Recently, my colleagues buried in the multi-parameter url for each parameter fuzzing, to achieve the results of the test function can be. When writing the script, I started to give him advice, to complete the url cut, to replace ideas for each list element to complete the script, the script before it turned, as follows:
import re
url="www.baidu.com/?a=1&b=2&c=3&d=4&e=5"
a=[]
a=re.split(r'[=&]\s*',url)
urlNew=""
print(a)
for i in range(0,len(a)):
if i<len(a)-1:
if i%2==0 :
urlNew=urlNew+a[i]+"="
else:
urlNew=urlNew+"sahdfkhsadf"+"&"
else:
urlNew=urlNew+"sahdfkhsadf"
print(urlNew)
Of course, the above code is all the parameters have been replaced, can be adjusted according to actual situation.
However obvious, it is more and more a requirement of a large section of code, and the actual operation parameters by replacing it is a very real practical requirements. About got below python2, using urlparse correlation function processing code:
# -*- coding: utf-8 -*-
import urlparse, copy, urllib
def url_values_plus(url, vals):
ret = []
u = urlparse.urlparse(url)
qs = u.query
pure_url = url.replace('?'+qs, '')
qs_dict = dict(urlparse.parse_qsl(qs))
for val in vals:
for k in qs_dict.keys():
tmp_dict = copy.deepcopy(qs_dict)
tmp_dict[k] = val
tmp_qs = urllib.unquote(urllib.urlencode(tmp_dict))
ret.append(pure_url + "?" + tmp_qs)
return ret
url = "http://www.waitalone.cn/index.php?id=123&abc=456&xxx=ooo"
payloads = ('../boot.ini','../etc/passwd','../windows/win.ini','../../boot.ini','../../etc/passwd')
urls = url_values_plus(url, payloads)
for pure_url in urls:
print pure_url
Because python3 in urlparse has been incorporated into the urllib can be from urllib import parse by reference, here I give my code:
# -*- coding: gbk -*-
# -*- coding: utf-8 -*-
import copy
from urllib import parse
import urllib
def url_values_plus(url, vals):
ret = []
u = parse.urlparse(url)
qs = u.query
pure_url = url.replace('?'+qs, '')
qs_dict = dict(parse.parse_qsl(qs))
for val in vals:
for k in qs_dict.keys():
tmp_dict = copy.deepcopy(qs_dict)
tmp_dict[k] = val
tmp_qs = parse.unquote(parse.urlencode(tmp_dict))
ret.append(pure_url + "?" + tmp_qs)
return ret
url = "http://www.waitalone.cn/index.php?id=123&abc=456&xxx=ooo&ih=6&lf=1"
payloads = ('../boot.ini','../etc/passwd','../windows/win.ini','../../boot.ini','../../etc/passwd')
urls = url_values_plus(url, payloads)
for pure_url in urls:
print(pure_url)
So then what is to solve it? This is because for each parameter fuzzing, the idea is to go first to an absolute error of payload, payload and then try to back on the same parameter injection, but the above code generation result is this:
As you can see, the process results, each payload is to be replaced by parameters, how do we replace the parameters in accordance with the number of parameters to be divided into packets of it?
My idea is to use the first list into an array, up-dimensional become a two-dimensional matrix, and then specify the column for reading, complete packet-by parameter.
b=np.array(target)
mulb=b.reshape((len(payloads),num))
By reading mulb (:, 0) can read the contents of the first column can be obtained by replacing all of the first parameter url. Specify the columns and rows can be individually fuzz.
To here, I want to eat it for breakfast, see you next time ~