From a0da1651931f7687047ae96b3e8cb0b9923a9767 Mon Sep 17 00:00:00 2001 From: CyberRoute Date: Wed, 22 Nov 2023 21:29:10 +0100 Subject: [PATCH] fuzzer improvements on redirects and js changes --- db/dict_short.txt | 5 +++- pkg/fuzzer/fuzzer.go | 42 ++++++++++++++++++--------- pkg/models/models.go | 11 ++++---- static/js/fetchurls.js | 64 +++++++++++++++++++++++++----------------- 4 files changed, 78 insertions(+), 44 deletions(-) diff --git a/db/dict_short.txt b/db/dict_short.txt index 54216d9..26c7001 100644 --- a/db/dict_short.txt +++ b/db/dict_short.txt @@ -118,4 +118,7 @@ /%EXT%.backup /%EXT%.bak /%EXT%.cgi -/%EXT%.conf \ No newline at end of file +/%EXT%.conf +/.gem +/test +/dvwa/ diff --git a/pkg/fuzzer/fuzzer.go b/pkg/fuzzer/fuzzer.go index 91cf4f6..8d214d0 100644 --- a/pkg/fuzzer/fuzzer.go +++ b/pkg/fuzzer/fuzzer.go @@ -4,6 +4,7 @@ import ( "bytes" "crypto/tls" "encoding/json" + "errors" "fmt" "io" "net/http" @@ -27,7 +28,6 @@ func Get(Mu *sync.Mutex, app *config.AppConfig, domain, path string, progress fl urjoin := "https://" + domain + path url, err := url.Parse(urjoin) if err != nil { - //log.Error().Err(err).Msgf("Error parsing URL: %s", urjoin) app.ZeroLog.Error().Err(err).Msgf("Error parsing URL: %s", urjoin) } @@ -41,25 +41,40 @@ func Get(Mu *sync.Mutex, app *config.AppConfig, domain, path string, progress fl TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, }, } + client.CheckRedirect = func(req *http.Request, via []*http.Request) error { + return errors.New("Redirect") + } resp, err := client.Do(get) if err != nil { app.ZeroLog.Error().Err(err).Msgf("Error performing request for URL: %s", urjoin) } + if resp != nil && resp.StatusCode == http.StatusMovedPermanently || resp.StatusCode == http.StatusFound { //status codes 301 302 + // Add the RedirectPath field to the payload + redirectPath := resp.Header.Get("Location") + fmt.Println(redirectPath) + payload := &models.Url{Path: urjoin, Progress: progress, Status: float64(resp.StatusCode), RedirectPath: redirectPath} + payloadBuf := new(bytes.Buffer) + err = json.NewEncoder(payloadBuf).Encode(payload) + checkError(err) + + dfileHandler(Mu, domain, urjoin, float64(resp.StatusCode), progress, redirectPath) + } else { + // For other status codes + payload := &models.Url{Path: urjoin, Progress: progress, Status: float64(resp.StatusCode)} + payloadBuf := new(bytes.Buffer) + err = json.NewEncoder(payloadBuf).Encode(payload) + checkError(err) + + dfileHandler(Mu, domain, urjoin, float64(resp.StatusCode), progress, "") + } - statusCode := float64(resp.StatusCode) - payload := &models.Url{Path: urjoin, Progress: progress, Status: statusCode} - payloadBuf := new(bytes.Buffer) - err = json.NewEncoder(payloadBuf).Encode(payload) - checkError(err) - - dfileHandler(Mu, domain, urjoin, statusCode, progress) if verbose { app.ZeroLog.Info().Msg(fmt.Sprintf("%s => %s", urjoin, resp.Status)) } } -func dfileHandler(Mu *sync.Mutex, domain, path string, status float64, progress float32) { +func dfileHandler(Mu *sync.Mutex, domain, path string, status float64, progress float32, redirectPath string) { Mu.Lock() defer Mu.Unlock() @@ -68,9 +83,10 @@ func dfileHandler(Mu *sync.Mutex, domain, path string, status float64, progress checkError(err) newUrl := &models.Url{ - Path: path, - Status: status, - Progress: progress, + Path: path, + Status: status, + Progress: progress, + RedirectPath: redirectPath, } id := generateNewId(allUrls) @@ -116,7 +132,7 @@ func writeUrlsToFile(filename string, allUrls models.AllUrls) error { }) // Marshal and write the sorted URLs to the file - newUserBytes, err := json.MarshalIndent(allUrls.Urls, "", " ") + newUserBytes, err := json.Marshal(allUrls.Urls) if err != nil { return err } diff --git a/pkg/models/models.go b/pkg/models/models.go index e490667..3a02584 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -35,11 +35,12 @@ type TemplateData struct { // Urls holds data to be sent to the consumer api endpoint type Url struct { - Id int `json:"id"` - Path string `json:"path"` - Status float64 `json:"status"` - Progress float32 `json:"progress"` - Data string `json:"data"` + Id int `json:"id"` + Path string `json:"path"` + Status float64 `json:"status"` + Progress float32 `json:"progress"` + Data string `json:"data"` + RedirectPath string `json:"redirectpath"` } type AllUrls struct { diff --git a/static/js/fetchurls.js b/static/js/fetchurls.js index 107538e..f14bdc0 100755 --- a/static/js/fetchurls.js +++ b/static/js/fetchurls.js @@ -1,33 +1,47 @@ function fetchUrls() { - const xhr = new XMLHttpRequest(); - xhr.open("GET", "/consumer", true); - xhr.onload = function () { - if (this.status === 200) { - // Parse JSON response - const data = JSON.parse(this.responseText); + const xhr = new XMLHttpRequest(); + xhr.open("GET", "/consumer", true); + xhr.onload = function () { + if (this.status === 200) { + // Parse JSON response + const data = JSON.parse(this.responseText); - // Get container element - const container = document.getElementById("container"); - var bar = document.querySelector(".progress-bar"); - var speedElement = document.getElementById("data"); - // Clear loading message and append data - container.innerHTML = ""; - data.Urls.forEach(url => { + // Get container element + const container = document.getElementById("container"); + var bar = document.querySelector(".progress-bar"); + var speedElement = document.getElementById("data"); + // Clear loading message and append data + container.innerHTML = ""; + data.Urls.forEach(url => { + // Update the speedElement for each URL bar.style.width = url.progress + "%"; speedElement.innerText = url.data; - bar.innerText = url.progress.toFixed(0) + "%"; // format the percentage to one decimal place - if (url.status === 200) { // only display 200 status codes in green - container.innerHTML += `

${url.id} ${url.path} - http code: ${url.status} progress: ${url.progress} ${url.data}

`; - } - }); - } else { - console.error("Error fetching data"); - } - } - xhr.send(); -} + bar.innerText = url.progress.toFixed(0) + "%"; + if (url.status === 200 || url.status === 301 || url.status === 302) { + let urlDisplay; + if (url.status === 301) { + // For 301 status code, use redirectpath + urlDisplay = `

${url.id} ${url.path} - REDIRECTS TO: ${url.redirectpath} - http code: ${url.status} progress: ${url.progress} ${url.data}

`; + } else if (url.status === 302) { + // For 302 status code, concatenate path and redirectpath + let targetPath = url.redirectpath ? url.path + url.redirectpath : url.path; + urlDisplay = `

${url.id} ${url.path} - REDIRECTS TO: ${targetPath} - http code: ${url.status} progress: ${url.progress} ${url.data}

`; + } else { + // For other status codes (200), use the original path + urlDisplay = `

${url.id} ${url.path} - http code: ${url.status} progress: ${url.progress.toFixed(0)}% ${url.data}

`; + } + container.innerHTML += urlDisplay; + } + }); + // Update the overall progress bar and data element + } else { + console.error("Error fetching data"); + } + }; + xhr.send(); +} -// Call fetchUrls() when page is loaded +// Call fetchUrls() when the page is loaded window.onload = fetchUrls; setInterval(fetchUrls, 1000);