Пример #1
0
 def n_length(r, i):
   if r.response and r.response.content:
     p = str(len(r.response.content))
     if hasattr(r, "payload"):
       p += "(" + str(len(r.response.content)-len(encode(r.payload))) + ")"
     return p
   else:
     return "-"
Пример #2
0
def _inject_to(r, value, payloads, pre_func=None):
  if not pre_func:
    pre_func = lambda x: encode(x)
  pds = [ pre_func(pd) for pd in _get_payload(payloads) ]
  rqs = RequestSet(_inject_query(r, value, pds))
  if r.method in ("POST", "PUT"):
    rqs += RequestSet(_inject_post(r, value, pds))
  if r.has_header("Cookie"):
    rqs += RequestSet(_inject_cookie(r, value, pds))
  rqs += RequestSet(_inject_json(r, value, pds))
  if not rqs:
    raise NoInjectionPointFound()
  return rqs
Пример #3
0
def _inject_at(r, offset, payloads, pre_func=None, choice=None):
  rs = []
  orig = str(r)
  if not pre_func:
    pre_func = lambda x: encode(x)
  pds = [ pre_func(pd) for pd in _get_payload(payloads) ]
  if isinstance(offset, (list, tuple)):
    off_b, off_e = offset
  elif isinstance(offset, basestring):
    ct = str(r).count(offset)
    if ct > 1:
      if not choice or choice > ct:
        raise NonUniqueInjectionPoint("The pattern is not unique in" + \
                                      " the request, use choice<=" + str(ct))
      else:
        c_off = 0
        for i in range(choice):
          idx = str(r)[c_off:].find(offset)
          c_off += idx + 1
        idx = c_off - 1
    elif ct < 1:
      raise NoInjectionPointFound("Could not find the pattern")
    else:
      idx = str(r).find(offset)
    off_b, off_e = idx, idx + len(offset)
  else:
    off_b = off_e = offset
  for p in pds:
    ct = orig[:off_b] + p + orig[off_e:]
    ct = re.sub("Content-Length:.*\n", "", ct)
    r_new = Request(ct, hostname=r.hostname, port=r.port, use_ssl=r.use_ssl)
    r_new.update_content_length()
    r_new.injection_point = "@" + str(offset)
    r_new.payload = p
    rs.append(r_new)
  return rs