diff --git a/.travis.yml b/.travis.yml index 3689f4b..b75c051 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,22 +1,22 @@ -dist: xenial -language: csharp -mono: none -dotnet: 2.2.402 -script: - - sudo apt update - - sudo apt install --yes libssl-dev - - sudo apt install --yes build-essential checkinstall - - sudo apt install --yes libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev - - sudo apt install --yes dos2unix - - cd /usr/src && sudo wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz && sudo tar xzf Python-3.7.3.tgz && cd Python-3.7.3 && sudo ./configure --enable-optimizations && sudo make altinstall - - sudo ln -s /usr/local/bin/python3.7 /usr/local/bin/python3 - - sudo ln -s /usr/local/bin/pip3.7 /usr/local/bin/pip3 - - export PATH="/usr/local/bin:$PATH" - - sudo pip3 install --upgrade pip && sudo pip3 install git+https://github.com/jtpereyda/boofuzz.git && sudo pip3 install junit-xml && sudo pip3 install virtualenv - - find ~/build/ysoftdevs/wapifuzz/ -type f -exec dos2unix {} \; - - find ~/build/ysoftdevs/wapifuzz/ -type f -name "*.sh" -exec chmod u+x {} \; - - cd ~/build/ysoftdevs/wapifuzz/parser/ && dotnet restore && dotnet test - - cd ~/build/ysoftdevs/wapifuzz/fuzzer/src/ && python3 -m unittest unit_tests.fuzzing_json_decoder_tests - - cd ~/build/ysoftdevs/wapifuzz/fuzzer/src/ && python3 -m unittest unit_tests.json_schema_parser_tests - - cd ~/build/ysoftdevs/wapifuzz/fuzzer/src/ && python3 -m unittest unit_tests.request_build_helper_tests - - cd ~/build/ysoftdevs/wapifuzz/tests/ && chmod +x run_tests.sh && travis_wait ./run_tests.sh +dist: xenial +language: csharp +mono: none +dotnet: 2.2.402 +script: + - sudo apt update + - sudo apt install --yes libssl-dev + - sudo apt install --yes build-essential checkinstall + - sudo apt install --yes libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev + - sudo apt install --yes dos2unix + - cd /usr/src && sudo wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz && sudo tar xzf Python-3.7.3.tgz && cd Python-3.7.3 && sudo ./configure --enable-optimizations && sudo make altinstall + - sudo ln -s /usr/local/bin/python3.7 /usr/local/bin/python3 + - sudo ln -s /usr/local/bin/pip3.7 /usr/local/bin/pip3 + - export PATH="/usr/local/bin:$PATH" + - sudo pip3 install --upgrade pip && sudo pip3 install git+https://github.com/jtpereyda/boofuzz.git && sudo pip3 install junit-xml && sudo pip3 install virtualenv + - find ~/build/ysoftdevs/wapifuzz/ -type f -exec dos2unix {} \; + - find ~/build/ysoftdevs/wapifuzz/ -type f -name "*.sh" -exec chmod u+x {} \; + - cd ~/build/ysoftdevs/wapifuzz/parser/ && dotnet restore && dotnet test + - cd ~/build/ysoftdevs/wapifuzz/fuzzer/ && python3 -m unittest unit_tests.fuzzing_json_decoder_tests + - cd ~/build/ysoftdevs/wapifuzz/fuzzer/ && python3 -m unittest unit_tests.json_schema_parser_tests + - cd ~/build/ysoftdevs/wapifuzz/fuzzer/ && python3 -m unittest unit_tests.request_build_helper_tests + - cd ~/build/ysoftdevs/wapifuzz/tests/ && chmod +x run_tests.sh && travis_wait ./run_tests.sh diff --git a/fuzzer/src/blocks_generator.py b/fuzzer/blocks_generator.py similarity index 97% rename from fuzzer/src/blocks_generator.py rename to fuzzer/blocks_generator.py index ed47cae..e3d68d4 100644 --- a/fuzzer/src/blocks_generator.py +++ b/fuzzer/blocks_generator.py @@ -1,96 +1,96 @@ -import json -from typing import Union -from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end -from request_build_helper import RequestBuildHelper -from configuration_manager import ConfigurationManager -from fuzz_payloads import s_http_string -from fuzzing_json_decoder import FuzzingJsonDecoder -from encodings_helper import EncodingTypes - - -# 1] General HTTP fuzzing -def generate_http_fuzzed_blocks() -> str: - request_name = "General HTTP fuzzing:" - s_initialize(name=request_name) - - s_http_string("GET", name="HTTP method") - s_delim(" ", name="Delimiter between method and path") - s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path") - s_delim(" ", name="Delimiter between path and version") - s_http_string("HTTP/1.1\r\n", name="HTTP version") - - s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n") - - s_static("Content-Length: 0" + "\r\n") - - s_static("User-Agent: ") - s_http_string("WapiFuzz", name="User-agent") - - s_delim("\r\n\r\n", name="HTTP headers and body delimiter") - - return request_name - - -# 2] URI attributes fuzzing -def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str: - body_str = request["BodyExample"] - body_schema = request["BodySchema"] - is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True) - - request_name = "URI attributes fuzzing: " + \ - RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"]) - s_initialize(name=request_name) - - _generate_http_header(request, endpoint, fuzzable=True) - - _generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False) - - return request_name - - -# 3] Request body fuzzing -def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str: - body_str = request["BodyExample"] - body_schema = request["BodySchema"] - is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives) - - subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else '' - request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"]) - s_initialize(name=request_name) - - _generate_http_header(request, endpoint, False) - - _generate_content_body(is_body_json, json_decoder, body_str, True) - - return request_name - - -def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives): - is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False - - json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives) - if is_body_json: - json_decoder.decode_dict(json.loads(documentation_body_example)) - elif documentation_body_schema: - is_body_json = True - json_decoder.generate_from_schema(documentation_body_schema) - - return is_body_json, json_decoder - - -def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable): - if s_block_start("body"): - if is_body_json: - json_decoder.generate_mutations(fuzzable=fuzzable) - elif body_string_example: - s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable) - s_block_end() - - -def _generate_http_header(request, endpoint, fuzzable): - s_static(request["Method"].upper() + " ") - RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable) - s_static(" HTTP/1.1\r\n") - RequestBuildHelper.generate_headers(ConfigurationManager.config) - s_static("\r\n\r\n") - +import json +from typing import Union +from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end +from request_build_helper import RequestBuildHelper +from configuration_manager import ConfigurationManager +from fuzz_payloads import s_http_string +from fuzzing_json_decoder import FuzzingJsonDecoder +from encodings_helper import EncodingTypes + + +# 1] General HTTP fuzzing +def generate_http_fuzzed_blocks() -> str: + request_name = "General HTTP fuzzing:" + s_initialize(name=request_name) + + s_http_string("GET", name="HTTP method") + s_delim(" ", name="Delimiter between method and path") + s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path") + s_delim(" ", name="Delimiter between path and version") + s_http_string("HTTP/1.1\r\n", name="HTTP version") + + s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n") + + s_static("Content-Length: 0" + "\r\n") + + s_static("User-Agent: ") + s_http_string("WapiFuzz", name="User-agent") + + s_delim("\r\n\r\n", name="HTTP headers and body delimiter") + + return request_name + + +# 2] URI attributes fuzzing +def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str: + body_str = request["BodyExample"] + body_schema = request["BodySchema"] + is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True) + + request_name = "URI attributes fuzzing: " + \ + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"]) + s_initialize(name=request_name) + + _generate_http_header(request, endpoint, fuzzable=True) + + _generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False) + + return request_name + + +# 3] Request body fuzzing +def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str: + body_str = request["BodyExample"] + body_schema = request["BodySchema"] + is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives) + + subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else '' + request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"]) + s_initialize(name=request_name) + + _generate_http_header(request, endpoint, False) + + _generate_content_body(is_body_json, json_decoder, body_str, True) + + return request_name + + +def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives): + is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False + + json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives) + if is_body_json: + json_decoder.decode_dict(json.loads(documentation_body_example)) + elif documentation_body_schema: + is_body_json = True + json_decoder.generate_from_schema(documentation_body_schema) + + return is_body_json, json_decoder + + +def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable): + if s_block_start("body"): + if is_body_json: + json_decoder.generate_mutations(fuzzable=fuzzable) + elif body_string_example: + s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable) + s_block_end() + + +def _generate_http_header(request, endpoint, fuzzable): + s_static(request["Method"].upper() + " ") + RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable) + s_static(" HTTP/1.1\r\n") + RequestBuildHelper.generate_headers(ConfigurationManager.config) + s_static("\r\n\r\n") + diff --git a/fuzzer/src/configuration_manager.py b/fuzzer/configuration_manager.py similarity index 100% rename from fuzzer/src/configuration_manager.py rename to fuzzer/configuration_manager.py diff --git a/fuzzer/src/encodings_helper.py b/fuzzer/encodings_helper.py similarity index 100% rename from fuzzer/src/encodings_helper.py rename to fuzzer/encodings_helper.py diff --git a/fuzzer/src/fake_socket.py b/fuzzer/fake_socket.py similarity index 100% rename from fuzzer/src/fake_socket.py rename to fuzzer/fake_socket.py diff --git a/fuzzer/src/fuzz_payloads.py b/fuzzer/fuzz_payloads.py similarity index 100% rename from fuzzer/src/fuzz_payloads.py rename to fuzzer/fuzz_payloads.py diff --git a/fuzzer/src/fuzzer.py b/fuzzer/fuzzer.py similarity index 100% rename from fuzzer/src/fuzzer.py rename to fuzzer/fuzzer.py diff --git a/fuzzer/src/fuzzing_json_decoder.py b/fuzzer/fuzzing_json_decoder.py similarity index 100% rename from fuzzer/src/fuzzing_json_decoder.py rename to fuzzer/fuzzing_json_decoder.py diff --git a/fuzzer/src/json_schema_parser.py b/fuzzer/json_schema_parser.py similarity index 100% rename from fuzzer/src/json_schema_parser.py rename to fuzzer/json_schema_parser.py diff --git a/fuzzer/src/junit_logger.py b/fuzzer/junit_logger.py similarity index 100% rename from fuzzer/src/junit_logger.py rename to fuzzer/junit_logger.py diff --git a/fuzzer/src/parameter.py b/fuzzer/parameter.py similarity index 100% rename from fuzzer/src/parameter.py rename to fuzzer/parameter.py diff --git a/fuzzer/src/payloads/lists/numeric/blns-numeric.txt b/fuzzer/payloads/lists/numeric/blns-numeric.txt similarity index 100% rename from fuzzer/src/payloads/lists/numeric/blns-numeric.txt rename to fuzzer/payloads/lists/numeric/blns-numeric.txt diff --git a/fuzzer/src/payloads/lists/numeric/overflows.txt b/fuzzer/payloads/lists/numeric/overflows.txt similarity index 100% rename from fuzzer/src/payloads/lists/numeric/overflows.txt rename to fuzzer/payloads/lists/numeric/overflows.txt diff --git a/fuzzer/src/payloads/lists/numeric/reserver-numeric-keywords.txt b/fuzzer/payloads/lists/numeric/reserver-numeric-keywords.txt similarity index 100% rename from fuzzer/src/payloads/lists/numeric/reserver-numeric-keywords.txt rename to fuzzer/payloads/lists/numeric/reserver-numeric-keywords.txt diff --git a/fuzzer/src/payloads/lists/os-command-injection/unix-injections.txt b/fuzzer/payloads/lists/os-command-injection/unix-injections.txt similarity index 100% rename from fuzzer/src/payloads/lists/os-command-injection/unix-injections.txt rename to fuzzer/payloads/lists/os-command-injection/unix-injections.txt diff --git a/fuzzer/src/payloads/lists/os-command-injection/windows-injections.txt b/fuzzer/payloads/lists/os-command-injection/windows-injections.txt similarity index 100% rename from fuzzer/src/payloads/lists/os-command-injection/windows-injections.txt rename to fuzzer/payloads/lists/os-command-injection/windows-injections.txt diff --git a/fuzzer/src/payloads/lists/path-traversal/existing-files-unix.txt b/fuzzer/payloads/lists/path-traversal/existing-files-unix.txt similarity index 100% rename from fuzzer/src/payloads/lists/path-traversal/existing-files-unix.txt rename to fuzzer/payloads/lists/path-traversal/existing-files-unix.txt diff --git a/fuzzer/src/payloads/lists/path-traversal/existing-files-windows.txt b/fuzzer/payloads/lists/path-traversal/existing-files-windows.txt similarity index 100% rename from fuzzer/src/payloads/lists/path-traversal/existing-files-windows.txt rename to fuzzer/payloads/lists/path-traversal/existing-files-windows.txt diff --git a/fuzzer/src/payloads/lists/path-traversal/non-existing-files.txt b/fuzzer/payloads/lists/path-traversal/non-existing-files.txt similarity index 100% rename from fuzzer/src/payloads/lists/path-traversal/non-existing-files.txt rename to fuzzer/payloads/lists/path-traversal/non-existing-files.txt diff --git a/fuzzer/src/payloads/lists/special-chars-generic/all-bytes-hex.txt b/fuzzer/payloads/lists/special-chars-generic/all-bytes-hex.txt similarity index 100% rename from fuzzer/src/payloads/lists/special-chars-generic/all-bytes-hex.txt rename to fuzzer/payloads/lists/special-chars-generic/all-bytes-hex.txt diff --git a/fuzzer/src/payloads/lists/special-chars-generic/all-bytes-raw.txt b/fuzzer/payloads/lists/special-chars-generic/all-bytes-raw.txt similarity index 100% rename from fuzzer/src/payloads/lists/special-chars-generic/all-bytes-raw.txt rename to fuzzer/payloads/lists/special-chars-generic/all-bytes-raw.txt diff --git a/fuzzer/src/payloads/lists/special-chars-generic/long-strings.txt b/fuzzer/payloads/lists/special-chars-generic/long-strings.txt similarity index 100% rename from fuzzer/src/payloads/lists/special-chars-generic/long-strings.txt rename to fuzzer/payloads/lists/special-chars-generic/long-strings.txt diff --git a/fuzzer/src/payloads/lists/special-chars-generic/null-bytes.txt b/fuzzer/payloads/lists/special-chars-generic/null-bytes.txt similarity index 100% rename from fuzzer/src/payloads/lists/special-chars-generic/null-bytes.txt rename to fuzzer/payloads/lists/special-chars-generic/null-bytes.txt diff --git a/fuzzer/src/payloads/lists/special-chars-generic/special-characters.txt b/fuzzer/payloads/lists/special-chars-generic/special-characters.txt similarity index 100% rename from fuzzer/src/payloads/lists/special-chars-generic/special-characters.txt rename to fuzzer/payloads/lists/special-chars-generic/special-characters.txt diff --git a/fuzzer/src/payloads/lists/sql-injection/generic-blind.txt b/fuzzer/payloads/lists/sql-injection/generic-blind.txt similarity index 100% rename from fuzzer/src/payloads/lists/sql-injection/generic-blind.txt rename to fuzzer/payloads/lists/sql-injection/generic-blind.txt diff --git a/fuzzer/src/payloads/lists/sql-injection/mssql-blind.txt b/fuzzer/payloads/lists/sql-injection/mssql-blind.txt similarity index 100% rename from fuzzer/src/payloads/lists/sql-injection/mssql-blind.txt rename to fuzzer/payloads/lists/sql-injection/mssql-blind.txt diff --git a/fuzzer/src/payloads/lists/sql-injection/mysql-blind.txt b/fuzzer/payloads/lists/sql-injection/mysql-blind.txt similarity index 100% rename from fuzzer/src/payloads/lists/sql-injection/mysql-blind.txt rename to fuzzer/payloads/lists/sql-injection/mysql-blind.txt diff --git a/fuzzer/src/payloads/lists/sql-injection/oracle-blind.txt b/fuzzer/payloads/lists/sql-injection/oracle-blind.txt similarity index 100% rename from fuzzer/src/payloads/lists/sql-injection/oracle-blind.txt rename to fuzzer/payloads/lists/sql-injection/oracle-blind.txt diff --git a/fuzzer/src/payloads/lists/sql-injection/postgre-blind.txt b/fuzzer/payloads/lists/sql-injection/postgre-blind.txt similarity index 100% rename from fuzzer/src/payloads/lists/sql-injection/postgre-blind.txt rename to fuzzer/payloads/lists/sql-injection/postgre-blind.txt diff --git a/fuzzer/src/payloads/lists/unicode/corrupted.txt b/fuzzer/payloads/lists/unicode/corrupted.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/corrupted.txt rename to fuzzer/payloads/lists/unicode/corrupted.txt diff --git a/fuzzer/src/payloads/lists/unicode/emoji.txt b/fuzzer/payloads/lists/unicode/emoji.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/emoji.txt rename to fuzzer/payloads/lists/unicode/emoji.txt diff --git a/fuzzer/src/payloads/lists/unicode/imessage.txt b/fuzzer/payloads/lists/unicode/imessage.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/imessage.txt rename to fuzzer/payloads/lists/unicode/imessage.txt diff --git a/fuzzer/src/payloads/lists/unicode/japanese-emoticon.txt b/fuzzer/payloads/lists/unicode/japanese-emoticon.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/japanese-emoticon.txt rename to fuzzer/payloads/lists/unicode/japanese-emoticon.txt diff --git a/fuzzer/src/payloads/lists/unicode/naughty-unicode.txt b/fuzzer/payloads/lists/unicode/naughty-unicode.