BurpSuite API - 从编辑的请求中获取响应

问题描述 投票:0回答:1

我在使用 Burpsuite API 时遇到问题,无法找到正确的函数来打印已编辑请求的响应。我正在使用 python 为 burpsuite 开发一个新插件。 myscript 只是从代理获取请求,然后编辑标头并再次发送。

from burp import IBurpExtender
from burp import IHttpListener


import re,urllib2

class BurpExtender(IBurpExtender, IHttpListener):
        
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("Burp Plugin Python Demo")
        callbacks.registerHttpListener(self)
        return

    def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
        # only process requests
        if messageIsRequest:
        
            requestInfo = self._helpers.analyzeRequest(currentRequest)
            #timestamp = datetime.now()        
            #print "Intercepting message at:", timestamp.isoformat()
            
            headers = requestInfo.getHeaders()
            #print url
            if(requestInfo.getMethod() == "GET"):
                print "GET"
                print requestInfo.getUrl()
                response = urllib2.urlopen(requestInfo.getUrl())
                print response
            elif(requestInfo.getMethod() == "POST"):
                print "POST"
                print requestInfo.getUrl()
            #for header in headers:
                #print header
            
            bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
            bodyStr = self._helpers.bytesToString(bodyBytes)
            bodyStr = re.sub(r'=(\w+)','=<xss>',bodyStr)
            newMsgBody = bodyStr
            newMessage = self._helpers.buildHttpMessage(headers, newMsgBody)
            print "Sending modified message:"
            print "----------------------------------------------"
            print self._helpers.bytesToString(newMessage)
            print "----------------------------------------------\n\n"
            currentRequest.setRequest(newMessage)
        return
security burp
1个回答
0
投票

您需要打印响应,但如果 messageIsRequest 为 false,则无需执行任何操作。当 messageIsRequest 为 false 时,表示 currentRequest 是响应,您可以像处理请求一样打印出响应。我在 Java 中是这样做的:

def processHttpMessage(self, toolFlag, messageIsRequest, httpRequestResponse):
    if messageIsRequest:
        ....
    else
        HTTPMessage = httpRequestResponse.getResponse()
        print HTTPMessage

甚至有一种方法可以让您在使用代理时将请求和响应绑定在一起。可以在IInterceptedProxyMessage中找到:

/**
 * This method retrieves a unique reference number for this
 * request/response.
 *
 * @return An identifier that is unique to a single request/response pair.
 * Extensions can use this to correlate details of requests and responses
 * and perform processing on the response message accordingly.
 */
int getMessageReference();

我认为 HTTPListeners 不支持它。

我正在用 Java 编写扩展,并尝试将这个 anwser 转换为 Python。我还没有测试过这段代码,由于翻译可能会引入一些错误。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.