Improvement regarding specifying multiple injection points by appendi…

…ng custom injection marker (i.e. asterisk `*`).
commixproject · Jun 18, 2024 · e8b35c5 · e8b35c5
1 parent 1257415
commit e8b35c5
Show file tree

Hide file tree

Showing 6 changed files with 134 additions and 89 deletions.
diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## Version 4.0 (TBA)
+* Revised: Improvement regarding specifying multiple injection points by appending custom injection marker (i.e. asterisk `*`).
 * Fixed: Minor bug-fix regarding crawler (i.e. option `--crawl`).
 * Updated: Six (third party) module has been updated (Python 3.12 support).
 * Revised: Minor improvement regarding determining (passively) the target's underlying operating system.

diff --git a/src/core/injections/controller/checks.py b/src/core/injections/controller/checks.py
@@ -154,28 +154,28 @@ def process_custom_injection_data(data):
 def custom_injection_marker_character(url, http_request_method):
  if url and settings.CUSTOM_INJECTION_MARKER_CHAR in url:
  option = "'-u'"
- settings.CUSTOM_INJECTION_MARKER = True
+ settings.CUSTOM_INJECTION_MARKER = settings.INJECTION_MARKER_LOCATION.URL = settings.USER_DEFINED_URL_DATA = True
  if menu.options.data:
  settings.IGNORE_USER_DEFINED_POST_DATA = True
  elif menu.options.data and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.data:
  option = str(http_request_method) + " body"
- settings.CUSTOM_INJECTION_MARKER = True
+ settings.CUSTOM_INJECTION_MARKER = settings.INJECTION_MARKER_LOCATION.DATA = True
  else:
  option = "option '--headers/--user-agent/--referer/--cookie'"
-  if menu.options.cookie and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.cookie:
-  settings.CUSTOM_INJECTION_MARKER = settings.COOKIE_INJECTION = True
-  elif menu.options.agent and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.agent:
-   settings.CUSTOM_INJECTION_MARKER = settings.USER_AGENT_INJECTION = True
-  elif menu.options.referer and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.referer:
-   settings.CUSTOM_INJECTION_MARKER = settings.REFERER_INJECTION = True
-  elif menu.options.host and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.host:
-   settings.CUSTOM_INJECTION_MARKER = settings.HOST_INJECTION = True
-  elif settings.CUSTOM_HEADER_CHECK and settings.CUSTOM_HEADER_CHECK != settings.ACCEPT:
-  if settings.CUSTOM_HEADER_CHECK not in settings.TEST_PARAMETER:
-  settings.CUSTOM_INJECTION_MARKER = True
-  else:
-  settings.CUSTOM_HEADER_INJECTION = True
-  return False
+ if menu.options.cookie and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.cookie:
+ settings.CUSTOM_INJECTION_MARKER = settings.COOKIE_INJECTION = settings.INJECTION_MARKER_LOCATION.COOKIE = True
+ elif menu.options.agent and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.agent:
+ settings.CUSTOM_INJECTION_MARKER = settings.INJECTION_MARKER_LOCATION.HTTP_HEADERS = settings.USER_AGENT_INJECTION = True
+ elif menu.options.referer and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.referer:
+ settings.CUSTOM_INJECTION_MARKER = settings.INJECTION_MARKER_LOCATION.HTTP_HEADERS = settings.REFERER_INJECTION = True
+ elif menu.options.host and settings.CUSTOM_INJECTION_MARKER_CHAR in menu.options.host:
+ settings.CUSTOM_INJECTION_MARKER = settings.INJECTION_MARKER_LOCATION.HTTP_HEADERS = settings.HOST_INJECTION = True
+ elif settings.CUSTOM_HEADER_CHECK and settings.CUSTOM_HEADER_CHECK != settings.ACCEPT:
+ if settings.CUSTOM_HEADER_CHECK not in settings.TEST_PARAMETER:
+ settings.CUSTOM_INJECTION_MARKER = True
+ else:
+ settings.CUSTOM_HEADER_INJECTION = True
+ return False
 