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/naughty-unicode.txt rename to fuzzer/payloads/lists/unicode/naughty-unicode.txt diff --git a/fuzzer/src/payloads/lists/unicode/regional-indicators.txt b/fuzzer/payloads/lists/unicode/regional-indicators.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/regional-indicators.txt rename to fuzzer/payloads/lists/unicode/regional-indicators.txt diff --git a/fuzzer/src/payloads/lists/unicode/right-to-left.txt b/fuzzer/payloads/lists/unicode/right-to-left.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/right-to-left.txt rename to fuzzer/payloads/lists/unicode/right-to-left.txt diff --git a/fuzzer/src/payloads/lists/unicode/two-byte-chars.txt b/fuzzer/payloads/lists/unicode/two-byte-chars.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/two-byte-chars.txt rename to fuzzer/payloads/lists/unicode/two-byte-chars.txt diff --git a/fuzzer/src/payloads/lists/unicode/upsidedown.txt b/fuzzer/payloads/lists/unicode/upsidedown.txt similarity index 100% rename from fuzzer/src/payloads/lists/unicode/upsidedown.txt rename to fuzzer/payloads/lists/unicode/upsidedown.txt diff --git a/fuzzer/src/payloads/lists/xml/xml-generic.txt b/fuzzer/payloads/lists/xml/xml-generic.txt similarity index 100% rename from fuzzer/src/payloads/lists/xml/xml-generic.txt rename to fuzzer/payloads/lists/xml/xml-generic.txt diff --git a/fuzzer/src/payloads/lists/xml/xml-non-existing-file-paths.txt b/fuzzer/payloads/lists/xml/xml-non-existing-file-paths.txt similarity index 100% rename from fuzzer/src/payloads/lists/xml/xml-non-existing-file-paths.txt rename to fuzzer/payloads/lists/xml/xml-non-existing-file-paths.txt diff --git a/fuzzer/src/payloads/lists/xml/xml-unix-existing-file-paths.txt b/fuzzer/payloads/lists/xml/xml-unix-existing-file-paths.txt similarity index 100% rename from fuzzer/src/payloads/lists/xml/xml-unix-existing-file-paths.txt rename to fuzzer/payloads/lists/xml/xml-unix-existing-file-paths.txt diff --git a/fuzzer/src/payloads/lists/xml/xml-windows-existing-file-paths.txt b/fuzzer/payloads/lists/xml/xml-windows-existing-file-paths.txt similarity index 100% rename from fuzzer/src/payloads/lists/xml/xml-windows-existing-file-paths.txt rename to fuzzer/payloads/lists/xml/xml-windows-existing-file-paths.txt diff --git a/fuzzer/src/payloads/lists/xml/xpath.txt b/fuzzer/payloads/lists/xml/xpath.txt similarity index 100% rename from fuzzer/src/payloads/lists/xml/xpath.txt rename to fuzzer/payloads/lists/xml/xpath.txt diff --git a/fuzzer/src/payloads/payloads_loader.py b/fuzzer/payloads/payloads_loader.py similarity index 97% rename from fuzzer/src/payloads/payloads_loader.py rename to fuzzer/payloads/payloads_loader.py index f84f89c..60d6ce8 100644 --- a/fuzzer/src/payloads/payloads_loader.py +++ b/fuzzer/payloads/payloads_loader.py @@ -40,7 +40,7 @@ class PayloadsLoader: def load_default_payloads(hostname: str): loader = PayloadsLoader(hostname) - base_path = './fuzzer/src/payloads/lists/' + base_path = './fuzzer/payloads/lists/' for root, directories, files in os.walk(base_path): for file in files: if file.endswith('.txt'): diff --git a/fuzzer/src/post_test_case_callback.py b/fuzzer/post_test_case_callback.py similarity index 97% rename from fuzzer/src/post_test_case_callback.py rename to fuzzer/post_test_case_callback.py index 202e134..8c8555f 100644 --- a/fuzzer/src/post_test_case_callback.py +++ b/fuzzer/post_test_case_callback.py @@ -1,42 +1,42 @@ -import json -from http.client import HTTPResponse -from boofuzz import exception -from fake_socket import get_response_object - - -class PostTestCaseCallback(object): - timeout_message = "Timeout or closed connection" - - @staticmethod - def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs): - fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore')) - fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore')) - - try: - response_string = target.recv() - except exception.BoofuzzTargetConnectionReset: - fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message) - return - - if not response_string: - fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message) - return - - response = get_response_object(response_string) - - if get_response_object(response_string) is None: - fuzz_data_logger.log_fail("Bad HTTP header") - return - - PostTestCaseCallback._http_response_asserts(response, fuzz_data_logger) - - @staticmethod - def _http_response_asserts(response: HTTPResponse, fuzz_data_logger): - if response.status >= 500: - fuzz_data_logger.log_fail("Status code higher or equal than 500!") - - if response.getheader("Content-Type") == "application/json": - try: - json.loads(response.read()) - except ValueError: - fuzz_data_logger.log_fail("application/json body is not valid JSON structure") +import json +from http.client import HTTPResponse +from boofuzz import exception +from fake_socket import get_response_object + + +class PostTestCaseCallback(object): + timeout_message = "Timeout or closed connection" + + @staticmethod + def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs): + fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore')) + fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore')) + + try: + response_string = target.recv() + except exception.BoofuzzTargetConnectionReset: + fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message) + return + + if not response_string: + fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message) + return + + response = get_response_object(response_string) + + if get_response_object(response_string) is None: + fuzz_data_logger.log_fail("Bad HTTP header") + return + + PostTestCaseCallback._http_response_asserts(response, fuzz_data_logger) + + @staticmethod + def _http_response_asserts(response: HTTPResponse, fuzz_data_logger): + if response.status >= 500: + fuzz_data_logger.log_fail("Status code higher or equal than 500!") + + if response.getheader("Content-Type") == "application/json": + try: + json.loads(response.read()) + except ValueError: + fuzz_data_logger.log_fail("application/json body is not valid JSON structure") diff --git a/fuzzer/src/progress_reporter.py b/fuzzer/progress_reporter.py similarity index 100% rename from fuzzer/src/progress_reporter.py rename to fuzzer/progress_reporter.py diff --git a/fuzzer/src/request_build_helper.py b/fuzzer/request_build_helper.py similarity index 100% rename from fuzzer/src/request_build_helper.py rename to fuzzer/request_build_helper.py diff --git a/fuzzer/src/text_logger.py b/fuzzer/text_logger.py similarity index 100% rename from fuzzer/src/text_logger.py rename to fuzzer/text_logger.py diff --git a/fuzzer/src/unit_tests/fuzzing_json_decoder_tests.py b/fuzzer/unit_tests/fuzzing_json_decoder_tests.py similarity index 100% rename from fuzzer/src/unit_tests/fuzzing_json_decoder_tests.py rename to fuzzer/unit_tests/fuzzing_json_decoder_tests.py diff --git a/fuzzer/src/unit_tests/json_schema_parser_tests.py b/fuzzer/unit_tests/json_schema_parser_tests.py similarity index 100% rename from fuzzer/src/unit_tests/json_schema_parser_tests.py rename to fuzzer/unit_tests/json_schema_parser_tests.py diff --git a/fuzzer/src/unit_tests/request_build_helper_tests.py b/fuzzer/unit_tests/request_build_helper_tests.py similarity index 100% rename from fuzzer/src/unit_tests/request_build_helper_tests.py rename to fuzzer/unit_tests/request_build_helper_tests.py diff --git a/fuzzer/src/wapifuzz.py b/fuzzer/wapifuzz.py similarity index 100% rename from fuzzer/src/wapifuzz.py rename to fuzzer/wapifuzz.py diff --git a/run.ps1 b/run.ps1 index 55a0975..a43ce3d 100644 --- a/run.ps1 +++ b/run.ps1 @@ -67,7 +67,7 @@ Write-Host "Installing specific dependencies" pip install git+https://github.com/jtpereyda/boofuzz.git pip install junit-xml Write-Host "Starting fuzz testing" -python ./fuzzer/src/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG +python ./fuzzer/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG $FUZZER_ERROR_CODE=$LASTEXITCODE if ($FUZZER_ERROR_CODE -eq 2) { diff --git a/run.sh b/run.sh index 73c32ca..007187c 100644 --- a/run.sh +++ b/run.sh @@ -77,7 +77,7 @@ ${PYTHON3_BIN} -m virtualenv env echo "Started fuzzing" . ./env/bin/activate ; \ pip install --upgrade pip ; pip install git+https://github.com/jtpereyda/boofuzz.git ; pip install junit-xml ; \ -python fuzzer/src/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG} +python fuzzer/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG} FUZZER_ERROR_CODE=$? if [ "$FUZZER_ERROR_CODE" -eq "2" ]; then echo "Fuzzing failed. Trying to generate HTML result of procceeded test cases.";