private void FuzzCreateCodeBtn_Click(object sender, EventArgs e) { ShowFuzzStep3Error(""); string SessionPluginName = ""; if (FuzzUseCustomLogSourceCB.Checked) { if (FuzzLogSourceTB.Text.Trim().Length > 0) { try { Request Req = new Request("http://a.site"); Req.SetSource(FuzzLogSourceTB.Text.Trim()); FuzzLogSourceValue = FuzzLogSourceTB.Text.Trim(); } catch(Exception Exp) { ShowFuzzStep3Error(string.Format("Invalid Log source - {0}", Exp.Message)); return; } } else { ShowFuzzStep3Error("Log source cannot be empty. Either uncheck this option or enter a valid log source"); return; } } foreach (DataGridViewRow Row in FuzzSessionPluginGrid.Rows) { if ((bool)Row.Cells[0].Value) { if (Row.Index == 0) { SessionPluginName = ""; } else { SessionPluginName = Row.Cells[1].Value.ToString(); } break; } } StringBuilder Py = new StringBuilder(); StringBuilder Rb = new StringBuilder(); Py.AppendLine(); Rb.AppendLine(); Py.AppendLine("#'req' is a variable that is assumed to contain a Request object"); Rb.AppendLine("#'req' is a variable that is assumed to contain a Request object"); Py.AppendLine(); Rb.AppendLine(); if (FuzzUseUiRB.Checked) { Py.AppendLine("#We display a GUI based wizard to user and get the Fuzzer setting from user."); Py.AppendLine("f = Fuzzer.FromUi(req)"); Rb.AppendLine("#We display a GUI based wizard to user and get the Fuzzer setting from user."); Rb.AppendLine("f = Fuzzer.FromUi(req)"); } else { Py.AppendLine("#We create a new Fuzzer to fuzz the request 'req'"); Py.AppendLine("f = Fuzzer(req)"); Rb.AppendLine("#We create a new Fuzzer to fuzz the request 'req'"); Rb.AppendLine("f = Fuzzer.new(req)"); if (FuzzInjectionPoints.ContainsKey("UrlPathParts")) { if (FuzzInjectionPoints["UrlPathParts"].Length == 0) { Py.AppendLine("#Select all UrlPathparts for injection"); Py.AppendLine("f.InjectUrl()"); Rb.AppendLine("#Select all UrlPathparts for injection"); Rb.AppendLine("f.inject_url"); } else { Py.AppendLine("#Select the UrlPathpart at specified positions for injection"); Rb.AppendLine("#Select the UrlPathpart at specified positions for injection"); foreach (string Position in FuzzInjectionPoints["UrlPathParts"]) { Py.AppendLine(string.Format("f.InjectUrl({0})", Position.Trim())); Rb.AppendLine(string.Format("f.inject_url({0})", Position.Trim())); } } } if (FuzzInjectionPoints.ContainsKey("Query")) { if (FuzzInjectionPoints["Query"].Length == 0) { Py.AppendLine("#Select all Query parameters for injection"); Py.AppendLine("f.InjectQuery()"); Rb.AppendLine("#Select all Query parameters for injection"); Rb.AppendLine("f.inject_query()"); } else { Py.AppendLine("#Select the specified Query parameters for injection"); Rb.AppendLine("#Select the specified Query parameters for injection"); foreach (string Parameter in FuzzInjectionPoints["Query"]) { Py.AppendLine(string.Format(@"f.InjectQuery(""{0}"")", Parameter.Replace("\"", "\\\""))); Rb.AppendLine(string.Format(@"f.inject_query(""{0}"")", Parameter.Replace("\"", "\\\""))); } } } if (FuzzInjectionPoints.ContainsKey("Body")) { switch(FuzzInjectedBodyType) { case ("Normal"): if (FuzzInjectionPoints["Body"].Length == 0) { Py.AppendLine("#Select all Body parameters for injection"); Py.AppendLine("f.InjectBody()"); Rb.AppendLine("#Select all Body parameters for injection"); Rb.AppendLine("f.inject_body"); } else { Py.AppendLine("#Select the specified Body parameters for injection"); Rb.AppendLine("#Select the specified Body parameters for injection"); foreach (string Parameter in FuzzInjectionPoints["Body"]) { Py.AppendLine(string.Format(@"f.InjectBody(""{0}"")", Parameter.Replace("\"", "\\\""))); Rb.AppendLine(string.Format(@"f.inject_body(""{0}"")", Parameter.Replace("\"", "\\\""))); } } break; case ("Other"): Py.AppendLine("#Inject values between the specified start and end marker"); Py.AppendLine(string.Format(@"f.InjectBody(""{0}"", ""{1}"")", FuzzInjectionPoints["Body"][0].Replace("\"", "\\\""), FuzzInjectionPoints["Body"][1].Replace("\"", "\\\""))); Rb.AppendLine("#Inject values between the specified start and end marker"); Rb.AppendLine(string.Format(@"f.inject_body(""{0}"", ""{1}"")", FuzzInjectionPoints["Body"][0].Replace("\"", "\\\""), FuzzInjectionPoints["Body"][1].Replace("\"", "\\\""))); break; case ("FormatPlugin"): Py.AppendLine("#Specify the body format of the Request"); Py.AppendLine(string.Format(@"f.BodyFormat = FormatPlugin.Get(""{0}"")", FuzzInjectedBodyFormatPlugin)); Rb.AppendLine("#Specify the body format of the Request"); Rb.AppendLine(string.Format(@"f.body_format = FormatPlugin.get(""{0}"")", FuzzInjectedBodyFormatPlugin)); if (FuzzInjectionPoints["Body"].Length == 0) { Py.AppendLine("#Select all values for injection"); Py.AppendLine("f.InjectBody()"); Rb.AppendLine("#Select all values for injection"); Rb.AppendLine("f.inject_body"); } else { Py.AppendLine("#Select value at the specified positions for injection"); Rb.AppendLine("#Select value at the specified positions for injection"); foreach (string Parameter in FuzzInjectionPoints["Body"]) { Py.AppendLine(string.Format("f.InjectBody({0})", Parameter.Trim())); Rb.AppendLine(string.Format("f.inject_body({0})", Parameter.Trim())); } } break; } } if (FuzzInjectionPoints.ContainsKey("Cookie")) { if (FuzzInjectionPoints["Cookie"].Length == 0) { Py.AppendLine("#Select all Cookie parameters for injection"); Py.AppendLine("f.InjectCookie()"); Rb.AppendLine("#Select all Cookie parameters for injection"); Rb.AppendLine("f.inject_cookie)"); } else { Py.AppendLine("#Select the specified Cookie parameters for injection"); Rb.AppendLine("#Select the specified Cookie parameters for injection"); foreach (string Parameter in FuzzInjectionPoints["Cookie"]) { Py.AppendLine(string.Format(@"f.InjectCookie(""{0}"")", Parameter.Replace("\"", "\\\""))); Rb.AppendLine(string.Format(@"f.inject_cookie(""{0}"")", Parameter.Replace("\"", "\\\""))); } } } if (FuzzInjectionPoints.ContainsKey("Headers")) { if (FuzzInjectionPoints["Query"].Length == 0) { Py.AppendLine("#Select all Header parameters for injection"); Py.AppendLine("f.InjectHeaders()"); Rb.AppendLine("#Select all Header parameters for injection"); Rb.AppendLine("f.inject_headers"); } else { Py.AppendLine("#Select the specified Header parameters for injection"); Rb.AppendLine("#Select the specified Header parameters for injection"); foreach (string Parameter in FuzzInjectionPoints["Headers"]) { Py.AppendLine(string.Format(@"f.InjectHeaders(""{0}"")", Parameter.Replace("\"", "\\\""))); Rb.AppendLine(string.Format(@"f.inject_headers(""{0}"")", Parameter.Replace("\"", "\\\""))); } } } if (SessionPluginName.Length > 0) { Py.AppendLine("#Use a Session Plugin during Fuzzing"); Py.AppendLine(string.Format(@"f.SessionHandler = SessionPlugin.Get(""{0}"")", SessionPluginName)); Rb.AppendLine("#Use a Session Plugin during Fuzzing"); Rb.AppendLine(string.Format(@"f.session_handler = SessionPlugin.get(""{0}"")", SessionPluginName)); } } if (FuzzUseCustomLogSourceCB.Checked) { Py.AppendLine("#Set a custom source name for the Fuzzer logs"); Py.AppendLine(string.Format(@"f.SetLogSource(""{0}"")", FuzzLogSourceValue)); Rb.AppendLine("#Set a custom source name for the Fuzzer logs"); Rb.AppendLine("#Use a Session Plugin during Fuzzing"); Rb.AppendLine(string.Format(@"f.set_log_source(""{0}"")", FuzzLogSourceValue)); } if (FuzzUsePayloadsFromListRB.Checked) { Py.AppendLine(); Rb.AppendLine(); Py.AppendLine("#Store the payloads in a