def __testProxy(self):
"""Test if the proxy can be used on the connection, and insert it into the proxies list"""
try:
self.testConnection()
oh.infoBox(f"Proxy {self.__proxy['http://']} worked.")
self.__proxyList.append(self.__proxy)
except:
oh.warningBox(f"Proxy {self.__proxy['http://']} not worked.")
def checkDelay(argv: list, fuzzer: Fuzzer):
"""Check if the --delay argument is present, and set the value into the fuzzer
@type argv: list
@param argv: The arguments given in the execution
@type fuzzer: Fuzzer
@param fuzzer: The Fuzzer object
"""
if ('--delay' in argv):
delay = argv[argv.index('--delay') + 1]
fuzzer.setDelay(float(delay))
oh.infoBox(f"Set delay: {delay} second(s)")
def checkNumThreads(argv: list, fuzzer: Fuzzer):
"""Check if the -t argument is present, and set the number of threads in the fuzzer
@type argv: list
@param argv: The arguments given in the execution
@type fuzzer: Fuzzer
@param fuzzer: The Fuzzer object
"""
if ('-t' in argv):
numThreads = argv[argv.index('-t') + 1]
fuzzer.setNumThreads(int(numThreads))
oh.infoBox(f"Set number of threads: {numThreads} thread(s)")
def checkCookie(argv: list, requestHandler: RequestHandler):
"""Check if the --cookie argument is present, and set the value into the requestHandler
@type argv: list
@param argv: The arguments given in the execution
@type requestHandler: RequestHandler
@param requestHandler: The object responsible to handle the requests
"""
if ('--cookie' in argv):
cookie = argv[argv.index('--cookie') + 1]
requestHandler.setCookie(cookie)
oh.infoBox(f"Set cookie: {cookie}")
def checkProxies(argv: list, requestHandler: RequestHandler):
"""Check if the --proxies argument is present, and open a file
@type argv: list
@param argv: The arguments given in the execution
"""
if ('--proxies' in argv):
index = argv.index('--proxies') + 1
proxiesFileName = argv[index]
fh.openProxies(proxiesFileName)
oh.infoBox(f"Loading proxies from file '{proxiesFileName}' ...")
requestHandler.setProxiesFromFile()
def prepareApplication(self):
"""Prepares the application"""
try:
self.__checkConnectionAndRedirections()
oh.infoBox(
f"Starting test on '{self.__requestHandler.getUrl()}' ...")
self.__startApplication()
except KeyboardInterrupt:
oh.abortBox("Test aborted.")
fh.writeOnOutput(self.__outputFileContent)
else:
oh.infoBox("Test completed.")
def __openOutput(self):
"""Opens the output file
for store the probably vulnerable response data
"""
now = datetime.now()
time = now.strftime("%Y-%m-%d_%H:%M")
try:
self.__outputFile = open('../output/' + time + '.txt', 'w')
except FileNotFoundError:
os.system('mkdir ../output')
self.__outputFile = open('../output/' + time + '.txt', 'w')
finally:
oh.infoBox(f'Saving results on \'{time}.txt\' ...')
def __checkConnectionAndRedirections(self):
"""Test the connection and redirection to target"""
# If we'll not fuzzing the url paths, so
# test the redirections before start the fuzzing
rh = self.__requestHandler
if rh.getUrlIndexToPayload():
oh.infoBox(
"Test mode set to URL Fuzzing. No redirection verifications to target are being tested."
)
try:
rh.testConnection()
except:
if not oh.askYesNo(
"Connection to target failed. Continue anyway? "):
exit()
else:
oh.infoBox("Connection status: OK")
else:
try:
rh.testConnection()
except:
oh.errorBox("Failed to connect to the server.")
oh.infoBox("Connection status: OK")
oh.infoBox("Testing redirections ...")
rh.testRedirection()
def testRedirection(self):
"""Test if the connection will have a redirection"""
requestParameters = self.__getRequestParameters(' ')
response = requests.request(requestParameters['Method'],
requestParameters['Url'],
data=requestParameters['Data'],
params=requestParameters['Data'],
headers=requestParameters['Headers'],
proxies=self.__proxy)
if ('[302]' in str(response.history)):
if (not oh.askYesNo(
"You was redirected to another page. Continue? (y/N): ")):
exit(0)
else:
oh.infoBox("No redirections.")
def writeOnOutput(self, outputContent: list):
"""Write the vulnerable input and response content into a file
@param type: list
@param outputContent: The list with probably vulnerable content
"""
if outputContent:
self.__openOutput()
for content in outputContent:
for key, value in content.items():
self.__outputFile.write(key + ': ' + str(value) + '\n')
self.__outputFile.write('\n')
self.__close(self.__outputFile)
global outputHandler
oh.infoBox('Results saved.')
def checkProxy(argv: list, requestHandler: RequestHandler):
"""Check if the --proxy argument is present, and set the value into the requestHandler
@type argv: list
@param argv: The arguments given in the execution
@type requestHandler: RequestHandler
@param requestHandler: The object responsible to handle the requests
"""
if ('--proxy' in argv):
index = argv.index('--proxy') + 1
proxy = argv[index]
requestHandler.setProxy({
'http://': 'http://' + proxy,
'https://': 'http://' + proxy
})
oh.infoBox(f"Set proxy: {proxy}")
def main(argv: list):
"""The main function
@type argv: list
@param argv: The arguments given in the execution
"""
if (len(argv) < 2):
oh.errorBox(
"Invalid format! Use -h on 2nd parameter to show the help menu.")
if (argv[1] == '-h' or argv[1] == '--help'):
showHelpMenu()
if (argv[1] == '-v' or argv[1] == '--version'):
exit("FuzzingTool v3.1.0")
url, method, param, headers = getDefaultRequestData(argv)
defaultParam = getRequestParams(param) if param != '' else {}
getWordlistFile(argv)
fuzzer = Fuzzer(RequestHandler(url, method, defaultParam, headers))
oh.infoBox(f"Set target: {fuzzer.getRequestHandler().getUrl()}")
oh.infoBox(f"Set request method: {method}")
oh.infoBox(f"Set request data: {str(defaultParam)}")
checkCookie(argv, fuzzer.getRequestHandler())
checkProxy(argv, fuzzer.getRequestHandler())
checkProxies(argv, fuzzer.getRequestHandler())
checkDelay(argv, fuzzer)
checkVerboseMode(argv, fuzzer)
checkNumThreads(argv, fuzzer)
fuzzer.prepareApplication()
def setProxiesFromFile(self):
"""Get the proxies from a file and test each one"""
oh.infoBox("Testing proxies ...")
for proxy in fh.readProxies():
self.setProxy(proxy)
self.__testProxy()
