def generateWSSEMutatedTag(self, method):
if method:
type = ['open', 'random', 'close']
for t in type:
soapStr = StringIO()
soapStr.write(self.genOpenWSSEXML())
soapStr.write((self.xml["un_open"] + "%s" + self.xml["un_close"]) % (self.rndUser))
# structural threat: weird structure
soapStr.write("<%s %s>" % (self.rnd, attackUtils.genNAttribs(300)))
if t == 'open':
# structural threat: weird structure - large # open tags
for i in range(30):
soapStr.write('<%s>' % self.rnd)
if t == 'random':
# structural threat: huge random document
for i in range(30):
soapStr.write('<%s>%s</%s>' % (self.rnd, self.rnd, self.rnd))
if t == 'close':
# structural threat: weird structure - large # close tags
for i in range(30):
soapStr.write('</%s>' % self.rnd)
created, nonce, digest = attackUtils.genLogisticVals(self.rndUser, self.rndPass)
soapStr.write(self.genLogisticTags(digest, nonce, created))
soapStr.write(self.genMidWSSEXML() + attackUtils.genMethodRandTags(method) + self.genCloseWSSEXML())
self.addstring(soapStr)
def generateWSSEMutatedTag(self, method):
if method:
type = ['open', 'random', 'close']
for t in type:
soapStr = StringIO()
soapStr.write(self.genOpenWSSEXML())
soapStr.write(
(self.xml["un_open"] + "%s" + self.xml["un_close"]) %
(self.rndUser))
# structural threat: weird structure
soapStr.write("<%s %s>" %
(self.rnd, attackUtils.genNAttribs(300)))
if t == 'open':
# structural threat: weird structure - large # open tags
for i in range(30):
soapStr.write('<%s>' % self.rnd)
if t == 'random':
# structural threat: huge random document
for i in range(30):
soapStr.write('<%s>%s</%s>' %
(self.rnd, self.rnd, self.rnd))
if t == 'close':
# structural threat: weird structure - large # close tags
for i in range(30):
soapStr.write('</%s>' % self.rnd)
created, nonce, digest = attackUtils.genLogisticVals(
self.rndUser, self.rndPass)
soapStr.write(self.genLogisticTags(digest, nonce, created))
soapStr.write(self.genMidWSSEXML() +
attackUtils.genMethodRandTags(method) +
self.genCloseWSSEXML())
self.addstring(soapStr)
def generateWSSEMethodMutate(self, method, params, mix = None):
if method:
vectors = ['straight','unt','un','pass','nonce', 'created']
mutate = ['noclose', 'noopen', 'opentag', 'closetag']
for mutation in mutate:
for vector in vectors:
soapStr = StringIO()
# opening for XML
soapStr.write(self.genOpenWSSEXML())
if vector != 'un':
soapStr.write((self.xml["un_open"] + "%s" + self.xml["un_close"]) % (self.rndUser*8))
else:
if mutation == 'noclose':
# no close tag for userName
soapStr.write("<wsse:Username>" + self.rndUser)
if mutation == 'noopen':
# no open tag for userName
soapStr.write(self.rndUser + "</wsse:Username>")
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
created, nonce, digest = attackUtils.genLogisticVals(self.rndUser, self.rndPass)
if vector == 'pass':
if mutation == 'noclose':
# no close tag for password
soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip())
if mutation == 'noopen':
# no open tag for password
soapStr.write(binascii.b2a_base64(digest).strip() + self.xml["wp_close"])
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip() + self.xml["wn_close"])
soapStr.write(self.xml["wc_open"] + created.strip() + self.xml["wc_close"])
elif vector == 'nonce':
soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip() + self.xml["wp_close"])
if mutation == 'noclose':
# no close tag for nonce
soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip())
if mutation == 'noopen':
# no open tag for nonce
soapStr.write(binascii.b2a_base64(nonce).strip() + self.xml["wn_close"])
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
soapStr.write(self.xml["wc_open"] + created.strip() + self.xml["wc_close"])
elif vector == 'created':
soapStr.write(self.xml["wp_open"] + binascii.b2a_base64(digest).strip() + self.xml["wp_close"])
soapStr.write(self.xml["wn_open"] + binascii.b2a_base64(nonce).strip() + self.xml["wn_close"])
if mutation == 'noclose':
# no close tag for created
soapStr.write(self.xml["wc_open"] + "%s" % created.strip())
if mutation == 'noopen':
# no open tag for nonce
soapStr.write(created.strip() + self.xml["wc_close"])
