mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-21 00:25:07 +01:00
91 lines
3.1 KiB
Python
91 lines
3.1 KiB
Python
|
#!/usr/bin/python
|
||
|
|
||
|
from burp import IBurpExtender
|
||
|
from burp import IParameter
|
||
|
from burp import IHttpListener
|
||
|
from burp import IExtensionStateListener
|
||
|
|
||
|
# Can be used with:
|
||
|
# https://github.com/securityMB/burp-exceptions
|
||
|
# from exceptions_fix import FixBurpExceptions
|
||
|
import sys
|
||
|
import re
|
||
|
import urlparse
|
||
|
from urllib import urlencode
|
||
|
|
||
|
|
||
|
HOST_SCOPE = 'www.example.com'
|
||
|
TRIGGER_PATTERN = '/some/path/'
|
||
|
COOKIE_NAME = 'cookieTicket'
|
||
|
PARAMETER_NAME = 'ticket'
|
||
|
|
||
|
class BurpExtender(IBurpExtender, IHttpListener, IExtensionStateListener):
|
||
|
ticket = ''
|
||
|
|
||
|
def registerExtenderCallbacks(self, callbacks):
|
||
|
# sys.stdout = callbacks.getStdout()
|
||
|
|
||
|
print '[+] Ticket appender is loading...'
|
||
|
|
||
|
self._callbacks = callbacks
|
||
|
|
||
|
# helpers object for analyzing HTTP request
|
||
|
self._helpers = callbacks.getHelpers()
|
||
|
|
||
|
callbacks.setExtensionName("Copy Specific Cookie into URL parameter")
|
||
|
callbacks.registerHttpListener(self)
|
||
|
callbacks.registerExtensionStateListener(self)
|
||
|
|
||
|
return
|
||
|
|
||
|
def addUrlParam(self, _url, name, value):
|
||
|
pos1 = _url.find(' ') + 1
|
||
|
pos2 = _url.rfind(' ')
|
||
|
url = _url[pos1:pos2]
|
||
|
|
||
|
url_parts = list(urlparse.urlparse(url))
|
||
|
query = dict(urlparse.parse_qsl(url_parts[4]))
|
||
|
query.update({name : value})
|
||
|
url_parts[4] = urlencode(query)
|
||
|
|
||
|
new_url = str(urlparse.urlunparse(url_parts))
|
||
|
|
||
|
return _url[:pos1] + new_url + _url[pos2:]
|
||
|
|
||
|
|
||
|
def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
|
||
|
if messageIsRequest:
|
||
|
requestInfo = self._helpers.analyzeRequest(currentRequest)
|
||
|
|
||
|
headers = requestInfo.getHeaders()
|
||
|
|
||
|
if re.match('Host: ' + HOST_SCOPE, headers[1], re.I):
|
||
|
for h in headers:
|
||
|
if 'Cookie' in h and COOKIE_NAME in h:
|
||
|
pos0 = h.find(COOKIE_NAME)
|
||
|
pos1 = h.find('=', pos0)
|
||
|
pos2 = h.find(';', pos1)
|
||
|
ticket = h[pos1+1:pos2]
|
||
|
|
||
|
if ticket != self.ticket:
|
||
|
print "[?] Cookie's value changed: '%s' => '%s'" % (ticket, self.ticket)
|
||
|
self.ticket = ticket
|
||
|
|
||
|
url = headers[0]
|
||
|
print '[*] Working url: "%s"' % url
|
||
|
print '[*] Self.ticket = "%s"' % self.ticket
|
||
|
|
||
|
if TRIGGER_PATTERN in url and self.ticket != '' and PARAMETER_NAME + '=' not in url:
|
||
|
print '[?] No Ticket parameter in URL. Adding it...'
|
||
|
|
||
|
newHeaders = list(headers)
|
||
|
newHeaders[0] = self.addUrlParam(url, PARAMETER_NAME, ' ' + self.ticket)
|
||
|
print '[?] Updating URL from: "%s" => "%s"' % (headers[0], newHeaders[0])
|
||
|
|
||
|
bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
|
||
|
bodyStr = self._helpers.bytesToString(bodyBytes)
|
||
|
|
||
|
newMessage = self._helpers.buildHttpMessage(newHeaders, bodyStr)
|
||
|
currentRequest.setRequest(newMessage)
|
||
|
|
||
|
# FixBurpExceptions()
|