPositions)
# Itretating over the reflections
num = 0
efficiencies = []
for position in filledPositions:
allEfficiencies = []
try:
reflected = response[reflectedPositions[num]
:reflectedPositions[num]+len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
allEfficiencies.append(efficiency)
except IndexError:
pass
if position:
reflected = response[position:position+len(checkString)]
if encoding:
checkString = encoding(checkString.lower())
efficiency = fuzz.partial_ratio(reflected, checkString)
if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')):
efficiency = 90
allEfficiencies.append(efficiency)
efficiencies.append(max(allEfficiencies))
else:
efficiencies.append(0)
num += 1
return list(filter(None, efficiencies))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
fuzzer_report = list()
for fuzz in fuzzes:
report = dict()
if delay == 0:
delay = 0
t = delay + randint(delay, delay * 2) + counter(fuzz)
sleep(t)
try:
if encoding:
fuzz = encoding(unquote(fuzz))
report['encoding'] = str(encoding)
data = replaceValue(params, xsschecker, fuzz, copy.deepcopy)
response = requester(url, data, headers, GET, delay / 2, timeout)
except:
logger.error('WAF is dropping suspicious requests.')
if delay == 0:
logger.info('Delay has been increased to %s6%s seconds.' %
(green, end))
delay += 6
limit = (delay + 1) * 50
timer = -1
while timer < limit:
logger.info(
'\rFuzzing will continue after %s%i%s seconds.\t\t\r' %
(green, limit, end))
limit -= 1
sleep(1)
try:
requester(url, params, headers, GET, 0, 10)
logger.good(
'Pheww! Looks like sleeping for %s%i%s seconds worked!' %
(green, ((delay + 1) * 2), end))
except:
logger.error(
'\nLooks like WAF has blocked our IP Address. Sorry!')
break
if encoding:
fuzz = encoding(fuzz)
if fuzz.lower() in response.text.lower(
): # if fuzz string is reflected in the response
result = ('%s[passed] %s' % (green, end))
result_report = 'passed'
# if the server returned an error (Maybe WAF blocked it)
elif str(response.status_code)[:1] != '2':
result = ('%s[blocked] %s' % (red, end))
result_report = 'blocked'
else: # if the fuzz string was not reflected in the response completely
result = ('%s[filtered]%s' % (yellow, end))
result_report = 'filtered'
logger.info('%s %s' % (result, fuzz))
report['fuzz_string'] = fuzz
report['status'] = result_report
fuzzer_report.append(report)
return fuzzer_report
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
#遍历fuzz,将fuzz赋值给相关参数
for fuzz in fuzzes:
if delay == 0:
delay = 0
t = delay + randint(delay, delay * 2) + counter(fuzz)
sleep(t)
try:
if encoding:
fuzz = encoding(unquote(fuzz))
data = replaceValue(params, xsschecker, fuzz, copy.deepcopy)
#带着fuzz参数去请求
response = requester(url, data, headers, GET, delay / 2, timeout)
except:
#若出现异常,说明waf丢弃了恶意请求
logger.error('WAF is dropping suspicious requests.')
#等待一段时间后,再请求一下,确认ip是否被屏蔽,被屏蔽了就停止fuzz
if delay == 0:
logger.info('Delay has been increased to %s6%s seconds.' %
(green, end))
delay += 6
limit = (delay + 1) * 50
timer = -1
while timer < limit:
logger.info(
'\rFuzzing will continue after %s%i%s seconds.\t\t\r' %
(green, limit, end))
limit -= 1
sleep(1)
try:
requester(url, params, headers, GET, 0, 10)
logger.good(
'Pheww! Looks like sleeping for %s%i%s seconds worked!' %
(green, ((delay + 1) * 2), end))
except:
logger.error(
'\nLooks like WAF has blocked our IP Address. Sorry!')
break
if encoding:
fuzz = encoding(fuzz)
if fuzz.lower() in response.text.lower(
): # if fuzz string is reflected in the response
result = ('%s[passed] %s' % (green, end))
# if the server returned an error (Maybe WAF blocked it)
elif str(response.status_code)[:1] != '2':
result = ('%s[blocked] %s' % (red, end))
else: # if the fuzz string was not reflected in the response completely
result = ('%s[filtered]%s' % (yellow, end))
logger.info('%s %s' % (result, fuzz))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
for fuzz in fuzzes:
if delay == 0:
delay = 0
t = delay + randint(delay, delay * 2) + counter(fuzz)
sleep(t)
try:
if encoding:
fuzz = encoding(unquote(fuzz))
data = replaceValue(params, xsschecker, fuzz, copy.deepcopy)
response = requester(url, data, headers, GET, delay / 2, timeout)
except:
print('\n%s WAF is dropping suspicious requests.' % bad)
if delay == 0:
print('%s Delay has been increased to %s6%s seconds.' %
(info, green, end))
delay += 6
limit = (delay + 1) * 50
timer = -1
while timer < limit:
print('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' %
(info, green, limit, end),
end='\r')
limit -= 1
sleep(1)
try:
requester(url, params, headers, GET, 0, 10)
print(
'\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!'
% (good, green, (delay + 1) * 2), end)
except:
print(
'\n%s Looks like WAF has blocked our IP Address. Sorry!' %
bad)
break
if encoding:
fuzz = encoding(fuzz)
if fuzz.lower() in response.text.lower(
): # if fuzz string is reflected in the response
result = ('%s[passed] %s' % (green, end))
# if the server returned an error (Maybe WAF blocked it)
elif str(response.status_code)[:1] != '2':
result = ('%s[blocked] %s' % (red, end))
else: # if the fuzz string was not reflected in the response completely
result = ('%s[filtered]%s' % (yellow, end))
print('%s %s' % (result, fuzz))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
for fuzz in fuzzes:
if delay == 0:
delay = 0
t = delay + randint(delay, delay * 2) + counter(fuzz)
sleep(t)
try:
if encoding:
fuzz = encoding(unquote(fuzz))
data = replaceValue(params, xsschecker, fuzz, copy.deepcopy)
response = requester(url, data, headers, GET, delay/2, timeout)
except:
print ('\n%s WAF is dropping suspicious requests.' % bad)
if delay == 0:
print ('%s Delay has been increased to %s6%s seconds.' %
(info, green, end))
delay += 6
limit = (delay + 1) * 50
timer = -1
while timer < limit:
print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r')
limit -= 1
sleep(1)
try:
requester(url, params, headers, GET, 0, 10)
print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (
good, green, (delay + 1) * 2), end)
except:
print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
break
if encoding:
fuzz = encoding(fuzz)
if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response
result = ('%s[passed] %s' % (green, end))
# if the server returned an error (Maybe WAF blocked it)
elif str(response.status_code)[:1] != '2':
result = ('%s[blocked] %s' % (red, end))
else: # if the fuzz string was not reflected in the response completely
result = ('%s[filtered]%s' % (yellow, end))
print ('%s %s' % (result, fuzz))