Python getItemRequest Examples

Programming Language: Python

Namespace/Package Name: burpexportreplay.burpexport

Method/Function: getItemRequest

Examples at hotexamples.com: 4

Python getItemRequest - 4 examples found. These are the top rated real world Python examples of burpexportreplay.burpexport.getItemRequest extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: burpreplay.py Project: archwisp/BurpExportReplay

def resendItem(item,
               host=False,
               port=False,
               proxy_host=False,
               proxy_port=False):
    if host == False:
        host = burpexport.getItemHost(item)

    if port == False:
        port = burpexport.getItemPort(item)

    sendRequest(host, port, burpexport.getItemProtocol(item),
                burpexport.getItemRequest(item), False, proxy_host, proxy_port)

Example #2

Show file

def hasCsrfToken(item, verbose=False):
    request = burpexport.getItemRequest(item)

    csrfTokens = [
        b'Token', b'CSRF', b'CSRFToken', b'antiCSRF',
        b'__RequestVerificationToken', b'RequestVerificationToken'
        b'antiForgery', b'Forgery', b'X-CSRF-TOKEN'
    ]

    for csrfToken in csrfTokens:
        if b'&' + csrfToken + b'=' in request:
            if verbose:
                print("[*] Found \"%s\" token in %s" %
                      (csrfToken, burpexport.getItemPath(item)))

            return True

    return False

Example #3

Show file

def printCsrfVulns(items, excludes):
    actions = []

    for item in items:
        action = "%s %s" % (burpexport.getItemMethod(item),
                            burpexport.getItemPath(item))
        if action in excludes:
            print("[*] Skipping %s" % (action))
            continue

        if (burpexport.getItemMethod(item) == 'POST'):
            request = burpexport.getItemRequest(item)
            if not hasCsrfToken(item, True):
                if (action not in actions):
                    actions.append(action)

    print("No anti-CSRF token found in requests to these urls:")
    for action in sorted(actions):
        print(action)

Example #4

Show file

File: print-requests.py Project: archwisp/BurpExportReplay

#vim:ts=4:sts=4:sw=4:et:
import sys, time
from burpexportreplay import burpexport, burpreplay, multiprocessor
import json
import copy
import gzip

if len(sys.argv) == 1:
    print("Usage: %s file1.xml {file2.xml file3.xml ...}" % (sys.argv[0]))

files = sys.argv[1:]
items = burpexport.loadItems(files)

for item in items:
    request = burpexport.getItemRequest(item)

    # Since we're just printing the data out to review, we can tell the decoder
    # the ignore errors. If you want to see the accurate bytes, remove the
    # decode() call.

    print(request.decode("utf-8", errors="ignore"))
    body = burpexport.getRequestBody(request, decompress=False)

    if (b'Content-Encoding: gzip' in request):
        if burpexport.isGzipCompressed(body):
            print("\nDecompressed body:\n")
            print(
                burpexport.decompressRequestBody(body).decode('utf-8') + "\n")