ffuf/pkg/runner/simple.go

package runner

import (
	"bytes"
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net"
	"net/http"
	"net/http/httputil"
	"net/textproto"
	"net/url"
	"strconv"
	"strings"
	"time"
	"unicode/utf8"

	"github.com/ffuf/ffuf/pkg/ffuf"
)

//Download results < 5MB
const MAX_DOWNLOAD_SIZE = 5242880

type SimpleRunner struct {
	config *ffuf.Config
	client *http.Client
}

func NewSimpleRunner(conf *ffuf.Config, replay bool) ffuf.RunnerProvider {
	var simplerunner SimpleRunner
	proxyURL := http.ProxyFromEnvironment
	customProxy := ""

	if replay {
		customProxy = conf.ReplayProxyURL
	} else {
		customProxy = conf.ProxyURL
	}
	if len(customProxy) > 0 {
		pu, err := url.Parse(customProxy)
		if err == nil {
			proxyURL = http.ProxyURL(pu)
		}
	}

	simplerunner.config = conf
	simplerunner.client = &http.Client{
		CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse },
		Timeout:       time.Duration(time.Duration(conf.Timeout) * time.Second),
		Transport: &http.Transport{
			Proxy:               proxyURL,
			MaxIdleConns:        1000,
			MaxIdleConnsPerHost: 500,
			MaxConnsPerHost:     500,
			DialContext: (&net.Dialer{
				Timeout: time.Duration(time.Duration(conf.Timeout) * time.Second),
			}).DialContext,
			TLSHandshakeTimeout: time.Duration(time.Duration(conf.Timeout) * time.Second),
			TLSClientConfig: &tls.Config{
				InsecureSkipVerify: true,
				Renegotiation:      tls.RenegotiateOnceAsClient,
			},
		}}

	if conf.FollowRedirects {
		simplerunner.client.CheckRedirect = nil
	}
	return &simplerunner
}

func (r *SimpleRunner) Prepare(input map[string][]byte) (ffuf.Request, error) {
	req := ffuf.NewRequest(r.config)

	req.Headers = r.config.Headers
	req.Url = r.config.Url
	req.Method = r.config.Method
	req.Data = []byte(r.config.Data)

	for keyword, inputitem := range input {
		req.Method = strings.ReplaceAll(req.Method, keyword, string(inputitem))
		headers := make(map[string]string, len(req.Headers))
		for h, v := range req.Headers {
			var CanonicalHeader string = textproto.CanonicalMIMEHeaderKey(strings.ReplaceAll(h, keyword, string(inputitem)))
			headers[CanonicalHeader] = strings.ReplaceAll(v, keyword, string(inputitem))
		}
		req.Headers = headers
		req.Url = strings.ReplaceAll(req.Url, keyword, string(inputitem))
		req.Data = []byte(strings.ReplaceAll(string(req.Data), keyword, string(inputitem)))
	}

	req.Input = input
	return req, nil
}

func (r *SimpleRunner) Execute(req *ffuf.Request) (ffuf.Response, error) {
	var httpreq *http.Request
	var err error
	var rawreq []byte
	data := bytes.NewReader(req.Data)
	httpreq, err = http.NewRequestWithContext(r.config.Context, req.Method, req.Url, data)
	if err != nil {
		return ffuf.Response{}, err
	}

	// set default User-Agent header if not present
	if _, ok := req.Headers["User-Agent"]; !ok {
		req.Headers["User-Agent"] = fmt.Sprintf("%s v%s", "Fuzz Faster U Fool", ffuf.Version())
	}

	// Handle Go http.Request special cases
	if _, ok := req.Headers["Host"]; ok {
		httpreq.Host = req.Headers["Host"]
	}

	req.Host = httpreq.Host
	httpreq = httpreq.WithContext(r.config.Context)
	for k, v := range req.Headers {
		httpreq.Header.Set(k, v)
	}

	if len(r.config.OutputDirectory) > 0 {
		rawreq, _ = httputil.DumpRequestOut(httpreq, true)
	}

	httpresp, err := r.client.Do(httpreq)
	if err != nil {
		return ffuf.Response{}, err
	}

	resp := ffuf.NewResponse(httpresp, req)
	defer httpresp.Body.Close()

