def __build_post_fuzzy_target_group_from_payload_group(self, target,
bsqli_payload_group):
""" Build a FuzzyTargetGroup from a PayloadGroup for POST requests.
target Target object.
bsqli_payload_group BSQLiPayloadGroup object.
"""
url = target.url
post_keys = target.data.keys()
#FIXME: Investigate why. !i have no idea why an empty list has to be
# called to reinstantiate this object properly?
fuzzy_target_groups = []
for key in post_keys:
ftg = FuzzyTargetGroup()
true_payload = bsqli_payload_group.true_payload
data_copy = target.data.copy()
data_copy[key] = data_copy[key] + str(true_payload)
fuzzy_target = FuzzyTarget(url, url, key, "post",
data=data_copy.copy(),
payload=true_payload,
unfuzzed_data=target.data)
ftg.add_target(fuzzy_target)
false_payload = bsqli_payload_group.false_payload
data_copy = target.data.copy()
data_copy[key] = data_copy[key] + str(false_payload)
fuzzy_target = FuzzyTarget(url, url, key, "post",
data=data_copy.copy(),
payload=false_payload,
unfuzzed_data=target.data)
ftg.add_target(fuzzy_target)
fuzzy_target_groups.append(ftg)
return fuzzy_target_groups
def __build_get_fuzzy_target_group_from_payload_group(self, target, bsqli_payload_group):
""" Build a fuzzy-wuzzy target group from a PayloadGroup for GET requests.
target Target object.
bsqli_payload_group BSQLiPayloadGroup object.
"""
url = target.url
parsed_url = urlparse(url)
parsed_url_query = parsed_url.query
url_q_dic = parse_qs(parsed_url_query)
#FIXME: Investigate this -> i have no idea why an empty list has to be
# called to reinstantiate this object properly?
fuzzy_target_groups = []
for query_param, _ in url_q_dic.iteritems():
ftg = FuzzyTargetGroup()
true_fuzzy_url = self.append_to_param(url, query_param, str(bsqli_payload_group.true_payload))
true_fuzzy_target = FuzzyTarget(true_fuzzy_url, url, query_param, "get", payload=bsqli_payload_group.true_payload)
ftg.add_target(true_fuzzy_target)
false_fuzzy_url = (self.append_to_param(url, query_param, str(bsqli_payload_group.false_payload)))
false_fuzzy_target = FuzzyTarget(false_fuzzy_url, url, query_param, "get", payload=bsqli_payload_group.false_payload)
ftg.add_target(false_fuzzy_target)
fuzzy_target_groups.append(ftg)
return fuzzy_target_groups
def __build_post_fuzzy_target_group_from_payload_group(
self, target, bsqli_payload_group):
""" Build a FuzzyTargetGroup from a PayloadGroup for POST requests.
target Target object.
bsqli_payload_group BSQLiPayloadGroup object.
"""
url = target.url
post_keys = target.data.keys()
#FIXME: Investigate why. !i have no idea why an empty list has to be
# called to reinstantiate this object properly?
fuzzy_target_groups = []
for key in post_keys:
ftg = FuzzyTargetGroup()
true_payload = bsqli_payload_group.true_payload
data_copy = target.data.copy()
data_copy[key] = data_copy[key] + str(true_payload)
fuzzy_target = FuzzyTarget(url,
url,
key,
"post",
data=data_copy.copy(),
payload=true_payload,
unfuzzed_data=target.data)
ftg.add_target(fuzzy_target)
false_payload = bsqli_payload_group.false_payload
data_copy = target.data.copy()
data_copy[key] = data_copy[key] + str(false_payload)
fuzzy_target = FuzzyTarget(url,
url,
key,
"post",
data=data_copy.copy(),
payload=false_payload,
unfuzzed_data=target.data)
ftg.add_target(fuzzy_target)
fuzzy_target_groups.append(ftg)
return fuzzy_target_groups
def __build_get_fuzzy_target_group_from_payload_group(
self, target, bsqli_payload_group):
""" Build a fuzzy-wuzzy target group from a PayloadGroup for GET requests.
target Target object.
bsqli_payload_group BSQLiPayloadGroup object.
"""
url = target.url
parsed_url = urlparse(url)
parsed_url_query = parsed_url.query
url_q_dic = parse_qs(parsed_url_query)
#FIXME: Investigate this -> i have no idea why an empty list has to be
# called to reinstantiate this object properly?
fuzzy_target_groups = []
for query_param, _ in url_q_dic.iteritems():
ftg = FuzzyTargetGroup()
true_fuzzy_url = self.append_to_param(
url, query_param, str(bsqli_payload_group.true_payload))
true_fuzzy_target = FuzzyTarget(
true_fuzzy_url,
url,
query_param,
"get",
payload=bsqli_payload_group.true_payload)
ftg.add_target(true_fuzzy_target)
false_fuzzy_url = (self.append_to_param(
url, query_param, str(bsqli_payload_group.false_payload)))
false_fuzzy_target = FuzzyTarget(
false_fuzzy_url,
url,
query_param,
"get",
payload=bsqli_payload_group.false_payload)
ftg.add_target(false_fuzzy_target)
fuzzy_target_groups.append(ftg)
return fuzzy_target_groups