95 lines
2.7 KiB
Python
95 lines
2.7 KiB
Python
from urllib.parse import unquote
|
|
import selenium
|
|
import time
|
|
from selenium import webdriver
|
|
from selenium.webdriver.support.ui import WebDriverWait
|
|
from urllib.parse import urlparse
|
|
from urllib.parse import urlencode
|
|
|
|
from tags import Attributes
|
|
|
|
# WAFBypass class
|
|
|
|
from language import HTMLTag, HTMLAttribute, HTMLTagAttributeType
|
|
|
|
t = HTMLTag("form")
|
|
i = HTMLTag("input", self_closing=True)
|
|
i.attributes.append(HTMLAttribute("type", HTMLTagAttributeType.TypeText))
|
|
t.children.append(i)
|
|
print(t)
|
|
|
|
|
|
class WAFBypass():
|
|
code = "window.alert_trigger = false;window.alert = function() {window.alert_trigger = true;}"
|
|
|
|
def __init__(self, url) -> None:
|
|
self.options = webdriver.ChromeOptions()
|
|
self.options.add_argument('--no-sandbox')
|
|
self.options.add_argument('--headless')
|
|
self.driver = webdriver.Chrome(options=self.options)
|
|
self.url = urlparse(url)
|
|
|
|
if not self.check_connection():
|
|
raise Exception("Connection Error")
|
|
|
|
self.driver.execute_cdp_cmd(
|
|
"Page.addScriptToEvaluateOnNewDocument", {"source": self.code})
|
|
|
|
def check_connection(self):
|
|
try:
|
|
self.driver.get(self.url.geturl())
|
|
return True
|
|
except:
|
|
return False
|
|
|
|
def wait_for_pageload(self):
|
|
try:
|
|
WebDriverWait(self.driver, 4).until(
|
|
lambda driver: driver.execute_script("return document.readyState") == "complete")
|
|
except TimeoutError:
|
|
raise Exception("Page Load Error")
|
|
|
|
def get_page_title(self):
|
|
return self.driver.title
|
|
|
|
@property
|
|
def is_403(self):
|
|
return self.driver.title == "403 Forbidden"
|
|
|
|
@property
|
|
def triggered_xss(self):
|
|
return self.driver.execute_script("return window.alert_trigger")
|
|
|
|
def navigate(self, url):
|
|
self.driver.get(url)
|
|
self.wait_for_pageload()
|
|
|
|
is403 = False
|
|
|
|
if self.is_403:
|
|
is403 = True
|
|
else:
|
|
is403 = False
|
|
|
|
triggerxss = self.triggered_xss
|
|
|
|
return (is403, triggerxss)
|
|
|
|
def run_fuzz(self):
|
|
try:
|
|
for attr in Attributes:
|
|
# print(f"[*] Testing {attr.name} attribute {attr}")
|
|
encoded = urlencode({"param2": f"{attr}"})
|
|
url = f"{self.url.scheme}://{self.url.netloc}/?{encoded}"
|
|
# print(url)
|
|
is403, trigger = self.navigate(url)
|
|
if not is403:
|
|
print(f"[+] {attr.name} attribute is not filtered")
|
|
except KeyboardInterrupt:
|
|
self.driver.close()
|
|
exit(0)
|
|
|
|
|
|
w = WAFBypass("http://aws-wafbypass-lb-311079289.eu-south-1.elb.amazonaws.com")
|
|
w.run_fuzz()
|