def Code(logs,fp): mapped = [] multi = False jpad = 4 opad = 0 tpl = "single" if not isinstance(logs,list): logs = [logs] if len(logs) > 1: multi = True jpad = 8 opad = 4 tpl = "multiple" for log in logs: mapped.append(Generate.substitute_map(log,jpad)) const_header = "None" const_cookies = "None" if multi: if len(set(map(lambda x: x["@@HEADER"],mapped))) == 1: const_header = To.Code(logs[0].request.HeaderNoCookies()) for m in mapped: m["@@HEADER"] = "header" if len(set(map(lambda x: x["@@COOKIES"],mapped))) == 1: const_cookies = To.Code(logs[0].request.cookies) for m in mapped: m["@@COOKIES"] = "cookies" t = Reader.Read("{0}/{1}.pyt".format(os.path.dirname(__file__),tpl)) req_objs = [Generate.gen_request_object(m,opad) for m in mapped] if multi: t = Reader.Substitute(t,"@@HEADER",const_header) t = Reader.Substitute(t,"@@COOKIES",const_cookies) t = Reader.Substitute(t,"@@REQOBJS",",\n".join(req_objs)) else: t = Reader.Substitute(t,"@@REQOBJ",req_objs[0]) Writer.Replace(fp,t) return "Python Script Written to: {0}".format(fp)
def load(self): try: if os.path.isfile(self._file): t = Reader.Json(self._file) for k, v in t.items(): self.Set(k, v) else: self.Save() except: self.Save()
def Init(self): if self.options.wordlist: self._wl = Reader.List(self.options.wordlist) else: self._wl = WordList.Get("web-common") if not self.options.output: self.options.output = "./dirscan.txt" if self.options.header: self._header = Reader.Json(self.options.header) else: self._header = waabi.globals.default_header if not self.options.threads: self.options.threads = 5 self._counter = 0 self._errors = 0 self._found = [] self._counts = {}
def WithMockOauth(self, issuer, private_key_file, kid): iat = int(datetime.datetime.now().timestamp()) headers = {"kid": kid} payload = self.payload payload["iss"] = issuer payload["iat"] = iat payload["exp"] = iat + 3600 try: token = jwt.encode(payload, Reader.Read(private_key_file), algorithm="RS256", headers=headers) return token except Exception as ex: return "Error encoding token: {0}".format(ex)
def gen_request_object(s_map,pad): lpad = " " * pad t = [ "ReqObj(", " url = @@URL,", " method = @@METHOD,", " header = @@HEADER,", " cookies = @@COOKIES,", " query = @@QUERY,", " body = @@BODY", ")" ] tpl = "\n".join([lpad + l for l in t]) for k,v in s_map.items(): tpl = Reader.Substitute(tpl,k,v) return tpl
def Construct(payload, keyfile, kid, issuer, header, secret, signature): alg = header["alg"] if header and "alg" in header.keys() else False if secret: if not alg: return "Error: Header containing an alg must be present when supplying secret." else: try: if alg in ("HS256", "HS512"): alg_enc = hashlib.sha512 if alg == "HS512" else hashlib.sha256 return Jwty.SignAsHS(header, payload, secret.encode(), alg_enc) header.pop("alg", None) token = jwt.encode(payload, secret, algorithm=alg, headers=header) return token except Exception as ex: return "Error encoding token: {0}".format(ex) if signature: eh = Jwty.Uenc(header) ep = Jwty.Uenc(payload) return "{0}.{1}.{2}".format(eh.decode(), ep.decode(), signature) header = header if header else {} header["alg"] = "RS256" header["kid"] = kid payload["iss"] = issuer try: token = jwt.encode(payload, Reader.Read(keyfile), algorithm="RS256", headers=header) return token except Exception as ex: return "Error encoding token: {0}".format(ex)
def Reload(self): self._logs = Parser.ParseBurpLog(Reader.Xml(self.source))
def Get(name): if name in Payload.GetNames(): return Reader.ReadBytes( os.path.join(waabi.globals.payload_path, name)) return False
def Init(self): if self.options.parameter not in ["header", "code", "cli"]: raise ValueError("Invalid Action parameter") if not self.options.input: raise ValueError("Missing required option -i Burp xml export ") self._burp_xml = Reader.Xml(self.options.input)
def Get(name): if name in WordList.GetNames(): return Reader.List( os.path.join(waabi.globals.wordlist_path, "{0}.txt".format(name))) return False