def requester(url, data, headers, GET, delay, timeout): if getVar('jsonData'): data = converter(data) elif getVar('path'): url = converter(data, url) data = [] GET, POST = True, False time.sleep(delay) user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'] if ('User-Agent' not in headers) or (headers['User-Agent'] == '$'): headers['User-Agent'] = random.choice(user_agents) logger.debug('Requester url: {}'.format(url)) logger.debug('Requester GET: {}'.format(GET)) logger.debug_json('Requester data:', data) logger.debug_json('Requester headers:', headers) try: if GET: response = requests.get(url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) elif getVar('jsonData'): response = requests.post(url, json=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = requests.post(url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) return response except ProtocolError: logger.warning('WAF is dropping suspicious requests.') logger.warning('Scanning will continue after 10 minutes.') time.sleep(600)
def requester(url, data, headers, GET, delay, timeout): if core.config.globalVariables['jsonData']: data = converter(data) elif core.config.globalVariables['path']: url = converter(data, url) data = [] time.sleep(delay) user_agents = [ 'Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991' ] if 'User-Agent' not in headers: headers['User-Agent'] = random.choice(user_agents) elif headers['User-Agent'] == '$': headers['User-Agent'] = random.choice(user_agents) if GET: response = requests.get(url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = requests.post(url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) return response
def requester(url,data,headers,GET,delay,timeout): if url == 'https://portal.biznetgio.net/signout': print("URL CHANGED") url = 'https://portal.biznetgio.net/dashboard' print("====================URL=====================") print(url) print("============================================") webdriver = container.vars['driver'] if getVar('jsonData'): data = converter(data) elif getVar('path'): url = converter(data, url) data = [] GET, POST = True, False time.sleep(delay) user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'] if 'User-Agent' not in headers: headers['User-Agent'] = random.choice(user_agents) elif headers['User-Agent'] == '$': headers['User-Agent'] = random.choice(user_agents) logger.debug('Requester url: {}'.format(url)) logger.debug('Requester GET: {}'.format(GET)) logger.debug_json('Requester data:', data) logger.debug_json('Requester headers:', headers) try: if GET: response = webdriver.request('GET',url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) elif getVar('jsonData'): response = webdriver.request('POST',url, json=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = webdriver.request('POST',url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) if url == 'https://portal.biznetgio.net/other-services': print("==================================RESPONSE======================================") print(response.text) print("===============================RESPONSE END=====================================") print("==================================Container======================================") print(container.vars) print("===============================Cookies END=====================================") return response except ProtocolError: logger.warning('WAF is dropping suspicious requests.') logger.warning('Scanning will continue after 10 minutes.') time.sleep(600) except Exception as e: print("LAH ERROR") print(str(e))
def requester(url, data, headers, GET, delay, timeout): if core.config.globalVariables['jsonData']: data = converter(data) elif core.config.globalVariables['path']: url = converter(data, url) data = [] time.sleep(delay) user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'] if 'User-Agent' not in headers: headers['User-Agent'] = random.choice(user_agents) elif headers['User-Agent'] == '$': headers['User-Agent'] = random.choice(user_agents) if GET: response = requests.get(url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = requests.post(url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) return response
def requester(url, data, headers, GET, delay, timeout): if core.config.globalVariables['jsonData']: data = converter(data) elif core.config.globalVariables['path']: url = converter(data, url) data = [] GET, POST = True, False time.sleep(delay) user_agents = [ 'Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991' ] if 'User-Agent' not in headers: headers['User-Agent'] = random.choice(user_agents) elif headers['User-Agent'] == '$': headers['User-Agent'] = random.choice(user_agents) try: if GET: response = requests.get(url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = requests.post(url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) return response except ProtocolError: print('%s WAF is dropping suspicious requests.') print('%s Scanning will continue after 10 minutes.') time.sleep(600)
from modes.singleFuzz import singleFuzz if type(args.add_headers) == bool: headers = extractHeaders(prompt()) elif type(args.add_headers) == str: headers = extractHeaders(args.add_headers) else: from core.config import headers core.config.globalVariables['headers'] = headers core.config.globalVariables['checkedScripts'] = set() core.config.globalVariables['checkedForms'] = {} core.config.globalVariables['definitions'] = json.loads('\n'.join(reader(sys.path[0] + '/db/definitions.json'))) if path: paramData = converter(target, target) elif jsonData: headers['Content-type'] = 'application/json' paramData = converter(paramData) if args_file: if args_file == 'default': payloadList = core.config.payloads else: payloadList = list(filter(None, reader(args_file))) seedList = [] if args_seeds: seedList = list(filter(None, reader(args_seeds))) encoding = base64 if encode and encode == 'base64' else False
recursive = args.recursive args_file = args.args_file args_seeds = args.args_seeds level = args.level add_headers = args.add_headers threadCount = args.threadCount delay = args.delay skip = args.skip skipDOM = args.skipDOM verbose = args.verbose blindXSS = args.blindXSS core.config.globalVariables = vars(args) if path: paramData = converter(target, target) elif jsonData: paramData = converter(paramData) if args_file: if args_file == 'default': payloadList = core.config.payloads else: payloadList = list(filter(None, reader(args_file))) seedList = [] if args_seeds: seedList = list(filter(None, reader(args_seeds))) encoding = base64 if encode and encode == 'base64' else False