def do_head_check(self, urls):
"""
Send a HEAD request before to start to inject to verify stability of the target
"""
for u in urls:
self.set_option(pycurl.URL, u)
self.set_option(pycurl.NOBODY,1)
self.set_option(pycurl.FOLLOWLOCATION, 0)
self.set_option(pycurl.MAXREDIRS, 50)
self.set_option(pycurl.SSL_VERIFYHOST, 0)
self.set_option(pycurl.SSL_VERIFYPEER, 0)
if self.fakeheaders:
from libs.xsscan.randomip import RandomIP
if self.xforw:
generate_random_xforw = RandomIP()
xforwip = generate_random_xforw._generateip('')
xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
if self.xclient:
generate_random_xclient = RandomIP()
xclientip = generate_random_xclient._generateip('')
xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
if self.xforw:
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue)
if self.xclient:
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
elif self.xclient:
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
if self.headers:
self.fakeheaders = self.fakeheaders + self.headers
self.set_option(pycurl.HTTPHEADER, self.fakeheaders)
if self.agent:
self.set_option(pycurl.USERAGENT, self.agent)
if self.referer:
self.set_option(pycurl.REFERER, self.referer)
if self.proxy:
self.set_option(pycurl.PROXY, self.proxy)
if self.ignoreproxy:
self.set_option(pycurl.PROXY, "")
if self.timeout:
self.set_option(pycurl.CONNECTTIMEOUT, self.timeout)
self.set_option(pycurl.TIMEOUT, self.timeout)
if self.signals:
self.set_option(pycurl.NOSIGNAL, self.signals)
if self.tcp_nodelay:
self.set_option(pycurl.TCP_NODELAY, self.tcp_nodelay)
if self.cookie:
self.set_option(pycurl.COOKIE, self.cookie)
try:
self.handle.perform()
except:
return
if str(self.handle.getinfo(pycurl.HTTP_CODE)) in ["302", "301"]:
self.set_option(pycurl.FOLLOWLOCATION, 1)
def __request(self, relative_url=None):
"""
Perform a request and returns the payload.
"""
if self.fakeheaders:
from libs.xsscan.randomip import RandomIP
if self.xforw:
"""
Set the X-Forwarded-For to use.
"""
generate_random_xforw = RandomIP()
xforwip = generate_random_xforw._generateip('')
#xforwip = '127.0.0.1'
xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
if self.xclient:
"""
Set the X-Client-IP to use.
"""
generate_random_xclient = RandomIP()
xclientip = generate_random_xclient._generateip('')
#xclientip = '127.0.0.1'
xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
if self.xforw:
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue)
if self.xclient:
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
elif self.xclient:
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
if self.headers:
# XXX sanitize user input
self.fakeheaders = self.fakeheaders + self.headers
self.set_option(pycurl.HTTPHEADER, self.fakeheaders)
if self.agent:
self.set_option(pycurl.USERAGENT, self.agent)
if self.referer:
self.set_option(pycurl.REFERER, self.referer)
if self.proxy:
self.set_option(pycurl.PROXY, self.proxy)
if self.ignoreproxy:
self.set_option(pycurl.PROXY, "")
if relative_url:
self.set_option(pycurl.URL,os.path.join(self.base_url,relative_url))
if self.timeout:
self.set_option(pycurl.CONNECTTIMEOUT, self.timeout)
self.set_option(pycurl.TIMEOUT, self.timeout)
if self.signals:
self.set_option(pycurl.NOSIGNAL, self.signals)
if self.tcp_nodelay:
self.set_option(pycurl.TCP_NODELAY, self.tcp_nodelay)
if self.cookie:
self.set_option(pycurl.COOKIE, self.cookie)
if self.followred:
self.set_option(pycurl.FOLLOWLOCATION , 1)
self.set_option(pycurl.MAXREDIRS, 50)
if self.fli:
self.set_option(pycurl.MAXREDIRS, int(self.fli))
else:
self.set_option(pycurl.FOLLOWLOCATION , 0)
if self.fli:
print "\n[E] You must launch --follow-redirects command to set correctly this redirections limit\n"
return
"""
Set the HTTP authentication method: Basic, Digest, GSS, NTLM or Certificate
"""
if self.atype and self.acred:
atypelower = self.atype.lower()
if atypelower not in ( "basic", "digest", "ntlm", "gss" ):
print "\n[E] HTTP authentication type value must be: Basic, Digest, GSS or NTLM\n"
return
acredregexp = re.search("^(.*?)\:(.*?)$", self.acred)
if not acredregexp:
print "\n[E] HTTP authentication credentials value must be in format username:password\n"
return
user = acredregexp.group(1)
password = acredregexp.group(2)
self.set_option(pycurl.USERPWD, "%s:%s" % (user,password))
if atypelower == "basic":
self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC)
elif atypelower == "digest":
self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_DIGEST)
elif atypelower == "ntlm":
self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_NTLM)
elif atypelower == "gss":
self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_GSSNEGOTIATE)
else:
self.set_option(pycurl.HTTPAUTH, None)
self.set_option(pycurl.HTTPHEADER, ["Accept:"])
elif self.atype and not self.acred:
print "\n[E] You specified the HTTP authentication type, but did not provide the credentials\n"
return
elif not self.atype and self.acred:
print "\n[E] You specified the HTTP authentication credentials, but did not provide the type\n"
return
#if self.acert:
# acertregexp = re.search("^(.+?),\s*(.+?)$", self.acert)
# if not acertregexp:
# print "\n[E] HTTP authentication certificate option must be 'key_file,cert_file'\n"
# return
# # os.path.expanduser for support of paths with ~
# key_file = os.path.expanduser(acertregexp.group(1))
# cert_file = os.path.expanduser(acertregexp.group(2))
# self.set_option(pycurl.SSL_VERIFYHOST, 0)
# self.set_option(pycurl.SSL_VERIFYPEER, 1)
# self.set_option(pycurl.SSH_PUBLIC_KEYFILE, key_file)
# self.set_option(pycurl.CAINFO, cert_file)
# self.set_option(pycurl.SSLCERT, cert_file)
# self.set_option(pycurl.SSLCERTTYPE, 'p12')
# self.set_option(pycurl.SSLCERTPASSWD, '1234')
# self.set_option(pycurl.SSLKEY, key_file)
# self.set_option(pycurl.SSLKEYPASSWD, '1234')
# for file in (key_file, cert_file):
# if not os.path.exists(file):
# print "\n[E] File '%s' doesn't exist\n" % file
# return
self.set_option(pycurl.SSL_VERIFYHOST, 0)
self.set_option(pycurl.SSL_VERIFYPEER, 0)
self.header.seek(0,0)
self.payload = ""
for count in range(0, self.retries):
time.sleep(self.delay)
if self.dropcookie:
self.set_option(pycurl.COOKIELIST, 'ALL')
nocookie = ['Set-Cookie: ', '']
self.set_option(pycurl.HTTPHEADER, self.fakeheaders + nocookie)
try:
self.handle.perform()
except:
return
return self.payload