def handle_runQuickAnalysis(self): results = '' results_io = StringIO() if not self.qlock.tryLock(): self.framework.debug_log( 'failed to acquire lock for quick analysis') else: original_stdout = sys.stdout sys.stdout = results_io try: python_code = str(self.python_code) scriptLoader = ScriptLoader() global_ns = local_ns = {} script_env = scriptLoader.load_from_string( python_code, global_ns, local_ns) begin_method = script_env.functions.get('begin') if begin_method: res = begin_method() if res: self.append_results(results_io, res) process_request_method = script_env.functions.get( 'process_request') if not process_request_method: raise Exception( 'The "process_request" method is not implemented and is required.' ) factory = RequestResponseFactory.RequestResponseFactory( self.framework, None) for row in self.Data.read_all_responses(self.read_cursor): try: rr = factory.fill_by_row(row) res = process_request_method(rr) if res: self.append_results(results_io, res) except Exception as e: results += '\nEncountered processing error: %s' % (e) end_method = script_env.functions.get('end') if end_method: res = end_method() if res: self.append_results(results_io, res) except Exception as error: self.framework.report_exception(error) results += '\nEncountered processing error: %s' % (error) finally: sys.stdout = original_stdout self.qlock.unlock() if self.callback_object: if results: results += '\n' results += results_io.getvalue() self.callback_object.emit( SIGNAL('runQuickAnalysisFinished(QString)'), results)
def start_fuzzing_clicked(self): """ Start the fuzzing attack """ if 'Cancel' == self.mainWindow.wfStdStartButton.text() and self.pending_fuzz_requests is not None: self.cancel_fuzz_requests = True for context, pending_request in self.pending_fuzz_requests.items(): pending_request.cancel() self.pending_fuzz_requests = None self.mainWindow.wfStdStartButton.setText('Start Attack') self.mainWindow.fuzzerStandardProgressBar.setValue(0) return self.pending_fuzz_requests = {} url = str(self.mainWindow.wfStdUrlEdit.text()) templateText = str(self.mainWindow.wfStdEdit.toPlainText()) method = str(self.mainWindow.stdFuzzerReqMethod.currentText()) self.save_standard_configuration() replacements = self.build_replacements(method, url) sequenceId = None if self.mainWindow.wfStdPreChk.isChecked(): sequenceId = self.mainWindow.wfStdPreBox.itemData(self.mainWindow.wfStdPreBox.currentIndex()) postSequenceId = None if self.mainWindow.wfStdPostChk.isChecked(): postSequenceId = self.mainWindow.wfStdPostBox.itemData(self.mainWindow.wfStdPostBox.currentIndex()) # Fuzzing stuff payload_mapping = self.create_payload_map() # print(payload_mapping) self.create_functions() template_definition = TemplateDefinition(templateText) template_items = template_definition.template_items ### print(template_items) parameter_names = template_definition.parameter_names self.global_ns = self.local_ns = {} scriptLoader = ScriptLoader() errors = [] fuzz_payloads = {} for name, payload_info in payload_mapping.items(): if name in parameter_names: payload_type, payload_value, payload_file = payload_info if 'fuzz' == payload_type: filename = payload_value values = self.Attacks.read_data(filename) fuzz_payloads[name] = values elif 'dynamic' == payload_type: target = payload_file # TODO: should this come from saved file or current Scintilla values (?) script_env = scriptLoader.load_from_file(os.path.join(self.functions_dir, target), self.global_ns, self.local_ns) expression = payload_value if not expression.endswith('()'): expression += '()' eval_result = eval(expression, self.global_ns, self.local_ns) fuzz_payloads[name] = [str(v) for v in eval_result] elif 'static' == payload_type: pass elif 'none' == payload_type: # unconfigured payload errors.append(name) test_slots = [] counters = [] tests_count = [] total_tests = 1 for name, payload_info in payload_mapping.items(): if name in parameter_names: payload_type, payload_value, payload_file = payload_info if 'static' == payload_type: # static payload value payloads = [payload_value] elif 'fuzz' == payload_type: payloads = fuzz_payloads[name] elif 'dynamic' == payload_type: payloads = fuzz_payloads[name] total_tests *= len(payloads) test_slots.append((name, payloads)) counters.append(0) tests_count.append(len(payloads)) position_end = len(counters) - 1 position = position_end self.miniResponseRenderWidget.clear_response_render() self.mainWindow.fuzzerStandardProgressBar.setValue(0) self.mainWindow.fuzzerStandardProgressBar.setMaximum(total_tests) finished = False first = True while not finished: data = {} for j in range(0, len(test_slots)): name, payloads = test_slots[j] data[name] = payloads[counters[j]] template_io = StringIO() self.apply_template_parameters(template_io, data, template_items) templateText = template_io.getvalue() context = uuid.uuid4().hex # print('%s%s%s' % ('-'*32, request, '-'*32)) use_global_cookie_jar = self.mainWindow.webFuzzerUseGlobalCookieJar.isChecked() (method, url, headers, body) = self.process_template(url, templateText, replacements) if first: self.mainWindow.wfStdStartButton.setText('Cancel') if use_global_cookie_jar: self.fuzzRequesterCookieJar = self.framework.get_global_cookie_jar() else: self.fuzzRequesterCookieJar = InMemoryCookieJar(self.framework, self) self.requestRunner = RequestRunner(self.framework, self) self.requestRunner.setup(self.fuzzer_response_received, self.fuzzRequesterCookieJar, sequenceId, postSequenceId) first = False self.pending_fuzz_requests[context] = self.requestRunner.queue_request(method, url, headers, body, context) # increment to next test counters[position] = (counters[position] + 1) % (tests_count[position]) while position >= 0 and counters[position] == 0: position -= 1 counters[position] = (counters[position] + 1) % (tests_count[position]) if position == -1: finished = True else: position = position_end
def __init__(self): self.scripts = {} self.scriptLoader = ScriptLoader() self.Data = None