private void FuzzCreateCodeBtn_Click(object sender, EventArgs e)
{
ShowFuzzStep3Error("");
string SessionPluginName = "";
if (FuzzUseCustomLogSourceCB.Checked)
{
if (FuzzLogSourceTB.Text.Trim().Length > 0)
{
try
{
Request Req = new Request("http://a.site");
Req.SetSource(FuzzLogSourceTB.Text.Trim());
FuzzLogSourceValue = FuzzLogSourceTB.Text.Trim();
}
catch(Exception Exp)
{
ShowFuzzStep3Error(string.Format("Invalid Log source - {0}", Exp.Message));
return;
}
}
else
{
ShowFuzzStep3Error("Log source cannot be empty. Either uncheck this option or enter a valid log source");
return;
}
}
foreach (DataGridViewRow Row in FuzzSessionPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
if (Row.Index == 0)
{
SessionPluginName = "";
}
else
{
SessionPluginName = Row.Cells[1].Value.ToString();
}
break;
}
}
StringBuilder Py = new StringBuilder();
StringBuilder Rb = new StringBuilder();
Py.AppendLine();
Rb.AppendLine();
Py.AppendLine("#'req' is a variable that is assumed to contain a Request object");
Rb.AppendLine("#'req' is a variable that is assumed to contain a Request object");
Py.AppendLine();
Rb.AppendLine();
if (FuzzUseUiRB.Checked)
{
Py.AppendLine("#We display a GUI based wizard to user and get the Fuzzer setting from user.");
Py.AppendLine("f = Fuzzer.FromUi(req)");
Rb.AppendLine("#We display a GUI based wizard to user and get the Fuzzer setting from user.");
Rb.AppendLine("f = Fuzzer.FromUi(req)");
}
else
{
Py.AppendLine("#We create a new Fuzzer to fuzz the request 'req'");
Py.AppendLine("f = Fuzzer(req)");
Rb.AppendLine("#We create a new Fuzzer to fuzz the request 'req'");
Rb.AppendLine("f = Fuzzer.new(req)");
if (FuzzInjectionPoints.ContainsKey("UrlPathParts"))
{
if (FuzzInjectionPoints["UrlPathParts"].Length == 0)
{
Py.AppendLine("#Select all UrlPathparts for injection");
Py.AppendLine("f.InjectUrl()");
Rb.AppendLine("#Select all UrlPathparts for injection");
Rb.AppendLine("f.inject_url");
}
else
{
Py.AppendLine("#Select the UrlPathpart at specified positions for injection");
Rb.AppendLine("#Select the UrlPathpart at specified positions for injection");
foreach (string Position in FuzzInjectionPoints["UrlPathParts"])
{
Py.AppendLine(string.Format("f.InjectUrl({0})", Position.Trim()));
Rb.AppendLine(string.Format("f.inject_url({0})", Position.Trim()));
}
}
}
if (FuzzInjectionPoints.ContainsKey("Query"))
{
if (FuzzInjectionPoints["Query"].Length == 0)
{
Py.AppendLine("#Select all Query parameters for injection");
Py.AppendLine("f.InjectQuery()");
Rb.AppendLine("#Select all Query parameters for injection");
Rb.AppendLine("f.inject_query()");
}
else
{
Py.AppendLine("#Select the specified Query parameters for injection");
Rb.AppendLine("#Select the specified Query parameters for injection");
foreach (string Parameter in FuzzInjectionPoints["Query"])
{
Py.AppendLine(string.Format(@"f.InjectQuery(""{0}"")", Parameter.Replace("\"", "\\\"")));
Rb.AppendLine(string.Format(@"f.inject_query(""{0}"")", Parameter.Replace("\"", "\\\"")));
}
}
}
if (FuzzInjectionPoints.ContainsKey("Body"))
{
switch(FuzzInjectedBodyType)
{
case ("Normal"):
if (FuzzInjectionPoints["Body"].Length == 0)
{
Py.AppendLine("#Select all Body parameters for injection");
Py.AppendLine("f.InjectBody()");
Rb.AppendLine("#Select all Body parameters for injection");
Rb.AppendLine("f.inject_body");
}
else
{
Py.AppendLine("#Select the specified Body parameters for injection");
Rb.AppendLine("#Select the specified Body parameters for injection");
foreach (string Parameter in FuzzInjectionPoints["Body"])
{
Py.AppendLine(string.Format(@"f.InjectBody(""{0}"")", Parameter.Replace("\"", "\\\"")));
Rb.AppendLine(string.Format(@"f.inject_body(""{0}"")", Parameter.Replace("\"", "\\\"")));
}
}
