def body_attack(self, **data):
"""Method to attack request body"""
payloads = self.body_payload
body = data['body']
raw_header = data['raw_header']
body_array = data['body_array']
if 'referer_url' in data.keys():
referer_url = data['referer_url']
else:
referer_url = 'None'
self.method = str(raw_header[0]).split(" ")[0] # method
self.url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
self.sub_attack_type = SUB_ATTACK_TYPE[2] # sub attack type is body
# capture the content length by sending the requests as it is
if self.method.lower() in SUPPORTED_HTTP_METHODS:
if self.method.lower() in ['put', 'post']:
response = self.http_requests.send_requests(
method=self.method,
url_path=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=self.header,
url_attack=True)
if self.config_dict['printer_type'] in [SOL, SIRIUS_CLASSIC]:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
elif self.config_dict['printer_type'] in [PHOENIX, APOLLO]:
response = self.http_requests.get_request(
url=referer_url,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
if response == 000:
content_length = "No Response"
else:
content_length = len(response.text)
for payload in payloads:
for key, value in body_array.items():
print_message(self.sub_attack_type, self.method,
self.url_path)
tag, current_val, return_body = inject_payload(
payload=payload,
body_array=[key, value],
raw_body=body,
printer_type=self.config_dict['printer_type'])
# send http request
response = self.http_requests.send_requests(
body=return_body,
headers=raw_header,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
print_status_code(response)
if response == 000:
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
self.add_data(
status_code=000,
tag=tag,
actual_data=current_val,
payload=payload,
current_data="No Response",
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=000,
tag=tag,
actual_data=current_val,
payload=payload,
current_data="No Response",
result="Vulnerable")
else:
if self.config_dict['printer_type'] in [
SOL, SIRIUS_CLASSIC
]:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
elif self.config_dict['printer_type'] in [
PHOENIX, APOLLO
]:
response = self.http_requests.get_request(
url=referer_url,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
if str(response.status_code).startswith("2"):
rsp_content_length = len(response.text)
# print(f"content length : {content_length}")
# print(f"response content length : {rsp_content_length}")
if rsp_content_length != content_length:
current_data, result = analyze_data(
payload=payload,
tag=tag,
response=response.text,
printer_type=self.
config_dict['printer_type'])
else:
current_data = response.text
result = "False Positive"
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data=current_data,
result=result,
act_header_adt_rsp=
active_header_response,
act_header_adt_rsl=active_header_result
)
else:
self.add_data(
status_code=response.status_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data=current_data,
result=result)
else:
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data=response.text,
result="False Positive",
act_header_adt_rsp=
active_header_response,
act_header_adt_rsl=active_header_result
)
else:
self.add_data(
status_code=response.status_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data=response.text,
result="False Positive")
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))
def header_attack(self, body, raw_header):
"""Method start header attack"""
self.method = str(raw_header[0]).split(" ")[0] # method
self.url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
self.sub_attack_type = SUB_ATTACK_TYPE[0] # sub attack type header
if self.method.lower() in SUPPORTED_HTTP_METHODS:
# Origin and Referer invalid value Check
for csrf_headers in ["Origin", "Referer"]:
count = 0
for payload in self.payloads:
tmp_header = copy.deepcopy(self.header)
if csrf_headers == "Origin":
if "Origin" not in tmp_header.keys():
tmp_header["Origin"] = payload
else:
tmp_header[csrf_headers] = payload
else:
if count == 2:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/",
f"{self.config_dict['protocol_type']}://{self.config_dict['ip_address'][:-1]}/",
tmp_header[csrf_headers])
elif count == 3:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/",
f"http://{self.config_dict['ip_address']}/",
tmp_header[csrf_headers])
elif count == 4:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/", f"NPI253114/",
tmp_header[csrf_headers])
elif count == 5:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/",
f"NPI253114.tesnetwork.com/",
tmp_header[csrf_headers])
else:
tmp_header[csrf_headers] = payload
print_message(self.sub_attack_type, self.method,
self.url_path)
# send http request
if self.method.lower() in ['post', 'put']:
response = self.http_requests.send_requests(
method=self.method,
