def __testProxy(self): """Test if the proxy can be used on the connection, and insert it into the proxies list""" try: self.testConnection() oh.infoBox(f"Proxy {self.__proxy['http://']} worked.") self.__proxyList.append(self.__proxy) except: oh.warningBox(f"Proxy {self.__proxy['http://']} not worked.")
def checkDelay(argv: list, fuzzer: Fuzzer): """Check if the --delay argument is present, and set the value into the fuzzer @type argv: list @param argv: The arguments given in the execution @type fuzzer: Fuzzer @param fuzzer: The Fuzzer object """ if ('--delay' in argv): delay = argv[argv.index('--delay') + 1] fuzzer.setDelay(float(delay)) oh.infoBox(f"Set delay: {delay} second(s)")
def checkNumThreads(argv: list, fuzzer: Fuzzer): """Check if the -t argument is present, and set the number of threads in the fuzzer @type argv: list @param argv: The arguments given in the execution @type fuzzer: Fuzzer @param fuzzer: The Fuzzer object """ if ('-t' in argv): numThreads = argv[argv.index('-t') + 1] fuzzer.setNumThreads(int(numThreads)) oh.infoBox(f"Set number of threads: {numThreads} thread(s)")
def checkCookie(argv: list, requestHandler: RequestHandler): """Check if the --cookie argument is present, and set the value into the requestHandler @type argv: list @param argv: The arguments given in the execution @type requestHandler: RequestHandler @param requestHandler: The object responsible to handle the requests """ if ('--cookie' in argv): cookie = argv[argv.index('--cookie') + 1] requestHandler.setCookie(cookie) oh.infoBox(f"Set cookie: {cookie}")
def checkProxies(argv: list, requestHandler: RequestHandler): """Check if the --proxies argument is present, and open a file @type argv: list @param argv: The arguments given in the execution """ if ('--proxies' in argv): index = argv.index('--proxies') + 1 proxiesFileName = argv[index] fh.openProxies(proxiesFileName) oh.infoBox(f"Loading proxies from file '{proxiesFileName}' ...") requestHandler.setProxiesFromFile()
def prepareApplication(self): """Prepares the application""" try: self.__checkConnectionAndRedirections() oh.infoBox( f"Starting test on '{self.__requestHandler.getUrl()}' ...") self.__startApplication() except KeyboardInterrupt: oh.abortBox("Test aborted.") fh.writeOnOutput(self.__outputFileContent) else: oh.infoBox("Test completed.")
def __openOutput(self): """Opens the output file for store the probably vulnerable response data """ now = datetime.now() time = now.strftime("%Y-%m-%d_%H:%M") try: self.__outputFile = open('../output/' + time + '.txt', 'w') except FileNotFoundError: os.system('mkdir ../output') self.__outputFile = open('../output/' + time + '.txt', 'w') finally: oh.infoBox(f'Saving results on \'{time}.txt\' ...')
def __checkConnectionAndRedirections(self): """Test the connection and redirection to target""" # If we'll not fuzzing the url paths, so # test the redirections before start the fuzzing rh = self.__requestHandler if rh.getUrlIndexToPayload(): oh.infoBox( "Test mode set to URL Fuzzing. No redirection verifications to target are being tested." ) try: rh.testConnection() except: if not oh.askYesNo( "Connection to target failed. Continue anyway? "): exit() else: oh.infoBox("Connection status: OK") else: try: rh.testConnection() except: oh.errorBox("Failed to connect to the server.") oh.infoBox("Connection status: OK") oh.infoBox("Testing redirections ...") rh.testRedirection()
def testRedirection(self): """Test if the connection will have a redirection""" requestParameters = self.__getRequestParameters(' ') response = requests.request(requestParameters['Method'], requestParameters['Url'], data=requestParameters['Data'], params=requestParameters['Data'], headers=requestParameters['Headers'], proxies=self.__proxy) if ('[302]' in str(response.history)): if (not oh.askYesNo( "You was redirected to another page. Continue? (y/N): ")): exit(0) else: oh.infoBox("No redirections.")
def writeOnOutput(self, outputContent: list): """Write the vulnerable input and response content into a file @param type: list @param outputContent: The list with probably vulnerable content """ if outputContent: self.__openOutput() for content in outputContent: for key, value in content.items(): self.__outputFile.write(key + ': ' + str(value) + '\n') self.__outputFile.write('\n') self.__close(self.__outputFile) global outputHandler oh.infoBox('Results saved.')
def checkProxy(argv: list, requestHandler: RequestHandler): """Check if the --proxy argument is present, and set the value into the requestHandler @type argv: list @param argv: The arguments given in the execution @type requestHandler: RequestHandler @param requestHandler: The object responsible to handle the requests """ if ('--proxy' in argv): index = argv.index('--proxy') + 1 proxy = argv[index] requestHandler.setProxy({ 'http://': 'http://' + proxy, 'https://': 'http://' + proxy }) oh.infoBox(f"Set proxy: {proxy}")
def main(argv: list): """The main function @type argv: list @param argv: The arguments given in the execution """ if (len(argv) < 2): oh.errorBox( "Invalid format! Use -h on 2nd parameter to show the help menu.") if (argv[1] == '-h' or argv[1] == '--help'): showHelpMenu() if (argv[1] == '-v' or argv[1] == '--version'): exit("FuzzingTool v3.1.0") url, method, param, headers = getDefaultRequestData(argv) defaultParam = getRequestParams(param) if param != '' else {} getWordlistFile(argv) fuzzer = Fuzzer(RequestHandler(url, method, defaultParam, headers)) oh.infoBox(f"Set target: {fuzzer.getRequestHandler().getUrl()}") oh.infoBox(f"Set request method: {method}") oh.infoBox(f"Set request data: {str(defaultParam)}") checkCookie(argv, fuzzer.getRequestHandler()) checkProxy(argv, fuzzer.getRequestHandler()) checkProxies(argv, fuzzer.getRequestHandler()) checkDelay(argv, fuzzer) checkVerboseMode(argv, fuzzer) checkNumThreads(argv, fuzzer) fuzzer.prepareApplication()
def setProxiesFromFile(self): """Get the proxies from a file and test each one""" oh.infoBox("Testing proxies ...") for proxy in fh.readProxies(): self.setProxy(proxy) self.__testProxy()