def json(self):
return {
"url": self.build_url(),
"params":
parseQuery(self.url.query) if self.url is not None else {},
"data": parseQuery(self.body),
"method": self.method,
"version": self.version,
"headers": self.dictheaders(),
"cookies": self.dictcookies()
}
def test_parseQuery(self):
self.assertEqual(parseQuery('a=1'), {'a': '1'})
self.assertEqual(parseQuery('a=%2f'), {'a': '/'})
self.assertEqual(parseQuery('a=%2f&b=3'), {'a': '/', 'b': '3'})
self.assertEqual(parseQuery('a=1&b=%253'), {'a': '1', 'b': '%3'})
self.assertEqual(parseQuery('a[]=1&b=%253'), {'a[]': '1', 'b': '%3'})
self.assertEqual(parseQuery('a[]=1&a[]=2'), {'a[]': ['1', '2']})
self.assertEqual(parseQuery('a=1&a=2'), {'a': ['1', '2']})
def fuzz(args):
parser = argparse.ArgumentParser(description='Saker Fuzzer',
usage='[options]',
epilog='Fuzz for web request')
parser.add_argument("-u", '--url', dest="url", help="define specific url")
parser.add_argument("-m",
'--method',
dest="method",
help="request method, use get as default",
default="get")
parser.add_argument("-p",
'--params',
dest="params",
help="request params, use empty string as default",
default="")
parser.add_argument("-d",
'--data',
dest="data",
help="request data, use empty string as default",
default="")
parser.add_argument('-H',
'--headers',
dest="headers",
help="request headers, use empty string as default",
default="")
parser.add_argument("-c",
'--cookies',
dest="cookies",
help="request cookies, use empty string as default",
default="")
parser.add_argument("-P",
'--part',
dest="part",
help="fuzz part, could be url / params / data / ...",
default="")
parser.add_argument("-k",
'--key',
dest="key",
help="key to be fuzzed",
default="")
parser.add_argument("-v",
'--vuln',
dest="vuln",
help="Vulnarability type to be fuzzed",
default="")
parser.add_argument("-t",
'--timeinterval',
type=float,
dest="interval",
help="scan time interval, random sleep by default",
default=0)
opts = parser.parse_args(args)
if not opts.url:
parser.print_help()
return
if opts.method.lower() not in ['get', 'post', 'put', 'patch', 'delete']:
print('method error')
return
print(opts.headers)
options = {
'url': normalizeUrl(opts.url),
'method': opts.method.lower(),
'params': parseQuery(opts.params),
'data': parseQuery(opts.data),
'headers': parseQuery(opts.headers),
'cookies': parseQuery(opts.cookies),
}
m = Mutator(options)
m.fuzz(opts.part, opts.key, opts.vuln, opts.interval)
print('Done')
def fuzz(args):
parser = argparse.ArgumentParser(description="Saker Fuzzer",
usage="[options]",
epilog="Fuzz for web request")
parser.add_argument("-u", "--url", dest="url", help="define specific url")
parser.add_argument("-m",
"--method",
dest="method",
help="request method, use get as default",
default="get")
parser.add_argument("-p",
"--params",
dest="params",
help="request params, use empty string as default",
default="")
parser.add_argument("-d",
"--data",
dest="data",
help="request data, use empty string as default",
default="")
parser.add_argument("-H",
"--headers",
dest="headers",
help="request headers, use empty string as default",
default="")
parser.add_argument("-c",
"--cookies",
dest="cookies",
help="request cookies, use empty string as default",
default="")
parser.add_argument("-P",
"--part",
dest="part",
help="fuzz part, could be url / params / data / ...",
default="")
parser.add_argument("-k",
"--key",
dest="key",
help="key to be fuzzed",
default="")
parser.add_argument("-v",
"--vuln",
dest="vuln",
help="Vulnarability type to be fuzzed",
default="")
parser.add_argument("-t",
"--timeinterval",
type=float,
dest="interval",
help="scan time interval, random sleep by default",
default=0)
opts = parser.parse_args(args)
if not opts.url:
parser.print_help()
return
if opts.method.lower() not in ["get", "post", "put", "patch", "delete"]:
print("method error")
return
print(opts.headers)
options = {
"url": normalizeUrl(opts.url),
"method": opts.method.lower(),
"params": parseQuery(opts.params),
"data": parseQuery(opts.data),
"headers": parseQuery(opts.headers),
"cookies": parseQuery(opts.cookies),
}
m = Mutator(options)
m.fuzz(opts.part, opts.key, opts.vuln, opts.interval)
print("Done")