def do_check(request):
# Check if defined any Host HTTP header.
if menu.options.host and settings.HOST_INJECTION == None:
request.add_header(settings.HOST, menu.options.host)
# Check if defined any User-Agent HTTP header.
if menu.options.agent:
request.add_header(settings.USER_AGENT, menu.options.agent)
# Check if defined any Referer HTTP header.
if menu.options.referer and settings.REFERER_INJECTION == None:
request.add_header(settings.REFERER, menu.options.referer)
# Check if defined any Cookie HTTP header.
if menu.options.cookie and settings.COOKIE_INJECTION == False:
request.add_header(settings.COOKIE, menu.options.cookie)
if not checks.get_header(request.headers, settings.HTTP_ACCEPT_HEADER):
request.add_header(settings.HTTP_ACCEPT_HEADER,
settings.HTTP_ACCEPT_HEADER_VALUE)
# Appends a fake HTTP header 'X-Forwarded-For'
if settings.TAMPER_SCRIPTS["xforwardedfor"]:
from src.core.tamper import xforwardedfor
xforwardedfor.tamper(request)
# Check if defined any HTTP Authentication credentials.
# HTTP Authentication: Basic / Digest Access Authentication.
if not menu.options.ignore_401:
if menu.options.auth_cred and menu.options.auth_type:
try:
settings.SUPPORTED_HTTP_AUTH_TYPES.index(
menu.options.auth_type)
if menu.options.auth_type == "basic":
b64_string = base64.encodestring(
menu.options.auth_cred).replace('\n', '')
request.add_header("Authorization",
"Basic " + b64_string + "")
elif menu.options.auth_type == "digest":
try:
url = menu.options.url
try:
response = urllib2.urlopen(url)
except urllib2.HTTPError, e:
try:
authline = e.headers.get(
'www-authenticate', '')
authobj = re.match('''(\w*)\s+realm=(.*),''',
authline).groups()
realm = authobj[1].split(',')[0].replace(
"\"", "")
user_pass_pair = menu.options.auth_cred.split(
":")
username = user_pass_pair[0]
password = user_pass_pair[1]
authhandler = urllib2.HTTPDigestAuthHandler()
authhandler.add_password(
realm, url, username, password)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)
result = urllib2.urlopen(url)
except AttributeError:
pass
except urllib2.HTTPError, e:
pass
except ValueError:
err_msg = "Unsupported / Invalid HTTP authentication type '" + menu.options.auth_type + "'."
err_msg += " Try basic or digest HTTP authentication type."
print settings.print_critical_msg(err_msg)
raise SystemExit()
else:
pass
# The MIME media type for JSON.
if settings.IS_JSON:
request.add_header("Content-Type", "application/json")
# Check if defined any extra HTTP headers.
if menu.options.headers or menu.options.header:
# Do replacement with the 'INJECT_HERE' tag, if the wildcard char is provided.
if menu.options.headers:
menu.options.headers = checks.wildcard_character(
menu.options.headers)
extra_headers = menu.options.headers
else:
menu.options.header = checks.wildcard_character(
menu.options.header)
extra_headers = menu.options.header
extra_headers = extra_headers.replace(":", ": ")
if ": //" in extra_headers:
extra_headers = extra_headers.replace(": //", "://")
if "\\n" in extra_headers:
extra_headers = extra_headers.split("\\n")
# Remove empty strings
extra_headers = [x for x in extra_headers if x]
if menu.options.header and not menu.options.headers and len(
extra_headers) > 1:
warn_msg = "Swithing '--header' to '--headers' "
warn_msg += "due to multiple extra HTTP headers."
print settings.print_warning_msg(warn_msg)
else:
tmp_extra_header = []
tmp_extra_header.append(extra_headers)
extra_headers = tmp_extra_header
for extra_header in extra_headers:
# Extra HTTP Header name
http_header_name = re.findall(r"(.*): ", extra_header)
http_header_name = ''.join(http_header_name).strip()
# Extra HTTP Header value
http_header_value = re.findall(r":(.*)", extra_header)
http_header_value = ''.join(http_header_value).strip()
# Check if it is a custom header injection.
if settings.CUSTOM_HEADER_INJECTION == False and \
settings.INJECT_TAG in http_header_value:
settings.CUSTOM_HEADER_INJECTION = True
settings.CUSTOM_HEADER_NAME = http_header_name
request.add_header(http_header_name, http_header_value)
def do_check(request):
# Check if defined any Host HTTP header.
if menu.options.host and settings.HOST_INJECTION == None:
request.add_header(settings.HOST, menu.options.host)
# Check if defined any User-Agent HTTP header.
if menu.options.agent:
request.add_header(settings.USER_AGENT, menu.options.agent)
