Exemplo n.º 1
0
def process(urlGlobal, database, attack_list):
	plop = open('results/xss_GrabberAttacks.xml','w')
	plop.write("<xssAttacks>\n")

	for u in database.keys():
		if len(database[u]['GET']):
			for gParam in database[u]['GET']:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						if instance != "See Below":
							handle = getContent_GET(u,gParam,instance)
							if handle != None:
								output = handle.read()
								header = handle.info()
								if detect_xss(str(instance),output):
									# generate the info...
									plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection))
			# see the permutations
			if len(database[u]['GET'].keys()) > 1:
				print "inside if for get"
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						url = ""
						for gParam in database[u]['GET']:
							url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
						handle = getContentDirectURL_GET(u,url)
						if handle != None:
							output = handle.read()
							if detect_xss(str(instance),output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
		if len(database[u]['POST']):
			print "Method = POST ", u
			for gParam in database[u]['POST']:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						if instance != "See Below":
							handle = getContent_POST(u,gParam,instance)
							if handle != None:
								output = handle.read()
								header = handle.info()
								if detect_xss(str(instance),output):
									# generate the info...
									plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection))
			# see the permutations
			if len(database[u]['POST'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						allParams = {}
						for gParam in database[u]['POST']:
							allParams[gParam] = str(instance)
						handle = getContentDirectURL_POST(u,allParams)
						if handle != None:
							output = handle.read()
							if detect_xss(str(instance), output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams))
	plop.write("\n</xssAttacks>\n")	
	plop.close()
	return ""
Exemplo n.º 2
0
def process(urlGlobal, database, attack_list):
	plop = open('results/xss_GrabberAttacks.xml','w')
	plop.write("<xssAttacks>\n")

	for u in database.keys():
		if len(database[u]['GET']):
			print "Method = GET ", u
			for gParam in database[u]['GET']:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						if instance != "See Below":
							handle = getContent_GET(u,gParam,instance)
							if handle != None:
								output = handle.read()
								header = handle.info()
								if detect_xss(str(instance),output):
									# generate the info...
									plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection))
			# see the permutations
			if len(database[u]['GET'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						url = ""
						for gParam in database[u]['GET']:
							url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
						handle = getContentDirectURL_GET(u,url)
						if handle != None:
							output = handle.read()
							if detect_xss(str(instance),output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
		if len(database[u]['POST']):
			print "Method = POST ", u
			for gParam in database[u]['POST']:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						if instance != "See Below":
							handle = getContent_POST(u,gParam,instance)
							if handle != None:
								output = handle.read()
								header = handle.info()
								if detect_xss(str(instance),output):
									# generate the info...
									plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection))
			# see the permutations
			if len(database[u]['POST'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						allParams = {}
						for gParam in database[u]['POST']:
							allParams[gParam] = str(instance)
						handle = getContentDirectURL_POST(u,allParams)
						if handle != None:
							output = handle.read()
							if detect_xss(str(instance), output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams))
	plop.write("\n</xssAttacks>\n")	
	plop.close()
	return ""
Exemplo n.º 3
0
def process(url, database, attack_list, txheaders):
	appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>")
	plop = open('results/sql_GrabberAttacks.xml','w')
	plop.write("<sqlAttacks>\n")
	
	appendToReport(url, '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">');
	for u in database.keys():
		appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>")
		if len(database[u]['GET']):
			print "Method = GET ", u
			for gParam in database[u]['GET']:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						handle = getContent_GET(u,gParam,instance, txheaders)
						if handle != None:
							output = handle.read()
							header = handle.info()
							if detect_sql(output):
								# generate the info...
								plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection))
								appendToReport(u, generateHTMLOutput(u, gParam, instance, "GET", typeOfInjection))
		#see the permutations
		if len(database[u]['GET'].keys()) > 1:
			for typeOfInjection in attack_list:
				for instance in attack_list[typeOfInjection]:
					url = ""
					for gParam in database[u]['GET']:
						url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
					handle = getContentDirectURL_GET(u,url,txheaders)
					if handle != None:
						output = handle.read()
						if detect_sql(output):
							# generate the info...
							plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
							appendToReport(u, generateHTMLOutput(u, "ALL", url, "GET", typeOfInjection))
		if len(database[u]['POST']):
			print "Method = POST ", u
			for gParam in database[u]['POST']:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						allParams = {}
						for param in database[u]['POST']:
							if param != gParam:
								allParams[param] = 'abc'
						allParams[gParam] =  str(instance)
						handle = getContentDirectURL_POST(u,allParams, txheaders)
						if handle != None:
							output = handle.read()
							header = handle.info()
							if detect_sql(output):
								# generate the info...
								plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection))
								appendToReport(u, generateHTMLOutput(u, gParam, instance, "POST", typeOfInjection))
		# see the permutations
		if len(database[u]['POST'].keys()) > 1:
			for typeOfInjection in attack_list:
				for instance in attack_list[typeOfInjection]:
					allParams = {}
					for gParam in database[u]['POST']:
						allParams[gParam] = str(instance)
					handle = getContentDirectURL_POST(u,allParams, txheaders)
					if handle != None:
						output = handle.read()
						if detect_sql(output):
							# generate the info...
							plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams))
							appendToReport(u, generateHTMLOutput(u, "All", instance, "POST", typeOfInjection))
	plop.write("\n</sqlAttacks>\n")
	appendToReport(url, "</div></div>")
	plop.close()
	return ""
def process(url, database, attack_list, txheaders):
	appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>")
	plop = open('results/bsql_GrabberAttacks.xml','w')
	plop.write("<bsqlAttacks>\n")
	appendToReport(url, '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">');
	for u in database.keys():
		appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>")
		if len(database[u]['GET']):
			print "Method = GET ", u
			# single parameter testing
			for gParam in database[u]['GET']:
				defaultValue = database[u]['GET'][gParam]
				defaultReturn = getContent_GET(u,gParam,defaultValue, txheaders)
				if defaultReturn == None:
					continue
				# get the AND statments
				for andSQL in attack_list['AND']:
					tmpError = getContent_GET(u,gParam,andSQL, txheaders)
					if tmpError == None:
						continue
					if equal(defaultReturn.read(), tmpError.read()):
						# dive here :)
						basicError  = getContent_GET(u,gParam,'', txheaders)
						overflowErS = getContent_GET(u,gParam,overflowStr, txheaders)
						if basicError == None or overflowErS == None:
							continue
						if equal(basicError.read(), overflowErS.read()):
							for key in orderBSQL[orderBSQL['AND']]:
								for instance in attack_list[key]:
									tmpError  = getContent_GET(u,gParam,instance, txheaders)
									if tmpError == None:
										continue
									if equal(basicError.read(), tmpError.read()):
										# should be an error
										# print u,gParam,instance
										plop.write(generateOutput(u,gParam,instance,"GET",key))
						else:
							# report a overflow possible error
							#print u,gParam, "overflow"
							plop.write(generateOutput(u,gParam,"99999...99999","GET","Overflow"))
			"""
			# see the permutations
			if len(database[u]['GET'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						url = ""
						for gParam in database[u]['GET']:
							url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
						handle = getContentDirectURL_GET(u,url)
						if handle != None:
							output = handle.read()
							if detect_sql(output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
			"""
		if len(database[u]['POST']):
			print "Method = POST ", u
			# single parameter testing
			for gParam in database[u]['POST']:
				defaultValue = database[u]['POST'][gParam]
				defaultReturn = getContent_POST(u,gParam,defaultValue, txheaders)
				if defaultReturn == None:
					continue
				# get the AND statments
				for andSQL in attack_list['AND']:
					tmpError = getContent_POST(u,gParam,andSQL, txheaders)
					if tmpError == None:
						continue
					if equal(defaultReturn.read(), tmpError.read()):
						# dive here :)
						basicError  = getContent_POST(u,gParam,'', txheaders)
						overflowErS = getContent_POST(u,gParam,overflowStr, txheaders)
						if basicError == None or overflowErS == None:
							continue
						if equal(basicError.read(), overflowErS.read()):
							for key in orderBSQL[orderBSQL['AND']]:
								for instance in attack_list[key]:
									tmpError  = getContent_POST(u,gParam,instance, txheaders)
									if tmpError == None:
										continue
									if equal(basicError.read(), tmpError.read()):
										# should be an error
										plop.write(generateOutput(u,gParam,instance,"POST",key))
						else:
							# report a overflow possible error
							plop.write(generateOutput(u,gParam,"99999...99999","POST","Overflow"))
	plop.write("\n</bsqlAttacks>\n")
	appendToReport(url, "</div></div>");
	plop.close()
	return ""
Exemplo n.º 5
0
def process(url, database, attack_list):
    plop = open('results/bsql_GrabberAttacks.xml', 'w')
    plop.write("<bsqlAttacks>\n")

    for u in database.keys():
        if len(database[u]['GET']):
            print "Method = GET ", u
            # single parameter testing
            for gParam in database[u]['GET']:
                defaultValue = database[u]['GET'][gParam]
                defaultReturn = getContent_GET(u, gParam, defaultValue)
                if defaultReturn == None:
