Folder removed

fuzzer/blocks_generator.py

@@ -1,96 +1,96 @@
-import json
-from typing import Union
-from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end
-from request_build_helper import RequestBuildHelper
-from configuration_manager import ConfigurationManager
-from fuzz_payloads import s_http_string
-from fuzzing_json_decoder import FuzzingJsonDecoder
-from encodings_helper import EncodingTypes
-
-
-# 1] General HTTP fuzzing
-def generate_http_fuzzed_blocks() -> str:
-    request_name = "General HTTP fuzzing:"
-    s_initialize(name=request_name)
-
-    s_http_string("GET", name="HTTP method")
-    s_delim(" ", name="Delimiter between method and path")
-    s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path")
-    s_delim(" ", name="Delimiter between path and version")
-    s_http_string("HTTP/1.1\r\n", name="HTTP version")
-
-    s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n")
-
-    s_static("Content-Length: 0" + "\r\n")
-
-    s_static("User-Agent: ")
-    s_http_string("WapiFuzz", name="User-agent")
-
-    s_delim("\r\n\r\n", name="HTTP headers and body delimiter")
-
-    return request_name
-
-
-# 2] URI attributes fuzzing
-def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str:
-    body_str = request["BodyExample"]
-    body_schema = request["BodySchema"]
-    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True)
-
-    request_name = "URI attributes fuzzing: " + \
-                   RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
-    s_initialize(name=request_name)
-
-    _generate_http_header(request, endpoint, fuzzable=True)
-
-    _generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False)
-
-    return request_name
-
-
-# 3] Request body fuzzing
-def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str:
-    body_str = request["BodyExample"]
-    body_schema = request["BodySchema"]
-    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives)
-
-    subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else ''
-    request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
-    s_initialize(name=request_name)
-
-    _generate_http_header(request, endpoint, False)
-
-    _generate_content_body(is_body_json, json_decoder, body_str, True)
-
-    return request_name
-
-
-def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives):
-    is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False
-
-    json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives)
-    if is_body_json:
-        json_decoder.decode_dict(json.loads(documentation_body_example))
-    elif documentation_body_schema:
-        is_body_json = True
-        json_decoder.generate_from_schema(documentation_body_schema)
-
-    return is_body_json, json_decoder
-
-
-def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable):
-    if s_block_start("body"):
-        if is_body_json:
-            json_decoder.generate_mutations(fuzzable=fuzzable)
-        elif body_string_example:
-            s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable)
-    s_block_end()
-
-
-def _generate_http_header(request, endpoint, fuzzable):
-    s_static(request["Method"].upper() + " ")
-    RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable)
-    s_static(" HTTP/1.1\r\n")
-    RequestBuildHelper.generate_headers(ConfigurationManager.config)
-    s_static("\r\n\r\n")
-
+import json
+from typing import Union
+from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end
+from request_build_helper import RequestBuildHelper
+from configuration_manager import ConfigurationManager
+from fuzz_payloads import s_http_string
+from fuzzing_json_decoder import FuzzingJsonDecoder
+from encodings_helper import EncodingTypes
+
+
+# 1] General HTTP fuzzing
+def generate_http_fuzzed_blocks() -> str:
+    request_name = "General HTTP fuzzing:"
+    s_initialize(name=request_name)
+
+    s_http_string("GET", name="HTTP method")
+    s_delim(" ", name="Delimiter between method and path")
+    s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path")
+    s_delim(" ", name="Delimiter between path and version")
+    s_http_string("HTTP/1.1\r\n", name="HTTP version")
+
+    s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n")
+
+    s_static("Content-Length: 0" + "\r\n")
+
+    s_static("User-Agent: ")
+    s_http_string("WapiFuzz", name="User-agent")
+
+    s_delim("\r\n\r\n", name="HTTP headers and body delimiter")
+
+    return request_name
+
+
+# 2] URI attributes fuzzing
+def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str:
+    body_str = request["BodyExample"]
+    body_schema = request["BodySchema"]
+    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True)
+
+    request_name = "URI attributes fuzzing: " + \
+                   RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
+    s_initialize(name=request_name)
+
+    _generate_http_header(request, endpoint, fuzzable=True)
+
+    _generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False)
+
+    return request_name
+
+
+# 3] Request body fuzzing
+def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str:
+    body_str = request["BodyExample"]
+    body_schema = request["BodySchema"]
+    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives)
+
+    subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else ''
+    request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
+    s_initialize(name=request_name)
+
+    _generate_http_header(request, endpoint, False)
+
+    _generate_content_body(is_body_json, json_decoder, body_str, True)
+
+    return request_name
+
+
+def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives):
+    is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False
+
+    json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives)
+    if is_body_json:
+        json_decoder.decode_dict(json.loads(documentation_body_example))
+    elif documentation_body_schema:
+        is_body_json = True
+        json_decoder.generate_from_schema(documentation_body_schema)
+
+    return is_body_json, json_decoder
+
+
+def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable):
+    if s_block_start("body"):
+        if is_body_json:
+            json_decoder.generate_mutations(fuzzable=fuzzable)
+        elif body_string_example:
+            s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable)
+    s_block_end()
+
+
+def _generate_http_header(request, endpoint, fuzzable):
+    s_static(request["Method"].upper() + " ")
+    RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable)
+    s_static(" HTTP/1.1\r\n")
+    RequestBuildHelper.generate_headers(ConfigurationManager.config)
+    s_static("\r\n\r\n")
+

