def checker(url, params, headers, GET, delay, payload, positions, timeout): checkString = 'st4r7s' + payload + '3nd' paramsCopy = copy.deepcopy(params) response = requester(url, replacer(paramsCopy, xsschecker, checkString), headers, GET, delay, timeout).text.lower() reflectedPositions = [] for match in re.finditer('st4r7s', response): reflectedPositions.append(match.start()) filledPositions = fillHoles(positions, reflectedPositions) # Itretating over the reflections num = 0 efficiencies = [] for position in filledPositions: allEfficiencies = [] try: reflected = response[reflectedPositions[num]:reflectedPositions[num]+len(checkString)] efficiency = fuzz.partial_ratio(reflected, checkString.lower()) allEfficiencies.append(efficiency) except IndexError: pass if position: reflected = response[position:position+len(checkString)] efficiency = fuzz.partial_ratio(reflected, checkString.lower()) if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')): efficiency = 90 allEfficiencies.append(efficiency) efficiencies.append(max(allEfficiencies)) else: efficiencies.append(0) num += 1 return list(filter(None, efficiencies))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) paramsCopy = copy.deepcopy(params) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replacer(paramsCopy, xsschecker, fuzz) response = requester(url, data, headers, GET, delay / 2, timeout) except: print('\n%s WAF is dropping suspicious requests.' % bad) if delay == 0: print('%s Delay has been increased to %s6%s seconds.' % (info, green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: print('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r') limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) print( '\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end) except: print( '\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad) break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower( ): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) elif str( response.status_code )[:1] != '2': # if the server returned an error (Maybe WAF blocked it) result = ('%s[blocked] %s' % (red, end)) else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) print('%s %s' % (result, fuzz))
def checker(url, params, headers, GET, delay, payload, positions, timeout): checkString = 'st4r7s' + payload paramsCopy = copy.deepcopy(params) response = requester(url, replacer(paramsCopy, xsschecker, checkString), headers, GET, delay, timeout).text.lower() reflectedPositions = [] for match in re.finditer('st4r7s', response): reflectedPositions.append(match.start()) filledPositions = fillHoles(positions, reflectedPositions) # Itretating over the reflections efficiencies = [] for position in reflectedPositions: if position: reflected = response[position:position + len(checkString)] efficiency = fuzz.partial_ratio(reflected, checkString.lower()) if reflected[-1] == '\\': efficiency += 1 efficiencies.append(efficiency) else: efficiencies.append(0) return efficiencies