                    continue
                # get the AND statments
                for andSQL in attack_list['AND']:
                    tmpError = getContent_GET(u, gParam, andSQL)
                    if tmpError == None:
                        continue
                    if equal(defaultReturn.read(), tmpError.read()):
                        # dive here :)
                        basicError = getContent_GET(u, gParam, '')
                        overflowErS = getContent_GET(u, gParam, overflowStr)
                        if basicError == None or overflowErS == None:
                            continue
                        if equal(basicError.read(), overflowErS.read()):
                            for key in orderBSQL[orderBSQL['AND']]:
                                for instance in attack_list[key]:
                                    tmpError = getContent_GET(
                                        u, gParam, instance)
                                    if tmpError == None:
                                        continue
                                    if equal(basicError.read(),
                                             tmpError.read()):
                                        # should be an error
                                        # print u,gParam,instance
                                        plop.write(
                                            generateOutput(
                                                u, gParam, instance, "GET",
                                                key))
                        else:
                            # report a overflow possible error
                            #print u,gParam, "overflow"
                            plop.write(
                                generateOutput(u, gParam, "99999...99999",
                                               "GET", "Overflow"))
            """
			# see the permutations
			if len(database[u]['GET'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						url = ""
						for gParam in database[u]['GET']:
							url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
						handle = getContentDirectURL_GET(u,url)
						if handle != None:
							output = handle.read()
							if detect_sql(output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
			"""
        if len(database[u]['POST']):
            print "Method = POST ", u
            # single parameter testing
            for gParam in database[u]['POST']:
                defaultValue = database[u]['POST'][gParam]
                defaultReturn = getContent_POST(u, gParam, defaultValue)
                if defaultReturn == None:
                    continue
                # get the AND statments
                for andSQL in attack_list['AND']:
                    tmpError = getContent_POST(u, gParam, andSQL)
                    if tmpError == None:
                        continue
                    if equal(defaultReturn.read(), tmpError.read()):
                        # dive here :)
                        basicError = getContent_POST(u, gParam, '')
                        overflowErS = getContent_POST(u, gParam, overflowStr)
                        if basicError == None or overflowErS == None:
                            continue
                        if equal(basicError.read(), overflowErS.read()):
                            for key in orderBSQL[orderBSQL['AND']]:
                                for instance in attack_list[key]:
                                    tmpError = getContent_POST(
                                        u, gParam, instance)
                                    if tmpError == None:
                                        continue
                                    if equal(basicError.read(),
                                             tmpError.read()):
                                        # should be an error
                                        plop.write(
                                            generateOutput(
                                                u, gParam, instance, "POST",
                                                key))
                        else:
                            # report a overflow possible error
                            plop.write(
                                generateOutput(u, gParam, "99999...99999",
                                               "POST", "Overflow"))
    plop.write("\n</bsqlAttacks>\n")
    plop.close()
    return ""
def process(url, database, attack_list, txheaders):
    appendToReport(
        url,
        "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>"
    )
    plop = open('results/sql_GrabberAttacks.xml', 'w')
    plop.write("<sqlAttacks>\n")

    appendToReport(
        url,
        '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">'
    )
    for u in database.keys():
        appendToReport(
            u,
            "<h4><div class='label label-default'><a target='_balnk' href='" +
            u + "'>" + u + "</a></div></h4>")
        if len(database[u]['GET']):
            print "Method = GET ", u
            for gParam in database[u]['GET']:
                for typeOfInjection in attack_list:
                    for instance in attack_list[typeOfInjection]:
                        handle = getContent_GET(u, gParam, instance, txheaders)
                        if handle != None:
                            output = handle.read()
                            header = handle.info()
                            if detect_sql(output):
