curlcontrol.py 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. # vim: set expandtab tabstop=4 shiftwidth=4:
  4. """
  5. This file is part of the XSSer project, https://xsser.03c8.net
  6. Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
  7. xsser is free software; you can redistribute it and/or modify it under
  8. the terms of the GNU General Public License as published by the Free
  9. Software Foundation version 3 of the License.
  10. xsser is distributed in the hope that it will be useful, but WITHOUT ANY
  11. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  13. details.
  14. You should have received a copy of the GNU General Public License along
  15. with xsser; if not, write to the Free Software Foundation, Inc., 51
  16. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  17. """
  18. import os, urllib.request, urllib.parse, urllib.error, email, pycurl, re, time, random
  19. from io import StringIO as StringIO
  20. class Curl:
  21. """
  22. Class to control curl on behalf of the application.
  23. """
  24. cookie = None
  25. dropcookie = None
  26. referer = None
  27. headers = None
  28. proxy = None
  29. ignoreproxy = None
  30. tcp_nodelay = None
  31. xforw = None
  32. xclient = None
  33. atype = None
  34. acred = None
  35. #acert = None
  36. retries = 1
  37. delay = 0
  38. followred = 0
  39. fli = None
  40. agents = [] # user-agents
  41. try:
  42. f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
  43. except:
  44. f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
  45. for line in f:
  46. agents.append(line)
  47. agent = random.choice(agents).strip() # set random user-agent
  48. def __init__(self, base_url="", fakeheaders=[ 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg', 'Connection: Keep-Alive', 'Content-type: application/x-www-form-urlencoded; charset=UTF-8']):
  49. self.handle = pycurl.Curl()
  50. self._closed = False
  51. self.set_url(base_url)
  52. self.verbosity = 0
  53. self.signals = 1
  54. self.payload = ""
  55. self.header = StringIO()
  56. self.fakeheaders = fakeheaders
  57. self.headers = None
  58. self.set_option(pycurl.SSL_VERIFYHOST, 0)
  59. self.set_option(pycurl.SSL_VERIFYPEER, 0)
  60. try:
  61. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_2) # max supported version by pycurl
  62. except:
  63. try:
  64. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_1)
  65. except: # use vulnerable TLS/SSL versions (TLS1_0 -> weak enc | SSLv2 + SSLv3 -> deprecated)
  66. try:
  67. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_0)
  68. except:
  69. try:
  70. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3)
  71. except:
  72. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv2)
  73. self.set_option(pycurl.FOLLOWLOCATION, 0)
  74. self.set_option(pycurl.MAXREDIRS, 50)
  75. # this is 'black magic'
  76. self.set_option(pycurl.COOKIEFILE, '/dev/null')
  77. self.set_option(pycurl.COOKIEJAR, '/dev/null')
  78. self.set_timeout(30)
  79. self.set_option(pycurl.NETRC, 1)
  80. self.set_nosignals(1)
  81. def payload_callback(x):
  82. self.payload += str(x)
  83. self.set_option(pycurl.WRITEFUNCTION, payload_callback)
  84. def header_callback(x):
  85. self.header.write(str(x))
  86. self.set_option(pycurl.HEADERFUNCTION, header_callback)
  87. def set_url(self, url):
  88. """
  89. Set the base url.
  90. """
  91. self.base_url = url
  92. self.set_option(pycurl.URL, self.base_url)
  93. return url
  94. def set_cookie(self, cookie):
  95. """
  96. Set the app cookie.
  97. """
  98. self.cookie = cookie
  99. self.dropcookie = dropcookie
  100. if dropcookie:
  101. self.set_option(pycurl.COOKIELIST, 'ALL')
  102. self.set_option(pycurl.COOKIE, None)
  103. else:
  104. self.set_option(pycurl.COOKIELIST, '')
  105. self.set_option(pycurl.COOKIE, self.cookie)
  106. return cookie
  107. def set_agent(self, agent):
  108. """
  109. Set the user agent.
  110. """
  111. self.agent = agent
  112. self.set_option(pycurl.USERAGENT, self.agent)
  113. return agent
  114. def set_referer(self, referer):
  115. """