fuzzer/payloads/payloads_loader.py

@@ -40,7 +40,7 @@ class PayloadsLoader:
 
 def load_default_payloads(hostname: str):
     loader = PayloadsLoader(hostname)
-    base_path = './fuzzer/src/payloads/lists/'
+    base_path = './fuzzer/payloads/lists/'
     for root, directories, files in os.walk(base_path):
         for file in files:
             if file.endswith('.txt'):

fuzzer/post_test_case_callback.py

@@ -1,42 +1,42 @@
-import json
-from http.client import HTTPResponse
-from boofuzz import exception
-from fake_socket import get_response_object
-
-
-class PostTestCaseCallback(object):
-    timeout_message = "Timeout or closed connection"
-
-    @staticmethod
-    def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs):
-        fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore'))
-        fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore'))
-
-        try:
-            response_string = target.recv()
-        except exception.BoofuzzTargetConnectionReset:
-            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
-            return
-
-        if not response_string:
-            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
-            return
-
-        response = get_response_object(response_string)
-
-        if get_response_object(response_string) is None:
-            fuzz_data_logger.log_fail("Bad HTTP header")
-            return
-
-        PostTestCaseCallback._http_response_asserts(response, fuzz_data_logger)
-
-    @staticmethod
-    def _http_response_asserts(response: HTTPResponse, fuzz_data_logger):
-        if response.status >= 500:
-            fuzz_data_logger.log_fail("Status code higher or equal than 500!")
-
-        if response.getheader("Content-Type") == "application/json":
-            try:
-                json.loads(response.read())
-            except ValueError:
-                fuzz_data_logger.log_fail("application/json body is not valid JSON structure")
+import json
+from http.client import HTTPResponse
+from boofuzz import exception
+from fake_socket import get_response_object
+
+
+class PostTestCaseCallback(object):
+    timeout_message = "Timeout or closed connection"
+
+    @staticmethod
+    def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs):
+        fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore'))
+        fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore'))
+
+        try:
+            response_string = target.recv()
+        except exception.BoofuzzTargetConnectionReset:
+            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
+            return
+
+        if not response_string:
+            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
+            return
+
+        response = get_response_object(response_string)
+
+        if get_response_object(response_string) is None:
+            fuzz_data_logger.log_fail("Bad HTTP header")
+            return
+
+        PostTestCaseCallback._http_response_asserts(response, fuzz_data_logger)
+
+    @staticmethod
+    def _http_response_asserts(response: HTTPResponse, fuzz_data_logger):
+        if response.status >= 500:
+            fuzz_data_logger.log_fail("Status code higher or equal than 500!")
+
+        if response.getheader("Content-Type") == "application/json":
+            try:
+                json.loads(response.read())
+            except ValueError:
+                fuzz_data_logger.log_fail("application/json body is not valid JSON structure")