def scan_get_request_from_path(request_info): """Scan all parameters in url for GET request Examples: GET /dvwa/vulnerabilities/xss_r/?name=helloworld HTTP/1.1 Host: test.avfisher.win Cookie: security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32 Parameters in URL: name """ path = request_info['path'] #if "?" in path and "&" in path: if path and "?" in path: # Example of path: http://abc.xyz/index.html?para=test paras = path.split('?')[-1].split('&') for para in paras: if para: for payload in payloads: payload_para = "{}{}".format(para, payload) path_str = path.replace(para, payload_para) request_info['path'] = path_str.strip() type = "Path" r_1 = HackRequests(request_info, LIB_1).get_request() r_2 = HackRequests(request_info, LIB_2).get_request() if print_scan_result( type, r_1, path_str, payload, request_info) == "vulnerable" or print_scan_result( type, r_2, path_str, payload, request_info) == "vulnerable": break
def scan_request_from_cookie(request_info): """ Scan all cookies except exclusions in list 'cookie_exclusion' for GET/POST request Examples: POST /dvwa/login.php HTTP/1.1 Host: test.avfisher.win Cookie: security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32 Cookies: security PHPSESSID """ cookie = request_info['cookie'] if cookie: cookies = cookie.split('; ') for ck in cookies: if ck and ck.strip().split('=', 1)[0].lower() not in cookie_exclusion: for payload in payloads: payload_cookie = "{}{}".format(ck, payload) cookie_str = cookie.replace(ck, payload_cookie) request_info['cookie'] = cookie_str.strip() type = "Cookie" if request_info['method'] == "GET": r_1 = HackRequests(request_info, LIB_1).get_request() r_2 = HackRequests(request_info, LIB_2).get_request() if print_scan_result(type, r_1, cookie_str, payload, request_info) == "vulnerable" or print_scan_result(type, r_2, cookie_str, payload, request_info) == "vulnerable": break elif request_info['method'] == "POST": r = HackRequests(request_info).post_request() if print_scan_result(type, r, cookie_str, payload, request_info) == "vulnerable": break
def scan_post_request_from_post_data(request_info): """Scan all parameters in post data for POST request Examples: POST /dvwa/vulnerabilities/xss_s/ HTTP/1.1 Host: test.avfisher.win Cookie: security=impossible; security=low; PHPSESSID=a93qmi370veagks0j81k3rlu32 Post Data:txtName=whatsup&mtxMessage=man&btnSign=Sign+Guestbook&user_token=b1ce437384e1bb75bdc8a3f02babe157 Parameters in post data: txtName mtxMessage btnSign user_token """ post_data = request_info['post_data'] if post_data and "&" in post_data: paras = request_info['post_data'].split('&') for para in paras: if para: for payload in payloads: payload_para = "{}{}".format(para, payload) post_data_str = post_data.replace(para, payload_para) request_info['post_data'] = post_data_str.strip() type = "Post" r = HackRequests(request_info).post_request() if print_scan_result(type, r, post_data_str, payload, request_info) == "vulnerable": break