mirror of
https://github.com/ysoftdevs/wapifuzz.git
synced 2026-01-13 23:23:29 +01:00
97 lines
3.8 KiB
Python
97 lines
3.8 KiB
Python
import json
|
|
from typing import Union
|
|
from boofuzz import s_initialize, s_delim, s_static, s_block_start, s_block_end
|
|
from request_build_helper import RequestBuildHelper
|
|
from configuration_manager import ConfigurationManager
|
|
from fuzz_payloads import s_http_string
|
|
from fuzzing_json_decoder import FuzzingJsonDecoder
|
|
from encodings_helper import EncodingTypes
|
|
|
|
|
|
# 1] General HTTP fuzzing
|
|
def generate_http_fuzzed_blocks() -> str:
|
|
request_name = "General HTTP fuzzing:"
|
|
s_initialize(name=request_name)
|
|
|
|
s_http_string("GET", name="HTTP method")
|
|
s_delim(" ", name="Delimiter between method and path")
|
|
s_http_string("/path", encoding=EncodingTypes.ascii, name="HTTP path")
|
|
s_delim(" ", name="Delimiter between path and version")
|
|
s_http_string("HTTP/1.1\r\n", name="HTTP version")
|
|
|
|
s_static("Host: " + ConfigurationManager.config["target"]["hostname"] + "\r\n")
|
|
|
|
s_static("Content-Length: 0" + "\r\n")
|
|
|
|
s_static("User-Agent: ")
|
|
s_http_string("WapiFuzz", name="User-agent")
|
|
|
|
s_delim("\r\n\r\n", name="HTTP headers and body delimiter")
|
|
|
|
return request_name
|
|
|
|
|
|
# 2] URI attributes fuzzing
|
|
def generate_url_attributes_fuzzed_blocks(endpoint, request) -> str:
|
|
body_str = request["BodyExample"]
|
|
body_schema = request["BodySchema"]
|
|
is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, True)
|
|
|
|
request_name = "URI attributes fuzzing: " + \
|
|
RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
|
|
s_initialize(name=request_name)
|
|
|
|
_generate_http_header(request, endpoint, fuzzable=True)
|
|
|
|
_generate_content_body(is_body_json, json_decoder, body_str, fuzzable=False)
|
|
|
|
return request_name
|
|
|
|
|
|
# 3] Request body fuzzing
|
|
def generate_body_fuzzed_blocks(endpoint, request, add_quotation_marks_into_non_string_primitives=False) -> str:
|
|
body_str = request["BodyExample"]
|
|
body_schema = request["BodySchema"]
|
|
is_body_json, json_decoder = _prepare_content_body(body_str, body_schema, add_quotation_marks_into_non_string_primitives)
|
|
|
|
subcategory_name = " (adding quotation marks)" if add_quotation_marks_into_non_string_primitives else ''
|
|
request_name = "Request body fuzzing" + subcategory_name + ": " + RequestBuildHelper.get_request_name(endpoint["Uri"], request["Method"])
|
|
s_initialize(name=request_name)
|
|
|
|
_generate_http_header(request, endpoint, False)
|
|
|
|
_generate_content_body(is_body_json, json_decoder, body_str, True)
|
|
|
|
return request_name
|
|
|
|
|
|
def _prepare_content_body(documentation_body_example, documentation_body_schema, add_quotation_marks_into_non_string_primitives):
|
|
is_body_json = True if documentation_body_example and RequestBuildHelper.is_string_valid_json(documentation_body_example) else False
|
|
|
|
json_decoder: Union[FuzzingJsonDecoder, None] = FuzzingJsonDecoder(add_quotation_marks_into_non_string_primitives)
|
|
if is_body_json:
|
|
json_decoder.decode_dict(json.loads(documentation_body_example))
|
|
elif documentation_body_schema:
|
|
is_body_json = True
|
|
json_decoder.generate_from_schema(documentation_body_schema)
|
|
|
|
return is_body_json, json_decoder
|
|
|
|
|
|
def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzzable):
|
|
if s_block_start("body"):
|
|
if is_body_json:
|
|
json_decoder.generate_mutations(fuzzable=fuzzable)
|
|
elif body_string_example:
|
|
s_http_string(body_string_example, name="Whole HTTP body", fuzzable=fuzzable)
|
|
s_block_end()
|
|
|
|
|
|
def _generate_http_header(request, endpoint, fuzzable):
|
|
s_static(request["Method"].upper() + " ")
|
|
RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable)
|
|
s_static(" HTTP/1.1\r\n")
|
|
RequestBuildHelper.generate_headers(ConfigurationManager.config)
|
|
s_static("\r\n\r\n")
|
|
|