Last active
October 8, 2022 22:21
-
-
Save TheGroundZero/d4428a68e1ebbd515f3bf8dd3ba4181f to your computer and use it in GitHub Desktop.
Burp Intruder payload generator for Belgian Social Security Number (rijksregisternummer)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script by TheGroundZero (@DezeStijn) | |
# | |
# This payload generator generates valid Belgian Social Security Numbers | |
# This SSN (rijksregisternummer) is formatted as yy.mm.dd-counter-check | |
# yy, mm and dd are the date of birth | |
# counter is a 3 digit number, which counts the births per day (uneven number for men and even for women) | |
# check is a 2 digit validation number based on the previous digits | |
# | |
# You can provide a "seed" to the generator to set a static birth date. | |
# This will result in a random generation of the counter and check values. | |
# If no seed was provided, the generation will create random birth dates and counters, and will calculate the check for each. | |
# | |
# This generator does no perform a linear bruteforce. | |
# A max. of 1.000 payloads will be generated per attack. | |
# | |
# Free to use, but please do refer to this original gist. | |
# | |
# https://github.com/TheGroundZero | |
# https://twitter.com/DezeStijn/ | |
# https://sequr.be/ | http://sequrx53bdtvizjsbcdibrugpg7fujhvx7b75rvhwh2kq3i4hhvh35qd.onion/ | |
# | |
from burp import IBurpExtender | |
from burp import IIntruderPayloadGeneratorFactory | |
from burp import IIntruderPayloadGenerator | |
import datetime | |
import random | |
def calculateCheck(year, month, day, nr): | |
yy = year % 100 | |
print(" - year: {} ({})".format(year, yy)) | |
print(" - month: {}".format(month)) | |
print(" - day: {}".format(day)) | |
print(" - nr: {}".format(nr)) | |
precheck = int("{}{:02d}{:02d}{:02d}{:03d}".format(2 if year >= 2000 else "", yy, month, day, nr)) | |
check = 97 - (precheck % 97) | |
payload = "{:02d}.{:02d}.{:02d}-{:03d}.{:02d}".format(yy, month, day, nr, check) | |
print(" - payload: {}".format(payload)) | |
return payload | |
class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory): | |
# | |
# implement IBurpExtender | |
# | |
def registerExtenderCallbacks(self, callbacks): | |
# obtain an extension helpers object | |
self._callbacks = callbacks | |
self._helpers = callbacks.getHelpers() | |
callbacks.setExtensionName("Rijkregisternummer payloads") | |
callbacks.registerIntruderPayloadGeneratorFactory(self) | |
return | |
# | |
# implement IIntruderPayloadGeneratorFactory | |
# | |
def getGeneratorName(self): | |
return "Rijksregisternummer generator" | |
def createNewInstance(self, attack): | |
# return a new IIntruderPayloadGenerator to generate payloads for this attack | |
return IntruderPayloadGenerator(self, attack) | |
# | |
# class to generate payloads | |
# | |
class IntruderPayloadGenerator(IIntruderPayloadGenerator): | |
def __init__(self, extender, attack): | |
self._extender = extender | |
self._helpers = extender._helpers | |
self._attack = attack | |
self._max_payloads = 999 | |
self._payloadIndex = 0 | |
self._curYear = datetime.datetime.now().year | |
def hasMorePayloads(self): | |
return self._payloadIndex < self._max_payloads | |
def getNextPayload(self, baseValue): | |
# Assume baseValue is yyyy.mm.dd or empty | |
if baseValue is None or baseValue == "": | |
print("[*] Generate random RRnr") | |
year = random.randint(self._curYear-100, self._curYear) | |
month = random.randint(1, 12) | |
day = random.randint(1, 28) | |
nr = random.randint(1, 998) | |
else: | |
payload = self._helpers.bytesToString(baseValue) | |
print("[*] Calculate RRnr") | |
print(" - baseValue: {}".format(payload)) | |
year, month, day = [int(s) for s in payload.split(".")] | |
nr = self._payloadIndex | |
self._payloadIndex += 1 | |
return calculateCheck(year, month, day, nr) | |
def reset(self): | |
self._payloadIndex = 0 |
Deze extension creëert een payload generator voor de Intruder waarmee je Belgische Rijksregisternummers kan maken, volledig random of op basis van zelf gekozen jaar, maand, en dag.
Handig voor applicaties waar je een geldig RRN moet ingeven bij registratie bv.
In Intruder selecteer je de positie waar je een RRN nodig hebt en gebruikt dan "Extension Generated" data. Als de default al een datum bevat, wordt die gebruikt om de lijst aan RRN op te baseren.
Oke bedankt, ik probeer het eens.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kan je me even uitleggen hoe ik dit kan gebruiken? Om dit te genereren? Ik heb je een volg gegeven.