def _generate_base_uri_path(uri, uri_parameters, id_generator, fuzzable, already_used_parameters): while True: try: # Find first not yet found parameter, if there is one index = uri.index("{") prefix = uri[0:index] s_http_string(prefix, fuzzable=False, encoding=EncodingTypes.ascii) uri = uri[index + 1:] index = uri.index("}") parameter_name = uri[0:index] RequestBuildHelper._append_parameter(parameter_name, id_generator, uri_parameters, fuzzable) uri = uri[index + 1:] already_used_parameters.append(parameter_name) except ValueError: if len(uri) > 0: name = "URI attribute, default value: " + uri + ", id: " + next( id_generator) s_http_string(uri, fuzzable=False, encoding=EncodingTypes.ascii, name=name) break
def _append_parameter(parameter_name, id_generator, uri_parameters, fuzzable): fixed_attributes = ConfigurationManager.config[ "fixed_url_attributes"] if "fixed_url_attributes" in ConfigurationManager.config else None parameter: Parameter = RequestBuildHelper._get_parameter( parameter_name, fixed_attributes, uri_parameters) name = "URI attribute, default value: " + parameter.value + ", id: " + next( id_generator) is_part_fuzzable = fuzzable and not parameter.is_from_config if parameter.data_type and (parameter.data_type == 'integer' or parameter.data_type == 'number'): s_http_number(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name) elif parameter.data_type and parameter.data_type == 'string': s_http_boolean(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name) else: s_http_string(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable): if s_block_start("body"): if is_body_json: json_decoder.generate_mutations(fuzzable=fuzzable) elif body_string_example: s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable) s_block_end()
def generate_mutations(self, fuzzable=True): sequence_generator = _unique_json_primitive_id() for part in self.parts: name = "JSON Primitive, default value: " + part.value + ", id: " + next(sequence_generator) if part.json_primitive_type == int or part.json_primitive_type == float: s_http_number(part.value, fuzzable=fuzzable and part.fuzzable, encoding=part.encoding, name=name, add_quotation_marks=part.add_quotation_marks_into_payloads) elif part.json_primitive_type == bool: s_http_boolean(part.value, fuzzable=fuzzable and part.fuzzable, encoding=part.encoding, name=name, add_quotation_marks=part.add_quotation_marks_into_payloads) else: s_http_string(part.value, fuzzable=fuzzable and part.fuzzable, encoding=part.encoding, name=name)
def _generate_single_query_additional_parameter(id_generator, uri_parameters, fuzzable, parameter_name, required): are_non_required_attributes_in_requests = ConfigurationManager.are_non_required_attributes_in_requests( ) if required or are_non_required_attributes_in_requests: prefix = "?" if "?" not in s_render().decode('ascii', 'ignore') else "&" name = "URI attribute, default value: " + parameter_name + ", id: " + next( id_generator) s_http_string(prefix + parameter_name + "=", fuzzable=False, encoding=EncodingTypes.ascii, name=name) RequestBuildHelper._append_parameter(parameter_name, id_generator, uri_parameters, fuzzable)
def generate_http_fuzzed_blocks() -> str: request_name = "General HTTP fuzzing:" s_initialize(name=request_name) s_http_string("GET", name="HTTP method") s_delim(" ", name="Delimiter between method and path") s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path") s_delim(" ", name="Delimiter between path and version") s_http_string("HTTP/1.1\r\n", name="HTTP version") s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n") s_static("Content-Length: 0" + "\r\n") s_static("User-Agent: ") s_http_string("WapiFuzz", name="User-agent") s_delim("\r\n\r\n", name="HTTP headers and body delimiter") return request_name