# Check if defined any Referer HTTP header.
if menu.options.referer and settings.REFERER_INJECTION == None:
request.add_header(settings.REFERER, menu.options.referer)
# Check if defined any Cookie HTTP header.
if menu.options.cookie and settings.COOKIE_INJECTION == False:
request.add_header(settings.COOKIE, menu.options.cookie)
if not checks.get_header(request.headers, settings.HTTP_ACCEPT_HEADER):
request.add_header(settings.HTTP_ACCEPT_HEADER,
settings.HTTP_ACCEPT_HEADER_VALUE)
# The MIME media type for JSON.
if menu.options.data:
if re.search(settings.JSON_RECOGNITION_REGEX, menu.options.data) or \
re.search(settings.JSON_LIKE_RECOGNITION_REGEX, menu.options.data):
request.add_header("Content-Type", "application/json")
# Appends a fake HTTP header 'X-Forwarded-For'
if settings.TAMPER_SCRIPTS["xforwardedfor"]:
from src.core.tamper import xforwardedfor
xforwardedfor.tamper(request)
# Default value for "Accept-Encoding" HTTP header
request.add_header('Accept-Encoding',
settings.HTTP_ACCEPT_ENCODING_HEADER_VALUE)
# Check if defined any HTTP Authentication credentials.
# HTTP Authentication: Basic / Digest Access Authentication.
if menu.options.auth_cred and menu.options.auth_type:
try:
settings.SUPPORTED_HTTP_AUTH_TYPES.index(menu.options.auth_type)
if menu.options.auth_type == "basic":
b64_string = encodebytes(
menu.options.auth_cred.encode(
settings.DEFAULT_CODEC)).decode().replace('\n', '')
request.add_header("Authorization", "Basic " + b64_string + "")
elif menu.options.auth_type == "digest":
try:
url = menu.options.url
try:
response = _urllib.request.urlopen(
url, timeout=settings.TIMEOUT)
except _urllib.error.HTTPError as e:
try:
authline = e.headers.get('www-authenticate', '')
authobj = re.match('''(\w*)\s+realm=(.*),''',
authline).groups()
realm = authobj[1].split(',')[0].replace("\"", "")
user_pass_pair = menu.options.auth_cred.split(":")
username = user_pass_pair[0]
password = user_pass_pair[1]
authhandler = _urllib.request.HTTPDigestAuthHandler(
)
authhandler.add_password(realm, url, username,
password)
opener = _urllib.request.build_opener(authhandler)
_urllib.request.install_opener(opener)
result = _urllib.request.urlopen(
url, timeout=settings.TIMEOUT)
except AttributeError:
pass
except _urllib.error.HTTPError as e:
pass
except ValueError:
err_msg = "Unsupported / Invalid HTTP authentication type '" + menu.options.auth_type + "'."
err_msg += " Try basic or digest HTTP authentication type."
print(settings.print_critical_msg(err_msg))
raise SystemExit()
else:
pass
# Check if defined any extra HTTP headers.
if menu.options.headers or menu.options.header or len(
settings.RAW_HTTP_HEADERS) >= 1:
if len(settings.RAW_HTTP_HEADERS) >= 1:
menu.options.headers = settings.RAW_HTTP_HEADERS
# Do replacement with the 'INJECT_HERE' tag, if the wildcard char is provided.
if menu.options.headers:
menu.options.headers = checks.wildcard_character(
menu.options.headers)
extra_headers = menu.options.headers
else:
menu.options.header = checks.wildcard_character(
menu.options.header)
extra_headers = menu.options.header
extra_headers = extra_headers.replace(":", ": ")
if ": //" in extra_headers:
extra_headers = extra_headers.replace(": //", "://")
if "\\n" in extra_headers:
extra_headers = extra_headers.split("\\n")
# Remove empty strings and "Content-Length"
extra_headers = [
x for x in extra_headers if "Content-Length" not in x
]
else:
tmp_extra_header = []
tmp_extra_header.append(extra_headers)
extra_headers = tmp_extra_header
# Remove empty strings
extra_headers = [x for x in extra_headers if x]
for extra_header in extra_headers:
try:
# Extra HTTP Header name
http_header_name = extra_header.split(':', 1)[0]
http_header_name = ''.join(http_header_name).strip()
# Extra HTTP Header value
http_header_value = extra_header.split(':', 1)[1]
http_header_value = ''.join(http_header_value).strip().replace(
": ", ":")
