pentest/burpsuite/extensions/RandomUUID.py at master · libcrack/pentest · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# -*- coding: UTF-8 -*-
#
# Burp Randon UUID Extension
# /dev/null <devnull@libcrack.so>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import re
import uuid
import string
import random

from burp import (IBurpExtender, ISessionHandlingAction)

EXTENSION_NAME = "RandomUUID"

tokenCharset = string.ascii_letters + string.digits
placeholder = "__RANDOM__"
tokenLength = 8

if tokenLength != len(placeholder):
    raise Exception("tokenLength must match the length of the placeholder")

def randomString (strmin=16,strmax=None,number=True,alpha=True,special=False):
    """
    Returns a random string of len between strmin and strmax
    If no strmin len if specified, a random string of 16 chars will be generated
    """
    if strmax == None:
        strmax = strmin
    if strmin > strmax:
        raise Exception("strmin cannot be greater than strmax")
    especial_chars = ".-_+*"
    subset = string.digits
    if alpha: subset = subset + string.ascii_letters
    if especial: subset = subset + especial_chars
    random_iterations = random.randint(strmin,strmax)
    random_string = ""
    for i in xrange(random_iterations):
        # random_char = random.choice(string.ascii_letters + string.digits + especial_chars)
        random_char = random.choice(subset)
        random_string = random_string + random_char
    return random_string

def randomUUID ():
    """
    This method returns an UUID in canonical format XXXXXXXX-XXXX-XXXX-XXXXXXXX
    """
    stru = str(uuid.uuid1())
    stru2 = stru[8:] + stru[:8]
    u2 = uuid.UUID(stru2)
    return str(u2)
    #new_uuid = str(uuid.uuid4())
    #return str(uuid.uuid4())

class BurpExtender(IBurpExtender, ISessionHandlingAction):
    """
    Implementa ISessionHandlingAction
    """
    def registerExtenderCallbacks(self, callbacks):
        self.callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        callbacks.setExtensionName(EXTENSION_NAME)
        self.callbacks.registerSessionHandlingAction(self)
        self.out = callbacks.getStdout()
        self.placeholder = re.compile(placeholder)
        random.seed()

    def getActionName(self):
        return "Random UUID Parameter Insertion"

    def performAction(self, currentRequest, macroItems):
        request = self.helpers.bytesToString(currentRequest.getRequest())
        randomToken = "".join([random.choice(tokenCharset) for i in range(tokenLength)])
        result = self.helpers.stringToBytes(self.placeholder.sub(randomToken, request))
        currentRequest.setRequest(result)