Merge branch 'master' of http://git.hunter-ht.cn/yinqidi/IOT-fuzz

b4dd3447 · yinqidi · 69cbd3f3 · e99269ef · b4dd3447 · b4dd3447
Commit b4dd3447 authored Dec 22, 2020 by yinqidi
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 199 additions and 0 deletions

proxylogger.py proxylogger.py +74 -0

spider3.py spider3.py +0 -0

脚本生成.py 脚本生成.py +125 -0

No files found.
--- a/proxylogger.py
+++ b/proxylogger.py
+import mitmproxy
+
+n = 1
+
+def real_path(path):
+  print(path)
+  if path == "/":
+    return False
+  elif path[-3:] == "php" or path[-3:] == "cgi":
+    return True
+  elif path[-2:] == "js" or path[-3:] == "gif" or path[-3:] == "css":
+    return False
+  return True
+
+
+class ProxyLogger:
+
+  def __init__(self,request_url):
+    self.request_url = request_url
+
+  def request(self,flow):
+    global n
+    f = open("PROXY_MODE_FILE", 'r')
+    mode = f.readline()
+    #Creating template request
+    print(mode)
+    if mode == '1':
+      print ('REQUEST CAPTURE MODE')
+      headers = flow.request.headers
+      request = flow.request.get_text(strict=True)
+      if real_path(flow.request.path):
+        string = "-*-" + str(n) + "\n"
+        n = n + 1
+        #print()
+        # if flow.request.method == 'GET' and \
+        #     '?' not in flow.request.path:
+        #   return
+        string += flow.request.method + ' '
+        string += flow.request.path + ' '
+        string += flow.request.http_version + '\n'
+        print(string)
+        for k,v in headers.items():
+          #print(k,v)
+          temp = '%s %s\n'%(k,v)
+          string = string + temp
+        string = string + '\n'
+        with open("REQUEST_FILE", 'a+') as f:
+          f.write(string)
+          print(request)
+          if len(request) > 0:
+            f.write(request + '\n')
+        f.close()
+
+  def response(self,flow):
+    f = open("PROXY_MODE_FILE", 'r')
+    mode = f.readline()
+    #Logging the response status code  
+    
+    self.forced_browsing_mode(flow)
+
+  def normal_log_mode(self,flow):
+    status_code = str(flow.response.status_code)[0] #checking first digit of the error code
+    # if status_code == '4' or status_code == '5': #4xx or 5xx error code received
+    #   fp1 = open(ERROR_FILE, 'a+')
+    #   fp1.write(self.request_url + ' ' + str(flow.response.status_code) + '\n')
+    #   fp1.close()
+  
+  def forced_browsing_mode(self,flow):
+    status_code = str(flow.response.status_code)
+    if status_code == '200':
+      print('DISCLOSURE DETECTED')
+
+def start():
+  return ProxyLogger('placeholder') 
--- a/spider3.py
+++ b/spider3.py
--- a/脚本生成.py
+++ b/脚本生成.py
+import os
+import os
+
+IP='192.168.1.1'
+PORT=80
+script='from boofuzz import *\r\n'
+
+name_list = []
+
+def add_script(lines):
+	global script
+	for line in lines:
+		script += line 
+
+
+def function_name(file_dir):
+	global script
+	functions = os.listdir(file_dir)
+	for  function in functions:		
+		function = 'function/' + function
+		f=open(function,'r')
+		lines=f.readlines() 
+		#print(lines)
+		add_script(lines)
+		script += '\r\n' 
+
+def do_data(line):
+	global script
+	line = line[0:-1]
+	t=line.split('&')
+	for i in range(len(t)):
+		m,n=t[i].split('=')
+		script+='\t\ts_static("%s=")\r\n' %(m)
+		script+='\t\ts_string("%s", max_len=1024)\r\n' %(n)
+		if i!=len(t)-1:
+			script+='\t\ts_static("&")\r\n'
+ 
+def do_body(line):
+	global script
+	t=line.split(' ')
+	print(t)
+	if t[0] != "GET":	
+		for i in range(len(t)):
+			if '\n' in t[i]:
+				tt=t[i].split('\n')
+				if i!=0:
+					script+='\ts_delim(" ")\r\n'
+				script+='\ts_static("%s")\r\n' %(tt[0])
+				script+='\ts_static("\\r\\n")\r\n'
+			else:
+				if i!=0:
+					script+='\ts_delim(" ")\r\n'
+				script+='\ts_static("%s")\r\n' %(t[i])
+	else:
+		print("123")
+
+
+ 
+
+function_name("function")
+print(script)
+
+
+script+='def main():\r\n'
+script+='\ttar=Target(connection=TCPSocketConnection("%s", %d))\r\n' %(IP,PORT)
+script+='\tsession = Session(target=tar,receive_data_after_each_request=True,)\r\n'
+
+
+
+f = open("1.txt", 'r')
+Fscript=open('FuzzScript.py','w')
+lines=f.readlines()
+if_data = False
+for i in range(len(lines)):
+	line = lines[i]
+	if line[0:3] == "-*-":
+		name = line[3:-1]
+		print(name)
+		script+= '\ts_initialize(name="%s")\r\n' %(name)
+		name_list.append(name)
+
+
+	elif line == '\n':
+		next_line = lines[i+1]
+		if next_line[0:3] != "-*-" :
+			if_data = True
+
+	else:
+		print(i)
+		if if_data:
+			script+= '\twith s_block("data"):\r\n'
+			do_data(next_line)
+			print("data")
+			if_data = False
+		else:
+
+			do_body(line)
+                        
+ 
+# while line:
+# 	if line=='\r\n':
+# 		line=f.readline()
+# 		script+='\ts_static("\\r\\n", "Request-CRLF")\r\n'
+# 		script+='\twith s_block("Body-Content"):\r\n'
+# 		do_body(line)
+# 		script+='\tsession.connect(s_get("Post"))\r\n'
+# 		script+='\tsession.fuzz()\r\n'
+# 		script+='if __name__ == "__main__":\r\n'
+# 		script+='\tmain()\r\n'
+# 		f.seek(0)
+# 		all_file=f.read()
+# 		script+='\r\n\'\'\'\r\n'+all_file+'\r\n\'\'\''
+		
+# 	else:
+		
+	# 	t=line.split(' ')
+	# 	for i in range(len(t)):
+				
+	# line=f.readline()
+	# script+='\r\n' 
+print(script)
+Fscript.write(script)
+Fscript.close()
+f.close()
+print(name_list)