  if settings.CUSTOM_INJECTION_MARKER:
  while True:
@@ -185,7 +185,6 @@ def custom_injection_marker_character(url, http_request_method):
  if procced_option in settings.CHOICE_YES:
  return True
  elif procced_option in settings.CHOICE_NO:
- # settings.CUSTOM_HEADER_INJECTION = False
  return False
  elif procced_option in settings.CHOICE_QUIT:
  raise SystemExit()

diff --git a/src/core/injections/controller/controller.py b/src/core/injections/controller/controller.py
@@ -480,7 +480,6 @@ def cookie_injection(url, http_request_method, filename, timesec):
  # Cookie Injection
  if settings.COOKIE_INJECTION:
  cookie_value = menu.options.cookie
-
  header_name = settings.SINGLE_WHITESPACE + settings.COOKIE
  settings.HTTP_HEADER = header_name[1:].lower()
  cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
@@ -584,9 +583,9 @@ def get_request(url, http_request_method, filename, timesec):
 """
 def post_request(url, http_request_method, filename, timesec):
 
- parameter = menu.options.data
+ parameter = settings.USER_DEFINED_POST_DATA
  found_parameter = parameters.do_POST_check(parameter, http_request_method)
- 
+
  # Check if singe entry parameter
  if type(found_parameter) is str:
  found_parameter_list = []
@@ -643,58 +642,56 @@ def post_request(url, http_request_method, filename, timesec):
 Perform GET / POST parameters checks
 """
 def data_checks(url, http_request_method, filename, timesec):
-
  settings.COOKIE_INJECTION = None
  settings.HTTP_HEADERS_INJECTION = False
  settings.CUSTOM_HEADER_INJECTION = False
- checks.process_non_custom()
+
  if settings.USER_DEFINED_POST_DATA and not settings.IGNORE_USER_DEFINED_POST_DATA:
  if post_request(url, http_request_method, filename, timesec) is None:
  if not settings.SKIP_NON_CUSTOM:
  get_request(url, http_request_method, filename, timesec)
  else:
  if get_request(url, http_request_method, filename, timesec) is None:
- if settings.USER_DEFINED_POST_DATA and not settings.SKIP_NON_CUSTOM:
- post_request(url, http_request_method, filename, timesec) 
+ if settings.USER_DEFINED_POST_DATA:
+ if not settings.SKIP_NON_CUSTOM:
+ post_request(url, http_request_method, filename, timesec) 
+
 """
-Perform HTTP Headers parameters checks
+Perform checks over cookie values.
 """
-def headers_checks(url, http_request_method, filename, timesec):
-
- if menu.options.level == settings.COOKIE_INJECTION_LEVEL and not settings.CUSTOM_INJECTION_MARKER:
- if menu.options.cookie:
- settings.COOKIE_INJECTION = True
-
+def cookies_checks(url, http_request_method, filename, timesec): 
  if len([i for i in settings.TEST_PARAMETER if i in str(menu.options.cookie)]) != 0 or settings.COOKIE_INJECTION:
- cookie_injection(url, http_request_method, filename, timesec)
-
- if menu.options.level > settings.COOKIE_INJECTION_LEVEL and not settings.CUSTOM_INJECTION_MARKER:
- settings.HTTP_HEADERS_INJECTION = True
+ if not settings.SKIP_NON_CUSTOM:
+ cookie_injection(url, http_request_method, filename, timesec)
 
+"""
+Perform checks over HTTP Headers parameters.
+"""
+def headers_checks(url, http_request_method, filename, timesec):
  if len([i for i in settings.TEST_PARAMETER if i in settings.HTTP_HEADERS]) != 0 or settings.HTTP_HEADERS_INJECTION or any((settings.USER_AGENT_INJECTION, settings.REFERER_INJECTION, settings.HOST_INJECTION)):
- if settings.INJECTED_HTTP_HEADER == False:
- check_parameter = ""
- http_headers_injection(url, http_request_method, filename, timesec)
+ if not settings.SKIP_NON_CUSTOM:
+ http_headers_injection(url, http_request_method, filename, timesec)
 
- if len(settings.CUSTOM_HEADERS_NAMES) != 0:
- settings.CUSTOM_HEADER_INJECTION = True
- for _ in settings.CUSTOM_HEADERS_NAMES:
- if settings.CUSTOM_INJECTION_MARKER_CHAR in _.split(": ")[1] and not settings.CUSTOM_INJECTION_MARKER:
- settings.CUSTOM_HEADER_INJECTION = False
- else:
- settings.CUSTOM_HEADER_NAME = _.split(": ")[0]
- settings.CUSTOM_HEADER_VALUE = _.split(": ")[1].replace(settings.CUSTOM_INJECTION_MARKER_CHAR,"")
- check_parameter = header_name = settings.SINGLE_WHITESPACE + settings.CUSTOM_HEADER_NAME
- settings.HTTP_HEADER = header_name[1:].lower()
- check_for_stored_sessions(url, http_request_method)
- injection_proccess(url, check_parameter, http_request_method, filename, timesec)
- # settings.CUSTOM_HEADER_INJECTION = False
+"""
+Perform checks over custom HTTP Headers parameters.
+"""
+def custom_headers_checks(url, http_request_method, filename, timesec): 
+ for _ in settings.CUSTOM_HEADERS_NAMES:
+ if settings.CUSTOM_INJECTION_MARKER_CHAR in _.split(": ")[1] and not settings.CUSTOM_INJECTION_MARKER:
+ settings.CUSTOM_HEADER_INJECTION = False
+ else:
+ settings.CUSTOM_HEADER_NAME = _.split(": ")[0]
+ settings.CUSTOM_HEADER_VALUE = _.split(": ")[1].replace(settings.CUSTOM_INJECTION_MARKER_CHAR,"")
+ check_parameter = header_name = settings.SINGLE_WHITESPACE + settings.CUSTOM_HEADER_NAME
+ settings.HTTP_HEADER = header_name[1:].lower()
+ check_for_stored_sessions(url, http_request_method)
+ injection_proccess(url, check_parameter, http_request_method, filename, timesec)
+ settings.CUSTOM_HEADER_INJECTION = False
 
 """
 Perform checks
 """
 def perform_checks(url, http_request_method, filename):
-
  # Initiate whitespaces
  if settings.MULTI_TARGETS or settings.STDIN_PARSING and len(settings.WHITESPACES) > 1:
  settings.WHITESPACES = ["%20"]
@@ -728,14 +725,31 @@ def perform_checks(url, http_request_method, filename):
  check_for_stored_levels(url, http_request_method)
 
  _ = True
- if not settings.CUSTOM_INJECTION_MARKER:
- data_checks(url, http_request_method, filename, timesec)
- _ = False
- headers_checks(url, http_request_method, filename, timesec)
- if any((settings.CUSTOM_HEADERS_NAMES, settings.COOKIE_INJECTION, settings.HTTP_HEADERS_INJECTION)) and settings.SKIP_NON_CUSTOM:
+ if settings.CUSTOM_INJECTION_MARKER:
  _ = False
- if _:
- data_checks(url, http_request_method, filename, timesec)
+ if any((settings.INJECTION_MARKER_LOCATION.URL, settings.INJECTION_MARKER_LOCATION.DATA)):
+ data_checks(url, http_request_method, filename, timesec)
+ if settings.INJECTION_MARKER_LOCATION.COOKIE:
+ cookies_checks(url, http_request_method, filename, timesec)
+ if settings.INJECTION_MARKER_LOCATION.HTTP_HEADERS:
+ headers_checks(url, http_request_method, filename, timesec)
+ if settings.INJECTION_MARKER_LOCATION.CUSTOM_HTTP_HEADERS:
+ custom_headers_checks(url, http_request_method, filename, timesec)
+ if settings.USER_DEFINED_POST_DATA and not settings.INJECTION_MARKER_LOCATION.DATA \
+ or settings.USER_DEFINED_URL_DATA and not settings.INJECTION_MARKER_LOCATION.URL:
+ checks.process_non_custom()
+
+ if not settings.SKIP_NON_CUSTOM:
+ settings.CUSTOM_INJECTION_MARKER = False
+ if not settings.INJECTION_MARKER_LOCATION.URL or not settings.INJECTION_MARKER_LOCATION.DATA:
+ data_checks(url, http_request_method, filename, timesec)
+ if _:
+ if not settings.INJECTION_MARKER_LOCATION.COOKIE and menu.options.level >= settings.COOKIE_INJECTION_LEVEL and menu.options.cookie:
+ settings.COOKIE_INJECTION = True
+ cookies_checks(url, http_request_method, filename, timesec)
+ if not settings.INJECTION_MARKER_LOCATION.HTTP_HEADERS and menu.options.level > settings.COOKIE_INJECTION_LEVEL:
+ settings.HTTP_HEADERS_INJECTION = True
+ headers_checks(url, http_request_method, filename, timesec)
 
  if settings.INJECTION_CHECKER == False:
  return False

diff --git a/src/core/requests/headers.py b/src/core/requests/headers.py
@@ -394,18 +394,19 @@ def do_check(request):
  http_header_value = ''.join(http_header_value).strip().replace(": ",":")
  # Check if it is a custom header injection.
  if http_header_name not in [settings.ACCEPT, settings.HOST, settings.USER_AGENT, settings.REFERER, settings.COOKIE]:
-
- if not settings.CUSTOM_HEADER_INJECTION and settings.CUSTOM_INJECTION_MARKER_CHAR in http_header_value:
- settings.CUSTOM_INJECTION_MARKER = True
-
- if not settings.CUSTOM_HEADER_INJECTION and http_header_name in settings.TEST_PARAMETER or settings.INJECT_TAG in http_header_value:
- settings.CUSTOM_HEADER_CHECK = http_header_name
- if len(http_header_name) != 0 and \
- http_header_name + ": " + http_header_value not in [settings.ACCEPT, settings.HOST, settings.USER_AGENT, settings.REFERER, settings.COOKIE] and \
- http_header_name + ": " + http_header_value not in settings.CUSTOM_HEADERS_NAMES:
- settings.CUSTOM_HEADERS_NAMES.append(http_header_name + ": " + http_header_value)
- http_header_value = http_header_value.replace(settings.INJECT_TAG,"").replace(settings.CUSTOM_INJECTION_MARKER_CHAR,"")
- request.add_header(http_header_name, http_header_value)
+ if not settings.CUSTOM_HEADER_INJECTION:
+ if settings.CUSTOM_INJECTION_MARKER_CHAR in http_header_value:
+ settings.CUSTOM_INJECTION_MARKER = True
+
+ if http_header_name in settings.TEST_PARAMETER or settings.INJECT_TAG in http_header_value or settings.ASTERISK_MARKER in http_header_value:
+ settings.INJECTION_MARKER_LOCATION.CUSTOM_HTTP_HEADERS = True
+ settings.CUSTOM_HEADER_CHECK = http_header_name
+ if len(http_header_name) != 0 and \
+ http_header_name + ": " + http_header_value not in [settings.ACCEPT, settings.HOST, settings.USER_AGENT, settings.REFERER, settings.COOKIE] and \
+ http_header_name + ": " + http_header_value not in settings.CUSTOM_HEADERS_NAMES:
+ settings.CUSTOM_HEADERS_NAMES.append(http_header_name + ": " + http_header_value)
+ http_header_value = http_header_value.replace(settings.INJECT_TAG,"").replace(settings.CUSTOM_INJECTION_MARKER_CHAR,"")
+ request.add_header(http_header_name, http_header_value)
 
  if http_header_name not in [settings.HOST, settings.USER_AGENT, settings.REFERER, settings.COOKIE, settings.CUSTOM_HEADER_NAME]:
  request.add_header(http_header_name, http_header_value)