def add_poc_data(url, data, http_method, content_type, poc): """ 在原来数据的基础上替换成poc数据 :param url: get类型下完整url post为请求数据 :param http_method: :param content_type: :param poc: :return: """ try: poc_result = ChromeTrafficParser.simplify_request( url=url, data=data, http_method=http_method, content_type=content_type) if (http_method and http_method.lower() == HttpMethod.GET) or content_type is None: poc_result["url"] = BaseTrafficParser.replace( poc_result["url"], poc) elif http_method and http_method.lower() == HttpMethod.POST: poc_result["data"] = BaseTrafficParser.replace( poc_result["data"], poc) except Exception: poc_result = { "url": url, "data": data, "http_method": http_method, "content_type": content_type } return poc_result
def simplify_request(url, data=None, http_method=HttpMethod.GET, content_type=None): """ 解析请求参数,将数据转换成 requests能解析的类型 :param url: :param data: :param http_method: :param content_type: :return: """ if (http_method and http_method.lower() == HttpMethod.GET) or content_type is None: return {"url": BaseTrafficParser._simplify_get_request(url), "data": data, "http_method": http_method, "content_type": None} elif http_method and http_method.lower() == HttpMethod.POST: if ContentType.ResourceContentType.DEFAULT in content_type.lower(): return {"url": url, "data": ChromeTrafficParser._simplify_post_request_default(data), "http_method": http_method, "content_type": ContentType.ResourceContentType.DEFAULT} elif ContentType.ResourceContentType.JSON in content_type.lower(): return {"url": url, "data": ChromeTrafficParser._get_json_parameter( ChromeTrafficParser._parse_post_parameter(data, content_type)), "http_method": http_method, "content_type": ContentType.ResourceContentType.JSON} elif ContentType.ResourceContentType.XML in content_type.lower(): return {"url": url, "data": ChromeTrafficParser._parse_post_parameter(data, content_type), "http_method": http_method, "content_type": ContentType.ResourceContentType.XML} elif ContentType.ResourceContentType.FORM in content_type.lower(): # 暂时不处理 return {"url": url, "data": data, "http_method": http_method, "content_type": ContentType.ResourceContentType.FORM} elif ContentType.ResourceContentType.TXT in content_type.lower(): return {"url": url, "data": data, "http_method": http_method, "content_type": ContentType.ResourceContentType.TXT}
async def hook_request(req, url, method, data, headers, payload): """ 修改请求方式和请求头,请求数据,修复重复跳转问题 await req.respond({'body': 'YO, GOOGLE.COM'}) data = { 'method': 'POST', 'postData': 'paramFoo=valueBar¶mThis=valueThat' } await req.continue_(data) :param req: :return: """ if req.method == method and req.url == url and req.postData == data: content_type, headers_dic = get_content_type_headers(method, headers) poc_result = BaseTrafficParser.add_poc_data(url=url, data=data, content_type=content_type, http_method=method, poc=payload) try: overrides = dict() if poc_result["data"]: overrides["postData"] = poc_result["data"] if headers_dic: overrides["headers"] = headers_dic if method: overrides["method"] = method if poc_result["url"]: overrides["url"] = poc_result["url"] await req.continue_(overrides) except PyppeteerError: await req.continue_() else: await req.continue_()
def _simplify_post_request_default(data): """ 对 application/x-www-form-urlencoded类型参数解析 :param data: :param http_method: :param content_type: :return: """ result_urls_key = None have_parameter = False result_parameter = "" http_parameter = BaseTrafficParser._get_json_parameter(data) http_parameter = BaseTrafficParser._replace_param_val_to_identification(http_parameter) for key, value in http_parameter.items(): result_parameter += "{}={}&".format(key, value) have_parameter = True if have_parameter: result_urls_key = result_parameter[:-1] return result_urls_key if result_urls_key else data
def get_parameter(url, data, http_method, content_type): """ get和BaseTrafficParser一致, post不一致 :param url: :param data: :param http_method: :param content_type: :return: """ if (http_method and http_method.lower() == HttpMethod.GET) or content_type is None: return BaseTrafficParser.get_parameter(url=url, data=data, http_method=http_method, content_type=content_type) elif http_method and http_method == HttpMethod.POST: return ChromeTrafficParser._parse_post_parameter(data, content_type)
async def hook_dialog(dialog, url, method, data, headers, celery_task_id, payload): """ hook dialog事件,然后输出payload :param dialog: :return: """ if dialog.message == PAYLOAD_TAG: content_type, headers_dic = get_content_type_headers(method, headers) poc_result = BaseTrafficParser.add_poc_data(url=url, data=data, content_type=content_type, http_method=method, poc=payload) poc_result["headers"] = headers_dic # notify(poc_result, headers, celery_task_id) add_result_queue(poc_result) await dialog.dismiss()
