示例#1
0
    def handle_runQuickAnalysis(self):
        results = ''
        results_io = StringIO()
        if not self.qlock.tryLock():
            self.framework.debug_log(
                'failed to acquire lock for quick analysis')
        else:
            original_stdout = sys.stdout
            sys.stdout = results_io
            try:
                python_code = str(self.python_code)
                scriptLoader = ScriptLoader()
                global_ns = local_ns = {}
                script_env = scriptLoader.load_from_string(
                    python_code, global_ns, local_ns)

                begin_method = script_env.functions.get('begin')
                if begin_method:
                    res = begin_method()
                    if res:
                        self.append_results(results_io, res)

                process_request_method = script_env.functions.get(
                    'process_request')
                if not process_request_method:
                    raise Exception(
                        'The "process_request" method is not implemented and is required.'
                    )
                factory = RequestResponseFactory.RequestResponseFactory(
                    self.framework, None)
                for row in self.Data.read_all_responses(self.read_cursor):
                    try:
                        rr = factory.fill_by_row(row)
                        res = process_request_method(rr)
                        if res:
                            self.append_results(results_io, res)
                    except Exception as e:
                        results += '\nEncountered processing error: %s' % (e)

                end_method = script_env.functions.get('end')
                if end_method:
                    res = end_method()
                    if res:
                        self.append_results(results_io, res)

            except Exception as error:
                self.framework.report_exception(error)
                results += '\nEncountered processing error: %s' % (error)
            finally:
                sys.stdout = original_stdout
                self.qlock.unlock()

        if self.callback_object:
            if results:
                results += '\n'
            results += results_io.getvalue()
            self.callback_object.emit(
                SIGNAL('runQuickAnalysisFinished(QString)'), results)
示例#2
0
    def start_fuzzing_clicked(self):
        """ Start the fuzzing attack """

        if 'Cancel' == self.mainWindow.wfStdStartButton.text() and self.pending_fuzz_requests is not None:
            self.cancel_fuzz_requests = True
            for context, pending_request in self.pending_fuzz_requests.items():
                pending_request.cancel()
            self.pending_fuzz_requests = None
            self.mainWindow.wfStdStartButton.setText('Start Attack')
            self.mainWindow.fuzzerStandardProgressBar.setValue(0)
            return
        
        self.pending_fuzz_requests = {}
        
        url = str(self.mainWindow.wfStdUrlEdit.text())
        templateText = str(self.mainWindow.wfStdEdit.toPlainText())
        method = str(self.mainWindow.stdFuzzerReqMethod.currentText())

        self.save_standard_configuration()
        
        replacements = self.build_replacements(method, url)

        sequenceId = None
        if self.mainWindow.wfStdPreChk.isChecked():
            sequenceId = self.mainWindow.wfStdPreBox.itemData(self.mainWindow.wfStdPreBox.currentIndex())

        postSequenceId = None
        if self.mainWindow.wfStdPostChk.isChecked():
            postSequenceId = self.mainWindow.wfStdPostBox.itemData(self.mainWindow.wfStdPostBox.currentIndex())
        
        # Fuzzing stuff
        payload_mapping = self.create_payload_map()
#        print(payload_mapping)
        self.create_functions()
        
        template_definition = TemplateDefinition(templateText)

        template_items = template_definition.template_items
###        print(template_items)
        parameter_names = template_definition.parameter_names

        self.global_ns = self.local_ns = {}
        scriptLoader = ScriptLoader()

        errors = []
        fuzz_payloads = {}
        for name, payload_info in payload_mapping.items():
            if name in parameter_names:
                payload_type, payload_value, payload_file = payload_info
                if 'fuzz' == payload_type:
                    filename = payload_value
                    values = self.Attacks.read_data(filename)
                    fuzz_payloads[name] = values
                elif 'dynamic' == payload_type:
                    target = payload_file
                    # TODO: should this come from saved file or current Scintilla values (?)
                    script_env = scriptLoader.load_from_file(os.path.join(self.functions_dir, target), self.global_ns, self.local_ns)
                    expression = payload_value
                    if not expression.endswith('()'):
                        expression += '()'
                    eval_result = eval(expression, self.global_ns, self.local_ns)
                    fuzz_payloads[name] = [str(v) for v in eval_result]
                elif 'static' == payload_type:
                    pass
                elif 'none' == payload_type:
                    # unconfigured payload
                    errors.append(name)
        
        test_slots = []
        counters = []
        tests_count = []
        total_tests = 1
        
        for name, payload_info in payload_mapping.items():
            if name in parameter_names:
                payload_type, payload_value, payload_file = payload_info
                if 'static' == payload_type:
                    # static payload value
                    payloads = [payload_value]
                elif 'fuzz' == payload_type:
                    payloads = fuzz_payloads[name]
                elif 'dynamic' == payload_type:
                    payloads = fuzz_payloads[name]

                total_tests *= len(payloads)
                test_slots.append((name, payloads))
                counters.append(0)
                tests_count.append(len(payloads))
            
        position_end = len(counters) - 1
        position = position_end

        self.miniResponseRenderWidget.clear_response_render()
        self.mainWindow.fuzzerStandardProgressBar.setValue(0)
        self.mainWindow.fuzzerStandardProgressBar.setMaximum(total_tests)
        
        finished = False
        first = True
        while not finished:
            data = {}
            for j in range(0, len(test_slots)):
                name, payloads = test_slots[j]
                data[name] = payloads[counters[j]]
        
            template_io = StringIO()
            self.apply_template_parameters(template_io, data, template_items)
        
            templateText = template_io.getvalue()
            context = uuid.uuid4().hex
            # print('%s%s%s' % ('-'*32, request, '-'*32))
            use_global_cookie_jar = self.mainWindow.webFuzzerUseGlobalCookieJar.isChecked()
            (method, url, headers, body) = self.process_template(url, templateText, replacements)
            
            if first:
                    self.mainWindow.wfStdStartButton.setText('Cancel')
                    if use_global_cookie_jar:
                        self.fuzzRequesterCookieJar = self.framework.get_global_cookie_jar()
                    else:
                        self.fuzzRequesterCookieJar = InMemoryCookieJar(self.framework, self)
                    self.requestRunner = RequestRunner(self.framework, self)
                    self.requestRunner.setup(self.fuzzer_response_received, self.fuzzRequesterCookieJar, sequenceId, postSequenceId)
                    first = False

            self.pending_fuzz_requests[context] = self.requestRunner.queue_request(method, url, headers, body, context)
            
            # increment to next test
            counters[position] = (counters[position] + 1) % (tests_count[position])
            while position >= 0 and counters[position] == 0:
                position -= 1
                counters[position] = (counters[position] + 1) % (tests_count[position])
        
            if position == -1:
                finished = True
            else:
                position = position_end        
示例#3
0
 def __init__(self):
     self.scripts = {}
     self.scriptLoader = ScriptLoader()
     self.Data = None