Script to solve burp labs or for bug bounty #340
Conversation
|
Would be good to mention the original script, maybe it can be removed too since the HTTP Sender applies to fuzzer messages as well. |
|
I can't get random_x_forwarded_for_ip.js to work in Fuzzer HTTP processor. In the fuzzer the script does not appear, in the response the x-forwarded-for-ip does not appear. |
|
I'm sorry, I just understood how to use the random_x_forwarded_for_ip.js script, I see how why my script is not necessary. Thanks for the time spent on the problem. |
|
It's the other way around, this script supersedes the other script and why was suggesting to remove the other script, though both cover their own use cases. |
| @@ -1,4 +1,4 @@ | |||
| // @author Ruffenach Timothée | |||
| // The original script comes from the Fuzzer HTTP Processor section under the name random_x_forwarded_for_ip.js | |||
There was a problem hiding this comment.
I was not saying to remove the name, just mention the other script. This is for maintenance purposes, if changes are done in one script they most likely need to be done in both.
| @@ -0,0 +1,84 @@ | |||
| # Version 1.0 | |||
| # @author RUFFENACH Timothée | |||
| # Script inspired from https://02108124551050482571.googlegroups.com/attach/54c6e34f6fe20/message_processor.js?part=0.1&view=1&vt=ANaJVrEJuACewYorhYYa_zyhyMSug06pmlERCqfYdLsukQBC3OW3LATuXG1WHk_Fw9a0nhexG8ykFDuFgBGYrKAg_pOQ61M36MwC9SOBGvK4KLZn3eDkNzY (dot run on owasp 2.12.0) | |||
There was a problem hiding this comment.
legacy script in javascript don't run with owasp 2.12.0
There was a problem hiding this comment.
That's not a ZAP issue that's a JRE issue. If you're using a Java 11 JRE it'll still run.
Also OWASP is the organization ZAP is the project/product 😉
There was a problem hiding this comment.
Link to the thread/post rather than the attachment, which should be more reliable.
There was a problem hiding this comment.
I don't found the original post.
httpfuzzerprocessor/pitchWork.py
Outdated
| # The script fuzz in mode pitchfork. | ||
| # To Use : Enable script. | ||
| # In fuzzer Add 2 EmptyNull with good number. | ||
| # Select two 2 files and launch the fuzzer. |
There was a problem hiding this comment.
There's a double space between launch and the.
httpfuzzerprocessor/pitchWork.py
Outdated
| fileChooser.setMultiSelectionEnabled(True) | ||
| filePath1 = "" | ||
| result = fileChooser.showOpenDialog(None) | ||
|
|
||
| if result == JFileChooser.APPROVE_OPTION: | ||
| selectedFiles = fileChooser.getSelectedFiles() | ||
| for file in selectedFiles: |
There was a problem hiding this comment.
Why does this need to allow multi-select? If only single files could be selected wouldn't that remove the need to loop?
Also since this logic is the same for both files can't it just be extracted to a method?
There was a problem hiding this comment.
This should be done in the EDT also.
httpfuzzerprocessor/pitchWork.py
Outdated
| # Script inspired from https://02108124551050482571.googlegroups.com/attach/54c6e34f6fe20/message_processor.js?part=0.1&view=1&vt=ANaJVrEJuACewYorhYYa_zyhyMSug06pmlERCqfYdLsukQBC3OW3LATuXG1WHk_Fw9a0nhexG8ykFDuFgBGYrKAg_pOQ61M36MwC9SOBGvK4KLZn3eDkNzY (dot run on owasp 2.12.0) | ||
| # The script fuzz in mode pitchfork. | ||
| # To Use : Enable script. | ||
| # In fuzzer Add 2 EmptyNull with good number. |
There was a problem hiding this comment.
| # In fuzzer Add 2 EmptyNull with good number. | |
| # In the Fuzzer add 2 EmptyNull payloads with a good number of iterations. |
|
I made some correction and integrated the multiple payloads management. |
|
Why are more and more files being added to this PR? |
|
To address the DCO requirement you'll need to sign-off the commit(s): |
Signed-off-by: Timothée Ruffenach <[email protected]>
…mIP.js Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
|
I'm doing courses on zap proxy to do burp suite labs with zap proxy. I need to make scripts to fix labs or bounty bugs. I don't know much about git hub it my first contribution on other project with github. |
|
Okay that makes more sense I guess. They're all useful. Might want to tweak the title/subject and maybe make it draft (until you've included everything you're thinking of). |
timruff
changed the title
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
…to fileAction.py Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
| if (init == False): | ||
| initialise() |
There was a problem hiding this comment.
Maybe "shouldInit" should be more clear to future users/maintainers?
There was a problem hiding this comment.
ok Im have rename to shouldInit
|
|
||
| # Called after receiving the fuzzed message from the server | ||
| def processResult(utils, fuzzResult) : | ||
| global isChek,time |
There was a problem hiding this comment.
My point was that it's misspelled here.
| time = getNumber(1,50000,"how many time do you want ?") | ||
| isCheck = JOptionPane.showConfirmDialog(None, "more high or equal (YES) esle less or equal (NO)", "Confirm", JOptionPane.YES_NO_OPTION) |
There was a problem hiding this comment.
This English is rough, I'm happy to help but I need a better description of what's meant here.
They should both start with capitals and there's a type in "else".
There was a problem hiding this comment.
I changed the sentences for more understanding, sorry my native language is not english
There was a problem hiding this comment.
No problem, that's why I was offering to help 👍
| if isCheck == JOptionPane.YES_OPTION and (int(fuzzResult.getHttpMessage().getTimeElapsedMillis()) >= time): | ||
| return bool(1) | ||
| elif isCheck == JOptionPane.NO_OPTION and (int(fuzzResult.getHttpMessage().getTimeElapsedMillis()) <= time): | ||
| return bool(1) | ||
| else: | ||
| return bool(0); |
There was a problem hiding this comment.
Any reason these can't just return true or false?
There was a problem hiding this comment.
Ok i have changed by TRUE and FALSE
|
|
||
| # ask stings to find | ||
| while entry == "": | ||
| entry = getString("what character string do you want to find ?") |
There was a problem hiding this comment.
| entry = getString("what character string do you want to find ?") | |
| entry = getString("What character string do you want to find ?") |
There was a problem hiding this comment.
I made the changes and make correction of other sentence
httpfuzzerprocessor/pitchWork.py
Outdated
| while number == -1: | ||
| number = chooseNumber() | ||
|
|
||
| # choose file user |
There was a problem hiding this comment.
Yes, is here the files of users are add. i have modified the comment by "add files chosen by the user"
There was a problem hiding this comment.
Is it really worth including this? Aren't the URLs specific to your lab/academy instance at the time?
There was a problem hiding this comment.
yes, but in the course I said to change the address.
it is possible to make a dialog box in zest to ask for the URLs ?
There was a problem hiding this comment.
Hmmm good question, I've never tried that with zest. Hopefully someone else on the team can answer.
There was a problem hiding this comment.
In Edit Zest Scrip the prefix seems modifiable but that the modification it is impossible to save it.
| biid = getString("what is your biid ?") | ||
|
|
||
| # Get number for update info | ||
| update = getNumber(1,3600, "how many time do you want refresh information ?") |
There was a problem hiding this comment.
| update = getNumber(1,3600, "how many time do you want refresh information ?") | |
| update = getNumber(1,3600, "How many times do you want refresh information ?") |
|
|
||
| def main(): | ||
| global biid | ||
| biid = getString("what is your biid ?") |
There was a problem hiding this comment.
| biid = getString("what is your biid ?") | |
| biid = getString("What is your biid ?") |
Will "biid" be clear to a user because I have no idea what it is.
There was a problem hiding this comment.
The biid is a token of burp collaborator protection, i wireshark the token name is biid. Look link https://www.onsecurity.io/blog/persistent-access-to-burp-suite-sessions-step-by-step-guide/
There was a problem hiding this comment.
I don't understand the meaning of biid but I know that it stores the user's secret key.
I replaced What is your biid ? by What is your secret key (biid) ?
The capital letters have been put.
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
…ull-URL_encoding_auto-submit.js Signed-off-by: Timothée Ruffenach <[email protected]>
Signed-off-by: Timothée Ruffenach <[email protected]>
|
It's going to be really hard for us to review this and move it along if you don't pick a "line in the sand". You can always create another branch or something for future contribs. |
| # @author Timothée Ruffenach | ||
| # Version 1.0 | ||
| # decode HTML Entities |
There was a problem hiding this comment.
This is not valid comment for JavaScript (there are others that need to be corrected).
Just simple script to add IP random to X-Forwarded-For: in Header request.
For section HTTP Sender