python渗透测试入门之burpsuite添加bing api插件

近期收到了电子工业出版社赠送的一本网络安全书籍《python黑帽子》，书中一共24个实验，今天复现第16个实验（burpsuite bing插件），我的测试环境是mbp电脑+kali虚拟机+baidu站点。同样是python2环境，借助Bing API实现发现目标网站的所有子域名和同一IP地址的所有网站两个功能，可惜Bing API搞不到注册，需要visa信用卡进行身份验证，有机会再研究吧～

ailx10

网络安全优秀回答者

网络安全硕士

去咨询

1、点击sending to bing

如何加载，可以在上一个实验报告中学习：ailx10：python渗透测试入门之burpsuite载核生成器 ，这里已经成功加载了插件，可以在proxy标签页的intercept子标签页中发现sending to bing功能～

2、单击target标签页，选中scope子标签页，期望可以看到http://www.baidu.com的其他子域名被自动添加到目标范围，我这里的没有Bing API，好像申请这个账号需要visa银行卡～

3、在extender标签页中，可以看到output输出bing查询结果，我这里是空的

参考代码：

# -*- coding: utf-8 -*-
# @Time    : 2022/6/15 10:13 AM
# @Author  : ailx10
# @File    : bhp_bing.py

from burp import IBurpExtender
from burp import IContextMenuFactory

from java.net import URL
from java.util import ArrayList
from javax.swing import JMenuItem
from thread import start_new_thread

import json
import socket
import urllib

API_KEY = ""
API_HOST = "api.cognitive.microsoft.com"

class BurpExtender(IBurpExtender,IContextMenuFactory):
    def registerExtenderCallbacks(self,callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        self.context = None

        callbacks.setExtensionName("BHP Bing")
        callbacks.registerContextMenuFactory(self)

        return

    def createMenuItems(self,context_menu):
        self.context = context_menu
        menu_list = ArrayList()
        menu_list.add(JMenuItem("Sending to Bing",actionPerformed=self.bing_menu))
        return menu_list

    def bing_menu(self,event):
        http_traffic = self.context.getSelectedMessages()
        print("%d requests highlighted"%len(http_traffic))
        for traffic in http_traffic:
            http_service = traffic.getHttpService()
            host = http_service.getHost()
            print("User selected host:%s"%host)
            self.bing_search(host)
        return

    def bing_search(self,host):
        try:
            is_ip = bool(socket.inet_aton(host))
        except socket.error:
            is_ip = False
        if is_ip:
            ip_address = host
            domain = False
        else:
            ip_address = socket.gethostbyname(host)
            domain = True
        start_new_thread(self.bing_query,("ip:%s"%ip_address,))
        if domain:
            start_new_thread(self.bing_query,("domain:%s"%host,))

    def bing_query(self,bing_query_string):
        print("Performing Bing search:%s"%bing_query_string)
        http_request = "Get https://%s/bing/v7.0/search?" % API_HOST
        http_request += "q=%s HTTP/1.1\r\n" % urllib.quote(bing_query_string)
        http_request += "Host:%s\r\n" % API_HOST
        http_request += "Connection:close\r\n"
        http_request += "Ocp-Apim-Subscription-Key:%s\r\n"%API_KEY
        http_request += "User-Agent: Black Hat Python\r\n\r\n"

        json_body = self._callbacks.makeHttpRequest(API_HOST,443,True,http_request).tostring()
        json_body = json_body.split("\r\n\r\n",1)[1]

        try:
            response = json.loads(json_body)
        except (TypeError,ValueError) as err:
            print("No results from Bing:%s"%err)
        else:
            sites = list()
            if response.get("webPages"):
                sites = response["webPages"]["value"]
            if len(sites):
                for site in sites:
                    print("*"*100)
                    print("Name:%s    "%site["name"])
                    print("URL:%s    "%site["url"])
                    print("Description:%r"%site["snippet"])
                    print("*"*100)
                    java_url = URL(site["url"])
                    if not self._callbacks.isInScope(java_url):
                        print("Adding %s to Burp scope"%site["url"])
                        self._callbacks.includeInScope(java_url)
                    else:
                        print("Empty response from Bing:%s"%bing_query_string)
        return

发布于 2022-06-15 11:10