def _inject_post(r, target, payloads, append):
rs = []
i_pts = parse_qs(r.content)
if target in i_pts:
nc = i_pts.copy()
# ASSUMPTION: When injecting in the request body, the parameter is not
# polluted
original_value = nc[target][0]
for p in payloads:
if append:
nc[target] = [
original_value + p,
]
else:
nc[target] = [
p,
]
n_content = urlencode(nc)
r_new = r.copy()
r_new.raw_content = n_content
r_new.content = n_content
r_new.injection_point = target
r_new.payload = p
r_new.update_content_length()
rs.append(r_new)
return rs
def _inject_query(r, target, payloads, append):
rs = []
i_pts = parse_qs(r.query)
if target in i_pts:
nq = i_pts.copy()
parsed_url = urlparse.urlparse(r.url)
# ASSUMPTION: When injecting in a query, the parameter is not polluted
original_value = nq[target][0]
for p in payloads:
if append:
nq[target] = [
original_value + p,
]
else:
nq[target] = [
p,
]
s = list(parsed_url)
s[4] = urlencode(nq)
r_new = r.copy()
r_new.url = urlparse.urlunparse(s)
r_new.injection_point = target
r_new.payload = p
rs.append(r_new)
return rs
def _inject_post(r, value, pds):
rs = []
i_pts = parse_qs(r.content)
if value in i_pts:
nc = i_pts.copy()
for p in pds:
nc[value] = [p, ]
n_content = urlencode(nc)
r_new = r.copy()
r_new.raw_content = n_content
r_new.content = n_content
r_new.injection_point = value
r_new.payload = p
r_new.update_content_length()
rs.append(r_new)
return rs
def _inject_query(r, value, pds):
rs = []
i_pts = parse_qs(r.query)
if value in i_pts:
nq = i_pts.copy()
parsed_url = urlparse.urlparse(r.url)
for p in pds:
nq[value] = [p, ]
s = list(parsed_url)
s[4] = urlencode(nq)
r_new = r.copy()
r_new.url = urlparse.urlunparse(s)
r_new.injection_point = value
r_new.payload = p
rs.append(r_new)
return rs
def _inject_query(r, target, payloads, append):
rs = []
i_pts = parse_qs(r.query)
if target in i_pts:
nq = i_pts.copy()
parsed_url = urlparse.urlparse(r.url)
# ASSUMPTION: When injecting in a query, the parameter is not polluted
original_value = nq[target][0]
for p in payloads:
if append:
nq[target] = [ original_value + p, ]
else:
nq[target] = [p, ]
s = list(parsed_url)
s[4] = urlencode(nq)
r_new = r.copy()
r_new.url = urlparse.urlunparse(s)
r_new.injection_point = target
r_new.payload = p
rs.append(r_new)
return rs
def _inject_post(r, target, payloads, append):
rs = []
i_pts = parse_qs(r.content)
if target in i_pts:
nc = i_pts.copy()
# ASSUMPTION: When injecting in the request body, the parameter is not
# polluted
original_value = nc[target][0]
for p in payloads:
if append:
nc[target] = [ original_value + p, ]
else:
nc[target] = [p, ]
n_content = urlencode(nc)
r_new = r.copy()
r_new.raw_content = n_content
r_new.content = n_content
r_new.injection_point = target
r_new.payload = p
r_new.update_content_length()
rs.append(r_new)
return rs
