2018-11-08 09:26:32 +00:00
|
|
|
package runner
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"crypto/tls"
|
2018-11-08 14:16:55 +00:00
|
|
|
"fmt"
|
2018-11-08 09:26:32 +00:00
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
2020-01-07 16:27:43 +00:00
|
|
|
"net/url"
|
2018-11-08 09:26:32 +00:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
"unicode/utf8"
|
|
|
|
|
|
|
|
"github.com/ffuf/ffuf/pkg/ffuf"
|
|
|
|
)
|
|
|
|
|
|
|
|
//Download results < 5MB
|
|
|
|
const MAX_DOWNLOAD_SIZE = 5242880
|
|
|
|
|
|
|
|
type SimpleRunner struct {
|
|
|
|
config *ffuf.Config
|
|
|
|
client *http.Client
|
|
|
|
}
|
|
|
|
|
2020-01-17 07:49:25 +00:00
|
|
|
func NewSimpleRunner(conf *ffuf.Config, replay bool) ffuf.RunnerProvider {
|
2018-11-08 09:26:32 +00:00
|
|
|
var simplerunner SimpleRunner
|
2020-01-07 16:27:43 +00:00
|
|
|
proxyURL := http.ProxyFromEnvironment
|
2020-01-17 07:49:25 +00:00
|
|
|
customProxy := ""
|
2020-01-07 16:27:43 +00:00
|
|
|
|
2020-01-17 07:49:25 +00:00
|
|
|
if replay {
|
|
|
|
customProxy = conf.ReplayProxyURL
|
|
|
|
} else {
|
|
|
|
customProxy = conf.ProxyURL
|
|
|
|
}
|
|
|
|
if len(customProxy) > 0 {
|
|
|
|
pu, err := url.Parse(customProxy)
|
2020-01-07 16:27:43 +00:00
|
|
|
if err == nil {
|
|
|
|
proxyURL = http.ProxyURL(pu)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-08 09:26:32 +00:00
|
|
|
simplerunner.config = conf
|
|
|
|
simplerunner.client = &http.Client{
|
|
|
|
CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse },
|
2019-04-27 07:29:05 +00:00
|
|
|
Timeout: time.Duration(time.Duration(conf.Timeout) * time.Second),
|
2018-11-08 09:26:32 +00:00
|
|
|
Transport: &http.Transport{
|
2020-01-07 16:27:43 +00:00
|
|
|
Proxy: proxyURL,
|
2018-11-14 20:38:13 +00:00
|
|
|
MaxIdleConns: 1000,
|
|
|
|
MaxIdleConnsPerHost: 500,
|
|
|
|
MaxConnsPerHost: 500,
|
2018-11-08 09:26:32 +00:00
|
|
|
TLSClientConfig: &tls.Config{
|
2020-01-07 16:25:42 +00:00
|
|
|
InsecureSkipVerify: true,
|
2018-11-08 09:26:32 +00:00
|
|
|
},
|
|
|
|
}}
|
2019-04-03 09:54:32 +00:00
|
|
|
|
|
|
|
if conf.FollowRedirects {
|
|
|
|
simplerunner.client.CheckRedirect = nil
|
|
|
|
}
|
2018-11-08 09:26:32 +00:00
|
|
|
return &simplerunner
|
|
|
|
}
|
|
|
|
|
2019-11-10 21:30:54 +00:00
|
|
|
func (r *SimpleRunner) Prepare(input map[string][]byte) (ffuf.Request, error) {
|
2018-11-08 09:26:32 +00:00
|
|
|
req := ffuf.NewRequest(r.config)
|
2019-09-02 14:18:36 +00:00
|
|
|
|
2019-11-10 21:30:54 +00:00
|
|
|
req.Headers = r.config.Headers
|
|
|
|
req.Url = r.config.Url
|
|
|
|
req.Method = r.config.Method
|
|
|
|
req.Data = []byte(r.config.Data)
|
|
|
|
|
|
|
|
for keyword, inputitem := range input {
|
|
|
|
req.Method = strings.Replace(req.Method, keyword, string(inputitem), -1)
|
|
|
|
headers := make(map[string]string, 0)
|
|
|
|
for h, v := range req.Headers {
|
|
|
|
headers[strings.Replace(h, keyword, string(inputitem), -1)] = strings.Replace(v, keyword, string(inputitem), -1)
