heaers[header.split(':')[0]] = ":".join(header.split(':')[1:]).replace(" ","")
ip = self.random_ip(host)
#print heaers
heaers['X-Forwarded-For'] = ip
heaers['X-Real-IP'] = ip
heaers['X-Forwarded-Host'] = ip
heaers['X-Client-IP'] = ip
heaers['X-remote-IP'] = ip
heaers['X-remote-addr'] = ip
heaers['True-Client-IP'] = ip
heaers['Client-IP'] = ip
heaers['Cf-Connecting-Ip'] = ip
newHeaders2 = reqHeaders[2:]
newHeaders = [str(i) for i in newHeaders2]
tmpurl = newReqUrl.split('?')[0]
#print tmpurl
if str(tmpurl).endswith(tuple(blackFile)):
pass
else:
print newReqUrl
self.saveUrl(newReqUrl)
bupscan=threading.Thread(target=self.burpscan,args=(reqMethod, newReqUrl, heaers, reqBodys))
xrscan = threading.Thread(target=self.xray,args=(reqMethod, newReqUrl, heaers, ResBodys))
appscan = threading.Thread(target=self.appscan,args=(reqMethod, newReqUrl, heaers, ResBodys))
scan_target.append(bupscan)
scan_target.append(xrscan)
scan_target.append(appscan)
for x in scan_target:
x.start()
for x in scan_target:
x.join()
5、实现效果
4.1 启动xray
./xray_linux_amd64 webscan --listen 0.0.0.0:9093 --html-output=test.html
4.2 启动appscan 监听端口为127.0.0.1 9093
写好自己的扫描器地址
加载到此处
运行
5、代码地址
https://github.com/dongfangyuxiao/BurpExtend/blob/master/Proxy/proxy_burp.py
第二章;BurpSuit插件之SQL注入与XSS
1、介绍
经过了前面一次的流量转发,我们成功过滤掉了静态资源文件和非测试范围目标,接下来的插件都是在9090 的burp 端口实现。
2、目的
1、实现SQL注入的检测,包括报错型、布尔型和盲注型
2、实现XSS的自动检测,包括反射型和存储型
3、实现原理:
3.1 SQL注入
3.1.1 通过添加各类paylaod使其报错,正则匹配抓取报错信息,判断是否存在注入
3.1.2 通过对错相反来判断是否存在布尔型注入。
3.1.3 通过时间函数判断是否存在盲注
核心代码实现