webi.c v4.0 - HTTP Request Packet Injection. This is a little program written in C, with which you can generate small http header and use all the apache methods. Tested on OpenBSD 3.0.
1bc4348379adda6b20ffada3c43e1081b631e32690beaa03eefdffa7eda5a976/*
* webi.c - HTTP Request Packet Injection
* (c) 2002 Condor <condor@stz-bg.com>
* version 4.0 (24.01.2002)
* This is the last stable version of webi, may be no more update.
* For any other idas and question email me.
*
* Licensed by GNU
*
* Idas has getting from silk.c written by obecian <obecian@packetninja.net>
* If you use -d (data) method POST and other method use -d 'test=hop&bla=ddd'
* if method is different you can use uri to put data with out -d
* like this -u /cgi-bin/script.cgi?test=blabla
* !WARNING! If in you data contains symbol -> &, you must use ''
* eg. -d 'test=blabla&count=0'
* Sorry of my BAD english :(
*
* Support only for BASIC http authorization.
*
* This is a little programme written in C, with which you can generate small
* http header and use all the apache methods.
* It was tested on OpenBSD 3.0 only
*/
#define TITLE "webi.c - HTTP Request Packet Injection"
#define CODER "(c) 2002 Condor (condor@stz-bg.com)"
#define MAXA 129
#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
#include <ctype.h>
#include <netdb.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <limits.h>
#if INT_MAX > 2147483647
#error need to increase size of buffer
#endif
void
usage(char *arg)
{
printf("%s usage:\n"
" -s <target web server> (eg. 127.0.0.1, localhost)\n"
" -u <URI> (eg. /cgi-bin/script.cgi)\n"
" [-p port (default: 80)]\n"
" [-m method {GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE}]\n"
" [-h virtual host]\n"
" [-r referer]\n"
" [-v version]\n"
" [-a user agent]\n"
" Support only for BASIC HTTP Auhorization\n"
" [-z username and password (eg. username:password)]\n"
" [-o add content type x-www-form-urlencoded]\n"
" [-t use proxy (eg. proxy:port)]\n"
" [-d data]\n\n", arg);
exit(-1);
}
/* Here are function itoa to convert int to char strings
* this function are missing in some UNIX like OS (OpenBSD 3.0) */
static char buf[12];
char *itoa(int i)
{
char *pos = buf + sizeof(buf) - 1;
unsigned int u;
int negative = 0;
if (i < 0) {
negative = 1;
u = ((unsigned int)(-(1+i))) + 1;
} else {
u = i;
}
*pos = 0;
do {
*--pos = '0' + (u % 10);
u /= 10;
} while (u);
if (negative) {
*--pos = '-';
}
return pos;
}
static char table64[]=
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
void base64Encode(char *intext, char *output)
{
unsigned char ibuf[3];
unsigned char obuf[4];
int i;
int inputparts;
while(*intext) {
for (i = inputparts = 0; i < 3; i++) {
if(*intext) {
inputparts++;
ibuf[i] = *intext;
intext++;
}
else
ibuf[i] = 0;
}
obuf [0] = (ibuf [0] & 0xFC) >> 2;
obuf [1] = ((ibuf [0] & 0x03) << 4) | ((ibuf [1] & 0xF0) >> 4);
obuf [2] = ((ibuf [1] & 0x0F) << 2) | ((ibuf [2] & 0xC0) >> 6);
obuf [3] = ibuf [2] & 0x3F;
switch(inputparts) {
case 1: /* only one byte read */
sprintf(output, "%c%c==",
table64[obuf[0]],
table64[obuf[1]]);
break;
case 2: /* two bytes read */
sprintf(output, "%c%c%c=",
table64[obuf[0]],
table64[obuf[1]],
table64[obuf[2]]);
break;
default:
sprintf(output, "%c%c%c%c",
table64[obuf[0]],
table64[obuf[1]],
table64[obuf[2]],
table64[obuf[3]] );
break;
}
output += 4;
}
*output=0;
}
/* ---- End of Base64 Encoding ---- */
int
main(int argc, char **argv)
{
int opt, i, sock;
extern char *optarg;
extern int opterr;
struct sockaddr_in sin;
struct hostent *he;
char buffer[1024];
int port = 80;
size_t len, dlen = 0;
char *number = "ico";