|
|
|
|
}
|
|
|
|
req.Headers = headers
|
|
|
|
req.Url = strings.Replace(req.Url, keyword, string(inputitem), -1)
|
|
|
|
req.Data = []byte(strings.Replace(string(req.Data), keyword, string(inputitem), -1))
|
2018-11-08 09:26:32 +00:00
|
|
|
}
|
2019-11-10 21:30:54 +00:00
|
|
|
|
2018-11-08 09:26:32 +00:00
|
|
|
req.Input = input
|
|
|
|
return req, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r *SimpleRunner) Execute(req *ffuf.Request) (ffuf.Response, error) {
|
|
|
|
var httpreq *http.Request
|
|
|
|
var err error
|
2019-12-28 15:46:44 +00:00
|
|
|
var rawreq, rawresp strings.Builder
|
2018-11-08 09:26:32 +00:00
|
|
|
data := bytes.NewReader(req.Data)
|
|
|
|
httpreq, err = http.NewRequest(req.Method, req.Url, data)
|
|
|
|
if err != nil {
|
|
|
|
return ffuf.Response{}, err
|
|
|
|
}
|
|
|
|
// Add user agent string if not defined
|
|
|
|
if _, ok := req.Headers["User-Agent"]; !ok {
|
2018-11-08 14:16:55 +00:00
|
|
|
req.Headers["User-Agent"] = fmt.Sprintf("%s v%s", "Fuzz Faster U Fool", ffuf.VERSION)
|
2018-11-08 09:26:32 +00:00
|
|
|
}
|
2018-11-09 13:21:23 +00:00
|
|
|
// Handle Go http.Request special cases
|
|
|
|
if _, ok := req.Headers["Host"]; ok {
|
|
|
|
httpreq.Host = req.Headers["Host"]
|
|
|
|
}
|
2018-11-08 09:26:32 +00:00
|
|
|
httpreq = httpreq.WithContext(r.config.Context)
|
|
|
|
for k, v := range req.Headers {
|
|
|
|
httpreq.Header.Set(k, v)
|
|
|
|
}
|
|
|
|
httpresp, err := r.client.Do(httpreq)
|
|
|
|
if err != nil {
|
|
|
|
return ffuf.Response{}, err
|
|
|
|
}
|
2019-12-28 15:46:44 +00:00
|
|
|
|
2018-11-08 09:26:32 +00:00
|
|
|
resp := ffuf.NewResponse(httpresp, req)
|
|
|
|
defer httpresp.Body.Close()
|
|
|
|
|
2019-12-28 15:46:44 +00:00
|
|
|
if len(r.config.OutputDirectory) > 0 {
|
|
|
|
// store raw request
|
|
|
|
httpreq.Write(&rawreq)
|
|
|
|
resp.Request.Raw = rawreq.String()
|
|
|
|
// store raw response
|
|
|
|
httpresp.Write(&rawresp)
|
|
|
|
resp.Raw = rawresp.String()
|
|
|
|
}
|
|
|
|
|
2018-11-08 09:26:32 +00:00
|
|
|
// Check if we should download the resource or not
|
|
|
|
size, err := strconv.Atoi(httpresp.Header.Get("Content-Length"))
|
|
|
|
if err == nil {
|
|
|
|
resp.ContentLength = int64(size)
|
|
|
|
if size > MAX_DOWNLOAD_SIZE {
|
|
|
|
resp.Cancelled = true
|
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if respbody, err := ioutil.ReadAll(httpresp.Body); err == nil {
|
|
|
|
resp.ContentLength = int64(utf8.RuneCountInString(string(respbody)))
|
|
|
|
resp.Data = respbody
|
|
|
|
}
|
|
|
|
|
2018-11-12 17:06:49 +00:00
|
|
|
wordsSize := len(strings.Split(string(resp.Data), " "))
|
2019-11-09 20:09:12 +00:00
|
|
|
linesSize := len(strings.Split(string(resp.Data), "\n"))
|
2018-11-12 17:06:49 +00:00
|
|
|
resp.ContentWords = int64(wordsSize)
|
2019-11-09 20:09:12 +00:00
|
|
|
resp.ContentLines = int64(linesSize)
|
2018-11-12 17:06:49 +00:00
|
|
|
|
2018-11-08 09:26:32 +00:00
|
|
|
return resp, nil
|
|
|
|
}
|