-
Notifications
You must be signed in to change notification settings - Fork 4
/
burp_gwt_wrapper.py
73 lines (61 loc) · 2.34 KB
/
burp_gwt_wrapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/usr/bin/env python
from gwtparse.GWTParser import GWTParser
from collections import defaultdict
from itertools import izip
from base64 import b64decode
from flask import Flask, render_template, request
from glob import iglob
from lxml import etree
import requests, re
app = Flask(__name__)
@app.route('/')
def list_xmls():
return render_template('xmllist.html', xmls=iglob('*.xml'))
@app.route('/<filename>.xml/')
def list_methods(filename):
bx = BurpXml(filename)
return render_template('methodlist.html', methods=bx.get_methods())
@app.route('/<filename>.xml/form<int:reqnum>.html')
def display_form(filename, reqnum):
bx = BurpXml(filename)
return render_template('form.html', params=bx.get_params(reqnum), reqnum=reqnum)
@app.route('/<filename>.xml/submit<int:reqnum>.html', methods=['POST'])
def submit_form(filename, reqnum):
bx = BurpXml(filename)
params = [request.form['param{0}'.format(i)] for i in xrange(len(bx.get_params(reqnum)))]
result = bx.send_request(reqnum, params)
return render_template('result.html', result=result)
URL_TEXT_XPATH = etree.XPath('url/text()')
class BurpXml(object):
def __init__(self, filename):
self.items = etree.parse(filename + '.xml').getroot()
def get_methods(self):
retval = defaultdict(dict)
for n, item in enumerate(self.items):
_, data = item2request(item)
m = re.search(r'[A-Za-z0-9]+\.([A-Za-z0-9]+)\|([A-Za-z0-9]+)\|', data)
retval[m.group(1)][m.group(2)] = n
return retval
def get_params(self, reqnum):
_, data = item2request(self.items[reqnum])
gp = GWTParser()
gp.deserialize(data)
return gp.parameters
def send_request(self, reqnum, params):
item = self.items[reqnum]
headers, data = item2request(item)
for orig, new in izip(self.get_params(reqnum), params):
new = new.replace('\\', '\\\\').replace('|', r'\!')
data = data.replace(orig.values[0], new)
rows = headers.split('\r\n')
headers = dict(row.split(': ', 1) for row in rows if
any(row.lower().startswith(i) for i in ('x-', 'content-type', 'cookie')))
r = requests.post(URL_TEXT_XPATH(item)[0], data=data, headers=headers, verify=False)
return r.text
REQ_XPATH = etree.XPath('request')
def item2request(item):
(req,) = REQ_XPATH(item)
req_text = b64decode(req.text) if req.attrib.get('base64') == 'true' else req.text
return req_text.split('\r\n\r\n', 1)
if __name__ == "__main__":
app.run(debug=True)