|| (probe.getRequireConsistentEvidence() && Utilities.similar(mergedDoNotBreakAttack, tempBreakAttack))) { return new ArrayList<>(); || (probe.getRequireConsistentEvidence() && Utilities.similar(mergedBreakAttack, tempDoNotBreakAttack))) { return new ArrayList<>(); || (probe.getRequireConsistentEvidence() && Utilities.similar(mergedBreakAttack, tempDoNotBreakAttack))) { return new ArrayList<>();
|| (probe.getRequireConsistentEvidence() && Utilities.similar(mergedDoNotBreakAttack, tempBreakAttack))) { return new ArrayList<>(); || (probe.getRequireConsistentEvidence() && Utilities.similar(mergedBreakAttack, tempDoNotBreakAttack))) { return new ArrayList<>(); || (probe.getRequireConsistentEvidence() && Utilities.similar(mergedBreakAttack, tempDoNotBreakAttack))) { return new ArrayList<>();
String candidate = Utilities.paramNames.get(i); Attack paramGuess = injector.buildAttack(baseValue + "&" + candidate + "=%3c%61%60%27%22%24%7b%7b%5c", false); if (!Utilities.similar(base, paramGuess)) { Attack confirmParamGuess = injector.buildAttack(baseValue + "&" + candidate + "=%3c%61%60%27%22%24%7b%7b%5c", false); base.addAttack(injector.buildAttack(baseValue + "&" + candidate + "z=%3c%61%60%27%22%24%7b%7b%5c", false)); if (!Utilities.similar(base, confirmParamGuess)) { Probe validParam = new Probe("Backend param: " + candidate, 4, "&" + candidate + "=%3c%61%60%27%22%24%7b%7b%5c", "&" + candidate + "=%3c%62%60%27%22%24%7b%7b%5c"); validParam.setEscapeStrings("&" + Utilities.randomString(candidate.length()) + "=%3c%61%60%27%22%24%7b%7b%5c", "&" + candidate + "z=%3c%61%60%27%22%24%7b%7b%5c");
Attack potentialBase = valueInjector.probeAttack(potentialValue); if(!Utilities.similar(randBase, potentialBase)) { baseValue = potentialValue; break;
if (!Utilities.similar(localBase, paramGuess)) { Attack confirmParamGuess = injector.probeAttack(submission); if (!Utilities.similar(localBase, confirmParamGuess)) { if (!Utilities.similar(WAFCatcher, confirmParamGuess)){ Probe validParam = new Probe("Found unlinked param: " + submission, 4, submission); validParam.setEscapeStrings(Keysmith.permute(submission), Keysmith.permute(submission, false)); findPersistent(baseRequestResponse, paramGrab, attackID, state.recentParams, null, state.alreadyReported); if (!Utilities.similar(altBase, paramGrab)) { Utilities.log("Potential GETbase param: " + candidates); injector.probeAttack(Keysmith.permute(submission)); if (!Utilities.similar(altBase, paramGrab)) {