def get_call(path, headers, data, payloadslist, original_request):
url, link_params = path.split('?')
params = link_params.split('&')
i = 0
while i < len(params):
oldparams = params[:]
var = params[i].split('=')
for payload in payloadslist:
var = params[i].split('=')
pay_vars = var[:]
pay_vars[1] = var[1] + payload[0]
pay_params = params[:]
pay_params[i] = '='.join(pay_vars)
pay_data = '&'.join(pay_params)
pay_path = url + '?' + pay_data
counter_pay_vars = var[:]
counter_pay_vars[1] = var[1] + payload[1]
counter_pay_params = params[:]
counter_pay_params[i] = '='.join(counter_pay_vars)
counter_pay_data = '&'.join(counter_pay_params)
counter_pay_path = url + '?' + counter_pay_data
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadsi(path, headers, pay_data, counter_pay_data, original_request, var, 'GET', pay_path,
counter_pay_path)
HTTPRequester.thread_starter(new_thread)
params = oldparams[:]
i = i + 1
else:
# no params to test
pass
def common_post_call(path, headers, payloadslist, post_params, original_request):
i = 0
while i < len(post_params):
oldpost_params = post_params[:]
vars = post_params[i].split('=')
for payload in payloadslist:
vars = post_params[i].split('=')
pay_vars = vars[:]
pay_vars[1] = vars[1] + payload[0]
pay_params = post_params[:]
pay_params[i] = '='.join(pay_vars)
pay_data = '&'.join(pay_params)
counter_pay_vars = vars[:]
counter_pay_vars[1] = vars[1] + payload[1]
counter_pay_params = post_params[:]
counter_pay_params[i] = '='.join(counter_pay_vars)
counter_pay_data = '&'.join(counter_pay_params)
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadsi(path, headers, pay_data, counter_pay_data, original_request, '='.join(vars), 'POST', None, None)
HTTPRequester.thread_starter(new_thread)
post_params = oldpost_params[:]
i = i + 1
def multi_post_call(path, headers, payloadslist, boundaries, original_request):
i = 1
while i < len(boundaries):
oldboundaries = boundaries[:]
lines = boundaries[i].splitlines()
oldline = lines[0][:]
j = 0
while j < len(payloadslist):
pay_line = lines[:]
pay_line[1] = lines[1] + payloadslist[j][0]
pay_boundaries = boundaries[:]
pay_boundaries[i] = '\n'.join(pay_line)
pay_data = '\n\n'.join(pay_boundaries)
counter_pay_line = lines[:]
counter_pay_line[1] = lines[1] + payloadslist[j][1]
counter_pay_boundaries = boundaries[:]
counter_pay_boundaries[i] = '\n'.join(counter_pay_line)
counter_pay_data = '\n\n'.join(counter_pay_boundaries)
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadsi(path, headers, pay_data, counter_pay_data, original_request, lines[0], 'POST', None, None)
HTTPRequester.thread_starter(new_thread)
lines[0] = oldline
j = j + 1
boundaries = oldboundaries
i = i + 1
def common_post_call(path, headers, payloadslist, post_params, original_request):
i = 0
while i < len(post_params):
oldpost_params = post_params[:]
vars = post_params[i].split('=')
for payload in payloadslist:
vars = post_params[i].split('=')
gibberish_vars = vars[:]
gibberish_vars[1] = vars[1] + "gibberish"
gibberish_params = post_params[:]
gibberish_params[i] = '='.join(gibberish_vars)
gibberish_data = '&'.join(gibberish_params)
gibberish_numb_vars = vars[:]
gibberish_numb_vars[1] = vars[1] + "777"
gibberish_numb_params = post_params[:]
gibberish_numb_params[i] = '='.join(gibberish_numb_vars)
gibberish_numb_data = '&'.join(gibberish_numb_params)
vars[1] = vars[1] + payload
post_params[i] = '='.join(vars)
data = '&'.join(post_params)
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadpp(path, data, headers, original_request, '='.join(vars), 'POST',
gibberish_data, gibberish_numb_data)
HTTPRequester.thread_starter(new_thread)
post_params = oldpost_params[:]
i = i + 1
def get_call(path, headers, data, payloadslist, original_request):
url, link_params = path.split('?')
