def retInfo(self,v,retak):
seavfile = time.strftime("%d%m%Y")
if len(retak) != 0:
print echo.fail(v + " Vulnerability connection : " + str(len(retak)) + "\r\n")
for ra in retak:
log.writeLog(str(seavfile),self.ackMod + " " + self.testWeb + v + " " + ra)
print echo.high(ra)
print "log save ok. path : " + log.getLogFile() + "/" + self.testWeb + ".log\r\n"
raw_input(echo.high("Log Save Ok .. Press Enter to continue: "))
def main():
if len(sys.argv) != 3:
print "usage : " + sys.argv[0] + " 127.0.0.1:80 csrf"
exit()
print echo.no("Proxy ip : ") + echo.high(str(LISTENIP)) + echo.no(" <-> Proxy port : " )+ echo.high(str(LISTENPORT))
TestWeb = sys.argv[1].split(":")[0]
TestMod = sys.argv[2]
print echo.no("TestWEb : " ) + echo.high(TestWeb)
print echo.no("TestMod : ") + echo.high(TestMod)
s = ServerClass(LISTENIP,LISTENPORT,TestWeb,TestMod)
s.run()
def HttpPost(self):
retak = []
ak_List = []
rouData = {}
postData = self.connection
rouData["fields"] = postData
if len(postData) < 1:
return False
if self.header["path"].find(self.testWeb) != -1:
if self.ackMod == "csrf":
ak_List = SearchAndReplace("","csrf")
else:
ak_List = SearchAndReplace("?" + postData)
else:
return False
if len(ak_List) == 0:
return False
echoAk = ""
for ak in ak_List:
if self.ackMod == "csrf":
echoAk = ak
else:
echoAk = ak[1:]
print echo.fail("#Attack Post --------> ") + echo.high(echoAk)
try:
self.setCurlSetOpt("post",ak,rouData)
self.curl.perform()
if self.curl.getinfo(self.curl.HTTP_CODE) == 200:
html = self.sio.getvalue()
if self.ackMod == "csrf":
retak.append(self.header["path"] + ":" + echoAk)
continue;
ds = dasis(html)
if ds.start() == 1:
retak.append(headers["path"] + ":" + echoAk)
del ds
else:
pass
except KeyboardInterrupt:
exit()
except pycurl.error , e:
if e[0] == 56:
print e[1]
#raw_input("Press Enter to continue: ")
break;
except:
def HttpGet(self):
retak = []
ak_List = []
if self.header["path"].find(self.testWeb) != -1:
if self.ackMod == "csrf":
ak_List = SearchAndReplace("","csrf")
else:
ak_List = SearchAndReplace(self.header["path"])
else:
return False
if len(ak_List) == 0:
return False
for ak in ak_List:
print echo.fail("#Attack Get --------> ") + echo.high(ak)
try:
self.setCurlSetOpt("get",ak)
self.curl.perform()
if self.curl.getinfo(self.curl.HTTP_CODE) == 200:
html = self.sio.getvalue()
if self.ackMod == "csrf":
retak.append(self.header["path"] + ":" + ak)
ds = dasis(html)
continue;
if ds.start() == 1:
retak.append(ak)
del ds
else:
pass
except KeyboardInterrupt:
exit()
except pycurl.error , e:
if e[0] == 56:
print e[1]
#raw_input("Press Enter to continue: ")
break;
except: