def get_seeds(): """ :return: A couple of random numbers which will be used to make the payloads unique. Please note that I'm excluding the zeroes in order to avoid some bugs where leading zeroes are truncated. """ return (rand_number(5, exclude_numbers=(0,)), rand_number(5, exclude_numbers=(0,)))
def get_seeds(): """ :return: A couple of random numbers which will be used to make the payloads unique. Please note that I'm excluding the zeroes in order to avoid some bugs where leading zeroes are truncated. """ return (rand_number(5, exclude_numbers=(0, )), rand_number(5, exclude_numbers=(0, )))
def generator(count): for _ in xrange(count): a = rand_number(5) yield a a = int(a) b = int(rand_number(5)) yield str(a * b)
def _get_statements(self, mutant, exclude_numbers=[]): """ Returns a list of statement tuples. """ res = {} rnd_num = int(rand_number(2, exclude_numbers)) rnd_num_plus_one = rnd_num + 1 num_dict = {'num': rnd_num} # Numeric/Datetime true_stm = '%(num)s OR %(num)s=%(num)s OR %(num)s=%(num)s ' % num_dict false_stm = '%i AND %i=%i ' % (rnd_num, rnd_num, rnd_num_plus_one) res['numeric'] = (true_stm, false_stm) # Single quotes true_stm = "%(num)s' OR '%(num)s'='%(num)s' OR '%(num)s'='%(num)s" % num_dict false_stm = "%i' AND '%i'='%i" % (rnd_num, rnd_num, rnd_num_plus_one) res['string_single'] = (true_stm, false_stm) # Double quotes true_stm = '%(num)s" OR "%(num)s"="%(num)s" OR "%(num)s"="%(num)s' % num_dict false_stm = '%i" AND "%i"="%i' % (rnd_num, rnd_num, rnd_num_plus_one) res['string_double'] = (true_stm, false_stm) return res
def _get_statements(self, mutant, exclude_numbers=[]): """ Returns a list of statement tuples. """ res = {} rnd_num = int(rand_number(2, exclude_numbers)) rnd_num_plus_one = rnd_num + 1 num_dict = {'num': rnd_num} # Numeric/Datetime true_stm = '%(num)s OR %(num)s=%(num)s OR %(num)s=%(num)s ' % num_dict false_stm = '%i AND %i=%i ' % (rnd_num, rnd_num, rnd_num_plus_one) res[self.NUMERIC] = (true_stm, false_stm) # Single quotes true_stm = "%(num)s' OR '%(num)s'='%(num)s' OR '%(num)s'='%(num)s" % num_dict false_stm = "%i' AND '%i'='%i" % (rnd_num, rnd_num, rnd_num_plus_one) res[self.STRING_SINGLE] = (true_stm, false_stm) # Double quotes true_stm = '%(num)s" OR "%(num)s"="%(num)s" OR "%(num)s"="%(num)s' % num_dict false_stm = '%i" AND "%i"="%i' % (rnd_num, rnd_num, rnd_num_plus_one) res[self.STRING_DOUBLE] = (true_stm, false_stm) return res
def _get_statements(self, mutant, exclude_numbers=None): """ Returns a list of statement tuples. """ res = {} exclude_numbers = exclude_numbers or [] rnd_num = int(rand_number(2, exclude_numbers)) rnd_num_plus_one = rnd_num + 1 num_dict = {'num': rnd_num} # Numeric/Datetime true_stm = '%(num)s OR %(num)s=%(num)s OR %(num)s=%(num)s ' % num_dict false_stm = '%i AND %i=%i ' % (rnd_num, rnd_num, rnd_num_plus_one) res[self.NUMERIC] = (true_stm, false_stm) # Single quotes true_stm = "%(num)s' OR '%(num)s'='%(num)s' OR '%(num)s'='%(num)s" % num_dict false_stm = "%i' AND '%i'='%i" % (rnd_num, rnd_num, rnd_num_plus_one) res[self.STRING_SINGLE] = (true_stm, false_stm) # Double quotes true_stm = '%(num)s" OR "%(num)s"="%(num)s" OR "%(num)s"="%(num)s' % num_dict false_stm = '%i" AND "%i"="%i' % (rnd_num, rnd_num, rnd_num_plus_one) res[self.STRING_DOUBLE] = (true_stm, false_stm) return res
def test_rand_number(self): x = rand_number(length=1) self.assertIn(int(x), range(10)) x = rand_number(length=2) self.assertIn(int(x), range(100)) x = rand_number(length=3) self.assertIn(int(x), range(1000)) x = rand_number(length=5) y = rand_number(length=5) z = rand_number(length=5) w = rand_number(length=5) self.assertTrue(x != y != z != w)
def _get_limit_response(self, mutant): """ We request the limit (something that doesn't exist) - If http://localhost/a.php?b=1 then I should request b=12938795 (random number) - If http://localhost/a.php?b=abc then I should request b=hnv98yks (random alnum) :return: The limit response object """ mutant_copy = mutant.copy() is_digit = mutant.get_token_original_value().isdigit() value = rand_number(length=8) if is_digit else rand_alnum(length=8) mutant_copy.set_token_value(value) limit_response = self._uri_opener.send_mutant(mutant_copy) return limit_response
def _get_limit_response(self, m): """ We request the limit (something that doesn't exist) - If http://localhost/a.php?b=1 ; then I should request b=12938795 (random number) - If http://localhost/a.php?b=abc ; then I should request b=hnv98yks (random alnum) :return: The limit response object """ # Copy the dc, needed to make a good vuln report dc = copy.deepcopy(m.get_dc()) if m.get_original_value().isdigit(): m.set_mod_value(rand_number(length=8)) else: m.set_mod_value(rand_alnum(length=8)) limit_response = self._uri_opener.send_mutant(m) # restore the dc m.set_dc(dc) return limit_response
def _get_limit_response(self, m): """ We request the limit (something that doesn't exist) - If http://localhost/a.php?b=1 then I should request b=12938795 (random number) - If http://localhost/a.php?b=abc then I should request b=hnv98yks (random alnum) :return: The limit response object """ # Copy the dc, needed to make a good vuln report dc = copy.deepcopy(m.get_dc()) if m.get_token_original_value().isdigit(): m.set_token_value(rand_number(length=8)) else: m.set_token_value(rand_alnum(length=8)) limit_response = self._uri_opener.send_mutant(m) # restore the dc m.set_dc(dc) return limit_response
def _get_statements(self, mutant, exclude_numbers=[]): """ Returns a list of statement tuples. """ res = {} rnd_num = int(rand_number(2, exclude_numbers)) rnd_num_plus_one = rnd_num + 1 # Numeric/Datetime true_stm = "%i OR %i=%i " % (rnd_num, rnd_num, rnd_num) false_stm = "%i AND %i=%i " % (rnd_num, rnd_num, rnd_num_plus_one) res["numeric"] = (true_stm, false_stm) # Single quotes true_stm = "%i' OR '%i'='%i" % (rnd_num, rnd_num, rnd_num) false_stm = "%i' AND '%i'='%i" % (rnd_num, rnd_num, rnd_num_plus_one) res["stringsingle"] = (true_stm, false_stm) # Double quotes true_stm = '%i" OR "%i"="%i' % (rnd_num, rnd_num, rnd_num) false_stm = '%i" AND "%i"="%i' % (rnd_num, rnd_num, rnd_num_plus_one) res["stringdouble"] = (true_stm, false_stm) return res
def replace_randomize(data, length=0, exclude_numbers=[]): rand_num = rand_number(length,exclude_numbers) return data.replace("RANDOMIZE", rand_num)
def generator(count): for _ in xrange(count): a = rand_number(5) yield prefix + a
def replace_randomize(data, length=0, exclude_numbers=[]): rand_num = rand_number(length, exclude_numbers) return data.replace("RANDOMIZE", rand_num)