org.owasp.jbrofuzz.fuzz.SocketConnection Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of jbrofuzz Show documentation
Show all versions of jbrofuzz Show documentation
JBroFuzz is a stateless web application fuzzer for requests
being made over HTTP and/or HTTPS. Its purpose is to provide a single,
portable application that offers stable web protocol fuzzing capabilities.
As a tool, it emerged from the needs of penetration testing.
/**
* JbroFuzz 2.5
*
* JBroFuzz - A stateless network protocol fuzzer for web applications.
*
* Copyright (C) 2007 - 2010 [email protected]
*
* This file is part of JBroFuzz.
*
* JBroFuzz is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* JBroFuzz is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with JBroFuzz. If not, see
* This class gets used to establish each connection being made on a given
* address, port and for a given request.
*
*
* @author [email protected]
* @version 2.0
* @since 0.1
*/
class SocketConnection {
// The maximum size for the socket I/O
// private final static int SEND_BUF_SIZE = 256 * 1024;
private final static int RECV_BUF_SIZE = 256 * 1024;
// Singleton SSLSocket factory used with it's factory
private static SSLSocketFactory mSSLSocketFactory;
private final transient String message;
private transient Socket mSocket;
private transient String reply;
private transient int port;
private transient InputStream inStream;
private transient OutputStream outStream;
private int socketTimeout;
/**
*
* The constructor for the connection, responsible for creating the
* corresponding socket (or SSL socket) and transmitting/receiving data from
* the wire.
*
*
* @param urlString
* The url string from which the protocol (e.g. "https"), the
* host (e.g. www.owasp.org) and the port number will be
* determined.
*
* @param message
* of what to put on the wire, once a connection has been
* established.
*
* @throws ConnectionException
* @author [email protected]
* @version 2.4
* @since 2.3
*
* @author [email protected]
* @version 2.0
* @since 0.1
*/
protected SocketConnection(final String protocol, final String host, final int port, final String message)
throws ConnectionException {
final byte[] recv = new byte[SocketConnection.RECV_BUF_SIZE];
this.message = message;
// Get the timeout value on the Socket
socketTimeout = JBroFuzz.PREFS.getInt(JBroFuzzPrefs.FUZZING[0].getId(), 7);
// validate
if( (socketTimeout < 1) || (socketTimeout > 51) ) {
socketTimeout = 7;
}
try {
if (protocol.equalsIgnoreCase("https")) {
// Make sure we have a factory for the SSL socket
if (mSSLSocketFactory == null) {
mSSLSocketFactory = Connection.getSocketFactory();
}
// Handle HTTPS differently then HTTP
mSocket = mSSLSocketFactory.createSocket(host, port);
mSocket.setSoTimeout(socketTimeout * 1000);
} else {
// Handle HTTP differently then HTTPS
mSocket = new Socket();
mSocket.connect(new InetSocketAddress(host, port),
socketTimeout * 1000);
}
// Set buffers, streams, smile...
mSocket.setSendBufferSize(this.message.getBytes().length);
mSocket.setReceiveBufferSize(SocketConnection.RECV_BUF_SIZE);
inStream = mSocket.getInputStream();
outStream = mSocket.getOutputStream();
// Put message on the wire
outStream.write(this.message.getBytes());
// Start timer
final SocketTimer timer = new SocketTimer(this, socketTimeout * 1000);
timer.start();
// Read response, see what you have back
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
int got;
while ((got = inStream.read(recv)) > -1) {
baos.write(recv, 0, got);
}
// If the timer is not reset, close() will be called
timer.reset();
baos.close();
inStream.close();
outStream.close();
mSocket.close();
reply = new String(baos.toByteArray());
} catch (final MalformedURLException e1) {
reply = "Malformed URL: " + e1.getMessage() + "\n";
throw new ConnectionException(reply);
} catch (final IOException e3) {
reply = "An IO Error occured: " +
". \n\nThis could also be a Connection Timeout, " +
"\ntry increasing the value under Preferences ->" +
" Fuzzing\n";
throw new ConnectionException(reply);
} finally {
IOUtils.closeQuietly(inStream);
IOUtils.closeQuietly(outStream);
}
}
public String getMessage() {
if (message.isEmpty()) {
return "[JBROFUZZ REQUEST IS BLANK]";
} else {
return message;
}
}
public String getPort() {
if (port == -1) {
return "[JBROFUZZ PORT IS INVALID]";
} else {
return Integer.toString(port);
}
}
public String getReply() {
if (reply.isEmpty()) {
return "[JBROFUZZ REPLY IS EMPTY]";
} else {
return reply;
}
}
public String getStatus() {
try {
final String out = reply.split(" ")[1].substring(0, 3);
if (StringUtils.isNumeric(out)) {
return out;
} else {
return "000";
}
} catch (final Exception exception1) {
return "---";
}
}
public void close() {
IOUtils.closeQuietly(inStream);
IOUtils.closeQuietly(outStream);
}
}