fuzz

package
v3.3.6-202411251846 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2024 License: MIT Imports: 21 Imported by: 0

Documentation

Overview

Package fuzz contains the fuzzing functionality for dynamic fuzzing of HTTP requests and its respective implementation.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrRuleNotApplicable = errorutil.NewWithFmt("rule not applicable : %v")
)

Functions

func IsErrRuleNotApplicable

func IsErrRuleNotApplicable(err error) bool

IsErrRuleNotApplicable checks if an error is due to rule not applicable

Types

type ExecuteRuleInput

type ExecuteRuleInput struct {
	// Input is the context args input
	Input *contextargs.Context
	// Callback is the callback for generated rule requests
	Callback func(GeneratedRequest) bool
	// InteractURLs contains interact urls for execute call
	InteractURLs []string
	// Values contains dynamic values for the rule
	Values map[string]interface{}
	// BaseRequest is the base http request for fuzzing rule
	BaseRequest *retryablehttp.Request
	// DisplayFuzzPoints is a flag to display fuzz points
	DisplayFuzzPoints bool

	// ApplyPayloadInitialTransformation is an optional function
	// to transform the payload initially based on analyzer rules
	ApplyPayloadInitialTransformation func(string, map[string]interface{}) string
	AnalyzerParams                    map[string]interface{}
}

ExecuteRuleInput is the input for rule Execute function

type GeneratedRequest

type GeneratedRequest struct {
	// Request is the http request for rule
	Request *retryablehttp.Request
	// InteractURLs is the list of interactsh urls
	InteractURLs []string
	// DynamicValues contains dynamic values map
	DynamicValues map[string]interface{}
	// Component is the component for the request
	Component component.Component
	// Parameter being fuzzed
	Parameter string

	// Key is the key for the request
	Key string
	// Value is the value for the request
	Value string
	// OriginalValue is the original value for the request
	OriginalValue string
	// OriginalPayload is the original payload for the request
	OriginalPayload string
}

GeneratedRequest is a single generated request for rule

type Rule

type Rule struct {
	// description: |
	//   Type is the type of fuzzing rule to perform.
	//
	//   replace replaces the values entirely. prefix prefixes the value. postfix postfixes the value
	//   and infix places between the values.
	// values:
	//   - "replace"
	//   - "prefix"
	//   - "postfix"
	//   - "infix"
	Type string `` /* 187-byte string literal not displayed */

	// description: |
	//   Part is the part of request to fuzz.
	// values:
	//   - "query"
	//   - "header"
	//   - "path"
	//   - "body"
	//   - "cookie"
	//   - "request"
	Part string `` /* 184-byte string literal not displayed */

	// description: |
	//   Parts is the list of parts to fuzz. If multiple parts need to be
	//   defined while excluding some, this should be used instead of singular part.
	// values:
	//   - "query"
	//   - "header"
	//   - "path"
	//   - "body"
	//   - "cookie"
	//   - "request"
	Parts []string `` /* 187-byte string literal not displayed */

	// description: |
	//   Mode is the mode of fuzzing to perform.
	//
	//   single fuzzes one value at a time. multiple fuzzes all values at same time.
	// values:
	//   - "single"
	//   - "multiple"
	Mode string `` /* 142-byte string literal not displayed */

	// description: |
	//   Keys is the optional list of key named parameters to fuzz.
	// examples:
	//   - name: Examples of keys
	//     value: >
	//       []string{"url", "file", "host"}
	Keys []string `` /* 128-byte string literal not displayed */

	// description: |
	//   KeysRegex is the optional list of regex key parameters to fuzz.
	// examples:
	//   - name: Examples of key regex
	//     value: >
	//       []string{"url.*"}
	KeysRegex []string `` /* 137-byte string literal not displayed */

	// description: |
	//   Values is the optional list of regex value parameters to fuzz.
	// examples:
	//   - name: Examples of value regex
	//     value: >
	//       []string{"https?://.*"}
	ValuesRegex []string `` /* 133-byte string literal not displayed */

	// description: |
	//   Fuzz is the list of payloads to perform substitutions with.
	// examples:
	//   - name: Examples of fuzz
	//     value: >
	//       []string{"{{ssrf}}", "{{interactsh-url}}", "example-value"}
	//      or
	//       x-header: 1
	//       x-header: 2
	Fuzz SliceOrMapSlice `` /* 143-byte string literal not displayed */
	// description: |
	//  replace-regex is regex for regex-replace rule type
	//  it is only required for replace-regex rule type
	// examples:
	//   - type: replace-regex
	//     replace-regex: "https?://.*"
	ReplaceRegex string `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Rule is a single rule which describes how to fuzz the request

func (*Rule) Compile

func (rule *Rule) Compile(generator *generators.PayloadGenerator, options *protocols.ExecutorOptions) error

Compile compiles a fuzzing rule and initializes it for operation

func (*Rule) Execute

func (rule *Rule) Execute(input *ExecuteRuleInput) (err error)

Execute executes a fuzzing rule accepting a callback on which generated requests are returned.

Input is not thread safe and should not be shared between concurrent goroutines.

type SliceOrMapSlice

type SliceOrMapSlice struct {
	Value []string
	KV    *mapsutil.OrderedMap[string, string]
}

func (SliceOrMapSlice) JSONSchema

func (v SliceOrMapSlice) JSONSchema() *jsonschema.Schema

func (SliceOrMapSlice) JSONSchemaExtend

func (v SliceOrMapSlice) JSONSchemaExtend(schema *jsonschema.Schema) *jsonschema.Schema

func (SliceOrMapSlice) MarshalJSON

func (v SliceOrMapSlice) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface.

func (SliceOrMapSlice) MarshalYAML

func (v SliceOrMapSlice) MarshalYAML() (any, error)

MarshalYAML implements yaml.Marshaler interface.

func (*SliceOrMapSlice) UnmarshalJSON

func (v *SliceOrMapSlice) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler interface.

func (*SliceOrMapSlice) UnmarshalYAML

func (v *SliceOrMapSlice) UnmarshalYAML(callback func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler interface.

type ValueOrKeyValue

type ValueOrKeyValue struct {
	Key   string
	Value string

	OriginalPayload string
}

func (*ValueOrKeyValue) IsKV

func (v *ValueOrKeyValue) IsKV() bool

Directories

Path Synopsis
time
Package time implements a time delay analyzer using linear regression heuristics inspired from ZAP to discover time based issues.
Package time implements a time delay analyzer using linear regression heuristics inspired from ZAP to discover time based issues.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL