def fuzz_url(self,callbacks,request_byte_array,requestInfo): if requestInfo: request_headers=requestInfo.getHeaders() t0=request_headers[0].split(' ') t1=request_headers[1].split(': ') #Extract directories from every single request in proxy history directory=webcommon.extract_directory(self,callbacks,t0[1]) if directory not in unique_list_of_urls: unique_list_of_urls.append(directory) request_string=self._helpers.bytesToString(request_byte_array) #String manipulation with a lot of temp variables t2,t3,t4 etc t2=request_string.split('\n') t3=t2[0].split(' ') t3[1]=directory+'/dummy' t4=' '.join(t3) t2[0]=t4 request_string='\n'.join(t2) #String manipulation ends. Variable reuse possible. #Restore the manipulated string to the byte array so it can be reused. request_byte_array=self._helpers.stringToBytes(request_string) #Calculate correct offset here and send that request to Intruder to get fuzzed. Remember to configure the right payload set in Intruder #before running this extension callbacks.sendToIntruder(t1[1],443,1,request_byte_array,[jarray.array([request_string.find('/dummy')+1,request_string.find(' HTTP/1.1')], "i")])
def test_put(self,callbacks,request_byte_array,hostname,requestInfo): if requestInfo: request_headers=requestInfo.getHeaders() t0=request_headers[0].split(' ') respcode=request_headers[1].split(': ') #Extract directories from every single request in proxy history directory=webcommon.extract_directory(self,callbacks,t0[1]) if directory not in unique_list_of_urls: unique_list_of_urls.append(directory) cmd="curl --upload-file "+filename+" "+protocol+'://'+hostname[1]+directory+'/' os.system(cmd) filepath=protocol+'://'+hostname[1]+directory+'/abc' return filepath