From 6968da810aabdf8efe46b720ebc3b99429da6169 Mon Sep 17 00:00:00 2001 From: jjf012 Date: Wed, 21 Oct 2015 16:25:28 +0800 Subject: [PATCH] =?UTF-8?q?=E7=9B=B4=E6=8E=A5=E4=BC=A0headers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- AutoSqli.py | 33 +++++++++++++++++++-------------- sqlirunner.py | 35 ++++++++++++++++++----------------- 2 files changed, 37 insertions(+), 31 deletions(-) diff --git a/AutoSqli.py b/AutoSqli.py index 146639e..e66b91d 100644 --- a/AutoSqli.py +++ b/AutoSqli.py @@ -8,7 +8,7 @@ class AutoSqli(Thread): def __init__(self, server='', target='', - data='', referer='', cookie='', req_text=''): + data='', headers='', req_text=''): Thread.__init__(self) self.server = server if self.server[-1] != '/': @@ -18,8 +18,11 @@ def __init__(self, server='', target='', self.engineid = '' self.status = '' self.data = data - self.referer = referer - self.cookie = cookie + self.headers = '' + for key,value in headers: + self.headers += "%s:%s\n" % (key, value) + #self.referer = referer + #self.cookie = cookie self.req_text = req_text self.start_time = time.time() @@ -38,15 +41,16 @@ def task_delete(self): return False def scan_start(self): - headers = {'Content-Type': 'application/json'} + _headers = {'Content-Type': 'application/json'} payload = { 'url': self.target, 'data': self.data, - 'cookie': self.cookie, - 'referer': self.referer} + #'cookie': self.cookie, + #'referer': self.referer} + 'headers': self.headers} url = self.server + 'scan/' + self.taskid + '/start' t = json.loads( - requests.post(url, data=json.dumps(payload), headers=headers).text) + requests.post(url, data=json.dumps(payload), headers=_headers).text) self.engineid = t['engineid'] if len(str(self.engineid)) > 0 and t['success']: return True @@ -68,18 +72,19 @@ def scan_data(self): if len(self.data) == 0: print 'not injection:\t' + self.target else: - print '=======> injection:\t' + self.target - SQLIRecords.insert(url=self.target, request_text=self.req_text).execute() + print '\033[1;5;32;40m=======> injection:\t' + self.target + '\033[0m' + SQLIRecords.insert(url=self.target, parameter=self.data[0]['value'][0]['parameter'], request_text=self.req_text).execute() def option_set(self): - headers = {'Content-Type': 'application/json'} + _headers = {'Content-Type': 'application/json'} option = {"options": { "smart": True, + #"batch": True, } } url = self.server + 'option/' + self.taskid + '/set' t = json.loads( - requests.post(url, data=json.dumps(option), headers=headers).text) + requests.post(url, data=json.dumps(option), headers=_headers).text) def scan_stop(self): json.loads( @@ -101,13 +106,13 @@ def run(self): return False while True: if self.scan_status() == 'running': - time.sleep(10) + time.sleep(5) elif self.scan_status() == 'terminated': break else: break print self.target + ":\t" + str(time.time() - self.start_time) - if time.time() - self.start_time > 500: + if time.time() - self.start_time > 50: error = True self.scan_stop() self.scan_kill() @@ -121,4 +126,4 @@ def run(self): # if __name__ == '__main__': # t = AutoSqli('http://127.0.0.1:8775', 'http://www.zxssyxx.com/read.asp?id=2471') -# t.run() \ No newline at end of file +# t.run() diff --git a/sqlirunner.py b/sqlirunner.py index 389e004..9ff4091 100644 --- a/sqlirunner.py +++ b/sqlirunner.py @@ -12,9 +12,10 @@ class SqliRunner(object): def __init__(self, request): self.request = request self.url = request.url - self.data = request.body - self.cookie = self.get_from_headers('cookie') - self.referer = self.get_from_headers('referer') + self.content = request.content + self.headers = request.headers + #self.cookie = self.get_from_headers('Cookie') + #self.referer = self.get_from_headers('Referer') self.req_text = self.get_raw_request(self.request) def get_raw_request(self, request): @@ -25,7 +26,7 @@ def get_raw_request(self, request): method = request.method url = request.url urlp = urlparse(url) - body = request.body + body = request.content headers = request.headers protocol = 'HTTP/1.1' if not urlp.fragment and not urlp.query: @@ -37,29 +38,29 @@ def get_raw_request(self, request): else: link = "%s?%s#%s" % (urlp.path, urlp.query, urlp.fragment) text += "%s %s %s\r\n" % (method, link, protocol) - for h in headers.get_all(): - text += "%s: %s\r\n" % (h[0], h[1]) + for key,value in headers: + text += "%s: %s\r\n" % (key, value) text += "\r\n" if body: text += body return text - def get_from_headers(self, key): - try: - item = self.request.headers.get_list(key) - if not item: - return '' - else: - return item[0] - except Exception, e: - return '' + # def get_from_headers(self, key): + # try: + # item = self.request.headers.get(key) + # if not item: + # return '' + # else: + # return item[0] + # except Exception, e: + # return '' def run(self): """ Run the sqli detection using HTTPRequest object. """ try: - detecter = AutoSqli(SERVER, self.url, self.data, - self.referer, self.cookie, self.req_text) + detecter = AutoSqli(SERVER, self.url, self.content, + self.headers, self.req_text) detecter.deamon = True detecter.start() except Exception, e: