Exemple #1
0
    def _test(self, payload_obj):
        try:
            web = EasySSL(self.ssl_flag)
            web.connect(self._host, self._port, self._timeout)
            web.send(str(payload_obj).encode())
            #print(payload_obj)
            start_time = datetime.now()
            res = web.recv_nb(self._timeout)
            end_time = datetime.now()
            web.close()
            if res is None:
                delta_time = end_time - start_time
                if delta_time.seconds < (self._timeout - 1):
                    return (2, res, payload_obj
                            )  # Return code 2 if disconnected before timeout
                return (1, res, payload_obj
                        )  # Return code 1 if connection timedout
            # Filter out problematic characters
            res_filtered = ""
            for single in res:
                if single > 0x7F:
                    res_filtered += '\x30'
                else:
                    res_filtered += chr(single)
            res = res_filtered
            #if '504' in res:

            #print("\n\n"+str(str(payload_obj)))
            #print("\n\n"+res)
            return (0, res, payload_obj
                    )  # Return code 0 if normal response returned
        except Exception as exception_data:
            #print(exception_data)
            return (-1, None, payload_obj
                    )  # Return code -1 if some except occured
Exemple #2
0
 def _get_cookies(self):
     RN = "\r\n"
     try:
         cookies = []
         web = EasySSL(self.ssl_flag)
         web.connect(self._host, self._port, 2.0)
         p = Payload()
         p.host = self._host
         p.method = "GET"
         p.endpoint = self._endpoint
         p.header = "__METHOD__ __ENDPOINT__?cb=__RANDOM__ HTTP/1.1" + RN
         p.header += "Host: __HOST__" + RN
         p.header += "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36" + RN
         p.header += "Content-type: application/x-www-form-urlencoded; charset=UTF-8" + RN
         p.header += "Content-Length: 0" + RN
         p.body = ""
         #print (str(p))
         web.send(str(p).encode())
         sleep(0.5)
         res = web.recv_nb(2.0)
         web.close()
         if (res is not None):
             res = res.decode().split("\r\n")
             for elem in res:
                 if len(elem) > 11:
                     if elem[0:11].lower().replace(" ",
                                                   "") == "set-cookie:":
                         cookie = elem.lower().replace("set-cookie:", "")
                         cookie = cookie.split(";")[0] + ';'
                         cookies += [cookie]
             info = ((Fore.CYAN + str(len(cookies)) + Fore.MAGENTA),
                     self._logh)
             print_info("Cookies    : %s (Appending to the attack)" %
                        (info[0]))
             self._cookies += cookies
         return True
     except Exception as exception_data:
         error = ((Fore.CYAN + "Unable to connect to host" + Fore.MAGENTA),
                  self._logh)
         print_info("Error      : %s" % (error[0]))
         return False
Exemple #3
0
    def _test(self, payload_obj):
        try:
            web = EasySSL(self.ssl_flag)
            web.connect(self._host, self._port, self._timeout)
            web.send(
                str(payload_obj).encode().replace(
                    b'\xc2\x80',
                    b'\x80').replace(b'\xc2\x81', b'\x81').replace(
                        b'\xc2\x82',
                        b'\x82').replace(b'\xc2\x83', b'\x83').replace(
                            b'\xc2\x84',
                            b'\x84').replace(b'\xc2\x85', b'\x85').replace(
                                b'\xc2\x86',
                                b'\x86').replace(b'\xc2\x87', b'\x87').replace(
                                    b'\xc2\x88', b'\x88').replace(
                                        b'\xc2\x89', b'\x89').replace(
                                            b'\xc2\x8a', b'\x8a').replace(
                                                b'\xc2\x8b', b'\x8b').replace(
                                                    b'\xc2\x8c',
                                                    b'\x8c').replace(
                                                        b'\xc2\x8d',
                                                        b'\x8d').replace(
                                                            b'\xc2\x8e',
                                                            b'\x8e').replace(
                                                                b'\xc2\x8f',
                                                                b'\x8f').
                replace(b'\xc2\x90', b'\x90').replace(
                    b'\xc2\x91', b'\x91').replace(
                        b'\xc2\x92',
                        b'\x92').replace(b'\xc2\x93',
                                         b'\x93').replace(
                                             b'\xc2\x94',
                                             b'\x94').replace(
                                                 b'\xc2\x95',
                                                 b'\x95').replace(
                                                     b'\xc2\x96',
                                                     b'\x96').replace(
                                                         b'\xc2\x97',
                                                         b'\x97').replace(
                                                             b'\xc2\x98',
                                                             b'\x98').replace(
                                                                 b'\xc2\x99',
                                                                 b'\x99').
                replace(b'\xc2\x9a', b'\x9a').replace(
                    b'\xc2\x9b', b'\x9b').replace(
                        b'\xc2\x9c',
                        b'\x9c').replace(
                            b'\xc2\x9d',
                            b'\x9d').replace(
                                b'\xc2\x9e',
                                b'\x9e').replace(
                                    b'\xc2\x9f',
                                    b'\x9f').replace(
                                        b'\xc2\xa0',
                                        b'\xa0').replace(
                                            b'\xc2\xa1',
                                            b'\xa1').replace(
                                                b'\xc2\xa2',
                                                b'\xa2').replace(
                                                    b'\xc2\xa3',
                                                    b'\xa3').replace(
                                                        b'\xc2\xa4',
                                                        b'\xa4').replace(
                                                            b'\xc2\xa5',
                                                            b'\xa5').replace(
                                                                b'\xc2\xa6',
                                                                b'\xa6').
                replace(b'\xc2\xa7', b'\xa7').replace(
                    b'\xc2\xa8', b'\xa8').replace(
                        b'\xc2\xa9',
                        b'\xa9').replace(
                            b'\xc2\xaa',
                            b'\xaa').replace(
                                b'\xc2\xab',
                                b'\xab').replace(
                                    b'\xc2\xac',
                                    b'\xac').replace(
                                        b'\xc2\xad',
                                        b'\xad').replace(
                                            b'\xc2\xae',
                                            b'\xae').replace(
                                                b'\xc2\xaf',
                                                b'\xaf').replace(
                                                    b'\xc2\xb0',
                                                    b'\xb0').replace(
                                                        b'\xc2\xb1',
                                                        b'\xb1').replace(
                                                            b'\xc2\xb2',
                                                            b'\xb2').replace(
                                                                b'\xc2\xb3',
                                                                b'\xb3').
                replace(b'\xc2\xb4', b'\xb4').replace(
                    b'\xc2\xb5', b'\xb5').replace(
                        b'\xc2\xb6',
                        b'\xb6').replace(
                            b'\xc2\xb7',
                            b'\xb7').replace(
                                b'\xc2\xb8',
                                b'\xb8').replace(
                                    b'\xc2\xb9',
                                    b'\xb9').replace(
                                        b'\xc2\xba',
                                        b'\xba').replace(
                                            b'\xc2\xbb',
                                            b'\xbb').replace(
                                                b'\xc2\xbc',
                                                b'\xbc').replace(
                                                    b'\xc2\xbd',
                                                    b'\xbd').replace(
                                                        b'\xc2\xbe',
                                                        b'\xbe').replace(
                                                            b'\xc2\xbf',
                                                            b'\xbf').replace(
                                                                b'\xc3\x80',
                                                                b'\xc0').
                replace(b'\xc3\x81', b'\xc1').replace(
                    b'\xc3\x82', b'\xc2').replace(
                        b'\xc3\x83',
                        b'\xc3').replace(
                            b'\xc3\x84',
                            b'\xc4').replace(
                                b'\xc3\x85',
                                b'\xc5').replace(
                                    b'\xc3\x86',
                                    b'\xc6').replace(
                                        b'\xc3\x87',
                                        b'\xc7').replace(
                                            b'\xc3\x88',
                                            b'\xc8').replace(
                                                b'\xc3\x89',
                                                b'\xc9').replace(
                                                    b'\xc3\x8a',
                                                    b'\xca').replace(
                                                        b'\xc3\x8b',
                                                        b'\xcb').replace(
                                                            b'\xc3\x8c',
                                                            b'\xcc').replace(
                                                                b'\xc3\x8d',
                                                                b'\xcd').
