Fix JSON and headers for raw data
parent
92146f2bcd
commit
b2eef12b15
|
@ -29,6 +29,9 @@ class Requester(object):
|
|||
|
||||
# Parse headers
|
||||
for header in content[1:]:
|
||||
if header == '':
|
||||
# edge-case, when data is sent raw (json/xml)
|
||||
break
|
||||
name, _, value = header.partition(': ')
|
||||
if not name or not value:
|
||||
continue
|
||||
|
@ -75,16 +78,21 @@ class Requester(object):
|
|||
|
||||
def do_request(self, param, value, timeout=3, stream=False):
|
||||
try:
|
||||
# Debug information
|
||||
logging.debug(f"Request param: {param}")
|
||||
logging.debug(f"Request value: {value}")
|
||||
logging.debug(f"Request timeout: {timeout}")
|
||||
|
||||
# Handle injection in the headers
|
||||
# Copying data to avoid multiple variables edit
|
||||
header_injected = self.headers.copy()
|
||||
if param in self.headers:
|
||||
if param in header_injected:
|
||||
header_injected[param] = value
|
||||
print('inject in header')
|
||||
print(header_injected)
|
||||
|
||||
logging.debug("Request inject: Injecting payload in HTTP Header")
|
||||
|
||||
logging.debug(f"Request method: {self.method}")
|
||||
if self.method == "POST":
|
||||
|
||||
# Copying data to avoid multiple variables edit
|
||||
data_injected = self.data.copy()
|
||||
|
||||
|
@ -93,10 +101,13 @@ class Requester(object):
|
|||
|
||||
# Handle JSON data
|
||||
if self.headers['Content-Type'] and "application/json" in self.headers['Content-Type']:
|
||||
logging.debug("Request type: JSON")
|
||||
logging.debug(f"Request data: {data_injected}")
|
||||
|
||||
r = requests.post(
|
||||
self.protocol + "://" + self.host + self.action,
|
||||
headers=header_injected,
|
||||
json=data_injected,
|
||||
data=json.dumps(data_injected),
|
||||
headers=self.headers,
|
||||
timeout=timeout,
|
||||
stream=stream,
|
||||
verify=False,
|
||||
|
@ -105,16 +116,20 @@ class Requester(object):
|
|||
|
||||
# Handle XML data
|
||||
elif self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
|
||||
logging.debug("Request type: XML")
|
||||
|
||||
if "*FUZZ*" in data_injected['__xml__']:
|
||||
logging.debug("Request inject: XML parameter")
|
||||
|
||||
# replace the injection point with the payload
|
||||
data_xml = data_injected['__xml__']
|
||||
data_xml = data_xml.replace('*FUZZ*', value)
|
||||
|
||||
logging.debug(f"Request data: {data_xml}")
|
||||
r = requests.post(
|
||||
self.protocol + "://" + self.host + self.action,
|
||||
headers=header_injected,
|
||||
data=data_xml,
|
||||
headers=self.headers,
|
||||
timeout=timeout,
|
||||
stream=stream,
|
||||
verify=False,
|
||||
|
@ -127,7 +142,12 @@ class Requester(object):
|
|||
|
||||
# Handle FORM data
|
||||
else:
|
||||
if param == '': data_injected = value
|
||||
if param == '':
|
||||
logging.debug("Request inject: POST raw data")
|
||||
data_injected = value
|
||||
else:
|
||||
logging.debug("Request inject: POST parameter")
|
||||
|
||||
r = requests.post(
|
||||
self.protocol + "://" + self.host + self.action,
|
||||
headers=header_injected,
|
||||
|
@ -142,6 +162,8 @@ class Requester(object):
|
|||
logging.error("No injection point found ! (use -p)")
|
||||
exit(1)
|
||||
else:
|
||||
logging.debug("Request inject: GET parameter")
|
||||
|
||||
# String is immutable, we don't have to do a "forced" copy
|
||||
regex = re.compile(param+"=([^&]+)")
|
||||
value = urllib.parse.quote(value, safe='')
|
||||
|
|
Loading…
Reference in New Issue