Created
January 18, 2021 14:24
-
-
Save Sinkmanu/8ec656aee03051b272bde600fd4e9264 to your computer and use it in GitHub Desktop.
Basic HTTP fuzzer (w boofuzz)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from boofuzz import * | |
| import sys | |
| host = sys.argv[1] | |
| port = int(sys.argv[2]) | |
| session = Session(target=Target(SocketConnection(host, int(port)))) | |
| s_initialize(name="request") | |
| with s_block("verb"): | |
| s_group("Method", ["GET", "HEAD"]) | |
| s_delim(" ", name="space1") | |
| s_static("FUZZ", size=-1) | |
| s_delim(" ", name="space2") | |
| s_string("HTTP") | |
| s_string("/", fuzzable=False) | |
| s_string("1.1") | |
| s_static("\r\n", name="Request-Line-CRLF") | |
| s_static("\r\n", "Request-CRLF") | |
| session.connect(s_get("request")) | |
| session.fuzz() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment