Merge pull request xmendez#78 from xmendez/hotfix2.2.9

Hotfix2.2.9
Crypto-Breaker · Mar 25, 2018 · 1d02174 · 1d02174
2 parents e13cea0 + 2dc40bd
commit 1d02174
Show file tree

Hide file tree

Showing 8 changed files with 43 additions and 23 deletions.
diff --git a/docs/library/guide.rst b/docs/library/guide.rst
@@ -74,6 +74,7 @@ The FuzzSession object allows you to persist certain parameters across fuzzing s
     00060:  C=301      7 L        12 W          184 Ch        "admin"
     00183:  C=403     10 L        29 W          263 Ch        "cgi-bin"
     ...
+    >>> s.close()
 
 FuzzSession can also be used as context manager::
 

diff --git a/setup.py b/setup.py
@@ -10,12 +10,21 @@
     open('src/wfuzz/__init__.py').read(),
     re.M
     ).group(1)
-
-
+
+
+dev_requires = [
+    'pymiproxy==1.0',
+]
+
+install_requires = [
+    'pycurl>=7.43.0.1',
+    'pyparsing>=2.2.0',
+]
+
 setup(
-    name = "wfuzz",
+    name="wfuzz",
     packages=find_packages(where='src'),
-    package_dir={'wfuzz': 'src/wfuzz/'},
+    package_dir={'wfuzz': 'src/wfuzz'},
     entry_points={
         'console_scripts': [
             'wfuzz = wfuzz.wfuzz:main',
@@ -26,13 +35,13 @@
             'wxfuzz = wfuzz.wfuzz:main_gui',
         ]
     },
-    version = version,
-    description = "Wfuzz - The web fuzzer",
-    long_description = long_descr,
-    author = "Xavi Mendez (@x4vi_mendez)",
-    url = "http://wfuzz.org",
-    install_requires=[
-        'pycurl>=7.43.0',
-        'pyparsing',
-    ],
+    version=version,
+    description="Wfuzz - The web fuzzer",
+    long_description=long_descr,
+    author="Xavi Mendez (@x4vi_mendez)",
+    url="http://wfuzz.org",
+    install_requires=install_requires,
+    extras_require={
+        'dev': dev_requires,
+    }
 )
diff --git a/src/wfuzz/__init__.py b/src/wfuzz/__init__.py
@@ -1,5 +1,5 @@
 __title__ = 'wfuzz'
-__version__ = "2.2.9"
+__version__ = "2.2.11"
 __build__ = 0x023000
 __author__ = 'Xavier Mendez'
 __license__ = 'GPL 2.0'
@@ -23,6 +23,9 @@
     if "openssl".lower() not in pycurl.version.lower():
         print "\nWarning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.\n"
 
+    if not hasattr(pycurl, "PATH_AS_IS"):
+        print "\nWarning: Pycurl and/or libcurl version is old. PATH_AS_IS option is missing. Wfuzz might not correctly fuzz URLS with '..'.\n"
+
 except ImportError, e:
     print "\nFatal exception: Wfuzz needs pycurl to run. Pycurl could be installed using the following command:\n\npip install pycurl"
     sys.exit(1)

diff --git a/src/wfuzz/externals/reqresp/Request.py b/src/wfuzz/externals/reqresp/Request.py
@@ -17,6 +17,12 @@
 except:
     pass
 
+
+PYCURL_PATH_AS_IS = True
+if not hasattr(pycurl, "PATH_AS_IS"):
+    PYCURL_PATH_AS_IS = False
+
+
 class Request:
 	def __init__(self):
 		self.__host=None	  		# www.google.com:80
@@ -270,7 +276,9 @@ def to_pycurl_object(c, req):
 	    c.setopt(pycurl.SSL_VERIFYPEER, False)
 	    c.setopt(pycurl.SSL_VERIFYHOST, 0)
 
-            c.setopt(pycurl.PATH_AS_IS, 1)
+            if PYCURL_PATH_AS_IS:
+                c.setopt(pycurl.PATH_AS_IS, 1)
+
 	    c.setopt(pycurl.URL,req.completeUrl)
 
 	    if req.getConnTimeout():

diff --git a/src/wfuzz/fuzzobjects.py b/src/wfuzz/fuzzobjects.py
@@ -377,10 +377,7 @@ def perform(self):
         return Facade().http_pool.perform(res)
 
     def to_http_object(self, c):
-        try:
-            return Request.to_pycurl_object(c, self._request)
-        except AttributeError:
-            raise FuzzExceptBadInstall("Minimum pycurl required version is 7.43.0")
+        return Request.to_pycurl_object(c, self._request)
 
     def from_http_object(self, c, bh, bb):
 	return self._request.response_from_conn_object(c, bh, bb)

diff --git a/src/wfuzz/options.py b/src/wfuzz/options.py
@@ -255,6 +255,7 @@ def compile(self):
 
         if not self.http_pool:
             self.http_pool = HttpPool(self)
+            self.http_pool.register()
 
         # filter options
         self.data["compiled_filter"] = FuzzResFilter.from_options(self)

diff --git a/src/wfuzz/ui/console/common.py b/src/wfuzz/ui/console/common.py
@@ -10,22 +10,22 @@
 \twfuzz --script=robots -z list,robots.txt http://www.webscantest.com/FUZZ'''
 
 exec_banner = '''********************************************************\r
-* Wfuzz %s - The Web Fuzzer                         *\r
+* Wfuzz %s - The Web Fuzzer                        *\r
 ********************************************************\r\n''' % version
 
 help_banner = '''********************************************************
-* Wfuzz %s - The Web Fuzzer                         *
+* Wfuzz %s - The Web Fuzzer                        *
 *                                                      *
 * Version up to 1.4c coded by:                         *
 * Christian Martorella (cmartorella@edge-security.com) *
 * Carlos del ojo (deepbit@gmail.com)                   *
 *                                                      *
-* Version 1.4d to %s coded by:                      *
+* Version 1.4d to %s coded by:                     *
 * Xavier Mendez (xmendez@edge-security.com)            *
 ********************************************************\r\n''' % (version, version)
 
 help_banner2 = '''********************************************************
-* Wfuzz %s - The Web Fuzzer                         *
+* Wfuzz %s - The Web Fuzzer                        *
 *                                                      *
 * Coded by:                                            *
 *                                                      *

diff --git a/src/wfuzz/wfuzz.py b/src/wfuzz/wfuzz.py
@@ -55,6 +55,7 @@ def main():
     except Exception, e:
         print "\nUnhandled exception: %s" % str(e)
     finally:
+        if session_options: session_options.close()
         if kb: kb.cancel_job()
         Facade().sett.save()