def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreMergedOptions() _setDBMS() if conf.data: class _(unicode): pass for key, value in conf.httpHeaders: if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper(): kb.postUrlEncode = "urlencoded" in value break if kb.postUrlEncode: original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreMergedOptions() _setDBMS() if conf.data: class _(unicode): pass for key, value in conf.httpHeaders: if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper(): kb.postUrlEncode = "urlencoded" in value break if kb.postUrlEncode: original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original
def forgeHeaders(items=None): """ Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing the HTTP requests """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = dict(conf.httpHeaders) headers.update(items or {}) if conf.cj: if HTTPHEADER.COOKIE in headers: for cookie in conf.cj: if ("%s=" % cookie.name) in headers[HTTPHEADER.COOKIE]: if kb.mergeCookies is None: message = "you provided a HTTP %s header value. " % HTTPHEADER.COOKIE message += "The target url provided its own cookies within " message += "the HTTP %s header which intersect with yours. " % HTTPHEADER.SET_COOKIE message += "Do you want to merge them in futher requests? [Y/n] " _ = readInput(message, default="Y") kb.mergeCookies = not _ or _[0] in ("y", "Y") if kb.mergeCookies: _ = lambda x: re.sub( "(?i)%s=[^%s]+" % (cookie.name, DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, cookie.value), x) headers[HTTPHEADER.COOKIE] = _( headers[HTTPHEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _( conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [ (item[0], item[1] if item[0] != HTTPHEADER.COOKIE else _(item[1])) for item in conf.httpHeaders ] elif not kb.testMode: headers[HTTPHEADER.COOKIE] += "%s %s=%s" % ( DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value) if kb.testMode: resetCookieJar(conf.cj) if kb.redirectSetCookie and not conf.dropSetCookie: if HTTPHEADER.COOKIE in headers: headers[HTTPHEADER.COOKIE] += "%s %s" % (DEFAULT_COOKIE_DELIMITER, kb.redirectSetCookie) else: headers[HTTPHEADER.COOKIE] = kb.redirectSetCookie return headers
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreCmdLineOptions() _setDBMS() if conf.data: class _(unicode): pass original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreMergedOptions() _setDBMS() if conf.data: class _(unicode): pass original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) threadData = getCurrentThreadData() threadData.reset() conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreMergedOptions() _setDBMS() if conf.data: class _(six.text_type): pass kb.postUrlEncode = True for key, value in conf.httpHeaders: if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper(): kb.postUrlEncode = "urlencoded" in value break if kb.postUrlEncode: original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original if conf.data and unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST: if '=' not in conf.data.strip('='): try: original = conf.data conf.data = _(decodeBase64(conf.data, binary=False)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) except: pass match = re.search(INJECT_HERE_REGEX, "%s %s %s" % (conf.url, conf.data, conf.httpHeaders)) kb.customInjectionMark = match.group( 0) if match else CUSTOM_INJECTION_MARK_CHAR
def forgeHeaders(items=None): """ Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing the HTTP requests """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = dict(conf.httpHeaders) headers.update(items or {}) headers = dict(("-".join(_.capitalize() for _ in key.split('-')), value) for (key, value) in headers.items()) if conf.cj: if HTTPHEADER.COOKIE in headers: for cookie in conf.cj: if ("%s=" % cookie.name) in headers[HTTPHEADER.COOKIE]: if kb.mergeCookies is None: message = "you provided a HTTP %s header value. " % HTTPHEADER.COOKIE message += "The target url provided its own cookies within " message += "the HTTP %s header which intersect with yours. " % HTTPHEADER.SET_COOKIE message += "Do you want to merge them in futher requests? [Y/n] " _ = readInput(message, default="Y") kb.mergeCookies = not _ or _[0] in ("y", "Y") if kb.mergeCookies: _ = lambda x: re.sub("(?i)%s=[^%s]+" % (cookie.name, DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, cookie.value), x) headers[HTTPHEADER.COOKIE] = _(headers[HTTPHEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [(item[0], item[1] if item[0] != HTTPHEADER.COOKIE else _(item[1])) for item in conf.httpHeaders] elif not kb.testMode: headers[HTTPHEADER.COOKIE] += "%s %s=%s" % (DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value) if kb.testMode: resetCookieJar(conf.cj) if kb.redirectSetCookie and not conf.dropSetCookie: if HTTPHEADER.COOKIE in headers: headers[HTTPHEADER.COOKIE] += "%s %s" % (DEFAULT_COOKIE_DELIMITER, kb.redirectSetCookie) else: headers[HTTPHEADER.COOKIE] = kb.redirectSetCookie return headers
def forgeHeaders(items=None): """ Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing the HTTP requests """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = dict(conf.httpHeaders) headers.update(items or {}) headers = dict(("-".join(_.capitalize() for _ in key.split('-')), value) for (key, value) in headers.items()) if conf.cj: if HTTP_HEADER.COOKIE in headers: for cookie in conf.cj: if cookie.domain_specified and not conf.hostname.endswith(cookie.domain): continue if ("%s=" % cookie.name) in headers[HTTP_HEADER.COOKIE]: if conf.loadCookies: conf.httpHeaders = filter(None, ((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders)) elif kb.mergeCookies is None: message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE message += "The target URL provided its own cookies within " message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE message += "Do you want to merge them in futher requests? [Y/n] " _ = readInput(message, default="Y") kb.mergeCookies = not _ or _[0] in ("y", "Y") if kb.mergeCookies: _ = lambda x: re.sub("(?i)%s=[^%s]+" % (cookie.name, conf.cDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, cookie.value), x) headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders] elif not kb.testMode: headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cDel or DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value) if kb.testMode: resetCookieJar(conf.cj) return headers
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreCmdLineOptions() _setDBMS()
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreCmdLineOptions() _setDBMS()
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreMergedOptions() _setDBMS() if conf.data: class _(unicode): pass kb.postUrlEncode = True for key, value in conf.httpHeaders: if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper(): kb.postUrlEncode = "urlencoded" in value break if kb.postUrlEncode: original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original match = re.search(INJECT_HERE_REGEX, conf.data or "") or re.search( INJECT_HERE_REGEX, conf.url or "") kb.customInjectionMark = match.group( 0) if match else CUSTOM_INJECTION_MARK_CHAR
def initTargetEnv(): """ Initialize target environment. """ if conf.multipleTargets: if conf.hashDB: conf.hashDB.close() if conf.cj: resetCookieJar(conf.cj) conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None _setKnowledgeBaseAttributes(False) _restoreMergedOptions() _setDBMS() if conf.data: class _(six.text_type): pass kb.postUrlEncode = True for key, value in conf.httpHeaders: if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper(): kb.postUrlEncode = "urlencoded" in value break if kb.postUrlEncode: original = conf.data conf.data = _(urldecode(conf.data)) setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original match = re.search(INJECT_HERE_REGEX, "%s %s %s" % (conf.url, conf.data, conf.httpHeaders)) kb.customInjectionMark = match.group(0) if match else CUSTOM_INJECTION_MARK_CHAR
def forgeHeaders(items=None, base=None): """ Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing the HTTP requests """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = OrderedDict(conf.httpHeaders if base is None else base) headers.update(items.items()) class _str(str): def capitalize(self): return _str(self) def title(self): return _str(self) _ = headers headers = OrderedDict() for key, value in _.items(): success = False for _ in headers: if _.upper() == key.upper(): del headers[_] break if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)): try: headers[_str(key)] = value # dirty hack for http://bugs.python.org/issue12455 except UnicodeEncodeError: # don't do the hack on non-ASCII header names (they have to be properly encoded later on) pass else: success = True if not success: key = '-'.join(_.capitalize() for _ in key.split('-')) headers[key] = value if conf.cj: if HTTP_HEADER.COOKIE in headers: for cookie in conf.cj: if cookie.domain_specified and not (conf.hostname or "").endswith(cookie.domain): continue if ("%s=" % getUnicode(cookie.name)) in getUnicode(headers[HTTP_HEADER.COOKIE]): if conf.loadCookies: conf.httpHeaders = filter(None, ((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders)) elif kb.mergeCookies is None: message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE message += "The target URL provided its own cookies within " message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE message += "Do you want to merge them in further requests? [Y/n] " kb.mergeCookies = readInput(message, default='Y', boolean=True) if kb.mergeCookies and kb.injection.place != PLACE.COOKIE: def _(value): return re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\', r'\\'), value) headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders] elif not kb.testMode: headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, getUnicode(cookie.name), getUnicode(cookie.value)) if kb.testMode and not any((conf.csrfToken, conf.safeUrl)): resetCookieJar(conf.cj) return headers
