WIP

n1ckany · Mar 27, 2019 · 58536e2 · 58536e2
1 parent a66acd0
commit 58536e2
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 4 deletions.
diff --git a/src/wfuzz/externals/reqresp/Request.py b/src/wfuzz/externals/reqresp/Request.py
@@ -151,6 +151,8 @@ def __getattr__(self, name):
                 return self.__variablesPOST.urlEncoded()
             elif self.ContentType == "multipart/form-data":
                 return self.__variablesPOST.multipartEncoded()
+            elif self.ContentType == 'application/json':
+                return self.__variablesPOST.json_encoded()
             else:
                 return self.__variablesPOST.urlEncoded()
         else:
@@ -222,11 +224,15 @@ def getPOSTVars(self):
         return self.__variablesPOST.variables
 
     def setPostData(self, pd, boundary=None):
+        print(self.ContentType)
+        print(pd)
         self.__variablesPOST = VariablesSet()
         if self.ContentType == "application/x-www-form-urlencoded":
             self.__variablesPOST.parseUrlEncoded(pd)
         elif self.ContentType == "multipart/form-data":
             self.__variablesPOST.parseMultipart(pd, boundary)
+        elif self.ContentType == 'application/json':
+            return self.__variablesPOST.parse_json_encoded(pd)
         else:
             self.__variablesPOST.parseUrlEncoded(pd)
 

diff --git a/src/wfuzz/externals/reqresp/Variables.py b/src/wfuzz/externals/reqresp/Variables.py
@@ -1,4 +1,5 @@
 from .TextParser import TextParser
+import json
 
 
 class Variable:
@@ -61,6 +62,19 @@ def getVariable(self, name):
     def urlEncoded(self):
         return "&".join(["=".join([i.name, i.value]) if i.value is not None else i.name for i in self.variables])
 
+    def json_encoded(self):
+        dicc = {i.name: i.value for i in self.variables}
+
+        return json.dumps(dicc)
+
+    def parse_json_encoded(self, cad):
+        dicc = []
+
+        for key, value in json.loads(cad).items():
+            dicc.append(Variable(key, value))
+
+        self.variables = dicc
+
     def parseUrlEncoded(self, cad):
         dicc = []
 

diff --git a/src/wfuzz/fuzzobjects.py b/src/wfuzz/fuzzobjects.py
@@ -373,6 +373,8 @@ def from_copy(self):
         newreq.wf_ip = self.wf_ip
 
         newreq.headers.request = self.headers.request
+        if "Content-Type" in self.headers.request:
+            newreq._request.ContentType = self.headers.request['Content-Type']
         newreq.params.post = self.params.post
 
         newreq.follow = self.follow

diff --git a/src/wfuzz/wfuzz.py b/src/wfuzz/wfuzz.py
@@ -43,16 +43,12 @@ def main():
             printer.result(res)
 
         printer.footer(fz.genReq.stats)
-    except FuzzException as e:
-        print("\nFatal exception: {}".format(str(e)))
     except KeyboardInterrupt:
         print("\nFinishing pending requests...")
         if fz:
             fz.cancel_job()
     except NotImplementedError as e:
         print("\nFatal exception: Error importing wfuzz extensions: {}".format(str(e)))
-    except Exception as e:
-        print("\nUnhandled exception: {}".format(str(e)))
     finally:
         if session_options:
             session_options.close()

diff --git a/tests/test_acceptance.py b/tests/test_acceptance.py
@@ -40,12 +40,15 @@
 # script args
 
 testing_savedsession_tests = [
+    ("test_novalue_post_fuzz", "-z list --zD anything -u {}/FUZZ -d {{\"a\":\"2\"}} -H Content-Type:application/json".format(HTTPBIN_URL), "-z wfuzzp --zD $$PREVFILE$$ -u FUZZ --field r.params.post.a", ["1"], None),
 ]
 
 testing_tests = [
+    # (wfuzzdev3) javi@nanroig:~/dev/wfuzz$ ./wfuzz -z list --zD anything -u http://localhost:9000/FUZZ -d '{"a":"1", "b":"2"}' --oF /tmp/sesssion -H 'Content-Type: application/json' --field r
 ]
 
 savedsession_tests = [
+    # parse post params
     ("test_novalue_post_fuzz", "-z list --zD a -u {}/anything -d FUZZ".format(HTTPBIN_URL), "-z wfuzzp --zD $$PREVFILE$$ -u FUZZ --filter r.params.post.a:=1 --field r.params.post.a", ["1"], None),
 
     # field fuzz values