curlcontrol.py 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. # vim: set expandtab tabstop=4 shiftwidth=4:
  4. """
  5. This file is part of the XSSer project, https://xsser.03c8.net
  6. Copyright (c) 2010/2020 | psy <epsylon@riseup.net>
  7. xsser is free software; you can redistribute it and/or modify it under
  8. the terms of the GNU General Public License as published by the Free
  9. Software Foundation version 3 of the License.
  10. xsser is distributed in the hope that it will be useful, but WITHOUT ANY
  11. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  13. details.
  14. You should have received a copy of the GNU General Public License along
  15. with xsser; if not, write to the Free Software Foundation, Inc., 51
  16. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  17. """
  18. import os, urllib.request, urllib.parse, urllib.error, email, re, time, random, sys
  19. from io import StringIO as StringIO
  20. try:
  21. import pycurl
  22. except:
  23. print("\n[Error] Cannot import lib: pycurl. \n\n To install it try:\n\n $ 'sudo apt-get install python3-pycurl' or 'pip3 install pycurl'\n")
  24. sys.exit()
  25. class Curl:
  26. """
  27. Class to control curl on behalf of the application.
  28. """
  29. cookie = None
  30. dropcookie = None
  31. referer = None
  32. headers = None
  33. proxy = None
  34. ignoreproxy = None
  35. tcp_nodelay = None
  36. xforw = None
  37. xclient = None
  38. atype = None
  39. acred = None
  40. #acert = None
  41. retries = 1
  42. delay = 0
  43. followred = 0
  44. fli = None
  45. agents = [] # user-agents
  46. try:
  47. f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
  48. except:
  49. f = open("fuzzing/user-agents.txt").readlines() # set path for user-agents when testing
  50. for line in f:
  51. agents.append(line)
  52. agent = random.choice(agents).strip() # set random user-agent
  53. def __init__(self, base_url="", fakeheaders=[ 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg', 'Connection: Keep-Alive', 'Content-type: application/x-www-form-urlencoded; charset=UTF-8']):
  54. self.handle = pycurl.Curl()
  55. self._closed = False
  56. self.set_url(base_url)
  57. self.verbosity = 0
  58. self.signals = 1
  59. self.payload = ""
  60. self.header = StringIO()
  61. self.fakeheaders = fakeheaders
  62. self.headers = None
  63. self.set_option(pycurl.SSL_VERIFYHOST, 0)
  64. self.set_option(pycurl.SSL_VERIFYPEER, 0)
  65. try:
  66. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_2) # max supported version by pycurl
  67. except:
  68. try:
  69. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_1)
  70. except: # use vulnerable TLS/SSL versions (TLS1_0 -> weak enc | SSLv2 + SSLv3 -> deprecated)
  71. try:
  72. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_0)
  73. except:
  74. try:
  75. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3)
  76. except:
  77. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv2)
  78. self.set_option(pycurl.FOLLOWLOCATION, 0)
  79. self.set_option(pycurl.MAXREDIRS, 50)
  80. # this is 'black magic'
  81. self.set_option(pycurl.COOKIEFILE, '/dev/null')
  82. self.set_option(pycurl.COOKIEJAR, '/dev/null')
  83. self.set_timeout(30)
  84. self.set_option(pycurl.NETRC, 1)
  85. self.set_nosignals(1)
  86. def payload_callback(x):
  87. self.payload += str(x)
  88. self.set_option(pycurl.WRITEFUNCTION, payload_callback)
  89. def header_callback(x):
  90. self.header.write(str(x))
  91. self.set_option(pycurl.HEADERFUNCTION, header_callback)
  92. def set_url(self, url):
  93. """
  94. Set HTTP base url.
  95. """
  96. self.base_url = url
  97. self.set_option(pycurl.URL, self.base_url)
  98. return url
  99. def set_cookie(self, cookie):
  100. """
  101. Set HTTP cookie.
  102. """
  103. self.cookie = cookie
  104. self.dropcookie = dropcookie
  105. if dropcookie:
  106. self.set_option(pycurl.COOKIELIST, 'ALL')
  107. self.set_option(pycurl.COOKIE, None)
  108. else:
  109. self.set_option(pycurl.COOKIELIST, '')
  110. self.set_option(pycurl.COOKIE, self.cookie)
  111. return cookie
  112. def set_agent(self, agent):
  113. """
  114. Set HTTP user agent.
  115. """
  116. self.agent = agent
  117. self.set_option(pycurl.USERAGENT, self.agent)
  118. return agent
  119. def set_referer(self, referer):
  120. """
  121. Set HTTP referer.
  122. """
  123. self.referer = referer
  124. self.set_option(pycurl.REFERER, self.referer)
  125. return referer
  126. def set_headers(self, headers):
  127. """
  128. Set extra headers.
  129. """
  130. self.set_option(pycurl.HTTPHEADER, [str(headers)])
  131. def set_proxy(self, ignoreproxy, proxy):
  132. """
  133. Set the proxy to use.
  134. """
  135. self.proxy = proxy
  136. self.ignoreproxy = ignoreproxy
  137. if ignoreproxy:
  138. self.set_option(pycurl.PROXY, "")
  139. else:
  140. self.set_option(pycurl.PROXY, self.proxy)
  141. return proxy
  142. def set_option(self, *args):
  143. """
  144. Set the given option.
  145. """
  146. self.handle.setopt(*args)
  147. def set_verbosity(self, level):
  148. """
  149. Set the verbosity level.
  150. """
  151. self.set_option(pycurl.VERBOSE, level)
  152. def set_nosignals(self, signals="1"):
  153. """
  154. Disable signals.
  155. curl will be using other means besides signals to timeout
  156. """
  157. self.signals = signals
  158. self.set_option(pycurl.NOSIGNAL, self.signals)
  159. return signals
  160. def set_tcp_nodelay(self, tcp_nodelay):
  161. """
  162. Set the TCP_NODELAY option.
  163. """
  164. self.tcp_nodelay = tcp_nodelay
  165. self.set_option(pycurl.TCP_NODELAY, tcp_nodelay)
  166. return tcp_nodelay
  167. def set_timeout(self, timeout):
  168. """
  169. Set timeout for requests.
  170. """
  171. self.set_option(pycurl.CONNECTTIMEOUT,timeout)
  172. self.set_option(pycurl.TIMEOUT, timeout)
  173. return timeout
  174. def set_follow_redirections(self, followred, fli):
  175. """
  176. Set follow locations parameters to follow redirection pages (302)
  177. """
  178. self.followred = followred
  179. self.fli = fli
  180. if followred:
  181. self.set_option(pycurl.FOLLOWLOCATION , 1)
  182. self.set_option(pycurl.MAXREDIRS, 50)
  183. if fli:
  184. self.set_option(pycurl.MAXREDIRS, fli)
  185. else:
  186. self.set_option(pycurl.FOLLOWLOCATION , 0)
  187. return followred
  188. def do_head_check(self, urls):
  189. """
  190. Send a HEAD request before to start to inject to verify stability of the target
  191. """
  192. for u in urls:
  193. self.set_option(pycurl.URL, u)
  194. self.set_option(pycurl.NOBODY,1)
  195. self.set_option(pycurl.FOLLOWLOCATION, 1)
  196. self.set_option(pycurl.MAXREDIRS, 50)
  197. self.set_option(pycurl.SSL_VERIFYHOST, 0)
  198. self.set_option(pycurl.SSL_VERIFYPEER, 0)
  199. try:
  200. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_2) # max supported version by pycurl
  201. except:
  202. try:
  203. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_1)
  204. except: # use vulnerable TLS/SSL versions (TLS1_0 -> weak enc | SSLv2 + SSLv3 -> deprecated)
  205. try:
  206. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_TLSv1_0)
  207. except:
  208. try:
  209. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3)
  210. except:
  211. self.set_option(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv2)
  212. if self.fakeheaders:
  213. from core.randomip import RandomIP
  214. if self.xforw:
  215. generate_random_xforw = RandomIP()
  216. xforwip = generate_random_xforw._generateip('')
  217. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  218. if self.xclient:
  219. generate_random_xclient = RandomIP()
  220. xclientip = generate_random_xclient._generateip('')
