pajswigger · December 20, 2017 09:21
diff --git a/BasicAuthInsertionPoint.py b/BasicAuthInsertionPoint.py
 from burp import IBurpExtender, IScannerInsertionPoint, IScannerInsertionPointProvider
 import base64, jarray, re


 class BurpExtender(IBurpExtender):
    def registerExtenderCallbacks(self, callbacks):
        callbacks.registerScannerInsertionPointProvider(BasicAuthInsertionPointProvider(callbacks))


 class BasicAuthInsertionPointProvider(IScannerInsertionPointProvider):
    def __init__(self, callbacks):
        self.callbacks = callbacks

    def getInsertionPoints(self, baseRequestResponse):
        request = baseRequestResponse.getRequest()
        requestInfo = self.callbacks.getHelpers().analyzeRequest(request)
        for header in requestInfo.getHeaders():
            if header.startswith("Authorization: Basic "):
                return [BasicAuthInsertionPoint(request, 0), BasicAuthInsertionPoint(request, 1)]


 class BasicAuthInsertionPoint(IScannerInsertionPoint):
    def __init__(self, baseRequest, position):
        self.baseRequest = ''.join(map(chr, baseRequest))
        self.position = position
        match = re.search("^Authorization: Basic (.*)$", self.baseRequest, re.MULTILINE)
        self.baseBlob = match.group(1)
        self.baseValues = base64.b64decode(self.baseBlob).split(':')
        self.baseOffset = self.baseRequest.index(self.baseBlob)

    def getInsertionPointName(self):
        return "BasicAuth" + ("UserName" if self.position == 0 else "Password")

    def getBaseValue(self):
        return self.baseValues[self.position]

    def makeBlob(self, payload):
        values = list(self.baseValues)
        values[self.position] = ''.join(map(chr, payload))
        return base64.b64encode(':'.join(values))

    def buildRequest(self, payload):
        return self.baseRequest.replace(self.baseBlob, self.makeBlob(payload))

    def getPayloadOffsets(self, payload):
        return jarray.array([self.baseOffset, self.baseOffset + len(self.makeBlob(payload))], 'i')

    def getInsertionPointType(self):
        return IScannerInsertionPoint.INS_EXTENSION_PROVIDED
	from burp import IBurpExtender, IScannerInsertionPoint, IScannerInsertionPointProvider
	import base64, jarray, re


	class BurpExtender(IBurpExtender):
	def registerExtenderCallbacks(self, callbacks):
	callbacks.registerScannerInsertionPointProvider(BasicAuthInsertionPointProvider(callbacks))


	class BasicAuthInsertionPointProvider(IScannerInsertionPointProvider):
	def __init__(self, callbacks):
	self.callbacks = callbacks

	def getInsertionPoints(self, baseRequestResponse):
	request = baseRequestResponse.getRequest()
	requestInfo = self.callbacks.getHelpers().analyzeRequest(request)
	for header in requestInfo.getHeaders():
	if header.startswith("Authorization: Basic "):
	return [BasicAuthInsertionPoint(request, 0), BasicAuthInsertionPoint(request, 1)]


	class BasicAuthInsertionPoint(IScannerInsertionPoint):
	def __init__(self, baseRequest, position):
	self.baseRequest = ''.join(map(chr, baseRequest))
	self.position = position
	match = re.search("^Authorization: Basic (.*)$", self.baseRequest, re.MULTILINE)
	self.baseBlob = match.group(1)
	self.baseValues = base64.b64decode(self.baseBlob).split(':')
	self.baseOffset = self.baseRequest.index(self.baseBlob)

	def getInsertionPointName(self):
	return "BasicAuth" + ("UserName" if self.position == 0 else "Password")

	def getBaseValue(self):
	return self.baseValues[self.position]

	def makeBlob(self, payload):
	values = list(self.baseValues)
	values[self.position] = ''.join(map(chr, payload))
	return base64.b64encode(':'.join(values))

	def buildRequest(self, payload):
	return self.baseRequest.replace(self.baseBlob, self.makeBlob(payload))

	def getPayloadOffsets(self, payload):
	return jarray.array([self.baseOffset, self.baseOffset + len(self.makeBlob(payload))], 'i')

	def getInsertionPointType(self):
	return IScannerInsertionPoint.INS_EXTENSION_PROVIDED