https_jrsfuzz1.py

#!/usr/bin/env python3
"""
HTTPS Fuzzer using JRSFuzz
by Javantea
Nov 11, 2015
HTTP Fuzzer using JRSFuzz
by Javantea
Nov 11, 2015
Based on SMTP Fuzzer using JRSFuzz
by Javantea
Oct 11, 2015
Based on SMTP Grammar Fuzzer
by Javantea
Sept 14, 2015

For SSL, see https_jrsfuzz1.py

TODO:
POST
Headers
Body
advanced HTTP commands.
Handle errors returned by the server.
Monitors with GDB and ASAN integration.
"""
import jrsfuzz
import sys
import socket
import time
import ssl

def main():
	# This works on any server except those that require STARTTLS (suzy)
	data = open('http1.txt','rb').read()
	host, port = 'localhost', 5001
	if len(sys.argv) > 1:
			host = sys.argv[1]
	#end if
	if len(sys.argv) > 2:
			port = int(sys.argv[2])
	#end if
	print(host, port)
	dest = (host, port)
	family, socktype = socket.AF_UNSPEC, socket.SOCK_STREAM
	gai = socket.getaddrinfo(host, port, family, socktype)
	
	if len(sys.argv) > 3:
		data = sys.argv[3]
	#end if
	lines_output = len(data) * 256
	print("%i outputs, %3.3f MB" % (lines_output, lines_output*len(data)/(1<<20)), file=sys.stderr)

	our_data = None
	for family, socktype, proto, canonname, addr in gai:
		try:
			s = socket.socket(family, socktype, proto)
			s.settimeout(1)
			s.connect(addr)
		except Exception as e:
			print(e,)
			continue
		#end try
		our_data = (family, socktype, proto, canonname, addr)
		break
	#next family, socktype, proto, canonname, addr
	
	if our_data == None:
		print("Can't connect to dest", dest)
	#end if
	family, socktype, proto, canonname, addr = our_data
	print("Found suitable server:", addr)
	
	prevResp = None
	for i in range(lines_output):
		x = jrsfuzz.JRSFuzz(data, i)
		# We might be sending 2 commands, but let it be.
		s = socket.socket(family, socktype, proto)
		s.settimeout(1)
		try:
			s.connect(addr)
		except OSError as e:
			print("Error: you're playing with resources beyond your wildest imagination.")
			print(e)
			time.sleep(10)
			s.connect(addr)
		#end try
		# NOTE: Forget the security, we just want some TLS v1.2.
		try:
			ss = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1, ciphers='HIGH:!aNULL:!MD5:!CAMELLIA:!NULL:!DSS:!kDHr:!kDHd:!kDH:!3DES')
		except ssl.SSLEOFError as see:
			print('ssl.SSLEOFError:', see)
			print(i, x)
			continue
		except ssl.SSLError as se:
			print('ssl.SSLError:', se)
			print(i, x)
			continue
		#end try
		try:
			ss.send(x)
		except BrokenPipeError:
			print("Broken Pipe.", i, x)
		except ConnectionResetError:
			print("Conn Reset.", i, x)
		#end try
		try:
			resp = ss.recv(1024)
		except ConnectionResetError:
			print("Conn Reset on recv.", i, x)
			resp = b''
		except KeyboardInterrupt:
			print("Keyboard Interrupt:", i, x)
			resp = b''
		except socket.timeout:
			print("Timeout", i, x)
			resp = b''
		#end try
		print(resp)
		if resp != prevResp: print(i, x)
		prevResp = resp
		ss.close()
		s.close()
	#next i
#end def main()

if __name__ == '__main__':
	main()
#end if