Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from burp import IBurpExtender
- from burp import ISessionHandlingAction
- from burp import IBurpExtenderCallbacks
- class BurpExtender(IBurpExtender, ISessionHandlingAction):
- def registerExtenderCallbacks(self, callbacks):
- self._callbacks = callbacks
- self._helpers = self._callbacks.getHelpers()
- self._callbacks.setExtensionName('CSRF Body Syncro')
- self._callbacks.registerSessionHandlingAction(self)
- print '[*] CSRF Body Syncro'
- def getActionName(self):
- return 'CSRF Body Syncro'
- def performAction(self, currentRequest, macroItems):
- request=currentRequest.getRequest()
- request_info=self._helpers.analyzeRequest(request)
- body_parameter=self._helpers.getRequestParameter(request,'_csrf')
- cookie_parameter=self._helpers.getRequestParameter(request,'CSRF-TOKEN')
- if body_parameter and cookie_parameter:
- body_value=body_parameter.getValue()
- cookie_value=cookie_parameter.getValue()
- if not body_value == cookie_value:
- print '[+] Updating Body CSRF Token'
- new_parameter=self._helpers.buildParameter(body_parameter.getName(), cookie_value, body_parameter.getType())
- new_request=self._helpers.updateParameter(request, new_parameter)
- currentRequest.setRequest(new_request)
- else:
- print '[*] Parameters matching - nothing to do'
- else:
- print '[-] Parameter missing'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
