def generateWSSEMutatedTag(self, method): if method: type = ['open', 'random', 'close'] for t in type: soapStr = StringIO() soapStr.write(self.genOpenWSSEXML()) soapStr.write((self.xml["un_open"] + "%s" + self.xml["un_close"]) % (self.rndUser)) # structural threat: weird structure soapStr.write("<%s %s>" % (self.rnd, attackUtils.genNAttribs(300))) if t == 'open': # structural threat: weird structure - large # open tags for i in range(30): soapStr.write('<%s>' % self.rnd) if t == 'random': # structural threat: huge random document for i in range(30): soapStr.write('<%s>%s</%s>' % (self.rnd, self.rnd, self.rnd)) if t == 'close': # structural threat: weird structure - large # close tags for i in range(30): soapStr.write('</%s>' % self.rnd) created, nonce, digest = attackUtils.genLogisticVals(self.rndUser, self.rndPass) soapStr.write(self.genLogisticTags(digest, nonce, created)) soapStr.write(self.genMidWSSEXML() + attackUtils.genMethodRandTags(method) + self.genCloseWSSEXML()) self.addstring(soapStr)
def generateWSSEMutatedTag(self, method): if method: type = ['open', 'random', 'close'] for t in type: soapStr = StringIO() soapStr.write(self.genOpenWSSEXML()) soapStr.write( (self.xml["un_open"] + "%s" + self.xml["un_close"]) % (self.rndUser)) # structural threat: weird structure soapStr.write("<%s %s>" % (self.rnd, attackUtils.genNAttribs(300))) if t == 'open': # structural threat: weird structure - large # open tags for i in range(30): soapStr.write('<%s>' % self.rnd) if t == 'random': # structural threat: huge random document for i in range(30): soapStr.write('<%s>%s</%s>' % (self.rnd, self.rnd, self.rnd)) if t == 'close': # structural threat: weird structure - large # close tags for i in range(30): soapStr.write('</%s>' % self.rnd) created, nonce, digest = attackUtils.genLogisticVals( self.rndUser, self.rndPass) soapStr.write(self.genLogisticTags(digest, nonce, created)) soapStr.write(self.genMidWSSEXML() + attackUtils.genMethodRandTags(method) + self.genCloseWSSEXML()) self.addstring(soapStr)
def generateWSSEMethodMutate(self, method, params, mix = None): if method: vectors = ['straight','unt','un','pass','nonce', 'created'] mutate = ['noclose', 'noopen', 'opentag', 'closetag'] for mutation in mutate: for vector in vectors: soapStr = StringIO() # opening for XML soapStr.write(self.genOpenWSSEXML()) if vector != 'un': soapStr.write((self.xml["un_open"] + "%s" + self.xml["un_close"]) % (self.rndUser*8)) else: if mutation == 'noclose': # no close tag for userName soapStr.write("<wsse:Username>" + self.rndUser) if mutation == 'noopen': # no open tag for userName soapStr.write(self.rndUser + "</wsse:Username>") if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") created, nonce, digest = attackUtils.genLogisticVals(self.rndUser, self.rndPass) if vector == 'pass': if mutation == 'noclose': # no close tag for password soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip()) if mutation == 'noopen': # no open tag for password soapStr.write(binascii.b2a_base64(digest).strip() + self.xml["wp_close"]) if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip() + self.xml["wn_close"]) soapStr.write(self.xml["wc_open"] + created.strip() + self.xml["wc_close"]) elif vector == 'nonce': soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip() + self.xml["wp_close"]) if mutation == 'noclose': # no close tag for nonce soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip()) if mutation == 'noopen': # no open tag for nonce soapStr.write(binascii.b2a_base64(nonce).strip() + self.xml["wn_close"]) if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") soapStr.write(self.xml["wc_open"] + created.strip() + self.xml["wc_close"]) elif vector == 'created': soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip() + self.xml["wp_close"]) soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip() + self.xml["wn_close"]) if mutation == 'noclose': # no close tag for created soapStr.write(self.xml["wc_open"] + "%s" % created.strip()) if mutation == 'noopen': # no open tag for nonce soapStr.write(created.strip() + self.xml["wc_close"]) if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") else: soapStr.write(self.genLogisticTags(digest, nonce, created)) if vector != 'unt': soapStr.write(self.genMidWSSEXML()) else: # no close tag for userNameToken soapStr.write(self.xml["sec_close"] + self.xml["header_close"] + self.xml["body_open"]) # method elements - open if mix: soapStr.write('<%s>' % self.rnd3) else: soapStr.write('<%s>' % method) # parameter elements if params: for i in params: if mix: soapStr.write('<%s>%s</%s>' % (self.rnd3, self.rnd6, self.rnd3)) else: soapStr.write('<%s>%s</%s>' % (i, self.rnd6, i)) else: if mix: soapStr.write('<%s>%s</%s>' % (self.rnd3, self.rnd6, self.rnd3)) else: soapStr.write('<%s>%s</%s>' % (self.rnd, self.rnd6, self.rnd)) # method elements - close if mix: soapStr.write('</%s>' % self.rnd3) else: soapStr.write('</%s>' % method) soapStr.write(self.genCloseWSSEXML()) self.addstring(soapStr)
def generateWSSEMethodMutate(self, method, params, mix=None): if method: vectors = ['straight', 'unt', 'un', 'pass', 'nonce', 'created'] mutate = ['noclose', 'noopen', 'opentag', 'closetag'] for mutation in mutate: for vector in vectors: soapStr = StringIO() # opening for XML soapStr.write(self.genOpenWSSEXML()) if vector != 'un': soapStr.write( (self.xml["un_open"] + "%s" + self.xml["un_close"]) % (self.rndUser * 8)) else: if mutation == 'noclose': # no close tag for userName soapStr.write("<wsse:Username>" + self.rndUser) if mutation == 'noopen': # no open tag for userName soapStr.write(self.rndUser + "</wsse:Username>") if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") created, nonce, digest = attackUtils.genLogisticVals( self.rndUser, self.rndPass) if vector == 'pass': if mutation == 'noclose': # no close tag for password soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip()) if mutation == 'noopen': # no open tag for password soapStr.write( binascii.b2a_base64(digest).strip() + self.xml["wp_close"]) if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip() + self.xml["wn_close"]) soapStr.write(self.xml["wc_open"] + created.strip() + self.xml["wc_close"]) elif vector == 'nonce': soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip() + self.xml["wp_close"]) if mutation == 'noclose': # no close tag for nonce soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip()) if mutation == 'noopen': # no open tag for nonce soapStr.write( binascii.b2a_base64(nonce).strip() + self.xml["wn_close"]) if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") soapStr.write(self.xml["wc_open"] + created.strip() + self.xml["wc_close"]) elif vector == 'created': soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip() + self.xml["wp_close"]) soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip() + self.xml["wn_close"]) if mutation == 'noclose': # no close tag for created soapStr.write(self.xml["wc_open"] + "%s" % created.strip()) if mutation == 'noopen': # no open tag for nonce soapStr.write(created.strip() + self.xml["wc_close"]) if mutation == 'opentag': soapStr.write("<") if mutation == 'closetag': soapStr.write("</") else: soapStr.write( self.genLogisticTags(digest, nonce, created)) if vector != 'unt': soapStr.write(self.genMidWSSEXML()) else: # no close tag for userNameToken soapStr.write(self.xml["sec_close"] + self.xml["header_close"] + self.xml["body_open"]) # method elements - open if mix: soapStr.write('<%s>' % self.rnd3) else: soapStr.write('<%s>' % method) # parameter elements if params: for i in params: if mix: soapStr.write( '<%s>%s</%s>' % (self.rnd3, self.rnd6, self.rnd3)) else: soapStr.write('<%s>%s</%s>' % (i, self.rnd6, i)) else: if mix: soapStr.write('<%s>%s</%s>' % (self.rnd3, self.rnd6, self.rnd3)) else: soapStr.write('<%s>%s</%s>' % (self.rnd, self.rnd6, self.rnd)) # method elements - close if mix: soapStr.write('</%s>' % self.rnd3) else: soapStr.write('</%s>' % method) soapStr.write(self.genCloseWSSEXML()) self.addstring(soapStr)