def n_length(r, i):
if r.response and r.response.content:
p = str(len(r.response.content))
if hasattr(r, "payload"):
p += "(" + str(len(r.response.content)-len(encode(r.payload))) + ")"
return p
else:
return "-"
def n_length(r, i):
if r.response and r.response.content:
p = str(len(r.response.content))
if hasattr(r, "payload"):
p += "(" + str(
len(r.response.content) - len(encode(r.payload))) + ")"
return p
else:
return "-"
def _inject_to(r, value, payloads, pre_func=None):
if not pre_func:
pre_func = lambda x: encode(x)
pds = [ pre_func(pd) for pd in _get_payload(payloads) ]
rqs = RequestSet(_inject_query(r, value, pds))
if r.method in ("POST", "PUT"):
rqs += RequestSet(_inject_post(r, value, pds))
if r.has_header("Cookie"):
rqs += RequestSet(_inject_cookie(r, value, pds))
rqs += RequestSet(_inject_json(r, value, pds))
if not rqs:
raise NoInjectionPointFound()
return rqs
def _inject_to(r, target, payloads, pre_func=None, append=False):
if not pre_func:
pre_func = lambda x: encode(x)
payloads = [ pre_func(pd) for pd in _get_payload(payloads) ]
rqs = RequestSet(_inject_query(r, target, payloads, append))
if r.method in ("POST", "PUT"):
rqs += RequestSet(_inject_post(r, target, payloads, append))
if r.has_header("Cookie"):
rqs += RequestSet(_inject_cookie(r, target, payloads, append))
rqs += RequestSet(_inject_json(r, target, payloads, append))
if not rqs:
raise NoInjectionPointFound()
return rqs
def _inject_at(r, offset, payloads, pre_func=None, choice=None):
rs = []
orig = str(r)
if not pre_func:
pre_func = lambda x: encode(x)
payloads = (pre_func(pd) for pd in _get_payload(payloads))
if isinstance(offset, (list, tuple)):
off_b, off_e = offset
elif isinstance(offset, basestring):
ct = str(r).count(offset)
if ct > 1:
if not choice or choice > ct:
raise NonUniqueInjectionPoint(("The pattern '{}' is not unique in " + \
"the request, use choice<={}").format(offset,ct))
else:
c_off = 0
for i in range(choice):
idx = str(r)[c_off:].find(offset)
c_off += idx + 1
idx = c_off - 1
elif ct < 1:
raise NoInjectionPointFound("Could not find the pattern", offset)
else:
idx = str(r).find(offset)
off_b, off_e = idx, idx + len(offset)
else:
off_b = off_e = offset
for p in payloads:
ct = orig[:off_b] + p + orig[off_e:]
# FIXME: at most match only the headers
ct = re.sub("Content-Length:.*\n", "", ct)
r_new = burst.http.Request(ct,
hostname=r.hostname,
port=r.port,
use_ssl=r.use_ssl)
r_new.update_content_length()
r_new.injection_point = "@" + str(offset)
r_new.payload = p
rs.append(r_new)
return rs
def _inject_at(r, offset, payloads, pre_func=None, choice=None):
rs = []
orig = str(r)
if not pre_func:
pre_func = lambda x: encode(x)
pds = [ pre_func(pd) for pd in _get_payload(payloads) ]
if isinstance(offset, (list, tuple)):
off_b, off_e = offset
elif isinstance(offset, basestring):
ct = str(r).count(offset)
if ct > 1:
if not choice or choice > ct:
raise NonUniqueInjectionPoint("The pattern is not unique in" + \
" the request, use choice<=" + str(ct))
else:
c_off = 0
for i in range(choice):
idx = str(r)[c_off:].find(offset)
c_off += idx + 1
idx = c_off - 1
elif ct < 1:
raise NoInjectionPointFound("Could not find the pattern")
else:
idx = str(r).find(offset)
off_b, off_e = idx, idx + len(offset)
else:
off_b = off_e = offset
for p in pds:
ct = orig[:off_b] + p + orig[off_e:]
ct = re.sub("Content-Length:.*\n", "", ct)
r_new = Request(ct, hostname=r.hostname, port=r.port, use_ssl=r.use_ssl)
r_new.update_content_length()
r_new.injection_point = "@" + str(offset)
r_new.payload = p
rs.append(r_new)
return rs