  221. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  222. if self.xforw:
  223. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue)
  224. if self.xclient:
  225. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
  226. elif self.xclient:
  227. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
  228. if self.headers:
  229. self.fakeheaders = self.fakeheaders + self.headers
  230. self.set_option(pycurl.HTTPHEADER, self.fakeheaders)
  231. if self.agent:
  232. self.set_option(pycurl.USERAGENT, self.agent)
  233. if self.referer:
  234. self.set_option(pycurl.REFERER, self.referer)
  235. if self.proxy:
  236. self.set_option(pycurl.PROXY, self.proxy)
  237. if self.ignoreproxy:
  238. self.set_option(pycurl.PROXY, "")
  239. if self.timeout:
  240. self.set_option(pycurl.CONNECTTIMEOUT, self.timeout)
  241. self.set_option(pycurl.TIMEOUT, self.timeout)
  242. if self.signals:
  243. self.set_option(pycurl.NOSIGNAL, self.signals)
  244. if self.tcp_nodelay:
  245. self.set_option(pycurl.TCP_NODELAY, self.tcp_nodelay)
  246. if self.cookie:
  247. self.set_option(pycurl.COOKIE, self.cookie)
  248. try:
  249. self.handle.perform()
  250. except:
  251. return
  252. if str(self.handle.getinfo(pycurl.HTTP_CODE)) in ["302", "301"]:
  253. self.set_option(pycurl.FOLLOWLOCATION, 1)
  254. def __request(self, relative_url=None, headers=None):
  255. """
  256. Perform a request and returns the payload.
  257. """
  258. if self.fakeheaders:
  259. from core.randomip import RandomIP
  260. if self.xforw:
  261. """
  262. Set the X-Forwarded-For to use.
  263. """
  264. generate_random_xforw = RandomIP()
  265. xforwip = generate_random_xforw._generateip('')
  266. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  267. if self.xclient:
  268. """
  269. Set the X-Client-IP to use.
  270. """
  271. generate_random_xclient = RandomIP()
  272. xclientip = generate_random_xclient._generateip('')
  273. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  274. if self.xforw:
  275. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue)
  276. if self.xclient:
  277. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
  278. elif self.xclient:
  279. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
  280. if headers:
  281. self.set_headers(headers)
  282. if self.agent:
  283. self.set_option(pycurl.USERAGENT, self.agent)
  284. if self.referer:
  285. self.set_option(pycurl.REFERER, self.referer)
  286. if self.proxy:
  287. self.set_option(pycurl.PROXY, self.proxy)
  288. if self.ignoreproxy:
  289. self.set_option(pycurl.PROXY, "")
  290. if relative_url:
  291. self.set_option(pycurl.URL,os.path.join(self.base_url,relative_url))
  292. if self.timeout:
  293. self.set_option(pycurl.CONNECTTIMEOUT, self.timeout)
  294. self.set_option(pycurl.TIMEOUT, self.timeout)
  295. if self.signals:
  296. self.set_option(pycurl.NOSIGNAL, self.signals)
  297. if self.tcp_nodelay:
  298. self.set_option(pycurl.TCP_NODELAY, self.tcp_nodelay)
  299. if self.cookie:
  300. self.set_option(pycurl.COOKIE, self.cookie)
  301. if self.followred:
  302. self.set_option(pycurl.FOLLOWLOCATION , 1)
  303. self.set_option(pycurl.MAXREDIRS, 50)
  304. if self.fli:
  305. self.set_option(pycurl.MAXREDIRS, int(self.fli))
  306. else:
  307. self.set_option(pycurl.FOLLOWLOCATION , 0)
  308. if self.fli:
  309. print("\n[E] You must launch --follow-redirects command to set correctly this redirections limit\n")
  310. return
  311. """
  312. Set the HTTP authentication method: Basic, Digest, GSS, NTLM or Certificate
  313. """
