def scan_get_request_from_path(request_info):
"""Scan all parameters in url for GET request
Examples:
GET /dvwa/vulnerabilities/xss_r/?name=helloworld HTTP/1.1
Host: test.avfisher.win
Cookie: security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32
Parameters in URL:
name
"""
path = request_info['path']
#if "?" in path and "&" in path:
if path and "?" in path: # Example of path: http://abc.xyz/index.html?para=test
paras = path.split('?')[-1].split('&')
for para in paras:
if para:
for payload in payloads:
payload_para = "{}{}".format(para, payload)
path_str = path.replace(para, payload_para)
request_info['path'] = path_str.strip()
type = "Path"
r_1 = HackRequests(request_info, LIB_1).get_request()
r_2 = HackRequests(request_info, LIB_2).get_request()
if print_scan_result(
type, r_1, path_str, payload,
request_info) == "vulnerable" or print_scan_result(
type, r_2, path_str, payload,
request_info) == "vulnerable":
break
def scan_request_from_cookie(request_info):
""" Scan all cookies except exclusions in list 'cookie_exclusion' for GET/POST request
Examples:
POST /dvwa/login.php HTTP/1.1
Host: test.avfisher.win
Cookie: security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32
Cookies:
security
PHPSESSID
"""
cookie = request_info['cookie']
if cookie:
cookies = cookie.split('; ')
for ck in cookies:
if ck and ck.strip().split('=', 1)[0].lower() not in cookie_exclusion:
for payload in payloads:
payload_cookie = "{}{}".format(ck, payload)
cookie_str = cookie.replace(ck, payload_cookie)
request_info['cookie'] = cookie_str.strip()
type = "Cookie"
if request_info['method'] == "GET":
r_1 = HackRequests(request_info, LIB_1).get_request()
r_2 = HackRequests(request_info, LIB_2).get_request()
if print_scan_result(type, r_1, cookie_str, payload, request_info) == "vulnerable" or print_scan_result(type, r_2, cookie_str, payload, request_info) == "vulnerable":
break
elif request_info['method'] == "POST":
r = HackRequests(request_info).post_request()
if print_scan_result(type, r, cookie_str, payload, request_info) == "vulnerable":
break
def scan_post_request_from_post_data(request_info):
"""Scan all parameters in post data for POST request
Examples:
POST /dvwa/vulnerabilities/xss_s/ HTTP/1.1
Host: test.avfisher.win
Cookie: security=impossible; security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32
Post Data:txtName=whatsup&mtxMessage=man&btnSign=Sign+Guestbook&user_token=b1ce437384e1bb75bdc8a3f02babe157
Parameters in post data:
txtName
mtxMessage
btnSign
user_token
"""
post_data = request_info['post_data']
if post_data and "&" in post_data:
paras = request_info['post_data'].split('&')
for para in paras:
if para:
for payload in payloads:
payload_para = "{}{}".format(para, payload)
post_data_str = post_data.replace(para, payload_para)
request_info['post_data'] = post_data_str.strip()
type = "Post"
r = HackRequests(request_info).post_request()
if print_scan_result(type, r, post_data_str, payload,
request_info) == "vulnerable":
break