Chapter 13  ■ Automating Bespoke Attacks

Param[] params = new Param[] 

{

new Param(“DocID”, “3801”, Param.Type.URL, true),

};

PayloadSource payloads = new PSNumbers(3000, 3100, 1);

This configuration includes the basic target information, creates a single

request parameter called 

DocID

, and configures our numeric payload source to

cycle through the range 3000–3100.

In order to cycle through a series of requests, potentially targeting multiple

parameters, we’ll need to maintain some state. Let’s use a simple 

nextRequest

method to advance the state of our request engine, returning 

true

until there

are no more requests remaining:

// attack state

int currentParam = 0;

boolean nextRequest()

{

if (currentParam >= params.length)

return false;

if (!params[currentParam].attack)

{

currentParam++;

return nextRequest();

}

if (!payloads.nextPayload())

{

payloads.reset();

currentParam++;

return nextRequest();

}

return true;

}

This stateful request engine will keep track of which parameter we are cur-

rently targeting, and which attack payload to place into it. The next step is to

actually build a complete HTTP request using this information. This involves

inserting each type of parameter into the correct place in the request, and

adding any other required headers:

Download 5,76 Mb.

Do'stlaringiz bilan baham: