Nmap Development mailing list archives
Re: [NSE] http-form-fuzzer script
From: Paulino Calderon <paulino () calderonpale com>
Date: Sun, 10 Jun 2012 23:35:13 -0600
On 06/10/2012 05:11 PM, Peter O wrote:
I noticed that you are transforming the field names to lowercase when extracting the forms. Aren't we generating incorrect field names because of it? Form names are case sensitive to web applications. Am I missing something?Hi all, this script attempts to fuzz fields in forms it detects (it fuzzes one field at a time). In each iteration it first tries to fuzz a field with a string, then with a number. In the output, actions and paths for which errors were observed are listed, along with names of fields that were being fuzzed during error occurrence. Length and type (string/integer) of the input that caused the error are also provided. We consider an error to be either: a response with status 500 or with an empty body, a response that contains "server error" or "sql error" strings. ATM anything other than that is considered not to be an 'error'. There is room for improvement, one idea would be to develop more sophisticated techniques that will let us determine if the fuzzing was successful (i.e. we got an 'error'). Ideally, an algorithm that will tell us a percentage difference between responses should be implemented. - Peter _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
+ -- first find regular inputs + for f in string.gmatch(form, '<%s*[Ii][Nn][Pp][Uu][Tt].->') do + input_type = string.match(f, '[Tt][Yy][Pp][Ee]="(.-)"') + input_name = string.match(f, '[Nn][Aa][Mm][Ee]="(.-)"') + local next_field_index = #fields+1 + if input_name then + fields[next_field_index] = {} + fields[next_field_index]["name"] = string.lower(input_name) + if input_type then + fields[next_field_index]["type"] = string.lower(input_type) + end + end + end + + -- now search for textareas + for f in string.gmatch(form, '<%s*[Tt][Ee][Xx][Tt][Aa][Rr][Ee][Aa].->') do + input_name = string.match(f, '[Nn][Aa][Mm][Ee]="(.-)"') + local next_field_index = #fields+1 + if input_name then + fields[next_field_index] = {} + fields[next_field_index]["name"] = string.lower(input_name) + fields[next_field_index]["type"] = "textarea" + end + end + parsed["fields"] = fields _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-form-fuzzer script Peter O (Jun 10)
- Re: [NSE] http-form-fuzzer script Paulino Calderon (Jun 10)
- Re: [NSE] http-form-fuzzer script Peter O (Jun 11)
- Re: [NSE] http-form-fuzzer script Paulino Calderon (Jun 10)