def do_check(request): # Check if defined any Host HTTP header. if menu.options.host and settings.HOST_INJECTION == None: request.add_header(settings.HOST, menu.options.host) # Check if defined any User-Agent HTTP header. if menu.options.agent: request.add_header(settings.USER_AGENT, menu.options.agent) # Check if defined any Referer HTTP header. if menu.options.referer and settings.REFERER_INJECTION == None: request.add_header(settings.REFERER, menu.options.referer) # Check if defined any Cookie HTTP header. if menu.options.cookie and settings.COOKIE_INJECTION == False: request.add_header(settings.COOKIE, menu.options.cookie) if not checks.get_header(request.headers, settings.HTTP_ACCEPT_HEADER): request.add_header(settings.HTTP_ACCEPT_HEADER, settings.HTTP_ACCEPT_HEADER_VALUE) # Appends a fake HTTP header 'X-Forwarded-For' if settings.TAMPER_SCRIPTS["xforwardedfor"]: from src.core.tamper import xforwardedfor xforwardedfor.tamper(request) # Check if defined any HTTP Authentication credentials. # HTTP Authentication: Basic / Digest Access Authentication. if not menu.options.ignore_401: if menu.options.auth_cred and menu.options.auth_type: try: settings.SUPPORTED_HTTP_AUTH_TYPES.index( menu.options.auth_type) if menu.options.auth_type == "basic": b64_string = base64.encodestring( menu.options.auth_cred).replace('\n', '') request.add_header("Authorization", "Basic " + b64_string + "") elif menu.options.auth_type == "digest": try: url = menu.options.url try: response = urllib2.urlopen(url) except urllib2.HTTPError, e: try: authline = e.headers.get( 'www-authenticate', '') authobj = re.match('''(\w*)\s+realm=(.*),''', authline).groups() realm = authobj[1].split(',')[0].replace( "\"", "") user_pass_pair = menu.options.auth_cred.split( ":") username = user_pass_pair[0] password = user_pass_pair[1] authhandler = urllib2.HTTPDigestAuthHandler() authhandler.add_password( realm, url, username, password) opener = urllib2.build_opener(authhandler) urllib2.install_opener(opener) result = urllib2.urlopen(url) except AttributeError: pass except urllib2.HTTPError, e: pass except ValueError: err_msg = "Unsupported / Invalid HTTP authentication type '" + menu.options.auth_type + "'." err_msg += " Try basic or digest HTTP authentication type." print settings.print_critical_msg(err_msg) raise SystemExit() else: pass # The MIME media type for JSON. if settings.IS_JSON: request.add_header("Content-Type", "application/json") # Check if defined any extra HTTP headers. if menu.options.headers or menu.options.header: # Do replacement with the 'INJECT_HERE' tag, if the wildcard char is provided. if menu.options.headers: menu.options.headers = checks.wildcard_character( menu.options.headers) extra_headers = menu.options.headers else: menu.options.header = checks.wildcard_character( menu.options.header) extra_headers = menu.options.header extra_headers = extra_headers.replace(":", ": ") if ": //" in extra_headers: extra_headers = extra_headers.replace(": //", "://") if "\\n" in extra_headers: extra_headers = extra_headers.split("\\n") # Remove empty strings extra_headers = [x for x in extra_headers if x] if menu.options.header and not menu.options.headers and len( extra_headers) > 1: warn_msg = "Swithing '--header' to '--headers' " warn_msg += "due to multiple extra HTTP headers." print settings.print_warning_msg(warn_msg) else: tmp_extra_header = [] tmp_extra_header.append(extra_headers) extra_headers = tmp_extra_header for extra_header in extra_headers: # Extra HTTP Header name http_header_name = re.findall(r"(.*): ", extra_header) http_header_name = ''.join(http_header_name).strip() # Extra HTTP Header value http_header_value = re.findall(r":(.*)", extra_header) http_header_value = ''.join(http_header_value).strip() # Check if it is a custom header injection. if settings.CUSTOM_HEADER_INJECTION == False and \ settings.INJECT_TAG in http_header_value: settings.CUSTOM_HEADER_INJECTION = True settings.CUSTOM_HEADER_NAME = http_header_name request.add_header(http_header_name, http_header_value)