def test1SimplifyRequest(self): """ 测试对url或者参数进行归类 :return: """ from common.http_util import HttpMethod from common.http_util import ContentType from parser.base_traffic_parser import BaseTrafficParser # 测试get 请求 simplify_request0 = BaseTrafficParser.simplify_request( url="http://127.0.0.1:8889/?name=23232&password=78812", data=None, http_method=HttpMethod.GET, content_type=None) print(simplify_request0) # self.send_data(simplify_request0) """ print(BaseTrafficParser.simplify_request(url="http://127.0.0.1/?name.jsp", http_method=HttpMethod.GET, data=None, content_type=None)) print(BaseTrafficParser.simplify_request(url="http://127.0.0.1/name.jsp", http_method=HttpMethod.GET, data=None, content_type=None)) print(BaseTrafficParser.simplify_request(url="http://127.0.0.1/name.jsp中文哦", http_method=HttpMethod.GET, data=None, content_type=None)) """ # 测试post 请求 print("=========post=========") # 测试 post 请求 # 普通 application/x-www-form-urlencoded 类型 simplify_request1 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data="name=23333&pass=1", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.DEFAULT) self.send_data(simplify_request1) simplify_request2 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data="name=23333&pass=1&&", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.DEFAULT) self.send_data(simplify_request2) simplify_request3 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data="name=23333", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.DEFAULT) self.send_data(simplify_request3) simplify_request4 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data="name=23333&", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.DEFAULT) self.send_data(simplify_request4) # 普通 application/json 类型 print( BaseTrafficParser.simplify_request( url= "http://10.211.55.2:8887/v1/os_command_injection/test_case3", data='{"name":"23333"}', http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON)) json1 = '{"name":{"pass": {"bb": 12222, "aa": {"hello": "xxx"}}}, "hello": "ssss"}' simplify_request5 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data=json1, http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON) print(simplify_request5) self.send_data(simplify_request5) json2 = '{"name":"chenming","whoamo":"xxxx344"}' simplify_request6 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data=json2, http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON) self.send_data(simplify_request6) # 普通 text/xml 类型,暂不支持 print( BaseTrafficParser.simplify_request( url= "http://10.211.55.2:8887/v1/os_command_injection/test_case3", data="<name>23333</name>", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.XML)) upload_data1 = """------WebKitFormBoundaryH0TGOzR6zJhOJSVB \nContent-Disposition: form-data; name="file"; filename="5.png" \nContent-Type: image/png \nXXXXXX \n------WebKitFormBoundaryH0TGOzR6zJhOJSVB--""" upload_data2 = """ ------WebKitFormBoundarydnAY6LXdz8oOOXxy\\r\\nContent-Disposition: form-data; name=\\\"file\\\"; filename=\\\"5.png\\\"\\r\\nContent-Type: image/png\\r\\n\\r\\n\ """ # 普通上传文件表单 multipart/form-data; boundary=----WebKitFormBoundaryH0TGOzR6zJhOJSVB, simplify_request7 = BaseTrafficParser.simplify_request( url="http://10.211.55.2:8889/v1/os_command_injection/test_case3", data=upload_data1, http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.FORM) print(simplify_request7)
def testADDPocData(self): # 测试增加poc from common.http_util import HttpMethod from common.http_util import ContentType from parser.base_traffic_parser import BaseTrafficParser # 测试get 请求 print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/?name=23232&password=78812", data=None, http_method=HttpMethod.GET, content_type=None, poc="eval")) print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/?name=中文&password=78812", data=None, http_method=HttpMethod.GET, content_type=None, poc="eval")) print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/?name=%E4%B8%AD%E6%96%87&password=78812", data=None, http_method=HttpMethod.GET, content_type=None, poc="eval")) print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/?name=中文&password=78812#", data=None, content_type=None, http_method=HttpMethod.GET, poc="eval")) print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/?name=中文……**$$$&password=78812、#", data=None, content_type=None, http_method=HttpMethod.GET, poc="eval")) print( BaseTrafficParser.add_poc_data( url= "http://127.0.0.1/?name=中文&password=78812!@#¥%……*()_+|}{QASDFGHJK<>MNZXCVBN#", http_method=HttpMethod.GET, data=None, content_type=None, poc="eval")) print("=========post2=========") # 测试 post 请求 # 普通 application/x-www-form-urlencoded 类型 print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/login", data="name=23333&", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.DEFAULT, poc="hack")) print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/login?name=23333&", data=None, http_method=HttpMethod.POST, content_type=None, poc="hack")) # 普通 application/json 类型 print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/login", data='{"name":"23333"}', http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON, poc="hack")) # print(BaseTrafficParser.get_parameter(url='{\\\"username\\\":\\\"admin\\\",\\\"password\\\":\\\"passss\\\"}', http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.JSON)) # 普通 text/xml 类型,暂不支持 print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/login", data="<name>23333</name>", http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.XML, poc="hack")) upload_data1 = """------WebKitFormBoundaryH0TGOzR6zJhOJSVB \n Content-Disposition: form-data; name="file"; filename="5.png" \n Content-Type: image/png \n XXXXXX \n ------WebKitFormBoundaryH0TGOzR6zJhOJSVB-- """ upload_data2 = """ ------WebKitFormBoundarydnAY6LXdz8oOOXxy\\r\\nContent-Disposition: form-data; name=\\\"file\\\"; filename=\\\"5.png\\\"\\r\\nContent-Type: image/png\\r\\n\\r\\n\ """ # 普通上传文件表单 multipart/form-data; boundary=----WebKitFormBoundaryH0TGOzR6zJhOJSVB, print( BaseTrafficParser.add_poc_data( url="http://127.0.0.1/upload", data=upload_data1, http_method=HttpMethod.POST, content_type=ContentType.ResourceContentType.FORM, poc="hack"))