-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathpost.py
More file actions
47 lines (33 loc) · 1.56 KB
/
post.py
File metadata and controls
47 lines (33 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import re
import base64
if messageIsRequest:
###--------------define scope below--------------###
url_pattern = r'example.php' # set endpoint
target_param = 'input' # set target parameter we want to modify the value of e.g. injecting into input=test set to input
###--------------define scope above--------------###
#check to see if the request is in scope
url = messageInfo.url.toString()
if re.search(url_pattern, url):
#retrieve req information using the burp extender api
reqbytes = messageInfo.getRequest()
req = helpers.analyzeRequest(reqbytes)
parameters = reqbytes[(req.getBodyOffset()):].tostring()
headers = req.getHeaders()
#build regex string from target parameter
regex = r'%s=[^\s]*' % target_param
#get the target parameter and value from the request body
input_param = re.findall(regex, parameters)[0].split('&')[0]
input_val = input_param.split('=')[1]
###--------------modify below--------------###
#print(input_val)
#modify the input value in some way, here it is just base64 decoding
output_val = base64.b64encode(input_val)
#print(output_val)
###--------------modify above--------------###
#create output request parameter value pair e.g. input=base64(test)
output_param = r'%s=%s' % (target_param, output_val)
#create output request body, e.g. combine output param with the other parameters in the original request
output_body = parameters.replace(input_param, output_param)
#send off the modified request
newreq = helpers.buildHttpMessage(headers,output_body)
messageInfo.setRequest(newreq)