就是想自己写一个插件,因为burp日常使用很方便,点点点,自己扫描就行
别的大部分都是自己需要转发一下,太麻烦,考虑的东西还有一些,但是先记录一下
关于requests报错问题,直接下载 jython 安装,然后把已有的python site-xxx 那个文件的内容贴过来即可
函数都是实现了的,部分代码 直接删了 ~ 自己补充学习咯 ~
from burp import IBurpExtender
from burp import IScannerCheck
from burp import IScanIssue
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadProcessor
from burp import IIntruderPayloadGenerator
from array import array
import requests
import sys
import re
# useing with Header Editor
class BurpExtender(IBurpExtender, IScannerCheck):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("sql_inject")
# register ourselves as a custom scanner check
callbacks.registerScannerCheck(self)
# helper method to search a response for occurrences of a literal match string
# and return a list of start/end offsets
def doPassiveScan(self, baseRequestResponse):
whetherDetect = False
url = self._helpers.analyzeRequest(baseRequestResponse).getUrl()
paramrters = self._helpers.analyzeRequest(baseRequestResponse).getParameters()
headers = self._helpers.analyzeRequest(baseRequestResponse).getHeaders()
method = self._helpers.analyzeRequest(baseRequestResponse).getMethod()
for header in headers:
if "inject: xxxxeeee11112222" in header:
whetherDetect = True
if whetherDetect == True:
reqInfo = infoDeal(str(url), paramrters, headers, method)
if reqInfo.getDetect():
url = reqInfo.getUrl()
cookieDict = reqInfo.getCookies()
if method == "GET":
inject.getInject()
elif method == "POST":
inject.postInject()
# type [0,1,2] ['get','post','cookie']
# for x in protocol:
# print str(x.getType())+" - "+x.getName()+" - "+x.getValue()
class infoDeal(object):
def __init__(self, url, paramrters, headers, method):
self.method = method
self.parseUrl = urlparse(url)
self.paramrters = paramrters
def getDetect(self):
if self.parseUrl.whetherDetect:
return True
return False
def getMethod(self):
return method
def getUrl(self):
return self.parseUrl.scheme + "://" + self.parseUrl.netloc + "/" + self.parseUrl.path
# ['key1','key2'] ['value1','value2']
def getParam(self):
keyList = []
valueList = []
~~~ ~~~
return keyList, valueList
# {'PHPsession':'9u123821u02193ewqe0921u'}
def getCookies(self):
cookieDict = {}
~~~ ~~~
return cookieDict
# ['key1','key2'] ['value1','value2']
def getPost(self):
keyList = []
valueList = []
~~~ ~~~
return keyList, valueList
class sql_inject(object):
def __init__(self, url, keyList, valueList, cookieDict, method):
self.timeout = "5"
self.url = url
self.keyList = keyList
self.valueList = valueList
self.cookieDict = cookieDict
self.headers = {
'User-Agent':"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50",
}
self.payloads = [
]
def getInject(self):
for payload in self.payloads:
param = ""
for num in xrange(0,len(self.keyList)):
param += "%s=%s&" % (str(self.keyList[num]), str(self.valueList[num])+payload)
try:
resp = requests.get(self.url+"?"+param, headers=self.headers, cookies=self.cookieDict, timeout=self.timeout)
print self.url+"?"+param
except Exception as e:
print e
print "[* ] sql_inject may be %s" % (self.url+"?"+param)
print "---- this url is end ----"
def postInject(self):
pass
class urlparse(object):
# scheme='http', netloc='www.baidu.com', path='/static/img.php', params='', query='a=a', fragment=''
# if do not have ?key=value re is empty list
def __init__(self, url):
self.patchUrl = re.findall(r"",url,re.I)
self.whetherDetect = True
self.scheme = self.patchUrl[0][0]
self.netloc = self.patchUrl[0][1]
self.path = self.patchUrl[0][2]
self.query = self.patchUrl[0][3]