Python getItemRequest Exemples, burpexportreplay.burpexport.getItemRequest Python Exemples

Exemple #1

0

Afficher le fichier

Fichier : burpreplay.py Projet : archwisp/BurpExportReplay

def resendItem(item,
               host=False,
               port=False,
               proxy_host=False,
               proxy_port=False):
    if host == False:
        host = burpexport.getItemHost(item)

    if port == False:
        port = burpexport.getItemPort(item)

    sendRequest(host, port, burpexport.getItemProtocol(item),
                burpexport.getItemRequest(item), False, proxy_host, proxy_port)

Exemple #2

0

Afficher le fichier

def hasCsrfToken(item, verbose=False):
    request = burpexport.getItemRequest(item)

    csrfTokens = [
        b'Token', b'CSRF', b'CSRFToken', b'antiCSRF',
        b'__RequestVerificationToken', b'RequestVerificationToken'
        b'antiForgery', b'Forgery', b'X-CSRF-TOKEN'
    ]

    for csrfToken in csrfTokens:
        if b'&' + csrfToken + b'=' in request:
            if verbose:
                print("[*] Found \"%s\" token in %s" %
                      (csrfToken, burpexport.getItemPath(item)))

            return True

    return False

Exemple #3

0

Afficher le fichier

def printCsrfVulns(items, excludes):
    actions = []

    for item in items:
        action = "%s %s" % (burpexport.getItemMethod(item),
                            burpexport.getItemPath(item))
        if action in excludes:
            print("[*] Skipping %s" % (action))
            continue

        if (burpexport.getItemMethod(item) == 'POST'):
            request = burpexport.getItemRequest(item)
            if not hasCsrfToken(item, True):
                if (action not in actions):
                    actions.append(action)

    print("No anti-CSRF token found in requests to these urls:")
    for action in sorted(actions):
        print(action)

Exemple #4

0

Afficher le fichier

Fichier : print-requests.py Projet : archwisp/BurpExportReplay

#vim:ts=4:sts=4:sw=4:et:
import sys, time
from burpexportreplay import burpexport, burpreplay, multiprocessor
import json
import copy
import gzip

if len(sys.argv) == 1:
    print("Usage: %s file1.xml {file2.xml file3.xml ...}" % (sys.argv[0]))

files = sys.argv[1:]
items = burpexport.loadItems(files)

for item in items:
    request = burpexport.getItemRequest(item)

    # Since we're just printing the data out to review, we can tell the decoder
    # the ignore errors. If you want to see the accurate bytes, remove the
    # decode() call.

    print(request.decode("utf-8", errors="ignore"))
    body = burpexport.getRequestBody(request, decompress=False)

    if (b'Content-Encoding: gzip' in request):
        if burpexport.isGzipCompressed(body):
            print("\nDecompressed body:\n")
            print(
                burpexport.decompressRequestBody(body).decode('utf-8') + "\n")