break;
case ("Other"):
Py.AppendLine("#Inject values between the specified start and end marker");
Py.AppendLine(string.Format(@"f.InjectBody(""{0}"", ""{1}"")", FuzzInjectionPoints["Body"][0].Replace("\"", "\\\""), FuzzInjectionPoints["Body"][1].Replace("\"", "\\\"")));
Rb.AppendLine("#Inject values between the specified start and end marker");
Rb.AppendLine(string.Format(@"f.inject_body(""{0}"", ""{1}"")", FuzzInjectionPoints["Body"][0].Replace("\"", "\\\""), FuzzInjectionPoints["Body"][1].Replace("\"", "\\\"")));
break;
case ("FormatPlugin"):
Py.AppendLine("#Specify the body format of the Request");
Py.AppendLine(string.Format(@"f.BodyFormat = FormatPlugin.Get(""{0}"")", FuzzInjectedBodyFormatPlugin));
Rb.AppendLine("#Specify the body format of the Request");
Rb.AppendLine(string.Format(@"f.body_format = FormatPlugin.get(""{0}"")", FuzzInjectedBodyFormatPlugin));
if (FuzzInjectionPoints["Body"].Length == 0)
{
Py.AppendLine("#Select all values for injection");
Py.AppendLine("f.InjectBody()");
Rb.AppendLine("#Select all values for injection");
Rb.AppendLine("f.inject_body");
}
else
{
Py.AppendLine("#Select value at the specified positions for injection");
Rb.AppendLine("#Select value at the specified positions for injection");
foreach (string Parameter in FuzzInjectionPoints["Body"])
{
Py.AppendLine(string.Format("f.InjectBody({0})", Parameter.Trim()));
Rb.AppendLine(string.Format("f.inject_body({0})", Parameter.Trim()));
}
}
break;
}
}
if (FuzzInjectionPoints.ContainsKey("Cookie"))
{
if (FuzzInjectionPoints["Cookie"].Length == 0)
{
Py.AppendLine("#Select all Cookie parameters for injection");
Py.AppendLine("f.InjectCookie()");
Rb.AppendLine("#Select all Cookie parameters for injection");
Rb.AppendLine("f.inject_cookie)");
}
else
{
Py.AppendLine("#Select the specified Cookie parameters for injection");
Rb.AppendLine("#Select the specified Cookie parameters for injection");
foreach (string Parameter in FuzzInjectionPoints["Cookie"])
{
Py.AppendLine(string.Format(@"f.InjectCookie(""{0}"")", Parameter.Replace("\"", "\\\"")));
Rb.AppendLine(string.Format(@"f.inject_cookie(""{0}"")", Parameter.Replace("\"", "\\\"")));
}
}
}
if (FuzzInjectionPoints.ContainsKey("Headers"))
{
if (FuzzInjectionPoints["Query"].Length == 0)
{
Py.AppendLine("#Select all Header parameters for injection");
Py.AppendLine("f.InjectHeaders()");
Rb.AppendLine("#Select all Header parameters for injection");
Rb.AppendLine("f.inject_headers");
}
else
{
Py.AppendLine("#Select the specified Header parameters for injection");
Rb.AppendLine("#Select the specified Header parameters for injection");
foreach (string Parameter in FuzzInjectionPoints["Headers"])
{
Py.AppendLine(string.Format(@"f.InjectHeaders(""{0}"")", Parameter.Replace("\"", "\\\"")));
Rb.AppendLine(string.Format(@"f.inject_headers(""{0}"")", Parameter.Replace("\"", "\\\"")));
}
}
}
if (SessionPluginName.Length > 0)
{
Py.AppendLine("#Use a Session Plugin during Fuzzing");
Py.AppendLine(string.Format(@"f.SessionHandler = SessionPlugin.Get(""{0}"")", SessionPluginName));
Rb.AppendLine("#Use a Session Plugin during Fuzzing");
Rb.AppendLine(string.Format(@"f.session_handler = SessionPlugin.get(""{0}"")", SessionPluginName));
}
}
if (FuzzUseCustomLogSourceCB.Checked)
{
Py.AppendLine("#Set a custom source name for the Fuzzer logs");
Py.AppendLine(string.Format(@"f.SetLogSource(""{0}"")", FuzzLogSourceValue));
Rb.AppendLine("#Set a custom source name for the Fuzzer logs");
Rb.AppendLine("#Use a Session Plugin during Fuzzing");
Rb.AppendLine(string.Format(@"f.set_log_source(""{0}"")", FuzzLogSourceValue));
}
if (FuzzUsePayloadsFromListRB.Checked)
{
Py.AppendLine();
Rb.AppendLine();
Py.AppendLine("#Store the payloads in a list");
