《Python黑帽子》python3代码实现(第六章)

本文链接：https://blog.youkuaiyun.com/qq_40549070/article/details/109721599

本章介绍了如何使用Python2扩展Burp代理，涉及Jython环境配置、Burp模糊测试及利用网站内容生成密码字典。尽管Jython对Python3的兼容性不佳，但通过它，可以访问所有Java类。详细讲解了Burp配置、模糊测试的基本流程和所需关键类，以及如何利用Bing服务和网站内容生成密码字典的代码实现。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

第六章扩展Burp代理

这一章的学习，个人感觉比前面几章稍微有难度一些，虽然过程挺艰苦的，但还算是勉强做出来了吧：）

这一章节的内容，因为jython对python3的兼容性不乐观，所以我们将使用python2编写代码。

Jython？

Jython是一种完整的语言，而不是一个Java翻译器或仅仅是一个Python编译器，它是一个Python语言在Java中的完全实现。Jython也有很多从CPython中继承的模块库。最有趣的事情是Jython不像CPython或其他任何高级语言，它提供了对其实现语言的一切存取。所以Jython不仅给你提供了Python的库，同时也提供了所有的Java类。这使其有一个巨大的资源库。

我个人理解就是python+java=jython

因为burp拓展需要jython环境，所以这里我们需要安装jython。

Burp配置：

这里安装的步骤直接略过，百度有很多教程可以自行搜索。

启动burpsuite后，我们将设置jython的路径位置

在这里插入图片描述

设置完成后基本环境已经搭建好了。

Burp模糊测试：

burpsuite软件中有许多API文档，我们可以通过查看文档来增加我们对burpsuite的接口以及框架的了解。（虽说是了解，但都是英文我啥也看不懂啊:(

在这里插入图片描述

这里通过文档我们可以知道我们脚本中需要用到的类

IBurpExtender：在编写Burp拓展时必须要使用的类，该类的作用是在Burp上正确注册，注册方法是使用registerExtenderCallbacks()方法，传递callbacks参数。

package burp;

/*
 * @(#)IBurpExtender.java
 *
 * Copyright PortSwigger Ltd. All rights reserved.
 *
 * This code may be used to extend the functionality of Burp Suite Free Edition
 * and Burp Suite Professional, provided that this usage does not violate the
 * license terms for those products.
 */
/**
 * All extensions must implement this interface.
 *
 * Implementations must be called BurpExtender, in the package burp, must be
 * declared public, and must provide a default (public, no-argument)
 * constructor.
 */
public interface IBurpExtender
{
   
    /**
     * This method is invoked when the extension is loaded. It registers an
     * instance of the
     * <code>IBurpExtenderCallbacks</code> interface, providing methods that may
     * be invoked by the extension to perform various actions.
     *
     * @param callbacks An
     * <code>IBurpExtenderCallbacks</code> object.
     */
    void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
}

IIntruderPayloadGeneratorFactory：拓展Burp中intruder模块payload。使用时要在IBurpExtender类中正确注册后，将对象使用registerIntruderPayloadGeneratorFactory()方法在Intruder模块中正确注册。使用getGeneratorName()方法定义拓展工具名字，此方法需要成功返回一个字符串。使用createNewInstance()方法接收攻击相关的参数attack，并要返回一个IIntruderPayloadGenerator类型的对象。

package burp;

/*
 * @(#)IIntruderPayloadGeneratorFactory.java
 *
 * Copyright PortSwigger Ltd. All rights reserved.
 *
 * This code may be used to extend the functionality of Burp Suite Free Edition
 * and Burp Suite Professional, provided that this usage does not violate the
 * license terms for those products.
 */
/**
 * Extensions can implement this interface and then call
 * <code>IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()</code>
 * to register a factory for custom Intruder payloads.
 */
public interface IIntruderPayloadGeneratorFactory
{
   
    /**
     * This method is used by Burp to obtain the name of the payload generator.
     * This will be displayed as an option within the Intruder UI when the user
     * selects to use extension-generated payloads.
     *
     * @return The name of the payload generator.
     */
    String getGeneratorName();

    /**
     * This method is used by Burp when the user starts an Intruder attack that
     * uses this payload generator.
     *
     * @param attack An
     * <code>IIntruderAttack</code> object that can be queried to obtain details
     * about the attack in which the payload generator will be used.
     * @return A new instance of
     * <code>IIntruderPayloadGenerator</code> that will be used to generate
     * payloads for the attack.
     */
    IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
}

IIntruderPayloadGenerator：此模块用来配置payload功能。hasMorePayloads()方法来判定是否将修改后的请求发送会Burp Intruder，返回True则继续，返回False则停止。getNextPayload()方法获得下一个payload，使用时要将一个数组传递进去，该方法需要返回一个payload。reset()方法重置有效载荷生成器的状态。

package burp;

/*
 * @(#)IIntruderPayloadGenerator.java
 *
 * Copyright PortSwigger Ltd. All rights reserved.
 *
 * This code may be used to extend the functionality of Burp Suite Free Edition
 * and Burp Suite Professional, provided that this usage does not violate the
 * license terms for those products.
 */
/**
 * This interface is used for custom Intruder payload generators. Extensions
 * that have registered an
 * <code>IIntruderPayloadGeneratorFactory</code> must return a new instance of
 * this interface when required as part of a new Intruder attack.
 */
public interface IIntruderPayloadGenerator
{
   
    /**
     * This method is used by Burp to determine whether the payload generator is
     * able to provide any further payloads.
     *
     * @return Extensions should return
     * <code>false</code> when all the available payloads have been used up,
     * otherwise
     * <code>true</code>.
     */
    boolean hasMorePayloads();

    /**
     * This method is used by Burp to obtain the value of the next payload.
     *
     * @param baseValue The base value of the current payload position. This
     * value may be
     * <code>null</code> if the concept of a base value is not applicable (e.g.
     * in a battering ram attack).
     * @return The next payload to use in the attack.
     */
    byte[] getNextPayload(byte[] baseValue);

    /**
     * This method is used by Burp to reset the state of the payload generator
     * so that the next call to
     * <code>getNextPayload()</code> returns t