BappG-Attack
to WAFA
This project is only for demonstration, you can't modify and use it in any way.
requests
by running pip3 insatll requests
apidata.json
main.py
file using pythonIt's syntax looks something like:
{
"WAFA_API" : {
"<Type eg. CALL or SMS>:<Name>": {
"url":"<website>",
"modifier_map":{"params":"someval" # format with target, "data":{"somecomplexdate":"str" # type}},
"params":{"somval": "{datetime.now()}" # using default imports},
"data":{"somecomplexdate":""}
"sleep_time":15,
"identifier":"success\":true"
}
}
}
Default values:
headers={}, # additional headers then default one
url="", # url of api
cookies={}, # session cookies
sleep_time=1, # after how much time send next
method="GET", # method of requests ["POST", "GET"]
identifier="", # check if this is in result
data={}, # json data to send
params={}, # url params
modifier_map={}, # map to modify which values
initiator={}, # an pre request (same as an api), it will set result of it to "self.init_result"
Default imports:
from datetime import datetime
import os
A complex example with initiator request:
"CALL:Somewebsite":{
"method":"POST",
"url":"https://www.somewebsite.com/api/io/account/v1/sendOtp",
"initiator":{
"url":"https://www.somewebsite.com/api/y/auth/v3/getOtp",
"method":"POST",
"data":{
"mobile": "{}",
"deviceName": "",
"refCode": "",
"isPlayOP": false
},
"modifier_map":{"data":"mobile"}
},
"data":{
"otpOnCall": true,
"otpType": 8,
"date":{"{datetime.now().strftime('%H:%S')}"},
"transactionId": "{self.init_result['data']['otpTransactionId']}", # uses otpTransactionId from initiator
"mobile": "{}"
},
# To avoid duplicacy, I have used data, data:, data::
# they all are same, to will auto cut extra ":"
"modifier_map":{"data":"mobile", "data:" : {"transactionId":"int"},"data::":{"date":"str"}},
"identifier":"success\": true",
"sleep_time":30