利用python開發Burp Suite外掛
阿新 • • 發佈:2019-01-02
1.選擇Burp Suite外掛開發語言
Burp Suite支援Java,Python,Ruby編寫他的外掛,在這裡我們選用Python作為我們外掛的開發語言,Python分很多種,常見的比如Jython,Cython等等。今天我們用的是Jython,Jython為我們提供了Python的庫,同時也提供了所有java的類
2.配置Jython環境
我們需要讓Burp Suite載入我們的外掛,在http://www.jython.org/downloads.html下載2.7.0版本(可下載Standalone獨立jar包)。下載好後如下圖使Burp Suite載入Python外掛。
3.介紹API
Burp Suite官方API文件:https://portswigger.net/burp/extender/api/index.html
從Burp Suite上我們可以直接檢視api文件,也可下載到本地
1. (紅色)外掛入口和幫助介面類:
IBurpExtender # Burp外掛的入口 IBurpExtenderCallbacks # IBurpExtender介面的實現類 IExtensionHelpers # 幫助介面 IExtensionStateListener # 管理操作介面
2. (綠色)UI相關介面類:
IContextMenuFactory
IContextMenuInvocation
ITab
ITextEditor
IMessageEditor
IMenuItemHandler
# 以上主要是定義Burp外掛的UI顯示和動作的處理事件,主要是軟體互動中使用
3.(藍色) Burp工具元件介面類:
IInterceptedProxyMessage IIntruderAttack IIntruderPayloadGenerator IIntruderPayloadGeneratorFactory IIntruderPayloadProcessor IProxyListener IScanIssue IScannerCheck IScannerInsertionPoint IScannerInsertionPointProvider IScannerListener IScanQueueItem IScopeChangeListener # Burp Suite工具元件介面類
4. (棕色)HTTP訊息處理介面類:
ICookie
IHttpListener
IHttpRequestResponse
IHttpRequestResponsePersisted
IHttpRequestResponseWithMarkers
IHttpService
IRequestInfo
IParameter
IResponseInfo
# 處理Cookie、Request、Response、Parameter等訊息頭介面類
4.官方外掛開發示例
官方給出了簡單的外掛示例,包括java,python,ruby版本
https://portswigger.net/burp/extender#SampleExtensions
5.實戰開發
目前jython還不支援python3,所以我們開發時還是採用python2的語法。
from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
from java.util import List, ArrayList
import random
class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("burp—plugin")
callbacks.registerIntruderPayloadGeneratorFactory(self)
return
def getGeneratorName(self):
return "burp—plugin"
def createNewInstance(self, attack):
return BHPFuzzer(self, attack)
class BHPFuzzer(IIntruderPayloadGenerator):
def __init__(self, extender, attack):
self._extender = extender
self._helpers = extender._helpers
self._attack = attack
print "burp—plugin"
self.max_payloads = 1000
self.num_payloads = 0
return
def hasMorePayloads(self):
print "hasMorePayloads called."
if self.num_payloads == self.max_payloads:
print "No more payloads."
return False
else:
print "More payloads. Continuing."
return True
def getNextPayload(self,current_payload):
payload = "".join(chr(x) for x in current_payload)
payload = self.mutate_payload(payload)
self.num_payloads += 1
return payload
def reset(self):
self.num_payloads = 0
return
def mutate_payload(self,original_payload):
picker = random.randint(1,3)
offset = random.randint(0,len(original_payload)-1)
payload = original_payload[:offset]
if picker == 1:
payload += "'"
if picker == 2:
payload += "<script>alert('xss');</script>";
if picker == 3:
chunk_length = random.randint(len(payload[offset:]),len(payload)-1)
repeater = random.randint(1,10)
for i in range(repeater):
payload += original_payload[offset:offset+chunk_length]
payload += original_payload[offset:]
return payload