-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpoet.go
67 lines (59 loc) · 1.09 KB
/
poet.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package main
import (
"bufio"
"context"
"fmt"
"log"
"os"
"strings"
)
// constructs payloads and creates an identifier for the injection point
func buildPayload(params []string, u string) string {
str := u
if strings.Contains(u, "?") {
str += "&"
} else {
str += "?"
}
for i, s := range params {
hash := fmt.Sprintf("zzx%dy", i)
str += s + "=" + hash + "&"
}
return str
}
// send keys that effect the response to results
func poet(u string, wordlist string, nparams int, tab context.Context) {
var params []string
c := 0
file, err := os.Open(wordlist)
if err != nil {
log.Fatal(err)
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
if c < nparams {
params = append(params, scanner.Text())
c++
} else {
if Chrome {
chromeRequest(u, params, Timeout, tab)
} else {
request(u, params, Timeout)
}
// reset
params = []string{}
c = 0
}
}
if c != 0 {
if Chrome {
chromeRequest(u, params, Timeout, tab)
} else {
request(u, params, Timeout)
}
}
if err := scanner.Err(); err != nil {
log.Fatal(err)
}
}