  116. Set the referer.
  117. """
  118. self.referer = referer
  119. self.set_option(pycurl.REFERER, self.referer)
  120. return referer
  121. def set_headers(self, headers):
  122. """
  123. Set extra headers.
  124. """
  125. self.headers = headers
  126. self.headers = self.headers.split("\n")
  127. for headerValue in self.headers:
  128. header, value = headerValue.split(": ")
  129. if header and value:
  130. self.set_option(pycurl.HTTPHEADER, (header, value))
  131. return headers
  132. def set_proxy(self, ignoreproxy, proxy):
  133. """
  134. Set the proxy to use.
  135. """
  136. self.proxy = proxy
  137. self.ignoreproxy = ignoreproxy
  138. if ignoreproxy:
  139. self.set_option(pycurl.PROXY, "")
  140. else:
  141. self.set_option(pycurl.PROXY, self.proxy)
  142. return proxy
  143. def set_option(self, *args):
  144. """
  145. Set the given option.
  146. """
  147. self.handle.setopt(*args)
  148. def set_verbosity(self, level):
  149. """
  150. Set the verbosity level.
  151. """
  152. self.set_option(pycurl.VERBOSE, level)
  153. def set_nosignals(self, signals="1"):
  154. """
  155. Disable signals.
  156. curl will be using other means besides signals to timeout
  157. """
  158. self.signals = signals
  159. self.set_option(pycurl.NOSIGNAL, self.signals)
  160. return signals
  161. def set_tcp_nodelay(self, tcp_nodelay):
  162. """
  163. Set the TCP_NODELAY option.
  164. """
  165. self.tcp_nodelay = tcp_nodelay
  166. self.set_option(pycurl.TCP_NODELAY, tcp_nodelay)
  167. return tcp_nodelay
  168. def set_timeout(self, timeout):
  169. """
  170. Set timeout for requests.
  171. """
  172. self.set_option(pycurl.CONNECTTIMEOUT,timeout)
  173. self.set_option(pycurl.TIMEOUT, timeout)
  174. return timeout
  175. def set_follow_redirections(self, followred, fli):
  176. """
  177. Set follow locations parameters to follow redirection pages (302)
  178. """
  179. self.followred = followred
  180. self.fli = fli
  181. if followred:
  182. self.set_option(pycurl.FOLLOWLOCATION , 1)
  183. self.set_option(pycurl.MAXREDIRS, 50)
  184. if fli:
  185. self.set_option(pycurl.MAXREDIRS, fli)
  186. else:
  187. self.set_option(pycurl.FOLLOWLOCATION , 0)
  188. return followred
  189. def do_head_check(self, urls):
  190. """
  191. Send a HEAD request before to start to inject to verify stability of the target
  192. """
  193. for u in urls:
  194. self.set_option(pycurl.URL, u)
  195. self.set_option(pycurl.NOBODY,1)
  196. self.set_option(pycurl.FOLLOWLOCATION, 1)
  197. self.set_option(pycurl.MAXREDIRS, 50)
  198. self.set_option(pycurl.SSL_VERIFYHOST, 0)
  199. self.set_option(pycurl.SSL_VERIFYPEER, 0)
  200. try:
  201. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_2) # max supported version by pycurl
  202. except:
  203. try:
  204. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_1)
  205. except: # use vulnerable TLS/SSL versions (TLS1_0 -> weak enc | SSLv2 + SSLv3 -> deprecated)
  206. try:
  207. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_0)
  208. except:
  209. try:
  210. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3)
  211. except:
  212. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv2)
  213. if self.fakeheaders:
  214. from core.randomip import RandomIP
  215. if self.xforw:
  216. generate_random_xforw = RandomIP()
  217. xforwip = generate_random_xforw._generateip('')
  218. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  219. if self.xclient:
  220. generate_random_xclient = RandomIP()
  221. xclientip = generate_random_xclient._generateip('')
