Hi Andrés, sounds like fuzzer.py is what I asked for. Thanks. Questions now are: 1. how can a private file be used there? 2. how to use a dynamically generated file there?
Ciao, Achim Am 15.05.2013 15:41, schrieb Andres Riancho: > Achim, > > On Wed, May 15, 2013 at 9:53 AM, Achim Hoffmann <webse...@sic-sec.org> wrote: >> Hi all, >> >> I'm searching for a plugin which can multiple encode a payload. >> Does such a thing exist in w3af? > > No, it doesn't. w3af doesn't play with encoding as much as it should. > > As a side note, I think I wouldn't implement this as a plugin, I would > add it in the create_mutants function [0]. This function takes > fuzzable requests as input and outputs modified requests. Example: > > Input: > - http://host.tld/foo?id=1 > - [payload1, payload2] > > Output: > - http://host.tld/foo?id=payload1 > - http://host.tld/foo?id=payload2 > > If you read [0] you'll notice that it would be a good idea to add a > fuzzer_config (see: _get_fuzzer_config) where the user can configure > at a framework wide level the "encoding depth". By default I would set > it to zero: only use the regular RFC required encoding. > > If create_mutants is modified, it would be possible to have it output > something like: > - http://host.tld/foo?id=payload1 > - http://host.tld/foo?id=payload2 > - http://host.tld/foo?id=encodeEntity(payload1) > - http://host.tld/foo?id=encodeEntity(payload2) > .... > - http://host.tld/foo?id=encodeEntity(encodeURL(encodeURL(payload1))) > - http://host.tld/foo?id=encodeEntity(encodeURL(encodeURL(payload2))) > > This would be a good thing to have, and the implementation at this > level will affect all plugins which use the create_mutants function > (all which send payloads if I'm not mistaken). Create mutants also > mutates the path (as in your /path/foo<u>xss/other example), > post-data, etc. > > [0] > https://github.com/andresriancho/w3af/blob/master/core/data/fuzzer/fuzzer.py > > >> The idea is as follows: >> given the url like >> >> /path/foo<u>xss/other >> >> I want to test these variants: >> >> /path/foo<u>xss/other >> /path/foo%3Cu%3Exss/other >> /path/foo%253cu%253exss/other >> /path/foo%25253cu%25253exss/other >> /path/foo%26%6C%74%3Bu%26%67%74%3Bxss/other >> /path/foo%26%6C%74%3B%75%26%67%74%3Bxss/other >> /path/foo%2526%256C%2574%253Bu%2526%2567%2574%253Bxss/other >> /path/foo%3Cu%3Exss/other >> /path/foo%253Cu%253Exss/other >> >> The idea (abstract) is like: >> >> encodeEntity(payload) >> encodeURL(payload) >> encodeURL(encodeURL(payload)) >> encodeURL(encodeURL(encodeURL(payload))) >> encodeURL(encodeEntity(payload)) >> encodeEntity(encodeURL(payload)) >> encodeEntity(encodeURL(encodeURL(payload))) >> >> The payload can be anywhere in the URL, header or body. >> Test in the URL at first glance will be great. >> >> Is there such a plugin, or one which can simply be extended? >> >> Any help appreciated >> Achim >> >> >> BTW, I already have a tool to generate such payloads in the browser >> https://www.owasp.org/index.php/Category:OWASP_EnDe >> you can nest the encoding functions how ever you like (see [Functions] >> button) >> >> ------------------------------------------------------------------------------ >> AlienVault Unified Security Management (USM) platform delivers complete >> security visibility with the essential security capabilities. Easily and >> efficiently configure, manage, and operate all of your security controls >> from a single console and one unified framework. Download a free trial. >> http://p.sf.net/sfu/alienvault_d2d >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