Py.Append("payloads = [");
Rb.AppendLine("#Store the payloads in a list");
Rb.Append("payloads = [");
for (int i = 0; i < this.FuzzPayloads.Length; i++)
{
string Payload = this.FuzzPayloads[i];
Py.Append("\""); Py.Append(Tools.EscapeDoubleQuotes(Payload)); Py.Append("\"");
Rb.Append("\""); Rb.Append(Tools.EscapeDoubleQuotes(Payload)); Rb.Append("\"");
if (i < (this.FuzzPayloads.Length - 1))
{
Py.Append(",");
Rb.Append(",");
}
}
Py.Append("]");
Py.AppendLine();
Rb.Append("]");
Rb.AppendLine();
}
else
{
Py.AppendLine();
Py.AppendLine("#Open the payloads file and load payload from it");
Py.AppendLine(string.Format(@"p_file = open(""{0}"")", FuzzPayloadsFile.FullName.Replace("\\", "\\\\")));
Py.AppendLine("payloads = []");
Py.AppendLine("payloads_with_newline = p_file.readlines()");
Py.AppendLine("p_file.close()");
Py.AppendLine("for pwnl in payloads_with_newline:");
Py.Append(" "); Py.AppendLine("payloads.append(pwnl.rstrip())");
Py.AppendLine();
Rb.AppendLine();
Rb.AppendLine("#Open the payloads file and load payload from it");
Rb.AppendLine(string.Format(@"p_file = File.open(""{0}"")", FuzzPayloadsFile.FullName.Replace("\\", "\\\\")));
Rb.AppendLine("payloads = []");
Rb.AppendLine("payloads_with_newline = p_file.readlines");
Rb.AppendLine("p_file.close");
Rb.AppendLine("for pwnl in payloads_with_newline");
Rb.Append(" "); Rb.AppendLine("payloads.push(pwnl.rstrip)");
Rb.AppendLine("end");
Rb.AppendLine();
}
Py.AppendLine("#Resets the fuzzer so that it is ready to start.");
Py.AppendLine("f.Reset()");
Py.AppendLine();
Py.AppendLine("#We go through a while loop till there are Fuzz or Injection points");
Py.AppendLine("while f.HasMore():");
Py.AppendLine("#We make the fuzzer go to the next injection point. On first run this command makes it point to the first injection point.");
Py.Append(" "); Py.AppendLine("f.Next()");
Rb.AppendLine("#Resets the fuzzer so that it is ready to start.");
Rb.AppendLine("f.reset");
Rb.AppendLine();
Rb.AppendLine("#We go through a while loop till there are Fuzz or Injection points");
Rb.AppendLine("while f.has_more");
Rb.AppendLine("#We make the fuzzer go to the next injection point. On first run this command makes it point to the first injection point.");
Rb.Append(" "); Rb.AppendLine("f.next");
Py.Append(" "); Py.AppendLine("for payload in payloads:");
Rb.Append(" "); Rb.AppendLine("for payload in payloads");
if (FuzzPayloadEncodedYesRB.Checked)
{
Py.AppendLine();
Py.AppendLine("#The payload is in Url encoded form so we decode it before injecting");
Py.Append(" "); Py.AppendLine("payload = Tools.UrlDecode(payload)");
Rb.AppendLine();
Rb.AppendLine("#The payload is in Url encoded form so we decode it before injecting");
Rb.Append(" "); Rb.AppendLine("payload = Tools.url_decode(payload)");
}
if (FuzzOriginalParameterAfterPayloadRB.Checked)
{
Py.AppendLine();
Py.AppendLine("#The injected parameter's original value is added before the payload");
Py.Append(" "); Py.AppendLine("payload = payload + f.PreInjectionParameterValue");
Rb.AppendLine();
Rb.AppendLine("#The injected parameter's original value is added before the payload");
Rb.Append(" "); Rb.AppendLine("payload = payload + f.pre_injection_parameter_value");
}
else if (FuzzOriginalParameterBeforePayloadRB.Checked)
{
Py.AppendLine();
Py.AppendLine("#The injected parameter's original value is added before the payload");
Py.Append(" "); Py.AppendLine("payload = f.PreInjectionParameterValue + payload");
Rb.AppendLine();
Rb.AppendLine("#The injected parameter's original value is added before the payload");
Rb.Append(" "); Rb.AppendLine("payload = f.pre_injection_parameter_value + payload");
}
Py.AppendLine();
Py.AppendLine("#Inject the payload in the Request at the current injection point, send it to the server and get the response");
Py.Append(" "); Py.AppendLine("res = f.Inject(payload)");
Py.Append(" "); Py.AppendLine("if res.Code == 500:");
Py.Append(" "); Py.AppendLine("#If the response code is 500 then inform the user");
Py.Append(" "); Py.AppendLine(@"print ""Injecting - "" + payload + "" made the server return a 500 response""");
Py.Append(" "); Py.AppendLine("if res.BodyString.count('error') > 0:");
Py.Append(" "); Py.AppendLine("#If the response body contains the string 'error' then inform the user");
Py.Append(" "); Py.AppendLine(@"print ""Injecting - "" + payload + "" made the server return an error message in the response""");
Rb.AppendLine();
Rb.AppendLine("#Inject the payload in the Request at the current injection point, send it to the server and get the response");
Rb.Append(" "); Rb.AppendLine("res = f.inject(payload)");
Rb.Append(" "); Rb.AppendLine("if res.code == 500");
Rb.Append(" "); Rb.AppendLine("#If the response code is 500 then inform the user");
Rb.Append(" "); Rb.AppendLine(@"puts ""Injecting - "" + payload + "" made the server return a 500 response""");
Rb.Append(" "); Rb.AppendLine("end");
Rb.Append(" "); Rb.AppendLine("if res.body_string.index('error')");
Rb.Append(" "); Rb.AppendLine("#If the response body contains the string 'error' then inform the user");
Rb.Append(" "); Rb.AppendLine(@"puts ""Injecting - "" + payload + "" made the server return an error message in the response""");
Rb.Append(" "); Rb.AppendLine("end");
Rb.Append(" "); Rb.AppendLine("end");
Rb.AppendLine("end");
ShowCode(Py.ToString(), Rb.ToString());
}
Response SendRequest(Request Req)
{
if(SessionHandler != null && SessionHandler.Name.Length > 0)
Req = SessionHandler.DoBeforeSending(Req, null);
Req.SetSource(TesterLogSourceAttributeValue);
return Req.Send();
}
private void SRCreateCodeBtn_Click(object sender, EventArgs e)
{
ShowSRError("");
StringBuilder Py = new StringBuilder();
StringBuilder Rb = new StringBuilder();
Py.AppendLine();
Rb.AppendLine();
Py.AppendLine("#'req' is a variable that is assumed to contain a Request object");
Rb.AppendLine("#'req' is a variable that is assumed to contain a Request object");
if (SRSendWithLogSourceRB.Checked)
{
try
{
Request Req = new Request("http://google.com");
Req.SetSource(SRLogSourceTB.Text);
string LogSource = SRLogSourceTB.Text;
Py.AppendLine("#The LogSource is set");
Rb.AppendLine("#The LogSource is set");
Py.AppendLine(string.Format(@"req.SetSource(""{0}"")", LogSource));
Rb.AppendLine(string.Format(@"req.set_source(""{0}"")", LogSource));
}
catch(Exception Exp)
{
ShowSRError(Exp.Message);
}
}
Py.AppendLine("#Request is sent and the response stored in a variable named 'res'");
Rb.AppendLine("#Request is sent and the response stored in a variable named 'res'");
Py.AppendLine("res = req.Send()");
Rb.AppendLine("res = req.send_req");
if (SRFollowRedirectRB.Checked)
{
Py.AppendLine("#Check if the response is a redirect");
Py.AppendLine("if res.IsRedirect:");
Py.Append(" "); Py.AppendLine("#Get the redirect Request and store it in a variable named 'rd_req'. The redirect is followed by sending 'rd_req'");
Py.Append(" "); Py.AppendLine("rd_req = req.GetRedirect(res)");
Py.Append(" "); Py.AppendLine("final_res = rd_req.Send()");
Rb.AppendLine("#Check if the response is a redirect");
Rb.AppendLine("if res.is_redirect");
Rb.Append(" "); Rb.AppendLine("#Get the redirect Request and store it in a variable named 'rd_req'. The redirect is followed by sending 'rd_req'");
Rb.Append(" "); Rb.AppendLine("rd_req = req.get_redirect(res)");
Rb.Append(" "); Rb.AppendLine("final_res = rd_req.send_req");
Rb.AppendLine("end");
}
ShowCode(Py.ToString(), Rb.ToString());
}