  222. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  223. if self.xforw:
  224. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue)
  225. if self.xclient:
  226. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
  227. elif self.xclient:
  228. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
  229. if self.headers:
  230. self.fakeheaders = self.fakeheaders + self.headers
  231. self.set_option(pycurl.HTTPHEADER, self.fakeheaders)
  232. if self.agent:
  233. self.set_option(pycurl.USERAGENT, self.agent)
  234. if self.referer:
  235. self.set_option(pycurl.REFERER, self.referer)
  236. if self.proxy:
  237. self.set_option(pycurl.PROXY, self.proxy)
  238. if self.ignoreproxy:
  239. self.set_option(pycurl.PROXY, "")
  240. if self.timeout:
  241. self.set_option(pycurl.CONNECTTIMEOUT, self.timeout)
  242. self.set_option(pycurl.TIMEOUT, self.timeout)
  243. if self.signals:
  244. self.set_option(pycurl.NOSIGNAL, self.signals)
  245. if self.tcp_nodelay:
  246. self.set_option(pycurl.TCP_NODELAY, self.tcp_nodelay)
  247. if self.cookie:
  248. self.set_option(pycurl.COOKIE, self.cookie)
  249. try:
  250. self.handle.perform()
  251. except:
  252. return
  253. if str(self.handle.getinfo(pycurl.HTTP_CODE)) in ["302", "301"]:
  254. self.set_option(pycurl.FOLLOWLOCATION, 1)
  255. def __request(self, relative_url=None):
  256. """
  257. Perform a request and returns the payload.
  258. """
  259. if self.fakeheaders:
  260. from core.randomip import RandomIP
  261. if self.xforw:
  262. """
  263. Set the X-Forwarded-For to use.
  264. """
  265. generate_random_xforw = RandomIP()
  266. xforwip = generate_random_xforw._generateip('')
  267. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  268. if self.xclient:
  269. """
  270. Set the X-Client-IP to use.
  271. """
  272. generate_random_xclient = RandomIP()
  273. xclientip = generate_random_xclient._generateip('')
  274. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  275. if self.xforw:
  276. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue)
  277. if self.xclient:
  278. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
  279. elif self.xclient:
  280. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
  281. if self.headers:
  282. self.fakeheaders = self.fakeheaders + self.headers
  283. self.set_option(pycurl.HTTPHEADER, self.fakeheaders)
  284. if self.agent:
  285. self.set_option(pycurl.USERAGENT, self.agent)
  286. if self.referer:
  287. self.set_option(pycurl.REFERER, self.referer)
  288. if self.proxy:
  289. self.set_option(pycurl.PROXY, self.proxy)
  290. if self.ignoreproxy:
  291. self.set_option(pycurl.PROXY, "")
  292. if relative_url:
  293. self.set_option(pycurl.URL,os.path.join(self.base_url,relative_url))
  294. if self.timeout:
  295. self.set_option(pycurl.CONNECTTIMEOUT, self.timeout)
  296. self.set_option(pycurl.TIMEOUT, self.timeout)
  297. if self.signals:
  298. self.set_option(pycurl.NOSIGNAL, self.signals)
  299. if self.tcp_nodelay:
  300. self.set_option(pycurl.TCP_NODELAY, self.tcp_nodelay)
  301. if self.cookie:
  302. self.set_option(pycurl.COOKIE, self.cookie)
  303. if self.followred:
  304. self.set_option(pycurl.FOLLOWLOCATION , 1)
  305. self.set_option(pycurl.MAXREDIRS, 50)
  306. if self.fli:
  307. self.set_option(pycurl.MAXREDIRS, int(self.fli))
  308. else:
  309. self.set_option(pycurl.FOLLOWLOCATION , 0)
  310. if self.fli:
  311. print("\n[E] You must launch --follow-redirects command to set correctly this redirections limit\n")
  312. return
  313. """
  314. Set the HTTP authentication method: Basic, Digest, GSS, NTLM or Certificate
