-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathdemo_fuzz_files.pl
More file actions
69 lines (60 loc) · 2.66 KB
/
demo_fuzz_files.pl
File metadata and controls
69 lines (60 loc) · 2.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
% demo_fuzz_files.pl: demonstrate fuzzing GET and POST requests saved to text files
%
% The text files get.txt and post.txt contain samples of requests to the badstore website
% at address 192.168.56.101. The badstore VM is available for download from vulnhub.com.
% If you wish to run this script with those samples, you will need to download badstore
% and configure it to run at that address. I followed the setup instructions in Chapter 2
% of "Gray Hat C#" by Brandon Perry.
%
% To run this script use this command at the shell prompt:
% $ swipl -s demo_fuzz_files.pl
%
% To use an HTTP proxy like BurpSuite or Fiddler, set the environment variable http_proxy:
% $ env http_proxy=http://localhost:8080 swipl -s demo_fuzz_files.pl
:- initialization(main).
:- initialization(halt).
% system libraries
:- use_module(library(http/http_client), [http_read_data/3]).
:- use_module(library(http/http_header), [http_read_request/2]).
:- use_module(library(url), [parse_url/2]).
% modules
:- use_module(webfuzz).
main :-
fuzz_from_file('get.txt'),
fuzz_from_file('post.txt').
fuzz_from_file(File) :-
format('--- Fuzzing from File: ~w ---~n', [File]),
file_request_form(File, Request, FormPairs),
request_to_url(Request, http, Url),
memberchk(method(Method), Request),
format('URL: ~w~nMETHOD: ~w~nFORM: ~q~n', [Url, Method, FormPairs]),
!, fuzz_loop(Method, Url, FormPairs),
nl.
file_request_form(File, Request, FormPairs) :-
setup_call_cleanup(open(File, read, Fd, []),
stream_request_form(Fd, Request, FormPairs),
close(Fd)).
stream_request_form(Stream, Request, FormPairs) :-
http_read_request(Stream, Request),
http_read_data(Request, FormPairsTmp, []),
( FormPairsTmp = [_,_]
-> FormPairs = FormPairsTmp
; FormPairs = []
).
request_to_url(Request, Protocol, Url) :-
% with query parameters in the URL
subset([host(Host), path(Path), search(Search)], Request),
!, parse_url(Url, [protocol(Protocol), host(Host), path(Path), search(Search)]).
request_to_url(Request, Protocol, Url) :-
% without query parameters
subset([host(Host), path(Path)], Request),
!, parse_url(Url, [protocol(Protocol), host(Host), path(Path)]).
fuzz_loop(Method, Url, FormPairs) :-
url_parameter_vulnerable(Method, Url, FormPairs, ParameterName, Vulnerability),
format('Possible ~w vulnerability in query parameter ~q~n', [Vulnerability, ParameterName]),
fail.
fuzz_loop(post, Url, FormPairs) :-
url_form_parameter_vulnerable(Url, FormPairs, ParameterName, Vulnerability),
format('Possible ~w vulnerability in form parameter ~q~n', [Vulnerability, ParameterName]),
fail.
fuzz_loop(_,_,_).