def handleRequest(self, flow: http.HTTPFlow) -> None: """Handles requests received from the client or replayed from mitmproxy.""" if flow.request.method == "POST" and flow.request.url == self.fuzzed_url: logger.info("Spent CSRF token: " + flow.request.urlencoded_form["user_token"]) if flow.is_replay == "request": self.SD.setCredentials(flow.request.urlencoded_form) if flow.is_replay == "request": logger.info("Replayed request detected:" + str(flow.request)) return if flow.request.method == "GET" and flow.request.url == self.fuzzed_url: self.get_tmp = flow.copy() logger.info("Updated tmp GET request flow")
def request(self, flow: http.HTTPFlow): # Avoid an infinite loop by not replaying already replayed requests if flow.request.is_replay: return flow_dup = flow.copy() req_data = flow_dup.request pretty_url = req_data.pretty_url print('----> {0}'.format(pretty_url)) if polling_host in pretty_url: secret = req_data.query.get('biid', None) if secret and secret != 'test': self.secret = secret print("[+] Found burpcollaborator polling secret: {0}".format( self.secret)) elif pretty_url.endswith('.burpcollaborator.net/'): self.hosts.append(req_data.pretty_host) print(pretty_url)
def redact_flow(flow: http.HTTPFlow): flow = flow.copy() anonymize.redact(flow.request) if flow.response: anonymize.redact(flow.response) return flow