crash.software
Projects
Pull Requests
Issues
Builds
param-miner
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY param-miner Commits d1c77bc6
🤬
  • ■ ■ ■ ■ ■
    src/burp/HeaderMutator.java
    skipped 15 lines
    16 16   this.registerMutation("nospace");
    17 17   this.registerMutation("underscore");
    18 18   this.registerMutation("cr-hyphen");
     19 + this.registerMutation("letter-hyphen");
    19 20  
    20 21   this.registerMutation("linePrefixSpace");
    21 22   this.registerMutation("linePrefixTab");
    22 23   this.registerMutation("linePrefixVTab");
    23 24   this.registerMutation("linePrefixNull");
    24 25  
    25  - this.registerMutation("lineAppendixSpace");
    26  - this.registerMutation("lineAppendixTab");
    27  - this.registerMutation("lineAppendixLF");
    28  - this.registerMutation("lineAppendixCR");
    29  - this.registerMutation("lineAppendixVTab");
    30 26   this.registerMutation("lineAppendixNull");
    31 27  
    32 28   this.registerMutation("colonPreNull");
    skipped 49 lines
    82 78   retStr = header.replaceFirst("-", "\r");
    83 79   break;
    84 80  
     81 + case "letter-hyphen":
     82 + retStr = header.replaceFirst("-", "s");
     83 + break;
     84 +
    85 85   case "linePrefixSpace":
    86 86   retStr = " " + header;
    87 87   break;
    skipped 8 lines
    96 96  
    97 97   case "linePrefixNull":
    98 98   retStr = new String(new byte[]{(byte)0x00}) + header;
    99  - break;
    100  -
    101  - case "lineAppendixSpace":
    102  - retStr = header + " ";
    103  - break;
    104  -
    105  - case "lineAppendixTab":
    106  - retStr = header + "\t";
    107  - break;
    108  -
    109  - case "lineAppendixLF":
    110  - retStr = header + "\n";
    111  - break;
    112  -
    113  - case "lineAppendixCR":
    114  - retStr = header + "\r";
    115  - break;
    116  -
    117  - case "lineAppendixVTab":
    118  - retStr = header + new String(new byte[]{(byte)0x0b});
    119 99   break;
    120 100  
    121 101   case "lineAppendixNull":
    skipped 186 lines
  • ■ ■ ■ ■ ■ ■
    src/burp/MutationGuesser.java
    skipped 30 lines
    31 31   public ArrayList<String> guessMutations() {
    32 32   byte[] baseReq = this.removeHeader(this.req.getRequest(), "Content-Length");
    33 33   ArrayList<String> ret = new ArrayList<String>();
    34  -
    35  - // Get the front-end error
    36  - IHttpRequestResponse frontErrReq = this.requestHeader(baseReq, "Content-Length: z");
    37  - byte[] frontError = frontErrReq.getResponse();
    38  -
    39  - // Check we've managed to generate an error
    40  - IHttpRequestResponse noErrReq = this.requestHeader(baseReq, "Content-Length: 0");
    41  - byte[] noErr = noErrReq.getResponse();
    42  - if (this.requestMatch(frontError, noErr)) {
    43  - Utilities.out("Failed to generate error against host " + this.service.getHost());
    44  - return ret;
    45  - }
     34 + HeaderMutator mutator = new HeaderMutator();
    46 35  
    47 36   // Test all the mutations to find back-end errors
    48  - HeaderMutator mutator = new HeaderMutator();
    49 37   for (int i = 0; i< this.testHeaders.length; i++) {
    50 38   Iterator<String> iterator = mutator.mutations.iterator();
    51 39   String testHeaderValid = this.testHeaders[i][0];
    52 40   String testHeaderInvalid = this.testHeaders[i][1];
     41 +
     42 + // Get the front-end error
     43 + IHttpRequestResponse frontErrReq = this.requestHeader(baseReq, testHeaderInvalid);
     44 + byte[] frontError = frontErrReq.getResponse();
     45 +
     46 + // Check we've managed to generate an error
     47 + IHttpRequestResponse noErrReq = this.requestHeader(baseReq, testHeaderValid);
     48 + byte[] noErr = noErrReq.getResponse();
     49 + if (this.requestMatch(frontError, noErr)) {
     50 + continue;
     51 + }
     52 +
     53 + if (frontError.length == 0 || noErr.length == 0) {
     54 + String host = frontErrReq.getHttpService().getHost();
     55 + Utilities.out("Failed to fetch request while guessing mutations " + host);
     56 + continue;
     57 + }
     58 +
    53 59   while (iterator.hasNext()) {
    54 60   String mutation = iterator.next();
    55 61   if (ret.contains(mutation)) {
    skipped 46 lines
    102 108   int start = offsets[0];
    103 109   int end = offsets[2] + 2;
    104 110   byte[] ret = new byte[req.length - (end - start)];
     111 + // TODO: sometimes getting null point exceptions from this line
    105 112   System.arraycopy(req, 0, ret, 0, start);
    106 113   System.arraycopy(req, end, ret, start, req.length - end);
    107 114   return ret;
    skipped 42 lines
  • ■ ■ ■ ■ ■ ■
    src/burp/ParamGuesser.java
    skipped 229 lines
    230 230   if (headerMutations == null) {
    231 231   headerMutations = new ArrayList<String>();
    232 232   }
     233 +
     234 + // Ensure that the identity mutation is scanned
    233 235   if (headerMutations.size() == 0 || headerMutations.get(0) != null) {
    234 236   headerMutations.add(0, null);
    235 237   }
    skipped 559 lines
Please wait...
Page is in error, reload to recover