Burp Intruder payload generator for Belgian Social Security Number (rijksregisternummer)

burp_rijksregisternummer-generator.py

# Script by TheGroundZero (@DezeStijn)
#
# This payload generator generates valid Belgian Social Security Numbers
# This SSN (rijksregisternummer) is formatted as yy.mm.dd-counter-check
#     yy, mm and dd are the date of birth
#     counter is a 3 digit number, which counts the births per day (uneven number for men and even for women)
#     check is a 2 digit validation number based on the previous digits
#
# You can provide a "seed" to the generator to set a static birth date.
# This will result in a random generation of the counter and check values.
# If no seed was provided, the generation will create random birth dates and counters, and will calculate the check for each.
#
# This generator does no perform a linear bruteforce.
# A max. of 1.000 payloads will be generated per attack.
#
# Free to use, but please do refer to this original gist.
#
# https://github.com/TheGroundZero
# https://twitter.com/DezeStijn/
# https://sequr.be/ | http://sequrx53bdtvizjsbcdibrugpg7fujhvx7b75rvhwh2kq3i4hhvh35qd.onion/
#

from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
import datetime
import random


def calculateCheck(year, month, day, nr):
    yy = year % 100

    print("  - year: {} ({})".format(year, yy))
    print("  - month: {}".format(month))
    print("  - day: {}".format(day))
    print("  - nr: {}".format(nr))

    precheck = int("{}{:02d}{:02d}{:02d}{:03d}".format(2 if year >= 2000 else "", yy, month, day, nr))
    check = 97 - (precheck % 97)

    payload = "{:02d}.{:02d}.{:02d}-{:03d}.{:02d}".format(yy, month, day, nr, check)

    print("  - payload: {}".format(payload))

    return payload


class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory):

    #
    # implement IBurpExtender
    #

    def registerExtenderCallbacks(self, callbacks):
        # obtain an extension helpers object
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()

        callbacks.setExtensionName("Rijkregisternummer payloads")
        callbacks.registerIntruderPayloadGeneratorFactory(self)
        return

    #
    # implement IIntruderPayloadGeneratorFactory
    #

    def getGeneratorName(self):
        return "Rijksregisternummer generator"

    def createNewInstance(self, attack):
        # return a new IIntruderPayloadGenerator to generate payloads for this attack
        return IntruderPayloadGenerator(self, attack)


#
# class to generate payloads
#

class IntruderPayloadGenerator(IIntruderPayloadGenerator):
    def __init__(self, extender, attack):
        self._extender = extender
        self._helpers = extender._helpers
        self._attack = attack
        self._max_payloads = 999
        self._payloadIndex = 0
        self._curYear = datetime.datetime.now().year

    def hasMorePayloads(self):
        return self._payloadIndex < self._max_payloads

    def getNextPayload(self, baseValue):
        # Assume baseValue is yyyy.mm.dd or empty

        if baseValue is None or baseValue == "":
            print("[*] Generate random RRnr")
            year = random.randint(self._curYear-100, self._curYear)
            month = random.randint(1, 12)
            day = random.randint(1, 28)
            nr = random.randint(1, 998)
        else:
            payload = self._helpers.bytesToString(baseValue)
            print("[*] Calculate RRnr")
            print("  - baseValue: {}".format(payload))

            year, month, day = [int(s) for s in payload.split(".")]
            nr = self._payloadIndex
            self._payloadIndex += 1

        return calculateCheck(year, month, day, nr)

    def reset(self):
        self._payloadIndex = 0

Oke bedankt, ik probeer het eens.