-
-
[讨论]一个low逼的boofuzz脚本生成器
-
2020-8-14 16:47
-
花了20分钟写了个很low的东西
直接贴代码
def do_body(line):
global script
t=line.split('&')
for i in range(len(t)):
m,n=t[i].split('=')
script+='\t\ts_static("%s=")%s'%(m,LineFile)
if LineFile in n:
n=n.replace(LineFile,'')
script+='\t\ts_string("%s", max_len=1024)%s' %(n,LineFile)
if i!=len(t)-1:
script+='\t\ts_static("&")'+LineFile
IP='ihome.360.cn'
PORT=80
f=open('./post.txt','rb')
line=f.readline()
if line[-2:]=='\r\n':
LineFile='\r\n'
LineFile_='\\r\\n'
else:
LineFile='\n'
LineFile_='\\n'
f.close()
#'+LineFile
script='from boofuzz import *'+LineFile
script+='SLEEP_TIME = 1.5'+LineFile
script+='TIMEOUT = 5'+LineFile
script+='def main():'+LineFile
script+='\tsession = Session(sleep_time=SLEEP_TIME,target=Target(connection=TCPSocketConnection("%s", %d)),)%s' %(IP,PORT,LineFile)
script+='\ts_initialize(name="Post")'+LineFile
script+='\twith s_block("Post-Line"):'+LineFile
f=open('./post.txt','rb')
Fscript=open('./FuzzScript.py','wb')
line=f.readline()
while line:
if line==LineFile:
line=f.readline()
script+='\ts_static("%s", "Request-CRLF")%s'%(LineFile_,LineFile)
script+='\twith s_block("Body-Content"):'+LineFile
do_body(line)
script+='\tsession.connect(s_get("Post"))'+LineFile
script+='\tsession.fuzz()'+LineFile
script+='if __name__ == "__main__":'+LineFile
script+='\tmain()'+LineFile
f.seek(0)
all_file=f.read()
script+=LineFile+'\'\'\''+LineFile+all_file+LineFile+'\'\'\''
else:
t=line.split(' ')
for i in range(len(t)):
if t[i]=='Content-Length:':
script+='\t\ts_static("Content-Length:")'+LineFile
script+='\t\ts_static(" ")\r\n'
script+='\t\ts_size("Body-Content", output_format="ascii", fuzzable=True)'+LineFile
script+='\t\ts_static(%s)%s' %(LineFile_,LineFile)
break
if LineFile in t[i]:
tt=t[i].split(LineFile)
#print tt
if i!=0:
script+='\t\ts_static(" ")'+LineFile
script+='\t\ts_static("%s")%s' %(tt[0],LineFile)
script+='\t\ts_static("%s")%s' %(LineFile_,LineFile)
else:
if i!=0:
script+='\t\ts_static(" ")'+LineFile
script+='\t\ts_static("%s")%s' %(t[i],LineFile)
line=f.readline()
script+=LineFile
Fscript.write(script)
Fscript.close()post是这样子的
POST /app/devices/webs/setchildlist.cgi HTTP/1.1 Host: ihome.360.cn Content-Length: 135 Accept: */* Origin: http://ihome.360.cn X-Requested-With: XMLHttpRequest token_id: deb3c823777ca07050b69e6e6336da44 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360SE Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://ihome.360.cn/app/baby_mode/webs/index.html?t=1597396333772 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: __huid=11lM5QC7M8%2BV1m3gpUbZxqvmp7coC1eB9CCPwMYIxdv38%3D; __guid=132730903.1862459395348000300.1571113487520.2976; v=o14)R.