search

nccgroup / AutoRepeater

Automated HTTP Request Repeating With Burp Suite
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/january/autorepeater-automated-http-request-repeating-with-burp-suite/
MIT License
846 stars 107 forks source link

Condition about file extension doesn't work. #68

Closed Lz1y closed 4 years ago

Lz1y commented 4 years ago

image

       "conditions": [{
            "booleanOperator": "",
            "matchType": "Sent From Tool",
            "matchRelationship": "Burp",
            "matchCondition": "",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "jpg",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "js",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "png",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "gif",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "css",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "jpeg",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": "svg",
            "isEnabled": true
        },
        {
            "booleanOperator": "And",
            "matchType": "File Extension",
            "matchRelationship": "Does Not Match",
            "matchCondition": ".ico",
            "isEnabled": true
        }],
justinmoore commented 4 years ago

Hey Lz1y,

Have you tried using OR instead of AND?

Thanks, Justin

Sent from my iPhone

On Oct 8, 2020, at 1:26 PM, Lz1y notifications@github.com wrote:



   "conditions": [{
        "booleanOperator": "",
        "matchType": "Sent From Tool",
        "matchRelationship": "Burp",
        "matchCondition": "",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "jpg",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "js",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "png",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "gif",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "css",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "jpeg",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": "svg",
        "isEnabled": true
    },
    {
        "booleanOperator": "And",
        "matchType": "File Extension",
        "matchRelationship": "Does Not Match",
        "matchCondition": ".ico",
        "isEnabled": true
    }],

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

Lz1y commented 4 years ago

@justinmoore Yes, I tried, but doesn't work too. Thanks for your reply.

Lz1y commented 4 years ago

Seems like if requests urls have params, then log filter will pass it, even if the filter is set image

Lz1y commented 4 years ago

image https://github.com/nccgroup/AutoRepeater/blob/30f5325f451751bf06ed26203d1c637c0652235a/src/burp/Conditions/Condition.java#L334

Lz1y commented 4 years ago

Seems like the condition's value should be a regexp..

Lz1y commented 4 years ago

There are some problems with the getFileExtension function.

import com.google.common.io.Files;

public class main {
    public static void main(String[] args){
        String fileExtension = Files.getFileExtension("https://a.stat.xiaomi.com/js/mstr.js?mid=Yl332l5C%2BzdcX%2FgREkiJUA%3D%3D&device_id=&phpsessid=&mstuid=1602175906720_7090&muuid=&mucid=&sessionId=584055415&step=78&new_visitor=0&mstprevpid=df5e8b1eb5bed295-c4a88472368e6f30&mstprev_pid_loc=pcpid&prevtarget=%2F%2Fwww.mi.com%2Fuser%2ForderList%2F&lastsource=www.baidu.com&timestamp=1602178698052&ref=https%3A%2F%2Fwww.mi.com%2Fuser%2Fcomment%3Ffilter%3D1%7Cr%3D1602178071&domain=.mi.com&screen=2560*1440&language=zh-CN&vendor=&platform=Win32&gu=https%253A%252F%252Fwww.mi.com%252Fuser%252Fcomment%253Ffilter%253D1%257Cr%253D1602178071&miwd=&edm_task=&masid=&client_id=&pu=https%3A%2F%2Fwww.mi.com%2Fuser%2Fcomment%3Ffilter%3D1%7Cr%3D1602178071&rf=0&mutid=&muwd=&domain_id=100&pageid=8544b1dcfab5f798&curl=https%3A%2F%2Fwww.mi.com%2Fuser%2FcommentDetail%3Forder_id%3D5200928914601500&xmv=1602175906720_7090_1602175906720&v=1.0.0&vuuid=GSSCP2LG3BET8BBR&type=sp&logs=&log_codes=31pchomeother001000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476901.1%3B31pchomeother002000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476902.1%3B31pchomeother003000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476903.1%3B31pchomeother004000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476904.1%3B31pchomeother005000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476896.1%3B31pchomeother006000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476897.1%3B31pchomeother007000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476898.1%3B31pchomeother008000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476899.1%3B31pchomeother009000%23t%3Dnormal%26act%3Dother%26page%3Dhome%26page_id%3D10530%26bid%3D3476900.1%3Bbpm%3D28.265.3682762.1%26cdm%3D0.0.0.0%3Bbpm%3D28.265.3682763.1%26cdm%3D0.1.0.searchWord-51e6097fb318453aa647386bd7889528-%E5%AE%B6%E7%94%B5-CATE_HOT-CATEGORY-1-default%26next%3D28.265%3Bbid%3D3343648%3Bbid%3D3213221%3Bbid%3D3213225%3Bbid%3D3213222%3Bbid%3D3213223%3Bbid%3D3212729");
        System.out.println(fileExtension);
        boolean bool = fileExtension.matches("js.*");
        System.out.println(bool);
    }
}

output:

265%3Bbid%3D3343648%3Bbid%3D3213221%3Bbid%3D3213225%3Bbid%3D3213222%3Bbid%3D3213223%3Bbid%3D3212729
false