heaedersParaller['Cookie'] = 'Hm'
if str(newReqUrl).endswith(tuple(blackFile)) or ('js?'in newReqUrl) or ('image' in newReqUrl):
pass
else:
self.unauthority(reqMethod, newReqUrl, heaers, reqBodys,resLength)
self.parallelTest(reqMethod, newReqUrl, heaedersParaller, reqBodys,resLength)
#link = reqHeaders[0].split(' ')[1]
self.sensitiveInfo(newReqUrl,reqHeaders,reqBodys,ResBodys)
三、代码地址
https://github.com/dongfangyuxiao/BurpExtend/blob/master/Authority/Authority_seninfo.py
第五章:BurpSuit插件之联动AWVS
目的:
把经过Burp的所有的数据包流量,都可以发送一份给awvs,awvs实现两个功能:
1、主动扫描,可以选择全量或只扫描高危
2、爬虫,把流量送给本地的xray,本地开启xray,端口监听9093
实现原理:
1、实现awvs api接口调用
awvs接口文档可参考
接口文档
https://github.com/h4rdy/Acunetix11-API-Documentation/
2、awvs接口调用过程
首先添加任务
def addtask(self,tarUrl):
# 添加任务
data = {"address": tarUrl, "description": "", "criticality": "10"}
try:
response = requests.post(self.awvsurl + "api/v1/targets", data=json.dumps(data), headers=self.awvsheaders, timeout=30,
verify=False)
result = json.loads(response.content)
return result['target_id']
except Exception as e:
print(str(e))
return
pass
然后配置扫描信息,这样就把数据包的header信息,包括cookie等全部给了awvs
注意看"custom_headers":reqHeaders,这个参数就包含我们的数据包所有的header信息
def updateConfig(self,tarUrl,reqHeaders):
target_id = self.addtask(tarUrl)
url_update = self.awvsurl + "api/v1/targets/{0}/configuration".format(target_id)
data = {
"issue_tracker_id":"",
"technologies":[],
"custom_headers":reqHeaders,
"custom_cookies":[],
"debug":"false",
"excluded_hours_id":""}
try:
response = requests.patch(url_update, data=json.dumps(data), headers=self.awvsheaders, timeout=30, verify=False
)
return target_id
except Exception as e:
print e
pass
xray的扫描配置,多了一个proxy,这里的proxy设置为自己的xray扫描器地址
def updateConfigxray(self,tarUrl,reqHeaders):#这个只做扫描,流量给xray
target_id = self.addtask(tarUrl)
url_update = self.awvsurl + "api/v1/targets/{0}/configuration".format(target_id)
data = {
"issue_tracker_id":"",
"technologies":[],
"custom_headers":reqHeaders,
"proxy": {"enabled": "true", "protocol": "http", "address": "127.0.0.1", "port": 9093},
"custom_cookies":[],
"debug":"false",
"excluded_hours_id":""}
try:
response = requests.patch(url_update, data=json.dumps(data), headers=self.awvsheaders, timeout=30, verify=False
)
return target_id
except Exception as e:
print e
pass
3、开启扫描
配置"profile_id": "11111111-1111-1111-1111-111111111112",只扫描高危
"profile_id": "11111111-1111-1111-1111-111111111111",全量扫描
"profile_id": "11111111-1111-1111-1111-111111111117", 爬虫,xray的扫描记得要配置此项