def forgeHeaders(items=None): """ Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing the HTTP requests """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = OrderedDict(conf.httpHeaders) headers.update(items.items()) class _str(str): def capitalize(self): return _str(self) def title(self): return _str(self) _ = headers headers = OrderedDict() for key, value in _.items(): success = False for _ in headers: if _.upper() == key.upper(): del headers[_] break if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)): try: headers[_str(key)] = value # dirty hack for http://bugs.python.org/issue12455 except UnicodeEncodeError: # don't do the hack on non-ASCII header names (they have to be properly encoded later on) pass else: success = True if not success: key = '-'.join(_.capitalize() for _ in key.split('-')) headers[key] = value if conf.cj: if HTTP_HEADER.COOKIE in headers: for cookie in conf.cj: if cookie.domain_specified and not conf.hostname.endswith(cookie.domain): continue if ("%s=" % cookie.name) in headers[HTTP_HEADER.COOKIE]: if conf.loadCookies: conf.httpHeaders = filter(None, ((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders)) elif kb.mergeCookies is None: message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE message += "The target URL provided its own cookies within " message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE message += "Do you want to merge them in futher requests? [Y/n] " _ = readInput(message, default="Y") kb.mergeCookies = not _ or _[0] in ("y", "Y") if kb.mergeCookies and kb.injection.place != PLACE.COOKIE: _ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(cookie.name), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), x) headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders] elif not kb.testMode: headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, cookie.name, getUnicode(cookie.value)) if kb.testMode and not conf.csrfToken: resetCookieJar(conf.cj) return headers
def forgeHeaders(items=None): """ Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing the HTTP requests """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = dict(conf.httpHeaders) headers.update(items or {}) class _str(str): def capitalize(self): return _str(self) def title(self): return _str(self) _ = headers headers = {} for key, value in _.items(): success = False if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)): try: headers[_str(key)] = value # dirty hack for http://bugs.python.org/issue12455 except UnicodeEncodeError: # don't do the hack on non-ASCII header names (they have to be properly encoded later on) pass else: success = True if not success: key = '-'.join(_.capitalize() for _ in key.split('-')) headers[key] = value if conf.cj: if HTTP_HEADER.COOKIE in headers: for cookie in conf.cj: if cookie.domain_specified and not conf.hostname.endswith(cookie.domain): continue if ("%s=" % cookie.name) in headers[HTTP_HEADER.COOKIE]: if conf.loadCookies: conf.httpHeaders = filter(None, ((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders)) elif kb.mergeCookies is None: message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE message += "The target URL provided its own cookies within " message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE message += "Do you want to merge them in futher requests? [Y/n] " _ = readInput(message, default="Y") kb.mergeCookies = not _ or _[0] in ("y", "Y") if kb.mergeCookies: _ = lambda x: re.sub("(?i)%s=[^%s]+" % (cookie.name, conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), x) headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders] elif not kb.testMode: headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, cookie.name, getUnicode(cookie.value)) if kb.testMode: resetCookieJar(conf.cj) return headers
def forgeHeaders(items=None): """ 准备执行HTTP请求时要使用的HTTP Cookie,HTTP User-Agent和HTTP Referer头 """ items = items or {} for _ in items.keys(): if items[_] is None: del items[_] headers = OrderedDict(conf.httpHeaders) headers.update(items.items()) class _str(str): def capitalize(self): return _str(self) def title(self): return _str(self) _ = headers headers = OrderedDict() for key, value in _.items(): success = False for _ in headers: if _.upper() == key.upper(): del headers[_] break if key.upper() not in ( _.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)): try: headers[_str( key )] = value # dirty hack for http://bugs.python.org/issue12455 except UnicodeEncodeError: # don't do the hack on non-ASCII header names (they have to be properly encoded later on) pass else: success = True if not success: key = '-'.join(_.capitalize() for _ in key.split('-')) headers[key] = value if conf.cj: if HTTP_HEADER.COOKIE in headers: for cookie in conf.cj: if cookie.domain_specified and not conf.hostname.endswith( cookie.domain): continue if ("%s=" % getUnicode(cookie.name)) in getUnicode( headers[HTTP_HEADER.COOKIE]): if conf.loadCookies: conf.httpHeaders = filter( None, ((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders)) elif kb.mergeCookies is None: message = u"您提供了HTTP header cookie值 %s, " % HTTP_HEADER.COOKIE message += u"目标URL在与您的交叉点的" message += u"HTTP header中提供了自己的cookie %s 。" % HTTP_HEADER.SET_COOKIE message += u"是否要在进一步的请求中合并它们? [Y/n] " kb.mergeCookies = readInput(message, default='Y', boolean=True) if kb.mergeCookies and kb.injection.place != PLACE.COOKIE: _ = lambda x: re.sub( r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value) )).replace('\\', r'\\'), x) headers[HTTP_HEADER.COOKIE] = _( headers[HTTP_HEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: conf.parameters[PLACE.COOKIE] = _( conf.parameters[PLACE.COOKIE]) conf.httpHeaders = [ (item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders ] elif not kb.testMode: headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % ( conf.cookieDel or DEFAULT_COOKIE_DELIMITER, getUnicode(cookie.name), getUnicode(cookie.value)) if kb.testMode and not any((conf.csrfToken, conf.safeUrl)): resetCookieJar(conf.cj) return headers