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadxxe(url, headers, payloadslist,
link_params, original_request, 'GET')
HTTPRequester.thread_starter(new_thread)
def multi_post_call(path, headers, payloadslist, boundaries, original_request):
i = 1
while i < len(boundaries):
oldboundaries = boundaries[:]
lines = boundaries[i].splitlines()
oldline = lines[0][:]
j = 0
while j < len(payloadslist):
gibberish_line = lines[:]
gibberish_line[1] = lines[1] + "gibberish"
gibberish_boundaries = boundaries[:]
gibberish_boundaries[i] = '\n'.join(gibberish_line)
gibberish_data = '\n\n'.join(gibberish_boundaries)
gibberish_numb_line = lines[:]
gibberish_numb_line[1] = lines[1] + "777"
gibberish_numb_boundaries = boundaries[:]
gibberish_numb_boundaries[i] = '\n'.join(gibberish_numb_line)
gibberish_numb_data = '\n\n'.join(gibberish_numb_boundaries)
lines[0] = lines[0] + payloadslist[j]
boundaries[i] = '\n'.join(lines)
data = '\n\n'.join(boundaries)
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadpp(path, data, headers, original_request, lines[0], 'POST',
gibberish_data, gibberish_numb_data)
HTTPRequester.thread_starter(new_thread)
lines[0] = oldline
j = j + 1
boundaries = oldboundaries
i = i + 1
def multi_post_call(path, headers, payloadslist, boundaries, original_request):
#boundaries = array of post parameters
HTTPRequester.check_max_threads() #check if all the threads are being used
new_thread = Thread_types.Threadsr(path, headers, payloadslist, boundaries,
original_request, 'POST')
HTTPRequester.thread_starter(new_thread)
def common_post_call(path, headers, payloadslist, post_params,
original_request):
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadsr(path, headers, payloadslist,
post_params, original_request, 'POST')
HTTPRequester.thread_starter(new_thread)
def get_call(path, headers, data, payloadslist, original_request):
url, link_params = path.split('?')
params = link_params.split('&')
i = 0
while i < len(params):
oldparams = params[:]
var = params[i].split('=')
for payload in payloadslist:
var = params[i].split('=')
gibberish_vars = var[:]
gibberish_vars[1] = var[1] + "gibberish"
gibberish_params = params[:]
gibberish_params[i] = '='.join(gibberish_vars)
gibberish_data = '&'.join(gibberish_params)
gibberish_path = url + '?' + gibberish_data
gibberish_numb_vars = var[:]
gibberish_numb_vars[1] = var[1] + "777"
gibberish_numb_params = params[:]
gibberish_numb_params[i] = '='.join(gibberish_numb_vars)
gibberish_numb_data = '&'.join(gibberish_numb_params)
gibberish_numb_path = url + '?' + gibberish_numb_data
var[1] = var[1] + payload
var = '='.join(var)
params[i] = var
params = '&'.join(params)
path = url + '?' + params
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadpp(path, data, headers, original_request, var, 'GET', gibberish_path,
gibberish_numb_path)
HTTPRequester.thread_starter(new_thread)
params = oldparams[:]
i = i + 1
else:
# no params to test
pass
def common_post_call(path, headers, payloadslist, post_params,
original_request):
i = 0
#shoud work with json and XML
try:
while i < len(post_params):
oldpost_params = post_params[:]
vars0 = post_params[i].split('=', 1)
if len(vars0) == 1:
vars0.append("fillparam")
pay_vars0 = vars0[:]
payload_to_get_region = "bar1337FOO1337bar"
pay_vars0[1] = payload_to_get_region
pay_params0 = post_params[:]
pay_params0[i] = '='.join(pay_vars0)
pay_data0 = '&'.join(pay_params0)
response_compare = HTTPRequester.post_call(path, pay_data0,
headers)
response_html = response_compare.read()
if response_compare.headers.get('Content-Encoding') != None:
if 'gzip' in response_compare.headers.get('Content-Encoding'):
response_html = zlib.decompress(response_html,
16 + zlib.MAX_WBITS)
occurrances = [
m.start()
for m in re.finditer(payload_to_get_region, response_html)
]
list_regions = []
for occ in occurrances:
list_regions.append([
response_html[(occ - 20):occ],
response_html[(occ + len(payload_to_get_region)):(
(occ + len(payload_to_get_region)) + 20)]
])
j = 0
while j < len(payloadslist[0]):
payload = payloadslist[0][j]
vars1 = post_params[i].split('=')
if len(vars1) == 1:
vars1.append("fillparam")
pay_vars1 = vars1[:]
pay_vars1[1] = payload
pay_params1 = post_params[:]
pay_params1[i] = '='.join(pay_vars1)
pay_data1 = '&'.join(pay_params1)
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadti(path, headers, pay_data1,
original_request,
'='.join(pay_vars1), 'POST',
None, 0, list_regions)
HTTPRequester.thread_starter(new_thread)
post_params = oldpost_params[:]
j = j + 1
j = 0
while j < len(payloadslist[1]):
payload = payloadslist[1][j]
vars2 = post_params[i].split('=')
if len(vars2) == 1:
vars2.append("fillparam")
pay_vars2 = vars2[:]
pay_vars2[1] = payload
pay_params2 = post_params[:]
pay_params2[i] = '='.join(pay_vars2)
pay_data2 = '&'.join(pay_params2)
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadti(path, headers, pay_data2,
original_request,
'='.join(pay_vars2), 'POST',
None, 1, list_regions)
HTTPRequester.thread_starter(new_thread)
post_params = oldpost_params[:]
j = j + 1
i = i + 1
except Exception as msg:
print msg
print post_params
def multi_post_call(path, headers, payloadslist, boundaries, original_request):
i = 1
while i < len(boundaries):
oldboundaries = boundaries[:]
lines = boundaries[i].splitlines()
oldline = lines[0][:]
#gotta identify the region where it gets substituted
pay_line0 = lines[:]
payload_to_get_region = "bar1337FOO1337bar"
pay_line0[1] = payload_to_get_region
pay_boundaries0 = boundaries[:]
pay_boundaries0[i] = '\n'.join(pay_line0)
pay_data0 = '\n\n'.join(pay_boundaries0)
response_compare = HTTPRequester.post_call(path, pay_data0, headers)
response_html = response_compare.read()
if response_compare.headers.get('Content-Encoding') != None:
if 'gzip' in response_compare.headers.get('Content-Encoding'):
response_html = zlib.decompress(response_html,
16 + zlib.MAX_WBITS)
occurrances = [
m.start()
for m in re.finditer(payload_to_get_region, response_html)
]
list_regions = []
for occ in occurrances:
list_regions.append([
response_html[(occ - 20):occ],
response_html[(occ + len(payload_to_get_region)):(
(occ + len(payload_to_get_region)) + 20)]
])
j = 0
while j < len(payloadslist[0]):
pay_line1 = lines[:]
pay_line1[1] = payloadslist[0][j]
pay_boundaries1 = boundaries[:]
pay_boundaries1[i] = '\n'.join(pay_line1)
pay_data1 = '\n\n'.join(pay_boundaries1)
HTTPRequester.check_max_threads(
) #check if all the threads are being used
new_thread = Thread_types.Threadti(path, headers, pay_data1,
original_request, pay_line1,
'POST', None, 0, list_regions)
HTTPRequester.thread_starter(new_thread)
lines[0] = oldline
boundaries = oldboundaries
j = j + 1
j = 0
while j < len(payloadslist[1]):
pay_line2 = lines[:]
pay_line2[1] = payloadslist[1][j]
pay_boundaries2 = boundaries[:]
pay_boundaries2[i] = '\n'.join(pay_line2)
pay_data2 = '\n\n'.join(pay_boundaries2)
HTTPRequester.check_max_threads(
) #check if all the threads are being used
new_thread = Thread_types.Threadti(path, headers, pay_data2,
original_request, pay_line2,
'POST', None, 1, list_regions)
HTTPRequester.thread_starter(new_thread)
lines[0] = oldline
boundaries = oldboundaries
j = j + 1
i = i + 1
def get_call(path, headers, data, payloadslist, original_request):
url, link_params = path.split('?', 1)
params = link_params.split('&')
i = 0
while i < len(params):
oldparams = params[:]
var0 = params[i].split('=', 1)
if len(var0) == 1:
var0.append("fillparam")
pay_vars0 = var0[:]
payload_to_get_region = "bar1337FOO1337bar"
pay_vars0[1] = payload_to_get_region
pay_params0 = params[:]
pay_params0[i] = '='.join(pay_vars0)
pay_data0 = '&'.join(pay_params0)
pay_path0 = url + '?' + pay_data0
response_compare = HTTPRequester.get_call(pay_path0, headers)
response_html = response_compare.read()
if response_compare.headers.get('Content-Encoding') != None:
if 'gzip' in response_compare.headers.get('Content-Encoding'):
response_html = zlib.decompress(response_html,
16 + zlib.MAX_WBITS)
occurrances = [
m.start()
for m in re.finditer(payload_to_get_region, response_html)
]
list_regions = []
for occ in occurrances:
list_regions.append([
response_html[(occ - 20):occ],
response_html[(occ + len(payload_to_get_region)):(
(occ + len(payload_to_get_region)) + 20)]
])
j = 0
while j < len(payloadslist[0]):
payload = payloadslist[0][j]
var1 = params[i].split('=')
if len(var1) == 1:
var1.append("fillparam")
pay_vars1 = var1[:]
pay_vars1[1] = payload
pay_params1 = params[:]
pay_params1[i] = '='.join(pay_vars1)
pay_data1 = '&'.join(pay_params1)
pay_path1 = url + '?' + pay_data1
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadti(path, headers, pay_data1,
original_request,
pay_params1[i], 'GET',
pay_path1, 0, list_regions)
HTTPRequester.thread_starter(new_thread)
params = oldparams[:]
j = j + 1
j = 0
while j < len(payloadslist[1]):
payload = payloadslist[1][j]
var2 = params[i].split('=')
if len(var2) == 1:
var2.append("fillparam")
pay_vars2 = var2[:]
pay_vars2[1] = payload
pay_params2 = params[:]
pay_params2[i] = '='.join(pay_vars2)
pay_data2 = '&'.join(pay_params2)
pay_path2 = url + '?' + pay_data2
HTTPRequester.check_max_threads()
new_thread = Thread_types.Threadti(path, headers, pay_data2,
original_request,
pay_params2[i], 'GET',
pay_path2, 0, list_regions)
HTTPRequester.thread_starter(new_thread)
params = oldparams[:]
j = j + 1
i = i + 1
else:
# no params to test
pass
