Skip to content

Commit

Permalink
Minor improvement regarding parsing HTTP requests through HTTP proxy …
Browse files Browse the repository at this point in the history 
…(i.e `--proxy` option).
  • Loading branch information
@stasinopoulos
stasinopoulos committed Oct 23, 2023
1 parent 0fe1ef5 commit 9821560
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 125 deletions.
1 change: 1 addition & 0 deletions doc/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
## Version 3.9 (TBA)
* Revised: Minor improvement regarding parsing HTTP requests through HTTP proxy (i.e `--proxy` option).
* Added: New switch `--smart` for conducting through tests only in case of positive heuristic(s).
* Revised: Minor improvement regarding parsing SOAP/XML POST data.

Expand Down
185 changes: 61 additions & 124 deletions src/core/requests/requests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -388,8 +388,7 @@ def get_request_response(request):
headers.check_http_traffic(request)
if menu.options.proxy:
try:
proxy = request.set_proxy(menu.options.proxy, settings.PROXY_SCHEME)
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
response = proxy.use_proxy(request)
except Exception as err_msg:
response = request_failed(err_msg)
elif menu.options.tor:
Expand All @@ -410,12 +409,7 @@ def get_request_response(request):
"""
def cookie_injection(url, vuln_parameter, payload):

def inject_cookie(url, vuln_parameter, payload, proxy):
if proxy == None:
opener = _urllib.request.build_opener()
else:
opener = _urllib.request.build_opener(proxy)

def inject_cookie(url, vuln_parameter, payload):
if settings.TIME_RELATIVE_ATTACK :
payload = _urllib.parse.quote(payload)

Expand All @@ -436,7 +430,13 @@ def inject_cookie(url, vuln_parameter, payload, proxy):
request.add_header('Cookie', menu.options.cookie.replace(settings.INJECT_TAG, payload))
try:
headers.check_http_traffic(request)
response = opener.open(request)
if menu.options.proxy:
response = proxy.use_proxy(request)
# Check if defined Tor (--tor option).
elif menu.options.tor:
response = tor.use_tor(request)
else:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
return response
except ValueError:
pass
Expand All @@ -446,24 +446,10 @@ def inject_cookie(url, vuln_parameter, payload, proxy):
end = 0
start = time.time()

proxy = None
if menu.options.proxy:
try:
proxy = _urllib.request.ProxyHandler({settings.SCHEME : menu.options.proxy})
response = inject_cookie(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
elif menu.options.tor:
try:
proxy = _urllib.request.ProxyHandler({settings.TOR_HTTP_PROXY_SCHEME:settings.TOR_HTTP_PROXY_IP + ":" + settings.TOR_HTTP_PROXY_PORT})
response = inject_cookie(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
else:
try:
response = inject_cookie(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
try:
response = inject_cookie(url, vuln_parameter, payload)
except Exception as err_msg:
response = request_failed(err_msg)

if settings.TIME_RELATIVE_ATTACK :
end = time.time()
Expand All @@ -477,12 +463,7 @@ def inject_cookie(url, vuln_parameter, payload, proxy):
"""
def user_agent_injection(url, vuln_parameter, payload):

def inject_user_agent(url, vuln_parameter, payload, proxy):
if proxy == None:
opener = _urllib.request.build_opener()
else:
opener = _urllib.request.build_opener(proxy)

def inject_user_agent(url, vuln_parameter, payload):
# Check if defined POST data
if menu.options.data:
menu.options.data = settings.USER_DEFINED_POST_DATA
Expand All @@ -496,7 +477,13 @@ def inject_user_agent(url, vuln_parameter, payload, proxy):
request.add_header('User-Agent', payload)
try:
headers.check_http_traffic(request)
response = opener.open(request)
if menu.options.proxy:
response = proxy.use_proxy(request)
# Check if defined Tor (--tor option).
elif menu.options.tor:
response = tor.use_tor(request)
else:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
return response
except ValueError:
pass
Expand All @@ -506,24 +493,10 @@ def inject_user_agent(url, vuln_parameter, payload, proxy):
end = 0
start = time.time()

proxy = None
if menu.options.proxy:
try:
proxy = _urllib.request.ProxyHandler({settings.SCHEME : menu.options.proxy})
response = inject_user_agent(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
elif menu.options.tor:
try:
proxy = _urllib.request.ProxyHandler({settings.TOR_HTTP_PROXY_SCHEME:settings.TOR_HTTP_PROXY_IP + ":" + settings.TOR_HTTP_PROXY_PORT})
response = inject_user_agent(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
else:
try:
response = inject_user_agent(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
try:
response = inject_user_agent(url, vuln_parameter, payload)
except Exception as err_msg:
response = request_failed(err_msg)

if settings.TIME_RELATIVE_ATTACK :
end = time.time()
Expand All @@ -537,12 +510,7 @@ def inject_user_agent(url, vuln_parameter, payload, proxy):
"""
def referer_injection(url, vuln_parameter, payload):

def inject_referer(url, vuln_parameter, payload, proxy):
if proxy == None:
opener = _urllib.request.build_opener()
else:
opener = _urllib.request.build_opener(proxy)

def inject_referer(url, vuln_parameter, payload):
# Check if defined POST data
if menu.options.data:
menu.options.data = settings.USER_DEFINED_POST_DATA
Expand All @@ -556,7 +524,13 @@ def inject_referer(url, vuln_parameter, payload, proxy):
request.add_header('Referer', payload)
try:
headers.check_http_traffic(request)
response = opener.open(request)
if menu.options.proxy:
response = proxy.use_proxy(request)
# Check if defined Tor (--tor option).
elif menu.options.tor:
response = tor.use_tor(request)
else:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
return response
except ValueError:
pass
Expand All @@ -566,25 +540,10 @@ def inject_referer(url, vuln_parameter, payload, proxy):
end = 0
start = time.time()

proxy = None
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy = _urllib.request.ProxyHandler({settings.SCHEME : menu.options.proxy})
response = inject_referer(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
elif menu.options.tor:
try:
proxy = _urllib.request.ProxyHandler({settings.TOR_HTTP_PROXY_SCHEME:settings.TOR_HTTP_PROXY_IP + ":" + settings.TOR_HTTP_PROXY_PORT})
response = inject_referer(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
else:
try:
response = inject_referer(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
try:
response = inject_referer(url, vuln_parameter, payload)
except Exception as err_msg:
response = request_failed(err_msg)

if settings.TIME_RELATIVE_ATTACK :
end = time.time()
Expand All @@ -600,7 +559,7 @@ def host_injection(url, vuln_parameter, payload):

payload = _urllib.parse.urlparse(url).netloc + payload

def inject_host(url, vuln_parameter, payload, proxy):
def inject_host(url, vuln_parameter, payload):

if proxy == None:
opener = _urllib.request.build_opener()
Expand All @@ -620,7 +579,13 @@ def inject_host(url, vuln_parameter, payload, proxy):
request.add_header('Host', payload)
try:
headers.check_http_traffic(request)
response = opener.open(request)
if menu.options.proxy:
response = proxy.use_proxy(request)
# Check if defined Tor (--tor option).
elif menu.options.tor:
response = tor.use_tor(request)
else:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
return response
except ValueError:
pass
Expand All @@ -630,24 +595,10 @@ def inject_host(url, vuln_parameter, payload, proxy):
end = 0
start = time.time()

proxy = None
if menu.options.proxy:
try:
proxy = _urllib.request.ProxyHandler({settings.SCHEME : menu.options.proxy})
response = inject_host(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
elif menu.options.tor:
try:
proxy = _urllib.request.ProxyHandler({settings.TOR_HTTP_PROXY_SCHEME:settings.TOR_HTTP_PROXY_IP + ":" + settings.TOR_HTTP_PROXY_PORT})
response = inject_host(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
else:
try:
response = inject_host(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
try:
response = inject_host(url, vuln_parameter, payload)
except Exception as err_msg:
response = request_failed(err_msg)

if settings.TIME_RELATIVE_ATTACK :
end = time.time()
Expand All @@ -661,13 +612,7 @@ def inject_host(url, vuln_parameter, payload, proxy):
"""
def custom_header_injection(url, vuln_parameter, payload):

def inject_custom_header(url, vuln_parameter, payload, proxy):

if proxy == None:
opener = _urllib.request.build_opener()
else:
opener = _urllib.request.build_opener(proxy)

def inject_custom_header(url, vuln_parameter, payload):
# Check if defined POST data
if menu.options.data:
menu.options.data = settings.USER_DEFINED_POST_DATA
Expand All @@ -684,7 +629,13 @@ def inject_custom_header(url, vuln_parameter, payload, proxy):
request.add_header(settings.CUSTOM_HEADER_NAME, settings.CUSTOM_HEADER_VALUE + payload)
try:
headers.check_http_traffic(request)
response = opener.open(request)
if menu.options.proxy:
response = proxy.use_proxy(request)
# Check if defined Tor (--tor option).
elif menu.options.tor:
response = tor.use_tor(request)
else:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
return response
except ValueError:
pass
Expand All @@ -694,24 +645,10 @@ def inject_custom_header(url, vuln_parameter, payload, proxy):
end = 0
start = time.time()

proxy = None
if menu.options.proxy:
try:
proxy = _urllib.request.ProxyHandler({settings.SCHEME : menu.options.proxy})
response = inject_custom_header(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
elif menu.options.tor:
try:
proxy = _urllib.request.ProxyHandler({settings.TOR_HTTP_PROXY_SCHEME:settings.TOR_HTTP_PROXY_IP + ":" + settings.TOR_HTTP_PROXY_PORT})
response = inject_custom_header(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
else:
try:
response = inject_custom_header(url, vuln_parameter, payload, proxy)
except Exception as err_msg:
response = request_failed(err_msg)
try:
response = inject_custom_header(url, vuln_parameter, payload)
except Exception as err_msg:
response = request_failed(err_msg)

if settings.TIME_RELATIVE_ATTACK :
end = time.time()
Expand Down
2 changes: 1 addition & 1 deletion src/utils/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ def sys_argv_errors():
DESCRIPTION = "The command injection exploiter"
AUTHOR = "Anastasios Stasinopoulos"
VERSION_NUM = "3.9"
REVISION = "9"
REVISION = "10"
STABLE_RELEASE = False
VERSION = "v"
if STABLE_RELEASE:
Expand Down

0 comments on commit 9821560

Please sign in to comment.