def handleRequest(self, flow: http.HTTPFlow) -> None:
"""Handles requests received from the client or replayed from mitmproxy."""
if flow.request.method == "POST" and flow.request.url == self.fuzzed_url:
logger.info("Spent CSRF token: " + flow.request.urlencoded_form["user_token"])
if flow.is_replay == "request":
self.SD.setCredentials(flow.request.urlencoded_form)
if flow.is_replay == "request":
logger.info("Replayed request detected:" + str(flow.request))
return
if flow.request.method == "GET" and flow.request.url == self.fuzzed_url:
self.get_tmp = flow.copy()
logger.info("Updated tmp GET request flow")
def request(self, flow: http.HTTPFlow):
# Avoid an infinite loop by not replaying already replayed requests
if flow.request.is_replay:
return
flow_dup = flow.copy()
req_data = flow_dup.request
pretty_url = req_data.pretty_url
print('----> {0}'.format(pretty_url))
if polling_host in pretty_url:
secret = req_data.query.get('biid', None)
if secret and secret != 'test':
self.secret = secret
print("[+] Found burpcollaborator polling secret: {0}".format(
self.secret))
elif pretty_url.endswith('.burpcollaborator.net/'):
self.hosts.append(req_data.pretty_host)
print(pretty_url)
def redact_flow(flow: http.HTTPFlow):
flow = flow.copy()
anonymize.redact(flow.request)
if flow.response:
anonymize.redact(flow.response)
return flow