  315. """
  316. if self.atype and self.acred:
  317. atypelower = self.atype.lower()
  318. if atypelower not in ( "basic", "digest", "ntlm", "gss" ):
  319. print("\n[E] HTTP authentication type value must be: Basic, Digest, GSS or NTLM\n")
  320. return
  321. acredregexp = re.search("^(.*?)\:(.*?)$", self.acred)
  322. if not acredregexp:
  323. print("\n[E] HTTP authentication credentials value must be in format username:password\n")
  324. return
  325. user = acredregexp.group(1)
  326. password = acredregexp.group(2)
  327. self.set_option(pycurl.USERPWD, "%s:%s" % (user,password))
  328. if atypelower == "basic":
  329. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC)
  330. elif atypelower == "digest":
  331. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_DIGEST)
  332. elif atypelower == "ntlm":
  333. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_NTLM)
  334. elif atypelower == "gss":
  335. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_GSSNEGOTIATE)
  336. else:
  337. self.set_option(pycurl.HTTPAUTH, None)
  338. self.set_option(pycurl.HTTPHEADER, ["Accept:"])
  339. elif self.atype and not self.acred:
  340. print("\n[E] You specified the HTTP authentication type, but did not provide the credentials\n")
  341. return
  342. elif not self.atype and self.acred:
  343. print("\n[E] You specified the HTTP authentication credentials, but did not provide the type\n")
  344. return
  345. #if self.acert:
  346. # acertregexp = re.search("^(.+?),\s*(.+?)$", self.acert)
  347. # if not acertregexp:
  348. # print "\n[E] HTTP authentication certificate option must be 'key_file,cert_file'\n"
  349. # return
  350. # # os.path.expanduser for support of paths with ~
  351. # key_file = os.path.expanduser(acertregexp.group(1))
  352. # cert_file = os.path.expanduser(acertregexp.group(2))
  353. # self.set_option(pycurl.SSL_VERIFYHOST, 0)
  354. # self.set_option(pycurl.SSL_VERIFYPEER, 1)
  355. # self.set_option(pycurl.SSH_PUBLIC_KEYFILE, key_file)
  356. # self.set_option(pycurl.CAINFO, cert_file)
  357. # self.set_option(pycurl.SSLCERT, cert_file)
  358. # self.set_option(pycurl.SSLCERTTYPE, 'p12')
  359. # self.set_option(pycurl.SSLCERTPASSWD, '1234')
  360. # self.set_option(pycurl.SSLKEY, key_file)
  361. # self.set_option(pycurl.SSLKEYPASSWD, '1234')
  362. # for file in (key_file, cert_file):
  363. # if not os.path.exists(file):
  364. # print "\n[E] File '%s' doesn't exist\n" % file
  365. # return
  366. self.set_option(pycurl.SSL_VERIFYHOST, 0)
  367. self.set_option(pycurl.SSL_VERIFYPEER, 0)
  368. self.header.seek(0,0)
  369. self.payload = ""
  370. for count in range(0, self.retries):
  371. time.sleep(self.delay)
  372. if self.dropcookie:
  373. self.set_option(pycurl.COOKIELIST, 'ALL')
  374. nocookie = ['Set-Cookie: ', '']
  375. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + nocookie)
  376. try:
  377. self.handle.perform()
  378. except:
  379. return
  380. return self.payload
  381. def get(self, url="", params=None):
  382. """
  383. Get a url.
  384. """
  385. if params:
  386. url += "?" + urllib.parse.urlencode(params)
  387. self.set_option(pycurl.HTTPGET, 1)
  388. return self.__request(url)
  389. def post(self, cgi, params):
  390. """
  391. Post a url.
  392. """
  393. self.set_option(pycurl.POST, 1)
  394. self.set_option(pycurl.POSTFIELDS, params)
  395. return self.__request(cgi)
  396. def body(self):
  397. """
  398. Get the payload from the latest operation.
  399. """
  400. return self.payload
  401. def info(self):
  402. """
