Documentation ¶
Index ¶
- Constants
- Variables
- func ByteToJSONInterface(r io.ReadCloser) (interface{}, []byte, error)
- func CheckTarget(req *HTTPRequest, successcodes []int) error
- func CountJSONBody(jsoni interface{}) int8
- func HTTPRequestToJSONInterface(req *HTTPRequest) (interface{}, error)
- func RequestToString(r *http.Request) (string, error)
- func ResponseToString(r *http.Response) (string, error)
- func ResultsToFile(projectName string, task SerializedTask) error
- func ResultsToMongoDB(mongodbURI string, task SerializedTask) error
- type HTTPRequest
- func (req *HTTPRequest) CountInjectionPoints()
- func (req *HTTPRequest) InjectFormURLEncodedBody(injections []payloads.Payload) []TestCase
- func (req *HTTPRequest) InjectHeaders(injections []payloads.Payload) []TestCase
- func (req *HTTPRequest) InjectJSONParameters(injections []payloads.Payload) []TestCase
- func (req *HTTPRequest) InjectMarked(injections []payloads.Payload) []TestCase
- func (req *HTTPRequest) InjectPath(injections []payloads.Payload) []TestCase
- func (req *HTTPRequest) InjectQueryParameters(injections []payloads.Payload) []TestCase
- func (req *HTTPRequest) IsMarked() bool
- type HTTPResponse
- type SerializedTask
- type SerializedTestCase
- type StorageConfig
- type Task
- type TestCase
Constants ¶
const MarkerRegex = `§(.*?)§`
MarkerRegex is the default request injection marker regex string
Variables ¶
var ErrorCodes = []int{
400,
401,
402,
403,
404,
405,
406,
407,
408,
409,
410,
411,
412,
413,
414,
415,
416,
417,
418,
421,
422,
423,
424,
425,
426,
428,
429,
431,
451,
500,
501,
502,
503,
504,
505,
506,
507,
508,
510,
511,
}
ErrorCodes http error response codes
var SuccessCodes = []int{
100,
101,
102,
103,
200,
201,
202,
203,
204,
205,
206,
207,
208,
226,
300,
301,
302,
303,
304,
305,
307,
308,
}
SuccessCodes http success response codes
var SupportedInjectionPointTypes = []string{
"QUERY",
"JSON",
"FORM_URLENCODE",
"HEADER",
"PATH",
"MARKED",
}
SupportedInjectionPointTypes is a list of supported injection point types
Functions ¶
func ByteToJSONInterface ¶
func ByteToJSONInterface(r io.ReadCloser) (interface{}, []byte, error)
ByteToJSONInterface takes a byte array as input and returns JSON inteface
func CheckTarget ¶
func CheckTarget(req *HTTPRequest, successcodes []int) error
CheckTarget takes a request object and a list of errorcodes returns false if response to the request matches the error code and true if it doesn't
func CountJSONBody ¶
func CountJSONBody(jsoni interface{}) int8
CountJSONBody take http.Request and return total amount of parameters
func HTTPRequestToJSONInterface ¶
func HTTPRequestToJSONInterface(req *HTTPRequest) (interface{}, error)
HTTPRequestToJSONInterface take a HTTPRequest pointer and returns a JSON interface
func RequestToString ¶
RequestToString takes a http.Request and returns a string
func ResponseToString ¶
ResponseToString takes a http.Response and returns a string
func ResultsToFile ¶
func ResultsToFile(projectName string, task SerializedTask) error
ResultsToFile will write the results of a fuzzing Task to a file
func ResultsToMongoDB ¶
func ResultsToMongoDB(mongodbURI string, task SerializedTask) error
ResultsToMongoDB will write the results of a fuzzing Task to MongoDB
Types ¶
type HTTPRequest ¶
type HTTPRequest struct { Request *http.Request RequestText string // String representation of the Request TotalInjectionPoints int8 // Total number of injection points TotalPathInjectionPoints int8 // Total number of URL path injection points TotalCookieInjectionPoints int8 // Total number of Cookie injection points TotalHeaderInjectionPoints int8 // Total number of Cookie injection points TotalQueryInjectionPoints int8 // Total number of Query injection points TotalBodyInjectionPoints int8 // Total number of Body injection points ForceTLS bool // Force request to use TLS/SSL }
HTTPRequest represents a fuzzer HTTP request
func NewHTTPRequestFromBytes ¶
func NewHTTPRequestFromBytes(reqstr []byte, forceTLS bool) (req HTTPRequest, err error)
NewHTTPRequestFromBytes take a []byte and returns a HTTPRequest
func NewHTTPRequestFromRequest ¶
func NewHTTPRequestFromRequest(r *http.Request, forceTLS bool) (req HTTPRequest)
NewHTTPRequestFromRequest takes a http.Request and returns a HTTPRequest
func (*HTTPRequest) CountInjectionPoints ¶
func (req *HTTPRequest) CountInjectionPoints()
CountInjectionPoints takes a http.Request and return to total amount of injection points
