├── README.md ├── LICENSE └── burp-pyjfuzz.py /README.md: -------------------------------------------------------------------------------- 1 | ======= 2 | # Burp-PyJFuzz 3 | Burp Suite plugin which implement PyJFuzz for fuzzing web application. 4 | 5 | ## How it works? 6 | Burp-PyJFuzz it's a simple payload generator for Burp Intruder so no magic at all! 7 | In order to make it works, download and install burp extension, then send your request to Intruder and select "payload type: extension generated", done! 8 | 9 | ## Screenshot 10 | ![Burp](https://s15.postimg.org/574yb5c7f/Schermata_2016_10_18_alle_10_39_18.png "Burp Suite Intruder") 11 | 12 | ![Burp](https://s21.postimg.org/57224kz87/Schermata_2016_10_20_alle_15_04_07.png "Burp Suite Tab") 13 | 14 | ![Burp](https://s29.postimg.org/qquuscz2v/Schermata_2016_12_13_alle_14_05_46.png "About") 15 | 16 | ## Happy fuzzing 17 | Please if you want share details about your finding I would be glad to write them here! 18 | 19 | #### End 20 | Thanks 21 | \#dzonerzy 22 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Daniele Linguaglossa 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /burp-pyjfuzz.py: -------------------------------------------------------------------------------- 1 | """ 2 | Burp-PyJFuzz trivial python fuzzer based on radamsa. 3 | 4 | MIT License 5 | 6 | Copyright (c) 2016 Daniele Linguaglossa 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining a copy 9 | of this software and associated documentation files (the "Software"), to deal 10 | in the Software without restriction, including without limitation the rights 11 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 | copies of the Software, and to permit persons to whom the Software is 13 | furnished to do so, subject to the following conditions: 14 | 15 | The above copyright notice and this permission notice shall be included in all 16 | copies or substantial portions of the Software. 17 | 18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 24 | SOFTWARE. 25 | """ 26 | import sys 27 | import subprocess 28 | import urllib 29 | from burp import ITab 30 | from burp import IBurpExtender 31 | from burp import IIntruderPayloadGeneratorFactory 32 | from burp import IIntruderPayloadGenerator 33 | from javax.swing import JLabel, JTextField, JOptionPane, JTabbedPane, JPanel, JButton 34 | from java.awt import GridBagLayout, GridBagConstraints 35 | 36 | class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory, ITab): 37 | name = "Burp PyJFuzz" 38 | args = "" 39 | binary = "" 40 | _jTabbedPane = JTabbedPane() 41 | _jPanel = JPanel() 42 | _jAboutPanel = JPanel() 43 | _jPanelConstraints = GridBagConstraints() 44 | _jLabelParameters = None 45 | _jTextFieldParameters = None 46 | _jLabelTechniques = None 47 | _jTextFieldTechniques = None 48 | _jLabelFuzzFactor = None 49 | _jTextFieldFuzzFactor = None 50 | _jLabelAdditionalCmdLine = None 51 | _jTextFieldAdditionalCmdLine = None 52 | _jButtonSetCommandLine = None 53 | _jLabelAbout = None 54 | aboutText = """ 55 |

PyJFuzz - Python JSON Fuzzer


56 | Created by Daniele 'dzonerzy' Linguaglossa, security consultant @ Consulthink S.p.A.
57 | PyJFuzz is a JSON fuzzer written in pure python, it allows to generate and fuzz JSON object while maintaining
58 | the structure of original one. This project is still in beta so expect some errors, anyway it should do its work!
59 | PyJFuzz is released under MIT license, the author does 60 | not take any legal responsibility for the program usage.
61 | 62 | Happy fuzzing

63 | 64 | 65 | 66 | 67 | 68 | """ 69 | 70 | def registerExtenderCallbacks(self, callbacks): 71 | find_bin = subprocess.Popen(["/usr/bin/which", "pjf"],stdout=subprocess.PIPE) 72 | find_bin.wait() 73 | self.binary=find_bin.stdout.read().replace("\n", "").replace("\r", "") 74 | if not self.binary: 75 | sys.stderr.write("Unable to find pjf in path! Please symlink pjf to /usr/local/bin/pjf ") 76 | self._callbacks = callbacks 77 | self._helpers = callbacks.getHelpers() 78 | callbacks.setExtensionName(self.name) 79 | callbacks.registerIntruderPayloadGeneratorFactory(self) 80 | callbacks.addSuiteTab(self) 81 | self.initPanelConfig() 82 | self._jTabbedPane.addTab("Configuration", self._jPanel) 83 | self._jTabbedPane.addTab("About", self._jAboutPanel) 84 | return 85 | 86 | def getUiComponent(self): 87 | return self._jTabbedPane 88 | 89 | def getTabCaption(self): 90 | return "PyJFuzz" 91 | 92 | def initPanelConfig(self): 93 | self._jPanel.setBounds(0, 0, 1000, 1000) 94 | self._jPanel.setLayout(GridBagLayout()) 95 | 96 | self._jAboutPanel.setBounds(0, 0, 1000, 1000) 97 | self._jAboutPanel.setLayout(GridBagLayout()) 98 | 99 | self._jLabelParameters = JLabel("Parameters to Fuzz (comma separated): ") 100 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 101 | self._jPanelConstraints.gridx = 0 102 | self._jPanelConstraints.gridy = 0 103 | self._jPanel.add(self._jLabelParameters, self._jPanelConstraints) 104 | 105 | self._jTextFieldParameters = JTextField("", 15) 106 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 107 | self._jPanelConstraints.gridx = 1 108 | self._jPanelConstraints.gridy = 0 109 | self._jPanel.add(self._jTextFieldParameters, self._jPanelConstraints) 110 | 111 | self._jLabelTechniques = JLabel("Techniques (\"CHPTRSX\"):") 112 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 113 | self._jPanelConstraints.gridx = 0 114 | self._jPanelConstraints.gridy = 1 115 | self._jPanel.add(self._jLabelTechniques, self._jPanelConstraints) 116 | 117 | self._jTextFieldTechniques = JTextField("CHPTRSX", 3) 118 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 119 | self._jPanelConstraints.gridx = 1 120 | self._jPanelConstraints.gridy = 1 121 | self._jPanel.add(self._jTextFieldTechniques, self._jPanelConstraints) 122 | 123 | self._jLabelFuzzFactor = JLabel("Fuzz Factor (0-6):") 124 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 125 | self._jPanelConstraints.gridx = 0 126 | self._jPanelConstraints.gridy = 2 127 | self._jPanel.add(self._jLabelFuzzFactor, self._jPanelConstraints) 128 | 129 | self._jTextFieldFuzzFactor = JTextField("6", 3) 130 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 131 | self._jPanelConstraints.gridx = 1 132 | self._jPanelConstraints.gridy = 2 133 | self._jPanel.add(self._jTextFieldFuzzFactor, self._jPanelConstraints) 134 | 135 | self._jLabelAdditionalCmdLine = JLabel("Additional command line switch:") 136 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 137 | self._jPanelConstraints.gridx = 0 138 | self._jPanelConstraints.gridy = 3 139 | self._jPanel.add(self._jLabelAdditionalCmdLine, self._jPanelConstraints) 140 | 141 | self._jTextFieldAdditionalCmdLine = JTextField("", 3) 142 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 143 | self._jPanelConstraints.gridx = 1 144 | self._jPanelConstraints.gridy = 3 145 | self._jPanel.add(self._jTextFieldAdditionalCmdLine, self._jPanelConstraints) 146 | 147 | self._jButtonSetCommandLine = JButton('Set Configuration', actionPerformed=self.setCommandLine) 148 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 149 | self._jPanelConstraints.gridx = 0 150 | self._jPanelConstraints.gridy = 5 151 | self._jPanelConstraints.gridwidth = 2 152 | self._jPanel.add(self._jButtonSetCommandLine, self._jPanelConstraints) 153 | 154 | self._jLabelAbout = JLabel("%s" % self.aboutText) 155 | self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL 156 | self._jPanelConstraints.gridx = 0 157 | self._jPanelConstraints.gridy = 0 158 | self._jAboutPanel.add(self._jLabelAbout, self._jPanelConstraints) 159 | 160 | def setCommandLine(self, event=None): 161 | params = self._jTextFieldParameters.getText() 162 | techniques = self._jTextFieldTechniques.getText() 163 | fuzz_factor = self._jTextFieldFuzzFactor.getText() 164 | additional = self._jTextFieldAdditionalCmdLine.getText() 165 | cmdline = "-p %s " % params if params != "" else "" 166 | cmdline += "-l %s " % fuzz_factor if fuzz_factor != "" else "" 167 | cmdline += "-t %s " % techniques if techniques != "" else "" 168 | cmdline += "%s" % additional if additional != "" else "" 169 | self.args = cmdline 170 | JOptionPane.showMessageDialog(None, "Command line configured!") 171 | 172 | def getGeneratorName(self): 173 | return "PyJFuzz JSON Fuzzer" 174 | 175 | def createNewInstance(self, attack): 176 | return JSONFuzzer(self, attack, self.binary, self.args) 177 | 178 | 179 | class JSONFuzzer(IIntruderPayloadGenerator): 180 | def __init__(self, extender, attack, pjf, args): 181 | self._args = args.split() 182 | self._extender = extender 183 | self._helpers = extender._helpers 184 | self._attack = attack 185 | if pjf: 186 | self.pyjfuzz = pjf 187 | else: 188 | self.pyjfuzz = "/usr/local/bin/pjf" 189 | return 190 | 191 | def hasMorePayloads(self): 192 | return True 193 | 194 | def getNextPayload(self, current_payload): 195 | payload = "".join(chr(x) for x in current_payload) 196 | payload = self.fuzz(payload) 197 | return payload 198 | 199 | def reset(self): 200 | return 201 | 202 | def fuzz(self, original_payload): 203 | # Call PyJFuzz 204 | original_payload = urllib.unquote(original_payload) 205 | p1 = subprocess.Popen([self.pyjfuzz, '--J', '%s' % original_payload] + self._args, stdout=subprocess.PIPE) 206 | output = p1.communicate() 207 | p1.stdout.close() 208 | del p1 209 | return output[0] 210 | --------------------------------------------------------------------------------