url_path=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=tmp_header,
header_attack=True)
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=tmp_header)
print_status_code(response)
if response == 000:
response_code = "No Response"
else:
response_code = response.status_code
header = str()
for head_key, head_value in tmp_header.items():
header = f"{header}{head_key}:{head_value}\n"
active_header_result = "None"
active_header_response = "None"
if not str(response_code).startswith("4"):
if response_code == 000:
response_code = 000
response_header = "None"
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response_code
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable")
else:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="False Positive")
count += 1
# Origin and Referer valid value Check
for csrf_headers in ["Origin", "Referer"]:
count = 0
for payload in self.valid_payload:
tmp_header = copy.deepcopy(self.header)
if csrf_headers == "Origin":
if "Origin" not in tmp_header.keys():
tmp_header["Origin"] = payload
else:
tmp_header[csrf_headers] = payload
else:
if count == 0:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/",
f"{self.config_dict['protocol_type']}://{self.config_dict['ip_address']}/",
tmp_header[csrf_headers])
elif count == 1:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/", f"{self.host_name}/",
tmp_header[csrf_headers])
elif count == 2:
if "Referer" not in tmp_header.keys():
tmp_header["Referer"] = ""
tmp_header[csrf_headers] = re.sub(
r"(https|http)://(.+?)/",
f"{self.host_name}.{self.domain_name}/",
tmp_header[csrf_headers])
print_message(self.sub_attack_type, self.method,
self.url_path)
# send http request
if self.method.lower() in ['post', 'put']:
response = self.http_requests.send_requests(
method=self.method,
url_path=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=tmp_header,
header_attack=True)
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=tmp_header)
print_status_code(response)
if response == 000:
response_code = response
else:
response_code = response.status_code
header = str()
for head_key, head_value in tmp_header.items():
header = f"{header}{head_key}:{head_value}\n"
active_header_result = "None"
active_header_response = "None"
if not str(response_code).startswith("2"):
if response == 000:
response_code = response_code
response_header = "None"
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response_code
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable")
else:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="False Positive")
count += 1
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))
def url_attack(self, body, raw_header, referer_url=None):
self.method = str(raw_header[0]).split(" ")[0] # method
url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
self.sub_attack_type = SUB_ATTACK_TYPE[1] # sub attack type is url
# capture the content length by sending the requests as it is
# send http request
if self.method.lower() in SUPPORTED_HTTP_METHODS:
if self.method.lower() in ['put', 'post']:
response = self.http_requests.send_requests(
method=self.method,
url_path=url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=self.header,
url_attack=True)
if self.config_dict['printer_type'] in [SOL, SIRIUS_CLASSIC]:
response = self.http_requests.get_request(
url=url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
elif self.config_dict['printer_type'] in [PHOENIX, APOLLO]:
response = self.http_requests.get_request(
url=referer_url,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=self.header)
if response == 000:
content_length = "No Response"
else:
content_length = len(response.text)
for payload in self.payload:
intruder_url = url_path + "?" + payload
self.url_path = intruder_url
print_message(self.sub_attack_type, self.method, self.url_path)
# send http request
if self.method.lower() in ['post', 'put']:
response = self.http_requests.send_requests(
method=self.method,
url_path=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=self.header,
url_attack=True)
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=self.header)
print_status_code(response)
active_header_result = "None"
active_header_response = "None"
if response == 000 or str(response.status_code).startswith("2") or \
str(response.status_code).startswith("5"):
if response == 000:
response_code = 000
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response.status_code
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if response_code == 000:
current_data = "No Response"
rsp_content_length = "No Response"
else:
current_data = response.text
rsp_content_length = len(response.text)
# print(f"Default length : {content_length}")
# print(f"After Assess length : {rsp_content_length}")
if rsp_content_length != content_length:
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag="None",
