the-web-application-hackers-handbook

582 Chapter 14 n Automating Customized Attacks
String line;
while (null != (line = br.readLine()))
response.append(line);
}
os.close();
br.close();
return response.toString();
Having obtained the server’s response to each request, we need to parse it to
extract the relevant information to enable us to identify hits in our attack. Let’s
start by simply recording two interesting items — the HTTP status code from
the first line of the response and the total length of the response:
String parseResponse(String response)
{
StringBuffer output = new StringBuffer();
output.append(response.split(“\\s+”, 3)[1] + “\t”);
output.append(Integer.toString(response.length()) + “\t”);
}
return output.toString();
Finally, we now have everything in place to launch our attack. We just need
some simple wrapper code to call each of the preceding methods in turn and
print the results until all our requests have been made and nextRequest returns
false:
void doAttack()
{
System.out.println(“param\tpayload\tstatus\tlength”);
String output = null;
}
while (nextRequest())
{
try
{
output = parseResponse(issueRequest(buildRequest()));
}
catch (Exception e)
{
output = e.toString();
}
System.out.println(params[currentParam].name + “\t” +
payloads.getPayload() + “\t” + output);
}
public static void main(String[] args)