python滲透測試入門之burpsuite根據網頁內容生成密碼

近期收到了電子工業出版社贈送的一本網絡安全書籍《python黑帽子》，書中一共24個實驗，今天復現第17個實驗（burpsuite 頁面內容生成密碼插件），我的測試環境是mbp電腦+kali虛擬機+同事的wordpress站點。還是python2.7環境，並且書中的burpsuite是2.1版本，我這邊是1.7版本，導致實驗的不是很順利，傷心，只走了大體流程，沒大搞明白，後面有機會再研究吧～

1、在proxy標簽頁下的intercept子標簽頁中，右鍵可以看到create wordlist標簽

2、之後在extender標簽頁的extensions子標簽頁中，可以看到output下產生了大量自動生成的密碼

參考代碼：

# -*- coding: utf-8 -*-
# @Time : 2022/6/15 3:07 PM
# @Author : ailx10
# @File : bhp_wordlist.py
from burp import IBurpExtender
from burp import IContextMenuFactory
from java.util import ArrayList
from javax.swing import JMenuItem
from datetime import datetime
from HTMLParser import HTMLParser
import re
class TagStripper(HTMLParser):
def __init__(self):
HTMLParser.__init__(self)
self.page_text = []
def handle_data(self,data):
self.page_text.append(data)
def handle_comment(self,data):
self.handle_data(data)
def strip(self,html):
self.feed(html)
return " ".join(self.page_text)
class BurpExtender(IBurpExtender,IContextMenuFactory):
def registerExtenderCallbacks(self,callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self.context = None
self.hosts = set()
self.wordlist = set(["password"])
callbacks.setExtensionName("BHP Wordlist")
callbacks.registerContextMenuFactory(self)
return
def createMenuItems(self,context_menu):
self.context = context_menu
menu_list = ArrayList()
menu_list.add(JMenuItem("Create Wordlist",actionPerformed=self.wordlist_menu))
return menu_list
def wordlist_menu(self,event):
http_traffic = self.context.getSelectedMessages()
for traffic in http_traffic:
http_service = traffic.getHttpService()
host = http_service.getHost()
self.hosts.add(host)
http_response = traffic.getResponse()
if http_response:
self.get_words(http_response)
self.display_wordlist()
return
def get_words(self,http_response):
headers,body = http_response.tostring().split("\r\n\r\n",1)
if headers.lower().find("content-type:text") == -1:
return
tag_stripper = TagStripper()
page_text = tag_stripper.strip(body)
words = re.findall("[a-zA-Z]\w{2,}",page_text)
for word in words:
if len(word) <= 12:
self.wordlist.add(word.lower())
return
def mangle(self,word):
year = datetime.now().year
suffixes = ["","1","!",year]
mangled = []
for password in (word,word.capitalize()):
for suffix in suffixes:
mangled.append("%s%s"%(password,suffix))
return mangled
def display_wordlist(self):
print("#!comment: BHP Wordlist for site(s) %s"% ",".join(self.hosts))
for word in sorted(self.wordlist):
for password in self.mangle(word):
print(password)
return