# Check if it is a custom header injection.
if settings.CUSTOM_HEADER_INJECTION == False and \
settings.INJECT_TAG in http_header_value:
settings.CUSTOM_HEADER_INJECTION = True
settings.CUSTOM_HEADER_NAME = http_header_name
# Add HTTP Header name / value to the HTTP request
if http_header_name not in [
settings.HOST, settings.USER_AGENT, settings.REFERER,
settings.COOKIE
]:
request.add_header(
http_header_name.encode(settings.DEFAULT_CODEC),
http_header_value.encode(settings.DEFAULT_CODEC))
except:
pass
# eof
def do_check(request):
# Check if defined any Host HTTP header.
if menu.options.host and settings.HOST_INJECTION == None:
request.add_header(settings.HOST, menu.options.host)
# Check if defined any User-Agent HTTP header.
if menu.options.agent:
request.add_header(settings.USER_AGENT, menu.options.agent)
# Check if defined any Referer HTTP header.
if menu.options.referer and settings.REFERER_INJECTION == None:
request.add_header(settings.REFERER, menu.options.referer)
# Check if defined any Cookie HTTP header.
if menu.options.cookie and settings.COOKIE_INJECTION == False:
request.add_header(settings.COOKIE, menu.options.cookie)
if not checks.get_header(request.headers, settings.HTTP_ACCEPT_HEADER):
request.add_header(settings.HTTP_ACCEPT_HEADER, settings.HTTP_ACCEPT_HEADER_VALUE)
# Appends a fake HTTP header 'X-Forwarded-For'
if settings.TAMPER_SCRIPTS["xforwardedfor"]:
from src.core.tamper import xforwardedfor
xforwardedfor.tamper(request)
# Check if defined any HTTP Authentication credentials.
# HTTP Authentication: Basic / Digest Access Authentication.
if menu.options.auth_cred and menu.options.auth_type:
try:
settings.SUPPORTED_HTTP_AUTH_TYPES.index(menu.options.auth_type)
if menu.options.auth_type == "basic":
b64_string = base64.encodestring(menu.options.auth_cred).replace('\n', '')
request.add_header("Authorization", "Basic " + b64_string + "")
elif menu.options.auth_type == "digest":
try:
url = menu.options.url
try:
response = urllib2.urlopen(url)
except urllib2.HTTPError, e:
try:
authline = e.headers.get('www-authenticate', '')
authobj = re.match('''(\w*)\s+realm=(.*),''',authline).groups()
realm = authobj[1].split(',')[0].replace("\"","")
user_pass_pair = menu.options.auth_cred.split(":")
username = user_pass_pair[0]
password = user_pass_pair[1]
authhandler = urllib2.HTTPDigestAuthHandler()
authhandler.add_password(realm, url, username, password)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)
result = urllib2.urlopen(url)
except AttributeError:
pass
except urllib2.HTTPError, e:
pass
except ValueError:
err_msg = "Unsupported / Invalid HTTP authentication type '" + menu.options.auth_type + "'."
err_msg += " Try basic or digest HTTP authentication type."
print settings.print_critical_msg(err_msg)
raise SystemExit()
else:
pass
# The MIME media type for JSON.
if settings.IS_JSON:
request.add_header("Content-Type", "application/json")
# Check if defined any extra HTTP headers.
if menu.options.headers or menu.options.header:
# Do replacement with the 'INJECT_HERE' tag, if the wildcard char is provided.
if menu.options.headers:
menu.options.headers = checks.wildcard_character(menu.options.headers)
extra_headers = menu.options.headers
else:
menu.options.header = checks.wildcard_character(menu.options.header)
extra_headers = menu.options.header
extra_headers = extra_headers.replace(":",": ")
if ": //" in extra_headers:
extra_headers = extra_headers.replace(": //" ,"://")
if "\\n" in extra_headers:
extra_headers = extra_headers.split("\\n")
# Remove empty strings
extra_headers = [x for x in extra_headers if x]
if menu.options.header and not menu.options.headers and len(extra_headers) > 1:
warn_msg = "Swithing '--header' to '--headers' "
warn_msg += "due to multiple extra HTTP headers."
print settings.print_warning_msg(warn_msg)
else:
tmp_extra_header = []
tmp_extra_header.append(extra_headers)
extra_headers = tmp_extra_header
for extra_header in extra_headers:
# Extra HTTP Header name
http_header_name = re.findall(r"(.*): ", extra_header)
http_header_name = ''.join(http_header_name).strip()
# Extra HTTP Header value
http_header_value = re.findall(r":(.*)", extra_header)
http_header_value = ''.join(http_header_value).strip()
# Check if it is a custom header injection.
if settings.CUSTOM_HEADER_INJECTION == False and \
settings.INJECT_TAG in http_header_value:
settings.CUSTOM_HEADER_INJECTION = True
settings.CUSTOM_HEADER_NAME = http_header_name
request.add_header(http_header_name, http_header_value)
