-
-
Save bbhunter/2eb57edd38cdb2ad50b1547d2b82629e to your computer and use it in GitHub Desktop.
Example of using Turbo Intruder in a "listen and attack" mode. Because turbo intruder's jython interpreter is technically inside burp you can have turbo intruder scripts use the plugin API. Here we use burp.IProxyListener to intercept requests and reissue them inside turbo intruder mutating the method.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| class TrafficMagnet(burp.IProxyListener): | |
| def __init__(self, engine): | |
| callbacks.registerProxyListener(self) | |
| self._engine = engine | |
| self._target = str(self._engine.engine.getTarget()).lower().replace("https:","").replace("http:","").replace("/","").split(':')[0] | |
| def listen(self): | |
| while True: | |
| time.sleep(1) | |
| if (not handler.running): | |
| callbacks.removeProxyListener(self) | |
| return | |
| def processProxyMessage(self, messageIsRequest, message): | |
| if messageIsRequest: | |
| messageInfo = message.getMessageInfo() | |
| host = str(messageInfo.getHttpService().getHost()).lower() | |
| # Turbo Intruder engine is set on 1 target, only test requests from that target | |
| if host == self._target: | |
| verblist = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "TRACE", "CONNECT"] | |
| origreq = str(messageInfo.getRequest().tostring()) | |
| origverb = origreq.split()[0] | |
| for verb in verblist: | |
| if verb == origverb: | |
| continue | |
| newreq = origreq.replace(origverb, verb) | |
| self._engine.queue(newreq) | |
| def queueRequests(target, wordlists): | |
| engine = RequestEngine(endpoint=target.endpoint, | |
| concurrentConnections=10, | |
| requestsPerConnection=10, | |
| pipeline=False) | |
| # Create a traffic magnet that queues tests based on incoming requests to this server | |
| magnet = TrafficMagnet(engine) | |
| # Keep this running until user cancels the attack | |
| magnet.listen() | |
| def handleResponse(req, interesting): | |
| table.add(req) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment