4
########################################################################################################################
5
s_initialize("HTTP VERBS BASIC")
6
s_group("verbs", values=["GET", "HEAD"])
7
if s_block_start("body", group="verbs"):
11
s_string("index.html")
22
########################################################################################################################
23
s_initialize("HTTP VERBS POST")
24
s_static("POST / HTTP/1.0\r\n")
25
s_static("Content-Type: ")
26
s_string("application/x-www-form-urlencoded")
28
s_static("Content-Length: ")
29
s_size("post blob", format="ascii", signed=True, fuzzable=True)
32
if s_block_start("post blob"):
33
s_string("A"*100 + "=" + "B1"*100)
37
########################################################################################################################
38
s_initialize("HTTP HEADERS")
39
s_static("GET / HTTP/1.1\r\n")
41
# let's fuzz random headers with malformed delimiters.
48
# let's fuzz the value portion of some popular headers.
49
s_static("User-Agent: ")
50
s_string("Mozilla/5.0 (Windows; U)")
53
s_static("Accept-Language: ")
59
s_static("Keep-Alive: ")
63
s_static("Connection: ")
64
s_string("keep-alive")
68
s_string("http://dvlabs.tippingpoint.com")
73
########################################################################################################################
74
s_initialize("HTTP COOKIE")
75
s_static("GET / HTTP/1.0\r\n")
77
if s_block_start("cookie"):
81
s_string("1234567890<a>")
85
s_repeat("cookie", max_reps=5000, step=500)
89
s_initialize("HTTP VERBS")
90
s_group("verbs", values=["GET", "HEAD", "POST", "OPTIONS", "TRACE", "PUT", "DELETE", "PROPFIND"])
91
if s_block_start("body", group="verbs"):
94
s_string("index.html")
104
sess = sessions.session()
107
for target in ("HTTP VERBS", "HTTP COOKIE", "HTTP VERBS BASIC", "HTTP VERBS POST",
112
fw = open(target+"-ut.t", "w+")
113
fw.write("# fuzzed testcase. ")
116
use Test::Nginx::Socket;
118
plan tests => repeat_each(2) * blocks();
121
$ENV{TEST_NGINX_SERVROOT} = server_root();
126
for i in xrange(0,150):
130
fw.write("=== "+str(gc)+" in "+target+"\n")
131
fw.write("""--- main_config
132
working_directory /tmp/;
133
worker_rlimit_core 25M;
135
include /etc/nginx/naxsi_core.rules;
139
DeniedUrl "/RequestDenied";
140
CheckRule "$SQL >= 8" BLOCK;
141
CheckRule "$RFI >= 8" BLOCK;
142
CheckRule "$TRAVERSAL >= 4" BLOCK;
143
CheckRule "$XSS >= 8" BLOCK;
144
root $TEST_NGINX_SERVROOT/html/;
145
index index.html index.htm;
147
location /RequestDenied {
150
--- raw_request eval\n""")
151
fw.write("\""+req.render()+"\"\n")
152
if (target is "foobar"):
153
fw.write("--- error_code: 400\n\n")
154
# elif (target is "HTTP HEADERS"):
155
# fw.write("--- error_code: 400\n\n")
156
# elif (target is "HTTP VERBS BASIC"):
157
# fw.write("--- error_code: 400\n\n")
159
fw.write("--- error_code: 400\n\n")
160
# print(req.render())
164
########################################################################################################################