{"id":298,"date":"2018-10-13T08:51:08","date_gmt":"2018-10-13T08:51:08","guid":{"rendered":"http:\/\/xcode.or.id\/blog\/?p=298"},"modified":"2018-10-13T22:19:51","modified_gmt":"2018-10-13T22:19:51","slug":"x-code-http-fuzzer","status":"publish","type":"post","link":"https:\/\/xcode.or.id\/blog\/index.php\/2018\/10\/13\/x-code-http-fuzzer\/","title":{"rendered":"X-code HTTP Fuzzer"},"content":{"rendered":"<p><span class=\"st\"><em>Fuzzing<\/em> adalah suatu cara untuk mencari celah atau kerentanan pada suatu aplikasi. Program <em>fuzzer<\/em> adalah adalah aplikasi untuk membantu mencari celah atau kerentanan pada suatu perangkat lunak.<br \/>\n<\/span><\/p>\n<p>Di sini saya membuat aplikasi fuzzer untuk service HTTP. berikut source code-nya yang saya lisensikan dengan GNU General Public License.<\/p>\n<pre>#!\/usr\/bin\/python\r\nimport socket\r\nimport sys\r\n \r\nif len(sys.argv) != 5:\r\n    print \"X-code HTTP Fuzzer v0.1\" \r\n    print \"Oleh Kurniawan. trainingxcode@gmail.com. xcode.or.id.\"\r\n    print \"Cara penggunaan : .\/fuzzerhttp.py &lt;ip target&gt; &lt;port&gt; &lt;karakter&gt; &lt;jumlah karakter&gt; \"\r\n    sys.exit(1)\r\n \r\nipaddress = sys.argv[1]\r\nport = int(sys.argv[2])\r\nkarakter = sys.argv[3]\r\npaket = int(sys.argv[4])\r\nbuffer = (karakter) * (paket)\r\nheader1 = \"GET \/ %s HTTP\/1.1\\r\\nHost:(str(ipaddress))\\r\\n\\r\\n\" % (buffer)\r\nheader2 = \"POST \/ %s HTTP\/1.1\\r\\nHost:(str(ipaddress))\\r\\n\\r\\n\" % (buffer)\r\nheader3 = ( 'GET \/ HTTP\/1.1\\r\\n' \\\r\n           'If-Modified-Since: , %s\\r\\n\\r\\n') %(buffer)\r\nheader4=\"GET \/ HTTP\/1.1\\r\\n\"\r\nheader4+=\"Host: \" + buffer + \"\\r\\n\"\r\nheader4+=\"Content-Type: application\/x-www-form-urlencoded\\r\\n\"\r\nheader4+=\"User-Agent: Mozilla\/5.0 (X11; Linux i686; rv:14.0) Gecko\/20100101 Firefox\/14.0.1\\r\\n\"\r\nheader4+=\"Content-Length : 1048580\\r\\n\\r\\n\"\r\n#header bug pada service http lain dapat ditambah sendiri\r\n\r\ntry:\r\n print \"  -----------------------\"\r\n print \"  X-code HTTP Fuzzer v0.1\"\r\n print \"  Oleh Kurniawan\"\r\n print \"  trainingxcode@gmail.com\"\r\n print \"  xcode.or.id\"\r\n print \"  -----------------------\"\r\n print \"\" \r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((str(ipaddress),(port)))\r\n print \"  Kirim paket\"\r\n s.send(header1)\r\n s.close()\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((str(ipaddress),(port)))\r\n print \"  Kirim paket\"\r\n s.send(header2)\r\n s.close()\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((str(ipaddress),(port)))\r\n print \"  Kirim paket\"\r\n s.send(header3)\r\n s.close()\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((str(ipaddress),(port)))\r\n print \"Kirim paket\"\r\n s.send(header4)\r\n s.close()\r\n\r\n#fungsi untuk connect dan send dapat ditambah sendiri sesuai dengan header http yang ditambah\r\n \r\nexcept:\r\n  print \"  Tidak dapat terkoneksi ke server web\"<\/pre>\n<p>Aplikasi ini bisa diubah sesuai kebutuhan seperti fungsi untuk connect dan send dapat ditambah sendiri sesuai dengan header http yang ditambah.<br \/>\nAplikasi ini juga dapat diakses di <a href=\"https:\/\/github.com\/kurniawandata\/X-code-HTTP-Fuzzer\">https:\/\/github.com\/kurniawandata\/X-code-HTTP-Fuzzer<\/a>.<\/p>\n<p>Oleh Kurniawan<\/p>\n<p>Founder X-code<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fuzzing adalah suatu cara untuk mencari celah atau kerentanan pada suatu aplikasi. Program fuzzer adalah adalah aplikasi untuk membantu mencari celah atau kerentanan pada suatu perangkat lunak. Di sini saya membuat aplikasi fuzzer untuk service HTTP. berikut source code-nya yang <a href=\"https:\/\/xcode.or.id\/blog\/index.php\/2018\/10\/13\/x-code-http-fuzzer\/\" class=\"read-more\">Read More &#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[16],"tags":[],"_links":{"self":[{"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/posts\/298"}],"collection":[{"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=298"}],"version-history":[{"count":5,"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/posts\/298\/revisions"}],"predecessor-version":[{"id":316,"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/posts\/298\/revisions\/316"}],"wp:attachment":[{"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xcode.or.id\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}