Shulou(Shulou.com)06/01 Report--

Automatically collect 0x00 requirements of scanned results of burpsuite scanenr module

During the functional testing of QA, safety testing is also carried out to reduce the time spent in product safety testing and raise the security problems that can be found by tools as early as possible.

0x01 idea to find a windows server, install bp,bp proxy ip on this server: this server ip, port: when 8080QA testing, the browser hangs the proxy (proxy ip:windows server ip, port: 8080) to write the burpsuite plug-in, store the vulnerabilities found by the burpsuite scanner module in the sqlite database QA before testing, you need to add the tested url to the bp scope after QA testing, you can access the response page and view the security test results 0x02burpsuite plug-in

The plug-in needs to inherit IScannerListener and use its newScanIssue function to get all the scan results

Package burp

/ *

@ (#) IScanIssue.javaCopyright PortSwigger Ltd. All rights reserved.This code may be used to extend the functionality of Burp Suite Community Editionand Burp Suite Professional, provided that this usage does not violate thelicense terms for those products

/

/ This interface is used to retrieve details of Scanner issues. Extensions canobtain details of issues by registering an IScannerListener orby calling IBurpExtenderCallbacks.getScanIssues (). Extensionscan also add custom Scanner issues by registering anIScannerCheck or callingIBurpExtenderCallbacks.addScanIssue (), and providing their ownimplementations of this interface. Note that issue descriptions and othertext generated by extensions are subject to an HTML whitelist that allows

Only formatting tags and simple hyperlinks.

, /

Public interface IScanIssue

{

/ * *

This method returns the URL for which the issue was generated.@return The URL for which the issue was generated.

, /

Java.net.URL getUrl ()

/ * *

This method returns the name of the issue type.@return The name of the issue type (e.g. "SQL injection".

, /

String getIssueName ()

/ * *

This method returns a numeric identifier of the issue type. See the BurpScanner help documentation for a listing of all the issue types.@return A numeric identifier of the issue type.

, /

Int getIssueType ()

/ * *

This method returns the issue severity level.@return The issue severity level. Expected values are "High", "Medium", "Low", "Information" or "False positive".

, /

String getSeverity ()

/ * *

This method returns the issue confidence level.@return The issue confidence level. Expected values are "Certain", "Firm" or "Tentative".

, /

String getConfidence ()

/ * *

This method returns a background description for this type of issue.@return A background description for this type of issue, ornull if none applies. A limited set of HTML tags may beused.

, /

String getIssueBackground ()

/ * *

This method returns a background description of the remediation for thistype of issue.@return A background description of the remediation for thistype ofissue, or null if none applies. A limited set of HTML tagsmay be used.

, /

String getRemediationBackground ()

/ * *

This method returns detailed information about this specific instance ofthe issue.@return Detailed information about this specific instance ofthe issue,or null if none applies. A limited set of HTML tags may beused.

, /

String getIssueDetail ()

/ * *

This method returns detailed information about the remediation for thisspecific instance of the issue.@return Detailed information about the remediation for this specificinstance of the issue, or null if none applies. A limitedset of HTML tags may be used.

, /

String getRemediationDetail ()

/ *

This method returns the HTTP messages on the basis of which the issue wasgenerated.@return The HTTP messages on the basis of which the issue was generated.Note: The items in this array should be instances ofIHttpRequestResponseWithMarkers if applicable, so thatdetails of the relevant portions of the request and response messages areavailable.

, /

IHttpRequestResponse [] getHttpMessages ()

/ *

This method returns the HTTP service for which the issue was generated.@return The HTTP service for which the issue was generated.

, /

IHttpService getHttpService ()

}

* * all the scan results can be obtained by newScanIssue above, such as:

1.java.net.URL getUrl (); scanned url

2.String getIssueName (); problem type: such as SQL injection (sql injection)

3.getSeverity (); vulnerability level "High", "Medium", "Low", "Information" or "False positive"

4.String getConfidence (); determine the degree "Certain", "Firm" or "Tentative".

String getIssueBackground (); vulnerability background String getIssueDetail (); vulnerability details IHttpRequestResponse [] getHttpMessages (); request for proof of vulnerability, response package

You can save the above information to the database after obtaining it.

