lz - Githubissues

epony4c commented 1 year ago

大佬，这个怎么看是不是在检测中啊？直接从数据库中看检测结果吗？

depycode commented 1 year ago

BurpExtender_ALL.py 里面的 self.scan_host 为需要扫描的根域名。探测到漏洞会在reports 目录里面生成报告。（会存在误报情况）

epony4c commented 1 year ago

如果self.scan_host为空的话，是不是检测所有的域名？还有如果是IP地址的情况下呢？

depycode commented 1 year ago

修改下代码

def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
    if toolFlag == self._callbacks.TOOL_PROXY and messageIsRequest:
        httpService = messageInfo.getHttpService()
        host = httpService.getHost()
        analyzeRequest = self._helpers.analyzeRequest(messageInfo)
        full_url = analyzeRequest.getUrl().toString()
        params = analyzeRequest.getParameters()
        method = analyzeRequest.getMethod()
        if self.getParamaters(params,0) or self.getParamaters(params, 1) or messageInfo.getRequest()[analyzeRequest.getBodyOffset():].tostring():
            if method in ['GET','POST'] and not full_url.split('?')[0].endswith(self.static_url) and host not in self.black_host:
                # scan_host=() 时扫描所有，scan_host=('.qq.com','aa.com') 时仅扫描以qq.com和aa.com结尾的域名
                if len(self.scan_host)>0:
                    if host.endswith(self.scan_host):
                        self.parseRequest(messageInfo)
                else:
                    self.parseRequest(messageInfo)

epony4c commented 1 year ago

tql

depycode / burpsuite_hack

lz #2