Java tutorial
//package com.java2s; //License from project: Open Source License import java.util.ArrayList; import java.util.Collections; import java.util.List; public class Main { /** Cache for payloads string */ private static final List<String> PAYLOADS_CACHE = new ArrayList<String>(); /** * Internal methods to generate fuzzing payloads that will applied<br> * * @return Fuzzing payloads as a form of a list of string */ private static List<String> defineFuzzingPayloads() { if (PAYLOADS_CACHE.isEmpty()) { // Empty value PAYLOADS_CACHE.add(""); // Quote to test SQLi PAYLOADS_CACHE.add("'"); // Quote X2 to test SQLi PAYLOADS_CACHE.add("''"); // Double quote to test SQLi PAYLOADS_CACHE.add("\""); // Expression to test SQLi (test presence of SQLite DB) PAYLOADS_CACHE.add("and sqlite3_sleep(60000) --"); // Pipe and Semi-colon/comma to test command injection PAYLOADS_CACHE.add("|"); PAYLOADS_CACHE.add(";"); PAYLOADS_CACHE.add(","); // String with a special length in order to test Buffer Overflow PAYLOADS_CACHE.add(generateFixedLengthString(8)); PAYLOADS_CACHE.add(generateFixedLengthString(16)); PAYLOADS_CACHE.add(generateFixedLengthString(32)); PAYLOADS_CACHE.add(generateFixedLengthString(64)); PAYLOADS_CACHE.add(generateFixedLengthString(128)); PAYLOADS_CACHE.add(generateFixedLengthString(256)); PAYLOADS_CACHE.add(generateFixedLengthString(512)); PAYLOADS_CACHE.add(generateFixedLengthString(1024)); PAYLOADS_CACHE.add(generateFixedLengthString(2048)); PAYLOADS_CACHE.add(generateFixedLengthString(4096)); PAYLOADS_CACHE.add(generateFixedLengthString(8192)); // Non alphanumeric characters to test unexpected behavior // See ASCII table: // http://www.asciitable.com/index/asciifull.gif // http://4toc.com/fb/FBHelp/gfx/AppF_ASCIITable.png for (int i = 0; i <= 47; i++) { PAYLOADS_CACHE.add(String.valueOf((char) i)); } PAYLOADS_CACHE.add(":"); for (int i = 60; i <= 64; i++) { PAYLOADS_CACHE.add(String.valueOf((char) i)); } for (int i = 91; i <= 96; i++) { PAYLOADS_CACHE.add(String.valueOf((char) i)); } for (int i = 123; i <= 255; i++) { PAYLOADS_CACHE.add(String.valueOf((char) i)); } // Alphanumeric to test unexpected behavior for (int i = 65; i <= 90; i++) { PAYLOADS_CACHE.add(String.valueOf((char) i)); } for (int i = 0; i <= 9; i++) { PAYLOADS_CACHE.add(Integer.toString(i)); } } return Collections.unmodifiableList(PAYLOADS_CACHE); } /** * Internal methods to generate a string with a specified length * * @param l * String length * @return Generated string */ private static String generateFixedLengthString(int l) { StringBuilder buffer = new StringBuilder(); for (int i = 1; i <= l; i++) { buffer.append("X"); } return buffer.toString(); } }