#!/usr/bin/perl # # (C) 2008 by Philipp Winter (Mail: 0x9617D5D3) # Released under the GPLv3 # # $Id: htmlfuzz.pl 3 2008-08-23 09:37:59Z pwr $ # # Simple HTML-Fuzzer (invoked as CGI script) written in Perl. Via a HTML meta tag, the script # refreshes itself every second. Various random, incomplete and erroneous HTML tags are written to # the HTML file, the client receives after the request. In addition the script manages a logfile # which holds the clients and a corresponding timestamp. # # This is just some academic how-it-could-be-done code so don't expect too much. use strict; use POSIX qw(strftime); use constant ASCII_CHARS => 127; use constant MAX_TAG_CONTENT => 32; my $id = "\n"; my $tag_count = 1000; my @keys; my @array; my %tags = ('a' => [ 'href', 'name', 'ref', 'onload', 'download', 'height' ], 'b' => [ 'class', 'dir', 'id', 'lang', 'style', 'title' ], 'body' => [ 'background', 'bgcolor', 'text', 'link', 'alink', 'onload', 'style' ], 'br' => [ 'class', 'clear', 'id', 'style', 'title' ], 'button' => [ 'class', 'dir', 'name', 'id', 'style', 'type', 'value' ], 'abbr' => [ 'class', 'dir', 'id', 'lang', 'style', 'title', 'onload' ], 'address' => [ 'class', 'dir', 'id', 'lang', 'onload', 'style' ], 'area' => [ 'shape', 'alt', 'href', 'onload', 'style' ], 'caption' => [ 'align', 'valign', 'onload', 'style' ], 'code' => [ 'lang', 'onclick', 'style', 'title' ], 'center' => [ 'onload', 'style' ], 'div' => [ 'align', 'class', 'lang', 'style', 'onload' ], 'font' => [ 'size', 'color', 'style', 'onload', 'face' ], 'form' => [ 'action', 'method', 'enctype', 'target', 'script' ], 'frame' => [ 'src', 'align', 'scrolling', 'framespacing', 'style', 'onload', ], 'frameset' => [ 'cols', 'id', 'onload', 'onunload', 'rows', 'style' ], 'h1' => [ 'src', 'dingbat', 'style', 'onload' ], 'head' => [ 'dir', 'lang', 'profile' ], 'html' => [ 'onload', 'style' ], 'img' => [ 'alt', 'class', 'align', 'src', 'style', 'usemaö', 'width' ], 'input' => [ 'accept', 'alt', 'name', 'lang', 'dir', 'type', 'value' ], 'link' => [ 'rel', 'rev', 'href', 'onload', 'style' ], 'map' => [ 'name', 'onload', 'style' ], 'menu' => [ 'onload', 'style' ], 'meta' => [ 'name', 'http-equiv', 'content', 'style', 'onload' ], 'option' => [ 'value', 'shape', 'onload', 'style' ], 'p' => [ 'class', 'id', 'lang', 'style', 'title', 'dir' ], 'select' => [ 'name', 'size', 'multiple', 'width', 'height', 'onload', 'style' ], 'script' => [ 'language', 'onload', 'style' ], 'span' => [ 'class', 'dir', 'id', 'lang', 'onclick', 'style', 'title' ], 'table' => [ 'style', 'onload', 'bgcolor', 'width', 'height', 'border' ], 'textarea' => [ 'class', 'cols', 'dir', 'id', 'lang', 'name', 'rows', 'style' ], 'td' => [ 'colspan', 'rowspan', 'align', 'valign', 'bgcolor', 'onload' ], 'tr' => [ 'align', 'valign', 'bgcolor', 'class', 'onload', 'style' ], 'var' => [ 'class', 'dir', 'id', 'lang', 'style', 'title' ] ); print "Content-Type: text/html", "\n\n"; print "\n"; print $id; print "\n\n"; log_client(); place_tag() while ($tag_count--); sub place_tag { my ($rand); print '<'; print '/' if int rand 2; @keys = keys %tags; $rand = int rand $#keys; print $keys[$rand]." "; @array = $tags{$keys[$rand]}; print $tags{$keys[$rand]}[int rand $#array]; if (int rand 5 < 4) { print '="'; $rand = int rand MAX_TAG_CONTENT; print chr int rand ASCII_CHARS while ($rand--); print '"' if int rand 2; } print ">" if rand 2; } sub log_client { my ($fd, $now); open ($fd, '>>', '/tmp/fuzzlog') or die ("$!"); $now = strftime "%a %b %e %H:%M:%S %Y", gmtime; print $fd "Request from Client \"$ENV{'REMOTE_ADDR'}\" at: $now\n" and close $fd; }