SHARE
TWEET

soapee.py (v3) - HauntIT Blog

a guest Oct 24th, 2015 117 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. root@kali:~/code/soapee-v3# cat soapee3.py
  3. #!/usr/bin/env python
  4. # -------------------------------------
  5. # soapee.py - SOAP fuzz - v0.2
  6. # -------------------------------------
  7. # 16.10.2015
  8.  
  9. import urllib2
  10. import sys
  11. import re
  12. from bs4 import BeautifulSoup
  13. import httplib
  14. from urlparse import urlparse
  15.  
  16. target = sys.argv[1]
  17.  
  18.  
  19. def sendNewReq(method):
  20.   global soap_header
  21.   print '[+] Sending new request to webapp...'
  22.   toSend = open('./logs/clear-method-'+str(method)+'.txt','r').read()
  23.  
  24.   parsed = urlparse(target)
  25.   server_addr = parsed.netloc
  26.   service_action =  parsed.path
  27.  
  28.   body = toSend
  29.   print '[+] Sending:'
  30.  
  31.   print '[+] Response:'
  32.  
  33.   headers = {"Content-type": "text/xml; charset=utf-8",
  34.         "Accept": "text/plain",
  35.         "SOAPAction" : '"' + str(soap_header) + '"'
  36.         }
  37.  
  38. #  print '***********************************'
  39. #  print 'headers: ', headers
  40. #  print '***********************************'
  41.   conn = httplib.HTTPConnection(server_addr)
  42.   conn.request("POST", parsed.path, body, headers)
  43. #  print body
  44.   response = conn.getresponse()
  45.  
  46.   print '[+] Server said: ', response.status, response.reason
  47.   data = response.read()
  48.  
  49.   logresp = open('./logs/resp-method-'+ method + '.txt','w')
  50.   logresp.write(data)
  51.   logresp.close()
  52.  
  53.   print '............start-resp...........................................'
  54.   print data
  55.   print '............stop-resp...........................................\n'
  56.  
  57.  
  58.   print '[+] Finished. Next step...'
  59.   print '[.] -----------------------------------------\n'
  60.  
  61. ##
  62.  
  63. def prepareNewReq(method):
  64.   print '[+] Preparing new request for method: '+str(method)
  65.  
  66.   fp = open('./logs/method-'+str(method)+'.txt','r')
  67.   fp2 = open('./logs/fuzz-method-'+str(method)+'.txt','w')
  68.  
  69.   for line in fp:
  70.     if line.find('SOAPAction') != -1:
  71.       global soap_header
  72.       soap_header = line
  73.       soap_header = soap_header.split(" ")
  74.       soap_header = soap_header[1].replace('"','')
  75.       soap_header = soap_header.replace('\r\n','')
  76. #     print soap_header
  77.  
  78.     newline = line.replace('<font class="value">','')
  79.     newline2 = newline.replace('</font>','')
  80.  
  81.     newline3 = newline2.replace('string','";\'>')
  82.     newline4 = newline3.replace('int','111111111*11111')
  83.     newline5 = newline4.replace('length','1337')
  84.     newline6 = newline5.replace('<soap:','<soap:')
  85.     newline7 = newline6.replace('</soap:','</soap:')
  86.     newline8 = newline7.replace(' or ','or')
  87.  
  88.     fp2.write(newline8)
  89.  
  90.   print '[+] New request prepared.'
  91.  
  92.   fp2.close()
  93.   print '[+] Clearing file...'
  94.   linez = open('./logs/fuzz-method-'+str(method)+'.txt').readlines()
  95.   open('./logs/clear-method-'+str(method)+'.txt','w').writelines(linez[6:])
  96.  
  97.  
  98.   fp.close()
  99.   fp2.close()
  100.   sendNewReq(method)
  101.  
  102. ##
  103.  
  104.  
  105. # compose_link(method), get it, and save new req to file
  106. def compose_link(method):
  107.   methodLink = target + '?op='+ method
  108.   print '[+] Getting: ', method
  109.  
  110.   fp = open('./logs/method-'+str(method)+'.txt','w')
  111.  
  112.   req = urllib2.urlopen(methodLink)
  113.   page = req.read()
  114.   soup = BeautifulSoup(page)
  115.  
  116.   for pre in soup.find('pre'):
  117.     fp.write(str(pre))
  118.  
  119.   print '[+] Method body is saved to file for future analysis.'
  120.   fp.close()
  121.  
  122.   prepareNewReq(method)
  123.  
  124. ##
  125.  
  126. ## main
  127. def main():
  128.   print '        _________________'
  129.   print '        (*(( soapee ))*)'
  130.   print '             ^^^^^^\n'
  131.  
  132.   url1 = urllib2.urlopen(target)
  133.   page1 = url1.readlines()
  134.  
  135.   # get_links_to_methods
  136.   print '[+] Looking for methods:\n------------------------'
  137.   for href in page1:
  138.     hr = re.compile('<a href="(.*)\.asmx\?op=(.*?)">') #InfoExpert.asmx?op=GetBodyList">GetBodyList</a>')
  139.     found = re.search(hr,href)
  140.     if found: # at this stage we need to create working link for each found method
  141.       method = found.group(2)
  142.  
  143.       # found method get as URL for pre content to next request
  144.       compose_link(method)
  145.  
  146.  
  147.  
  148.   # ...
  149.   #     ... get example of each req
  150.   #           ... change each str/int to fuzzval
  151.   #     ... send modified req
  152.   print '---------------------------\ndone.'
  153.  
  154. ##
  155.  
  156.  
  157.  
  158. try:
  159.   main()
  160.  
  161. except IndexError, e:
  162.   print 'usage: ' + str(sys.argv[1]) + ' http://link/to/WebService.asmx\n'
  163.  
  164. root@kali:~/code/soapee-v3#
RAW Paste Data
Pastebin PRO Summer Special!
Get 60% OFF on Pastebin PRO accounts!
Top