Complete code:

From burp import IBurpExtender

From burp import IScannerListener

From java.io import PrintWriter

From threading import Thread

From java.lang import Class

From java.sql import DriverManager, SQLException

Import time

Class BurpExtender (IBurpExtender, IScannerListener):

Def registerExtenderCallbacks (self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # set our extension name callbacks.setExtensionName ("scann_test") # obtain our output stream self._stdout = PrintWriter (callbacks.getStdout (), True) self._helpers = callbacks.getHelpers () # register ourselves as an callbacks.registerScannerListener (self) def newScanIssue (self,issue): # self._stdout.println (issue.getConfidence () Certain " "Firm" * or "Tentative" # CREATE TABLE `scanner` (`id`INTEGER PRIMARY KEY, `time`varchar (100), ip varchar (50), `url`varchar (30), `degree`varchar (30), `level`varchar (100), `detail`text, `issueType`varchar (200), `issueBackground` text, `remediationBackground` text, `remediationDetail` text, `requests` text, `response` text IssueName varcahr (50) if (issue.getConfidence ()): Class.forName ("org.sqlite.JDBC"). NewInstance () JDBC_URL = "jdbc:sqlite:%s"% ("d:/scanner.db") dbConn = DriverManager.getConnection (JDBC_URL) sql= "insert into (time,ip,url,degree,level,detail,issueType,issueBackground,remediationBackground,remediationDetail,requests,response,issueName) values (? ?) "preStmt=dbConn.prepareStatement (sql) current_time=time.strftime (" Y-%m-%d H:%M:%S " Time.localtime () requests= "" response= "" for message in issue.getHttpMessages (): for i in range (len (message.getRequest (): if (message.getRequest () [I] 0): requests=requests+chr (message.getRequest () [I]) requests+= "\ n- -\ n "if (len (message.getResponse ())! = 0): for i in range (len (message.getResponse ()): if (message.getResponse () [I] 0): response=response+chr (message.getResponse () [I]) response+="\ n- -\ n "ip=issue.getHttpService () .getHost () if (issue.getIssueDetail ()): detail=issue.getIssueDetail () else: detail=" none "if (issue.getIssueBackground ()): issueBackground=issue.getIssueBackground () else: issueBackground=" none " If (issue.getRemediationBackground ()): remediationBackground=issue.getRemediationBackground () else: remediationBackground= "none" if (issue.getRemediationDetail ()): remediationDetail=issue.getRemediationDetail () else: remediationDetail= "none" preStmt.setString (1 Str (current_time)) preStmt.setString (2, str (ip)) preStmt.setString (3, str (issue.getUrl () preStmt.setString (4 issue.getConfidence (issue.getConfidence)) preStmt.setString (5 issue.getSeverity ()) preStmt.setString (6 issue.getSeverity (detail)) preStmt.setString (7 issue.getIssueType ()) preStmt.setString (8 Str (issueBackground)) preStmt.setString (9 preStmt.setString (remediationBackground)) preStmt.setString (10 remediationDetail) preStmt.setString (11 preStmt.setString (requests)) preStmt.setString (12 response) preStmt.setString (13 Str (issue.getIssueName) preStmt.addBatch () dbConn.setAutoCommit (False) preStmt.executeBatch () dbConn.setAutoCommit (True) dbConn.close () self._stdout.println ("time:") self._stdout.println (current_time) self._stdout.print ("ip") self._stdout.println (ip) self . _ stdout.println ("qudingchengdu:" + issue.getConfidence () self._stdout.print ("url:") self._stdout.println (issue.getUrl ()) self._stdout.println (issue.getIssueName ()) self._stdout.println ("level:" + issue.getSeverity ()) self._stdout.print ("detail:") if (issue.getIssueDetail ()): Self._stdout.println (issue.getIssueDetail () else: self._stdout.println ("none") self._stdout.println ("getIssueType ():") self._stdout.println (issue.getIssueType ()) self._stdout.print ("getIssueBackground") if (issue.getIssueBackground ()): self._stdout.println (issue.getIssueBackground ()) Else: self._stdout.println ("none") self._stdout.print ("getRemediationBackground ():") if (issue.getRemediationBackground ()): self._stdout.println (issue.getRemediationBackground () else: self._stdout.println ("none") self._stdout.print ("getRemediationDetail ():") if ( Issue.getRemediationDetail (): self._stdout.println (issue.getRemediationDetail ()) else: self._stdout.println ("none") self._stdout.println ("- -") 0x03 burpsuite scan results (displayed in the database)

0x04 pending problem

Filter js,jpg and other files during scanner scanning

Automatically add the url to be tested to the scope

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.