search

Damian89 / extended-baserequest-importer

Scan and import relevant requests directly to burp!
https://www.damianschwyrz.de/
9 stars 7 forks source link

problem and new idea #4

Open mohammed-sec2010 opened 5 years ago

mohammed-sec2010 commented 5 years ago

Hi I see your tool only crawl first 10 parameters and made get and post. how can I crawl all parameters in the page and make get and post with them?

OR I have an idea that your tool crawl firest 10 parameters and make get-post. then crawl the next 10 parameters and make get-post ....so on

mohammed-sec2010 commented 5 years ago

also, I see your regex parameter does not crawal all the var name and make post-get : re.findall('var ([a-zA-Z0-9-_]+)', self.response_body) +

Damian89 commented 5 years ago

Hi,

notice this setting:

[type-settings]
GetChunkSize = 55
PostChunkSize = 500

There you can adjust the chunk size for each both GET and POST request seperately.

This tool is designed to extract as much possible vars from the http body (it does not take other sources like javascript files into account). To accomplish this you would need to extend this tool and add some routines which try to download the js files and find parameters in those.

Additionally this tool TRIES to EXTRACT as much params as possible from the http body - there I use those regular expressions.

IF you have an idea which regular expression to use for paramter extraction: FORK, FIX and PR ;)

It is hard to know what you mean with "all parameters" since I dont know your example - thats why I have a simple example from my own for you:

https://brutelogic.com.br/xss.php

My settings are for this case:

[default]
HTTPTimeOut = 10
MaxThreads = 1
ShuffleTests = false

[types]
UsePost = true
UseGet = true

[type-settings]
GetChunkSize = 1
PostChunkSize = 1

[tunneling]
Active = true
Tunnel = 127.0.0.1:8080

Everything works as expected:

image image

You see request 1: base request which tries to extract parametes from the body - then you see ONE request for EACH parameter and EACH method. Why? Because I specified: GetChungSize=1,PostChunkSize=1

Now with other settings:

[type-settings]
GetChunkSize = 55
PostChunkSize = 500

Result:

image

You can see here that since chunk size for get requests is 55 parameters, every found parameter is used in the one request (and there is no second request because only ~16 parameteres were found).

Same applies to POST:

image

So from here on: I dont really know what the problem is ;) Maybe you did not understand how this tool works.

I suspect in your case the tool is not able to extract some relevant paramters because the regular expressions dont match them. Then as I said: adjust the regular expressions (or add your own) and push it ;)

Best,

Damian

mohammed-sec2010 commented 5 years ago

Hi I found my mistake .. I see your tool remove the parameters from the URL before scanning the parameters like this : https://www.test.com/loginForm?from=share

your tool is removed the ?from=share then scanning the parameters. My problem is I want the tool to scan the parameters from the same link like this: https://www.test.com/loginForm?from=share not scanning this https://www.test.com/loginForm to find parametres because I will be missed some script parameters like this :