Skip to content

I
IOT-fuzz
Commit d79dc8c2 by 张航玮
Options

Add new file

parent 970d40e0
Showing with 72 additions and 0 deletions
boofuzz_getsessionkey.py 0 → 100644
# -*-coding=utf-8-*-
from boofuzz import *
import urllib.request
import urllib.parse
import time
global sessionkey
def getsessionkey():
global sessionkey
millis = int(round(time.time() * 1000))
millis = str(millis)
url1 = "http://192.168.1.1/cgi-bin/Login.asp?User=admin&Pwd=admin&_="+millis
res_data = urllib.request.urlopen(url1)
millis = int(round(time.time() * 1000))
millis = str(millis)
time.sleep(0.1)
url2 = "http://192.168.1.1/cgi-bin/get/New_GUI/get_sessionKey.asp?_="+millis
print(url2)
#req = urllib.parse.urlencode()
res_data = urllib.request.urlopen(url2)
res = res_data.read()
print(res,str(res, encoding = "utf-8") )
sessionkey = str(res, encoding = "utf-8")
def main():
global sessionkey
session = Session(
target=Target(
connection=SocketConnection("192.168.1.1", 80, proto='tcp')
),
post_test_case_callbacks = getsessionkey(),
)
s_initialize(name="Request")
with s_block("Request-Line"):
# LINE 1
s_static("POST ", name="Method")
s_static("/cgi-bin/New_GUI/Set/Diagnostics.asp ", name='Request-URI')
s_static('HTTP/1.1', name='HTTP-Version')
s_static("\r\n")
# LINE 2
s_static("Host", name="Host")
s_static(": ")
s_static("192.168.1.1", name="ip")
s_static("\r\n")
# LINE 3 对应 Content-Length: 400
s_static('Content-Length')
s_static(': ')
s_size('data', output_format='ascii', fuzzable=True)
s_static('\r\n')
s_static('\r\n')
with s_block("data"):
s_static('Type=p&sessionKey='+sessionkey+'&Addr=')
s_string('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',max_len=1024)
session.connect(s_get("Request"))
session.fuzz()
if __name__ == "__main__":
main()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment