Turbo Intruder 按条件重试请求

由于 burpsuite 自带的 intruder 没有按照特定的条件进行重放请求的设置。所以使用 Turbo Intruder 来定制爆破脚本。

以下脚本是在 Turbo Intruder v1.40 下编写

import string
#26个小写字母
payloads = list(string.ascii_lowercase)
#26个大写字母
#payloads += list(string.ascii_uppercase)

#数字列表0-9
for i in range(0,10):
    payloads.append(str(i))

#特殊字符
payloads += ['@','_', '.', '-']

#长度
length = 10

def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint,
                           concurrentConnections=200,
                           requestsPerConnection=2,
                           pipeline=True,
                           timeout=10,
                           maxRetriesPerRequest=0,
                           engine=Engine.BURP
                           )
    #类似 burpsuite Intruder Cluster Bomb 模式
    for num in range(1,length+1):
        for word in payloads:
            #多参数传入列表
            engine.queue(target.req, [num,word.rstrip()])
            time.sleep(0.1)


def handleResponse(req, interesting):
    table.add(req)
    #如果返回包中出现以下字符串就重试，多个参数同样传入列表，如果单个参数可以直接req.engine.queue(req.template, req.words[0])
    #req.status, req.wordcount, req.length and req.response
    if 'what you need' in req.response:
        req.engine.queue(req.template, [req.words[0],req.words[1]])
        time.sleep(0.05)
    #类似 Intruder 中的grep
    if 'xxxx' in req.response:
        req.label = 'hit'