Update Fuzz_DSL.py

ae40f599 · 尹启迪 · 138ce79f · ae40f599
Commit ae40f599 authored Aug 29, 2020 by 尹启迪
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 10 deletions

Fuzz_DSL.py Fuzz_DSL.py +44 -10

No files found.
--- a/Fuzz_DSL.py
+++ b/Fuzz_DSL.py
@@ -2,7 +2,7 @@ from boofuzz import *
 from sys import exit
 from time import sleep

-my_key=""
+# my_key=""


 def change_port(target, my_logger, session, *args, **kwargs):
@@ -16,7 +16,7 @@ def change_port(target, my_logger, session, *args, **kwargs):
 				break
 		except:
 			break
-def get_sk(target, my_logger, session, *args, **kwargs):
+def get_sk(target, my_logger, session, node, edge, *args, **kwargs):
 	global my_key
 	while(1):
 		try:
@@ -31,12 +31,12 @@ def get_sk(target, my_logger, session, *args, **kwargs):
 		except:
 			break
 	print my_key+"!!!!!!!!!!!!!!!!!!!!"
+	node.names['my_key']._value = my_key

    

    
 def main():
-	global my_key
 	tar=Target(connection=TCPSocketConnection("192.168.1.1", 80))
 	session = Session(
 		target=tar,
@@ -67,7 +67,7 @@ def main():
 	s_static("X-Requested-With: XMLHttpRequest")
 	s_static("\r\n")

-	s_static("Connection: keep-alive")
+	s_static("Connection: close")
 	s_static("\r\n")

 	s_static("Referer: http://192.168.1.1/cgi-bin/Login.asp")
@@ -111,6 +111,36 @@ def main():



+
+	s_initialize(name="Final")
+	s_static("GET /cgi-bin/New_GUI/Diagnostics.asp HTTP/1.1")
+	s_static("\r\n")
+
+	s_static("Host: 192.168.1.1")
+	s_static("\r\n")
+
+	s_static("User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0")
+	s_static("\r\n")
+
+	s_static("Accept: */*")
+	s_static("\r\n")
+
+	s_static("Accept-Language: en-US,en;q=0.5")
+	s_static("\r\n")
+
+	s_static("Accept-Encoding: gzip, deflate")
+	s_static("\r\n")
+
+
+	s_static("Connection: close")
+	s_static("\r\n")
+
+	s_static("Referer: http://192.168.1.1/cgi-bin/New_GUI/Home.asp")
+	s_static("\r\n")
+
+	s_static("Upgrade-Insecure-Requests: 1")
+	s_static("\r\n")
+
 	

 	# s_static("GET /cgi-bin/Login.asp?User=admin&Pwd=admin&_=1598531547960 HTTP/1.1")
@@ -172,32 +202,35 @@ def main():
 	s_static("X-Requested-With: XMLHttpRequest")
 	s_static("\r\n")

-	s_static("Content-Length: ")
-	s_size('data', output_format='ascii', fuzzable=True)
+	s_static("Content-Length: 56")
+	# s_size('data', output_format='ascii', fuzzable=True)
 	s_static("\r\n")

 	s_static("Origin: http://192.168.1.1")
 	s_static("\r\n")

-	s_static("Connection: keep-alive")
+	s_static("Connection: close")
 	s_static("\r\n")

 	s_static("Referer: http://192.168.1.1/cgi-bin/New_GUI/Diagnostics.asp")
 	s_static("\r\n")
 	s_static("\r\n")

+
+
 	with s_block("data"):
 		s_static("Type=p&sessionKey=")
-		s_static(my_key)
+		s_static("my_key", name="my_key")
 		s_static("&Addr=")
-		s_static("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")
+		s_static("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")
 		s_string("hello", max_len=10)
 	session.connect(s_get("Login"))
 	session.connect(s_get("Login"), s_get("Get_key"), callback=change_port)
 	my_edge=session.connect(s_get("Get_key"), s_get("Post"), callback=get_sk)
+	session.connect(s_get("Post"), s_get("Final"), callback=change_port)
 	# session.connect(s_get("Post"), callback=get_banner)
 	# session.connect(s_get("Get_key"), s_get("Post"), callback=get_banner)
-	# session.transmit_normal(tar, s_get("Get_key"), my_edge)
+	# session.transmit_fuzz(tar, s_get("Get_key"), my_edge, NULL)
 	session.fuzz()
 if __name__ == '__main__':
 	main()
\ No newline at end of file