                replace(b'\xc3\x8e', b'\xce').replace(
                    b'\xc3\x8f', b'\xcf').replace(
                        b'\xc3\x90',
                        b'\xd0').replace(
                            b'\xc3\x91',
                            b'\xd1').replace(
                                b'\xc3\x92',
                                b'\xd2').replace(
                                    b'\xc3\x93',
                                    b'\xd3').replace(
                                        b'\xc3\x94',
                                        b'\xd4').replace(
                                            b'\xc3\x95',
                                            b'\xd5').replace(
                                                b'\xc3\x96',
                                                b'\xd6').replace(
                                                    b'\xc3\x97',
                                                    b'\xd7').replace(
                                                        b'\xc3\x98',
                                                        b'\xd8').replace(
                                                            b'\xc3\x99',
                                                            b'\xd9').replace(
                                                                b'\xc3\x9a',
                                                                b'\xda').
                replace(b'\xc3\x9b', b'\xdb').replace(
                    b'\xc3\x9c', b'\xdc').replace(
                        b'\xc3\x9d',
                        b'\xdd').replace(
                            b'\xc3\x9e',
                            b'\xde').replace(
                                b'\xc3\x9f',
                                b'\xdf').replace(
                                    b'\xc3\xa0',
                                    b'\xe0').replace(
                                        b'\xc3\xa1',
                                        b'\xe1').replace(
                                            b'\xc3\xa2',
                                            b'\xe2').replace(
                                                b'\xc3\xa3',
                                                b'\xe3').replace(
                                                    b'\xc3\xa4',
                                                    b'\xe4').replace(
                                                        b'\xc3\xa5',
                                                        b'\xe5').replace(
                                                            b'\xc3\xa6',
                                                            b'\xe6').replace(
                                                                b'\xc3\xa7',
                                                                b'\xe7').
                replace(b'\xc3\xa8', b'\xe8').replace(
                    b'\xc3\xa9', b'\xe9').replace(
                        b'\xc3\xaa',
                        b'\xea').replace(
                            b'\xc3\xab',
                            b'\xeb').replace(
                                b'\xc3\xac',
                                b'\xec').replace(
                                    b'\xc3\xad',
                                    b'\xed').replace(
                                        b'\xc3\xae',
                                        b'\xee').replace(
                                            b'\xc3\xaf',
                                            b'\xef').replace(
                                                b'\xc3\xb0',
                                                b'\xf0').replace(
                                                    b'\xc3\xb1',
                                                    b'\xf1').replace(
                                                        b'\xc3\xb2',
                                                        b'\xf2').replace(
                                                            b'\xc3\xb3',
                                                            b'\xf3').replace(
                                                                b'\xc3\xb4',
                                                                b'\xf4').
                replace(b'\xc3\xb5', b'\xf5').replace(
                    b'\xc3\xb6', b'\xf6').replace(
                        b'\xc3\xb7',
                        b'\xf7').replace(
                            b'\xc3\xb8',
                            b'\xf8').replace(
                                b'\xc3\xb9',
                                b'\xf9').replace(
                                    b'\xc3\xba',
                                    b'\xfa').replace(
                                        b'\xc3\xbb',
                                        b'\xfb').replace(
                                            b'\xc3\xbc',
                                            b'\xfc').replace(
                                                b'\xc3\xbd',
                                                b'\xfd').replace(
                                                    b'\xc3\xbe',
                                                    b'\xfe').replace(
                                                        b'\xc3\xbf', b'\xff'))
            start_time = datetime.now()
            res = web.recv_nb(self._timeout)
            end_time = datetime.now()
            web.close()
            if res is None:
                delta_time = end_time - start_time
                if delta_time.seconds < (self._timeout - 1):
                    return (2, res, payload_obj
                            )  # Return code 2 if disconnected before timeout
                return (1, res, payload_obj
                        )  # Return code 1 if connection timedout
            # Filter out problematic characters
            res_filtered = ""
            for single in res:
                if single > 0x7F:
                    res_filtered += '\x30'
                else:
                    res_filtered += chr(single)
            res = res_filtered
            #if '504' in res:

            #print("\n\n"+str(str(payload_obj)))
            #print("\n\n"+res)
            return (0, res, payload_obj
                    )  # Return code 0 if normal response returned
        except Exception as exception_data:
            #print(exception_data)
            return (-1, None, payload_obj
                    )  # Return code -1 if some except occured