Last active
October 26, 2017 16:39
-
-
Save ismailakkila/0bfd88ab2a7f4ac9fd8536e0a97cbcc4 to your computer and use it in GitHub Desktop.
ch6_burp_send_to_bing.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import IContextMenuFactory | |
| from javax.swing import JMenuItem | |
| from java.net import URL | |
| from java.util import List, ArrayList | |
| import urllib | |
| import json | |
| import socket | |
| import re | |
| import threading | |
| bing_api_key = "YOUR_API_KEY" | |
| bing_api_host = "api.cognitive.microsoft.com" | |
| bing_api_urlquery = "https://api.cognitive.microsoft.com/bing/v7.0/search?count=20&q=" | |
| #The class implements the IContextMenuFactory reference API | |
| class BurpExtender(IBurpExtender, IContextMenuFactory): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self._callbacks = callbacks | |
| self._helpers = callbacks.getHelpers() | |
| self.context = None | |
| callbacks.setExtensionName("BHP Bing") | |
| callbacks.registerContextMenuFactory(self) | |
| return | |
| def createMenuItems(self, context_menu): | |
| self.context = context_menu | |
| menu_list = ArrayList() | |
| menu_list.add(JMenuItem("Send to Bing", actionPerformed=self.bing_action)) | |
| return menu_list | |
| #We extract the http host from the intercepted HTTP request | |
| def bing_action(self, event): | |
| http_traffic = self.context.getSelectedMessages() | |
| print "Incoming Request(s): %d" % len(http_traffic) | |
| for traffic in http_traffic: | |
| http_service = traffic.getHttpService() | |
| http_host = http_service.getHost() | |
| self.bing_host(http_host) | |
| return | |
| #We check if the host is an ip address or domain and build the query accordingly | |
| def bing_host(self, http_host): | |
| is_ip = re.match("[0-9]+(?:\.[0-9]+){3}", http_host) | |
| if is_ip: | |
| ip_address = http_host | |
| domain = False | |
| else: | |
| ip_address = socket.gethostbyname(http_host) | |
| domain = True | |
| if domain: | |
| self.bing_query("'domain:%s'" % http_host) | |
| else: | |
| self.bing_query("'ip:%s''" % ip_address) | |
| #We build the http request towards Bing Search APi and kick start a new thread for it | |
| def bing_query(self, query): | |
| query = urllib.quote(query) | |
| http_request = "GET %s%s HTTP/1.1\r\n" % (bing_api_urlquery, query) | |
| http_request += "Host: %s\r\n" % bing_api_host | |
| http_request += "Connection: close\r\n" | |
| http_request += "Ocp-Apim-Subscription-Key: %s\r\n" % bing_api_key | |
| http_request += "User-Agent: BlackHat Python\r\n\r\n" | |
| http_request_thread = threading.Thread(target=http_api_call, args=(self, bing_api_host, http_request)) | |
| http_request_thread.start() | |
| #We make the HTTP request using the object's callback property and parse the JSON to extract the details. | |
| #We also add any urls returned from the API to Burp's target scope | |
| def http_api_call(burp_extender, bing_api_host, http_request): | |
| json_body = burp_extender._callbacks.makeHttpRequest(bing_api_host, 443, True, http_request).tostring() | |
| json_body = json_body.split("\r\n\r\n", 1)[1] | |
| try: | |
| r = json.loads(json_body) | |
| if len(r["webPages"]["value"]): | |
| for result in r["webPages"]["value"]: | |
| print "*" * 100 | |
| print result["name"] | |
| print result["url"] | |
| print result["snippet"] | |
| print "*" * 100 | |
| j_url = URL(result["url"]) | |
| if not burp_extender._callbacks.isInScope(j_url): | |
| print "Adding to Burp Scope" | |
| burp_extender._callbacks.includeInScope(j_url) | |
| except: | |
| print "No results from Bing" | |
| pass | |
| return |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment