└── burpXSS.py


/burpXSS.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | import gds.pub.burp
 3 | import os,sys
 4 | from optparse import OptionParser
 5 | from pprint import pprint
 6 | import subprocess
 7 | import signal
 8 | 
 9 | sqlmapPath="/pentest/web/fimap-read-only/src/fimap.py"
10 | 
11 | cookie=""
12 | filename=""
13 | urls={}
14 | 
15 | signal.signal(signal.SIGPIPE, signal.SIG_DFL)
16 | 
17 | parser = OptionParser()
18 | parser.add_option("-f", "--file", dest="filename",
19 |                   help="Burp proxy logfile", metavar="burpProxyFile")
20 | parser.add_option("-c", "--cookie", dest="cookie",
21 |                   help="Cookie to use", metavar="cookieString")
22 | parser.add_option("--domain", dest="domain",
23 |                   help="Domain name", metavar="domainName")
24 | 
25 | (options, args) = parser.parse_args()
26 | 
27 | if options.filename==None:
28 | 	print "[!] Please use -f or --filename and select a burp proxy file"
29 | 	sys.exit(0)
30 | 
31 | try:
32 |    with open(options.filename) as f: pass
33 | except IOError as e:
34 |    print '[!] Problem opening burp proxy logfile: '+str(e)	
35 |    sys.exit(0)
36 | except NameError as e:
37 |    print '[!] Problem opening burp proxy logfile: '+str(e)	
38 |    sys.exit(0)
39 | 
40 | proxylog = gds.pub.burp.parse(options.filename)
41 | for i in proxylog:
42 | 	if(i.get_request_method()=='GET'):
43 | 		if options.domain!=None:
44 | 			if str(options.domain.lower()) in str(i.host.lower()):
45 | 				url = i.host+i.get_request_path()
46 | 				if "?" in i.get_request_path():
47 | 					if options.cookie==None:
48 | 						cookie=i.get_request_header('Cookie')
49 | 					else:
50 | 						cmd = "/usr/bin/python "+sqlmapPath+" -s -4 -u '"+url+"' --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1' --cookie='"+cookie+"'"
51 | 						print cmd
52 | 						subprocess.call(cmd,shell=True)
53 | 
54 | 		else:
55 | 			if "?" in i.get_request_path():
56 | 				if options.cookie==None:
57 | 					cookie=i.get_request_header('Cookie')
58 | 				else:
59 | 					cookie=options.cookie
60 | 				url = i.host+i.get_request_path()
61 | 				cmd = "/usr/bin/python "+sqlmapPath+" -s -4 -u '"+url+"' --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1' --cookie='"+cookie+"'"
62 | 				print cmd
63 | 				subprocess.call(cmd,shell=True)		
64 | 
65 | 	if(i.get_request_method()=='POST'):	
66 | 		if options.domain!=None:
67 | 			if str(options.domain.lower()) in str(i.host.lower()):
68 | 				if options.cookie==None:
69 | 					cookie=i.get_request_header('Cookie')
70 | 				else:
71 | 					cookie=options.cookie
72 | 				url = i.host+i.get_request_path()
73 | 				if(len(i.get_request_body())>0):
74 | 					if i.get_request_body() not in urls:
75 | 						urls[i.get_request_body()]=cookie
76 | 						cmd = "/usr/bin/python "+sqlmapPath+" -s -4 -u \""+url+"\""+" --post=\""+i.get_request_body()+"\" --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1' --cookie=\""+cookie+"\""
77 | 						print cmd
78 | 						subprocess.call(cmd,shell=True)
79 | 		else:
80 | 			if options.cookie==None:
81 | 				cookie=i.get_request_header('Cookie')
82 | 			else:
83 | 				cookie=options.cookie
84 | 			url = i.host+i.get_request_path()
85 | 			if(len(i.get_request_body())>0):
86 | 				if i.get_request_body() not in urls:
87 | 					urls[i.get_request_body()]=cookie
88 | 					cmd = "/usr/bin/python "+sqlmapPath+" -s -4 -u \""+url+"\""+" --post=\""+i.get_request_body()+"\" --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1' --cookie=\""+cookie+"\""
89 | 					print cmd
90 | 					subprocess.call(cmd,shell=True)
91 | 
92 | 
93 | 


--------------------------------------------------------------------------------