Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
I
IOT-fuzz
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
张航玮
IOT-fuzz
Commits
93a3f3b5
Commit
93a3f3b5
authored
Aug 26, 2020
by
尹启迪
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add new file
parents
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
137 additions
and
0 deletions
+137
-0
fuzz_DIR-850RECVA.py
fuzz_DIR-850RECVA.py
+137
-0
No files found.
fuzz_DIR-850RECVA.py
0 → 100644
View file @
93a3f3b5
#-*-coding=utf8-*-
from
boofuzz
import
*
from
sys
import
exit
def
get_banner
(
target
,
my_logger
,
session
,
*
args
,
**
kwargs
):
banner_template
=
"Welcome to Vulnerable Server! Enter HELP for help."
try
:
banner
=
target
.
recv
(
10000
)
except
:
print
"Unable to connect. Target is down. Exiting."
exit
(
1
)
my_logger
.
log_check
(
'Receiving banner..'
)
if
banner_template
in
banner
:
my_logger
.
log_pass
(
'banner received'
)
else
:
my_logger
.
log_fail
(
'No banner received'
)
print
"No banner received, exiting.."
exit
(
1
)
def
main
():
# csv_log = open('fuzz_results.csv', 'wb')
# my_logger = [FuzzLoggerCsv(file_handle=csv_log)]
session
=
Session
(
target
=
Target
(
connection
=
SocketConnection
(
"192.168.0.1"
,
80
,
proto
=
'tcp'
)
),
# fuzz_loggers=my_logger,
crash_threshold_element
=
1
,
)
s_initialize
(
name
=
"Request"
)
with
s_block
(
"Request-Line"
):
s_static
(
"POST"
,
name
=
"Method"
)
s_delim
(
" "
,
name
=
'space-1'
)
s_static
(
"/HNAP1/"
,
name
=
'Request-URI'
)
# variation
s_delim
(
" "
,
name
=
'space-2'
)
s_static
(
'HTTP/1.1'
,
name
=
'HTTP-Version'
)
s_static
(
"
\r\n
"
)
s_static
(
"Host"
,
name
=
"Host"
)
s_static
(
": "
)
s_static
(
"192.168.0.1"
,
name
=
"ip"
)
s_static
(
"
\r\n
"
)
s_static
(
'Content-Length'
)
s_static
(
':'
)
s_size
(
'data'
,
output_format
=
'ascii'
,
fuzzable
=
True
)
# size的值根据data部分的长度自动进行计算,同时对该字段进行fuzz
s_static
(
'
\r\n
'
)
with
s_block
(
'data'
):
s_static
(
'HNAP_AUTH: '
)
s_string
(
'BBD0605AF8690024AF8568BE88DD7B8E 1482588069'
,
max_len
=
50
)
s_static
(
'
\r\n
'
)
s_static
(
'User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
\r\n
Accept: */*
\r\n
'
)
s_static
(
'Accept-Encoding: gzip, deflate
\r\n
Content-Type: text/xml; charset=utf-8
\r\n
'
)
s_static
(
'Accept-Language: en-US,en;q=0.5'
)
s_static
(
'
\r\n
'
)
s_static
(
'SOAPAction: '
)
s_string
(
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAA'
,
max_len
=
2048
)
s_static
(
'
\r\n
'
)
s_static
(
'X-Requested-With: XML
\r\n
HttpRequestReferer: http://192.168.0.1/info/Login.html
\r\n
Connection: keep-alive
\r\n
'
)
s_string
(
'login'
,
max_len
=
50
)
# # LINE 1
# s_static("POST", name="Method")
# s_delim(" ", name='space-1')
# s_static("/HNAP1/", name='Request-URI') # variation
# s_delim(" ", name='space-2')
# s_static('HTTP/1.1', name='HTTP-Version')
# s_static("\r\n")
# # LINE 2
# s_static("Host", name="Host")
# s_static(": ")
# s_static("192.168.0.1", name="ip")
# s_static("\r\n")
# s_static('User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0Accept: */*')
# s_static('\r\n')
# s_static('Accept-Language: en-US,en;q=0.5')
# s_static('\r\n')
# s_static('Accept-Encoding: gzip, deflateContent-Type: text/xml; charset=utf-8')
# s_static('SOAPAction: ')
# s_string('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAA', max_len=1024)
# s_static('HNAP_AUTH: ')
# s_string('BBD0605AF8690024AF8568BE88DD7B8E 1482588069', max_len=1024)
# s_static('X-Requested-With: XMLHttpRequestReferer: http://192.168.0.1/info/Login.htmlContent-Length: 306Cookie: uid=kV8BSOXCocConnection: close')
# s_static('\r\n')
session
.
connect
(
s_get
(
"Request"
))
session
.
fuzz
()
if
__name__
==
"__main__"
:
main
()
# POST /cgi-bin/New_GUI/Set/Diagnostics.asp HTTP/1.1
# Host: 192.168.1.1
# User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
# Accept: */*
# Accept-Language: en-US,en;q=0.5
# Content-Type: text/xml; charset=utf-8
# Accept-Encoding: gzip, deflate
# X-Requested-With: XMLHttpRequest
# Referer: http://192.168.0.1/cgi-bin/New_GUI/Set/Diagnostics.asp
# Content-Length: 47
# Connection: keep-alive
# Type=p&sessionKey=2044897763&Addr=192.168.100.1
# POST /HNAP1/ HTTP/1.1
# Host: 192.168.0.1
# User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
# Accept: */*
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Content-Type: text/xml; charset=utf-8
# SOAPAction: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAA
# HNAP_AUTH: BBD0605AF8690024AF8568BE88DD7B8E 1482588069
# X-Requested-With: XMLHttpRequest
# Referer: http://192.168.0.1/info/Login.html
# Content-Length: 306
# Cookie: uid=COwdMipz3w
# Connection: close
# COwdMipz3w
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