                                # generate the info...
                                plop.write(
                                    generateOutput(u, gParam, instance, "GET",
                                                   typeOfInjection))
                                appendToReport(
                                    u,
                                    generateHTMLOutput(u, gParam, instance,
                                                       "GET", typeOfInjection))
        #see the permutations
        if len(database[u]['GET'].keys()) > 1:
            for typeOfInjection in attack_list:
                for instance in attack_list[typeOfInjection]:
                    url = ""
                    for gParam in database[u]['GET']:
                        url += ("%s=%s&" %
                                (gParam, single_urlencode(str(instance))))
                    handle = getContentDirectURL_GET(u, url, txheaders)
                    if handle != None:
                        output = handle.read()
                        if detect_sql(output):
                            # generate the info...
                            plop.write(
                                generateOutputLong(u, url, "GET",
                                                   typeOfInjection))
                            appendToReport(
                                u,
                                generateHTMLOutput(u, "ALL", url, "GET",
                                                   typeOfInjection))
        if len(database[u]['POST']):
            print "Method = POST ", u
            for gParam in database[u]['POST']:
                for typeOfInjection in attack_list:
                    for instance in attack_list[typeOfInjection]:
                        allParams = {}
                        for param in database[u]['POST']:
                            if param != gParam:
                                allParams[param] = 'abc'
                        allParams[gParam] = str(instance)
                        handle = getContentDirectURL_POST(
                            u, allParams, txheaders)
                        if handle != None:
                            output = handle.read()
                            header = handle.info()
                            if detect_sql(output):
                                # generate the info...
                                plop.write(
                                    generateOutput(u, gParam, instance, "POST",
                                                   typeOfInjection))
                                appendToReport(
                                    u,
                                    generateHTMLOutput(u, gParam, instance,
                                                       "POST",
                                                       typeOfInjection))
        # see the permutations
        if len(database[u]['POST'].keys()) > 1:
            for typeOfInjection in attack_list:
                for instance in attack_list[typeOfInjection]:
                    allParams = {}
                    for gParam in database[u]['POST']:
                        allParams[gParam] = str(instance)
                    handle = getContentDirectURL_POST(u, allParams, txheaders)
                    if handle != None:
                        output = handle.read()
                        if detect_sql(output):
                            # generate the info...
                            plop.write(
                                generateOutputLong(u, url, "POST",
                                                   typeOfInjection, allParams))
                            appendToReport(
                                u,
                                generateHTMLOutput(u, "All", instance, "POST",
                                                   typeOfInjection))
    plop.write("\n</sqlAttacks>\n")
    appendToReport(url, "</div></div>")
    plop.close()
    return ""
def process(url, database, attack_list, txheaders):
    appendToReport(
        url,
        "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>"
    )
    plop = open('results/bsql_GrabberAttacks.xml', 'w')
    plop.write("<bsqlAttacks>\n")
    appendToReport(
        url,
        '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">'
    )
    for u in database.keys():
        appendToReport(
            u,
            "<h4><div class='label label-default'><a target='_balnk' href='" +
            u + "'>" + u + "</a></div></h4>")
        if len(database[u]['GET']):
            print "Method = GET ", u
            # single parameter testing
            for gParam in database[u]['GET']:
                defaultValue = database[u]['GET'][gParam]
                defaultReturn = getContent_GET(u, gParam, defaultValue,
                                               txheaders)
                if defaultReturn == None:
                    continue
                # get the AND statments
                for andSQL in attack_list['AND']:
                    tmpError = getContent_GET(u, gParam, andSQL, txheaders)
                    if tmpError == None:
                        continue
                    if equal(defaultReturn.read(), tmpError.read()):
                        # dive here :)
                        basicError = getContent_GET(u, gParam, '', txheaders)
                        overflowErS = getContent_GET(u, gParam, overflowStr,
                                                     txheaders)
                        if basicError == None or overflowErS == None:
                            continue
                        if equal(basicError.read(), overflowErS.read()):
                            for key in orderBSQL[orderBSQL['AND']]:
                                for instance in attack_list[key]:
                                    tmpError = getContent_GET(
                                        u, gParam, instance, txheaders)
                                    if tmpError == None:
                                        continue
                                    if equal(basicError.read(),
                                             tmpError.read()):
                                        # should be an error
                                        # print u,gParam,instance
                                        plop.write(
                                            generateOutput(
                                                u, gParam, instance, "GET",
                                                key))
                        else:
                            # report a overflow possible error
                            #print u,gParam, "overflow"
                            plop.write(
                                generateOutput(u, gParam, "99999...99999",
                                               "GET", "Overflow"))
            """
			# see the permutations
			if len(database[u]['GET'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						url = ""
						for gParam in database[u]['GET']:
							url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
						handle = getContentDirectURL_GET(u,url)
						if handle != None:
							output = handle.read()
							if detect_sql(output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
			"""
        if len(database[u]['POST']):
            print "Method = POST ", u
            # single parameter testing
            for gParam in database[u]['POST']:
                defaultValue = database[u]['POST'][gParam]
                defaultReturn = getContent_POST(u, gParam, defaultValue,
                                                txheaders)
                if defaultReturn == None:
                    continue
                # get the AND statments
                for andSQL in attack_list['AND']:
                    tmpError = getContent_POST(u, gParam, andSQL, txheaders)
                    if tmpError == None:
                        continue
                    if equal(defaultReturn.read(), tmpError.read()):
                        # dive here :)
                        basicError = getContent_POST(u, gParam, '', txheaders)
                        overflowErS = getContent_POST(u, gParam, overflowStr,
                                                      txheaders)
                        if basicError == None or overflowErS == None:
                            continue
                        if equal(basicError.read(), overflowErS.read()):
                            for key in orderBSQL[orderBSQL['AND']]:
                                for instance in attack_list[key]:
                                    tmpError = getContent_POST(
                                        u, gParam, instance, txheaders)
                                    if tmpError == None:
                                        continue
                                    if equal(basicError.read(),
                                             tmpError.read()):
                                        # should be an error
                                        plop.write(
                                            generateOutput(
                                                u, gParam, instance, "POST",
                                                key))
                        else:
                            # report a overflow possible error
                            plop.write(
                                generateOutput(u, gParam, "99999...99999",
                                               "POST", "Overflow"))
    plop.write("\n</bsqlAttacks>\n")
    appendToReport(url, "</div></div>")
    plop.close()
    return ""
Exemplo n.º 8
0
def process(url, database, attack_list):
	plop = open('results/bsql_GrabberAttacks.xml','w')
	plop.write("<bsqlAttacks>\n")

	for u in database.keys():
		if len(database[u]['GET']):
			print "Method = GET ", u
			# single parameter testing
			for gParam in database[u]['GET']:
				defaultValue = database[u]['GET'][gParam]
				defaultReturn = getContent_GET(u,gParam,defaultValue)
				if defaultReturn == None:
					continue
				# get the AND statments
				for andSQL in attack_list['AND']:
					tmpError = getContent_GET(u,gParam,andSQL)
					if tmpError == None:
						continue
					if equal(defaultReturn.read(), tmpError.read()):
						# dive here :)
						basicError  = getContent_GET(u,gParam,'')
						overflowErS = getContent_GET(u,gParam,overflowStr)
						if basicError == None or overflowErS == None:
							continue
						if equal(basicError.read(), overflowErS.read()):
							for key in orderBSQL[orderBSQL['AND']]:
								for instance in attack_list[key]:
									tmpError  = getContent_GET(u,gParam,instance)
									if tmpError == None:
										continue
									if equal(basicError.read(), tmpError.read()):
										# should be an error
										# print u,gParam,instance
										plop.write(generateOutput(u,gParam,instance,"GET",key))
						else:
							# report a overflow possible error
							#print u,gParam, "overflow"
							plop.write(generateOutput(u,gParam,"99999...99999","GET","Overflow"))
			"""
			# see the permutations
			if len(database[u]['GET'].keys()) > 1:
				for typeOfInjection in attack_list:
					for instance in attack_list[typeOfInjection]:
						url = ""
						for gParam in database[u]['GET']:
							url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
						handle = getContentDirectURL_GET(u,url)
						if handle != None:
							output = handle.read()
							if detect_sql(output):