def do_check(request): # Check if defined any Host HTTP header. if menu.options.host and settings.HOST_INJECTION == None: request.add_header(settings.HOST, menu.options.host) # Check if defined any User-Agent HTTP header. if menu.options.agent: request.add_header(settings.USER_AGENT, menu.options.agent) # Check if defined any Referer HTTP header. if menu.options.referer and settings.REFERER_INJECTION == None: request.add_header(settings.REFERER, menu.options.referer) # Check if defined any Cookie HTTP header. if menu.options.cookie and settings.COOKIE_INJECTION == False: request.add_header(settings.COOKIE, menu.options.cookie) if not checks.get_header(request.headers, settings.HTTP_ACCEPT_HEADER): request.add_header(settings.HTTP_ACCEPT_HEADER, settings.HTTP_ACCEPT_HEADER_VALUE) # The MIME media type for JSON. if menu.options.data: if re.search(settings.JSON_RECOGNITION_REGEX, menu.options.data) or \ re.search(settings.JSON_LIKE_RECOGNITION_REGEX, menu.options.data): request.add_header("Content-Type", "application/json") # Appends a fake HTTP header 'X-Forwarded-For' if settings.TAMPER_SCRIPTS["xforwardedfor"]: from src.core.tamper import xforwardedfor xforwardedfor.tamper(request) # Default value for "Accept-Encoding" HTTP header request.add_header('Accept-Encoding', settings.HTTP_ACCEPT_ENCODING_HEADER_VALUE) # Check if defined any HTTP Authentication credentials. # HTTP Authentication: Basic / Digest Access Authentication. if menu.options.auth_cred and menu.options.auth_type: try: settings.SUPPORTED_HTTP_AUTH_TYPES.index(menu.options.auth_type) if menu.options.auth_type == "basic": b64_string = encodebytes( menu.options.auth_cred.encode( settings.DEFAULT_CODEC)).decode().replace('\n', '') request.add_header("Authorization", "Basic " + b64_string + "") elif menu.options.auth_type == "digest": try: url = menu.options.url try: response = _urllib.request.urlopen( url, timeout=settings.TIMEOUT) except _urllib.error.HTTPError as e: try: authline = e.headers.get('www-authenticate', '') authobj = re.match('''(\w*)\s+realm=(.*),''', authline).groups() realm = authobj[1].split(',')[0].replace("\"", "") user_pass_pair = menu.options.auth_cred.split(":") username = user_pass_pair[0] password = user_pass_pair[1] authhandler = _urllib.request.HTTPDigestAuthHandler( ) authhandler.add_password(realm, url, username, password) opener = _urllib.request.build_opener(authhandler) _urllib.request.install_opener(opener) result = _urllib.request.urlopen( url, timeout=settings.TIMEOUT) except AttributeError: pass except _urllib.error.HTTPError as e: pass except ValueError: err_msg = "Unsupported / Invalid HTTP authentication type '" + menu.options.auth_type + "'." err_msg += " Try basic or digest HTTP authentication type." print(settings.print_critical_msg(err_msg)) raise SystemExit() else: pass # Check if defined any extra HTTP headers. if menu.options.headers or menu.options.header or len( settings.RAW_HTTP_HEADERS) >= 1: if len(settings.RAW_HTTP_HEADERS) >= 1: menu.options.headers = settings.RAW_HTTP_HEADERS # Do replacement with the 'INJECT_HERE' tag, if the wildcard char is provided. if menu.options.headers: menu.options.headers = checks.wildcard_character( menu.options.headers) extra_headers = menu.options.headers else: menu.options.header = checks.wildcard_character( menu.options.header) extra_headers = menu.options.header extra_headers = extra_headers.replace(":", ": ") if ": //" in extra_headers: extra_headers = extra_headers.replace(": //", "://") if "\\n" in extra_headers: extra_headers = extra_headers.split("\\n") # Remove empty strings and "Content-Length" extra_headers = [ x for x in extra_headers if "Content-Length" not in x ] else: tmp_extra_header = [] tmp_extra_header.append(extra_headers) extra_headers = tmp_extra_header # Remove empty strings extra_headers = [x for x in extra_headers if x] for extra_header in extra_headers: try: # Extra HTTP Header name http_header_name = extra_header.split(':', 1)[0] http_header_name = ''.join(http_header_name).strip() # Extra HTTP Header value http_header_value = extra_header.split(':', 1)[1] http_header_value = ''.join(http_header_value).strip().replace( ": ", ":") # Check if it is a custom header injection. if settings.CUSTOM_HEADER_INJECTION == False and \ settings.INJECT_TAG in http_header_value: settings.CUSTOM_HEADER_INJECTION = True settings.CUSTOM_HEADER_NAME = http_header_name # Add HTTP Header name / value to the HTTP request if http_header_name not in [ settings.HOST, settings.USER_AGENT, settings.REFERER, settings.COOKIE ]: request.add_header( http_header_name.encode(settings.DEFAULT_CODEC), http_header_value.encode(settings.DEFAULT_CODEC)) except: pass # eof
