def get_expired_cookies(
cookies: str,
now: float = None
) -> List[dict]:
now = now or time.time()
def is_expired(expires: Optional[float]) -> bool:
return expires is not None and expires <= now
attr_sets: List[Tuple[str, str]] = parse_ns_headers(
split_cookies(cookies)
)
cookies = [
# The first attr name is the cookie name.
dict(attrs[1:], name=attrs[0][0])
for attrs in attr_sets
]
_max_age_to_expires(cookies=cookies, now=now)
return [
{
'name': cookie['name'],
'path': cookie.get('path', '/')
}
for cookie in cookies
if is_expired(expires=cookie.get('expires'))
]
def merge_cookies_into_session(cookies_input):
jar = _context.session.cookies
if isinstance(cookies_input, list):
for item in cookies_input:
cookie = Cookie(
0,
item['name'],
item['value'],
None,
False,
item['domain'],
True,
bool(item['domain'].startswith(".")),
item['path'],
True,
item['secure'],
None,
False,
"",
"",
{},
)
logging.debug("Set cookie into context: %r", cookie)
jar.set_cookie(cookie)
else:
attrs_set = parse_ns_headers(cookies_input.split('; '))
merge_cookies(
jar, cookiejar_from_dict({x[0][0]: x[0][1]
for x in attrs_set}))
def make_cookies(self, response, request):
import time
from http.cookiejar import split_header_words,_warn_unhandled_exception,parse_ns_headers
"""Return sequence of Cookie objects extracted from response object."""
# get cookie-attributes for RFC 2965 and Netscape protocols
headers = response.info()
rfc2965_hdrs = headers.get_list("Set-Cookie2")
ns_hdrs = headers.get_list("Set-Cookie")
self._policy._now = self._now = int(time.time())
rfc2965 = self._policy.rfc2965
netscape = self._policy.netscape
if ((not rfc2965_hdrs and not ns_hdrs) or
(not ns_hdrs and not rfc2965) or
(not rfc2965_hdrs and not netscape) or
(not netscape and not rfc2965)):
return [] # no relevant cookie headers: quick exit
try:
cookies = self._cookies_from_attrs_set(
split_header_words(rfc2965_hdrs), request)
except Exception:
_warn_unhandled_exception()
cookies = []
if ns_hdrs and netscape:
try:
# RFC 2109 and Netscape cookies
ns_cookies = self._cookies_from_attrs_set(
parse_ns_headers(ns_hdrs), request)
except Exception:
_warn_unhandled_exception()
ns_cookies = []
self._process_rfc2109_cookies(ns_cookies)
# Look for Netscape cookies (from Set-Cookie headers) that match
# corresponding RFC 2965 cookies (from Set-Cookie2 headers).
# For each match, keep the RFC 2965 cookie and ignore the Netscape
# cookie (RFC 2965 section 9.1). Actually, RFC 2109 cookies are
# bundled in with the Netscape cookies for this purpose, which is
# reasonable behaviour.
if rfc2965:
lookup = {}
for cookie in cookies:
lookup[(cookie.domain, cookie.path, cookie.name)] = None
def no_matching_rfc2965(ns_cookie, lookup=lookup):
key = ns_cookie.domain, ns_cookie.path, ns_cookie.name
return key not in lookup
ns_cookies = filter(no_matching_rfc2965, ns_cookies)
if ns_cookies:
cookies.extend(ns_cookies)
return cookies
def get_expired_cookies(headers: List[Tuple[str, str]],
now: float = None) -> List[dict]:
now = now or time.time()
attr_sets: List[Tuple[str, str]] = parse_ns_headers(
value for name, value in headers if name.lower() == 'set-cookie')
cookies = [
# The first attr name is the cookie name.
dict(attrs[1:], name=attrs[0][0]) for attrs in attr_sets
]
return [{
'name': cookie['name'],
'path': cookie.get('path', '/')
} for cookie in cookies if cookie.get('expires', float('Inf')) <= now]
def parse_cookies(self, response):
# get cookie-attributes for RFC 2965 and Netscape protocols
headers = response.headers
ns_headers = headers.get_list("Set-Cookie")
if not ns_headers:
return []
try:
cookies_tuple = self._normalized_cookie_tuples(cookiejar.parse_ns_headers(ns_headers))
return [self._cookie_from_cookie_tuple(cookie_tuple, response) for cookie_tuple in cookies_tuple]
except Exception as e:
_logger.warning("Unexpected error: %r", e)
return []
def _bake_cookies(self):
resp = self._get_resp(self.path)
cookie_match = self.COOKIE_RE.search(resp.text)
if not cookie_match:
print('No apparent initialization cookie')
return
attrs = parse_ns_headers([cookie_match[1]])
jar: RequestsCookieJar = self._rsession.cookies
req = MockRequest(resp.request)
cookies = jar._cookies_from_attrs_set(attrs, req)
for cookie in cookies:
jar.set_cookie(cookie)
print('Cookies set: ' + ', '.join(jar.keys()))
def get_expired_cookies(headers: List[Tuple[str, str]],
now: float = None) -> List[dict]:
now = now or time.time()
def is_expired(expires: Optional[float]) -> bool:
return expires is not None and expires <= now
attr_sets: List[Tuple[str, str]] = parse_ns_headers(
value for name, value in headers if name.lower() == 'set-cookie')
cookies = [
# The first attr name is the cookie name.
dict(attrs[1:], name=attrs[0][0]) for attrs in attr_sets
]
return [{
'name': cookie['name'],
'path': cookie.get('path', '/')
} for cookie in cookies if is_expired(expires=cookie.get('expires'))]
"-fp",
help=
"Filters out parameters from being used on the scan, use on global params across the site (e.g. -fp err,username)"
)
parser.add_argument(
"-hi",
help=
"-hi FILENAME (collects hidden input types from HTML source code and writes them to the specified file for either further scanning.)"
)
parser.add_argument("-bc",
help="-bc [BURP COLLABORATOR PAYLOAD] (tests for SSRF)")
args = parser.parse_args()
if args.cookie:
cookie_array = str(args.cookie).split(";")
cookies = dict(res[0] for res in cookielib.parse_ns_headers(cookie_array))
print(cookies)
ThreadedStart.auth_cookie = cookies
if args.t:
ThreadedStart.number_of_threads = int(args.t)
if args.mode:
ThreadedStart.mode = int(args.mode)
if not args.e:
print(
"You need to specify a txt file at -e for your endpoints you want to scan."
)
sys.exit(0)
