在QA进行功能测试时,同时也进行安全测试,减少产品安全测试所花费的时间,将工具可以发现的安全问题,尽可能早的提出来。
插件需要继承IScannerListener,使用其newScanIssue函数获取所有的扫描结果
package burp;
/*
only formatting tags and simple hyperlinks.
*/
public interface IScanIssue
{
/**
/**
/**
/**
*/
String getSeverity();
/**
/**
/**
/**
/**
/*
/*
}
**如上newScanIssue可以获取到扫描的所有结果,比如:
1.java.net.URL getUrl(); 扫描的url
2.String getIssueName(); 问题类型: 如SQL injection(sql注入)
3.getSeverity(); 漏洞等级 "High", "Medium", "Low", "Information" or "False positive"
4.String getConfidence(); 确定程度 "Certain", "Firm" or "Tentative".
from burp import IBurpExtender
from burp import IScannerListener
from java.io import PrintWriter
from threading import Thread
from java.lang import Class
from java.sql import DriverManager, SQLException
import time
class BurpExtender(IBurpExtender, IScannerListener):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# set our extension name
callbacks.setExtensionName("scann_test")
# obtain our output stream
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._helpers = callbacks.getHelpers()
# register ourselves as an
callbacks.registerScannerListener(self)
def newScanIssue(self,issue):
#self._stdout.println(issue.getConfidence()) Certain", "Firm" * or "Tentative"
#CREATE TABLE `scanner` (`id` INTEGER PRIMARY KEY,`time` varchar(100),ip varchar(50),`url` varchar(30) ,`degree` varchar(30) ,`level` varchar(100) ,`detail` text ,`issueType` varchar(200) ,`issueBackground` text,`remediationBackground` text,`remediationDetail` text,`requests` text,`response` text ,issueName varcahr(50))
if(issue.getConfidence()):
Class.forName("org.sqlite.JDBC").newInstance()
JDBC_URL = "jdbc:sqlite:%s" % ("d:/scanner.db")
dbConn = DriverManager.getConnection(JDBC_URL)
sql="insert into `scanner` (time,ip,url,degree,level,detail,issueType,issueBackground,remediationBackground,remediationDetail,requests,response,issueName) values(?,?,?,?,?,?,?,?,?,?,?,?,?);"
preStmt=dbConn.prepareStatement(sql)
current_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
requests=""
response=""
for message in issue.getHttpMessages():
for i in range(len(message.getRequest())):
if(message.getRequest()[i]<255 and message.getRequest()[i]>0):
requests=requests+chr(message.getRequest()[i])
requests+="\n--------------------------\n"
if(len(message.getResponse())!=0):
for i in range(len(message.getResponse())):
if(message.getResponse()[i]<255 and message.getResponse()[i]>0):
response=response+chr(message.getResponse()[i])
response+="\n--------------------------\n"
ip=issue.getHttpService().getHost()
if(issue.getIssueDetail()):
detail=issue.getIssueDetail()
else:
detail="none"
if(issue.getIssueBackground()):
issueBackground=issue.getIssueBackground()
else:
issueBackground="none"
if(issue.getRemediationBackground()):
remediationBackground=issue.getRemediationBackground()
else:
remediationBackground="none"
if(issue.getRemediationDetail()):
remediationDetail=issue.getRemediationDetail()
else:
remediationDetail="none"
preStmt.setString(1, str(current_time))
preStmt.setString(2, str(ip))
preStmt.setString(3, str(issue.getUrl()))
preStmt.setString(4,str(issue.getConfidence()))
preStmt.setString(5,str(issue.getSeverity()))
preStmt.setString(6,str(detail))
preStmt.setString(7,str(issue.getIssueType()))
preStmt.setString(8,str(issueBackground))
preStmt.setString(9,str(remediationBackground))
preStmt.setString(10,str(remediationDetail))
preStmt.setString(11,str(requests))
preStmt.setString(12,str(response))
preStmt.setString(13,str(issue.getIssueName()))
preStmt.addBatch()
dbConn.setAutoCommit(False)
preStmt.executeBatch()
dbConn.setAutoCommit(True)
dbConn.close()
self._stdout.println("time:")
self._stdout.println(current_time)
self._stdout.print("ip")
self._stdout.println(ip)
self._stdout.println("qudingchengdu:"+issue.getConfidence())
self._stdout.print("url:")
self._stdout.println(issue.getUrl())
self._stdout.println(issue.getIssueName())
self._stdout.println("level:"+issue.getSeverity())
self._stdout.print("detail:")
if(issue.getIssueDetail()):
self._stdout.println(issue.getIssueDetail())
else:
self._stdout.println("none")
self._stdout.println("getIssueType():")
self._stdout.println(issue.getIssueType())
self._stdout.print("getIssueBackground")
if(issue.getIssueBackground()):
self._stdout.println(issue.getIssueBackground())
else:
self._stdout.println("none")
self._stdout.print("getRemediationBackground():")
if(issue.getRemediationBackground()):
self._stdout.println(issue.getRemediationBackground())
else:
self._stdout.println("none")
self._stdout.print("getRemediationDetail():")
if(issue.getRemediationDetail()):
self._stdout.println(issue.getRemediationDetail())
else:
self._stdout.println("none")
self._stdout.println("---------------------------")
scanner 扫描过程中过滤js,jpg等文件
将需要测试的url自动添加到scope中
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。