def _gen_burpitem(self, output_fn):
try:
tree = ET.parse(self.find_file(output_fn))
for item in tree.getroot().iter('item'):
fr = FuzzRequest()
fr.update_from_raw_http(
raw=b64decode(item.find('request').text
or "").decode('utf-8'),
scheme=item.find('protocol').text,
raw_response=b64decode(item.find('response').text or ""))
fr.wf_ip = {
'ip':
item.find('host').attrib.get('ip', None)
or item.find('host').text,
'port':
item.find('port').text
}
frr = FuzzResult(history=fr)
yield frr.update()
return
except IOError as e:
raise FuzzExceptBadFile(
"Error opening Burp items payload file. %s" % str(e))
except EOFError:
return
def _gen_burpitem(self, output_fn):
try:
tree = ET.parse(self.find_file(output_fn))
for item in tree.getroot().iter("item"):
fr = FuzzRequest()
fr.update_from_raw_http(
raw=b64decode(item.find("request").text
or "").decode("utf-8"),
scheme=item.find("protocol").text,
raw_response=b64decode(item.find("response").text or ""),
)
fr.wf_ip = {
"ip":
item.find("host").attrib.get("ip", None)
or item.find("host").text,
"port":
item.find("port").text,
}
frr = FuzzResult(history=fr)
yield frr.update()
return
except IOError as e:
raise FuzzExceptBadFile(
"Error opening Burp items payload file. %s" % str(e))
except EOFError:
return
def _gen_wfuzz(self, output_fn):
try:
with open(self.find_file(output_fn), "r") as f:
for (
url1,
port1,
schema1,
req1,
resp1,
url2,
port2,
schema2,
req2,
resp2,
url3,
port3,
schema3,
req3,
resp3,
res1,
res2,
) in [re.split(r"\t+", x) for x in f.readlines()]:
raw_req1 = base64.decodestring(req2)
# raw_res1 = base64.decodestring(res2)
item = FuzzResult()
item.history = FuzzRequest()
item.history.update_from_raw_http(raw_req1, schema1)
yield item
except IOError as e:
raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e))
except EOFError:
raise StopIteration
def parse_burp_log(self, burp_log):
burp_file = None
try:
burp_file = open(self.find_file(burp_log), 'rb')
history = 'START'
rl = burp_file.readline()
while rl != "":
if history == "START":
if rl == DELIMITER:
history = "HEADER"
elif history == "HEADER":
if rl == DELIMITER:
raw_request = ""
history = "REQUEST"
else:
matched = HEADER.match(rl)
ctime, host, ip_address = matched.group(1, 3, 5)
elif history == "REQUEST":
if rl == DELIMITER:
history = "DELIM1"
else:
raw_request += rl
elif history == "DELIM1":
if rl == CRLF:
raw_response = ""
history = "DELIM3"
else:
raw_response = rl
history = "RESPONSE"
elif history == "RESPONSE":
if rl == DELIMITER:
history = "DELIM2"
else:
raw_response += rl
elif history == "DELIM2":
if rl == CRLF:
history = "DELIM3"
elif history == "DELIM3":
if rl == CRLF:
history = "DELIM4"
elif history == "DELIM4":
if rl == CRLF:
fr = FuzzRequest()
fr.update_from_raw_http(raw_request, host[:host.find("://")], raw_response)
frr = FuzzResult(history=fr)
yield frr.update()
history = "START"
rl = burp_file.readline()
except IOError as e:
raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
finally:
if burp_file is not None:
burp_file.close()
def parse_burp_log(self, burp_log):
burp_file = None
try:
burp_file = open(self.find_file(burp_log), 'rb')
history = 'START'
rl = burp_file.readline()
while rl != "":
if history == "START":
if rl == DELIMITER:
history = "HEADER"
elif history == "HEADER":
if rl == DELIMITER:
raw_request = ""
history = "REQUEST"
else:
matched = HEADER.match(rl)
ctime, host, ip_address = matched.group(1, 3, 5)
elif history == "REQUEST":
if rl == DELIMITER:
history = "DELIM1"
else:
raw_request += rl
elif history == "DELIM1":
if rl == CRLF:
raw_response = ""
history = "DELIM3"
else:
raw_response = rl
history = "RESPONSE"
elif history == "RESPONSE":
if rl == DELIMITER:
history = "DELIM2"
else:
raw_response += rl
elif history == "DELIM2":
if rl == CRLF:
history = "DELIM3"
elif history == "DELIM3":
if rl == CRLF:
history = "DELIM4"
elif history == "DELIM4":
if rl == CRLF:
fr = FuzzRequest()
fr.update_from_raw_http(raw_request,
host[:host.find("://")],
raw_response)
frr = FuzzResult(history=fr)
yield frr.update()
history = "START"
rl = burp_file.readline()
except IOError, e:
raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
def __init__(self, description, show_field):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
fuzz_res._description = description
fuzz_res._show_field = show_field
self.outfile = BytesIO()
with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f:
pickle.dump(fuzz_res, f)
self.outfile.seek(0)
self.outfile.name = "mockfile"
def _gen_wfuzz(self, output_fn):
try:
with open(self.find_file(output_fn), 'r') as f:
for url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2 in map(lambda x: re.split(r'\t+', x), f.readlines()):
raw_req1 = base64.decodestring(req2)
raw_res1 = base64.decodestring(res2)
item = FuzzResult()
item.history = FuzzRequest()
item.history.update_from_raw_http(raw_req1, schema1)
item.type = FuzzResult.result
yield item
except IOError, e:
raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" % str(e))
def burp_to_xml(self, filename):
'''Unzip Burp's file, remove non-printable characters, CDATA any HTML,
include a valid XML header and trailer, and return a valid XML string.'''
z = zipfile.ZipFile(self.find_file(filename)) # Open Burp's zip file
burp = z.read('burp', 'rb') # Read-in the main burp file
m = TAG.match(burp, 0) # Match a tag at the start of the string
while m:
index = m.end()
etag = m.group().replace('<', '</') # Matching tag
m = TAG.match(burp, index) # Attempt to get the next tag
if not m: # Data folows
# Read the type of data using Burp's binary data headers
value, length = self.burp_binary_field(burp, index)
if value is None:
break
index += length + len(etag) # Point our index to the next tag
m = TAG.match(burp, index) # And retrieve it
if self.params[
"checkversion"] and etag == "</version>" and value not in [
"65", "67"
]:
raise FuzzExceptBadFile("Unknown burp log version %s" %
value)
if etag == "</https>":
https_tag = value == "True"
if etag in self.request_tags:
raw_request = self.strip_cdata(value)
if etag in self.response_tags:
fr = FuzzRequest()
fr.update_from_raw_http(
raw_request, "http" if not https_tag else "https",
self.strip_cdata(value))
frr = FuzzResult(history=fr)
raw_request = ""
https_tag = ""
yield frr.update()
def _gen_wfuzz(self, output_fn):
try:
with open(self.find_file(output_fn), 'r') as f:
for url1, port1, schema1, req1, resp1, url2, port2, schema2, req2, resp2, url3, port3, schema3, req3, resp3, res1, res2 in map(
lambda x: re.split(r'\t+', x), f.readlines()):
raw_req1 = base64.decodestring(req2)
raw_res1 = base64.decodestring(res2)
item = FuzzResult()
item.history = FuzzRequest()
item.history.update_from_raw_http(raw_req1, schema1)
item.type = FuzzResult.result
yield item
except IOError, e:
raise FuzzExceptBadFile("Error opening wfuzz payload file. %s" %
str(e))
def get_filtered_fuzzrequest(self, filter_str):
fr = FuzzRequest()
fr.update_from_raw_http(raw_req, "http", raw_resp, b"")
fuzz_res = FuzzResult(history=fr)
ffilter = FuzzResFilter(filter_string=filter_str)
ffilter.is_visible(fuzz_res)
return fuzz_res
def burp_to_xml(self, filename):
'''Unzip Burp's file, remove non-printable characters, CDATA any HTML,
include a valid XML header and trailer, and return a valid XML string.'''
z = zipfile.ZipFile(self.find_file(filename)) # Open Burp's zip file
burp = z.read('burp', 'rb') # Read-in the main burp file
m = TAG.match(burp, 0) # Match a tag at the start of the string
while m:
index = m.end()
etag = m.group().replace('<', '</') # Matching tag
m = TAG.match(burp, index) # Attempt to get the next tag
if not m: # Data folows
# Read the type of data using Burp's binary data headers
value, length = self.burp_binary_field(burp, index)
if value is None:
break
index += length + len(etag) # Point our index to the next tag
m = TAG.match(burp, index) # And retrieve it
if self.params["checkversion"] and etag == "</version>" and value not in ["65", "67"]:
raise FuzzExceptBadFile("Unknown burp log version %s" % value)
if etag == "</https>":
https_tag = value == "True"
if etag in self.request_tags:
raw_request = self.strip_cdata(value)
if etag in self.response_tags:
fr = FuzzRequest()
fr.update_from_raw_http(raw_request, "http" if not https_tag else "https", self.strip_cdata(value))
frr = FuzzResult(history=fr)
raw_request = ""
https_tag = ""
yield frr.update()
def test_nonexisting(self):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
with self.assertRaises(Exception) as context:
ffilter = FuzzResFilter(filter_string="url=-'test'")
ffilter.is_visible(fuzz_res)
self.assertTrue("rsetattr: Can't set" in str(context.exception))
with self.assertRaises(Exception) as context:
ffilter = FuzzResFilter(filter_string="notthere=-'test'")
ffilter.is_visible(fuzz_res)
self.assertTrue("rgetattr: Can't get" in str(context.exception))
with self.assertRaises(Exception) as context:
ffilter = FuzzResFilter(
filter_string="r.params.get.notthere=-'test'")
ffilter.is_visible(fuzz_res)
self.assertTrue(
"DotDict: Non-existing field" in str(context.exception))
def parse_burp_log(self, burp_log):
burp_file = None
try:
burp_file = open(
self.find_file(burp_log),
"r",
encoding="utf-8",
errors="surrogateescape",
)
history = "START"
rl = burp_file.readline()
while rl != "":
if history == "START":
if rl == DELIMITER:
history = "HEADER"
elif history == "HEADER":
if rl == DELIMITER:
raw_request = ""
history = "REQUEST"
else:
matched = HEADER.match(rl)
ctime, host, ip_address = matched.group(1, 3, 5)
elif history == "REQUEST":
if rl == DELIMITER:
history = "DELIM1"
else:
raw_request += rl
elif history == "DELIM1":
if rl == CRLF:
raw_response = ""
history = "DELIM3"
else:
raw_response = rl
history = "RESPONSE"
elif history == "RESPONSE":
if rl == DELIMITER:
history = "DELIM2"
else:
raw_response += rl
elif history == "DELIM2":
if rl == CRLF:
history = "DELIM3"
elif history == "DELIM3":
if rl == CRLF:
history = "DELIM4"
elif history == "DELIM4":
if rl == CRLF:
fr = FuzzRequest()
# last read line contains an extra CRLF
fr.update_from_raw_http(raw_request,
host[:host.find("://")],
raw_response[:-1])
frr = FuzzResult(history=fr)
yield frr.update()
history = "START"
rl = burp_file.readline()
except IOError as e:
raise FuzzExceptBadFile("Error opening burp log file. %s" % str(e))
finally:
if burp_file is not None:
burp_file.close()
