From fa80c9309c2487ff5ad86b257dbddc538cfaf722 Mon Sep 17 00:00:00 2001 From: lopci Date: Tue, 25 Apr 2023 17:17:44 +0200 Subject: [PATCH] Adding support for generating UUIDv4 strings --- BappDescription.html | 8 ++++---- Burp-Randomizer.py | 4 ++++ README.md | 3 ++- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/BappDescription.html b/BappDescription.html index 107b164..86de47f 100644 --- a/BappDescription.html +++ b/BappDescription.html @@ -6,10 +6,10 @@
  • In the session handling options, create a rule which invokes the Randomizer action that is registered by the extension, and select a suitable scope for the rule.
    • -
  • Place the string #RANDOM# or #RANDOMNUM# into the relevant request at the location - where a random value or number is required.
    • +
  • Place the string #RANDOM#, #RANDOMNUM# or deadbeef-1337-1337-1337-deadbeeeeeef into the relevant request at the location + where a random value, random number or UUIDv4 string is required.
  • Let Burp operate on the request in the normal way (via Scanner, Intruder, etc.).
    • -
  • The extension will replace the string placeholder with a random value in - each request.
    • +
  • The extension will replace the string placeholder with a random value or + an UUIDv4 string in each request.
    • diff --git a/Burp-Randomizer.py b/Burp-Randomizer.py index f3bc675..31439b5 100644 --- a/Burp-Randomizer.py +++ b/Burp-Randomizer.py @@ -18,6 +18,7 @@ import re import string import random +import uuid ### Configuration ### # Character set of generated tokens @@ -25,6 +26,7 @@ # String which is replaced with random token placeholder = "#RANDOM#" placeholderNum = "#RANDOMNUM#" +placeholderUUID = "deadbeef-1337-1337-1337-deadbeeeeeef" # Length of generated token. WARNING: length of token must equal length of placeholder due to a bug in Burp 1.5.21 which cuts off requests under certain conditions. tokenLength = len(placeholder) tokenLengthNum = len(placeholderNum) @@ -38,6 +40,7 @@ def registerExtenderCallbacks(self, callbacks): callbacks.setExtensionName("Randomizer") self.callbacks.registerSessionHandlingAction(self) self.out = callbacks.getStdout() + self.placeholderUUID = re.compile(placeholderUUID) self.placeholder = re.compile(placeholder) self.placeholderNum = re.compile(placeholderNum) random.seed() @@ -51,5 +54,6 @@ def performAction(self, currentRequest, macroItems): randomToken = "".join([random.choice(tokenCharset) for i in range(tokenLength)]) randomTokenNum = str(random.randint(10 ** (tokenLengthNum - 1), 10 ** (tokenLengthNum) - 1)) request = self.placeholder.sub(randomToken, request) + request = self.placeholderUUID.sub(str(uuid.uuid4()), request) result = self.helpers.stringToBytes(self.placeholderNum.sub(randomTokenNum, request)) currentRequest.setRequest(result) diff --git a/README.md b/README.md index 3aa5545..15ad339 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,8 @@ handling rule. Send the request to the Repeater/Intruder and put #RANDOM# where randomization is required. Then send this request to the Scanner, Intruder or some different tool. The extension now replaces each -occurence of #RANDOM# with a random token and #RANDOMNUM# with random number. +occurence of #RANDOM# with a random token, #RANDOMNUM# with a random number +and deadbeef-1337-1337-1337-deadbeeeeeef with an UUIDv4 string. ## Configuration