def n_length(r, i): if r.response and r.response.content: p = str(len(r.response.content)) if hasattr(r, "payload"): p += "(" + str(len(r.response.content)-len(encode(r.payload))) + ")" return p else: return "-"
def n_length(r, i): if r.response and r.response.content: p = str(len(r.response.content)) if hasattr(r, "payload"): p += "(" + str( len(r.response.content) - len(encode(r.payload))) + ")" return p else: return "-"
def _inject_to(r, value, payloads, pre_func=None): if not pre_func: pre_func = lambda x: encode(x) pds = [ pre_func(pd) for pd in _get_payload(payloads) ] rqs = RequestSet(_inject_query(r, value, pds)) if r.method in ("POST", "PUT"): rqs += RequestSet(_inject_post(r, value, pds)) if r.has_header("Cookie"): rqs += RequestSet(_inject_cookie(r, value, pds)) rqs += RequestSet(_inject_json(r, value, pds)) if not rqs: raise NoInjectionPointFound() return rqs
def _inject_to(r, target, payloads, pre_func=None, append=False): if not pre_func: pre_func = lambda x: encode(x) payloads = [ pre_func(pd) for pd in _get_payload(payloads) ] rqs = RequestSet(_inject_query(r, target, payloads, append)) if r.method in ("POST", "PUT"): rqs += RequestSet(_inject_post(r, target, payloads, append)) if r.has_header("Cookie"): rqs += RequestSet(_inject_cookie(r, target, payloads, append)) rqs += RequestSet(_inject_json(r, target, payloads, append)) if not rqs: raise NoInjectionPointFound() return rqs
def _inject_at(r, offset, payloads, pre_func=None, choice=None): rs = [] orig = str(r) if not pre_func: pre_func = lambda x: encode(x) payloads = (pre_func(pd) for pd in _get_payload(payloads)) if isinstance(offset, (list, tuple)): off_b, off_e = offset elif isinstance(offset, basestring): ct = str(r).count(offset) if ct > 1: if not choice or choice > ct: raise NonUniqueInjectionPoint(("The pattern '{}' is not unique in " + \ "the request, use choice<={}").format(offset,ct)) else: c_off = 0 for i in range(choice): idx = str(r)[c_off:].find(offset) c_off += idx + 1 idx = c_off - 1 elif ct < 1: raise NoInjectionPointFound("Could not find the pattern", offset) else: idx = str(r).find(offset) off_b, off_e = idx, idx + len(offset) else: off_b = off_e = offset for p in payloads: ct = orig[:off_b] + p + orig[off_e:] # FIXME: at most match only the headers ct = re.sub("Content-Length:.*\n", "", ct) r_new = burst.http.Request(ct, hostname=r.hostname, port=r.port, use_ssl=r.use_ssl) r_new.update_content_length() r_new.injection_point = "@" + str(offset) r_new.payload = p rs.append(r_new) return rs
def _inject_at(r, offset, payloads, pre_func=None, choice=None): rs = [] orig = str(r) if not pre_func: pre_func = lambda x: encode(x) pds = [ pre_func(pd) for pd in _get_payload(payloads) ] if isinstance(offset, (list, tuple)): off_b, off_e = offset elif isinstance(offset, basestring): ct = str(r).count(offset) if ct > 1: if not choice or choice > ct: raise NonUniqueInjectionPoint("The pattern is not unique in" + \ " the request, use choice<=" + str(ct)) else: c_off = 0 for i in range(choice): idx = str(r)[c_off:].find(offset) c_off += idx + 1 idx = c_off - 1 elif ct < 1: raise NoInjectionPointFound("Could not find the pattern") else: idx = str(r).find(offset) off_b, off_e = idx, idx + len(offset) else: off_b = off_e = offset for p in pds: ct = orig[:off_b] + p + orig[off_e:] ct = re.sub("Content-Length:.*\n", "", ct) r_new = Request(ct, hostname=r.hostname, port=r.port, use_ssl=r.use_ssl) r_new.update_content_length() r_new.injection_point = "@" + str(offset) r_new.payload = p rs.append(r_new) return rs