	// Check if we should download the resource or not
	size, err := strconv.Atoi(httpresp.Header.Get("Content-Length"))
	if err == nil {
		resp.ContentLength = int64(size)
		if (r.config.IgnoreBody) || (size > MAX_DOWNLOAD_SIZE) {
			resp.Cancelled = true
			return resp, nil
		}
	}

	if len(r.config.OutputDirectory) > 0 {
		rawresp, _ := httputil.DumpResponse(httpresp, true)
		resp.Request.Raw = string(rawreq)
		resp.Raw = string(rawresp)
	}

	if respbody, err := ioutil.ReadAll(httpresp.Body); err == nil {
		resp.ContentLength = int64(utf8.RuneCountInString(string(respbody)))
		resp.Data = respbody
	}

	wordsSize := len(strings.Split(string(resp.Data), " "))
	linesSize := len(strings.Split(string(resp.Data), "\n"))
	resp.ContentWords = int64(wordsSize)
	resp.ContentLines = int64(linesSize)

	return resp, nil
}
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`package runner`

			`import (`
			`"bytes"`
			`"crypto/tls"`
Added version to user-agent string and prepared for next release 2018-11-08 14:16:55 +00:00			`"fmt"`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`"io/ioutil"`
Make SIGINT more responsive, and handle zombied TCP connections properly (#302) 2020-09-24 09:04:31 +00:00			`"net"`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`"net/http"`
Fix bug in regex matching when writing responses to file (#150) * Fix bug in regex matching when writing responses to file * Add changelog entry 2020-02-01 00:36:03 +00:00			`"net/http/httputil"`
Make defining User-agent header case insensitive #171 (#173) * Takes the User-Agent header from a list. * typo * base * Make defining User-agent header case insensitive #171 * -whitespaces * Make canonical http headers and set default User-Agent only once. * clean-up * formatting, canonical customer headers, docs updated * cleanup * fmt * Checking userdefined headers for excluding in canonicalization. * resolving one conflict * moved logic back and less resolve conflicts Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com> 2020-02-21 20:43:19 +00:00			`"net/textproto"`
Write configuration to output JSON (#135) * Config to json output, filters and matchers * optRange marshaling * Add CHANGELOG entry 2020-01-07 16:27:43 +00:00			`"net/url"`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`"strconv"`
			`"strings"`
			`"time"`
			`"unicode/utf8"`

			`"github.com/ffuf/ffuf/pkg/ffuf"`
			`)`

			`//Download results < 5MB`
			`const MAX_DOWNLOAD_SIZE = 5242880`

			`type SimpleRunner struct {`
			`config *ffuf.Config`
			`client *http.Client`
			`}`

Replay matches using a chosen proxy (#140) * Replay matches using a custom proxy * Add changelog entry 2020-01-17 07:49:25 +00:00			`func NewSimpleRunner(conf *ffuf.Config, replay bool) ffuf.RunnerProvider {`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`var simplerunner SimpleRunner`
Write configuration to output JSON (#135) * Config to json output, filters and matchers * optRange marshaling * Add CHANGELOG entry 2020-01-07 16:27:43 +00:00			`proxyURL := http.ProxyFromEnvironment`
Replay matches using a chosen proxy (#140) * Replay matches using a custom proxy * Add changelog entry 2020-01-17 07:49:25 +00:00			`customProxy := ""`
Write configuration to output JSON (#135) * Config to json output, filters and matchers * optRange marshaling * Add CHANGELOG entry 2020-01-07 16:27:43 +00:00
Replay matches using a chosen proxy (#140) * Replay matches using a custom proxy * Add changelog entry 2020-01-17 07:49:25 +00:00			`if replay {`
			`customProxy = conf.ReplayProxyURL`
			`} else {`
			`customProxy = conf.ProxyURL`
			`}`
			`if len(customProxy) > 0 {`
			`pu, err := url.Parse(customProxy)`
Write configuration to output JSON (#135) * Config to json output, filters and matchers * optRange marshaling * Add CHANGELOG entry 2020-01-07 16:27:43 +00:00			`if err == nil {`
			`proxyURL = http.ProxyURL(pu)`
			`}`
			`}`

Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`simplerunner.config = conf`
			`simplerunner.client = &http.Client{`
			`CheckRedirect: func(req http.Request, via []http.Request) error { return http.ErrUseLastResponse },`
Add -timeout flag for customizable HTTP Request timeouts (#31) * Add -timeout flag to specify HTTP request timeouts 2019-04-27 07:29:05 +00:00			`Timeout: time.Duration(time.Duration(conf.Timeout) * time.Second),`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`Transport: &http.Transport{`
Write configuration to output JSON (#135) * Config to json output, filters and matchers * optRange marshaling * Add CHANGELOG entry 2020-01-07 16:27:43 +00:00			`Proxy: proxyURL,`
Tests and performance fixes 2018-11-14 20:38:13 +00:00			`MaxIdleConns: 1000,`
			`MaxIdleConnsPerHost: 500,`
			`MaxConnsPerHost: 500,`
Make SIGINT more responsive, and handle zombied TCP connections properly (#302) 2020-09-24 09:04:31 +00:00			`DialContext: (&net.Dialer{`
			`Timeout: time.Duration(time.Duration(conf.Timeout) * time.Second),`
			`}).DialContext,`
			`TLSHandshakeTimeout: time.Duration(time.Duration(conf.Timeout) * time.Second),`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`TLSClientConfig: &tls.Config{`
remove -k flag support, convert to dummy flag (#134) * remove -k flag support, convert to dummy flag * update changelog and contributors 2020-01-07 16:25:42 +00:00			`InsecureSkipVerify: true,`
Fix for #193 (#194) * Fix for #193 * Fix for #193 - Changelog 2020-03-20 10:41:13 +00:00			`Renegotiation: tls.RenegotiateOnceAsClient,`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`},`
			`}}`
Add option to follow redirects (#13) 2019-04-03 09:54:32 +00:00
			`if conf.FollowRedirects {`
			`simplerunner.client.CheckRedirect = nil`
			`}`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`return &simplerunner`
			`}`

Multiple wordlist support (#79) * Multiple wordlist support * Display error correctly if wordlist file could not be opened * Add back the redirect location * Support multiple keywords in HTML output and fix wordlist positioning * Support multiple wordlists for md output * Support multiple keywords in CSV output * Improve output for multi keyword runs * Add changelog entry * Switch the wordlist filename <-> keyword around to allow tab completion * Fix the usage example in README 2019-11-10 21:30:54 +00:00			`func (r *SimpleRunner) Prepare(input map[string][]byte) (ffuf.Request, error) {`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`req := ffuf.NewRequest(r.config)`
Http verb fuzzing (#57) * typo fix * Allow fuzzing of http method. Resolves #54 2019-09-02 14:18:36 +00:00
Multiple wordlist support (#79) * Multiple wordlist support * Display error correctly if wordlist file could not be opened * Add back the redirect location * Support multiple keywords in HTML output and fix wordlist positioning * Support multiple wordlists for md output * Support multiple keywords in CSV output * Improve output for multi keyword runs * Add changelog entry * Switch the wordlist filename <-> keyword around to allow tab completion * Fix the usage example in README 2019-11-10 21:30:54 +00:00			`req.Headers = r.config.Headers`
			`req.Url = r.config.Url`
			`req.Method = r.config.Method`
			`req.Data = []byte(r.config.Data)`

