Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
能跑通的demo了
- Loading branch information
Showing
6 changed files
with
205 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
/bin/ | ||
.project | ||
.classpath |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,46 @@ | ||
# burp_collaborator_http_api | ||
|
||
A burp extender that let you use burp collaborator server within http api | ||
一个让你可以通过http API调用burp的collaborator服务器的插件 | ||
|
||
|
||
|
||
接口说明: | ||
|
||
生成payload: | ||
http://127.0.0.1:8000/generatePayload | ||
|
||
获取payload的记录: | ||
|
||
http://127.0.0.1:8000/fetchFor?payload=e0f34wndn15gs5xyisqzw8nwyn4ds2 | ||
|
||
它可以接受的请求类型包括: http\https\DNS\SMTP\SMTPS\FTP;demo版本暂不区分,后续有空会继续优化,提供特定类型的查询和数据提取。 | ||
|
||
简单的python调用举例: | ||
``` | ||
# !/usr/bin/env python | ||
# -*- coding:utf-8 -*- | ||
__author__ = 'bit4' | ||
__github__ = 'https://github.com/bit4woo' | ||
import requests | ||
proxy = {"http": "http://127.0.0.1:8888", "https": "https://127.0.0.1:8888"} | ||
url = "http://127.0.0.1:8000/generatePayload" | ||
response = requests.get(url) | ||
payload = response.text | ||
print payload | ||
requests.get("http://{0}".format(payload)) | ||
url = "http://127.0.0.1:8000/fetchFor?payload={0}".format(payload.split(".")[0]) | ||
res = requests.get(url) | ||
print res.content | ||
``` | ||
|
||
部署说明: | ||
|
||
to do | ||
|
||
docker部署: | ||
|
||
to do |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
package burp; | ||
|
||
import java.io.IOException; | ||
import java.io.OutputStream; | ||
import java.io.PrintWriter; | ||
import java.net.InetSocketAddress; | ||
import java.util.HashMap; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.concurrent.ExecutorService; | ||
import java.util.concurrent.Executors; | ||
|
||
import com.sun.net.httpserver.HttpExchange; | ||
import com.sun.net.httpserver.HttpHandler; | ||
import com.sun.net.httpserver.HttpServer; | ||
|
||
public class HTTPServer extends Thread{ | ||
private final IBurpCollaboratorClientContext ccc; | ||
private final IExtensionHelpers helpers; | ||
private final PrintWriter stdout; | ||
private final BurpExtender BE; | ||
HttpServer server; | ||
|
||
public HTTPServer(BurpExtender BE) { | ||
this.ccc = BE.ccc; | ||
this.helpers = BE.helpers; | ||
this.stdout = BE.stdout; | ||
this.BE = BE; | ||
try { | ||
server = HttpServer.create(new InetSocketAddress(8000), 0); | ||
String ip_port = server.getAddress().toString(); | ||
this.stdout.println("Http server started at "+ip_port); | ||
} catch (IOException e) { | ||
this.stdout.println(e); | ||
} | ||
} | ||
public void exit() { | ||
server.stop(0); | ||
this.stdout.println("Http server stopped!"); | ||
} | ||
|
||
public void run(){ | ||
server.createContext("/generatePayload", new generatePayload(this.ccc)); | ||
//http://127.0.0.1:8000/fetchFor?payload=xxxxx | ||
server.createContext("/fetchFor", new fetchCollaboratorInteractionsFor(this.BE)); | ||
ExecutorService httpThreadPool = Executors.newFixedThreadPool(10);// | ||
server.setExecutor(httpThreadPool); | ||
server.start(); | ||
|
||
} | ||
|
||
static class generatePayload implements HttpHandler { | ||
private final IBurpCollaboratorClientContext ccc; | ||
|
||
public generatePayload(IBurpCollaboratorClientContext ccc) { | ||
this.ccc = ccc; | ||
}//python中的__init__() | ||
|
||
@Override | ||
public void handle(HttpExchange t) throws IOException { | ||
String payload = ccc.generatePayload(true); | ||
String response = payload; | ||
t.sendResponseHeaders(200, response.length()); | ||
OutputStream os = t.getResponseBody(); | ||
os.write(response.getBytes()); | ||
os.close(); | ||
} | ||
} | ||
|
||
static class fetchCollaboratorInteractionsFor implements HttpHandler { | ||
private final IBurpCollaboratorClientContext ccc; | ||
private final IExtensionHelpers helpers; | ||
private final PrintWriter stdout; | ||
|
||
public fetchCollaboratorInteractionsFor(BurpExtender BE) { | ||
this.ccc = BE.ccc; | ||
this.helpers = BE.helpers; | ||
this.stdout = BE.stdout; | ||
} | ||
|
||
@Override | ||
public void handle(HttpExchange t) throws IOException { | ||
|
||
Map<String, String> params = queryToMap(t.getRequestURI().getQuery()); | ||
String payload = params.get("payload"); | ||
final List<IBurpCollaboratorInteraction> bci = ccc.fetchCollaboratorInteractionsFor(payload); | ||
stdout.println(bci.size()+" record found:\n"); | ||
String response =""; | ||
for (IBurpCollaboratorInteraction interaction : bci) { | ||
final Map<String, String> props = interaction.getProperties(); | ||
response += props.toString(); | ||
stdout.println(props); | ||
stdout.print("\n"); | ||
|
||
} | ||
//t.sendResponseHeaders(200, response.length());//长度如果不匹配,输出将没有内容;大概是时间中文编码导致的获取长度不一致。 | ||
//https://docs.oracle.com/javase/7/docs/jre/api/net/httpserver/spec/com/sun/net/httpserver/HttpExchange.html | ||
t.sendResponseHeaders(200,0); | ||
|
||
OutputStream os = t.getResponseBody(); | ||
os.write(response.getBytes()); | ||
os.close(); | ||
} | ||
} | ||
|
||
public static Map<String, String> queryToMap(String query){ | ||
Map<String, String> result = new HashMap<String, String>(); | ||
for (String param : query.split("&")) { | ||
String pair[] = param.split("="); | ||
if (pair.length>1) { | ||
result.put(pair[0], pair[1]); | ||
}else{ | ||
result.put(pair[0], ""); | ||
} | ||
} | ||
return result; | ||
} | ||
} |