Last active
August 15, 2018 02:20
-
-
Save joenorton8014/2370818e7df39bdfa05e7c02b274fdcc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import random | |
import argparse | |
import ssl | |
import time | |
# Some customizations on a fuzzer from SANS660 | |
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a | |
def main(): | |
http_verbs = [] | |
args = buildargparser() | |
if args.t: | |
target = args.t | |
else: | |
print("Please provide a fuzzing target") | |
if args.p: | |
port = args.p | |
else: | |
print("Please provide a port for the HTTP web app") | |
if args.v: | |
if args.v == "ALL": | |
http_verbs = ["GET", "HEAD", "DELETE", "PUT", "TRACE", "POST", "OPTIONS", "CONNECT"] | |
else: | |
http_verbs = [args.v] | |
else: | |
"Please pick a verb to fuzz, or choose \"all\"" | |
if args.m: | |
string_length = args.m | |
else: | |
print("Please a numeric value for the max string length") | |
if args.s: | |
secure_connection = True | |
else: | |
secure_connection = False | |
timestamp = Get_File_Timestamp() | |
f = open("httpfuzz-log-" + str(timestamp) + ".txt", "w") | |
print("Sending junk to the local webserver") | |
if secure_connection == True: | |
Send_HTTPS_Packets(http_verbs,target,port,string_length,f) | |
elif secure_connection == False: | |
Send_HTTP_Packets(http_verbs,target,port,string_length,f) | |
def buildargparser(): | |
parser = argparse.ArgumentParser(prog='http-fuzz.py', description='A Simple HTTP/s Fuzzer') | |
parser.add_argument('-t', help='Fuzzing target',required=True) | |
parser.add_argument('-p', help='Port the web app is running on',required=True) | |
parser.add_argument('-v', help='HTTP verb to fuzz. Options are - GET, HEAD, DELETE, PUT, TRACE, POST, OPTIONS, CONNECT or ALL',required=True) | |
parser.add_argument('-m', help='Max string length to fuzz',required=True) | |
parser.add_argument('-s', help='Is the site https? If so add the -s argument',required=False, action='store_true') | |
return parser.parse_args() | |
def Get_File_Timestamp(): | |
day = time.strftime("%Y-%m-%d_") | |
clock = time.strftime("%I%M%S") | |
timestamp = day+clock | |
return timestamp | |
def randstring(string_length): | |
s = "" | |
for i in range(random.randint(1,int(string_length))): | |
s += chr(random.randint(0x30,0x7a)) | |
return s | |
def Send_HTTP_Packets(http_verbs,target,port,string_length,f): | |
x = 0 | |
while 1: | |
print("Fuzzing verbs set " + str(x)) | |
f.write("Fuzzing verbs set " + str(x) + "\n") | |
for verb in http_verbs: | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect((target,int(port))) | |
junkA = randstring(string_length) | |
junkB = randstring(string_length) | |
junkC = randstring(string_length) | |
junkD = randstring(string_length) | |
junkE = randstring(string_length) | |
pckt = verb +" /"+junkA+" HTTP/1.1\r\nReferer: http://"+junkB+"\r\nHost: http://"+junkC+"\r\n"+junkD+": "+junkE+"\r\n\r\n" | |
f.write(pckt) | |
s.send(pckt.encode('utf-8')) | |
s.close() | |
x += 1 | |
def Send_HTTPS_Packets(http_verbs,target,port,string_length,f): | |
x = 0 | |
while 1: | |
print("Fuzzing verbs set " + str(x)) | |
f.write("Fuzzing verbs set " + str(x) + "\n") | |
for verb in http_verbs: | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
#s = ssl.wrap_socket(s, keyfile=None, certfile=None, server_side=False, cert_reqs=ssl.CERT_NONE, ssl_version=PROTOCOL_TLS, ciphers="ADH-AES256-SHA") | |
s_secure = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLS) | |
s_secure.connect((target,int(port))) | |
junkA = randstring(string_length) | |
junkB = randstring(string_length) | |
junkC = randstring(string_length) | |
junkD = randstring(string_length) | |
junkE = randstring(string_length) | |
pckt = verb +" /"+junkA+" HTTP/1.1\r\nReferer: http://"+junkB+"\r\nHost: http://"+junkC+"\r\n"+junkD+": "+junkE+"\r\n\r\n" | |
f.write(pckt) | |
s_secure.send(pckt.encode('utf-8')) | |
s_secure.close() | |
x += 1 | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment