From 69b04cf54b23c5c293b7eae2376dc330f3104b28 Mon Sep 17 00:00:00 2001 From: Lanjelot Date: Wed, 14 Dec 2011 19:25:22 +0100 Subject: [PATCH] Added size ranges like -N or N-. And url=FILE0 now works in http_fuzz --- patator.py | 63 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 47 insertions(+), 16 deletions(-) diff --git a/patator.py b/patator.py index a977c0e..a7aa43b 100755 --- a/patator.py +++ b/patator.py @@ -1102,7 +1102,7 @@ For example, to encode every password in base64: if self.rate_limit: sleep(self.rate_limit) - logger.debug('Trying: %s' % payload) + logger.debug('payload: %s' % payload) try: rate_count += 1 @@ -1249,8 +1249,24 @@ For example, to encode every password in base64: # Response_Base {{{ def match_size(size, val): if '-' in val: - size_min, size_max = map(int, val.split('-')) - return size_min <= size <= size_max + size_min, size_max = val.split('-') + + if not size_min and not size_max: + raise ValueError, 'Invalid interval' + + elif not size_min: # size == -N + return size <= int(size_max) + + elif not size_max: # size == N- + return size >= int(size_min) + + else: + size_min, size_max = int(size_min), int(size_max) + if size_min >= size_max: + raise ValueError, 'Invalid interval' + + return size_min <= size <= size_max + else: return size == int(val) @@ -1258,7 +1274,7 @@ class Response_Base: available_conditions = ( ('code', 'match status code'), - ('size', 'match size (N or N-N)'), + ('size', 'match size (N or N-M)'), ('mesg', 'match message'), ('fgrep', 'search for string'), ('egrep', 'search for regex'), @@ -2049,7 +2065,7 @@ class Pgsql_login: # HTTP {{{ from urllib import quote, urlencode -from urlparse import urlunparse, parse_qsl +from urlparse import urlparse, urlunparse, parse_qsl try: import pycurl except ImportError: @@ -2064,15 +2080,19 @@ class Controller_HTTP(Controller): def expand_key(self, arg): key, val = arg.split('=', 1) if key == 'url': - g = re.match(r'(?:(?P.+)://)?(?P.+?)(?::(?P[^/]+))?/'\ + m = re.match(r'(?:(?P.+)://)?(?P.+?)(?::(?P[^/]+))?/'\ + '(?P[^;?#]*)'\ + '(?:\;(?P[^?#]*))?'\ + '(?:\?(?P[^#]*))?'\ - + '(?:\#(?P.*))?' , val).groupdict() - if g['scheme'] == 'https' and not g['port']: - g['port'] = '443' - for k, v in g.iteritems(): - if v: yield (k, v) + + '(?:\#(?P.*))?' , val) + + if not m: + yield (key, val) + + else: + for k, v in m.groupdict().iteritems(): + if v is not None: + yield (k, v) else: yield (key, val) @@ -2106,7 +2126,7 @@ class Response_HTTP(Response_Base): available_conditions = Response_Base.available_conditions available_conditions += ( - ('clen', 'match Content-Length header (N or N-N)'), + ('clen', 'match Content-Length header (N or N-M)'), ) class HTTP_fuzz(TCP_Cache): @@ -2150,7 +2170,8 @@ class HTTP_fuzz(TCP_Cache): Response = Response_HTTP - def new_tcp(self, host, port): + cache_keys = ('host', 'port', 'scheme') + def new_tcp(self, host, port, scheme): fp = pycurl.Curl() fp.setopt(pycurl.SSL_VERIFYPEER, 0) fp.setopt(pycurl.SSL_VERIFYHOST, 0) @@ -2160,11 +2181,17 @@ class HTTP_fuzz(TCP_Cache): return fp, None - def execute(self, host, port=None, scheme='http', path='/', params='', query='', fragment='', body='', header='', method='GET', user_pass='', auth_type='basic', + def execute(self, url=None, host=None, port=None, scheme='http', path='/', params='', query='', fragment='', body='', header='', method='GET', user_pass='', auth_type='basic', follow='0', max_follow='5', accept_cookie='0', http_proxy='', ssl_cert='', timeout_tcp='10', timeout='20', persistent='1', before_urls='', after_urls='', max_mem='-1'): - fp, _ = self.get_tcp(persistent, host=host, port=port) + if url: + scheme, host, path, params, query, fragment = urlparse(url) + if ':' in host: + host, port = host.split(':') + del url + + fp, _ = self.get_tcp(persistent, host=host, port=port, scheme=scheme) fp.setopt(pycurl.FOLLOWLOCATION, int(follow)) fp.setopt(pycurl.MAXREDIRS, int(max_follow)) @@ -2232,6 +2259,7 @@ class HTTP_fuzz(TCP_Cache): else: fp.setopt(pycurl.CUSTOMREQUEST, method) + #logger.debug('url: %s' % url) fp.setopt(pycurl.URL, url) if before_urls: @@ -2243,7 +2271,10 @@ class HTTP_fuzz(TCP_Cache): query = urlencode(parse_qsl(query, True)) body = urlencode(parse_qsl(body, True)) - url = urlunparse((scheme, '%s:%s' % (host, port or '80'), path, params, query, fragment)) + if port: + host = '%s:%s' % (host, port) + + url = urlunparse((scheme, host, path, params, query, fragment)) setup_fp(fp, method, url) fp.perform()