Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Python Script for Fuzzing the IronWASP WebSocket Demo Application
#import the required binaries and namespaces
import clr
clr.AddReference("WebsocketClient.exe")
from WebsocketClient import *
#the websocket message templates used by WebSocket DemoApp
create_session_msg = '{"cmd":"startSession"}'
get_prod_msg = '{"cmd":"getProduct", "sessionId":"", "id":0}'
get_error_msg = '{"cmd":"getError", "sessionId":""}'
#Reading the payloads from FuzzDB's payload file
f = open('d:\\fuzzdb.txt')
lines = f.readlines()
f.close()
#Gets the product specific to a product ID by sending corresponding WebSocket messages
def get_product(pid):
try:
jm = Tools.ParseAsJson(get_prod_msg)
jm["sessionId"] = session_id
jm["id"] = pid
ws.Send(jm.ToString())
m = ws.Read()
jm = Tools.ParseAsJson(m)
return jm["product"].ToString()
except:
return ""
#Create the WebSocket session and store the Session ID for this session
def create_session():
ws.Send(create_session_msg)
m = ws.Read()
jm = Tools.ParseAsJson(m)
return jm["sessionId"].ToString().strip('"')
#Check and retrive any error info available on the server using WebSocket messages
def get_error():
try:
jm = Tools.ParseAsJson(get_error_msg)
jm["sessionId"] = session_id
ws.Send(jm.ToString())
m = ws.Read()
jm = Tools.ParseAsJson(m)
if jm["code"].ToString().strip('"') == "takeError":
return jm["info"].ToString().strip('"')
else:
return ""
except:
return ""
ws = SyncWebsockClient()
ws.Connect("ws://localhost:9091/app", "", "")
session_id = create_session()
for line in lines:
get_product(line)
err = get_error()
if len(err) > 0:
print line + " --> " + err
break
else:
print line + " --> No error"
print "\r\n------------------\r\n"
ws.Close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment