中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

自動收集burpsuite scanenr模塊掃描后的結果

發布時間:2020-07-19 18:01:08 來源:網絡 閱讀:12824 作者:wx5b0b88843cb2a 欄目:安全技術

自動收集burpsuite scanenr模塊掃描后的結果

0x00需求

在QA進行功能測試時,同時也進行安全測試,減少產品安全測試所花費的時間,將工具可以發現的安全問題,盡可能早的提出來。

0x01思路

  1. 找一臺windows服務器,在該服務器上安裝bp,bp的代理ip:本服務器ip,端口:8080
  2. QA測試時瀏覽器掛上代理(代理ip:windows服務器的ip,端口:8080)
  3. 編寫burpsuite插件,將burpsuite scanner模塊發現的漏洞存儲到sqlite數據庫
  4. QA在測試前,需要將測試的url添加到bp的scope中
  5. QA測試完,可以訪問響應頁面,查看安全測試結果

    0x02burpsuite 插件

    插件需要繼承IScannerListener,使用其newScanIssue函數獲取所有的掃描結果
    自動收集burpsuite scanenr模塊掃描后的結果

package burp;

/*

  • @(#)IScanIssue.java
  • Copyright PortSwigger Ltd. All rights reserved.
  • This code may be used to extend the functionality of Burp Suite Community Edition
  • and Burp Suite Professional, provided that this usage does not violate the
  • license terms for those products.
    /
    /
  • This interface is used to retrieve details of Scanner issues. Extensions can
  • obtain details of issues by registering an <code>IScannerListener</code> or
  • by calling <code>IBurpExtenderCallbacks.getScanIssues()</code>. Extensions
  • can also add custom Scanner issues by registering an
  • <code>IScannerCheck</code> or calling
  • <code>IBurpExtenderCallbacks.addScanIssue()</code>, and providing their own
  • implementations of this interface. Note that issue descriptions and other
  • text generated by extensions are subject to an HTML whitelist that allows
  • only formatting tags and simple hyperlinks.
    */
    public interface IScanIssue
    {

    /**

    • This method returns the URL for which the issue was generated.
    • @return The URL for which the issue was generated.
      */
      java.net.URL getUrl();

    /**

    • This method returns the name of the issue type.
    • @return The name of the issue type (e.g. "SQL injection").
      */
      String getIssueName();

    /**

    • This method returns a numeric identifier of the issue type. See the Burp
    • Scanner help documentation for a listing of all the issue types.
    • @return A numeric identifier of the issue type.
      */
      int getIssueType();

    /**

    • This method returns the issue severity level.
    • @return The issue severity level. Expected values are "High", "Medium",
    • "Low", "Information" or "False positive".
    • */
      String getSeverity();

    /**

    • This method returns the issue confidence level.
    • @return The issue confidence level. Expected values are "Certain", "Firm"
    • or "Tentative".
      */
      String getConfidence();

    /**

    • This method returns a background description for this type of issue.
    • @return A background description for this type of issue, or
    • <code>null</code> if none applies. A limited set of HTML tags may be
    • used.
      */
      String getIssueBackground();

    /**

    • This method returns a background description of the remediation for this
    • type of issue.
    • @return A background description of the remediation for this type of
    • issue, or <code>null</code> if none applies. A limited set of HTML tags
    • may be used.
      */
      String getRemediationBackground();

    /**

    • This method returns detailed information about this specific instance of
    • the issue.
    • @return Detailed information about this specific instance of the issue,
    • or <code>null</code> if none applies. A limited set of HTML tags may be
    • used.
      */
      String getIssueDetail();

    /**

    • This method returns detailed information about the remediation for this
    • specific instance of the issue.
    • @return Detailed information about the remediation for this specific
    • instance of the issue, or <code>null</code> if none applies. A limited
    • set of HTML tags may be used.
      */
      String getRemediationDetail();

    /*

    • This method returns the HTTP messages on the basis of which the issue was
    • generated.
    • @return The HTTP messages on the basis of which the issue was generated.
    • <b>Note:</b> The items in this array should be instances of
    • <code>IHttpRequestResponseWithMarkers</code> if applicable, so that
    • details of the relevant portions of the request and response messages are
    • available.
      */
      IHttpRequestResponse[] getHttpMessages();

    /*

    • This method returns the HTTP service for which the issue was generated.
    • @return The HTTP service for which the issue was generated.
      */
      IHttpService getHttpService();

}

**如上newScanIssue可以獲取到掃描的所有結果,比如:
1.java.net.URL getUrl(); 掃描的url
2.String getIssueName(); 問題類型: 如SQL injection(sql注入)
3.getSeverity(); 漏洞等級 "High", "Medium", "Low", "Information" or "False positive"
4.String getConfidence(); 確定程度 "Certain", "Firm" or "Tentative".

  1. String getIssueBackground(); 漏洞背景
  2. String getIssueDetail(); 漏洞詳情
  3. IHttpRequestResponse[] getHttpMessages(); 漏洞證明的請求、響應包
    將以上信息獲取后保存到數據庫中即可
    完整代碼:

from burp import IBurpExtender
from burp import IScannerListener
from java.io import PrintWriter
from threading import Thread
from java.lang import Class
from java.sql import DriverManager, SQLException
import time
class BurpExtender(IBurpExtender, IScannerListener):

def registerExtenderCallbacks(self, callbacks):
    # keep a reference to our callbacks object
    self._callbacks = callbacks

    # set our extension name
    callbacks.setExtensionName("scann_test")

    # obtain our output stream
    self._stdout = PrintWriter(callbacks.getStdout(), True)

    self._helpers = callbacks.getHelpers()

    # register ourselves as an
    callbacks.registerScannerListener(self)

def newScanIssue(self,issue):

    #self._stdout.println(issue.getConfidence())  Certain", "Firm" * or "Tentative"
    #CREATE TABLE `scanner` (`id` INTEGER PRIMARY KEY,`time` varchar(100),ip varchar(50),`url` varchar(30) ,`degree` varchar(30) ,`level` varchar(100) ,`detail` text ,`issueType` varchar(200) ,`issueBackground` text,`remediationBackground` text,`remediationDetail` text,`requests` text,`response` text ,issueName varcahr(50))
    if(issue.getConfidence()):

        Class.forName("org.sqlite.JDBC").newInstance()
        JDBC_URL = "jdbc:sqlite:%s" % ("d:/scanner.db")
        dbConn = DriverManager.getConnection(JDBC_URL)
        sql="insert into `scanner` (time,ip,url,degree,level,detail,issueType,issueBackground,remediationBackground,remediationDetail,requests,response,issueName) values(?,?,?,?,?,?,?,?,?,?,?,?,?);"
        preStmt=dbConn.prepareStatement(sql)
        current_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())

        requests=""
        response=""
        for message in issue.getHttpMessages():

            for i in range(len(message.getRequest())):
                if(message.getRequest()[i]<255 and message.getRequest()[i]>0):
                    requests=requests+chr(message.getRequest()[i])
            requests+="\n--------------------------\n" 
            if(len(message.getResponse())!=0):
                for i in range(len(message.getResponse())):
                    if(message.getResponse()[i]<255 and message.getResponse()[i]>0):
                        response=response+chr(message.getResponse()[i])
            response+="\n--------------------------\n"
        ip=issue.getHttpService().getHost()

        if(issue.getIssueDetail()):
            detail=issue.getIssueDetail()
        else:
            detail="none"

        if(issue.getIssueBackground()):
            issueBackground=issue.getIssueBackground()
        else:
            issueBackground="none"

        if(issue.getRemediationBackground()):
            remediationBackground=issue.getRemediationBackground()
        else:
            remediationBackground="none"

        if(issue.getRemediationDetail()):
            remediationDetail=issue.getRemediationDetail()
        else:
            remediationDetail="none"

        preStmt.setString(1, str(current_time))
        preStmt.setString(2, str(ip))
        preStmt.setString(3, str(issue.getUrl()))
        preStmt.setString(4,str(issue.getConfidence()))
        preStmt.setString(5,str(issue.getSeverity()))
        preStmt.setString(6,str(detail))
        preStmt.setString(7,str(issue.getIssueType()))
        preStmt.setString(8,str(issueBackground))
        preStmt.setString(9,str(remediationBackground))
        preStmt.setString(10,str(remediationDetail))
        preStmt.setString(11,str(requests))
        preStmt.setString(12,str(response))
        preStmt.setString(13,str(issue.getIssueName()))

        preStmt.addBatch()
        dbConn.setAutoCommit(False)
        preStmt.executeBatch()
        dbConn.setAutoCommit(True)
        dbConn.close()

        self._stdout.println("time:")
        self._stdout.println(current_time)

        self._stdout.print("ip")
        self._stdout.println(ip)

        self._stdout.println("qudingchengdu:"+issue.getConfidence())

        self._stdout.print("url:")
        self._stdout.println(issue.getUrl())

        self._stdout.println(issue.getIssueName())

        self._stdout.println("level:"+issue.getSeverity())

        self._stdout.print("detail:")
        if(issue.getIssueDetail()):
            self._stdout.println(issue.getIssueDetail())
        else:
            self._stdout.println("none")

        self._stdout.println("getIssueType():")
        self._stdout.println(issue.getIssueType())

        self._stdout.print("getIssueBackground")
        if(issue.getIssueBackground()):
            self._stdout.println(issue.getIssueBackground())
        else:
            self._stdout.println("none")

        self._stdout.print("getRemediationBackground():")
        if(issue.getRemediationBackground()):
            self._stdout.println(issue.getRemediationBackground())
        else:
            self._stdout.println("none")

        self._stdout.print("getRemediationDetail():")
        if(issue.getRemediationDetail()):
            self._stdout.println(issue.getRemediationDetail())
        else:
            self._stdout.println("none")

        self._stdout.println("---------------------------")

0x03 burpsuite 掃描結果(在數據庫中展示)

自動收集burpsuite scanenr模塊掃描后的結果

0x04 待存問題

scanner 掃描過程中過濾js,jpg等文件
將需要測試的url自動添加到scope中

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

娄烦县| 安义县| 吉木乃县| 泸水县| 东兴市| 镇康县| 新兴县| 高唐县| 辽阳县| 大姚县| 于都县| 旌德县| 吉木萨尔县| 平顺县| 美姑县| 北安市| 金山区| 鹿泉市| 金乡县| 应城市| 武山县| 巍山| 陇南市| 鹤岗市| 麻江县| 罗城| 南漳县| 大化| 乌拉特前旗| 阜平县| 桃源县| 周宁县| 大新县| 句容市| 六枝特区| 博白县| 台东县| 英超| 华安县| 长宁县| 灵石县|