list"); Py.Append("payloads = ["); Rb.AppendLine("#Store the payloads in a list"); Rb.Append("payloads = ["); for (int i = 0; i < this.FuzzPayloads.Length; i++) { string Payload = this.FuzzPayloads[i]; Py.Append("\""); Py.Append(Tools.EscapeDoubleQuotes(Payload)); Py.Append("\""); Rb.Append("\""); Rb.Append(Tools.EscapeDoubleQuotes(Payload)); Rb.Append("\""); if (i < (this.FuzzPayloads.Length - 1)) { Py.Append(","); Rb.Append(","); } } Py.Append("]"); Py.AppendLine(); Rb.Append("]"); Rb.AppendLine(); } else { Py.AppendLine(); Py.AppendLine("#Open the payloads file and load payload from it"); Py.AppendLine(string.Format(@"p_file = open(""{0}"")", FuzzPayloadsFile.FullName.Replace("\\", "\\\\"))); Py.AppendLine("payloads = []"); Py.AppendLine("payloads_with_newline = p_file.readlines()"); Py.AppendLine("p_file.close()"); Py.AppendLine("for pwnl in payloads_with_newline:"); Py.Append(" "); Py.AppendLine("payloads.append(pwnl.rstrip())"); Py.AppendLine(); Rb.AppendLine(); Rb.AppendLine("#Open the payloads file and load payload from it"); Rb.AppendLine(string.Format(@"p_file = File.open(""{0}"")", FuzzPayloadsFile.FullName.Replace("\\", "\\\\"))); Rb.AppendLine("payloads = []"); Rb.AppendLine("payloads_with_newline = p_file.readlines"); Rb.AppendLine("p_file.close"); Rb.AppendLine("for pwnl in payloads_with_newline"); Rb.Append(" "); Rb.AppendLine("payloads.push(pwnl.rstrip)"); Rb.AppendLine("end"); Rb.AppendLine(); } Py.AppendLine("#Resets the fuzzer so that it is ready to start."); Py.AppendLine("f.Reset()"); Py.AppendLine(); Py.AppendLine("#We go through a while loop till there are Fuzz or Injection points"); Py.AppendLine("while f.HasMore():"); Py.AppendLine("#We make the fuzzer go to the next injection point. On first run this command makes it point to the first injection point."); Py.Append(" "); Py.AppendLine("f.Next()"); Rb.AppendLine("#Resets the fuzzer so that it is ready to start."); Rb.AppendLine("f.reset"); Rb.AppendLine(); Rb.AppendLine("#We go through a while loop till there are Fuzz or Injection points"); Rb.AppendLine("while f.has_more"); Rb.AppendLine("#We make the fuzzer go to the next injection point. On first run this command makes it point to the first injection point."); Rb.Append(" "); Rb.AppendLine("f.next"); Py.Append(" "); Py.AppendLine("for payload in payloads:"); Rb.Append(" "); Rb.AppendLine("for payload in payloads"); if (FuzzPayloadEncodedYesRB.Checked) { Py.AppendLine(); Py.AppendLine("#The payload is in Url encoded form so we decode it before injecting"); Py.Append(" "); Py.AppendLine("payload = Tools.UrlDecode(payload)"); Rb.AppendLine(); Rb.AppendLine("#The payload is in Url encoded form so we decode it before injecting"); Rb.Append(" "); Rb.AppendLine("payload = Tools.url_decode(payload)"); } if (FuzzOriginalParameterAfterPayloadRB.Checked) { Py.AppendLine(); Py.AppendLine("#The injected parameter's original value is added before the payload"); Py.Append(" "); Py.AppendLine("payload = payload + f.PreInjectionParameterValue"); Rb.AppendLine(); Rb.AppendLine("#The injected parameter's original value is added before the payload"); Rb.Append(" "); Rb.AppendLine("payload = payload + f.pre_injection_parameter_value"); } else if (FuzzOriginalParameterBeforePayloadRB.Checked) { Py.AppendLine(); Py.AppendLine("#The injected parameter's original value is added before the payload"); Py.Append(" "); Py.AppendLine("payload = f.PreInjectionParameterValue + payload"); Rb.AppendLine(); Rb.AppendLine("#The injected parameter's original value is added before the payload"); Rb.Append(" "); Rb.AppendLine("payload = f.pre_injection_parameter_value + payload"); } Py.AppendLine(); Py.AppendLine("#Inject the payload in the Request at the current injection point, send it to the server and get the response"); Py.Append(" "); Py.AppendLine("res = f.Inject(payload)"); Py.Append(" "); Py.AppendLine("if res.Code == 500:"); Py.Append(" "); Py.AppendLine("#If the response code is 500 then inform the user"); Py.Append(" "); Py.AppendLine(@"print ""Injecting - "" + payload + "" made the server return a 500 response"""); Py.Append(" "); Py.AppendLine("if res.BodyString.count('error') > 0:"); Py.Append(" "); Py.AppendLine("#If the response body contains the string 'error' then inform the user"); Py.Append(" "); Py.AppendLine(@"print ""Injecting - "" + payload + "" made the server return an error message in the response"""); Rb.AppendLine(); Rb.AppendLine("#Inject the payload in the Request at the current injection point, send it to the server and get the response"); Rb.Append(" "); Rb.AppendLine("res = f.inject(payload)"); Rb.Append(" "); Rb.AppendLine("if res.code == 500"); Rb.Append(" "); Rb.AppendLine("#If the response code is 500 then inform the user"); Rb.Append(" "); Rb.AppendLine(@"puts ""Injecting - "" + payload + "" made the server return a 500 response"""); Rb.Append(" "); Rb.AppendLine("end"); Rb.Append(" "); Rb.AppendLine("if res.body_string.index('error')"); Rb.Append(" "); Rb.AppendLine("#If the response body contains the string 'error' then inform the user"); Rb.Append(" "); Rb.AppendLine(@"puts ""Injecting - "" + payload + "" made the server return an error message in the response"""); Rb.Append(" "); Rb.AppendLine("end"); Rb.Append(" "); Rb.AppendLine("end"); Rb.AppendLine("end"); ShowCode(Py.ToString(), Rb.ToString()); }
Response SendRequest(Request Req) { if(SessionHandler != null && SessionHandler.Name.Length > 0) Req = SessionHandler.DoBeforeSending(Req, null); Req.SetSource(TesterLogSourceAttributeValue); return Req.Send(); }
private void SRCreateCodeBtn_Click(object sender, EventArgs e) { ShowSRError(""); StringBuilder Py = new StringBuilder(); StringBuilder Rb = new StringBuilder(); Py.AppendLine(); Rb.AppendLine(); Py.AppendLine("#'req' is a variable that is assumed to contain a Request object"); Rb.AppendLine("#'req' is a variable that is assumed to contain a Request object"); if (SRSendWithLogSourceRB.Checked) { try { Request Req = new Request("http://google.com"); Req.SetSource(SRLogSourceTB.Text); string LogSource = SRLogSourceTB.Text; Py.AppendLine("#The LogSource is set"); Rb.AppendLine("#The LogSource is set"); Py.AppendLine(string.Format(@"req.SetSource(""{0}"")", LogSource)); Rb.AppendLine(string.Format(@"req.set_source(""{0}"")", LogSource)); } catch(Exception Exp) { ShowSRError(Exp.Message); } } Py.AppendLine("#Request is sent and the response stored in a variable named 'res'"); Rb.AppendLine("#Request is sent and the response stored in a variable named 'res'"); Py.AppendLine("res = req.Send()"); Rb.AppendLine("res = req.send_req"); if (SRFollowRedirectRB.Checked) { Py.AppendLine("#Check if the response is a redirect"); Py.AppendLine("if res.IsRedirect:"); Py.Append(" "); Py.AppendLine("#Get the redirect Request and store it in a variable named 'rd_req'. The redirect is followed by sending 'rd_req'"); Py.Append(" "); Py.AppendLine("rd_req = req.GetRedirect(res)"); Py.Append(" "); Py.AppendLine("final_res = rd_req.Send()"); Rb.AppendLine("#Check if the response is a redirect"); Rb.AppendLine("if res.is_redirect"); Rb.Append(" "); Rb.AppendLine("#Get the redirect Request and store it in a variable named 'rd_req'. The redirect is followed by sending 'rd_req'"); Rb.Append(" "); Rb.AppendLine("rd_req = req.get_redirect(res)"); Rb.Append(" "); Rb.AppendLine("final_res = rd_req.send_req"); Rb.AppendLine("end"); } ShowCode(Py.ToString(), Rb.ToString()); }