alanEG · April 14, 2023 14:56
diff --git a/MyCL0.py b/MyCL0.py
 from requests import Request, Session
 import requests
 import sys
 import logging
 from urllib.parse import urlparse
 import time
 from concurrent.futures import ThreadPoolExecutor, as_completed

 logging.basicConfig(level=logging.DEBUG)
 def sendRequest(req,con,smg,lens):
    global status_code
    try:
        prepped = req.prepare()
        if (smg):
            prepped.headers['Content-Length'] = lens
        else:
            prepped.headers['Content-Length'] = lens
        status_code =  con.send(prepped,allow_redirects=False,timeout=3).status_code
    except requests.exceptions.ChunkedEncodingError:
        return None
    return status_code

 def PreperRequest(url):
    try:
        url = url.rstrip()
        urlParse=urlparse(url)
        status_get=requests.get(url,allow_redirects=False,verify=False).status_code
        status_post=requests.post(url,allow_redirects=False,verify=False).status_code
        for i in range(0,9):
            statuses = {"SmugStutus":[],"NormalStatus":[]}
            sess = Session()
            data='asdasd ' + urlParse.path + ' HTTP/1.1\r\nHost: asdasd'
            req = Request('POST', url,data=data,headers={"Connection":"keep-alive"})
            statusReqSmug = sendRequest(req,sess,True,len(data))

            req = Request('GET', url,headers={"Connection":"keep-alive"})
            statusReqNorm = sendRequest(req,sess,False,0)
            if statusReqNorm != None and statusReqSmug != None:
                statuses["SmugStutus"].append(statusReqSmug)
                statuses["NormalStatus"].append(statusReqNorm)

            if (statuses["NormalStatus"][-1] != status_get or statuses["SmugStutus"][-1] != status_post) and 429 not in [statuses["NormalStatus"][-1],statuses["SmugStutus"][-1]]:
                print(f"[vulnrable]: Status_get: {status_get},Status_post: {status_post}, SmugStatus: [{statuses['SmugStutus']}], NormalStatus: [{statuses['NormalStatus']}],url: {url}")
                break

    except Exception as F:
        print(F,file=sys.stderr)
    return []

 def main():
    anomalous_params = []
    # Make the Pool of workers
    with ThreadPoolExecutor(max_workers=5) as executor:
        # Start the load operations and mark each future with its URL
        future_to_url = {executor.submit(PreperRequest, url): url for url in sys.stdin.readlines()}
        for future in as_completed(future_to_url):
            url = future_to_url[future]
            try:
                data = future.result()
            except Exception as exc:
                print(f'{url} generated an exception: {exc}')
                continue
            anomalous_params.extend(data)

    # Close and join threads
    executor.shutdown(wait=True)

 if __name__ == "__main__":
    main()
	from requests import Request, Session
	import requests
	import sys
	import logging
	from urllib.parse import urlparse
	import time
	from concurrent.futures import ThreadPoolExecutor, as_completed

	logging.basicConfig(level=logging.DEBUG)
	def sendRequest(req,con,smg,lens):
	global status_code
	try:
	prepped = req.prepare()
	if (smg):
	prepped.headers['Content-Length'] = lens
	else:
	prepped.headers['Content-Length'] = lens
	status_code = con.send(prepped,allow_redirects=False,timeout=3).status_code
	except requests.exceptions.ChunkedEncodingError:
	return None
	return status_code

	def PreperRequest(url):
	try:
	url = url.rstrip()
	urlParse=urlparse(url)
	status_get=requests.get(url,allow_redirects=False,verify=False).status_code
	status_post=requests.post(url,allow_redirects=False,verify=False).status_code
	for i in range(0,9):
	statuses = {"SmugStutus":[],"NormalStatus":[]}
	sess = Session()
	data='asdasd ' + urlParse.path + ' HTTP/1.1\r\nHost: asdasd'
	req = Request('POST', url,data=data,headers={"Connection":"keep-alive"})
	statusReqSmug = sendRequest(req,sess,True,len(data))

	req = Request('GET', url,headers={"Connection":"keep-alive"})
	statusReqNorm = sendRequest(req,sess,False,0)
	if statusReqNorm != None and statusReqSmug != None:
	statuses["SmugStutus"].append(statusReqSmug)
	statuses["NormalStatus"].append(statusReqNorm)

	if (statuses["NormalStatus"][-1] != status_get or statuses["SmugStutus"][-1] != status_post) and 429 not in [statuses["NormalStatus"][-1],statuses["SmugStutus"][-1]]:
	print(f"[vulnrable]: Status_get: {status_get},Status_post: {status_post}, SmugStatus: [{statuses['SmugStutus']}], NormalStatus: [{statuses['NormalStatus']}],url: {url}")
	break

	except Exception as F:
	print(F,file=sys.stderr)
	return []

	def main():
	anomalous_params = []
	# Make the Pool of workers
	with ThreadPoolExecutor(max_workers=5) as executor:
	# Start the load operations and mark each future with its URL
	future_to_url = {executor.submit(PreperRequest, url): url for url in sys.stdin.readlines()}
	for future in as_completed(future_to_url):
	url = future_to_url[future]
	try:
	data = future.result()
	except Exception as exc:
	print(f'{url} generated an exception: {exc}')
	continue
	anomalous_params.extend(data)

	# Close and join threads
	executor.shutdown(wait=True)

	if __name__ == "__main__":
	main()