-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcopy-poc.py
338 lines (314 loc) · 13.8 KB
/
copy-poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
# -*-coding:utf-8 -*-
from burp import IBurpExtender, IScannerCheck
from burp import IMessageEditorTabFactory, IContextMenuFactory
from javax.swing import JMenuItem, JOptionPane
from java.awt import Toolkit
from java.awt.datatransfer import StringSelection
import json
from urlparse import urlparse
class BurpExtender(IBurpExtender, IScannerCheck, IContextMenuFactory):
def __init__(self):
self.pattern_text = ''
self.matchmode = ''
self.path = ''
self.post_mode = ''
def registerExtenderCallbacks(self, callbacks):
print("@author: gubei")
print("burp to pocsuite code")
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# 这里是插件加载的名称
self._callbacks.setExtensionName("copy-poc")
callbacks.registerContextMenuFactory(self)
# 创建按钮函数
def createMenuItems(self, invocation):
self.menus = []
self.invocation = invocation
self.menus.append(JMenuItem("poc-pocsuite3", None, actionPerformed=lambda x: self.run(x)))
return self.menus
def stripTrailingNewlines(self, data):
while data[-1] in (10, 13):
data = data[:-1]
return data
def get_pocsuite(self, header, path, text):
moban_get = """
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pocsuite3.api import (
minimum_version_required, POCBase, register_poc, requests, logger,
)
import re
from urllib.parse import urlparse
from pocsuite3.lib.core.poc import Output
minimum_version_required('1.9.8')
class DemoPOC(POCBase):
vulID = '123'
version = '1'
author = 'gubei'
vulDate = '2022-08-08'
createDate = '2022-08-08'
updateDate = '2022-08-08'
references = []
name = 'test'
appPowerLink = ''
appName = ''
appVersion = ''
vulType = 'SQL Injection'
desc = 'Vulnerability description'
samples = ['']
install_requires = ['']
pocDesc = 'User manual of poc'
dork = {'zoomeye': ''}
suricata_request = ''
suricata_response = ''
def urlstr(self,url: str):
if url:
data = urlparse(url)
try:
if data.scheme:
urls = data.scheme + "://" + data.netloc
else:
urls = "http://" + data.path.split("/")[0]
print(urls)
return urls
except Exception as e:
pass
else:
pass
def _verify(self):
result = {}
headers={
%s
}
output = Output(self)
url=self.urlstr(self.url)
url = url + str(r"%s")
try:
response = requests.get(url,headers=headers)
%s
except Exception as e:
pass
def _attack(self):
result = {}
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
return self.parse_output(result)
def _shell(self):
return self._verify()
register_poc(DemoPOC)
""" % (header, path, text)
return moban_get
def post_pocsuite(self, header, path, data, post_mode, intext):
moban_post = '''
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re
from pocsuite3.api import (
minimum_version_required, POCBase, register_poc, requests, logger,
)
from pocsuite3.lib.core.poc import Output
from urllib.parse import urlparse
minimum_version_required('1.9.8')
class DemoPOC(POCBase):
vulID = '123'
version = '1'
author = 'gubei'
vulDate = '2022-08-08'
createDate = '2022-08-08'
updateDate = '2022-08-08'
references = []
name = 'test'
appPowerLink = ''
appName = ''
appVersion = ''
vulType = 'SQL Injection'
desc = 'Vulnerability description'
samples = ['']
install_requires = ['']
pocDesc = 'User manual of poc'
dork = {'zoomeye': ''}
suricata_request = ''
suricata_response = ''
def urlstr(self,url: str):
if url:
data = urlparse(url)
try:
if data.scheme:
urls = data.scheme + "://" + data.netloc
else:
urls = "http://" + data.path.split("/")[0]
print(urls)
return urls
except Exception as e:
pass
else:
pass
def _verify(self):
result = {}
headers = {%s}
output = Output(self)
url=self.urlstr(self.url)
url = url + str(r"%s")
data=%s
try:
response = requests.post(url, headers=headers,%s=data)
%s
except Exception as e:
pass
def _attack(self):
result = {}
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
return self.parse_output(result)
def _shell(self):
return self._verify()
register_poc(DemoPOC)
''' % (header, path, data, post_mode, intext)
return moban_post
def modelist(self, intext="xxx", retext="xxx", statustext="xxx"):
re_text = '''
flag=re.findall("xxx",response.text)
if flag:
result["url"] = response.url
result["flag"] = flag[0]
if result:
output.success(result)
return output
'''
in_text = '''
flag="xxx"
if flag in response.text:
result["url"] = response.url
result["flag"] = flag
if result:
output.success(result)
return output '''
status_text = '''
flag="xxx"
if response.status_code == int(flag):
result["url"] = response.url
result["flag"] = flag
if result:
output.success(result)
return output '''
in_text = in_text.replace("xxx", intext)
re_text = re_text.replace("xxx", retext)
status_text = status_text.replace("xxx", statustext)
return in_text, re_text, status_text
def run(self, x):
currentRequest = self.invocation.getSelectedMessages()[0]
requestInfo = self._helpers.analyzeRequest(currentRequest)
header = ''
