def __build_post_fuzzy_target_group_from_payload_group(self, target, bsqli_payload_group): """ Build a FuzzyTargetGroup from a PayloadGroup for POST requests. target Target object. bsqli_payload_group BSQLiPayloadGroup object. """ url = target.url post_keys = target.data.keys() #FIXME: Investigate why. !i have no idea why an empty list has to be # called to reinstantiate this object properly? fuzzy_target_groups = [] for key in post_keys: ftg = FuzzyTargetGroup() true_payload = bsqli_payload_group.true_payload data_copy = target.data.copy() data_copy[key] = data_copy[key] + str(true_payload) fuzzy_target = FuzzyTarget(url, url, key, "post", data=data_copy.copy(), payload=true_payload, unfuzzed_data=target.data) ftg.add_target(fuzzy_target) false_payload = bsqli_payload_group.false_payload data_copy = target.data.copy() data_copy[key] = data_copy[key] + str(false_payload) fuzzy_target = FuzzyTarget(url, url, key, "post", data=data_copy.copy(), payload=false_payload, unfuzzed_data=target.data) ftg.add_target(fuzzy_target) fuzzy_target_groups.append(ftg) return fuzzy_target_groups
def __build_get_fuzzy_target_group_from_payload_group(self, target, bsqli_payload_group): """ Build a fuzzy-wuzzy target group from a PayloadGroup for GET requests. target Target object. bsqli_payload_group BSQLiPayloadGroup object. """ url = target.url parsed_url = urlparse(url) parsed_url_query = parsed_url.query url_q_dic = parse_qs(parsed_url_query) #FIXME: Investigate this -> i have no idea why an empty list has to be # called to reinstantiate this object properly? fuzzy_target_groups = [] for query_param, _ in url_q_dic.iteritems(): ftg = FuzzyTargetGroup() true_fuzzy_url = self.append_to_param(url, query_param, str(bsqli_payload_group.true_payload)) true_fuzzy_target = FuzzyTarget(true_fuzzy_url, url, query_param, "get", payload=bsqli_payload_group.true_payload) ftg.add_target(true_fuzzy_target) false_fuzzy_url = (self.append_to_param(url, query_param, str(bsqli_payload_group.false_payload))) false_fuzzy_target = FuzzyTarget(false_fuzzy_url, url, query_param, "get", payload=bsqli_payload_group.false_payload) ftg.add_target(false_fuzzy_target) fuzzy_target_groups.append(ftg) return fuzzy_target_groups
def __build_post_fuzzy_target_group_from_payload_group( self, target, bsqli_payload_group): """ Build a FuzzyTargetGroup from a PayloadGroup for POST requests. target Target object. bsqli_payload_group BSQLiPayloadGroup object. """ url = target.url post_keys = target.data.keys() #FIXME: Investigate why. !i have no idea why an empty list has to be # called to reinstantiate this object properly? fuzzy_target_groups = [] for key in post_keys: ftg = FuzzyTargetGroup() true_payload = bsqli_payload_group.true_payload data_copy = target.data.copy() data_copy[key] = data_copy[key] + str(true_payload) fuzzy_target = FuzzyTarget(url, url, key, "post", data=data_copy.copy(), payload=true_payload, unfuzzed_data=target.data) ftg.add_target(fuzzy_target) false_payload = bsqli_payload_group.false_payload data_copy = target.data.copy() data_copy[key] = data_copy[key] + str(false_payload) fuzzy_target = FuzzyTarget(url, url, key, "post", data=data_copy.copy(), payload=false_payload, unfuzzed_data=target.data) ftg.add_target(fuzzy_target) fuzzy_target_groups.append(ftg) return fuzzy_target_groups
def __build_get_fuzzy_target_group_from_payload_group( self, target, bsqli_payload_group): """ Build a fuzzy-wuzzy target group from a PayloadGroup for GET requests. target Target object. bsqli_payload_group BSQLiPayloadGroup object. """ url = target.url parsed_url = urlparse(url) parsed_url_query = parsed_url.query url_q_dic = parse_qs(parsed_url_query) #FIXME: Investigate this -> i have no idea why an empty list has to be # called to reinstantiate this object properly? fuzzy_target_groups = [] for query_param, _ in url_q_dic.iteritems(): ftg = FuzzyTargetGroup() true_fuzzy_url = self.append_to_param( url, query_param, str(bsqli_payload_group.true_payload)) true_fuzzy_target = FuzzyTarget( true_fuzzy_url, url, query_param, "get", payload=bsqli_payload_group.true_payload) ftg.add_target(true_fuzzy_target) false_fuzzy_url = (self.append_to_param( url, query_param, str(bsqli_payload_group.false_payload))) false_fuzzy_target = FuzzyTarget( false_fuzzy_url, url, query_param, "get", payload=bsqli_payload_group.false_payload) ftg.add_target(false_fuzzy_target) fuzzy_target_groups.append(ftg) return fuzzy_target_groups