自动收集burpsuite scanenr模块扫描后的结果

发布时间:2020-07-19 18:01:08 作者:wx5b0b88843cb2a
来源:网络 阅读:12828

自动收集burpsuite scanenr模块扫描后的结果

0x00需求

在QA进行功能测试时,同时也进行安全测试,减少产品安全测试所花费的时间,将工具可以发现的安全问题,尽可能早的提出来。

0x01思路

  1. 找一台windows服务器,在该服务器上安装bp,bp的代理ip:本服务器ip,端口:8080
  2. QA测试时浏览器挂上代理(代理ip:windows服务器的ip,端口:8080)
  3. 编写burpsuite插件,将burpsuite scanner模块发现的漏洞存储到sqlite数据库
  4. QA在测试前,需要将测试的url添加到bp的scope中
  5. QA测试完,可以访问响应页面,查看安全测试结果

    0x02burpsuite 插件

    插件需要继承IScannerListener,使用其newScanIssue函数获取所有的扫描结果
    自动收集burpsuite scanenr模块扫描后的结果

package burp;

/*

}

**如上newScanIssue可以获取到扫描的所有结果,比如:
1.java.net.URL getUrl(); 扫描的url
2.String getIssueName(); 问题类型: 如SQL injection(sql注入)
3.getSeverity(); 漏洞等级 "High", "Medium", "Low", "Information" or "False positive"
4.String getConfidence(); 确定程度 "Certain", "Firm" or "Tentative".

  1. String getIssueBackground(); 漏洞背景
  2. String getIssueDetail(); 漏洞详情
  3. IHttpRequestResponse[] getHttpMessages(); 漏洞证明的请求、响应包
    将以上信息获取后保存到数据库中即可
    完整代码:

from burp import IBurpExtender
from burp import IScannerListener
from java.io import PrintWriter
from threading import Thread
from java.lang import Class
from java.sql import DriverManager, SQLException
import time
class BurpExtender(IBurpExtender, IScannerListener):

def registerExtenderCallbacks(self, callbacks):
    # keep a reference to our callbacks object
    self._callbacks = callbacks

    # set our extension name
    callbacks.setExtensionName("scann_test")

    # obtain our output stream
    self._stdout = PrintWriter(callbacks.getStdout(), True)

    self._helpers = callbacks.getHelpers()

    # register ourselves as an
    callbacks.registerScannerListener(self)

def newScanIssue(self,issue):

    #self._stdout.println(issue.getConfidence())  Certain", "Firm" * or "Tentative"
    #CREATE TABLE `scanner` (`id` INTEGER PRIMARY KEY,`time` varchar(100),ip varchar(50),`url` varchar(30) ,`degree` varchar(30) ,`level` varchar(100) ,`detail` text ,`issueType` varchar(200) ,`issueBackground` text,`remediationBackground` text,`remediationDetail` text,`requests` text,`response` text ,issueName varcahr(50))
    if(issue.getConfidence()):

        Class.forName("org.sqlite.JDBC").newInstance()
        JDBC_URL = "jdbc:sqlite:%s" % ("d:/scanner.db")
        dbConn = DriverManager.getConnection(JDBC_URL)
        sql="insert into `scanner` (time,ip,url,degree,level,detail,issueType,issueBackground,remediationBackground,remediationDetail,requests,response,issueName) values(?,?,?,?,?,?,?,?,?,?,?,?,?);"
        preStmt=dbConn.prepareStatement(sql)
        current_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())

        requests=""
        response=""
        for message in issue.getHttpMessages():

            for i in range(len(message.getRequest())):
                if(message.getRequest()[i]<255 and message.getRequest()[i]>0):
                    requests=requests+chr(message.getRequest()[i])
            requests+="\n--------------------------\n" 
            if(len(message.getResponse())!=0):
                for i in range(len(message.getResponse())):
                    if(message.getResponse()[i]<255 and message.getResponse()[i]>0):
                        response=response+chr(message.getResponse()[i])
            response+="\n--------------------------\n"
        ip=issue.getHttpService().getHost()

        if(issue.getIssueDetail()):
            detail=issue.getIssueDetail()
        else:
            detail="none"

        if(issue.getIssueBackground()):
            issueBackground=issue.getIssueBackground()
        else:
            issueBackground="none"

        if(issue.getRemediationBackground()):
            remediationBackground=issue.getRemediationBackground()
        else:
            remediationBackground="none"

        if(issue.getRemediationDetail()):
            remediationDetail=issue.getRemediationDetail()
        else:
            remediationDetail="none"

        preStmt.setString(1, str(current_time))
        preStmt.setString(2, str(ip))
        preStmt.setString(3, str(issue.getUrl()))
        preStmt.setString(4,str(issue.getConfidence()))
        preStmt.setString(5,str(issue.getSeverity()))
        preStmt.setString(6,str(detail))
        preStmt.setString(7,str(issue.getIssueType()))
        preStmt.setString(8,str(issueBackground))
        preStmt.setString(9,str(remediationBackground))
        preStmt.setString(10,str(remediationDetail))
        preStmt.setString(11,str(requests))
        preStmt.setString(12,str(response))
        preStmt.setString(13,str(issue.getIssueName()))

        preStmt.addBatch()
        dbConn.setAutoCommit(False)
        preStmt.executeBatch()
        dbConn.setAutoCommit(True)
        dbConn.close()

        self._stdout.println("time:")
        self._stdout.println(current_time)

        self._stdout.print("ip")
        self._stdout.println(ip)

        self._stdout.println("qudingchengdu:"+issue.getConfidence())

        self._stdout.print("url:")
        self._stdout.println(issue.getUrl())

        self._stdout.println(issue.getIssueName())

        self._stdout.println("level:"+issue.getSeverity())

        self._stdout.print("detail:")
        if(issue.getIssueDetail()):
            self._stdout.println(issue.getIssueDetail())
        else:
            self._stdout.println("none")

        self._stdout.println("getIssueType():")
        self._stdout.println(issue.getIssueType())

        self._stdout.print("getIssueBackground")
        if(issue.getIssueBackground()):
            self._stdout.println(issue.getIssueBackground())
        else:
            self._stdout.println("none")

        self._stdout.print("getRemediationBackground():")
        if(issue.getRemediationBackground()):
            self._stdout.println(issue.getRemediationBackground())
        else:
            self._stdout.println("none")

        self._stdout.print("getRemediationDetail():")
        if(issue.getRemediationDetail()):
            self._stdout.println(issue.getRemediationDetail())
        else:
            self._stdout.println("none")

        self._stdout.println("---------------------------")

0x03 burpsuite 扫描结果(在数据库中展示)

自动收集burpsuite scanenr模块扫描后的结果

0x04 待存问题

scanner 扫描过程中过滤js,jpg等文件
将需要测试的url自动添加到scope中

推荐阅读:
  1. burpsuite 简单介绍
  2. Python如何实现E-Mail收集插件

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

burpsuite rp 插件

上一篇:凯撒加密解密

下一篇:php学习笔记(四)插入内容

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》