Merge branch 'removed_unnecessary_folder'

.travis.yml

@@ -1,22 +1,22 @@
-dist: xenial
+dist: xenial
-language: csharp
+language: csharp
-mono: none
+mono: none
-dotnet: 2.2.402
+dotnet: 2.2.402
-script:
+script:
-  - sudo apt update
+  - sudo apt update
-  - sudo apt install --yes libssl-dev
+  - sudo apt install --yes libssl-dev
-  - sudo apt install --yes build-essential checkinstall
+  - sudo apt install --yes build-essential checkinstall
-  - sudo apt install --yes libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev
+  - sudo apt install --yes libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev
-  - sudo apt install --yes dos2unix
+  - sudo apt install --yes dos2unix
-  - cd /usr/src && sudo wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz && sudo tar xzf Python-3.7.3.tgz && cd Python-3.7.3 && sudo ./configure --enable-optimizations && sudo make altinstall
+  - cd /usr/src && sudo wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz && sudo tar xzf Python-3.7.3.tgz && cd Python-3.7.3 && sudo ./configure --enable-optimizations && sudo make altinstall
-  - sudo ln -s /usr/local/bin/python3.7 /usr/local/bin/python3
+  - sudo ln -s /usr/local/bin/python3.7 /usr/local/bin/python3
-  - sudo ln -s /usr/local/bin/pip3.7 /usr/local/bin/pip3
+  - sudo ln -s /usr/local/bin/pip3.7 /usr/local/bin/pip3
-  - export PATH="/usr/local/bin:$PATH"
+  - export PATH="/usr/local/bin:$PATH"
-  - sudo pip3 install --upgrade pip && sudo pip3 install git+https://github.com/jtpereyda/boofuzz.git && sudo pip3 install junit-xml && sudo pip3 install virtualenv
+  - sudo pip3 install --upgrade pip && sudo pip3 install git+https://github.com/jtpereyda/boofuzz.git && sudo pip3 install junit-xml && sudo pip3 install virtualenv
-  - find ~/build/ysoftdevs/wapifuzz/ -type f -exec dos2unix {} \;
+  - find ~/build/ysoftdevs/wapifuzz/ -type f -exec dos2unix {} \;
-  - find ~/build/ysoftdevs/wapifuzz/ -type f -name "*.sh" -exec chmod u+x {} \;
+  - find ~/build/ysoftdevs/wapifuzz/ -type f -name "*.sh" -exec chmod u+x {} \;
-  - cd ~/build/ysoftdevs/wapifuzz/parser/ && dotnet restore && dotnet test
+  - cd ~/build/ysoftdevs/wapifuzz/parser/ && dotnet restore && dotnet test
-  - cd ~/build/ysoftdevs/wapifuzz/fuzzer/src/ && python3 -m unittest unit_tests.fuzzing_json_decoder_tests
+  - cd ~/build/ysoftdevs/wapifuzz/fuzzer/ && python3 -m unittest unit_tests.fuzzing_json_decoder_tests
-  - cd ~/build/ysoftdevs/wapifuzz/fuzzer/src/ && python3 -m unittest unit_tests.json_schema_parser_tests
+  - cd ~/build/ysoftdevs/wapifuzz/fuzzer/ && python3 -m unittest unit_tests.json_schema_parser_tests
-  - cd ~/build/ysoftdevs/wapifuzz/fuzzer/src/ && python3 -m unittest unit_tests.request_build_helper_tests
+  - cd ~/build/ysoftdevs/wapifuzz/fuzzer/ && python3 -m unittest unit_tests.request_build_helper_tests
-  - cd ~/build/ysoftdevs/wapifuzz/tests/ && chmod +x run_tests.sh && travis_wait ./run_tests.sh
+  - cd ~/build/ysoftdevs/wapifuzz/tests/ && chmod +x run_tests.sh && travis_wait ./run_tests.sh

fuzzer/blocks_generator.py

@@ -1,96 +1,96 @@
-import json
+import json
-from typing import Union
+from typing import Union
-from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end
+from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end
-from request_build_helper import RequestBuildHelper
+from request_build_helper import RequestBuildHelper
-from configuration_manager import ConfigurationManager
+from configuration_manager import ConfigurationManager
-from fuzz_payloads import s_http_string
+from fuzz_payloads import s_http_string
-from fuzzing_json_decoder import FuzzingJsonDecoder
+from fuzzing_json_decoder import FuzzingJsonDecoder
-from encodings_helper import EncodingTypes
+from encodings_helper import EncodingTypes
-
+
-
+
-# 1] General HTTP fuzzing
+# 1] General HTTP fuzzing
-def generate_http_fuzzed_blocks() -> str:
+def generate_http_fuzzed_blocks() -> str:
-    request_name = "General HTTP fuzzing:"
+    request_name = "General HTTP fuzzing:"
-    s_initialize(name=request_name)
+    s_initialize(name=request_name)
-
+
-    s_http_string("GET", name="HTTP method")
+    s_http_string("GET", name="HTTP method")
-    s_delim(" ", name="Delimiter between method and path")
+    s_delim(" ", name="Delimiter between method and path")
-    s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path")
+    s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path")
-    s_delim(" ", name="Delimiter between path and version")
+    s_delim(" ", name="Delimiter between path and version")
-    s_http_string("HTTP/1.1\r\n", name="HTTP version")
+    s_http_string("HTTP/1.1\r\n", name="HTTP version")
-
+
-    s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n")
+    s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n")
-
+
-    s_static("Content-Length: 0" + "\r\n")
+    s_static("Content-Length: 0" + "\r\n")
-
+
-    s_static("User-Agent: ")
+    s_static("User-Agent: ")
-    s_http_string("WapiFuzz", name="User-agent")
+    s_http_string("WapiFuzz", name="User-agent")
-
+
-    s_delim("\r\n\r\n", name="HTTP headers and body delimiter")
+    s_delim("\r\n\r\n", name="HTTP headers and body delimiter")
-
+
-    return request_name
+    return request_name
-
+
-
+
-# 2] URI attributes fuzzing
+# 2] URI attributes fuzzing
-def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str:
+def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str:
-    body_str = request["BodyExample"]
+    body_str = request["BodyExample"]
-    body_schema = request["BodySchema"]
+    body_schema = request["BodySchema"]
-    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True)
+    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True)
-
+
-    request_name = "URI attributes fuzzing: " + \
+    request_name = "URI attributes fuzzing: " + \
-                   RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
+                   RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
-    s_initialize(name=request_name)
+    s_initialize(name=request_name)
-
+
-    _generate_http_header(request, endpoint, fuzzable=True)
+    _generate_http_header(request, endpoint, fuzzable=True)
-
+
-    _generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False)
+    _generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False)
-
+
-    return request_name
+    return request_name
-
+
-
+
-# 3] Request body fuzzing
+# 3] Request body fuzzing
-def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str:
+def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str:
-    body_str = request["BodyExample"]
+    body_str = request["BodyExample"]
-    body_schema = request["BodySchema"]
+    body_schema = request["BodySchema"]
-    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives)
+    is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives)
-
+
-    subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else ''
+    subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else ''
-    request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
+    request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
-    s_initialize(name=request_name)
+    s_initialize(name=request_name)
-
+
-    _generate_http_header(request, endpoint, False)
+    _generate_http_header(request, endpoint, False)
-
+
-    _generate_content_body(is_body_json, json_decoder, body_str, True)
+    _generate_content_body(is_body_json, json_decoder, body_str, True)
-
+
-    return request_name
+    return request_name
-
+
-
+
-def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives):
+def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives):
-    is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False
+    is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False
-
+
-    json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives)
+    json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives)
-    if is_body_json:
+    if is_body_json:
-        json_decoder.decode_dict(json.loads(documentation_body_example))
+        json_decoder.decode_dict(json.loads(documentation_body_example))
-    elif documentation_body_schema:
+    elif documentation_body_schema:
-        is_body_json = True
+        is_body_json = True
-        json_decoder.generate_from_schema(documentation_body_schema)
+        json_decoder.generate_from_schema(documentation_body_schema)
-
+
-    return is_body_json, json_decoder
+    return is_body_json, json_decoder
-
+
-
+
-def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable):
+def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable):
-    if s_block_start("body"):
+    if s_block_start("body"):
-        if is_body_json:
+        if is_body_json:
-            json_decoder.generate_mutations(fuzzable=fuzzable)
+            json_decoder.generate_mutations(fuzzable=fuzzable)
-        elif body_string_example:
+        elif body_string_example:
-            s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable)
+            s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable)
-    s_block_end()
+    s_block_end()
-
+
-
+
-def _generate_http_header(request, endpoint, fuzzable):
+def _generate_http_header(request, endpoint, fuzzable):
-    s_static(request["Method"].upper() + " ")
+    s_static(request["Method"].upper() + " ")
-    RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable)
+    RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable)
-    s_static(" HTTP/1.1\r\n")
+    s_static(" HTTP/1.1\r\n")
-    RequestBuildHelper.generate_headers(ConfigurationManager.config)
+    RequestBuildHelper.generate_headers(ConfigurationManager.config)
-    s_static("\r\n\r\n")
+    s_static("\r\n\r\n")
-
+