actual_data="None",
payload=payload,
current_data=current_data,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data="None",
payload=payload,
current_data=current_data,
result="Vulnerable")
else:
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag="None",
actual_data="None",
payload=payload,
current_data=current_data,
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data="None",
payload=payload,
current_data=current_data,
result="False Positive")
else:
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag="None",
actual_data="None",
payload=payload,
current_data=response.text,
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data="None",
payload=payload,
current_data=response.text,
result="False Positive")
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))
def header_attack(self, payload, body, raw_header):
"""Method start header attack"""
self.method = str(raw_header[0]).split(" ")[0] # method
self.url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
self.sub_attack_type = SUB_ATTACK_TYPE[0] # sub attack type is header
if self.method.lower() in SUPPORTED_HTTP_METHODS:
if 'header_exclusion' in self.config_dict.keys():
exclusion_header = change_exclusion_header_format(
self.config_dict['header_exclusion'])
if type(exclusion_header) is not list:
exclusion_header = [exclusion_header]
for key, value in self.header.items():
tmp_header = copy.deepcopy(self.header)
if key not in exclusion_header:
print_message(self.sub_attack_type, self.method,
self.url_path)
tmp_header[key] = payload
# send http request
if self.method.lower() in ['post', 'put']:
response = self.http_requests.send_requests(
method=self.method,
url_path=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=tmp_header,
header_attack=True)
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=tmp_header)
print_status_code(response)
header = str()
for head_key, head_value in tmp_header.items():
header = f"{header}{head_key}:{head_value}\n"
active_header_result = "None"
active_header_response = "None"
if response == 000 or str(response.status_code).startswith("2") \
or str(response.status_code).startswith("5"):
if response == 000:
response_code = 000
response_header = "None"
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response.status_code
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable")
else:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="False Positive")
else:
for key, value in self.header.items():
tmp_header = copy.deepcopy(self.header)
tmp_header[key] = payload
print_message(self.sub_attack_type, self.method,
self.url_path)
# send http request
if self.method.lower() in ['put', 'post']:
response = self.http_requests.send_requests(
method=self.method,
url_path=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=tmp_header,
header_attack=True)
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=tmp_header)
print_status_code(response)
header = str()
for head_key, head_value in tmp_header.items():
header = f"{header}{head_key}:{head_value}\n"
active_header_result = "None"
active_header_response = "None"
if response == 000 or str(response.status_code).startswith("2") \
or str(response.status_code).startswith("5"):
if response == 000:
response_code = 000
response_header = "None"
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response.status_code
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable")
else:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data=header,
payload=payload,
current_data=response_header,
result="False Positive")
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))
def body_attack(self, payload, body, raw_header, body_array):
"""Method to attack request body"""
self.method = str(raw_header[0]).split(" ")[0] # method
self.url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
self.sub_attack_type = SUB_ATTACK_TYPE[2] # sub attack type is body
if self.method.lower() in SUPPORTED_HTTP_METHODS:
for key, value in body_array.items():
print_message(self.sub_attack_type, self.method, self.url_path)
tag, current_val, return_body = inject_payload(
payload=payload,
body_array=[key, value],
raw_body=body,
printer_type=self.config_dict['printer_type'])
# send http request
response = self.http_requests.send_requests(
body=return_body,
headers=raw_header,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'])
print_status_code(response)
active_header_result = "None"
active_header_response = "None"
if response == 000 or str(response.status_code).startswith("2") \
or str(response.status_code).startswith("5"):
if response == 000:
response_code = 000
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response.status_code
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(
status_code=response_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data="None",
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data="None",
