Skip to content

Commit

Permalink
Improve Turbo Data Miner scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
chopicalqui committed Apr 18, 2022
1 parent 2cd5e0f commit 7998ccf
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,6 @@
"burp_professional_only": false,
"uuid": "1457a809-ec9e-45d6-a087-301e101f6e55",
"version": "v1.2",
"script": "\"\"\"\nThis script extracts all HTTP headers from in-scope HTTP requests and responses and\nadds them to the table above. Thereby, the rows of the table are deduplicated.\n\"\"\"\nimport traceback\n\n# Do the initial setup\nif ref == 1 or \"dedup\" not in session:\n\tsession[\"dedup\"] = {}\n\theader = [\"Ref.\", \"Source\", \"Host\", \"URL\", \"Content-Length\", \"Header Name\", \"Header Value\", \"Reflected\", \"Status\", \"Content-Type (Response)\"]\n\ndef analyze_headers(message_info, is_request):\n\t\"\"\"\n\tThis method implements the core functionality to extract the headers from the\n\tgiven IHttpRequestResponse object.\n\t\"\"\"\n\tresult = []\n\trequest = message_info.getRequest()\n\tresponse = message_info.getResponse()\n\trequest_info = helpers.analyzeRequest(request)\n\n\t# Extract relevant information from HTTP response\n\tif response:\n\t\tresponse_info = helpers.analyzeResponse(response)\n\t\tcontent_type = get_content_type(response_info.getHeaders())\n\t\tcontent_length = get_content_length(response_info.getHeaders())\n\t\tstatus_code = response_info.getStatusCode()\n\t\tcontent_type = content_type if content_type else \"\"\n\t\tcontent_length = content_length if content_length else -1\n\telse:\n\t\tstatus_code = \"\"\n\t\tcontent_type = \"\"\n\t\tcontent_length = -1\n\n\tif is_request:\n\t\tif response:\n\t\t\tresponse_string = unicode(helpers.bytesToString(response), errors=\"ignore\")\n\t\telse:\n\t\t\tresponse_string = \"\"\n\t\tfor header in request_info.getHeaders():\n\t\t\theader_name, header_value = split_http_header(header)\r\n\t\t\tif has_stopped():\r\n\t\t\t\tbreak\n\t\t\telif header_name:\n\t\t\t\treflected = header_value in response_string\r\n\t\t\t\thost = get_hostname(url)\n\t\t\t\tkey = unicode(host, errors=\"ignore\") + header_name + unicode(content_length) + header_value + unicode(reflected) + unicode(status_code) + content_type\n\t\t\t\tif key not in session[\"dedup\"]:\n\t\t\t\t\tsession[\"dedup\"][key] = None\n\t\t\t\t\trows.append([ref, \"Request\", host, url.getPath(), content_length, header_name, header_value, reflected, status_code, content_type])\n\telif response:\n\t\ttry:\n\t\t\tresponse_info = helpers.analyzeResponse(response)\n\t\t\trequest_string = unicode(helpers.bytesToString(request), errors=\"ignore\")\n\t\t\tfor header in response_info.getHeaders():\n\t\t\t\theader_name, header_value = split_http_header(header)\r\n\t\t\t\tif has_stopped():\r\n\t\t\t\t\tbreak\r\n\t\t\t\telif header_name:\n\t\t\t\t\treflected = header_value in request_string\r\n\t\t\t\t\thost = get_hostname(url)\n\t\t\t\t\tkey = unicode(host, errors=\"ignore\") + header_name + unicode(content_length) + header_value + unicode(reflected) + unicode(status_code) + content_type\n\t\t\t\t\tif key not in session[\"dedup\"]:\n\t\t\t\t\t\tsession[\"dedup\"][key] = None\n\t\t\t\t\t\trows.append([ref, \"Response\", host, url.getPath(), content_length, header_name, header_value, reflected, status_code, content_type])\t\n\t\texcept:\n\t\t\ttraceback.print_exc(file=callbacks.getStderr())\n\treturn result\n\n# Process only in-scope HTTP requests and responses\nif in_scope:\n\t# Extract headers from HTTP requests\n\tanalyze_headers(message_info, True)\n\t# Extract headers from HTTP responses\n\tanalyze_headers(message_info, False)",
"script": "\"\"\"\nThis script extracts all HTTP headers from in-scope HTTP requests and responses and\nadds them to the table above. Thereby, the rows of the table are deduplicated.\n\"\"\"\nimport traceback\n\n# Do the initial setup\nif ref == 1 or \"dedup\" not in session:\n\tsession[\"dedup\"] = {}\n\theader = [\"Ref.\", \"Source\", \"Host\", \"URL\", \"Content-Length\", \"Header Name\", \"Header Value\", \"Reflected\", \"Status\", \"Content-Type (Response)\"]\n\ndef analyze_headers(message_info, is_request):\n\t\"\"\"\n\tThis method implements the core functionality to extract the headers from the\n\tgiven IHttpRequestResponse object.\n\t\"\"\"\n\tresult = []\n\trequest = message_info.getRequest()\n\tresponse = message_info.getResponse()\n\trequest_info = helpers.analyzeRequest(request)\n\n\t# Extract relevant information from HTTP response\n\tif response:\n\t\tresponse_info = helpers.analyzeResponse(response)\n\t\tcontent_type = get_content_type(response_info.getHeaders())\n\t\tcontent_length = get_content_length(response_info.getHeaders())\n\t\tstatus_code = response_info.getStatusCode()\n\t\tcontent_type = content_type if content_type else \"\"\n\t\tcontent_length = content_length if content_length else -1\n\telse:\n\t\tstatus_code = -1\n\t\tcontent_type = \"\"\n\t\tcontent_length = -1\n\n\tif is_request:\n\t\tif response:\n\t\t\tresponse_string = unicode(helpers.bytesToString(response), errors=\"ignore\")\n\t\telse:\n\t\t\tresponse_string = \"\"\n\t\tfor header in request_info.getHeaders():\n\t\t\theader_name, header_value = split_http_header(header)\r\n\t\t\tif has_stopped():\r\n\t\t\t\tbreak\n\t\t\telif header_name:\n\t\t\t\treflected = header_value in response_string\r\n\t\t\t\thost = get_hostname(url)\n\t\t\t\tkey = unicode(host, errors=\"ignore\") + header_name + unicode(content_length) + header_value + unicode(reflected) + unicode(status_code) + content_type\n\t\t\t\tif key not in session[\"dedup\"]:\n\t\t\t\t\tsession[\"dedup\"][key] = None\n\t\t\t\t\trows.append([ref, \"Request\", host, url.getPath(), content_length, header_name, header_value, reflected, status_code, content_type])\n\telif response:\n\t\ttry:\n\t\t\tresponse_info = helpers.analyzeResponse(response)\n\t\t\trequest_string = unicode(helpers.bytesToString(request), errors=\"ignore\")\n\t\t\tfor header in response_info.getHeaders():\n\t\t\t\theader_name, header_value = split_http_header(header)\r\n\t\t\t\tif has_stopped():\r\n\t\t\t\t\tbreak\r\n\t\t\t\telif header_name:\n\t\t\t\t\treflected = header_value in request_string\r\n\t\t\t\t\thost = get_hostname(url)\n\t\t\t\t\tkey = unicode(host, errors=\"ignore\") + header_name + unicode(content_length) + header_value + unicode(reflected) + unicode(status_code) + content_type\n\t\t\t\t\tif key not in session[\"dedup\"]:\n\t\t\t\t\t\tsession[\"dedup\"][key] = None\n\t\t\t\t\t\trows.append([ref, \"Response\", host, url.getPath(), content_length, header_name, header_value, reflected, status_code, content_type])\t\n\t\texcept:\n\t\t\ttraceback.print_exc(file=callbacks.getStderr())\n\treturn result\n\n# Process only in-scope HTTP requests and responses\nif in_scope:\n\t# Extract headers from HTTP requests\n\tanalyze_headers(message_info, True)\n\t# Extract headers from HTTP responses\n\tanalyze_headers(message_info, False)",
"name": "Header - Template Script to Extract All Headers From HTTP Requests and Responses"
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@
6,
7
],
"burp_professional_only": false,
"uuid": "24768fe1-0bb5-4f99-ac79-f11b54dff146",
"version": "v1.0",
"script": "\"\"\"\nThis script adds all issues of in-scope HTTP requests and responses to the table above.\n\"\"\"\n\n# Do the initial setup\nif ref == 1 or \"ScanIssues\" not in session:\n\theader = [\"Ref.\", \"Host\", \"URL\", \"Type\", \"Issue Name\", \"Issue Confidence\"]\n\tsession[\"ScanIssues\"] = {}\n\tsession[\"Severities\"] = {\"Information\": \"1 - Information\", \"Low\": \"2 - Low\", \"Medium\": \"3 - Medium\", \"High\": \"4 - High\"}\n\tfor issue in callbacks.getScanIssues(None):\n\t\turl_str = unicode(issue.getUrl())\n\t\tif callbacks.isInScope(issue.getUrl()):\n\t\t\tif url_str not in session[\"ScanIssues\"]:\n\t\t\t\tsession[\"ScanIssues\"][url_str] = [issue]\n\t\t\telse:\n\t\t\t\tsession[\"ScanIssues\"][url_str].append(issue)\n\n# Process only in-scope HTTP responses\nif in_scope:\n\turl_str = unicode(url)\n\tif url_str in session[\"ScanIssues\"]:\n\t\t\tissues = session[\"ScanIssues\"][url_str]\n\t\t\thost = get_hostname(url)\n\t\t\tfor issue in issues:\n\t\t\t\tseverity = session[\"Severities\"][issue.getSeverity()] if issue.getSeverity() in session[\"Severities\"] else \"\"\"Update session[\"Severities\"]\"\"\"\n\t\t\t\trows.append([ref, host, url_str, issue.getIssueType(), issue.getIssueName(), severity, issue.getConfidence()])",
"version": "v1.1",
"script": "\"\"\"\nThis script adds all issues of in-scope HTTP requests and responses to the table above.\n\"\"\"\n\n# Do the initial setup\nif ref == 1 or \"ScanIssues\" not in session:\n\theader = [\"Ref.\", \"Host\", \"URL\", \"Type\", \"Issue Name\", \"Severity\", \"Confidence\"]\n\tsession[\"ScanIssues\"] = {}\n\tsession[\"Severities\"] = {\"Information\": \"1 - Information\", \"Low\": \"2 - Low\", \"Medium\": \"3 - Medium\", \"High\": \"4 - High\"}\n\tfor issue in callbacks.getScanIssues(None):\n\t\turl_str = unicode(issue.getUrl())\n\t\tif callbacks.isInScope(issue.getUrl()):\n\t\t\tif url_str not in session[\"ScanIssues\"]:\n\t\t\t\tsession[\"ScanIssues\"][url_str] = [issue]\n\t\t\telse:\n\t\t\t\tsession[\"ScanIssues\"][url_str].append(issue)\n\n# Process only in-scope HTTP responses\nif in_scope:\n\turl_str = unicode(url)\n\tif url_str in session[\"ScanIssues\"]:\n\t\t\tissues = session[\"ScanIssues\"][url_str]\n\t\t\thost = get_hostname(url)\n\t\t\tfor issue in issues:\n\t\t\t\tseverity = session[\"Severities\"][issue.getSeverity()] if issue.getSeverity() in session[\"Severities\"] else \"\"\"Update session[\"Severities\"]\"\"\"\n\t\t\t\trows.append([ref, host, url_str, issue.getIssueType(), issue.getIssueName(), severity, issue.getConfidence()])",
"name": "Issues - Template Script to Obtain Scan Issues For All In-Scope HTTP Requests And Responses"
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
"author": "Lukas Reiter",
"plugins": [
0,
6
6,
7
],
"burp_professional_only": false,
"uuid": "fcfbfcaa-e902-4469-bc75-0c5634d4571a",
Expand Down

0 comments on commit 7998ccf

Please sign in to comment.