forked from arvinddoraiswamy/ThickClientScripts
/
version_detect.py
64 lines (50 loc) · 2.54 KB
/
version_detect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#Get server header from every response and dump it into a file
#Search response bodies for a set of common versions
from burp import IBurpExtender
from burp import IHttpListener
from burp import IProxyListener
import re
import sys
import os
unique_banners={}
list_of_platforms=['iis','apache','tomcat','weblogic','websphere','jetty','gws','ibm','oracle','nginx']
urls_in_scope=['securityinnovation.com','testblah.com','qa.blah.com','qa.ooboob.com']
#Adding directory to the path where Python searches for modules
module_folder = os.path.dirname('/home/arvind/Documents/Me/My_Projects/Git/WebAppsec/BurpExtensions/modules/')
sys.path.insert(0, module_folder)
import webcommon
class BurpExtender(IBurpExtender, IHttpListener, IProxyListener):
def registerExtenderCallbacks(self,callbacks):
# Get a reference to the Burp helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Platform Information Extractor")
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
# register ourselves as a Proxy listener
callbacks.registerProxyListener(self)
def processProxyMessage(self,messageIsRequest,message):
response_byte_array=message.getMessageInfo().getResponse()
request_http_service=message.getMessageInfo().getHttpService()
request_byte_array=message.getMessageInfo().getRequest()
request_object=self._helpers.analyzeRequest(request_http_service, request_byte_array)
#Extract hostname from header
hostname=webcommon.get_host_header_from_request(self,request_object)
#hostname=BurpExtender.get_host_header_from_request(self,request_object)
#Check if the URL is in scope. This is to eliminate stray traffic.
if hostname and hostname[1] in urls_in_scope:
if not messageIsRequest:
responseInfo = self._helpers.analyzeResponse(response_byte_array)
#Extract banner from response
banner=webcommon.get_banner_from_response(self,responseInfo)
if banner not in unique_banners.keys():
unique_banners[banner]=''
print banner
#Extract platform specific content from response
responseBody=webcommon.get_response_body(self,response_byte_array,responseInfo)
responseBody_string=self._helpers.bytesToString(responseBody)
for platform_name in list_of_platforms:
regex=re.compile('.{30}%s.{30}'%platform_name,re.IGNORECASE|re.DOTALL)
m2=regex.search(responseBody_string)
if m2:
print m2.group(0)+'\n'+'-'*30+'\n'