fuzzer/payloads/payloads_loader.py

@@ -40,7 +40,7 @@ class PayloadsLoader:
 
 def load_default_payloads(hostname: str):
     loader = PayloadsLoader(hostname)
-    base_path = './fuzzer/src/payloads/lists/'
+    base_path = './fuzzer/payloads/lists/'
     for root, directories, files in os.walk(base_path):
         for file in files:
             if file.endswith('.txt'):

fuzzer/post_test_case_callback.py

@@ -1,42 +1,42 @@
-import json
+import json
-from http.client import HTTPResponse
+from http.client import HTTPResponse
-from boofuzz import exception
+from boofuzz import exception
-from fake_socket import get_response_object
+from fake_socket import get_response_object
-
+
-
+
-class PostTestCaseCallback(object):
+class PostTestCaseCallback(object):
-    timeout_message = "Timeout or closed connection"
+    timeout_message = "Timeout or closed connection"
-
+
-    @staticmethod
+    @staticmethod
-    def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs):
+    def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs):
-        fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore'))
+        fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore'))
-        fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore'))
+        fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore'))
-
+
-        try:
+        try:
-            response_string = target.recv()
+            response_string = target.recv()
-        except exception.BoofuzzTargetConnectionReset:
+        except exception.BoofuzzTargetConnectionReset:
-            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
+            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
-            return
+            return
-
+
-        if not response_string:
+        if not response_string:
-            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
+            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
-            return
+            return
-
+
-        response = get_response_object(response_string)
+        response = get_response_object(response_string)
-
+
-        if get_response_object(response_string) is None:
+        if get_response_object(response_string) is None:
-            fuzz_data_logger.log_fail("Bad HTTP header")
+            fuzz_data_logger.log_fail("Bad HTTP header")
-            return
+            return
-
+
-        PostTestCaseCallback._http_response_asserts(response, fuzz_data_logger)
+        PostTestCaseCallback._http_response_asserts(response, fuzz_data_logger)
-
+
-    @staticmethod
+    @staticmethod
-    def _http_response_asserts(response: HTTPResponse, fuzz_data_logger):
+    def _http_response_asserts(response: HTTPResponse, fuzz_data_logger):
-        if response.status >= 500:
+        if response.status >= 500:
-            fuzz_data_logger.log_fail("Status code higher or equal than 500!")
+            fuzz_data_logger.log_fail("Status code higher or equal than 500!")
-
+
-        if response.getheader("Content-Type") == "application/json":
+        if response.getheader("Content-Type") == "application/json":
-            try:
+            try:
-                json.loads(response.read())
+                json.loads(response.read())
-            except ValueError:
+            except ValueError:
-                fuzz_data_logger.log_fail("application/json body is not valid JSON structure")
+                fuzz_data_logger.log_fail("application/json body is not valid JSON structure")

run.ps1

@@ -67,7 +67,7 @@ Write-Host "Installing specific dependencies"
 pip install git+https://github.com/jtpereyda/boofuzz.git
 pip install junit-xml
 Write-Host "Starting fuzz testing"
-python ./fuzzer/src/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG
+python ./fuzzer/wapifuzz.py ${config} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${payloads} > $FUZZER_LOG
 $FUZZER_ERROR_CODE=$LASTEXITCODE
 if ($FUZZER_ERROR_CODE -eq 2)
 {

run.sh

@@ -77,7 +77,7 @@ ${PYTHON3_BIN} -m virtualenv env
 echo "Started fuzzing"
 . ./env/bin/activate ; \
 pip install --upgrade pip ; pip install git+https://github.com/jtpereyda/boofuzz.git ; pip install junit-xml ; \
-python fuzzer/src/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG}
+python fuzzer/wapifuzz.py ${WAPIFUZZ_CONFIG} ${API_REQUESTS_JSON} ${JUNIT_TEST_REPORT} ${CUSTOM_PAYLOADS_FILE} > ${FUZZER_LOG}
 FUZZER_ERROR_CODE=$?
 if [ "$FUZZER_ERROR_CODE" -eq "2" ]; then
    echo "Fuzzing failed. Trying to generate HTML result of procceeded test cases.";