Sunday, May 15, 2011

Buby Script Basics Part 6


√ evt_http_message     
√ evt_scan_issue         
 doActiveScan         
√ doPassiveScan         
√ excludeFromScope 
√ includeInScope       
√ isInScope
√ issueAlert   
√ sendToIntruder
√ sendToRepeater
√ sendToSpider
√ makeHttpRequest



















In this portion of the Buby Script Basics series (Part 6), we cover the sendToSpider and makeHttpRequest methods.

As always, you can find sample scripts for all of the code in this series under the examples directory of the buby-script repo located Here.

The script make_http_request.rb (under examples directory) will be used to demonstrate makeHttpRequest and sendToSpider.

$burp.get method
=============

Line 24 - We defined the method ($burp.get) which takes a url value

Lines 25-27 - If the url is NOT in scope, we send this to the spider function

Line 28 - We used regexp to extract the path of the url 

Line 29 - We instantiate an object called 'path' which is the same as path_match

Line 30 - An object called prefix is instantiated, this is where we extract http:// or https://

Line 31 - uri is basically the url minus the prefix (http:// or https://)

Line 32 - Prior to removing a port (such as url:9000), we extrapolate either an IP or hostname

Line 33 - Same deal for port, prior to removing the colon, we create a presub_port object which is the colon + port number.

Line 34 - The port object is created, this is presub_port cast to String type and the colon removed

Line 35 - pre object equals true or false depending on whether or not the prefix is http or https.

Line 36 - rpath (remote path) is the path object. If no path was specified it defaults to '/'.

Line 37 - host is cast to a String type and the presub_port and rpath values are stripped (gives us the true host value).

Line 38 - req_str object is the value of get_req (the method we discuss below).

Line 39 - res object is instantiated and it is the value of the response when makeHttpRequest call is made. 'res' will be a String type.

Line 40 - We print 'res' to the console






















get_req method
============

Line 10 - The method get_req is defined, takes three parameters. Host, Port and Path values.

Line 11 - 'str' object is created and cast as a String type.

The important lines here are 12, 13 and 20.

Line 12 - We take the path value and insert it into the first line of the request string.

Line 13 - host and port are concatenated so that www.example.com and 80 become one string value (www.example.com:80)

Line 20 - Notice how we append two newline characters ("\n\n") versus only one newline character like the rest of the string lines. This is important because Burp will error out and fail to send the request if this is missing. This is how Burp differentiates the Headers & Body and even if the body is missing Burp still needs the marker (two newlines) to mark the end of the headers section and understand the request.










That is it, go ahead and try the script out and when you run it make sure you choose the -i or interactive option. Example: 


$ jruby -S buby -i -B burp_pro.jar -r make_http_req.rb

At the console, to run the this method, you can type the following (examples):

$burp.get('http://www.example.com')

$burp.get('http://www.example.com:9050')

$burp.get('http://www.test.com:3333/test/test.aspx?error=error.jpg')









cktricky

1 comment:

cktricky said...

Email sent yesterday.

Cheers,

Ken