nvssks
nvssks
/ topt-generator.js
Last active
July 9, 2021 11:42
topt-generator using crypto-js library (for use in postman)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Code borrowed from the following library and modified to work with crypto-js (for use in postman): | |
| https://github.com/bellstrand/totp-generator/blob/master/LICENSE | |
| Install requirements: | |
| npm i crypto-js | |
| Run: | |
| node otp_script.js {{GOOGLE AUTH KEY}} | |
| */ |
nvssks
/ burp-uuid-intruder-generator.py
Created
July 12, 2019 14:03
Burp plugin UUID Intruder generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import IIntruderPayloadGeneratorFactory | |
| from burp import IIntruderPayloadProcessor | |
| from burp import IIntruderPayloadGenerator | |
| import uuid | |
| class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory, IIntruderPayloadProcessor): | |
| def registerExtenderCallbacks(self, callbacks): | |
| # obtain an extension helpers object | |
| self._helpers = callbacks.getHelpers() |
nvssks
/ burp-csrf-sync-body.py
Created
July 12, 2019 14:01
This Burp plugin (Handling Action) will sync the _csrf body parameter with the value in the CSRF-TOKEN cookie
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import ISessionHandlingAction | |
| from burp import IBurpExtenderCallbacks | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self._callbacks = callbacks | |
| self._helpers = self._callbacks.getHelpers() | |
| self._callbacks.setExtensionName('CSRF Body Syncro') | |
| self._callbacks.registerSessionHandlingAction(self) |
nvssks
/ burp-jython-aes-encrypt.py
Created
July 12, 2019 12:52
Burp plugin snippet to AES encrypt using Java native or run external
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| import random | |
| import string | |
| #Java Imports | |
| from javax.crypto import Cipher | |
| from javax.crypto.spec import SecretKeySpec | |
| #Imports for run external | |
| import subprocess |
nvssks
/ burp-track-token.py
Created
July 12, 2019 12:39
This burp plugin tracks a token from the user browsing session (eg. Authorisation header) and creates a handling action that would update the header token. Meant to be used in other tools
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import IHttpListener | |
| from burp import ISessionHandlingAction | |
| from burp import IBurpExtender | |
| from burp import ISessionHandlingAction | |
| from burp import IBurpExtenderCallbacks | |
| __DEBUG__ = False |
nvssks
/ burp-multistep-request.py
Last active
July 12, 2019 13:09
Burp plugin (Handling Action) for multi-step requests from within the plugin when Macros are not enough
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # XXX: Example / Untested code snippet | |
| from burp import IBurpExtender | |
| from burp import ISessionHandlingAction | |
| from burp import ICookie | |
| import re | |
| __DEBUG__ = True | |
| class Cookie(ICookie): |
nvssks
/ burp-csrf-sync-header.py
Created
July 12, 2019 11:22
This Burp plugin will sync the X-XSRF-TOKEN with the value in the XSRF-TOKEN cookie
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import ISessionHandlingAction | |
| from burp import IBurpExtenderCallbacks | |
| class BurpExtender(IBurpExtender, ISessionHandlingAction): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self._callbacks = callbacks | |
| self._helpers = self._callbacks.getHelpers() | |
| self._callbacks.setExtensionName('CSRF Syncro Header') | |
| self._callbacks.registerSessionHandlingAction(self) |
nvssks
/ burp-global-regex-replace.py
Created
July 12, 2019 11:18
This burp plugin will replace the "lookfor_regex" with the string in "replace_with" it intercepts all messages except the ones in __IGNORE_FLAG__
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender | |
| from burp import IHttpListener | |
| from burp import ISessionHandlingAction | |
| #Global replace: This will replace the "lookfor_regex" with the string in "replace_with" | |
| #Intercepts all messages except __IGNORE_FLAG__ (typically Proxy) TODO: Fix Flag checks | |
| ''' | |
| TOOL_COMPARER: Flag used to identify the Burp Comparer tool. | |
| TOOL_DECODER: Flag used to identify the Burp Decoder tool. | |
| TOOL_EXTENDER: Flag used to identify the Burp Extender tool. | |
| TOOL_INTRUDER: Flag used to identify the Burp Intruder tool. |