def checker(url, params, headers, GET, delay, payload, positions, timeout):
checkString = 'st4r7s' + payload + '3nd'
paramsCopy = copy.deepcopy(params)
response = requester(url, replacer(paramsCopy, xsschecker, checkString), headers, GET, delay, timeout).text.lower()
reflectedPositions = []
for match in re.finditer('st4r7s', response):
reflectedPositions.append(match.start())
filledPositions = fillHoles(positions, reflectedPositions)
# Itretating over the reflections
num = 0
efficiencies = []
for position in filledPositions:
allEfficiencies = []
try:
reflected = response[reflectedPositions[num]:reflectedPositions[num]+len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
allEfficiencies.append(efficiency)
except IndexError:
pass
if position:
reflected = response[position:position+len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')):
efficiency = 90
allEfficiencies.append(efficiency)
efficiencies.append(max(allEfficiencies))
else:
efficiencies.append(0)
num += 1
return list(filter(None, efficiencies))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
for fuzz in fuzzes:
if delay == 0:
delay = 0
t = delay + randint(delay, delay * 2) + counter(fuzz)
sleep(t)
paramsCopy = copy.deepcopy(params)
try:
if encoding:
fuzz = encoding(unquote(fuzz))
data = replacer(paramsCopy, xsschecker, fuzz)
response = requester(url, data, headers, GET, delay / 2, timeout)
except:
print('\n%s WAF is dropping suspicious requests.' % bad)
if delay == 0:
print('%s Delay has been increased to %s6%s seconds.' %
(info, green, end))
delay += 6
limit = (delay + 1) * 50
timer = -1
while timer < limit:
print('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' %
(info, green, limit, end),
end='\r')
limit -= 1
sleep(1)
try:
requester(url, params, headers, GET, 0, 10)
print(
'\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!'
% (good, green, (delay + 1) * 2), end)
except:
print(
'\n%s Looks like WAF has blocked our IP Address. Sorry!' %
bad)
break
if encoding:
fuzz = encoding(fuzz)
if fuzz.lower() in response.text.lower(
): # if fuzz string is reflected in the response
result = ('%s[passed] %s' % (green, end))
elif str(
response.status_code
)[:1] != '2': # if the server returned an error (Maybe WAF blocked it)
result = ('%s[blocked] %s' % (red, end))
else: # if the fuzz string was not reflected in the response completely
result = ('%s[filtered]%s' % (yellow, end))
print('%s %s' % (result, fuzz))
def checker(url, params, headers, GET, delay, payload, positions, timeout):
checkString = 'st4r7s' + payload
paramsCopy = copy.deepcopy(params)
response = requester(url, replacer(paramsCopy, xsschecker, checkString),
headers, GET, delay, timeout).text.lower()
reflectedPositions = []
for match in re.finditer('st4r7s', response):
reflectedPositions.append(match.start())
filledPositions = fillHoles(positions, reflectedPositions)
# Itretating over the reflections
efficiencies = []
for position in reflectedPositions:
if position:
reflected = response[position:position + len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
if reflected[-1] == '\\':
efficiency += 1
efficiencies.append(efficiency)
else:
efficiencies.append(0)
return efficiencies
