首页 > 运维 > 安全 > Burpsuit结合SQLMapAPI产生的批量注入插件是怎样的

Burpsuit结合SQLMapAPI产生的批量注入插件是怎样的

WBOY
发布: 2023-05-12 19:19:04
转载
1334 人浏览过

1.1变动:

增加过滤设置

优化显示结果

增加运行提示信息

增加域名正则匹配 

整个插件分为三个面板:任务面板、sqlmapapi参数配置面板、过滤条件面板。

任务面板

Burpsuit结合SQLMapAPI产生的批量注入插件是怎样的

Server : SQLmapapi服务的IP和端口

THREAD:同时检测的任务数量

Domain:需要检测的域名,支持正则匹配

CLEAN:清除任务缓存列表

TEST:测试SQLmapapi的连接是否成功

START:开启检测    

左下为任务列表和任务状态,右侧按钮下方是信息提示区域,下方为请求详情和扫描结果。

sqlmapapi参数配置面板

Burpsuit结合SQLMapAPI产生的批量注入插件是怎样的

这里的设置参考sqlmap的参数设置。

Tamper:列表中的是sqlmap自带的tamper,输入框中可填入自定义的tamper使用 ”,“逗号分割 。

LogFile:设置扫描日志记录文件,该文文件存储路径为sqlmapapi服务器上的路径。

过滤条件面板

Burpsuit结合SQLMapAPI产生的批量注入插件是怎样的

ExcludeSuffix:用来排除一些指定后缀的请求,使用正则进行匹配。例如:图片、css、js等。

IngoreCase:对ExcludeSuffix进行限制是否区分大小写,默认为不区分。

IngoreParams:在对请求进行重复性检测时需要忽略的参数,使用”,“逗号分割,例如:请求中的随机数timeStamp等。

ExcludeParams:在对请求进行过滤时如果存在该参数则不将该请求加入待测列表,例如:验证码checkCode等。

以上是根据这段时间在实际使用的过程中所做的一些修改,后续还会根据大家的建议进一步对该插件进行优化,谢谢大家的支持。

以下是程序中的一些代码以及实现思路:

请求监听段实现代码

public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
        boolean addFlag = false;// 是否添加到扫描列表
        // 判断是否为request请求、开关是否打开
        if (messageIsRequest && sqlmapApiPanel.isStart()) {
            String host = helpers.analyzeRequest(messageInfo).getUrl().getHost();
            if (host.matches(targetDomian)) {
                IRequestInfo iRequestInfo = helpers.analyzeRequest(messageInfo);
                // 从?号处截断URL 可区分http 和 https
                String url = String.valueOf(iRequestInfo.getUrl());
                url = url.indexOf("?") > 0 ? url.substring(0, url.indexOf("?")) : url;
                // 排除指定后缀URL(eg : .jpg|.png|.ico)
                if (!excludeSuffix.matcher(url).matches()) {
                    // 构造任务实体
                    TaskEntity entity = new TaskEntity(iRequestInfo.getUrl(), //
                            iRequestInfo.getMethod(), //
                            callbacks.saveBuffersToTempFiles(messageInfo), //
                            iRequestInfo);
                    // 进行数据去重检测
                    String hash = bCrypt.hashpw(entity.getSignString(-1, ingoreParams), SALT);
                    Integer repeatCheckValue = 1;
                    if (String.valueOf(iRequestInfo.getHeaders()).indexOf("Chris-To-Sqlmap") != -1) {
                        if (repeatCheck.containsKey(hash)) {
                            repeatCheckValue = repeatCheck.get(hash) + 1;
                            hash = hash + repeatCheckValue;
                        }
                        addFlag = true;
                    }
                    // 检测当前数据包是否重复,检测当前数据包是否要根据参数可选过滤
                    else if (!repeatCheck.containsKey(hash) && !entity.hasParams(excludeParams)) {
                        // repeatCheck
                        if (!entity.getParamBody().isEmpty()) {// 检测post参数是否为空
                            addFlag = true;
                        } else if (!entity.getParamUrl().isEmpty()) {// 检测get参数是否为空
                            addFlag = true;
                        } else if (sqlmapApiOption.getLevel() >= 3 && !entity.getParamCookie().isEmpty()) {// level参数大于3是应检测cookie注入
                            addFlag = true;
                        }
                    }
                    if (addFlag) {
                        int row = listTasks.size();
                        repeatCheck.put(hash, repeatCheckValue);
                        listTasks.add(entity);
                        fireTableRowsInserted(row, listTasks.size());
                    }
                }
            }
        }
    }
登录后复制