def do_check(request): # Check if defined any Host HTTP header. if menu.options.host and settings.HOST_INJECTION == None: request.add_header(settings.HOST, menu.options.host) # Check if defined any User-Agent HTTP header. if menu.options.agent: request.add_header(settings.USER_AGENT, menu.options.agent) # Check if defined any Referer HTTP header. if menu.options.referer and settings.REFERER_INJECTION == None: request.add_header(settings.REFERER, menu.options.referer) # Check if defined any Cookie HTTP header. if menu.options.cookie and settings.COOKIE_INJECTION == False: request.add_header(settings.COOKIE, menu.options.cookie) if not checks.get_header(request.headers, settings.HTTP_ACCEPT_HEADER): request.add_header(settings.HTTP_ACCEPT_HEADER, settings.HTTP_ACCEPT_HEADER_VALUE) # Appends a fake HTTP header 'X-Forwarded-For' if settings.TAMPER_SCRIPTS["xforwardedfor"]: from src.core.tamper import xforwardedfor xforwardedfor.tamper(request) # Check if defined any HTTP Authentication credentials. # HTTP Authentication: Basic / Digest Access Authentication. if menu.options.auth_cred and menu.options.auth_type: try: settings.SUPPORTED_HTTP_AUTH_TYPES.index(menu.options.auth_type) if menu.options.auth_type == "basic": b64_string = base64.encodestring(menu.options.auth_cred).replace('\n', '') request.add_header("Authorization", "Basic " + b64_string + "") elif menu.options.auth_type == "digest": try: url = menu.options.url try: response = urllib2.urlopen(url) except urllib2.HTTPError, e: try: authline = e.headers.get('www-authenticate', '') authobj = re.match('''(\w*)\s+realm=(.*),''',authline).groups() realm = authobj[1].split(',')[0].replace("\"","") user_pass_pair = menu.options.auth_cred.split(":") username = user_pass_pair[0] password = user_pass_pair[1] authhandler = urllib2.HTTPDigestAuthHandler() authhandler.add_password(realm, url, username, password) opener = urllib2.build_opener(authhandler) urllib2.install_opener(opener) result = urllib2.urlopen(url) except AttributeError: pass except urllib2.HTTPError, e: pass except ValueError: err_msg = "Unsupported / Invalid HTTP authentication type '" + menu.options.auth_type + "'." err_msg += " Try basic or digest HTTP authentication type." print settings.print_critical_msg(err_msg) raise SystemExit() else: pass # The MIME media type for JSON. if settings.IS_JSON: request.add_header("Content-Type", "application/json") # Check if defined any extra HTTP headers. if menu.options.headers or menu.options.header: # Do replacement with the 'INJECT_HERE' tag, if the wildcard char is provided. if menu.options.headers: menu.options.headers = checks.wildcard_character(menu.options.headers) extra_headers = menu.options.headers else: menu.options.header = checks.wildcard_character(menu.options.header) extra_headers = menu.options.header extra_headers = extra_headers.replace(":",": ") if ": //" in extra_headers: extra_headers = extra_headers.replace(": //" ,"://") if "\\n" in extra_headers: extra_headers = extra_headers.split("\\n") # Remove empty strings extra_headers = [x for x in extra_headers if x] if menu.options.header and not menu.options.headers and len(extra_headers) > 1: warn_msg = "Swithing '--header' to '--headers' " warn_msg += "due to multiple extra HTTP headers." print settings.print_warning_msg(warn_msg) else: tmp_extra_header = [] tmp_extra_header.append(extra_headers) extra_headers = tmp_extra_header for extra_header in extra_headers: # Extra HTTP Header name http_header_name = re.findall(r"(.*): ", extra_header) http_header_name = ''.join(http_header_name).strip() # Extra HTTP Header value http_header_value = re.findall(r":(.*)", extra_header) http_header_value = ''.join(http_header_value).strip() # Check if it is a custom header injection. if settings.CUSTOM_HEADER_INJECTION == False and \ settings.INJECT_TAG in http_header_value: settings.CUSTOM_HEADER_INJECTION = True settings.CUSTOM_HEADER_NAME = http_header_name request.add_header(http_header_name, http_header_value)