def get_payloads(self, temper_names, use_api, model=LIGHT_MODEL):
if use_api:
PayLoads.fuzz_dic_path = FUZZ_API_DIC_PATH
logger = log.get_logger()
logger.info('loading default paloads')
self.init_payloads()
logger.info('loading default paloads success')
if temper_names:
temper_names = [
temper_name.strip() for temper_name in temper_names.split(",")
]
try:
logger.setLevel(logging.DEBUG)
self.load_temper_instances(temper_names)
temp_payloads = copy.deepcopy(self.payloads)
# 1.单独编码
self.encode_payload_single_temper(temp_payloads, temper_names,
model)
# 2.混合编码
self.encode_payload_mix_temper(temp_payloads, temper_names,
model)
except TemperNotFoundError as e:
traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))
exit()
logger.setLevel(logging.INFO)
logger.info("{} payloads loaded".format(len(self.payloads)))
return self.payloads
def check_complete_url_is_alive(self):
logger = log.get_logger()
logger.setLevel(logging.DEBUG)
logger.debug("checking if url is available")
if TaskSchedule.check_url_is_alive(self._complete_packet.url,
self._complete_packet.cookie,
self._complete_packet.data):
logger.setLevel(logging.INFO)
logger.info("url connection success ")
else:
logger.setLevel(logging.ERROR)
logger.error("url connection fail, please check your input ")
exit()
def notify(self, xss_status, xss_payloads):
with FuzzTask.working_num_thread_lock:
FuzzTask.notify_num += 1
if xss_status is True:
if FuzzTask.notify_num == 1:
logger = log.get_logger()
logger.setLevel(logging.CRITICAL)
logger.critical("[!] xssfork find XSS Vulnerability")
try:
payload = xss_payloads.pop()
print "---"
print " Status: Vulnerable"
print " payload_url: {}".format(payload.get('url'))
if payload.get('data') is not None:
print " payload_data: {}".format(payload.get('data'))
print "---"
except Exception:
traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))
def load_temper_instances(self, temper_names):
logger = log.get_logger()
for temper_name in temper_names:
logger.setLevel(logging.DEBUG)
logger.debug('check temper {} is existed'.format(temper_name))
temper_path = "%s%s.py" % (TEMPER_PATH, temper_name)
temper_instance = None
try:
temper_instance = imp.load_source('Temper',
temper_path).Temper()
if temper_instance is not None and not self.temper_instances.has_key(
temper_name):
self.temper_instances[temper_name] = temper_instance
logger.setLevel(logging.INFO)
logger.info('temper {} is existed'.format(temper_name))
except IOError as e:
logger.setLevel(logging.ERROR)
logger.error('temper {} is not existed'.format(temper_name))
raise TemperNotFoundError(temper_name)
def check_has_params(self):
logger = log.get_logger()
logger.setLevel(logging.DEBUG)
logger.debug("checking if has_params")
url_payload = ""
data_payload = ""
if self._complete_packet.data is not None:
data_payload = UrlClassification.simplify_url(
self._complete_packet.data, HTTP_POST_METHOD)
else:
url_payload = UrlClassification.simplify_url(
self._complete_packet.url, HTTP_GET_METHOD)
if "bsmali4" in data_payload or "bsmali4" in url_payload:
logger.setLevel(logging.INFO)
logger.info("there is params, xssfork will work")
else:
logger.setLevel(logging.ERROR)
logger.error("there is no params, please check your input ")
exit()
def get_payloads(self, temper_names, model=LIGHT_MODEL):
logger = log.get_logger()
logger.info('loading default paloads')
self.init_payloads()
logger.info('loading default paloads success')
if temper_names:
temper_names = [
temper_name.strip() for temper_name in temper_names.split(",")
]
try:
logger.setLevel(logging.DEBUG)
self.load_temper_instances(temper_names)
temp_payloads = copy.deepcopy(self.payloads)
self.encode_payload_single_temper(temp_payloads, temper_names,
model)
self.encode_payload_mix_temper(temp_payloads, temper_names,
model)
except TemperNotFoundError, e:
traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))
exit()
def notify(self, xss_status, xss_payloads):
with FuzzTask.working_num_thread_lock:
FuzzTask.notify_num += 1
if xss_status is True:
if FuzzTask.notify_num == 1:
logger = log.get_logger()
logger.setLevel(logging.CRITICAL)
logger.critical("[!] xssfork find XSS Vulnerability")
try:
payload = xss_payloads.pop()
print ("---")
print (" Status: Vulnerable")
print (" payload_url: {}".format(payload.get('url')))
if payload.get('data') is not None:
print (" payload_data: {}".format(payload.get('data')))
print ("---")
if self.is_call_xssfork_api(): # 调用api则保存数据到数据
xssfork_task = XssforkTask(id=self._complete_packet.id)
xssfork_task.change(payload=json.dumps(payload))
except Exception as e:
traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))
def notify(self, xss_status, xss_payloads):
if xss_status is False:
logger = log.get_logger()
logger.setLevel(logging.WARNING)
logger.warning("[!] xssfork can not find XSS Vulnerability")