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
else:
soapStr.write(self.genLogisticTags(digest, nonce, created))
if vector != 'unt':
soapStr.write(self.genMidWSSEXML())
else:
# no close tag for userNameToken
soapStr.write(self.xml["sec_close"] + self.xml["header_close"] + self.xml["body_open"])
# method elements - open
if mix:
soapStr.write('<%s>' % self.rnd3)
else:
soapStr.write('<%s>' % method)
# parameter elements
if params:
for i in params:
if mix:
soapStr.write('<%s>%s</%s>' % (self.rnd3, self.rnd6, self.rnd3))
else:
soapStr.write('<%s>%s</%s>' % (i, self.rnd6, i))
else:
if mix:
soapStr.write('<%s>%s</%s>' % (self.rnd3, self.rnd6, self.rnd3))
else:
soapStr.write('<%s>%s</%s>' % (self.rnd, self.rnd6, self.rnd))
# method elements - close
if mix:
soapStr.write('</%s>' % self.rnd3)
else:
soapStr.write('</%s>' % method)
soapStr.write(self.genCloseWSSEXML())
self.addstring(soapStr)
def generateWSSEMethodMutate(self, method, params, mix=None):
if method:
vectors = ['straight', 'unt', 'un', 'pass', 'nonce', 'created']
mutate = ['noclose', 'noopen', 'opentag', 'closetag']
for mutation in mutate:
for vector in vectors:
soapStr = StringIO()
# opening for XML
soapStr.write(self.genOpenWSSEXML())
if vector != 'un':
soapStr.write(
(self.xml["un_open"] + "%s" + self.xml["un_close"])
% (self.rndUser * 8))
else:
if mutation == 'noclose':
# no close tag for userName
soapStr.write("<wsse:Username>" + self.rndUser)
if mutation == 'noopen':
# no open tag for userName
soapStr.write(self.rndUser + "</wsse:Username>")
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
created, nonce, digest = attackUtils.genLogisticVals(
self.rndUser, self.rndPass)
if vector == 'pass':
if mutation == 'noclose':
# no close tag for password
soapStr.write(self.xml["wp_open"] +
binascii.b2a_base64(digest).strip())
if mutation == 'noopen':
# no open tag for password
soapStr.write(
binascii.b2a_base64(digest).strip() +
self.xml["wp_close"])
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
soapStr.write(self.xml["wn_open"] +
binascii.b2a_base64(nonce).strip() +
self.xml["wn_close"])
soapStr.write(self.xml["wc_open"] + created.strip() +
self.xml["wc_close"])
elif vector == 'nonce':
soapStr.write(self.xml["wp_open"] +
binascii.b2a_base64(digest).strip() +
self.xml["wp_close"])
if mutation == 'noclose':
# no close tag for nonce
soapStr.write(self.xml["wn_open"] +
binascii.b2a_base64(nonce).strip())
if mutation == 'noopen':
# no open tag for nonce
soapStr.write(
binascii.b2a_base64(nonce).strip() +
self.xml["wn_close"])
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
soapStr.write(self.xml["wc_open"] + created.strip() +
self.xml["wc_close"])
elif vector == 'created':
soapStr.write(self.xml["wp_open"] +
binascii.b2a_base64(digest).strip() +
self.xml["wp_close"])
soapStr.write(self.xml["wn_open"] +
binascii.b2a_base64(nonce).strip() +
self.xml["wn_close"])
if mutation == 'noclose':
# no close tag for created
soapStr.write(self.xml["wc_open"] +
"%s" % created.strip())
if mutation == 'noopen':
# no open tag for nonce
soapStr.write(created.strip() +
self.xml["wc_close"])
if mutation == 'opentag':
soapStr.write("<")
if mutation == 'closetag':
soapStr.write("</")
else:
soapStr.write(
self.genLogisticTags(digest, nonce, created))
if vector != 'unt':
soapStr.write(self.genMidWSSEXML())
else:
# no close tag for userNameToken
soapStr.write(self.xml["sec_close"] +
self.xml["header_close"] +
self.xml["body_open"])
# method elements - open
if mix:
soapStr.write('<%s>' % self.rnd3)
else:
soapStr.write('<%s>' % method)
# parameter elements
if params:
for i in params:
if mix:
soapStr.write(
'<%s>%s</%s>' %
(self.rnd3, self.rnd6, self.rnd3))
else:
soapStr.write('<%s>%s</%s>' %
(i, self.rnd6, i))
else:
if mix:
soapStr.write('<%s>%s</%s>' %
(self.rnd3, self.rnd6, self.rnd3))
else:
soapStr.write('<%s>%s</%s>' %
(self.rnd, self.rnd6, self.rnd))
# method elements - close
if mix:
soapStr.write('</%s>' % self.rnd3)
else:
soapStr.write('</%s>' % method)
soapStr.write(self.genCloseWSSEXML())
self.addstring(soapStr)
