-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmacro_custom_header_resheader.py
85 lines (55 loc) · 2.98 KB
/
macro_custom_header_resheader.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import json
import sys
from java.io import PrintWriter
from burp import IBurpExtender
from burp import ISessionHandlingAction
class BurpExtender(IBurpExtender, ISessionHandlingAction):
def getActionName(self):
# return extension name
return 'Custom Header For Macro - Header '
def registerExtenderCallbacks(self, callbacks):
# set extension name
callbacks.setExtensionName('Custom Header For Macro - Header')
# register for scanner callbacks
callbacks.registerSessionHandlingAction(self)
# make errors more readable ad required for debugger burp-exceptions
sys.stdout = callbacks.getStdout()
# use PrintWriter for all output
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStdout(), True)
# write a message to output stream
self.stdout.println('Custom Header For Macro - Header')
# keep reference to the callbacks
self.callbacks = callbacks
# obtain extension to the helper object
self.helpers = callbacks.getHelpers()
def performAction(self, baseRequestResponse, macroItems):
# analyse request to be modified
request_info = self.helpers.analyzeRequest(baseRequestResponse)
# get the first response from a macro item
macro_response_info = self.helpers.analyzeResponse(macroItems[0].getResponse())
self.stdout.println('Loading custom header for Macro complete: By justm0rph3u5')
# get the list of headers from the response, if token is present in the response header then we need to list all the header and extract the value
macro_body_offset = macro_response_info.getHeaders()
#from the macro body(which contains the response headers), we are extracting dynamic value of the header
new_header = macro_body_offset.get(1)[14:]
#To list all the headers and iterate one by one to
headers = request_info.getHeaders()
head_delete = ''
for header in headers:
#Change this value according to the custom header present in the request. So if X-SESSION_ID: xxxxxxxx is the header then change the string to 'X_SESSION_ID'
if 'X-CSRF' in header:
head_delete = header
#remove the header
headers.remove(head_delete)
#add new header, some wierd java error may come. please diy
#While adding the new header, kindly change the value to 'X_SESSION_ID', from above example.
headers.add('X-CSRF: ' + new_header)
# get body and add headers to make final request
message = baseRequestResponse.getRequest()
body_offset = request_info.getBodyOffset()
message_body = message[body_offset:-1]
# create new message with headers and body
new_message_request = self.helpers.buildHttpMessage(headers, message_body)
baseRequestResponse.setRequest(new_message_request)
#Blog to implement this https://justm0rph3u5.medium.com/