Python GWTParser示例

示例#1

    def setMessage(self, content, isRequest):

        # Instantiate GWTParser
        gwt = GWTParser()

        if content is None:
            # clear our display
            self._gwtMessageTabInput.setText(None)
            self._gwtMessageTabInput.setEditable(False)

        else:

            if isRequest:
                r = self._helpers.analyzeRequest(content)
            else:
                r = self._extender._helpers.analyzeResponse(content)

            # Get body contents
            msg = content[r.getBodyOffset():].tostring()
            print(msg)

            text = gwt.deserialize(msg)
            print(text)
            value = gwt.display()

            print(value)

            #self._gwtMessageTabInput.setText(self._helpers.stringToBytes(value))
            self._gwtMessageTabInput.setText(msg)
            self._gwtMessageTabInput.setEditable(self._editable)

        self._currentMessage = content

示例#2

def fuzz( burpobj ):
    global options, attacks, attacklog, param_manip_log

    # Parse the gwt string
    gwtparsed = GWTParser()
    gwtparsed.deserialize( burpobj.get_request_body() )
    
    gwtlist = burpobj.get_request_body().split('|')

    # This is where the magic happens.. Special Thanks to Marcin W.

    # Test all GWT requests using the attack strings submitted
    for( idx, param ), fuzzy in product( enumerate(gwtlist), attacks ):
        # Check to see if index was marked as a fuzzible string value by GWTParse
        if idx in gwtparsed.fuzzmarked and gwtparsed.fuzzmarked[idx] == "%s":
            fuzzified = "%s|%s|%s" %('|'.join(gwtlist[:idx]), fuzzy.replace('|','\!'), '|'.join(gwtlist[idx+1:]))
            replay( burpobj, fuzzified, fuzzy, gwtparsed, attacklog ) # Submit the request

    # Test all GWT request for Parameter Manipulation
    for idx, param in enumerate( gwtlist ):
        if idx in gwtparsed.fuzzmarked and gwtparsed.fuzzmarked[idx] == "%d":
            begin, end = get_number_range( param )
            for i in range( int(begin), int(end) ):
                fuzzified = "%s|%s|%s" %('|'.join(gwtlist[:idx]), str(i), '|'.join(gwtlist[idx+1:]))
                replay( burpobj, fuzzified, str(i), gwtparsed, param_manip_log ) #Submit the request

示例#3

    def parseGWT(self, event):

        gwt = GWTParser()
        gwt.burp

        gwt_Deser = gwt.deserialize(self.gwtTextArea.text)
        value = gwt.display()

        self.parsedGWTField.text = str(value)
        self.insertPointField.text = gwt.get_fuzzstr()

示例#4

    def parseGWTBody(self, event):

        # Get IHTTPRequestResponse object , run getRequest against it to create IRequestInfo object
        # IHttpRequestResponse[] getSelectedMessages();
        msg = self.context.getSelectedMessages()[0].getRequest()

        # Analyze the IRequestInfo object and create a temp value to grab the body contents
        r_temp = self._helpers.analyzeRequest(msg)
        message = msg[r_temp.getBodyOffset():].tostring()

        values = []

        # Clear the contents of each text area/box if they're not empty
        if len(self.gwtTextArea.text) > 1:
            self.gwtTextArea.text = ""
            self.parsedGWTField.text = ""
            self.insertPointField.text = ""

        # Write the GWT-RPC request to the text area
        for value in message:
            self.gwtTextArea.append(value)

        # Call parseGWT when sent via Context-Menu
        try:
            gwt = GWTParser()
            gwt.burp

            gwt_Deser = gwt.deserialize(self.gwtTextArea.text)
            value = gwt.display()

            self.parsedGWTField.text = str(value)
            self.insertPointField.text = gwt.get_fuzzstr()

        except Exception as er:
            # Print whatever exception occurred if the body was not parsed properly
            print(
                "[!] Exception occurred, is the body a valid GWT-RPC?\nException:"
            )
            print(er)

示例#5

        if options.surround_value and options.replace_value:
            print("\nCannot choose more then one output format.\n")
            parser.print_help()
            exit()

        if options.surround_value and options.burp:
            print("\nCannot choose more then one output format.\n")
            parser.print_help()
            exit()

        if options.replace_value and options.burp:
            print("\nCannot choose more then one output format.\n")
            parser.print_help()
            exit()

        gwt = GWTParser()

        if options.surround_value:
            gwt.surround_value = options.surround_value
        elif options.replace_value:
            gwt.replace_value = options.replace_value
        elif options.burp:
            gwt.burp = options.burp

        if options.write:
            if os.path.exists(options.write):
                print("Output file entered already exists")
                exit()

            fout = open(options.write, "w")
            gwt.fout = fout

示例#6

文件： gwtparse.py 项目： 0daybug/GWT-Penetration-Testing-Toolset

 if options.surround_value and options.replace_value:
     print( "\nCannot choose more then one output format.\n" )
     parser.print_help()
     exit()
     
 if options.surround_value and options.burp:
     print( "\nCannot choose more then one output format.\n" )
     parser.print_help()
     exit()
     
 if options.replace_value and options.burp:
     print( "\nCannot choose more then one output format.\n" )
     parser.print_help()
     exit()
     
 gwt = GWTParser()
 
 if options.surround_value:
     gwt.surround_value = options.surround_value
 elif options.replace_value:
     gwt.replace_value = options.replace_value
 elif options.burp:
     gwt.burp = options.burp
 
 
 if options.write:
     if os.path.exists(options.write):
         print( "Output file entered already exists" )
         exit()
         
     fout = open( options.write, "w" )