			`for keyword, inputitem := range input {`
pkg: use {strings,bytes}.ReplaceAll when possible (#320) Use the ReplaceAll helper from the standard library in order to make the code easier to read. Requires Go 1.12 or higher. Fixes #301 Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com> 2020-10-02 14:12:40 +00:00			`req.Method = strings.ReplaceAll(req.Method, keyword, string(inputitem))`
pkg: handle gosimple linter findings (#322) This change is an attempt to handle gosimple linter finfings in order to make the code easier to follow. It includes the following changes: - use strings.Contains instead of strings.Index != -1 - use time.Since which is the standard library helper. See https://github.com/golang/go/blob/go1.15.2/src/time/time.go#L866-L867 - remove unneeded return statements at the end of methods - preallocate maps when their capacity is known - avoid underscoring values when they can be omitted - avoid fmt.Sprintf() calls when the only argument is already a string Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com> 2020-10-03 07:45:07 +00:00			`headers := make(map[string]string, len(req.Headers))`
Multiple wordlist support (#79) * Multiple wordlist support * Display error correctly if wordlist file could not be opened * Add back the redirect location * Support multiple keywords in HTML output and fix wordlist positioning * Support multiple wordlists for md output * Support multiple keywords in CSV output * Improve output for multi keyword runs * Add changelog entry * Switch the wordlist filename <-> keyword around to allow tab completion * Fix the usage example in README 2019-11-10 21:30:54 +00:00			`for h, v := range req.Headers {`
pkg: use {strings,bytes}.ReplaceAll when possible (#320) Use the ReplaceAll helper from the standard library in order to make the code easier to read. Requires Go 1.12 or higher. Fixes #301 Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com> 2020-10-02 14:12:40 +00:00			`var CanonicalHeader string = textproto.CanonicalMIMEHeaderKey(strings.ReplaceAll(h, keyword, string(inputitem)))`
			`headers[CanonicalHeader] = strings.ReplaceAll(v, keyword, string(inputitem))`
Multiple wordlist support (#79) * Multiple wordlist support * Display error correctly if wordlist file could not be opened * Add back the redirect location * Support multiple keywords in HTML output and fix wordlist positioning * Support multiple wordlists for md output * Support multiple keywords in CSV output * Improve output for multi keyword runs * Add changelog entry * Switch the wordlist filename <-> keyword around to allow tab completion * Fix the usage example in README 2019-11-10 21:30:54 +00:00			`}`
			`req.Headers = headers`
pkg: use {strings,bytes}.ReplaceAll when possible (#320) Use the ReplaceAll helper from the standard library in order to make the code easier to read. Requires Go 1.12 or higher. Fixes #301 Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com> 2020-10-02 14:12:40 +00:00			`req.Url = strings.ReplaceAll(req.Url, keyword, string(inputitem))`
			`req.Data = []byte(strings.ReplaceAll(string(req.Data), keyword, string(inputitem)))`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`}`
Multiple wordlist support (#79) * Multiple wordlist support * Display error correctly if wordlist file could not be opened * Add back the redirect location * Support multiple keywords in HTML output and fix wordlist positioning * Support multiple wordlists for md output * Support multiple keywords in CSV output * Improve output for multi keyword runs * Add changelog entry * Switch the wordlist filename <-> keyword around to allow tab completion * Fix the usage example in README 2019-11-10 21:30:54 +00:00
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`req.Input = input`
			`return req, nil`
			`}`

			`func (r SimpleRunner) Execute(req ffuf.Request) (ffuf.Response, error) {`
			`var httpreq *http.Request`
			`var err error`
Save POST body correctly (#161) 2020-02-09 11:29:12 +00:00			`var rawreq []byte`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`data := bytes.NewReader(req.Data)`
Make SIGINT more responsive, and handle zombied TCP connections properly (#302) 2020-09-24 09:04:31 +00:00			`httpreq, err = http.NewRequestWithContext(r.config.Context, req.Method, req.Url, data)`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`if err != nil {`
			`return ffuf.Response{}, err`
			`}`
Make defining User-agent header case insensitive #171 (#173) * Takes the User-Agent header from a list. * typo * base * Make defining User-agent header case insensitive #171 * -whitespaces * Make canonical http headers and set default User-Agent only once. * clean-up * formatting, canonical customer headers, docs updated * cleanup * fmt * Checking userdefined headers for excluding in canonicalization. * resolving one conflict * moved logic back and less resolve conflicts Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com> 2020-02-21 20:43:19 +00:00
			`// set default User-Agent header if not present`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`if _, ok := req.Headers["User-Agent"]; !ok {`
Move version output to a function (#407) * Version info as function (#3) * Opportunistic coloring 2021-03-04 20:04:04 +00:00			`req.Headers["User-Agent"] = fmt.Sprintf("%s v%s", "Fuzz Faster U Fool", ffuf.Version())`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`}`
Make defining User-agent header case insensitive #171 (#173) * Takes the User-Agent header from a list. * typo * base * Make defining User-agent header case insensitive #171 * -whitespaces * Make canonical http headers and set default User-Agent only once. * clean-up * formatting, canonical customer headers, docs updated * cleanup * fmt * Checking userdefined headers for excluding in canonicalization. * resolving one conflict * moved logic back and less resolve conflicts Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com> 2020-02-21 20:43:19 +00:00
Colors 2018-11-09 13:21:23 +00:00			`// Handle Go http.Request special cases`
			`if _, ok := req.Headers["Host"]; ok {`
			`httpreq.Host = req.Headers["Host"]`
			`}`
Add Host information to JSON output file (#223) 2020-04-22 21:53:28 +00:00
			`req.Host = httpreq.Host`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`httpreq = httpreq.WithContext(r.config.Context)`
			`for k, v := range req.Headers {`
			`httpreq.Header.Set(k, v)`
			`}`
Save POST body correctly (#161) 2020-02-09 11:29:12 +00:00
			`if len(r.config.OutputDirectory) > 0 {`
			`rawreq, _ = httputil.DumpRequestOut(httpreq, true)`
			`}`

Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`httpresp, err := r.client.Do(httpreq)`
			`if err != nil {`
			`return ffuf.Response{}, err`
			`}`
Write requests and responses to filesystem if requested (#126) 2019-12-28 15:46:44 +00:00
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`resp := ffuf.NewResponse(httpresp, req)`
			`defer httpresp.Body.Close()`

			`// Check if we should download the resource or not`
			`size, err := strconv.Atoi(httpresp.Header.Get("Content-Length"))`
			`if err == nil {`
			`resp.ContentLength = int64(size)`
Feature178 (#186) * feature 178 * sync * sync * sync * sync Co-authored-by: bjhulst <bjhulst> 2020-03-20 10:42:54 +00:00			`if (r.config.IgnoreBody) \|\| (size > MAX_DOWNLOAD_SIZE) {`
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`resp.Cancelled = true`
			`return resp, nil`
			`}`
			`}`

Fix bug in regex matching when writing responses to file (#150) * Fix bug in regex matching when writing responses to file * Add changelog entry 2020-02-01 00:36:03 +00:00			`if len(r.config.OutputDirectory) > 0 {`
			`rawresp, _ := httputil.DumpResponse(httpresp, true)`
			`resp.Request.Raw = string(rawreq)`
			`resp.Raw = string(rawresp)`
			`}`

Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`if respbody, err := ioutil.ReadAll(httpresp.Body); err == nil {`
			`resp.ContentLength = int64(utf8.RuneCountInString(string(respbody)))`
			`resp.Data = respbody`
			`}`

Add word filter / matcher 2018-11-12 17:06:49 +00:00			`wordsSize := len(strings.Split(string(resp.Data), " "))`
Added lines count to filter/matcher and stdout + csv + json (#71) * Added HTML and Markdown output support * Add HTML color code in HTML template * Added lines count * Added content lines to json + csv * Added changelog entry * Fixed copy paste mistake * Changed the html report to be grepable :) * Grepable output fixed * Fixed lines count 2019-11-09 20:09:12 +00:00			`linesSize := len(strings.Split(string(resp.Data), "\n"))`
Add word filter / matcher 2018-11-12 17:06:49 +00:00			`resp.ContentWords = int64(wordsSize)`
Added lines count to filter/matcher and stdout + csv + json (#71) * Added HTML and Markdown output support * Add HTML color code in HTML template * Added lines count * Added content lines to json + csv * Added changelog entry * Fixed copy paste mistake * Changed the html report to be grepable :) * Grepable output fixed * Fixed lines count 2019-11-09 20:09:12 +00:00			`resp.ContentLines = int64(linesSize)`
Add word filter / matcher 2018-11-12 17:06:49 +00:00
Initial commit, v0.1 2018-11-08 09:26:32 +00:00			`return resp, nil`
			`}`