def create_thread(self, payloads_num): for _ in range(self._thread_num): fuzz_thread = FuzzTask(self._complete_packet, self._payloads_queue, self.kill_threads, payloads_num) self._fuzz_threads.append(fuzz_thread) XssVulnerability.add_observer(fuzz_thread) fuzz_thread.start()
def main(self): if self._complete_packet.url is not None: self.check_complete_packet_is_alive() self.check_has_params() if self._use_api: payloads = PayLoads.get_single_instance().get_payloads( self._tempers, self._use_api, self._model, ) else: payloads = PayLoads.get_single_instance().get_payloads( self._tempers, False, self._model, ) self.create_thread(len(payloads)) self.add_payloads_queue(payloads) try: self.monitor_exit(len(payloads)) self._payloads_queue.join() XssVulnerability.notif_all(self.kill_threads) except KeyboardInterrupt: self._canceled = True XssVulnerability.notif_all(self.kill_threads)
def __init__(self, url, destination, level, cookie, data, tempers, model): self._payloads_queue = Queue.Queue() self._fuzz_threads = list() self._canceled = False self._model = model self._tempers = tempers self._thread_num = TaskSchedule.get_thread_num_by_level(int(level)) self._complete_packet = CompletePacket(url=url, destination=destination, cookie=cookie, data=data) XssVulnerability.add_observer(self)
def check_xss(self, payload): if self._stop is False: try: child_process = None while child_process is None: child_process, payload = self.sub_process_open(payload) response = self.get_exec_result(child_process) FuzzTask.print_fuzz_progress(self._payloads_num) for hook_string in hook_list: if hook_string in response: XssVulnerability.add_xss_payload(payload) self._stop = True break except OSError as e: traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))