  403. Get an info dictionary from the selected url.
  404. """
  405. self.header.seek(0,0)
  406. url = self.handle.getinfo(pycurl.EFFECTIVE_URL)
  407. if url.startswith('http'):
  408. self.header.readline()
  409. m = email.message_from_string(str(self.header))
  410. else:
  411. m = email.message_from_string(str(StringIO()))
  412. #m['effective-url'] = url
  413. m['http-code'] = str(self.handle.getinfo(pycurl.HTTP_CODE))
  414. m['total-time'] = str(self.handle.getinfo(pycurl.TOTAL_TIME))
  415. m['namelookup-time'] = str(self.handle.getinfo(pycurl.NAMELOOKUP_TIME))
  416. m['connect-time'] = str(self.handle.getinfo(pycurl.CONNECT_TIME))
  417. #m['pretransfer-time'] = str(self.handle.getinfo(pycurl.PRETRANSFER_TIME))
  418. #m['redirect-time'] = str(self.handle.getinfo(pycurl.REDIRECT_TIME))
  419. #m['redirect-count'] = str(self.handle.getinfo(pycurl.REDIRECT_COUNT))
  420. #m['size-upload'] = str(self.handle.getinfo(pycurl.SIZE_UPLOAD))
  421. #m['size-download'] = str(self.handle.getinfo(pycurl.SIZE_DOWNLOAD))
  422. #m['speed-upload'] = str(self.handle.getinfo(pycurl.SPEED_UPLOAD))
  423. m['header-size'] = str(self.handle.getinfo(pycurl.HEADER_SIZE))
  424. m['request-size'] = str(self.handle.getinfo(pycurl.REQUEST_SIZE))
  425. m['response-code'] = str(self.handle.getinfo(pycurl.RESPONSE_CODE))
  426. m['ssl-verifyresult'] = str(self.handle.getinfo(pycurl.SSL_VERIFYRESULT))
  427. try:
  428. m['content-type'] = (self.handle.getinfo(pycurl.CONTENT_TYPE) or '').strip(';')
  429. except:
  430. m['content-type'] = None
  431. m['cookielist'] = str(self.handle.getinfo(pycurl.INFO_COOKIELIST))
  432. #m['content-length-download'] = str(self.handle.getinfo(pycurl.CONTENT_LENGTH_DOWNLOAD))
  433. #m['content-length-upload'] = str(self.handle.getinfo(pycurl.CONTENT_LENGTH_UPLOAD))
  434. #m['encoding'] = str(self.handle.getinfo(pycurl.ENCODING))
  435. return m
  436. @classmethod
  437. def print_options(cls):
  438. """
  439. Print selected options.
  440. """
  441. print("\nCookie:", cls.cookie)
  442. print("User Agent:", cls.agent)
  443. print("Referer:", cls.referer)
  444. print("Extra Headers:", cls.headers)
  445. if cls.xforw == True:
  446. print("X-Forwarded-For:", "Random IP")
  447. else:
  448. print("X-Forwarded-For:", cls.xforw)
  449. if cls.xclient == True:
  450. print("X-Client-IP:", "Random IP")
  451. else:
  452. print("X-Client-IP:", cls.xclient)
  453. print("Authentication Type:", cls.atype)
  454. print("Authentication Credentials:", cls.acred)
  455. if cls.ignoreproxy == True:
  456. print("Proxy:", "Ignoring system default HTTP proxy")
  457. else:
  458. print("Proxy:", cls.proxy)
  459. print("Timeout:", cls.timeout)
  460. if cls.tcp_nodelay == True:
  461. print("Delaying:", "TCP_NODELAY activate")
  462. else:
  463. print("Delaying:", cls.delay, "seconds")
  464. if cls.followred == True:
  465. print("Follow 302 code:", "active")
  466. if cls.fli:
  467. print("Limit to follow:", cls.fli)
  468. else:
  469. print("Delaying:", cls.delay, "seconds")
  470. print("Retries:", cls.retries, "\n")
  471. def answered(self, check):
  472. """
  473. Check for occurence of a string in the payload from
  474. the latest operation.
  475. """
  476. return self.payload.find(check) >= 0
  477. def close(self):
  478. """
  479. Close the curl handle.
  480. """
  481. self.handle.close()
  482. self.header.close()
  483. self._closed = True
  484. def __del__(self):
  485. if not self._closed:
  486. self.close()