ziot/reqsigner.py Secret

## reqsigner.py
from burp import IBurpExtender
from burp import IHttpListener

import json
import urllib

class BurpExtender(IBurpExtender, IHttpListener):

    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("Redacted Plugin")
        callbacks.registerHttpListener(self)
        print('loaded')

    def find_between(self, s, first, last):
        try:
            start = s.index( first ) + len( first )
            end = s.index( last, start )
            return s[start:end]
        except ValueError:
            return ""

    def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
        if messageIsRequest:
            request_info = self._helpers.analyzeRequest(currentRequest)
            url = request_info.getUrl().toString()

            if "[Redacted]:443/api2/" in url:

                print("hit: {0}".format(url))

                request = currentRequest.getRequest()
                requestStr = self._callbacks.getHelpers().bytesToString(request)
                requestParsed = self._helpers.analyzeRequest(request)
                body = requestStr[requestParsed.getBodyOffset():]
                headers = requestParsed.getHeaders()
                for header in headers:
                    if header.startswith("User-Id: "):
                        user_id = header.replace("User-Id: ","")
                    elif header.startswith("User-Agent: "):
                        user_agent = header.replace("User-Agent: ","")
                    elif header.startswith("Time: "):
                        old_time = header.replace("Time: ", "")
                    elif header.startswith("Sign: "):
                        old_sign = header.replace("Sign: ", "")

                endpoint = url.replace("https://[Redacted]:443","")

                hostUrl = "https://[nodejsHost]"
                hostEndpoint = "/?endpoint={0}&id={1}&ua={2}".format(
                    urllib.quote(endpoint),
                    urllib.quote(user_id),
                    urllib.quote(user_agent)
                )
                fullHost = "{0}/{1}".format(hostUrl, hostEndpoint)

                req = self._helpers.buildHttpMessage([
                    'GET {0}'.format(hostEndpoint),
                    'Host: buer.haus:8080'
                ], '')
                resp = self._callbacks.makeHttpRequest("[host]", [port], False, req)
                http_response = self._helpers.bytesToString(resp)

                if http_response:

                    lineCount = len(http_response.splitlines())
                    lastLine = http_response.splitlines()[lineCount-1]
                    jsonData = json.loads(lastLine)

                    newTime = jsonData["time"]
                    newSign = jsonData["sign"]

                    new_headers = headers
                    for idx,header in enumerate(new_headers):
                        if header.startswith("Sign: "):
                            new_headers[idx] = "Sign: {0}".format(newSign)
                        elif header.startswith("Time: "):
                            new_headers[idx] = "Time: {0}".format(newTime)

                    modified_request = self._helpers.buildHttpMessage(new_headers, currentRequest.getRequest()[request_info.getBodyOffset():])
                    currentRequest.setRequest(modified_request)
	from burp import IBurpExtender
	from burp import IHttpListener

	import json
	import urllib

	class BurpExtender(IBurpExtender, IHttpListener):

	def registerExtenderCallbacks(self, callbacks):
	self._callbacks = callbacks
	self._helpers = callbacks.getHelpers()
	callbacks.setExtensionName("Redacted Plugin")
	callbacks.registerHttpListener(self)
	print('loaded')

	def find_between(self, s, first, last):
	try:
	start = s.index( first ) + len( first )
	end = s.index( last, start )
	return s[start:end]
	except ValueError:
	return ""

	def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
	if messageIsRequest:
	request_info = self._helpers.analyzeRequest(currentRequest)
	url = request_info.getUrl().toString()

	if "[Redacted]:443/api2/" in url:

	print("hit: {0}".format(url))

	request = currentRequest.getRequest()
	requestStr = self._callbacks.getHelpers().bytesToString(request)
	requestParsed = self._helpers.analyzeRequest(request)
	body = requestStr[requestParsed.getBodyOffset():]
	headers = requestParsed.getHeaders()
	for header in headers:
	if header.startswith("User-Id: "):
	user_id = header.replace("User-Id: ","")
	elif header.startswith("User-Agent: "):
	user_agent = header.replace("User-Agent: ","")
	elif header.startswith("Time: "):
	old_time = header.replace("Time: ", "")
	elif header.startswith("Sign: "):
	old_sign = header.replace("Sign: ", "")

	endpoint = url.replace("https://[Redacted]:443","")

	hostUrl = "https://[nodejsHost]"
	hostEndpoint = "/?endpoint={0}&id={1}&ua={2}".format(
	urllib.quote(endpoint),
	urllib.quote(user_id),
	urllib.quote(user_agent)
	)
	fullHost = "{0}/{1}".format(hostUrl, hostEndpoint)

	req = self._helpers.buildHttpMessage([
	'GET {0}'.format(hostEndpoint),
	'Host: buer.haus:8080'
	], '')
	resp = self._callbacks.makeHttpRequest("[host]", [port], False, req)
	http_response = self._helpers.bytesToString(resp)

	if http_response:

	lineCount = len(http_response.splitlines())
	lastLine = http_response.splitlines()[lineCount-1]
	jsonData = json.loads(lastLine)

	newTime = jsonData["time"]
	newSign = jsonData["sign"]

	new_headers = headers
	for idx,header in enumerate(new_headers):
	if header.startswith("Sign: "):
	new_headers[idx] = "Sign: {0}".format(newSign)
	elif header.startswith("Time: "):
	new_headers[idx] = "Time: {0}".format(newTime)

	modified_request = self._helpers.buildHttpMessage(new_headers, currentRequest.getRequest()[request_info.getBodyOffset():])
	currentRequest.setRequest(modified_request)