Thomas Patzke thomaspatzke
thomaspatzke
/ extract_post_parameters_from_burpexport.sh
Last active
June 12, 2025 12:00
Extract particular HTTP request parameter value (POST) from Burp XML save file without Base64 request/response encoding. Here I extract the NavigationTarget parameter of a SAP Portal application.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xmlstarlet sel -t -m '//items/item[contains(./request,"NavigationTarget")]' -v 'substring-before(substring-after(./request, "NavigationTarget="), "&")' -n Crawl-*.xml | perl -mURI::Escape -ne 'print URI::Escape::uri_unescape($_);' | sort -u |
thomaspatzke
/ find_unique.sh
Created
January 7, 2015 13:59
Generate a list of files with unique content
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find -type f -exec sha256sum {} \; | sort | perl -ne '($h, $f) = /^(\S+)\s+(.*)$/; if (defined $ph && $ph ne $h || !defined $ph) { print "$f\n" } $ph = $h; $pf = $f;' |
thomaspatzke
/ extract_post_parameters_from_burpexport-without_xmlstarlet.sh
Created
January 19, 2015 13:24
Extract POST parameter (here javax.faces.ViewState) from files with saved HTTP requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grep javax.faces.ViewState POSTs.xml | perl -mURI::Escape -ne '/javax\.faces\.ViewState=(.*?)&/; print URI::Escape::uri_unescape($1); print "\n"' | sort -u |
thomaspatzke
/ CSRFToken.py
Created
February 3, 2015 14:01
Burp extension: extract CSRF tokens from responses of selected Burp tools and update them with a custom session handling rule.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Session CSRF Token Handling") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.callbacks.registerHttpListener(self) |
thomaspatzke
/ Burp-SessionHandlingActionReplaceIDInResponse.py
Created
February 2, 2015 11:19
This is a template for a Burp extension that can be used as session handling macro action. It pulls an identifier (here: last part of location header from redirection response) from the first macro response and puts it in the given place of the current request (here: last URL path component). Adapt as needed at the places marked with "CONFIG" co…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, ISessionHandlingAction) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Path Parameter Session Handling Action") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.out = callbacks.getStdout() |
thomaspatzke
/ net-config.sh
Created
January 19, 2016 22:46
Shell script to quickly switch between real Internet connection (NAT) and simulated (INetSim)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| case "$1" in | |
| router) | |
| sysctl -w net.ipv4.ip_forward=1 | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| systemctl start dnsmasq.service | |
| ;; | |
| router-stop) | |
| sysctl -w net.ipv4.ip_forward=0 |
thomaspatzke
/ nmap-open-ports.sh
Last active
June 12, 2025 11:59
Extract all open ports in Host:Port format from nmap XML output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xmlstarlet sel -t -m '//port/state[@state="open"]/parent::port' -v 'ancestor::host/address/@addr' -o : -v './@portid' -n nmap-output.xml |
thomaspatzke
/ proxy_http_connect-portscanner.sh
Created
September 1, 2016 13:28
Simple HTTP CONNECT Proxy Portscanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for (( p=0; p <= 65535; p++ )); do echo "Probing port $p"; echo -n "Port $p: " >> portscan.log; (echo CONNECT targethost:$p HTTP/1.1; echo) | nc -q 3 proxyhost proxyport | head -1 >> portscan.log; done |
thomaspatzke
/ Burp-CSRFRandomName.py
Created
February 15, 2017 09:09
Burp Session Handling Extension: CSRF tokens with random parameter names
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
| import re | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.getHelpers() | |
| callbacks.setExtensionName("Handling of CSRF Tokens with Random Names") | |
| self.callbacks.registerSessionHandlingAction(self) | |
| self.callbacks.registerHttpListener(self) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org> | |
| # Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
| # IMPORTANT: This must run with Administrator privileges! | |
| Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
| # Kill all parent processes from detected vssadmin process | |
| $p = $EventArgs.NewEvent.TargetInstance | |
| while ($p) { | |
| $ppid = $p.ParentProcessID | |
| $pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
| Write-Host $p.ProcessID |
NewerOlder