TheGroundZero/burp_rijksregisternummer-generator.py

## burp_rijksregisternummer-generator.py
# Script by TheGroundZero (@DezeStijn)
#
# This payload generator generates valid Belgian Social Security Numbers
# This SSN (rijksregisternummer) is formatted as yy.mm.dd-counter-check
#     yy, mm and dd are the date of birth
#     counter is a 3 digit number, which counts the births per day (uneven number for men and even for women)
#     check is a 2 digit validation number based on the previous digits
#
# You can provide a "seed" to the generator to set a static birth date.
# This will result in a random generation of the counter and check values.
# If no seed was provided, the generation will create random birth dates and counters, and will calculate the check for each.
#
# This generator does no perform a linear bruteforce.
# A max. of 1.000 payloads will be generated per attack.
#
# Free to use, but please do refer to this original gist.
#
# https://github.com/TheGroundZero
# https://twitter.com/DezeStijn/
# https://sequr.be/ | http://sequrx53bdtvizjsbcdibrugpg7fujhvx7b75rvhwh2kq3i4hhvh35qd.onion/
#

from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
import datetime
import random


def calculateCheck(year, month, day, nr):
    yy = year % 100

    print("  - year: {} ({})".format(year, yy))
    print("  - month: {}".format(month))
    print("  - day: {}".format(day))
    print("  - nr: {}".format(nr))

    precheck = int("{}{:02d}{:02d}{:02d}{:03d}".format(2 if year >= 2000 else "", yy, month, day, nr))
    check = 97 - (precheck % 97)

    payload = "{:02d}.{:02d}.{:02d}-{:03d}.{:02d}".format(yy, month, day, nr, check)

    print("  - payload: {}".format(payload))

    return payload


class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory):

    #
    # implement IBurpExtender
    #

    def registerExtenderCallbacks(self, callbacks):
        # obtain an extension helpers object
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()

        callbacks.setExtensionName("Rijkregisternummer payloads")
        callbacks.registerIntruderPayloadGeneratorFactory(self)
        return

    #
    # implement IIntruderPayloadGeneratorFactory
    #

    def getGeneratorName(self):
        return "Rijksregisternummer generator"

    def createNewInstance(self, attack):
        # return a new IIntruderPayloadGenerator to generate payloads for this attack
        return IntruderPayloadGenerator(self, attack)


#
# class to generate payloads
#

class IntruderPayloadGenerator(IIntruderPayloadGenerator):
    def __init__(self, extender, attack):
        self._extender = extender
        self._helpers = extender._helpers
        self._attack = attack
        self._max_payloads = 999
        self._payloadIndex = 0
        self._curYear = datetime.datetime.now().year

    def hasMorePayloads(self):
        return self._payloadIndex < self._max_payloads

    def getNextPayload(self, baseValue):
        # Assume baseValue is yyyy.mm.dd or empty

        if baseValue is None or baseValue == "":
            print("[*] Generate random RRnr")
            year = random.randint(self._curYear-100, self._curYear)
            month = random.randint(1, 12)
            day = random.randint(1, 28)
            nr = random.randint(1, 998)
        else:
            payload = self._helpers.bytesToString(baseValue)
            print("[*] Calculate RRnr")
            print("  - baseValue: {}".format(payload))

            year, month, day = [int(s) for s in payload.split(".")]
            nr = self._payloadIndex
            self._payloadIndex += 1

        return calculateCheck(year, month, day, nr)

    def reset(self):
        self._payloadIndex = 0
	# Script by TheGroundZero (@DezeStijn)
	#
	# This payload generator generates valid Belgian Social Security Numbers
	# This SSN (rijksregisternummer) is formatted as yy.mm.dd-counter-check
	# yy, mm and dd are the date of birth
	# counter is a 3 digit number, which counts the births per day (uneven number for men and even for women)
	# check is a 2 digit validation number based on the previous digits
	#
	# You can provide a "seed" to the generator to set a static birth date.
	# This will result in a random generation of the counter and check values.
	# If no seed was provided, the generation will create random birth dates and counters, and will calculate the check for each.
	#
	# This generator does no perform a linear bruteforce.
	# A max. of 1.000 payloads will be generated per attack.
	#
	# Free to use, but please do refer to this original gist.
	#
	# https://github.com/TheGroundZero
	# https://twitter.com/DezeStijn/
	# https://sequr.be/ \| http://sequrx53bdtvizjsbcdibrugpg7fujhvx7b75rvhwh2kq3i4hhvh35qd.onion/
	#

	from burp import IBurpExtender
	from burp import IIntruderPayloadGeneratorFactory
	from burp import IIntruderPayloadGenerator
	import datetime
	import random


	def calculateCheck(year, month, day, nr):
	yy = year % 100

	print(" - year: {} ({})".format(year, yy))
	print(" - month: {}".format(month))
	print(" - day: {}".format(day))
	print(" - nr: {}".format(nr))

	precheck = int("{}{:02d}{:02d}{:02d}{:03d}".format(2 if year >= 2000 else "", yy, month, day, nr))
	check = 97 - (precheck % 97)

	payload = "{:02d}.{:02d}.{:02d}-{:03d}.{:02d}".format(yy, month, day, nr, check)

	print(" - payload: {}".format(payload))

	return payload


	class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory):

	#
	# implement IBurpExtender
	#

	def registerExtenderCallbacks(self, callbacks):
	# obtain an extension helpers object
	self._callbacks = callbacks
	self._helpers = callbacks.getHelpers()

	callbacks.setExtensionName("Rijkregisternummer payloads")
	callbacks.registerIntruderPayloadGeneratorFactory(self)
	return

	#
	# implement IIntruderPayloadGeneratorFactory
	#

	def getGeneratorName(self):
	return "Rijksregisternummer generator"

	def createNewInstance(self, attack):
	# return a new IIntruderPayloadGenerator to generate payloads for this attack
	return IntruderPayloadGenerator(self, attack)


	#
	# class to generate payloads
	#

	class IntruderPayloadGenerator(IIntruderPayloadGenerator):
	def __init__(self, extender, attack):
	self._extender = extender
	self._helpers = extender._helpers
	self._attack = attack
	self._max_payloads = 999
	self._payloadIndex = 0
	self._curYear = datetime.datetime.now().year

	def hasMorePayloads(self):
	return self._payloadIndex < self._max_payloads

	def getNextPayload(self, baseValue):
	# Assume baseValue is yyyy.mm.dd or empty

	if baseValue is None or baseValue == "":
	print("[*] Generate random RRnr")
	year = random.randint(self._curYear-100, self._curYear)
	month = random.randint(1, 12)
	day = random.randint(1, 28)
	nr = random.randint(1, 998)
	else:
	payload = self._helpers.bytesToString(baseValue)
	print("[*] Calculate RRnr")
	print(" - baseValue: {}".format(payload))

	year, month, day = [int(s) for s in payload.split(".")]
	nr = self._payloadIndex
	self._payloadIndex += 1

	return calculateCheck(year, month, day, nr)

	def reset(self):
	self._payloadIndex = 0