self.httpRequest = currentRequest.getRequest()
self.headers = requestInfo.getHeaders()
self.getMethod = requestInfo.getMethod()
self.getUrl = requestInfo.getUrl()
self.server = currentRequest.getHttpService()
self.Request = self.stripTrailingNewlines(self.httpRequest)
self.reqBodys = currentRequest.getRequest()[requestInfo.getBodyOffset():].tostring()
self.exclude = ["Accept-Encoding", "Sec-Ch-Ua", "Host", "Sec-Fetch-Site", "Sec-Fetch-Mode", "Sec-Fetch-User",
"Sec-Fetch-Dest", "Sec-Ch-Ua-Mobil", "Sec-Ch-Ua-Platform", "Sec-Ch-Ua-Mobile", "sec-ch-ua",
"sec-ch-ua-mobile", "sec-ch-ua-platform", ]
if x.getSource().text == 'poc-pocsuite3':
if self.getMethod == "GET":
self.path = str(self.getUrl).replace(
str(urlparse(str(self.getUrl)).scheme) + "://" + str(urlparse(str(self.getUrl)).netloc), "")
for u in self.headers[1:]:
key = u.split(": ")[0]
value = "".join((u.split(": ")[1:]))
if key in self.exclude:
pass
else:
e = '"' + key + '"' + ":" + '"' + value.replace('"', '\\"') + '"' + ","
header = header + e + '\n'
# 这里是get 模版
matchpattern = JOptionPane.showInputDialog("matchpattern:")
self.matchmode = str(matchpattern).split(" ")[0]
if self.matchmode == "in":
self.pattern_text = str(matchpattern).split(" ")[1]
if '"' or "'" in self.pattern_text:
self.pattern_text = self.pattern_text.replace('"', r"\"") or self.pattern_text.replace("'",
r"\'")
in_text, re_text, status_text = self.modelist(intext=self.pattern_text)
self.moban_get = self.get_pocsuite(header, self.path, in_text)
elif self.matchmode == "re":
self.pattern_text = str(matchpattern).split(" ")[1]
in_text, re_text, status_text = self.modelist(retext=self.pattern_text)
if '"' or "'" in self.pattern_text:
self.pattern_text = self.pattern_text.replace('"', r"\"") or self.pattern_text.replace("'",
r"\'")
self.moban_get = self.get_pocsuite(header, self.path, re_text)
elif self.matchmode == "status":
self.pattern_text = str(matchpattern).split(" ")[1]
in_text, re_text, status_text = self.modelist(statustext=self.pattern_text)
if '"' or "'" in self.pattern_text:
self.pattern_text = self.pattern_text.replace('"', r"\"") or self.pattern_text.replace("'",
r"\'")
self.moban_get = self.get_pocsuite(header, self.path, status_text)
else:
print("match pattern error")
# 这里是 给生成好的模版复制到系统粘贴上 直接粘贴
systemClipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
transferText = StringSelection(self.moban_get)
systemClipboard.setContents(transferText, None)
print("GET请求复制完成,请粘贴到ide 执行")
print("copy ok!!!")
# 这里是post 模版
elif self.getMethod == "POST":
self.data = {}
self.path = str(self.getUrl).replace(
str(urlparse(str(self.getUrl)).scheme) + "://" + str(urlparse(str(self.getUrl)).netloc), "")
for u in self.headers[1:]:
key = u.split(": ")[0]
value = "".join((u.split(": ")[1:]))
if key in self.exclude:
pass
else:
e = '"' + key + '"' + ":" + '"' + value.replace('"', '\\"') + '"' + ","
header = header + e + '\n'
try:
if json.loads(self.reqBodys) and '{' in self.reqBodys:
print("is ok json post 测试 ")
self.post_mode = "json"
self.data = json.loads(self.reqBodys)
print(self.data, type(self.data))
else:
print("nononono")
self.data = {}
except:
self.post_mode = "data"
print("is ok data post")
split_body_param = self.reqBodys.split('&')
for body_param in split_body_param:
print(split_body_param, "&")
if '=' in body_param and len(body_param.split('=')) == 2:
post_key, post_value = body_param.split('=')
urldecode_value = self._helpers.urlDecode(post_value)
self.data[post_key] = urldecode_value
print(post_key, urldecode_value, "======")
matchpattern = JOptionPane.showInputDialog("matchpattern:")
self.matchmode = str(matchpattern).split(" ")[0]
if self.matchmode == "in":
self.pattern_text = str(matchpattern).split(" ")[1]
if '"' or "'" in self.pattern_text:
self.pattern_text = self.pattern_text.replace('"', r"\"") or self.pattern_text.replace("'",
r"\'")
in_text, re_text, status_text = self.modelist(intext=self.pattern_text)
self.moban_post = self.post_pocsuite(header, self.path, self.data, self.post_mode, in_text)
elif self.matchmode == "re":
self.pattern_text = str(matchpattern).split(" ")[1]
if '"' or "'" in self.pattern_text:
self.pattern_text = self.pattern_text.replace('"', r"\"") or self.pattern_text.replace("'",
r"\'")
in_text, re_text, status_text = self.modelist(retext=self.pattern_text)
self.moban_post = self.post_pocsuite(header, self.path, self.data, self.post_mode, re_text)
elif self.matchmode == "status":
self.pattern_text = str(matchpattern).split(" ")[1]
if '"' or "'" in self.pattern_text:
self.pattern_text = self.pattern_text.replace('"', r"\"") or self.pattern_text.replace("'",
r"\'")
in_text, re_text, status_text = self.modelist(statustext=self.pattern_text)
self.moban_post = self.post_pocsuite(header, self.path, self.data, self.post_mode, status_text)
systemClipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
transferText = StringSelection(self.moban_post)
systemClipboard.setContents(transferText, None)