def requester(url, data, headers, GET, delay, timeout):
if getVar('jsonData'):
data = converter(data)
elif getVar('path'):
url = converter(data, url)
data = []
GET, POST = True, False
time.sleep(delay)
user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991']
if ('User-Agent' not in headers) or (headers['User-Agent'] == '$'):
headers['User-Agent'] = random.choice(user_agents)
logger.debug('Requester url: {}'.format(url))
logger.debug('Requester GET: {}'.format(GET))
logger.debug_json('Requester data:', data)
logger.debug_json('Requester headers:', headers)
try:
if GET:
response = requests.get(url, params=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
elif getVar('jsonData'):
response = requests.post(url, json=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
else:
response = requests.post(url, data=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
return response
except ProtocolError:
logger.warning('WAF is dropping suspicious requests.')
logger.warning('Scanning will continue after 10 minutes.')
time.sleep(600)
def requester(url, data, headers, GET, delay, timeout):
if core.config.globalVariables['jsonData']:
data = converter(data)
elif core.config.globalVariables['path']:
url = converter(data, url)
data = []
time.sleep(delay)
user_agents = [
'Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'
]
if 'User-Agent' not in headers:
headers['User-Agent'] = random.choice(user_agents)
elif headers['User-Agent'] == '$':
headers['User-Agent'] = random.choice(user_agents)
if GET:
response = requests.get(url,
params=data,
headers=headers,
timeout=timeout,
verify=False,
proxies=core.config.proxies)
else:
response = requests.post(url,
data=data,
headers=headers,
timeout=timeout,
verify=False,
proxies=core.config.proxies)
return response
def requester(url,data,headers,GET,delay,timeout):
if url == 'https://portal.biznetgio.net/signout':
print("URL CHANGED")
url = 'https://portal.biznetgio.net/dashboard'
print("====================URL=====================")
print(url)
print("============================================")
webdriver = container.vars['driver']
if getVar('jsonData'):
data = converter(data)
elif getVar('path'):
url = converter(data, url)
data = []
GET, POST = True, False
time.sleep(delay)
user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991']
if 'User-Agent' not in headers:
headers['User-Agent'] = random.choice(user_agents)
elif headers['User-Agent'] == '$':
headers['User-Agent'] = random.choice(user_agents)
logger.debug('Requester url: {}'.format(url))
logger.debug('Requester GET: {}'.format(GET))
logger.debug_json('Requester data:', data)
logger.debug_json('Requester headers:', headers)
try:
if GET:
response = webdriver.request('GET',url, params=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
elif getVar('jsonData'):
response = webdriver.request('POST',url, json=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
else:
response = webdriver.request('POST',url, data=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
if url == 'https://portal.biznetgio.net/other-services':
print("==================================RESPONSE======================================")
print(response.text)
print("===============================RESPONSE END=====================================")
print("==================================Container======================================")
print(container.vars)
print("===============================Cookies END=====================================")
return response
except ProtocolError:
logger.warning('WAF is dropping suspicious requests.')
logger.warning('Scanning will continue after 10 minutes.')
time.sleep(600)
except Exception as e:
print("LAH ERROR")
print(str(e))
def requester(url, data, headers, GET, delay, timeout):
if core.config.globalVariables['jsonData']:
data = converter(data)
elif core.config.globalVariables['path']:
url = converter(data, url)
data = []
time.sleep(delay)
user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991']
if 'User-Agent' not in headers:
headers['User-Agent'] = random.choice(user_agents)
elif headers['User-Agent'] == '$':
headers['User-Agent'] = random.choice(user_agents)
if GET:
response = requests.get(url, params=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
else:
response = requests.post(url, data=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
return response
def requester(url, data, headers, GET, delay, timeout):
if core.config.globalVariables['jsonData']:
data = converter(data)
elif core.config.globalVariables['path']:
url = converter(data, url)
data = []
GET, POST = True, False
time.sleep(delay)
user_agents = [
'Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'
]
if 'User-Agent' not in headers:
headers['User-Agent'] = random.choice(user_agents)
elif headers['User-Agent'] == '$':
headers['User-Agent'] = random.choice(user_agents)
try:
if GET:
response = requests.get(url,
params=data,
headers=headers,
timeout=timeout,
verify=False,
proxies=core.config.proxies)
else:
response = requests.post(url,
data=data,
headers=headers,
timeout=timeout,
verify=False,
proxies=core.config.proxies)
return response
except ProtocolError:
print('%s WAF is dropping suspicious requests.')
print('%s Scanning will continue after 10 minutes.')
time.sleep(600)
from modes.singleFuzz import singleFuzz
if type(args.add_headers) == bool:
headers = extractHeaders(prompt())
elif type(args.add_headers) == str:
headers = extractHeaders(args.add_headers)
else:
from core.config import headers
core.config.globalVariables['headers'] = headers
core.config.globalVariables['checkedScripts'] = set()
core.config.globalVariables['checkedForms'] = {}
core.config.globalVariables['definitions'] = json.loads('\n'.join(reader(sys.path[0] + '/db/definitions.json')))
if path:
paramData = converter(target, target)
elif jsonData:
headers['Content-type'] = 'application/json'
paramData = converter(paramData)
if args_file:
if args_file == 'default':
payloadList = core.config.payloads
else:
payloadList = list(filter(None, reader(args_file)))
seedList = []
if args_seeds:
seedList = list(filter(None, reader(args_seeds)))
encoding = base64 if encode and encode == 'base64' else False
recursive = args.recursive
args_file = args.args_file
args_seeds = args.args_seeds
level = args.level
add_headers = args.add_headers
threadCount = args.threadCount
delay = args.delay
skip = args.skip
skipDOM = args.skipDOM
verbose = args.verbose
blindXSS = args.blindXSS
core.config.globalVariables = vars(args)
if path:
paramData = converter(target, target)
elif jsonData:
paramData = converter(paramData)
if args_file:
if args_file == 'default':
payloadList = core.config.payloads
else:
payloadList = list(filter(None, reader(args_file)))
seedList = []
if args_seeds:
seedList = list(filter(None, reader(args_seeds)))
encoding = base64 if encode and encode == 'base64' else False
