def handle_runQuickAnalysis(self):
results = ''
results_io = StringIO()
if not self.qlock.tryLock():
self.framework.debug_log(
'failed to acquire lock for quick analysis')
else:
original_stdout = sys.stdout
sys.stdout = results_io
try:
python_code = str(self.python_code)
scriptLoader = ScriptLoader()
global_ns = local_ns = {}
script_env = scriptLoader.load_from_string(
python_code, global_ns, local_ns)
begin_method = script_env.functions.get('begin')
if begin_method:
res = begin_method()
if res:
self.append_results(results_io, res)
process_request_method = script_env.functions.get(
'process_request')
if not process_request_method:
raise Exception(
'The "process_request" method is not implemented and is required.'
)
factory = RequestResponseFactory.RequestResponseFactory(
self.framework, None)
for row in self.Data.read_all_responses(self.read_cursor):
try:
rr = factory.fill_by_row(row)
res = process_request_method(rr)
if res:
self.append_results(results_io, res)
except Exception as e:
results += '\nEncountered processing error: %s' % (e)
end_method = script_env.functions.get('end')
if end_method:
res = end_method()
if res:
self.append_results(results_io, res)
except Exception as error:
self.framework.report_exception(error)
results += '\nEncountered processing error: %s' % (error)
finally:
sys.stdout = original_stdout
self.qlock.unlock()
if self.callback_object:
if results:
results += '\n'
results += results_io.getvalue()
self.callback_object.emit(
SIGNAL('runQuickAnalysisFinished(QString)'), results)
def start_fuzzing_clicked(self):
""" Start the fuzzing attack """
if 'Cancel' == self.mainWindow.wfStdStartButton.text() and self.pending_fuzz_requests is not None:
self.cancel_fuzz_requests = True
for context, pending_request in self.pending_fuzz_requests.items():
pending_request.cancel()
self.pending_fuzz_requests = None
self.mainWindow.wfStdStartButton.setText('Start Attack')
self.mainWindow.fuzzerStandardProgressBar.setValue(0)
return
self.pending_fuzz_requests = {}
url = str(self.mainWindow.wfStdUrlEdit.text())
templateText = str(self.mainWindow.wfStdEdit.toPlainText())
method = str(self.mainWindow.stdFuzzerReqMethod.currentText())
self.save_standard_configuration()
replacements = self.build_replacements(method, url)
sequenceId = None
if self.mainWindow.wfStdPreChk.isChecked():
sequenceId = self.mainWindow.wfStdPreBox.itemData(self.mainWindow.wfStdPreBox.currentIndex())
postSequenceId = None
if self.mainWindow.wfStdPostChk.isChecked():
postSequenceId = self.mainWindow.wfStdPostBox.itemData(self.mainWindow.wfStdPostBox.currentIndex())
# Fuzzing stuff
payload_mapping = self.create_payload_map()
# print(payload_mapping)
self.create_functions()
template_definition = TemplateDefinition(templateText)
template_items = template_definition.template_items
### print(template_items)
parameter_names = template_definition.parameter_names
self.global_ns = self.local_ns = {}
scriptLoader = ScriptLoader()
errors = []
fuzz_payloads = {}
for name, payload_info in payload_mapping.items():
if name in parameter_names:
payload_type, payload_value, payload_file = payload_info
if 'fuzz' == payload_type:
filename = payload_value
values = self.Attacks.read_data(filename)
fuzz_payloads[name] = values
elif 'dynamic' == payload_type:
target = payload_file
# TODO: should this come from saved file or current Scintilla values (?)
script_env = scriptLoader.load_from_file(os.path.join(self.functions_dir, target), self.global_ns, self.local_ns)
expression = payload_value
if not expression.endswith('()'):
expression += '()'
eval_result = eval(expression, self.global_ns, self.local_ns)
fuzz_payloads[name] = [str(v) for v in eval_result]
elif 'static' == payload_type:
pass
elif 'none' == payload_type:
# unconfigured payload
errors.append(name)
test_slots = []
counters = []
tests_count = []
total_tests = 1
for name, payload_info in payload_mapping.items():
if name in parameter_names:
payload_type, payload_value, payload_file = payload_info
if 'static' == payload_type:
# static payload value
payloads = [payload_value]
elif 'fuzz' == payload_type:
payloads = fuzz_payloads[name]
elif 'dynamic' == payload_type:
payloads = fuzz_payloads[name]
total_tests *= len(payloads)
test_slots.append((name, payloads))
counters.append(0)
tests_count.append(len(payloads))
position_end = len(counters) - 1
position = position_end
self.miniResponseRenderWidget.clear_response_render()
self.mainWindow.fuzzerStandardProgressBar.setValue(0)
self.mainWindow.fuzzerStandardProgressBar.setMaximum(total_tests)
finished = False
first = True
while not finished:
data = {}
for j in range(0, len(test_slots)):
name, payloads = test_slots[j]
data[name] = payloads[counters[j]]
template_io = StringIO()
self.apply_template_parameters(template_io, data, template_items)
templateText = template_io.getvalue()
context = uuid.uuid4().hex
# print('%s%s%s' % ('-'*32, request, '-'*32))
use_global_cookie_jar = self.mainWindow.webFuzzerUseGlobalCookieJar.isChecked()
(method, url, headers, body) = self.process_template(url, templateText, replacements)
if first:
self.mainWindow.wfStdStartButton.setText('Cancel')
if use_global_cookie_jar:
self.fuzzRequesterCookieJar = self.framework.get_global_cookie_jar()
else:
self.fuzzRequesterCookieJar = InMemoryCookieJar(self.framework, self)
self.requestRunner = RequestRunner(self.framework, self)
self.requestRunner.setup(self.fuzzer_response_received, self.fuzzRequesterCookieJar, sequenceId, postSequenceId)
first = False
self.pending_fuzz_requests[context] = self.requestRunner.queue_request(method, url, headers, body, context)
# increment to next test
counters[position] = (counters[position] + 1) % (tests_count[position])
while position >= 0 and counters[position] == 0:
position -= 1
counters[position] = (counters[position] + 1) % (tests_count[position])
if position == -1:
finished = True
else:
position = position_end
def __init__(self):
self.scripts = {}
self.scriptLoader = ScriptLoader()
self.Data = None
