search

nccgroup / blackboxprotobuf

Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.
MIT License
516 stars 86 forks source link

this tool how to parse protobuf data #1

Closed zxhubo closed 4 years ago

zxhubo commented 5 years ago

I read the tool of source code,I found the source code where to parse protobuf data to json data and the json data to protobuf data is not Integrally。 For example,the code is :

        if 'detect_protobuf' in dir(user_funcs):
            result = user_funcs.detect_protobuf(content, is_request, info, self._helpers)
            if result is not None:
                return result

the function detect_protobuf is in the file of user_funcs.py,but all of the function in user_funcs.py are only defined in this file,but not implement。for example:

"""These functions allow functionality within the Blackbox protobuf extension
   to be customized in order to handle undefined behavior.

    Common parameters:
        content -- Binary content of the request
        is_request -- boolean, True for a request, False for a response
        content_info -- RequestInfo or ResponseInfo object, See
            https://portswigger.net/Burp/extender/api/burp/IRequestInfo.html and
            https://portswigger.net/Burp/extender/api/burp/IResponseInfo.html
        helpers -- Burp extension helpers,
            https://portswigger.net/Burp/extender/api/burp/IExtensionHelpers.html
        request/request_content_info -- If called on a response, send the
            corresponding request (useful for retrieving URL parameters)

    Useful functionality:
        URL parameters:
            for param in content_info.getParmeters():
                if param.getName() == 'type':
                    ...
        Headers:
            if 'content-type' in content_info.getHeaders():
                ...
        Request Body:
            body = content[content_info.getBodyOffset():].tostring()
        Setting paramater:
            import burp.IParameter
            body = helpers.updateParameter(
                        content,
                        helpers.buildParameter('message',
                                               protobuf_data,
                                               IParameter.PARAM_URL))
"""

def detect_protobuf(content, is_request, content_info, helpers):
    """Customize protobuf detection. Passes in request. Should return True,
       False, or None (to use default detection)"""
    pass

def get_protobuf_data(content, is_request, content_info, helpers,
                      request=None, request_content_info=None):
    """Customize how the protobuf data is retrieved from the request. For
       example, in a parameter or encoded."""
    pass

def set_protobuf_data(protobuf_data, content, is_request, content_info, helpers,
                      request=None, request_content_info=None):
    """Customize how the protobuf data is set in request/response. For example,
       in a parameter or encoded. Should mirror get_protobuf_data"""
    pass

def hash_message(content, is_request, content_info, helpers,
                 request=None, request_content_info=None):
    """Customize how a request is identified for type definition saving. Two
       requests will use the same type definition if this function returns the
       same value.
    """
    pass

the functions are implement ,where ?

rwinkelmaier-ncc commented 5 years ago

Hi, is there a specific issue you are running into?

The functions in user_funcs.py are there to allow a user to override some defaults if a project calls for it. If they are not implemented, then the defaults are used.

The functions responsible for actually translating protobuf to JSON can be found in https://github.com/nccgroup/blackboxprotobuf/blob/master/blackboxprotobuf/lib/interface.py

zxhubo commented 5 years ago

@rwinkelmaier-ncc Yes,I know。 I agree what you said The functions in user_funcs.py are there to allow a user to override some defaults if a project calls for it. If they are not implemented, then the defaults are used.. but The functions in user_funcs.py are any define in this file。for example,

def detect_protobuf(content, is_request, content_info, helpers):
    """Customize protobuf detection. Passes in request. Should return True,
       False, or None (to use default detection)"""
    pass

this function detect_protobuf ,the body is pass , but nothing in this function. so default it can not do anything.

zxhubo commented 5 years ago

I think phthon is like java , we can define a function in a interface file by java,if we want to invoke this method,we must be implement it。 now ,the present situation is similar what I said,there is a python file must implement the functions in user_funcs.py。understand what I said ? my English is pool,sorry。

rwinkelmaier-ncc commented 5 years ago

The functions should work as currently implemented. They simply return None if they are not overridden and the calling code performs a different check instead. Are you running into a specific error?

zxhubo commented 5 years ago

@rwinkelmaier-ncc Yes,I know what you said ,but now there is no any file or function implment user_funcs.py.it's means now the can't do anything?