char *method = "GET"; /* Default method */
char header[2048];
char *server = "www.stz-bg.com";
char *vhost = "www.stz-bg.com";
char *referer = "http://402586256/";
char *agent = "Mozilla/4.79 [en] (X11; U; OpenBSD 3.0 i386)";
char *version = "HTTP/1.0";
char *proxy = NULL;
char encpa[256];
char tproxy[128];
int prport = 3128;
char *uri = "/";
char *dob, *user;
char *dod[MAXA];
char *all = "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en, bg\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n";
char *data = "test";
char *enca = "rr";
char *enc = "Content-type: application/x-www-form-urlencoded\r\nContent-length: ";
putchar('\n');
puts(TITLE);
puts(CODER);
putchar('\n');
user = "test";
if (argc < 2)
usage(argv[0]);
opterr = 0;
while ((opt = getopt(argc, argv, "h:u:v:r:s:p:a:m:z:ot:d:")) != EOF) {
switch (opt) {
case 's': server = optarg; break;
case 'p': port = atoi(optarg); break;
case 'm': method = optarg; break;
case 'h': vhost = optarg; break;
case 'r': referer = optarg; break;
case 'a': agent = optarg; break;
case 'v': version = optarg; break;
case 'u': uri = optarg; break;
case 'z': user = optarg; break;
case 'o': enca = "test"; break;
case 't': proxy = optarg; break;
case 'd': data = optarg; break;
case '?': usage(argv[0]); break;
defaults : usage(argv[0]);
}
}
/* Generating header data */
len = strlen(method);
strncpy(header, method, len);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
exit(-1);
}
if (proxy != NULL) {
snprintf(tproxy, sizeof(tproxy), proxy);
for ((dob = strtok(tproxy, ":")); dob;
(dob = strtok(NULL, " ")), dlen++) {
if (dlen < MAXA - 1)
dod[dlen] = dob;
}
dod[dlen] = NULL;
proxy = dod[0];
dob = dod[1];
port = atoi(dob);
if ((he = gethostbyname(proxy)) == NULL) {
herror("gethostbyname");
exit(-1);
}
strncat(header, " http://", 8);
len = strlen(server);
strncat(header, server, len);
len = strlen(uri);
strncat(header, uri, len);
} else {
he = gethostbyname(server);
if (he == NULL) {
herror("gethostbyname");
exit(-1);
}
len = strlen(uri);
strncat(header, " ", 1);
strncat(header, uri, len);
}
len = strlen(version);
strncat(header, " ", 1);
strncat(header, version, len);
strncat(header, "\r\nReferer: ", 13);
len = strlen(referer);
strncat(header, referer, len);
strncat(header, "\r\nUser-Agent: ", 16);
len = strlen(agent);
strncat(header, agent, len);
if (user != "test") {
base64Encode(user,encpa);
strncat(header,"\r\nAuthorization: Basic ", 25);
strncat(header,encpa,strlen(encpa));
}
len = strlen(vhost);
strncat(header, "\r\nHost: ", 10);
strncat(header, vhost, len);
strncat(header, "\r\n", 4);
len = strlen(all);
strncat(header, all, len);
if (!strcmp (enca, "test")) {
len = strlen(enc);
strncat(header, enc, len);
len = strlen(data);
number = itoa(len);
dlen = strlen(number);
strncat(header, number, dlen);
dlen = 0;
for (dlen = 0; dlen < strlen(data); dlen++) {
if ((data[dlen]) == ' ') {
(data[dlen]) = '+';
}
}
}
strncat(header, "\r\n\r\n", 8);
/* End header data */
sin.sin_family = AF_INET;
sin.sin_port = htons(port);
sin.sin_addr = *((struct in_addr *)he->h_addr);
bzero(&(sin.sin_zero), 8);
if (connect(sock, (struct sockaddr *)&sin, sizeof(struct sockaddr)) == -1) {
perror("connect");
exit(-1);
}
if (!strcmp (data, "test")) {
snprintf(buffer, sizeof(buffer), "%s\n", header);
} else {
snprintf(buffer, sizeof(buffer), "%s%s\n", header, data);
}
if ((write(sock, buffer, sizeof(buffer))) < 0) {
perror("write");
exit(-1);
}
bzero(&buffer, sizeof(buffer));
while((i=read(sock, buffer, sizeof(buffer))) != 0)
write(1, buffer, i);
close(sock);
putchar('\n');
exit(0);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed