Burp 插件: Tomcat JSESSIONID 随机生成器

正文

随机生成 JSESSIONID

# -*- coding: utf-8 -*-
# random_sessionid_generator.py
# http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.7-b1/jython-standalone-2.7-b1.jar

from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
import time
import random


class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory):

    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()

        # 插件名称
        callbacks.setExtensionName("Random JSESSIONID Generator")
        callbacks.registerIntruderPayloadGeneratorFactory(self)
        return

    # Generator 名称
    def getGeneratorName(self):
        return "Random JSESSIONID"

    # 新建实例
    def createNewInstance(self, attack):
        return PayloadFactory(self, attack)


class PayloadFactory(IIntruderPayloadGenerator):
    def __init__(self, extender, attack):
        self._extender = extender
        self._helpers = extender._helpers
        self._attack = attack
        self._payloadIndex = 0
        self._used_set = set()
        return

    def hasMorePayloads(self):
        return self._payloadIndex < 100

    def generateNewID(self):
        characters = '0123456789ABCDEF'
        session_id = ''
        # E0FC7ADDD8796D1FC8D3DD9343BD5485
        for i in range(32):
            ch = random.choice(characters)
            session_id += ch
        return session_id

    def getNextPayload(self, current_payload):
        session_id = self.generateNewID()

        while session_id in self._used_set:
            session_id = self.generateNewID()

        self._used_set.add(session_id)
        self._payloadIndex = self._payloadIndex + 1
        return session_id

    def reset(self):
        self._payloadIndex = 0
        return   

• #Burpsuite
• #Penetration Testing
• #渗透测试