def checker(url, params, headers, GET, delay, payload, positions, timeout, encoding): checkString = 'st4r7s' + payload + '3nd' if encoding: checkString = encoding(unquote(checkString)) response = requester(url, replaceValue( params, xsschecker, checkString, copy.deepcopy), headers, GET, delay, timeout).text.lower() reflectedPositions = [] for match in re.finditer('st4r7s', response): reflectedPositions.append(match.start()) filledPositions = fillHoles(positions, reflectedPositions) # Itretating over the reflections num = 0 efficiencies = [] for position in filledPositions: allEfficiencies = [] try: reflected = response[reflectedPositions[num] :reflectedPositions[num]+len(checkString)] efficiency = fuzz.partial_ratio(reflected, checkString.lower()) allEfficiencies.append(efficiency) except IndexError: pass if position: reflected = response[position:position+len(checkString)] if encoding: checkString = encoding(checkString.lower()) efficiency = fuzz.partial_ratio(reflected, checkString) if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')): efficiency = 90 allEfficiencies.append(efficiency) efficiencies.append(max(allEfficiencies)) else: efficiencies.append(0) num += 1 return list(filter(None, efficiencies))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): fuzzer_report = list() for fuzz in fuzzes: report = dict() if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) report['encoding'] = str(encoding) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) response = requester(url, data, headers, GET, delay / 2, timeout) except: logger.error('WAF is dropping suspicious requests.') if delay == 0: logger.info('Delay has been increased to %s6%s seconds.' % (green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: logger.info( '\rFuzzing will continue after %s%i%s seconds.\t\t\r' % (green, limit, end)) limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) logger.good( 'Pheww! Looks like sleeping for %s%i%s seconds worked!' % (green, ((delay + 1) * 2), end)) except: logger.error( '\nLooks like WAF has blocked our IP Address. Sorry!') break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower( ): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) result_report = 'passed' # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) result_report = 'blocked' else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) result_report = 'filtered' logger.info('%s %s' % (result, fuzz)) report['fuzz_string'] = fuzz report['status'] = result_report fuzzer_report.append(report) return fuzzer_report
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): #遍历fuzz,将fuzz赋值给相关参数 for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) #带着fuzz参数去请求 response = requester(url, data, headers, GET, delay / 2, timeout) except: #若出现异常,说明waf丢弃了恶意请求 logger.error('WAF is dropping suspicious requests.') #等待一段时间后,再请求一下,确认ip是否被屏蔽,被屏蔽了就停止fuzz if delay == 0: logger.info('Delay has been increased to %s6%s seconds.' % (green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: logger.info( '\rFuzzing will continue after %s%i%s seconds.\t\t\r' % (green, limit, end)) limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) logger.good( 'Pheww! Looks like sleeping for %s%i%s seconds worked!' % (green, ((delay + 1) * 2), end)) except: logger.error( '\nLooks like WAF has blocked our IP Address. Sorry!') break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower( ): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) logger.info('%s %s' % (result, fuzz))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) response = requester(url, data, headers, GET, delay / 2, timeout) except: print('\n%s WAF is dropping suspicious requests.' % bad) if delay == 0: print('%s Delay has been increased to %s6%s seconds.' % (info, green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: print('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r') limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) print( '\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end) except: print( '\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad) break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower( ): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) print('%s %s' % (result, fuzz))
def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding): for fuzz in fuzzes: if delay == 0: delay = 0 t = delay + randint(delay, delay * 2) + counter(fuzz) sleep(t) try: if encoding: fuzz = encoding(unquote(fuzz)) data = replaceValue(params, xsschecker, fuzz, copy.deepcopy) response = requester(url, data, headers, GET, delay/2, timeout) except: print ('\n%s WAF is dropping suspicious requests.' % bad) if delay == 0: print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end)) delay += 6 limit = (delay + 1) * 50 timer = -1 while timer < limit: print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r') limit -= 1 sleep(1) try: requester(url, params, headers, GET, 0, 10) print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % ( good, green, (delay + 1) * 2), end) except: print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad) break if encoding: fuzz = encoding(fuzz) if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response result = ('%s[passed] %s' % (green, end)) # if the server returned an error (Maybe WAF blocked it) elif str(response.status_code)[:1] != '2': result = ('%s[blocked] %s' % (red, end)) else: # if the fuzz string was not reflected in the response completely result = ('%s[filtered]%s' % (yellow, end)) print ('%s %s' % (result, fuzz))