result="Vulnerable")
else:
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(
status_code=response.status_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data="None",
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag=tag,
actual_data=current_val,
payload=payload,
current_data="None",
result="False Positive")
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))
def url_attack(self, payload, body, raw_header):
self.method = str(raw_header[0]).split(" ")[0] # method
self.sub_attack_type = SUB_ATTACK_TYPE[1] # sub attack type is url
url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
intrude_url = url_path + "?" + payload
self.url_path = intrude_url
if self.method.lower() in SUPPORTED_HTTP_METHODS:
print_message(self.sub_attack_type, self.method, self.url_path)
if self.method.lower() in ['post', 'put']:
response = self.http_requests.send_requests(
method=self.method,
url_path=intrude_url,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
body=body,
header=self.header,
url_attack=True)
else:
response = self.http_requests.get_request(
url=self.url_path,
ip_address=self.config_dict['ip_address'],
protocol=self.config_dict['protocol_type'],
header=self.header)
print_status_code(response)
active_header_result = "None"
active_header_response = "None"
if response == 000 or str(response.status_code).startswith("2") or \
str(response.status_code).startswith("5"):
if response == 000:
response_code = 000
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response.status_code
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(status_code=response_code,
tag="None",
actual_data="None",
payload=payload,
current_data="None",
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response_code,
tag="None",
actual_data="None",
payload=payload,
current_data="None",
result="Vulnerable")
else:
if self.active_header_audit:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(status_code=response.status_code,
tag="None",
actual_data="None",
payload=payload,
current_data="None",
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data="None",
payload=payload,
current_data="None",
result="False Positive")
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))
def body_attack(self, **data):
body = data['body']
raw_header = data['raw_header']
self.method = str(raw_header[0]).split(" ")[0] # method
self.url_path = str(
raw_header[0]).split(" ")[1] # url were the request has to be made
self.sub_attack_type = SUB_ATTACK_TYPE[0] # sub attack type is body
if self.method.lower() in SUPPORTED_HTTP_METHODS:
tmp_header = copy.deepcopy(self.header)
print_message(self.sub_attack_type, self.method, self.url_path)
url = f"{self.config_dict['protocol_type']}://{self.config_dict['ip_address']}{self.url_path}"
if self.method.lower() == "put":
response = self.http_requests.put(request_url=url,
header=self.header,
body=body)
elif self.method.lower() == "post":
response = self.http_requests.post(request_url=url,
header=self.header,
body=body)
else:
response = self.http_requests.get(request_url=url,
header=self.header,
body=body)
print_status_code(response)
header = str()
for head_key, head_value in tmp_header.items():
header = f"{header}{head_key}:{head_value}\n"
active_header_result = "None"
active_header_response = "None"
if response == 000 or str(response.status_code).startswith("2") \
or str(response.status_code).startswith("5"):
if response == 000:
response_code = 000
response_header = "None"
if self.active_header_audit:
active_header_result = "No Response"
active_header_response = "No Response"
else:
response_code = response.status_code
response_header = ""
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
if self.active_header_audit:
self.add_data(status_code=response_code,
tag="None",
actual_data=header,
payload="No Payload",
current_data=response_header,
result="Vulnerable",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(
status_code=response_code,
tag="None",
actual_data=header,
payload="No Payload",
current_data=response_header,
result="Vulnerable",
)
else:
response_header = str()
for k, v in response.headers.items():
response_header = f"{response_header}{k} : {v}\n"
if self.active_header_audit:
active_header_result = self.active_header_audit.check_response_headers(
response.headers)
active_header_response = response_header
self.add_data(status_code=response.status_code,
tag="None",
actual_data=header,
payload="No Payload",
current_data=response_header,
result="False Positive",
act_header_adt_rsp=active_header_response,
act_header_adt_rsl=active_header_result)
else:
self.add_data(status_code=response.status_code,
tag="None",
actual_data=header,
payload="No Payload",
current_data=response_header,
result="False Positive")
else:
print(
colored(f"{self.method} has not been implemented in tool!!!!",
"red"))