  314. if self.atype and self.acred:
  315. atypelower = self.atype.lower()
  316. if atypelower not in ( "basic", "digest", "ntlm", "gss" ):
  317. print("\n[E] HTTP authentication type value must be: Basic, Digest, GSS or NTLM\n")
  318. return
  319. acredregexp = re.search("^(.*?)\:(.*?)$", self.acred)
  320. if not acredregexp:
  321. print("\n[E] HTTP authentication credentials value must be in format username:password\n")
  322. return
  323. user = acredregexp.group(1)
  324. password = acredregexp.group(2)
  325. self.set_option(pycurl.USERPWD, "%s:%s" % (user,password))
  326. if atypelower == "basic":
  327. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC)
  328. elif atypelower == "digest":
  329. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_DIGEST)
  330. elif atypelower == "ntlm":
  331. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_NTLM)
  332. elif atypelower == "gss":
  333. self.set_option(pycurl.HTTPAUTH, pycurl.HTTPAUTH_GSSNEGOTIATE)
  334. else:
  335. self.set_option(pycurl.HTTPAUTH, None)
  336. self.set_option(pycurl.HTTPHEADER, ["Accept:"])
  337. elif self.atype and not self.acred:
  338. print("\n[E] You specified the HTTP authentication type, but did not provide the credentials\n")
  339. return
  340. elif not self.atype and self.acred:
  341. print("\n[E] You specified the HTTP authentication credentials, but did not provide the type\n")
  342. return
  343. #if self.acert:
  344. # acertregexp = re.search("^(.+?),\s*(.+?)$", self.acert)
  345. # if not acertregexp:
  346. # print "\n[E] HTTP authentication certificate option must be 'key_file,cert_file'\n"
  347. # return
  348. # # os.path.expanduser for support of paths with ~
  349. # key_file = os.path.expanduser(acertregexp.group(1))
  350. # cert_file = os.path.expanduser(acertregexp.group(2))
  351. # self.set_option(pycurl.SSL_VERIFYHOST, 0)
  352. # self.set_option(pycurl.SSL_VERIFYPEER, 1)
  353. # self.set_option(pycurl.SSH_PUBLIC_KEYFILE, key_file)
  354. # self.set_option(pycurl.CAINFO, cert_file)
  355. # self.set_option(pycurl.SSLCERT, cert_file)
  356. # self.set_option(pycurl.SSLCERTTYPE, 'p12')
  357. # self.set_option(pycurl.SSLCERTPASSWD, '1234')
  358. # self.set_option(pycurl.SSLKEY, key_file)
  359. # self.set_option(pycurl.SSLKEYPASSWD, '1234')
  360. # for file in (key_file, cert_file):
  361. # if not os.path.exists(file):
  362. # print "\n[E] File '%s' doesn't exist\n" % file
  363. # return
  364. self.set_option(pycurl.SSL_VERIFYHOST, 0)
  365. self.set_option(pycurl.SSL_VERIFYPEER, 0)
  366. self.header.seek(0,0)
  367. self.payload = ""
  368. for count in range(0, self.retries):
  369. time.sleep(self.delay)
  370. if self.dropcookie:
  371. self.set_option(pycurl.COOKIELIST, 'ALL')
  372. nocookie = ['Set-Cookie: ', '']
  373. self.set_option(pycurl.HTTPHEADER, self.fakeheaders + nocookie)
  374. try:
  375. self.handle.perform()
  376. except:
  377. return
  378. return self.payload
  379. def get(self, url="", headers=None, params=None):
  380. """
  381. Get a url.
  382. """
  383. if params:
  384. url += "?" + urllib.parse.urlencode(params)
  385. self.set_option(pycurl.HTTPGET, 1)
  386. return self.__request(url, headers)
  387. def post(self, cgi, params, headers):
  388. """
  389. Post a url.
  390. """
  391. self.set_option(pycurl.POST, 1)
  392. self.set_option(pycurl.POSTFIELDS, params)
  393. return self.__request(cgi, headers)
  394. def body(self):
  395. """
  396. Get the payload from the latest operation.
  397. """
  398. return self.payload
  399. def info(self):
  400. """
  401. Get an info dictionary from the selected url.
  402. """
  403. self.header.seek(0,0)
  404. url = self.handle.getinfo(pycurl.EFFECTIVE_URL)
  405. if url.startswith('http'):
  406. self.header.readline()
  407. m = email.message_from_string(str(self.header))
  408. else:
  409. m = email.message_from_string(str(StringIO()))
  410. #m['effective-url'] = url
  411. m['http-code'] = str(self.handle.getinfo(pycurl.HTTP_CODE))
  412. m['total-time'] = str(self.handle.getinfo(pycurl.TOTAL_TIME))
  413. m['namelookup-time'] = str(self.handle.getinfo(pycurl.NAMELOOKUP_TIME))
  414. m['connect-time'] = str(self.handle.getinfo(pycurl.CONNECT_TIME))
  415. #m['pretransfer-time'] = str(self.handle.getinfo(pycurl.PRETRANSFER_TIME))
  416. #m['redirect-time'] = str(self.handle.getinfo(pycurl.REDIRECT_TIME))
  417. #m['redirect-count'] = str(self.handle.getinfo(pycurl.REDIRECT_COUNT))
  418. #m['size-upload'] = str(self.handle.getinfo(pycurl.SIZE_UPLOAD))
  419. #m['size-download'] = str(self.handle.getinfo(pycurl.SIZE_DOWNLOAD))
  420. #m['speed-upload'] = str(self.handle.getinfo(pycurl.SPEED_UPLOAD))
  421. m['header-size'] = str(self.handle.getinfo(pycurl.HEADER_SIZE))
  422. m['request-size'] = str(self.handle.getinfo(pycurl.REQUEST_SIZE))
  423. m['response-code'] = str(self.handle.getinfo(pycurl.RESPONSE_CODE))
  424. m['ssl-verifyresult'] = str(self.handle.getinfo(pycurl.SSL_VERIFYRESULT))
  425. try:
  426. m['content-type'] = (self.handle.getinfo(pycurl.CONTENT_TYPE) or '').strip(';')
  427. except:
  428. m['content-type'] = str("text/html; charset=UTF-8")
  429. m['cookielist'] = str(self.handle.getinfo(pycurl.INFO_COOKIELIST))
  430. #m['content-length-download'] = str(self.handle.getinfo(pycurl.CONTENT_LENGTH_DOWNLOAD))
  431. #m['content-length-upload'] = str(self.handle.getinfo(pycurl.CONTENT_LENGTH_UPLOAD))
  432. #m['encoding'] = str(self.handle.getinfo(pycurl.ENCODING))
  433. return m
  434. @classmethod
  435. def print_options(cls):
  436. """
  437. Print selected options.
  438. """
  439. print("\nCookie:", cls.cookie)
  440. print("User Agent:", cls.agent)
  441. print("Referer:", cls.referer)
  442. print("Extra Headers:", cls.headers)
  443. if cls.xforw == True:
  444. print("X-Forwarded-For:", "Random IP")
  445. else:
  446. print("X-Forwarded-For:", cls.xforw)
  447. if cls.xclient == True:
  448. print("X-Client-IP:", "Random IP")
  449. else:
  450. print("X-Client-IP:", cls.xclient)
  451. print("Authentication Type:", cls.atype)
  452. print("Authentication Credentials:", cls.acred)
  453. if cls.ignoreproxy == True:
  454. print("Proxy:", "Ignoring system default HTTP proxy")
  455. else:
  456. print("Proxy:", cls.proxy)
  457. print("Timeout:", cls.timeout)
  458. if cls.tcp_nodelay == True:
  459. print("Delaying:", "TCP_NODELAY activate")
  460. else:
  461. print("Delaying:", cls.delay, "seconds")
  462. if cls.followred == True:
  463. print("Follow 302 code:", "active")
  464. if cls.fli:
  465. print("Limit to follow:", cls.fli)
  466. else:
  467. print("Delaying:", cls.delay, "seconds")
  468. print("Retries:", cls.retries, "\n")
  469. def answered(self, check):
  470. """
  471. Check for occurence of a string in the payload from
  472. the latest operation.
  473. """
  474. return self.payload.find(check) >= 0
  475. def close(self):
  476. """
  477. Close the curl handle.
  478. """
  479. self.handle.close()
  480. self.header.close()
  481. self._closed = True
  482. def __del__(self):
  483. if not self._closed:
  484. self.close()