Exemplo n.º 1
0
     def HttpPost(self):
             retak = []
             ak_List = []
             rouData = {}
             postData = self.connection
             rouData["fields"] = postData
             if len(postData) < 1:
                     return False
             if self.header["path"].find(self.testWeb) != -1:
                     if self.ackMod == "csrf":
                             ak_List = SearchAndReplace("","csrf")
                     else:
                             ak_List = SearchAndReplace("?" + postData)
             else:
                     return False
 			
             if len(ak_List) == 0:
                     return False
 	
             echoAk = ""
             for ak in ak_List:
                     if self.ackMod == "csrf":
                             echoAk = ak
                     else:
                             echoAk = ak[1:]
                     print echo.fail("#Attack Post    -------->     ") + echo.high(echoAk)
                     try:
                             self.setCurlSetOpt("post",ak,rouData)
                             self.curl.perform()
                             if self.curl.getinfo(self.curl.HTTP_CODE) == 200:
                                     html = self.sio.getvalue()
                                     if self.ackMod == "csrf":
                                             retak.append(self.header["path"] + ":" + echoAk)	
                                             continue;	
                                     ds = dasis(html)
                                     if ds.start() == 1:
                                             retak.append(headers["path"] + ":" + echoAk)
                                             del ds
                                     else:
                                             pass
                     except KeyboardInterrupt:
                             exit()
                     except pycurl.error , e:
                             if e[0] == 56:
                                     print e[1]
                                     #raw_input("Press Enter to continue: ")
                                     break;
                     except:
Exemplo n.º 2
0
     def HttpGet(self):
             retak = []
             ak_List = []
             
             if self.header["path"].find(self.testWeb) != -1:
                     if self.ackMod == "csrf":
                             ak_List = SearchAndReplace("","csrf")
                     else:
                             ak_List = SearchAndReplace(self.header["path"])
             else:
                     return False
 	
             if len(ak_List) == 0:
                     return False
 	
             for ak in ak_List:
                     print echo.fail("#Attack Get    -------->     ") + echo.high(ak)
                     try:
                             self.setCurlSetOpt("get",ak)
                             self.curl.perform()
                             if self.curl.getinfo(self.curl.HTTP_CODE) == 200:
                                     html = self.sio.getvalue()
                                     if self.ackMod == "csrf":
                                             retak.append(self.header["path"] + ":" + ak)
                                             ds = dasis(html)
                                             continue;
                                     if ds.start() == 1:
                                             retak.append(ak)
                                             del ds
                             else:
                                     pass
                     except KeyboardInterrupt:
                             exit()
                     except pycurl.error , e:
                             if e[0] == 56:
                                     print e[1]
                                     #raw_input("Press Enter to continue: ")
                                     break;
                     except: