zaproxy · timruff · May 17, 2023 · May 17, 2023 · May 17, 2023 · May 17, 2023
diff --git a/httpfuzzerprocessor/RTT_time_filter.py b/httpfuzzerprocessor/RTT_time_filter.py
@@ -0,0 +1,44 @@
+# Version 1.0
+# @author RUFFENACH Timothée
+# filter by RTT (time request).
+
+from javax.swing import JFrame, JPanel, JComboBox, JOptionPane,JFileChooser,JOptionPane
+
+# Auxiliary variables/constants needed for processing.
+global time,isCheck;
+init = False
+
+def getNumber(min,max,asked):
+	number = JOptionPane.showInputDialog(None, asked, "Input", JOptionPane.QUESTION_MESSAGE)
+
+	if int(number) >= min and int(number) <= max:
+		number = int(number)
+		return number
+	else:
+		JOptionPane.showMessageDialog(None, "Choose number between " +  min  + " to " + max)
+		getNumber()
+
+# Called after injecting the payloads and before forward the message to the server.
+def processMessage(utils, message) :
+	if (init == False):
+		initialise()
+
+def initialise():
+	global init,entry,isCheck
+	global time;
+	time = getNumber(1,50000,"how many time do you want ?")
+	isCheck = JOptionPane.showConfirmDialog(None, "more high or equal (YES) esle less or equal (NO)", "Confirm", JOptionPane.YES_NO_OPTION)
+	init = True
+
+
+# Called after receiving the fuzzed message from the server
+def processResult(utils, fuzzResult) :
+	global isChek,time
+	if isCheck == JOptionPane.YES_OPTION and (int(fuzzResult.getHttpMessage().getTimeElapsedMillis()) >= time):
+		return bool(1)
+	elif isCheck == JOptionPane.NO_OPTION and (int(fuzzResult.getHttpMessage().getTimeElapsedMillis()) <= time):
+		return bool(1)
+	else:
+		return bool(0);
+
+
diff --git a/httpfuzzerprocessor/filtersResultWithStringOnBodyResponse.py b/httpfuzzerprocessor/filtersResultWithStringOnBodyResponse.py
@@ -0,0 +1,52 @@
+# @author Timothée Ruffenach
+# Version 1.0
+# filters the fuzzing result with a string.
-# filters the fuzzing result with a string.
+# Filters the fuzzing results based on a user defined string.
-# filters the fuzzing result with a string.
+# Filters the fuzzing results based on a user defined string.
+
+from javax.swing import JOptionPane
+
+
+# global variable
+init = False
+entry = ""
+isCheck = False
+
+# Called after injecting the payloads and before forward the message to the server.
+def processMessage(utils, message) :
+    global number,payloads
+    if not init:
+        initialise()
+
+
+def initialise():
+    global init,entry,isCheck
+
+    entry = ""
+
+    # ask stings to find
+    while entry == "":
+        entry = getString("what character string do you want to find ?")
-        entry = getString("what character string do you want to find ?")
+        entry = getString("What character string do you want to find ?")
-        entry = getString("what character string do you want to find ?")
+        entry = getString("What character string do you want to find ?")
+        if entry == "":
+            JOptionPane.showMessageDialog(None, "Empty string","Waring", JOptionPane.WARNING_MESSAGE)
+    # ask reverse message
+    isCheck = JOptionPane.showConfirmDialog(None, "Reverse", "Confim", JOptionPane.YES_NO_OPTION)
+
+
+    init = True
+
+# Called after receiving the fuzzed message from the server
+def processResult(utils, fuzzResult) :
+    global entry,isCheck
+    body = fuzzResult.getHttpMessage().getResponseBody().toString()
+
+    # test all posibility
+    if isCheck == JOptionPane.NO_OPTION and entry in body:
+        return bool(1);
+    elif isCheck == JOptionPane.YES_OPTION and not entry in body:
+        return bool(1);
+    else:
+        return bool(0);
+
+# Question
+def getString(question):
+        stringInput = JOptionPane.showInputDialog(None, question, "Input", JOptionPane.QUESTION_MESSAGE)
+        return stringInput 
diff --git a/httpfuzzerprocessor/pitchWork.py b/httpfuzzerprocessor/pitchWork.py
@@ -0,0 +1,97 @@
+# Version 1.1
+# @author RUFFENACH Timothée
+# Script inspired from https://02108124551050482571.googlegroups.com/attach/54c6e34f6fe20/message_processor.js?part=0.1&view=1&vt=ANaJVrEJuACewYorhYYa_zyhyMSug06pmlERCqfYdLsukQBC3OW3LATuXG1WHk_Fw9a0nhexG8ykFDuFgBGYrKAg_pOQ61M36MwC9SOBGvK4KLZn3eDkNzY (dot run on owasp 2.12.0)
+# To resolve problem at from https://github.com/zaproxy/zaproxy/issues/2967
+# The script fuzz in mode pitchfork.
+# To Use : Enable script.
+# In fuzzer Add number multiple EmptyNull payloads with a good number of iterations.