任务执行段实现代码:

public void run() {
                while (true) {
                    if (!threadFlag) {
                        try {
                            sqlmapApiPanel.setMessage("Waiting.");
                            sleep(3 * 1000);
                        } catch (InterruptedException e) {
                            stderr.print(e.getMessage());
                        }
                        continue;
                    }
                    // 增加任务
                    if (runingTasks.size() < THREAD_NUMBER && listTasks_start < listTasks.size()) {
                        while (runingTasks.size() < THREAD_NUMBER && listTasks_start < listTasks.size()) {
                            TaskEntity entityNew = listTasks.get(listTasks_start);
                            entityNew.setTaskid(sqlmapapi.tastNew(sqlmapapiServer));
                            if (entityNew.getTaskid() != "" && entityNew.getTaskid() != "-") {
                                entityNew.setTaskEngineid(sqlmapapi.taskStart(sqlmapapiServer, entityNew, sqlmapApiOption));
                                runingTasks.put(entityNew.getTaskid(), entityNew);
                                sqlmapApiPanel.setMessage("New task "+entityNew.getTaskid()+" , URL :"+String.valueOf(entityNew.getUrl())+"    .");
                                listTasks_start++;
                            } else {
                                try {
                                    sqlmapApiPanel.setMessage("New task failed! URL :"+String.valueOf(entityNew.getUrl())+"    .");
                                    sleep(3 * 1000);
                                } catch (InterruptedException e) {
                                    stderr.print(e.getMessage());
                                }
                                continue;
                            }
                        }
                    }
                    if (runingTasks.size() != 0) {
                        // 刷新map中任务的状态
                        List<String> removeList = new ArrayList<>();
                        for (String key : runingTasks.keySet()) {
                            TaskEntity entityRuning = runingTasks.get(key);
                            String status = sqlmapapi.flushStatus(sqlmapapiServer, entityRuning);
                            sqlmapApiPanel.setMessage("Flash task [" + key + "] " + status + " .");
                            if ("terminated".equals(status)) {
                                entityRuning.setTaskStatus(status);
                                entityRuning.setTaskScanData(sqlmapapi.flushScanData(sqlmapapiServer, entityRuning));
                                sqlmapApiPanel.setMessage("Task [" + key + "] finished .");
                                removeList.add(key);
                            } else if ("not running".equals(status)) {
                                stderr.println(entityRuning.getTaskid() + " not running");
                                // entityRuning.setTaskEngineid(taskStart(entityRuning));
                            } else {
                                entityRuning.setTaskStatus(status);
                            }
                            try {
                                sleep(3 * 1000);
                            } catch (InterruptedException e) {
                                stderr.print(e.getMessage());
                            }
                        }
                        if (!removeList.isEmpty()) {
                            for (String key : removeList) {
                                runingTasks.remove(key);
                            }
                        }
                        fireTableRowsInserted(0, listTasks.size());
                    } else {
                        try {
                            sleep(3 * 1000);
                        } catch (InterruptedException e) {
                            stderr.print(e.getMessage());
                        }
                    }
                }
            }
登录后复制

以上是Burpsuit结合SQLMapAPI产生的批量注入插件是怎样的的详细内容。更多信息请关注PHP中文网其他相关文章!

相关标签:
来源:yisu.com
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热门教程
更多>
最新下载
更多>
网站特效
网站源码
网站素材
前端模板