Created
July 12, 2019 14:01
-
-
Save nvssks/8a8987b253c1678e9d78fb97275280e4 to your computer and use it in GitHub Desktop.
Revisions
-
nvssks created this gist
Jul 12, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,30 @@ from burp import IBurpExtender from burp import ISessionHandlingAction from burp import IBurpExtenderCallbacks class BurpExtender(IBurpExtender, ISessionHandlingAction): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = self._callbacks.getHelpers() self._callbacks.setExtensionName('CSRF Body Syncro') self._callbacks.registerSessionHandlingAction(self) print '[*] CSRF Body Syncro' def getActionName(self): return 'CSRF Body Syncro' def performAction(self, currentRequest, macroItems): request=currentRequest.getRequest() request_info=self._helpers.analyzeRequest(request) body_parameter=self._helpers.getRequestParameter(request,'_csrf') cookie_parameter=self._helpers.getRequestParameter(request,'CSRF-TOKEN') if body_parameter and cookie_parameter: body_value=body_parameter.getValue() cookie_value=cookie_parameter.getValue() if not body_value == cookie_value: print '[+] Updating Body CSRF Token' new_parameter=self._helpers.buildParameter(body_parameter.getName(), cookie_value, body_parameter.getType()) new_request=self._helpers.updateParameter(request, new_parameter) currentRequest.setRequest(new_request) else: print '[*] Parameters matching - nothing to do' else: print '[-] Parameter missing'