								# generate the info...
								plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
			"""
		if len(database[u]['POST']):
			print "Method = POST ", u
			# single parameter testing
			for gParam in database[u]['POST']:
				defaultValue = database[u]['POST'][gParam]
				defaultReturn = getContent_POST(u,gParam,defaultValue)
				if defaultReturn == None:
					continue
				# get the AND statments
				for andSQL in attack_list['AND']:
					tmpError = getContent_POST(u,gParam,andSQL)
					if tmpError == None:
						continue
					if equal(defaultReturn.read(), tmpError.read()):
						# dive here :)
						basicError  = getContent_POST(u,gParam,'')
						overflowErS = getContent_POST(u,gParam,overflowStr)
						if basicError == None or overflowErS == None:
							continue
						if equal(basicError.read(), overflowErS.read()):
							for key in orderBSQL[orderBSQL['AND']]:
								for instance in attack_list[key]:
									tmpError  = getContent_POST(u,gParam,instance)
									if tmpError == None:
										continue
									if equal(basicError.read(), tmpError.read()):
										# should be an error
										plop.write(generateOutput(u,gParam,instance,"POST",key))
						else:
							# report a overflow possible error
							plop.write(generateOutput(u,gParam,"99999...99999","POST","Overflow"))
	plop.write("\n</bsqlAttacks>\n")
	plop.close()
	return ""
def process(url, database, attack_list):
	plop = open('results/commandInjection_GrabberAttacks.xml','w')
	plop.write("<CommandInjectionAttacks>\n")

	for u in database.keys():
		if len(database[u]['GET']):
			print "Method = GET ", u
			# single parameter testing
			for gParam in database[u]['GET']:
				defaultValue = database[u]['GET'][gParam]
				defaultReturn = getContent_GET(u,gParam,defaultValue)
				if defaultReturn == None:
					continue
				# check with the attack list
				for cmd in attack_list:
					tmpError = getContent_GET(u,gParam,cmd)
					if tmpError == None:
						continue
					if equal(defaultReturn.read(), tmpError.read()):
						basicError  = getContent_GET(u,gParam,'')
						overflowErS = getContent_GET(u,gParam,overflowStr)
						if basicError == None or overflowErS == None:
							continue
						if equal(basicError.read(), overflowErS.read()):
							for key in orderCommand:
								for instance in attack_list[key]:
									tmpError  = getContent_GET(u,gParam,instance)
									if tmpError == None:
										continue
									if equal(basicError.read(), tmpError.read()):
										# should be an error
										# print u,gParam,instance
										plop.write(generateOutput(u,gParam,instance,"GET",key))
						else:
							# report a overflow possible error
							#print u,gParam, "overflow"
							plop.write(generateOutput(u,gParam,"Overflow in Command Injection","GET","Overflow"))
					
			
		if len(database[u]['POST']):
			print "Method = POST ", u
			# single parameter testing
			for gParam in database[u]['POST']:
				defaultValue = database[u]['POST'][gParam]
				defaultReturn = getContent_POST(u,gParam,defaultValue)
				if defaultReturn == None:
					continue
				# check with the attack list
				for cmd in attack_list:
					tmpError = getContent_POST(u,gParam,cmd)
					if tmpError == None:
						continue
					if equal(defaultReturn.read(), tmpError.read()):
						basicError  = getContent_POST(u,gParam,'')
						overflowErS = getContent_POST(u,gParam,overflowStr)
						if basicError == None or overflowErS == None:
							continue
						if equal(basicError.read(), overflowErS.read()):
							for key in orderCommand:
								for instance in attack_list[key]:
									tmpError  = getContent_POST(u,gParam,instance)
									if tmpError == None:
										continue
									if equal(basicError.read(), tmpError.read()):
										# should be an error
										plop.write(generateOutput(u,gParam,instance,"POST",key))
						else:
							# report a overflow possible error
							plop.write(generateOutput(u,gParam,"Overflow in Command Injection","POST","Overflow"))
	plop.write("\n</CommandInjectionAttacks>\n")
	plop.close()
	return ""