func (*HTTPRequest) InjectFormURLEncodedBody ¶
func (req *HTTPRequest) InjectFormURLEncodedBody(injections []payloads.Payload) []TestCase
InjectFormURLEncodedBody takes a array of payloads and return an array of TestCases with the payloads injected in a x-www-form-urlencoded HTTP request body
func (*HTTPRequest) InjectHeaders ¶
func (req *HTTPRequest) InjectHeaders(injections []payloads.Payload) []TestCase
InjectHeaders takes a array of payloads and returns an array of TestCases with the payloads injected in the headers
func (*HTTPRequest) InjectJSONParameters ¶
func (req *HTTPRequest) InjectJSONParameters(injections []payloads.Payload) []TestCase
InjectJSONParameters takes a array of payloads and returns a array of TestCases with the payloads injected in the JSON body of each HTTP request
func (*HTTPRequest) InjectMarked ¶
func (req *HTTPRequest) InjectMarked(injections []payloads.Payload) []TestCase
InjectMarked takes a array of payloads and returns a array of TestCases with the payloads injected in the JSON body of each HTTP request
func (*HTTPRequest) InjectPath ¶
func (req *HTTPRequest) InjectPath(injections []payloads.Payload) []TestCase
InjectPath takes an array of payloads and returns an array of TestCases with the payloads injected in the URI path
func (*HTTPRequest) InjectQueryParameters ¶
func (req *HTTPRequest) InjectQueryParameters(injections []payloads.Payload) []TestCase
InjectQueryParameters take an array of payloads and return an array of TestCases with the payloads injected into query parameters
func (*HTTPRequest) IsMarked ¶
func (req *HTTPRequest) IsMarked() bool
IsMarked check for injection markers inside of a request and return true if found or false if not found.
type HTTPResponse ¶
type HTTPResponse struct { Response *http.Response ResponseText string // String representation of the Response }
HTTPResponse represents a fuzzer HTTP response
func NewHTTPResponse ¶
func NewHTTPResponse(baseres *http.Response) (res HTTPResponse, err error)
NewHTTPResponse takes a http.Response and returns a HTTPResponse
func NewHTTPResponseFromBytes ¶
func NewHTTPResponseFromBytes(resstr []byte, req *http.Request) (res HTTPResponse, err error)
NewHTTPResponseFromBytes take a []byte and returns a HTTPResponse
type SerializedTask ¶
type SerializedTask struct { Project string `bson:"project"` Name string `bson:"name"` BaseRequest string `bson:"baserequest"` Start time.Time `bson:"start"` End time.Time `bson:"end"` TestCases []SerializedTestCase `bson:"testcases"` }
SerializedTask is the bson serialized version of Task
type SerializedTestCase ¶
type SerializedTestCase struct { Request string `bson:"request,omitempty"` Response string `bson:"response,omitempty"` Injection string `bson:"injection,omitempty"` InjectionType string `bson:"injectiontype,omitempty"` InjectionPoint string `bson:"injectionpoint,omitempty"` InjectionPointType string `bson:"injectionpointtype,omitempty"` Duration string `bson:"duration,omitempty"` }
SerializedTestCase is the BSON serialized version of TestCase
type StorageConfig ¶
type StorageConfig struct { UseMongoDB bool MongoDBURI string UseFile bool FileURI string UseElasticSearch bool ElasticSeachURI string }
StorageConfig contains information about where to store results of a fuzzer Task
func CreateStorageConfigFromURI ¶
func CreateStorageConfigFromURI(StorageURIs []string) StorageConfig
CreateStorageConfigFromURI takes an array of URI strings and return a StorageConfig type
type Task ¶
type Task struct { Project string Name string InjectionTypes []string BaseRequest HTTPRequest Start time.Time End time.Time State string TestCases []TestCase }
Task represents a Fuzzer task
type TestCase ¶
type TestCase struct { BaseRequest HTTPRequest Request HTTPRequest Response HTTPResponse Injection string InjectionType string InjectionPoint string InjectionPointType string Duration string Status string }
TestCase contain information about a fuzz case such as request, response, injection, etc.
func CreateTestCases ¶
func CreateTestCases(injectionpointtypes []string, injectiontypes []string, mongodbURI string, request HTTPRequest) ([]TestCase, error)
CreateTestCases takes a arrays of InjectionPointType, InjectionType, and a mongodbURI and returns an array of TestCases
func (*TestCase) Serialize ¶
func (TC *TestCase) Serialize() SerializedTestCase
Serialize return a serialize version of TestCase