Skip to content

Instantly share code, notes, and snippets.

@bbhunter

bbhunter/MutateMethods.py

Forked from defparam/MutateMethods.py
Created May 28, 2022 17:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bbhunter/2eb57edd38cdb2ad50b1547d2b82629e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bbhunter/2eb57edd38cdb2ad50b1547d2b82629e to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @defparam defparam revised this gist May 26, 2022. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion MutateMethods.py
    View file
    Original file line number Diff line number Diff line change
    @@ -10,7 +10,7 @@ def listen(self):
    while True:
    time.sleep(1)
    if (not handler.running):
    callbacks.removeProxyListener(x)
    callbacks.removeProxyListener(self)
    return

    def processProxyMessage(self, messageIsRequest, message):
  2. @defparam defparam created this gist May 26, 2022.
    46 changes: 46 additions & 0 deletions MutateMethods.py
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,46 @@
    import time

    class TrafficMagnet(burp.IProxyListener):
    def __init__(self, engine):
    callbacks.registerProxyListener(self)
    self._engine = engine
    self._target = str(self._engine.engine.getTarget()).lower().replace("https:","").replace("http:","").replace("/","").split(':')[0]

    def listen(self):
    while True:
    time.sleep(1)
    if (not handler.running):
    callbacks.removeProxyListener(x)
    return

    def processProxyMessage(self, messageIsRequest, message):
    if messageIsRequest:
    messageInfo = message.getMessageInfo()
    host = str(messageInfo.getHttpService().getHost()).lower()

    # Turbo Intruder engine is set on 1 target, only test requests from that target
    if host == self._target:
    verblist = ["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "TRACE", "CONNECT"]
    origreq = str(messageInfo.getRequest().tostring())
    origverb = origreq.split()[0]
    for verb in verblist:
    if verb == origverb:
    continue
    newreq = origreq.replace(origverb, verb)
    self._engine.queue(newreq)

    def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint,
    concurrentConnections=10,
    requestsPerConnection=10,
    pipeline=False)

    # Create a traffic magnet that queues tests based on incoming requests to this server
    magnet = TrafficMagnet(engine)

    # Keep this running until user cancels the attack
    magnet.listen()


    def handleResponse(req, interesting):
    table.add(req)