您现在的位置是:主页 > news > 自己创建一个网站/搜索引擎优化师工资
自己创建一个网站/搜索引擎优化师工资
admin2025/4/22 7:17:41【news】
简介自己创建一个网站,搜索引擎优化师工资,武汉网站公司,html5布局wordpress本工具主要实现功能是使用Burpsuite测试的时候,想把测试的数据给保存到数据库中去,那么我们怎么操作呢?可以使用如下操作:设计好数据库:DROP TABLE IF EXISTS url;CREATE TABLE url ( id int(11) unsigned NOT NULL A…
自己创建一个网站,搜索引擎优化师工资,武汉网站公司,html5布局wordpress本工具主要实现功能是使用Burpsuite测试的时候,想把测试的数据给保存到数据库中去,那么我们怎么操作呢?可以使用如下操作:设计好数据库:DROP TABLE IF EXISTS url;CREATE TABLE url ( id int(11) unsigned NOT NULL A… 
—END—
本工具主要实现功能是使用Burpsuite测试的时候,想把测试的数据给保存到数据库中去,那么我们怎么操作呢?可以使用如下操作:
设计好数据库:
DROP TABLE IF EXISTS `url`;CREATE TABLE `url` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `project_id` int(11) unsigned NOT NULL, `hash_url` varchar(255) DEFAULT NULL, `host` varchar(255) DEFAULT NULL, `method` varchar(100) DEFAULT NULL, `url` varchar(512) DEFAULT NULL, `params` varchar(255) DEFAULT NULL, `status` int(11) DEFAULT NULL, `length` int(11) DEFAULT NULL, `mime` varchar(255) DEFAULT NULL, `extension` varchar(255) DEFAULT NULL, `created_time` datetime DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), FOREIGN KEY (`project_id`) REFERENCES project(id)) ENGINE=InnoDB DEFAULT CHARSET=utf8;BurpSuite 插件开发:
这里插件的接口开发和规范,这里我就不详细的说明了,我这里可以提供下当初学习的资料入口,大家按照这个来学习,完全够了,我就不多此一举了。
1 [BurpSuite插件开发指南之 API 上篇 – Her0in](http://www.vuln.cn/6098)
2 [BurpSuite插件开发指南之 API 下篇 – Her0in](http://www.vuln.cn/6099)
3 [BurpSuite插件开发指南之 Java 篇 – Her0in](http://www.vuln.cn/6100)
4 [官网](https://portswigger.net/burp/extender)
个人是先重点学习java篇的,因为burpsuite原生是用java开发的,所以提供的接口都是java,个人建议把每个接口的作用与存在的方法属性搞清楚,后面不管用python还是java,都可以得心应手。官网的样例代码真的很给力,大家可以没事多看看和模仿。
附上源码:
#!/usr/bin/python# -*- coding: utf-8 -*-import pymysqlimport timeimport redisfrom hashlib import md5from urlparse import urlparsefrom threading import Lockfrom burp import IBurpExtender, ITabfrom burp import IHttpListenerfrom java.io import PrintWriterfrom java.util import ArrayListfrom javax.swing import BorderFactoryfrom javax.swing import BoxLayoutfrom javax.swing import JTextFieldfrom javax.swing import JButtonfrom java.awt.event import ActionListenerfrom javax.swing import JPanelfrom javax.swing import JTabbedPaneclass connectMysql(ActionListener): def __init__(self, extender): self._extender = extender # 连接Mysql数据库 def actionPerformed(self, e): button = self._extender.connect_button if button.getText() == "Connect": self._extender._mysql = pymysql.connect(host='127.0.0.1', port=3306, user='dbuser', password='o123', database='webmonitor', charset='utf8') button.setText("Disconnect ") else: button.setText("Connect") self._extender._mysql.close() returndef insert_url_rec(_mysql, _log): con = _mysql cur = con.cursor() try: # 防止sql注入 # sql_str = "INSERT INTO url(project_id,host, method,url,params) VALUES ('%s','%s','%s','%s','%s')" \ # % (1,_log._host,_log._method,_log._url,_log.fuzzpayload) # sql_str = "INSERT INTO url(project_id,host, method,url,params) VALUES(2,'_log._host','http//:www.bass.com','PUT','file')" sql_str = "INSERT INTO url(project_id,host,method,url,params,status,mime) VALUES ('%s','%s','%s','%s','%s','%s','%s')" \ % (_log._project_id, _log._host, _log._method, _log._url, _log._query, _log._status, _log._mime) cur.execute(sql_str) con.commit() except Exception as e: con.rollback() print("connect mysql error", e) returnclass BurpExtender(IBurpExtender, ITab, IHttpListener): # Burp extensions 列表中的扩展名 _extensionName = "BurpMysql" _labelName = "Burp Mysql" _mainName = "main" def registerExtenderCallbacks(self, callbacks): # 表示私有变量 self._callbacks = callbacks self._helpers = callbacks.getHelpers() # 实现你想实现的代码 callbacks.setExtensionName(self._extensionName) # 控制台标准输出、错误输出 self._stdout = PrintWriter(callbacks.getStdout(), True) _stderr = PrintWriter(callbacks.getStderr(), True) # self._stdout.println("Hello Burp Mysql 1.0") install = time.strftime("%Y-%m-%d", time.localtime()) self._stdout.println("+------------------------------+") self._stdout.println("| Burp Mysql 1.0 |") self._stdout.println("| Started @ " + install + " |") self._stdout.println("+------------------------------+") # stderr.println("Hello erroutputs") self._log = ArrayList() # java self._lock = Lock() self._mysql = None # 这里只定义一个界面Options界面,主要配置Mysql参数 # https: // blog.csdn.net / xietansheng / article / details / 74366517 self.mainTab = JTabbedPane() # options面板,垂直布局 optionTop = JPanel() layout_top = BoxLayout(optionTop, BoxLayout.Y_AXIS) optionTop.setLayout(layout_top) optionTop.setBorder(BorderFactory.createTitledBorder("Mysql Configuration")) project_name = JTextField('project name: ') mysql_ip = JTextField('Mysql ip: ') mysql_username = JTextField('Mysql username: ') mysql_password = JTextField('Mysql password: ') self.connect_button = JButton("Connect") self.connect_button.addActionListener(connectMysql(self)) optionTop.add(project_name) optionTop.add(mysql_ip) optionTop.add(mysql_username) optionTop.add(mysql_password) optionTop.add(self.connect_button) self.mainTab.add("Options", optionTop) # callbacks.registerProxyListener(self) # 美容UI self._callbacks.customizeUiComponent(self.mainTab) # 一定要加ITab,不然没有界面 self._callbacks.addSuiteTab(self) # 注册httpListener self._callbacks.registerHttpListener(self) return ''' void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo); 拦截HTTP请求 ''' def getBody(self, rawMessage, parsedMessage): # bodyOffset = requestInfo.getBodyOffset() # helpers中带bytes 转 string # bodyBytes = messageInfo.getRequest()[bodyOffset:] # bodyStrings = self._helpers.bytesToString(bodyBytes) # 将bytes转化成string return self._helpers.bytesToString(rawMessage[parsedMessage.getBodyOffset():]) def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # 如果按钮未开启,则退出 if self.connect_button.getText() == 'Connect': return # 既有响应又有请求,很重要(不然会出现很大的bug) # 判断请求是否是PROXY中的 if messageIsRequest: return else: # self._stdout.println("Enter print request") if toolFlag == 4: try: # 使用requestinfo我们可以轻松的获得body和headers requestInfo = self._helpers.analyzeRequest(messageInfo.getRequest()) # string body = self.getBody(messageInfo.getRequest(), requestInfo) if self._mysql != None: self._stdout.println(body) try: bloom = BloomFilter() except Exception as e: print("redis error %s",str(e)) # 解决URL去重,1 布隆过滤器 2 哈希表去重 # https://www.cnblogs.com/i-love-python/p/11537720.html requestInfo = self._helpers.analyzeRequest(messageInfo) # 请求地址(带参数并且没有解码的请求) url = requestInfo.getUrl() # java.net.URL #存在是1 不存在为0 isExists = bloom.isContains(str(url)) #self._stdout.println(bloom.isContains('http://www.baidu.com')) self._stdout.println(isExists) if not isExists: self._lock.acquire() self._log = LogEntry(self, toolFlag, messageInfo, self._helpers, self._callbacks) #self._stdout.println(self._log._mime) #self._stdout.println(self._log._headers) self._stdout.println(self._log._url) #self._stdout.println(self._log._method) #self._stdout.println(self._log.content_type) #self._stdout.println(self._log._path_params) #self._stdout.println(self._log._status) insert_url_rec(self._mysql, self._log) #这里一定不能忘记 bloom.insert(self._log._url) self._lock.release() else: return else: return except Exception as e: print("messageIsRequest error", e) return # Give the new tab a name def getTabCaption(self): return self._labelName def getUiComponent(self): return self.mainTab'''public int getRowCount();public int getColumnCount();public Object getValueAt(int row, int column);'''# 创建log实体类,来记录每个请求(实际就是将请求给抽象成模型)# __init__魔术方法,只是将传入的参数来初始化该实例# __new__用来创建类并返回这个类的实例class LogEntry: def __init__(self, extender, toolFlag, messageInfo, helpers, callbacks): self._extender = extender self._callbacks = callbacks self._helpers = helpers self._toolFlag = toolFlag self._requestResponse = self._callbacks.saveBuffersToTempFiles(messageInfo) if self._requestResponse.getResponse(): responseInfo = self._helpers.analyzeResponse(self._requestResponse.getResponse()) self._status = responseInfo.getStatusCode() self._mime = responseInfo.getStatedMimeType() requestInfo = self._helpers.analyzeRequest(messageInfo) # 分析request请求 parsed_http_message = self._helpers.analyzeRequest(messageInfo.getRequest()) self._url = requestInfo.getUrl() self._host = self._url.getHost() self._port = self._url.getPort() self._headers = parsed_http_message.getHeaders().toString() self._method = parsed_http_message.getMethod() self.content_type = requestInfo.getContentType() # 请求data提取 self._body = self._extender.getBody(messageInfo.getRequest(), requestInfo) # 取出path路径 url_parsed = urlparse(self._url.toString()) path = url_parsed.path self._query = url_parsed.query self._path_params = path if self._query: self._path_params += '?' + self._query else: self._query = str(self._query) + " " # self._mime_type = parsed_http_message.getInferredMimeType() # self._port = self._url.getPort() self._httpService = self._requestResponse.getHttpService() if self._httpService.getProtocol() == "https": self._protocol = True else: self._protocol = False # 预制为空,只要做了fuzz,才会有 self.fuzzpayload = "xxxx" self._project_id = 2#https://github.com/paramiao/pydrbloomfilter/blob/master/pydrbloomfilter.pyclass SimpleHash(object): def __init__(self, cap, seed): self.cap = cap self.seed = seed def hash(self, value): ret = 0 for i in range(len(value)): ret += self.seed * ret + ord(value[i]) return (self.cap - 1) & retclass BloomFilter(object): # def __init__(self, host='localhost', port=6379, db=1, passwd="", blockNum=1, key='bloomfilter'): def __init__(self, host='127.0.0.1', port=6379, db=1, password="123", blockNum=1, key='bloomfilter'): """ :param host: the host of Redis :param port: the port of Redis :param db: witch db in Redis :param blockNum: one blockNum for about 90,000,000; if you have more strings for filtering, increase it. :param key: the key's name in Redis """ try: self.server = redis.Redis(host=host, port=port, db=db, password=password) except Exception as e: print("redis error %s",str(e)) self.bit_size = 1 << 31 # Redis的String类型最大容量为512M,现使用256M self.seeds = [5, 7, 11, 13, 31, 37, 61] self.key = key self.blockNum = blockNum self.hashfunc = [] for seed in self.seeds: self.hashfunc.append(SimpleHash(self.bit_size, seed)) def isContains(self, str_input): if not str_input: return False m5 = md5() m5.update(str_input.encode("utf-8")) str_input = m5.hexdigest() ret = True name = self.key + str(int(str_input[0:2], 16) % self.blockNum) for f in self.hashfunc: loc = f.hash(str_input) ret = ret & self.server.getbit(name, loc) return ret def insert(self, str_input): m5 = md5() m5.update(str_input.encode("utf-8")) str_input = m5.hexdigest() name = self.key + str(int(str_input[0:2], 16) % self.blockNum) for f in self.hashfunc: loc = f.hash(str_input) self.server.setbit(name, loc, 1)加载插件:
Mysql数据成功入库:
—END—
