| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- def fuzzParams(self, host, port, protoChoice, headers, body, method, urlpath, content_type, baseline):
- stdout = PrintWriter(self.callbacks.getStdout(), True)
- stdout.println("[!] FUZZING "+ str(len(body)) + " PARAMETERS")
- issueList.clear()
- payloadSet = {"5": ' 00', "10": ' 00', "15": ' 00', "20": ' 00', "30": ' 00', "40": ' 00'}
- #Let's loop through each parameter
- for param in body:
- stdout.println(" [-] FUZZING: " + str(param))
- fuzzParameter = str(param)
- for payLSD in payloadSet:
- stdout.println(" [-] PAYLOAD: " + payLSD)
- payload = payloadSet[payLSD]
- bodd = body
- bodd[fuzzParameter] = bodd[fuzzParameter] + payload
- if "json" not in content_type.lower():
- new_body = ""
- new_body += '&'.join("%s=%s" % (key, str(val))
- for (key, val) in bodd.iteritems())
- #print(" " + new_body)
- if method == "GET":
- url1 = urlpath.split("?")[0]
- url2 = "?" + str(new_body)
- headers[0] = "GET " + str(url1) + str(url2) + " HTTP/1.1"
- self.getRequest(headers, [host, port, protoChoice])
- else:
- self.postRequest(headers, new_body, [host, port, protoChoice])
- #Here we take the lengh and status code of the body returned as a baseline
- reqFuzzResponse = self.helpers.analyzeResponse(self.resp)
- reqFuzzReq = self.helpers.analyzeRequest(self.resp)
- reqFuzzRespTxt = self.resp.tostring()
- respFuzzStatusCode = reqFuzzResponse.getStatusCode()
- resFuzzbodyOffset = reqFuzzResponse.getBodyOffset()
- respFuzzbodyLen = len(reqFuzzRespTxt[resFuzzbodyOffset:])
- fuzzResponseData = str(respFuzzStatusCode) + str(respFuzzbodyLen)
- print(" " + fuzzResponseData)
- if fuzzResponseData != baseline:
- stdout.println(" [+] POSSIBLE INJECTION DETECTED")
- issue = ScanIssue(
- self.reqres[0], reqFuzzReq, "SQL Truncation Scanner", fuzzParameter + " | " + payLSD, "High")
- self.callbacks.addScanIssue(issue)
- return
|
