Here is the Protocol Fuzzing Script, Which will get some awesome crashes/bugs on HTTP Server.
This Script works as a basic version but, reliable. The overflow.txt is upto the user.
Code Snippet
#!/usr/bin/perl
# HTTP Protocol Fuzzing (Basic)
# Usage: perl httpfuzz.pl <IP> <Port>
# Example: root@n41k#perl httpfuzz.pl 192.168.1.1 80
# root@n41k#perl httpfuzz.pl 172.16.1.1 8080
#
# Author : Srinivas Naik (0xN41K)
#
use IO::Socket;
$target = $ARGV[0];
$port = $ARGV[1];
print "\n\nHTTP Protocol Fuzzing..\n";
$sock = IO::Socket::INET->new(
Proto=>"tcp",
PeerPort=>$port,
PeerAddr=>"$target"
)or die "\nCan't connect to $target..\n";
open(http2,"http_methods.txt"); #Contains HTTP Methods like GET, OPTIONS, etc..
@http_method=<http2>;
foreach $method (@http_method){
open(http1,"overflow.txt"); #Collection of incremental A's
@http=<http1>;
chomp($method);
foreach $line (@http){
chomp($line);
$request = "$method $line/main.html"." HTTP/1.0\r\n\r\n";
print $sock $request; #Send the HTTP DATA to the Network
sleep 2;
print $request."\n";
}
close(http1);
}
close $sock;
close(http2);
print "Done...\n";
Above Fuzzer needs two file inputs
1. http_methods.txt containing GET, PUT, HEAD, OPTIONS etc... each in NEW LINE
2. overflow.txt containing incremental A's can be generated from B0F.pl
#!/usr/bin/perl
# Usage: root@n41k#perl B0F.pl 10000
$len = $ARGV[0];
my $PoC = "A";
open(file , ">>", "overflow.txt");
for ($i=1;$i<$len;$i++){
print file $PoC x $i;
print file "\n";
}
print "\n [+] File successfully created!\n" or die print "\n [-] OVERFLOW Not Created !! ";
close(file);
This Script works as a basic version but, reliable. The overflow.txt is upto the user.
Code Snippet
#!/usr/bin/perl
# HTTP Protocol Fuzzing (Basic)
# Find most of the bugs in Modems, Routers, minihttp servers, etc....
## Usage: perl httpfuzz.pl <IP> <Port>
# Example: root@n41k#perl httpfuzz.pl 192.168.1.1 80
# root@n41k#perl httpfuzz.pl 172.16.1.1 8080
#
# Author : Srinivas Naik (0xN41K)
#
use IO::Socket;
$target = $ARGV[0];
$port = $ARGV[1];
print "\n\nHTTP Protocol Fuzzing..\n";
$sock = IO::Socket::INET->new(
Proto=>"tcp",
PeerPort=>$port,
PeerAddr=>"$target"
)or die "\nCan't connect to $target..\n";
open(http2,"http_methods.txt"); #Contains HTTP Methods like GET, OPTIONS, etc..
@http_method=<http2>;
foreach $method (@http_method){
open(http1,"overflow.txt"); #Collection of incremental A's
@http=<http1>;
chomp($method);
foreach $line (@http){
chomp($line);
$request = "$method $line/main.html"." HTTP/1.0\r\n\r\n";
print $sock $request; #Send the HTTP DATA to the Network
sleep 2;
print $request."\n";
}
close(http1);
}
close $sock;
close(http2);
print "Done...\n";
Above Fuzzer needs two file inputs
1. http_methods.txt containing GET, PUT, HEAD, OPTIONS etc... each in NEW LINE
2. overflow.txt containing incremental A's can be generated from B0F.pl
#!/usr/bin/perl
# Usage: root@n41k#perl B0F.pl 10000
$len = $ARGV[0];
my $PoC = "A";
open(file , ">>", "overflow.txt");
for ($i=1;$i<$len;$i++){
print file $PoC x $i;
print file "\n";
}
print "\n [+] File successfully created!\n" or die print "\n [-] OVERFLOW Not Created !! ";
close(file);
No comments:
Post a Comment