+# Select the desired number of payloads [limit 2 to 20]
+# Select the desired number of files    [limit 2 to 20]
+
+from java.nio.file import Paths
+from javax.swing import JFileChooser
+from javax.swing import JOptionPane
+from org.zaproxy.zap.extension.fuzz.payloads.generator import FileStringPayloadGenerator
+
+payloads1 = None
+payloads2 = None
+init = False
+
+def processMessage(utils, message):
+    global number, payloads, init
+
+    if not init:
+        initialise()
+
+    # Stop if has end of payloads
-    # Stop if has end of payloads
+    # Stop if the loop has reached the end of the payloads
-    # Stop if has end of payloads
+    # Stop if the loop has reached the end of the payloads
+    for i in range(number):
+        # if end of payload stop fuzzing
+        if not payloads[i].hasNext():
+            utils.stopFuzzer()
+            # close all payload
+            for j in range(number):
+                payloads.close()
+            return
+
+    for i in range(number):
+        # Get the next value of payloads
+        # Get information of body and replace with payload value
+        payloadNext = payloads[i].next().getValue()
+        body = message.getRequestBody().toString()
+        body = body.replace(utils.getPaylaods().get(i).getValue(), payloadNext)
+        # Set payload value to show in Fuzzer 
+        utils.getPaylaods().set(i,payloadNext)
+        # set payload in body
+        message.getRequestBody().setBody(body)
+        message.getRequestHeader().setContentLength(message.getRequestBody().length())
+
+def processResult(utils, fuzzResult):
+    return True
+
+def chooseFile():
+    fileChooser = JFileChooser()
+    fileChooser.setMultiSelectionEnabled(True)
+    filePath = ""
+    result = fileChooser.showOpenDialog(None)
+
+    if result == JFileChooser.APPROVE_OPTION:
+        selectedFiles = fileChooser.getSelectedFiles()
+        for file in selectedFiles:
+            filePath = file.getAbsolutePath()
+            print('The path is :', filePath)
+
+    return filePath
+
+def chooseNumber():
+    number = JOptionPane.showInputDialog(None, "How many payload do you want [2 to 20]:", "Input", JOptionPane.QUESTION_MESSAGE)
+
+    # Check number between 2 to 20
+    if int(number) > 1 and int(number) < 21:
+        number = int(number)
+        return number
+    else:
+        JOptionPane.showMessageDialog(None, "Choose number between 2 to 20")
-        JOptionPane.showMessageDialog(None, "Choose number between 2 to 20")
+        JOptionPane.showMessageDialog(None, "Choose a number between 2 to 20")
-        JOptionPane.showMessageDialog(None, "Choose number between 2 to 20")
+        JOptionPane.showMessageDialog(None, "Choose a number between 2 to 20")
+        chooseNumber()
+
+def initialise():
+    global init
+    global payloads
+    global number
+
+    payloads = []
+    filePaths = []
+
+    # input number of payloads
+    number = -1
+    while number == -1:
+        number = chooseNumber()
+
+    # choose file user        
+    for i in range(number):
+        filePaths.append(chooseFile())
+
+    # Get payload in file to var payloads    
+    for i in range(number):
+        payloads.append(FileStringPayloadGenerator(Paths.get(filePaths[i])).iterator())
+
+    init = True
diff --git a/httpsender/AddHeaderXForwardedForRandomIP.js b/httpsender/AddHeaderXForwardedForRandomIP.js
@@ -0,0 +1,26 @@
+// @author Ruffenach Timothée
+// The original script comes from the Fuzzer HTTP Processor section under the name random_x_forwarded_for_ip.js
+// Add in Header response X-Forwarded-For: Random IP
+// The sendingRequest and responseReceived functions will be called for all requests/responses sent/received by ZAP, 
+// including automated tools (e.g. active scanner, fuzzer, ...)
+
+// Note that new HttpSender scripts will initially be disabled
+// Right click the script in the Scripts tree and select "enable"  
+
+// For the latest list of 'initiator' values see the HttpSender class:
+// https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/parosproxy/paros/network/HttpSender.java
+// 'helper' just has one method at the moment: helper.getHttpSender() which returns the HttpSender 
+// instance used to send the request.
+
+// In order to facilitate identifying ZAP traffic and Web Application Firewall exceptions, ZAP is accompanied 
+// by this script which can be used to add a specific header to all traffic that passes through 
+// or originates from ZAP. e.g.: X-ZAP-Initiator: 3
+
+function sendingRequest(msg, initiator, helper) {
+	var random_ip = Math.floor(Math.random() * 254)+ "." + Math.floor(Math.random() * 254) + "." + Math.floor(Math.random() * 254) + "." + Math.floor(Math.random() * 254);
+	msg.getRequestHeader().setHeader("X-Forwarded-For", random_ip);
+}
+
+function responseReceived(msg, initiator, helper) {
+	// Nothing to do here
+}
diff --git a/payloadprocessor/full_HTML_encode.py b/payloadprocessor/full_HTML_encode.py
@@ -0,0 +1,14 @@
+# @author RUFFENACH timothée
+# Version 1.0
+# encode payload to full HTML encode
+
+def process(payload):
+	payloadEncode=""
+
+	# convert to full HTML
+	for i in payload:
+		payloadEncode += "&#"
+		payloadEncode += str(ord(i))
+		payloadEncode += ";"
+
+	return payloadEncode