def handle_sequenceRunnerRunButton_clicked(self):
""" Run a sequence """
if 'Cancel' == self.mainWindow.sequenceRunnerRunButton.text(
) and self.pending_sequence_requests is not None:
self.cancel_sequence_requests = True
for context, pending_request in self.pending_sequence_requests.items(
):
pending_request.cancel()
self.pending_sequence_requests = None
self.mainWindow.sequenceRunnerButton.setText('Send')
self.mainWindow.sequenceRunnerButton.setValue(0)
return
self.sequenceRunnerDataModel.clearModel()
sequenceId = str(
self.mainWindow.sequenceRunnerSequenceComboBox.itemData(
self.mainWindow.sequenceRunnerSequenceComboBox.currentIndex()))
use_global_cookie_jar = self.mainWindow.sequenceRunnerUseGlobalCookieJar.isChecked(
)
if use_global_cookie_jar:
self.sequenceRunnerCookieJar = self.framework.get_global_cookie_jar(
)
else:
self.sequenceRunnerCookieJar = InMemoryCookieJar(
self.framework, self)
self.sequence_requestRunner = RequestRunner(self.framework, self)
self.sequence_requestRunner.setup(
self.sequence_runner_response_received,
self.sequenceRunnerCookieJar, sequenceId)
self.pending_sequence_requests = self.sequence_requestRunner.run_sequence(
)
self.mainWindow.sequenceRunnerRunButton.setText('Cancel')
def setCookiesFromUrl(self, cookieList, url):
if self.cookie_tracking:
for cookie in cookieList:
cookie_domain = str(cookie.domain())
if not cookie_domain:
cookie_domain = str(url.encodedHost())
if cookie_domain not in self.cookie_items:
self.cookie_items[cookie_domain] = {}
self.cookie_items[cookie_domain][str(cookie.name())] = str(cookie.value())
return InMemoryCookieJar.setCookiesFromUrl(self, cookieList, url)
def setCookiesFromUrl(self, cookieList, url):
if self.cookie_tracking:
for cookie in cookieList:
cookie_domain = str(cookie.domain())
if not cookie_domain:
cookie_domain = str(url.encodedHost())
if cookie_domain not in self.cookie_items:
self.cookie_items[cookie_domain] = {}
self.cookie_items[cookie_domain][str(cookie.name())] = str(
cookie.value())
return InMemoryCookieJar.setCookiesFromUrl(self, cookieList, url)
def requester_send_button_clicked(self):
""" Make a request from the Request tab """
if 'Cancel' == self.mainWindow.requesterSendButton.text(
) and self.pending_request is not None:
self.pending_request.cancel()
self.pending_request = None
self.mainWindow.requesterSendButton.setText('Send')
return
qurl = QUrl.fromUserInput(self.mainWindow.requesterUrlEdit.text())
url = qurl.toEncoded().data().decode('utf-8')
self.mainWindow.requesterUrlEdit.setText(url)
self.framework.set_raft_config_value('requesterUrlEdit', url)
templateText = str(self.mainWindow.requesterTemplateEdit.toPlainText())
method = str(self.mainWindow.requesterRequestMethod.currentText())
use_global_cookie_jar = self.mainWindow.requesterUseGlobalCookieJar.isChecked(
)
replacements = self.build_replacements(method, url)
(method, url, headers,
body) = self.process_template(url, templateText, replacements)
sequenceId = None
if self.mainWindow.requesterSequenceCheckBox.isChecked():
sequenceId = str(
self.mainWindow.requesterSequenceComboBox.itemData(
self.mainWindow.requesterSequenceComboBox.currentIndex()))
self.requestRunner = RequestRunner(self.framework, self)
if use_global_cookie_jar:
self.requesterCookieJar = self.framework.get_global_cookie_jar()
else:
self.requesterCookieJar = InMemoryCookieJar(self.framework, self)
self.requestRunner.setup(self.requester_response_received,
self.requesterCookieJar, sequenceId)
self.pending_request = self.requestRunner.queue_request(
method, url, headers, body)
self.mainWindow.requesterSendButton.setText('Cancel')
self.miniResponseRenderWidget.clear_response_render()
def __init__(self, parent = None):
QObject.__init__(self, parent)
self._global_cookie_jar = InMemoryCookieJar(self, self)
self._db = None
self._contentExtractor = None
self._networkAccessManager = None
self._scopeController = None
self._scopeConfig = None
self._requestResponseFactory = None
self.zoom_size = 0
self.base_font = QFont()
self.monospace_font = QFont('Courier New')
self.monospace_font.setFixedPitch(True)
self.monospace_font.setStyleHint(QFont.TypeWriter)
pointSize = self.monospace_font.pointSize()
basePointSize = self.base_font.pointSize()
if pointSize <= basePointSize:
pointSize = basePointSize + 2
self.monospace_font.setPointSize(pointSize)
self.python_code_font = QFont()
self.python_code_font.setPointSize(pointSize)
self.home_dir = QDir.toNativeSeparators(QDir.homePath())
self.raft_dir = self.create_raft_directory(self.home_dir, '.raft')
self.user_db_dir = self.create_raft_directory(self.raft_dir, 'db')
self.user_data_dir = self.create_raft_directory(self.raft_dir, 'data')
self.user_analyzer_dir = self.create_raft_directory(self.raft_dir, 'analyzers')
self.user_web_path = self.create_raft_directory(self.raft_dir, 'web')
self.web_db_path = self.user_web_path
# TODO: there may be a Qt way to give executable path as well
self._executable_path = os.path.abspath(os.path.dirname(sys.argv[0]))
self._data_dir = os.path.join(self._executable_path, 'data')
self._analyzer_dir = os.path.join(self._executable_path, 'analyzers')
self._raft_config_cache = {}
# configuration defaults
self._default_useragent = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1'
# callbacks
self._open_url_in_browser = None
self._open_content_in_browser = None
def setup_spider_window(self):
self.cookieJar = InMemoryCookieJar(self.framework, self)
self.spiderPageController = SpiderPageController(
self.framework, self.cookieJar, self.mainWindow, self)
self.spiderConfig = self.framework.getSpiderConfig()
self.crawlerSpiderWebView = self.spiderPageController.add_web_view()
self.crawlerSpiderPlaceholderLayout = self.mainWindow.crawlerSpiderWindowPlaceholder.layout(
)
if not self.crawlerSpiderPlaceholderLayout:
self.crawlerSpiderPlaceholderLayout = QVBoxLayout(
self.mainWindow.crawlerSpiderWindowPlaceholder)
self.crawlerSpiderPlaceholderLayout.addWidget(
self.crawlerSpiderWebView)
self.currentSpiderId = None
self.currentHtmlContent = None
self.currentQUrl = None
QObject.connect(self.crawlerSpiderWebView, SIGNAL('loadStarted()'),
self.handle_spiderWebView_loadStarted)
QObject.connect(self.crawlerSpiderWebView,
SIGNAL('loadFinished(bool)'),
self.handle_spiderWebView_loadFinished)
def clear_cookies(self):
self.cookie_items.clear()
InMemoryCookieJar.clear_cookies(self)
def __init__(self, framework, parent=None):
InMemoryCookieJar.__init__(self, framework, parent)
self.framework = framework
self.cookie_tracking = False
self.cookie_items = {}
self.tracked_cookies = []
def requester_bulk_request_button_clicked(self):
if 'Cancel' == self.mainWindow.bulkRequestPushButton.text(
) and self.pending_bulk_requests is not None:
self.cancel_bulk_requests = True
for context, pending_request in self.pending_bulk_requests.items():
pending_request.cancel()
self.pending_bulk_requests = None
self.mainWindow.bulkRequestPushButton.setText('Send')
self.mainWindow.bulkRequestProgressBar.setValue(0)
return
if self.pending_bulk_requests is None:
self.pending_bulk_requests = {}
method = str(self.mainWindow.bulkRequestMethodEdit.currentText())
templateText = str(
self.mainWindow.bulkRequestTemplateEdit.toPlainText())
template_url = str(self.mainWindow.bulkRequestUrlEdit.text())
url_list = str(self.mainWindow.bulkRequestUrlListEdit.toPlainText())
self.framework.set_raft_config_value('bulkRequestUrlListEdit',
url_list)
request_urls = url_list.splitlines()
self.mainWindow.bulkRequestProgressBar.setValue(0)
self.mainWindow.bulkRequestProgressBar.setMaximum(len(request_urls))
sequenceId = None
if self.mainWindow.bulkRequestSequenceCheckBox.isChecked():
sequenceId = str(
self.mainWindow.bulkRequestSequenceComboBox.itemData(
self.mainWindow.bulkRequestSequenceComboBox.currentIndex())
)
first = True
self.cancel_bulk_requests = False
for request_url in request_urls:
if self.cancel_bulk_requests:
break
request_url = request_url.strip()
if request_url:
context = uuid.uuid4().hex
# TODO: move this hack
if '$' in template_url:
replacements = self.build_replacements(method, request_url)
url = self.re_replacement.sub(
lambda m: replacements.get(m.group(1)), template_url)
else:
url = request_url
if not self.scopeController.isUrlInScope(url, url):
self.framework.log_warning(
'skipping out of scope URL: %s' % (url))
self.mainWindow.bulkRequestProgressBar.setValue(
self.mainWindow.bulkRequestProgressBar.value() + 1)
continue
use_global_cookie_jar = self.mainWindow.bulkRequestUseGlobalCookieJar.isChecked(
)
replacements = self.build_replacements(method, url)
(method, url, headers,
body) = self.process_template(url, templateText, replacements)
if first:
self.mainWindow.bulkRequestPushButton.setText('Cancel')
if use_global_cookie_jar:
self.bulkRequesterCookieJar = self.framework.get_global_cookie_jar(
)
else:
self.bulkRequesterCookieJar = InMemoryCookieJar(
self.framework, self)
self.bulk_requestRunner = RequestRunner(
self.framework, self)
self.bulk_requestRunner.setup(
self.requester_bulk_response_received,
self.bulkRequesterCookieJar, sequenceId)
first = False
self.pending_bulk_requests[
context] = self.bulk_requestRunner.queue_request(
method, url, headers, body, context)
def clear_cookies(self):
self.cookie_items.clear()
InMemoryCookieJar.clear_cookies(self)
def __init__(self, framework, parent=None):
InMemoryCookieJar.__init__(self, framework, parent)
self.framework = framework
self.cookie_tracking = False
self.cookie_items = {}
self.tracked_cookies = []
def start_fuzzing_clicked(self):
""" Start the fuzzing attack """
if 'Cancel' == self.mainWindow.wfStdStartButton.text() and self.pending_fuzz_requests is not None:
self.cancel_fuzz_requests = True
for context, pending_request in self.pending_fuzz_requests.items():
pending_request.cancel()
self.pending_fuzz_requests = None
self.mainWindow.wfStdStartButton.setText('Start Attack')
self.mainWindow.fuzzerStandardProgressBar.setValue(0)
return
self.pending_fuzz_requests = {}
url = str(self.mainWindow.wfStdUrlEdit.text())
templateText = str(self.mainWindow.wfStdEdit.toPlainText())
method = str(self.mainWindow.stdFuzzerReqMethod.currentText())
self.save_standard_configuration()
replacements = self.build_replacements(method, url)
sequenceId = None
if self.mainWindow.wfStdPreChk.isChecked():
sequenceId = self.mainWindow.wfStdPreBox.itemData(self.mainWindow.wfStdPreBox.currentIndex())
postSequenceId = None
if self.mainWindow.wfStdPostChk.isChecked():
postSequenceId = self.mainWindow.wfStdPostBox.itemData(self.mainWindow.wfStdPostBox.currentIndex())
# Fuzzing stuff
payload_mapping = self.create_payload_map()
# print(payload_mapping)
self.create_functions()
template_definition = TemplateDefinition(templateText)
template_items = template_definition.template_items
### print(template_items)
parameter_names = template_definition.parameter_names
self.global_ns = self.local_ns = {}
scriptLoader = ScriptLoader()
errors = []
fuzz_payloads = {}
for name, payload_info in payload_mapping.items():
if name in parameter_names:
payload_type, payload_value, payload_file = payload_info
if 'fuzz' == payload_type:
filename = payload_value
values = self.Attacks.read_data(filename)
fuzz_payloads[name] = values
elif 'dynamic' == payload_type:
target = payload_file
# TODO: should this come from saved file or current Scintilla values (?)
script_env = scriptLoader.load_from_file(os.path.join(self.functions_dir, target), self.global_ns, self.local_ns)
expression = payload_value
if not expression.endswith('()'):
expression += '()'
eval_result = eval(expression, self.global_ns, self.local_ns)
fuzz_payloads[name] = [str(v) for v in eval_result]
elif 'static' == payload_type:
pass
elif 'none' == payload_type:
# unconfigured payload
errors.append(name)
test_slots = []
counters = []
tests_count = []
total_tests = 1
for name, payload_info in payload_mapping.items():
if name in parameter_names:
payload_type, payload_value, payload_file = payload_info
if 'static' == payload_type:
# static payload value
payloads = [payload_value]
elif 'fuzz' == payload_type:
payloads = fuzz_payloads[name]
elif 'dynamic' == payload_type:
payloads = fuzz_payloads[name]
total_tests *= len(payloads)
test_slots.append((name, payloads))
counters.append(0)
tests_count.append(len(payloads))
position_end = len(counters) - 1
position = position_end
self.miniResponseRenderWidget.clear_response_render()
self.mainWindow.fuzzerStandardProgressBar.setValue(0)
self.mainWindow.fuzzerStandardProgressBar.setMaximum(total_tests)
finished = False
first = True
while not finished:
data = {}
for j in range(0, len(test_slots)):
name, payloads = test_slots[j]
data[name] = payloads[counters[j]]
template_io = StringIO()
self.apply_template_parameters(template_io, data, template_items)
templateText = template_io.getvalue()
context = uuid.uuid4().hex
# print('%s%s%s' % ('-'*32, request, '-'*32))
use_global_cookie_jar = self.mainWindow.webFuzzerUseGlobalCookieJar.isChecked()
(method, url, headers, body) = self.process_template(url, templateText, replacements)
if first:
self.mainWindow.wfStdStartButton.setText('Cancel')
if use_global_cookie_jar:
self.fuzzRequesterCookieJar = self.framework.get_global_cookie_jar()
else:
self.fuzzRequesterCookieJar = InMemoryCookieJar(self.framework, self)
self.requestRunner = RequestRunner(self.framework, self)
self.requestRunner.setup(self.fuzzer_response_received, self.fuzzRequesterCookieJar, sequenceId, postSequenceId)
first = False
self.pending_fuzz_requests[context] = self.requestRunner.queue_request(method, url, headers, body, context)
# increment to next test
counters[position] = (counters[position] + 1) % (tests_count[position])
while position >= 0 and counters[position] == 0:
position -= 1
counters[position] = (counters[position] + 1) % (tests_count[position])
if position == -1:
finished = True
else:
position = position_end