Module: Msf::Auxiliary::Web::Analysis::Taint

Defined in:
lib/msf/core/auxiliary/web/analysis/taint.rb

Instance Method Summary collapse

Instance Method Details

#taint_analysis(opts = {}) ⇒ Object

Injects taints into the element parameters.

Fuzzer must provide:

- #seeds_for
- #find_proof

opts - Options Hash (default: {})


22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/msf/core/auxiliary/web/analysis/taint.rb', line 22

def taint_analysis( opts = {} )
  return if fuzzed? :type => :taint
  fuzzed :type => :taint

  # if we get a result without injecting anything then bail out to avoid
  # an FP
  return if fuzzer.find_proof( submit, self )

  fuzz_async do |response, permutation|
    next if !response || !(proof = fuzzer.find_proof( response, permutation ))
    fuzzer.process_vulnerability( permutation, proof )
  end
end