[Owasp-webscarab] Fuzzer throws nullPointerException when used in script

Keith Cauthen keith.cauthen at agilethought.com
Fri May 16 09:07:11 EDT 2008 

Hello All,

I'm trying to write a beanshell script to use in WebScarab to fuzz parameters in an existing request. After creating a number of conversations in WebScarab by traversing part of a website, I create a file of conversation ID's which the script will use. I want the script to read the conversation ids from the file and use the fuzzer to fuzz the parameters in the conversation request.

My problem is that when I invoke the method fuzzer.loadTemplateFromConversation(new ConversationID(conversationID)) I always get a nullpointerexception. I'm sure I'm just doing something incorrectly and was hoping somebody could point out what I'm missing. I have looked at the WebScarab source code, particularly the code in FuzzerPanel.java but have been unable to figure it out. The script is included below. Any help would be appreciated.

Thank you,

Keith



import org.owasp.webscarab.model.ConversationID;
import org.owasp.webscarab.plugin.Framework;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.plugin.fuzz.*;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.model.NamedValue;

import java.io.BufferedReader;
import java.io.FileReader;
import javax.swing.JOptionPane;
import java.util.*;

private Framework framework = new Framework();
private Fuzzer fuzzer = new Fuzzer(framework);
private FuzzFactory fuzzFactory = fuzzer.getFuzzFactory();
private FuzzerModel fuzzerModel = fuzzer.getModel();

private String conversationID = null;
private String sessionInfo = "";
private BufferedReader requestReader = null;


///Get a file with the conversation IDs that we're going to fuzz
getConversationList()
{
          String requestFileName = JOptionPane.showInputDialog("Where is the existing file of Conversation ID's to Post?");
          requestReader = new BufferedReader(new FileReader(requestFileName));
          conversationID = getNextConversationID();
}


getNextConversationID()
{
          conversationID = requestReader.readLine();
}

// Any More Conversations to process?
boolean hasMoreRequests()
{
    return conversationID != null;
}

//Update the asp.net session info because the conversations may be old and the seesion info will be invalid
getSessionInfo()
{
          String requestID = JOptionPane.showInputDialog("Enter the Conversation ID from  which to get the SessionID and Authentication Information.");

          Request tmpTemplate = scripted.getRequest(Integer.parseInt(requestID));

          NamedValue[] headers = tmpTemplate.getHeaders();

          for (int i = 0; i < headers.length; i++)
          {
                   if (headers[i].getName().trim().equalsIgnoreCase("Cookie"))
                   {
                             NamedValue[] namedvalues = NamedValue.splitNamedValues(headers[i].getValue(), ";","=");
                             for (int x= 0; x < namedvalues.length; x++)
                             {
                                      out.println("Name: " + namedvalues[x].getName() + " Value: " + namedvalues[x].getValue());
                                      if (namedvalues[x].getName().trim().equalsIgnoreCase("ASP.NET_SessionId"))
                                      {
                                                sessionInfo = sessionInfo + "ASP.NET_SessionId=" + namedvalues[x].getValue() + "; ";
                                      }
                                      if (namedvalues[x].getName().trim().equalsIgnoreCase(".ASPXAUTH"))
                                      {
                                                sessionInfo = sessionInfo + ".ASPXAUTH=" + namedvalues[x].getValue() + "; ";
                                      }
                             }
                   }
          }

          out.println("Using Session Info:" + sessionInfo);
}

// this processes the current request, and then gets the next converstionID to process
void getNextRequest()
{
          fuzzTheRequest();

          conversationID = getNextConversationID();
}

//Load the fuzzer with the conversation and then fuzz it
void fuzzTheRequest()
{

          fuzzer.loadTemplateFromConversation(new ConversationID(conversationID));
          //TODO add code to set the priorities and start fuzzing
          //fuzzer.startFuzzing();


}

//Get a file with the strings to use to test for sql injection
void getSQLInjectionStrings()
{
          fuzzFactory.loadFuzzStrings("SQL", new FileInputStream("/temp/sqlInjection.txt"));
}

//Loop thru all conversation ids and process them
void fetchSequentially()
{
    while (hasMoreRequests())
    {
        getNextRequest();
    }
}

out.println("Starting");

getSQLInjectionStrings();
getSessionInfo();
getConversationList();
fetchSequentially();

Keith Cauthen


[cid:image001.gif at 01C8B734.39A07AA0]
4300 West Cypress Street, Suite 300
Tampa, FL 33607
Office:  (813) 514-9180 ext. 208
Fax:     (813) 514-9181
keith.cauthen at agilethought.com<mailto:jkeith.cauthen at agilethought.com>


This communication is from AgileThought, Inc. E-mail text or attachments may contain information which is confidential and may also be privileged. This communication is for the exclusive use of the intended recipient(s).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-webscarab/attachments/20080516/66debd91/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1234 bytes
Desc: image001.gif
Url : https://lists.owasp.org/pipermail/owasp-webscarab/attachments/20080516/66debd91/attachment-0001.gif

More information about the Owasp-webscarab mailing list