use feroxfuzz::client::{BlockingClient, HttpClient};
use feroxfuzz::corpora::Wordlist;
use feroxfuzz::fuzzers::{BlockingFuzzer, BlockingFuzzing};
use feroxfuzz::mutators::ReplaceKeyword;
use feroxfuzz::observers::ResponseObserver;
use feroxfuzz::prelude::*;
use feroxfuzz::processors::RequestProcessor;
use feroxfuzz::requests::ShouldFuzz;
use feroxfuzz::responses::BlockingResponse;
use feroxfuzz::schedulers::OrderedScheduler;
use feroxfuzz::state::SharedState;
use std::time::Duration;
fn main() -> Result<(), Box<dyn std::error::Error>> {
let wordlist = Wordlist::from_file("./examples/words")?
.name("words")
.build();
let mut state = SharedState::with_corpus(wordlist);
let req_client = reqwest::blocking::Client::builder()
.timeout(Duration::from_secs(1))
.build()?;
let client = BlockingClient::with_client(req_client);
let mutator = ReplaceKeyword::new(&"WORD", "words");
let request = Request::from_url(
"http://localhost:8000/",
Some(&[
ShouldFuzz::URLParameterValue(b"injectable=/home/WORD/.ssh/id_rsa", b"="),
ShouldFuzz::HeaderValue(b"x-injected-for: WORD", b": "),
]),
)?;
let scheduler = OrderedScheduler::new(state.clone())?;
let request_printer = RequestProcessor::new(|request, _action, _state| {
print!("{}?", request.original_url());
for (key, value) in request.params().unwrap().iter() {
print!("{key}={value}");
}
println!();
for (key, value) in request.headers().unwrap().iter() {
println!(" {key}: {value}");
}
});
let response_observer: ResponseObserver<BlockingResponse> = ResponseObserver::new();
let observers = build_observers!(response_observer);
let mutators = build_mutators!(mutator);
let processors = build_processors!(request_printer);
let mut fuzzer = BlockingFuzzer::new()
.client(client)
.request(request)
.scheduler(scheduler)
.mutators(mutators)
.observers(observers)
.processors(processors)
.build();
fuzzer.fuzz_once(&mut state)?;
Ok(())
}