-Hwi:T1ZCsB878; Qs_lvt_317691=1571458567%2C1571458709; Qs_pv_317691=2053859005725308000%2C2143554520725135600; bad_id73963b90-5cf1-11e9-9a78-b1dd2463a67d=71c7cc71-f729-11e9-bad4-935ebcb55de6; __DC_gid=65863720.124356338.1571407940111.1576040598488.23; Qs_lvt_327145=1576040593%2C1576040598; Qs_pv_327145=3877702283560961000%2C2235936494817687300%2C1812823523483131100%2C1983296644454798300; Qs_lvt_299978=1577692531; Qs_pv_299978=3121754979306215400; _ga=GA1.2.1911454275.1577692533; __gid=65863720.124356338.1571407940111.1584088558934.86; Qihoo_360_login=d4399b2c92753475f9915585870832d3; monitor_count=1 Connection: close action=mod&sex=1&mac=98-E7-43-63-E8-A9&timer_enable=1&timer_day=1 2 3 4 5&start_hour=23&start_minute=07&end_hour=08&end_minute=00&idx=0
生成出来是这样子的
from boofuzz import *
def main():
session = Session(target=Target(connection=TCPSocketConnection("ihome.360.cn", 80)),)
s_initialize(name="Post")
with s_block("Post-Line"):
s_static("POST")
s_delim(" ")
s_static("/app/devices/webs/setchildlist.cgi")
s_delim(" ")
s_static("HTTP/1.1")
s_static("\r\n")
s_static("Host:")
s_delim(" ")
s_static("ihome.360.cn")
s_static("\r\n")
s_static("Content-Length:")
s_delim(" ")
s_size("Body-Content", output_format="ascii", fuzzable=True)
s_static("\r\n")
s_static("Accept:")
s_delim(" ")
s_static("*/*")
s_static("\r\n")
s_static("Origin:")
s_delim(" ")
s_static("http://ihome.360.cn")
s_static("\r\n")
s_static("X-Requested-With:")
s_delim(" ")
s_static("XMLHttpRequest")
s_static("\r\n")
s_static("token_id:")
s_delim(" ")
s_static("deb3c823777ca07050b69e6e6336da44")
s_static("\r\n")
s_static("User-Agent:")
s_delim(" ")
s_static("Mozilla/5.0")
s_delim(" ")
s_static("(Windows")
s_delim(" ")
s_static("NT")
s_delim(" ")
s_static("10.0;")
s_delim(" ")
s_static("WOW64)")
s_delim(" ")
s_static("AppleWebKit/537.36")
s_delim(" ")
s_static("(KHTML,")
s_delim(" ")
s_static("like")
s_delim(" ")
s_static("Gecko)")
s_delim(" ")
s_static("Chrome/78.0.3904.108")
s_delim(" ")
s_static("Safari/537.36")
s_delim(" ")
s_static("QIHU")
s_delim(" ")
s_static("360SE")
s_static("\r\n")
s_static("Content-Type:")
s_delim(" ")
s_static("application/x-www-form-urlencoded;")
s_delim(" ")
s_static("charset=UTF-8")
s_static("\r\n")
s_static("Referer:")
s_delim(" ")
s_static("http://ihome.360.cn/app/baby_mode/webs/index.html?t=1597396333772")
s_static("\r\n")
s_static("Accept-Encoding:")
s_delim(" ")
s_static("gzip,")
s_delim(" ")
s_static("deflate")
s_static("\r\n")
s_static("Accept-Language:")
s_delim(" ")
s_static("zh-CN,zh;q=0.9")
s_static("\r\n")
s_static("Cookie:")
s_delim(" ")
s_static("__huid=11lM5QC7M8%2BV1m3gpUbZxqvmp7coC1eB9CCPwMYIxdv38%3D;")
s_delim(" ")
s_static("__guid=132730903.1862459395348000300.1571113487520.2976;")
s_delim(" ")
s_static("v=o14)R.-Hwi:T1ZCsB878;")
s_delim(" ")
s_static("Qs_lvt_317691=1571458567%2C1571458709;")
s_delim(" ")
s_static("Qs_pv_317691=2053859005725308000%2C2143554520725135600;")
s_delim(" ")
s_static("bad_id73963b90-5cf1-11e9-9a78-b1dd2463a67d=71c7cc71-f729-11e9-bad4-935ebcb55de6;")
s_delim(" ")
s_static("__DC_gid=65863720.124356338.1571407940111.1576040598488.23;")
s_delim(" ")
s_static("Qs_lvt_327145=1576040593%2C1576040598;")
s_delim(" ")
s_static("Qs_pv_327145=3877702283560961000%2C2235936494817687300%2C1812823523483131100%2C1983296644454798300;")
s_delim(" ")
s_static("Qs_lvt_299978=1577692531;")
s_delim(" ")
s_static("Qs_pv_299978=3121754979306215400;")
s_delim(" ")
s_static("_ga=GA1.2.1911454275.1577692533;")
s_delim(" ")
s_static("__gid=65863720.124356338.1571407940111.1584088558934.86;")
s_delim(" ")
s_static("Qihoo_360_login=d4399b2c92753475f9915585870832d3;")
s_delim(" ")
s_static("monitor_count=1")
s_static("\r\n")
s_static("Connection:")
s_delim(" ")
s_static("close")
s_static("\r\n")
s_static("\r\n", "Request-CRLF")
with s_block("Body-Content"):
s_static("action=")
s_string("mod", max_len=1024)
s_static("&")
s_static("sex=")
s_string("1", max_len=1024)
s_static("&")
s_static("mac=")
s_string("98-E7-43-63-E8-A9", max_len=1024)
s_static("&")
s_static("timer_enable=")
s_string("1", max_len=1024)
s_static("&")
s_static("timer_day=")
s_string("1 2 3 4 5", max_len=1024)
s_static("&")
s_static("start_hour=")
s_string("23", max_len=1024)
s_static("&")
s_static("start_minute=")
s_string("07", max_len=1024)
s_static("&")
s_static("end_hour=")
s_string("08", max_len=1024)
s_static("&")
s_static("end_minute=")
s_string("00", max_len=1024)
s_static("&")
s_static("idx=")
s_string("0", max_len=1024)
session.connect(s_get("Post"))
session.fuzz()
if __name__ == "__main__":
main()
'''
POST /app/devices/webs/setchildlist.cgi HTTP/1.1
Host: ihome.360.cn
Content-Length: 135
Accept: */*
Origin: http://ihome.360.cn
X-Requested-With: XMLHttpRequest
token_id: deb3c823777ca07050b69e6e6336da44
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360SE
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://ihome.360.cn/app/baby_mode/webs/index.html?t=1597396333772
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: __huid=11lM5QC7M8%2BV1m3gpUbZxqvmp7coC1eB9CCPwMYIxdv38%3D; __guid=132730903.1862459395348000300.1571113487520.2976; v=o14)R.-Hwi:T1ZCsB878; Qs_lvt_317691=1571458567%2C1571458709; Qs_pv_317691=2053859005725308000%2C2143554520725135600; bad_id73963b90-5cf1-11e9-9a78-b1dd2463a67d=71c7cc71-f729-11e9-bad4-935ebcb55de6; __DC_gid=65863720.124356338.1571407940111.1576040598488.23; Qs_lvt_327145=1576040593%2C1576040598; Qs_pv_327145=3877702283560961000%2C2235936494817687300%2C1812823523483131100%2C1983296644454798300; Qs_lvt_299978=1577692531; Qs_pv_299978=3121754979306215400; _ga=GA1.2.1911454275.1577692533; __gid=65863720.124356338.1571407940111.1584088558934.86; Qihoo_360_login=d4399b2c92753475f9915585870832d3; monitor_count=1
Connection: close
action=mod&sex=1&mac=98-E7-43-63-E8-A9&timer_enable=1&timer_day=1 2 3 4 5&start_hour=23&start_minute=07&end_hour=08&end_minute=00&idx=0
'''对sulley 那些语法一窍不通照着模板写了个,貌似fuzz的时候能连接成功!
脚本像坨shi,生成的脚本也像坨shi
主要起个抛砖引玉的效果,大佬们别骂了
【看雪培训】《Adroid高级研修班》2022年春季班招生中!
最后于 2020-9-22 11:06
被大帅锅编辑
,原因: 修改完善了下脚本,增加了不同格式的判断
|
|
|---|---|
|
|
|
|
|
换成代码了 |
|
|
|
|
|
|
|
|
|
