def fuzzParams(self, host, port, protoChoice, headers, body, method, urlpath, content_type, baseline): stdout = PrintWriter(self.callbacks.getStdout(), True) stdout.println("[!] FUZZING "+ str(len(body)) + " PARAMETERS") issueList.clear() payloadSet = {"5": ' 00', "10": ' 00', "15": ' 00', "20": ' 00', "30": ' 00', "40": ' 00'} #Let's loop through each parameter for param in body: stdout.println(" [-] FUZZING: " + str(param)) fuzzParameter = str(param) for payLSD in payloadSet: stdout.println(" [-] PAYLOAD: " + payLSD) payload = payloadSet[payLSD] bodd = body bodd[fuzzParameter] = bodd[fuzzParameter] + payload if "json" not in content_type.lower(): new_body = "" new_body += '&'.join("%s=%s" % (key, str(val)) for (key, val) in bodd.iteritems()) #print(" " + new_body) if method == "GET": url1 = urlpath.split("?")[0] url2 = "?" + str(new_body) headers[0] = "GET " + str(url1) + str(url2) + " HTTP/1.1" self.getRequest(headers, [host, port, protoChoice]) else: self.postRequest(headers, new_body, [host, port, protoChoice]) #Here we take the lengh and status code of the body returned as a baseline reqFuzzResponse = self.helpers.analyzeResponse(self.resp) reqFuzzReq = self.helpers.analyzeRequest(self.resp) reqFuzzRespTxt = self.resp.tostring() respFuzzStatusCode = reqFuzzResponse.getStatusCode() resFuzzbodyOffset = reqFuzzResponse.getBodyOffset() respFuzzbodyLen = len(reqFuzzRespTxt[resFuzzbodyOffset:]) fuzzResponseData = str(respFuzzStatusCode) + str(respFuzzbodyLen) print(" " + fuzzResponseData) if fuzzResponseData != baseline: stdout.println(" [+] POSSIBLE INJECTION DETECTED") issue = ScanIssue( self.reqres[0], reqFuzzReq, "SQL Truncation Scanner", fuzzParameter + " | " + payLSD, "High") self.callbacks.addScanIssue(issue) return