├── Finder.py └── README.md /Finder.py: -------------------------------------------------------------------------------- 1 | from burp import IBurpExtender 2 | from burp import IHttpListener 3 | from burp import ITab 4 | from burp import IScanIssue 5 | import re 6 | 7 | matches = [ 8 | r'<\w+>.*?<\/\w+>', 9 | r'<.* \w+=.*\/>', 10 | ] 11 | scanned = [] 12 | 13 | class CustomIssue(IScanIssue): 14 | def __init__(self, BasePair, Confidence='Certain', IssueBackground=None, IssueDetail=None, IssueName='Python Scripter generated issue', RemediationBackground=None, RemediationDetail=None, Severity='High'): 15 | self.HttpMessages=[BasePair] 16 | self.HttpService=BasePair.getHttpService() 17 | self.Url=BasePair.getUrl() 18 | self.Confidence = Confidence 19 | self.IssueBackground = IssueBackground 20 | self.IssueDetail = IssueDetail 21 | self.IssueName = IssueName 22 | self.IssueType = 134217728 23 | self.RemediationBackground = RemediationBackground 24 | self.RemediationDetail = RemediationDetail 25 | self.Severity = Severity 26 | 27 | def getHttpMessages(self): 28 | return self.HttpMessages 29 | 30 | def getHttpService(self): 31 | return self.HttpService 32 | 33 | def getUrl(self): 34 | return self.Url 35 | 36 | def getConfidence(self): 37 | return self.Confidence 38 | 39 | def getIssueBackground(self): 40 | return self.IssueBackground 41 | 42 | def getIssueDetail(self): 43 | return self.IssueDetail 44 | 45 | def getIssueName(self): 46 | return self.IssueName 47 | 48 | def getIssueType(self): 49 | return self.IssueType 50 | 51 | def getRemediationBackground(self): 52 | return self.RemediationBackground 53 | 54 | def getRemediationDetail(self): 55 | return self.RemediationDetail 56 | 57 | def getSeverity(self): 58 | return self.Severity 59 | 60 | class BurpExtender(IBurpExtender, IHttpListener, ITab): 61 | 62 | def registerExtenderCallbacks(self, callbacks): 63 | 64 | self.callbacks = callbacks 65 | self.callbacks.setExtensionName("BIT/XML-Finder") 66 | self.callbacks.registerHttpListener(self) 67 | 68 | sys.stdout = self.callbacks.getStdout() 69 | self.helpers = self.callbacks.getHelpers() 70 | 71 | print "[BIT/XML-Finder] by BitTheByte" 72 | print "[GITHUB] https://github.com/BitTheByte" 73 | return 74 | 75 | 76 | def processHttpMessage(self, toolflag, messageIsRequest, messageInfo): 77 | if messageIsRequest: return 78 | 79 | request = messageInfo.getRequest() 80 | requestInfo = self.helpers.analyzeRequest(messageInfo) 81 | url = requestInfo.getUrl() 82 | 83 | if not self.callbacks.isInScope(url): return 84 | 85 | body = request[requestInfo.getBodyOffset():] 86 | path = requestInfo.url.getPath() 87 | host = requestInfo.url.getHost() 88 | 89 | if host+path in scanned:return 90 | scanned.append(host+path) 91 | 92 | for regex in matches: 93 | if re.search(regex, body.tostring()): 94 | issue = CustomIssue( 95 | BasePair=messageInfo, 96 | IssueName='XML based request', 97 | IssueDetail='The following host is using xml at the request body
Check for XML injection', 98 | Severity='High', 99 | Confidence='Certain' 100 | ) 101 | self.callbacks.addScanIssue(issue) 102 | return 103 | 104 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # XML-Finder 2 | Small burp extension to detect XML at any request body 3 | --------------------------------------------------------------------------------