joenorton8014/new-http-fuzz.py

## new-http-fuzz.py
import socket
import random
import argparse
import ssl
import time

# Some customizations on a fuzzer from SANS660
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a

def main():
    http_verbs = []
    args = buildargparser()
    if args.t:
        target = args.t
    else:
        print("Please provide a fuzzing target")
    if args.p:
        port = args.p
    else:
        print("Please provide a port for the HTTP web app")
    if args.v:
        if args.v == "ALL":
            http_verbs = ["GET", "HEAD", "DELETE", "PUT", "TRACE", "POST", "OPTIONS", "CONNECT"]
        else:
            http_verbs = [args.v]
    else:
        "Please pick a verb to fuzz, or choose \"all\""
    if args.m:
        string_length = args.m
    else:
        print("Please a numeric value for the max string length")

    if args.s:
        secure_connection = True
    else:
        secure_connection = False

    timestamp = Get_File_Timestamp()
    f = open("httpfuzz-log-" + str(timestamp) + ".txt", "w")
    print("Sending junk to the local webserver")

    if secure_connection == True:
        Send_HTTPS_Packets(http_verbs,target,port,string_length,f)
    elif secure_connection == False:
        Send_HTTP_Packets(http_verbs,target,port,string_length,f)


def buildargparser():
    parser = argparse.ArgumentParser(prog='http-fuzz.py', description='A Simple HTTP/s Fuzzer')
    parser.add_argument('-t', help='Fuzzing target',required=True)
    parser.add_argument('-p', help='Port the web app is running on',required=True)
    parser.add_argument('-v', help='HTTP verb to fuzz. Options are - GET, HEAD, DELETE, PUT, TRACE, POST, OPTIONS, CONNECT or ALL',required=True)
    parser.add_argument('-m', help='Max string length to fuzz',required=True)
    parser.add_argument('-s', help='Is the site https? If so add the -s argument',required=False, action='store_true')
    return parser.parse_args()

def Get_File_Timestamp():
    day = time.strftime("%Y-%m-%d_")
    clock = time.strftime("%I%M%S")
    timestamp = day+clock
    return timestamp

def randstring(string_length):
    s = ""
    for i in range(random.randint(1,int(string_length))):
        s += chr(random.randint(0x30,0x7a))
    return s

def Send_HTTP_Packets(http_verbs,target,port,string_length,f):
    x = 0
    while 1:
        print("Fuzzing verbs set " + str(x))
        f.write("Fuzzing verbs set " + str(x) + "\n")
        for verb in http_verbs:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((target,int(port)))

            junkA = randstring(string_length)
            junkB = randstring(string_length)
            junkC = randstring(string_length)
            junkD = randstring(string_length)
            junkE = randstring(string_length)


            pckt = verb +" /"+junkA+" HTTP/1.1\r\nReferer: http://"+junkB+"\r\nHost: http://"+junkC+"\r\n"+junkD+": "+junkE+"\r\n\r\n"
            f.write(pckt)

            s.send(pckt.encode('utf-8'))
            s.close()
            x += 1


def Send_HTTPS_Packets(http_verbs,target,port,string_length,f):
    x = 0
    while 1:
        print("Fuzzing verbs set " + str(x))
        f.write("Fuzzing verbs set " + str(x) + "\n")
        for verb in http_verbs:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            #s = ssl.wrap_socket(s, keyfile=None, certfile=None, server_side=False, cert_reqs=ssl.CERT_NONE, ssl_version=PROTOCOL_TLS, ciphers="ADH-AES256-SHA")
            s_secure = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLS)
            s_secure.connect((target,int(port)))

            junkA = randstring(string_length)
            junkB = randstring(string_length)
            junkC = randstring(string_length)
            junkD = randstring(string_length)
            junkE = randstring(string_length)


            pckt = verb +" /"+junkA+" HTTP/1.1\r\nReferer: http://"+junkB+"\r\nHost: http://"+junkC+"\r\n"+junkD+": "+junkE+"\r\n\r\n"
            f.write(pckt)

            s_secure.send(pckt.encode('utf-8'))
            s_secure.close()
            x += 1

main()
	import socket
	import random
	import argparse
	import ssl
	import time

	# Some customizations on a fuzzer from SANS660
	# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a

	def main():
	http_verbs = []
	args = buildargparser()
	if args.t:
	target = args.t
	else:
	print("Please provide a fuzzing target")
	if args.p:
	port = args.p
	else:
	print("Please provide a port for the HTTP web app")
	if args.v:
	if args.v == "ALL":
	http_verbs = ["GET", "HEAD", "DELETE", "PUT", "TRACE", "POST", "OPTIONS", "CONNECT"]
	else:
	http_verbs = [args.v]
	else:
	"Please pick a verb to fuzz, or choose \"all\""
	if args.m:
	string_length = args.m
	else:
	print("Please a numeric value for the max string length")

	if args.s:
	secure_connection = True
	else:
	secure_connection = False

	timestamp = Get_File_Timestamp()
	f = open("httpfuzz-log-" + str(timestamp) + ".txt", "w")
	print("Sending junk to the local webserver")

	if secure_connection == True:
	Send_HTTPS_Packets(http_verbs,target,port,string_length,f)
	elif secure_connection == False:
	Send_HTTP_Packets(http_verbs,target,port,string_length,f)



	def buildargparser():
	parser = argparse.ArgumentParser(prog='http-fuzz.py', description='A Simple HTTP/s Fuzzer')
	parser.add_argument('-t', help='Fuzzing target',required=True)
	parser.add_argument('-p', help='Port the web app is running on',required=True)
	parser.add_argument('-v', help='HTTP verb to fuzz. Options are - GET, HEAD, DELETE, PUT, TRACE, POST, OPTIONS, CONNECT or ALL',required=True)
	parser.add_argument('-m', help='Max string length to fuzz',required=True)
	parser.add_argument('-s', help='Is the site https? If so add the -s argument',required=False, action='store_true')
	return parser.parse_args()

	def Get_File_Timestamp():
	day = time.strftime("%Y-%m-%d_")
	clock = time.strftime("%I%M%S")
	timestamp = day+clock
	return timestamp

	def randstring(string_length):
	s = ""
	for i in range(random.randint(1,int(string_length))):
	s += chr(random.randint(0x30,0x7a))
	return s

	def Send_HTTP_Packets(http_verbs,target,port,string_length,f):
	x = 0
	while 1:
	print("Fuzzing verbs set " + str(x))
	f.write("Fuzzing verbs set " + str(x) + "\n")
	for verb in http_verbs:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((target,int(port)))

	junkA = randstring(string_length)
	junkB = randstring(string_length)
	junkC = randstring(string_length)
	junkD = randstring(string_length)
	junkE = randstring(string_length)


	pckt = verb +" /"+junkA+" HTTP/1.1\r\nReferer: http://"+junkB+"\r\nHost: http://"+junkC+"\r\n"+junkD+": "+junkE+"\r\n\r\n"
	f.write(pckt)

	s.send(pckt.encode('utf-8'))
	s.close()
	x += 1


	def Send_HTTPS_Packets(http_verbs,target,port,string_length,f):
	x = 0
	while 1:
	print("Fuzzing verbs set " + str(x))
	f.write("Fuzzing verbs set " + str(x) + "\n")
	for verb in http_verbs:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	#s = ssl.wrap_socket(s, keyfile=None, certfile=None, server_side=False, cert_reqs=ssl.CERT_NONE, ssl_version=PROTOCOL_TLS, ciphers="ADH-AES256-SHA")
	s_secure = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLS)
	s_secure.connect((target,int(port)))

	junkA = randstring(string_length)
	junkB = randstring(string_length)
	junkC = randstring(string_length)
	junkD = randstring(string_length)
	junkE = randstring(string_length)


	pckt = verb +" /"+junkA+" HTTP/1.1\r\nReferer: http://"+junkB+"\r\nHost: http://"+junkC+"\r\n"+junkD+": "+junkE+"\r\n\r\n"
	f.write(pckt)

	s_secure.send(pckt.encode('utf-8'))
	s_secure.close()
	x += 1

	main()