本文整理匯總了Python中burp.IScannerCheck方法的典型用法代碼示例。如果您正苦於以下問題:Python burp.IScannerCheck方法的具體用法?Python burp.IScannerCheck怎麽用?Python burp.IScannerCheck使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類burp的用法示例。
在下文中一共展示了burp.IScannerCheck方法的2個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: consolidateDuplicateIssues
# 需要導入模塊: import burp [as 別名]
# 或者: from burp import IScannerCheck [as 別名]
def consolidateDuplicateIssues(self, existingIssue, newIssue):
if (existingIssue.getIssueDetail() == newIssue.getIssueDetail()):
return -1
else:
return 0
# Implement the doPassiveScan method of IScannerCheck interface
# Burp Scanner invokes this method for each base request/response that is passively scanned. 示例2: doPassiveScan
# 需要導入模塊: import burp [as 別名]
# 或者: from burp import IScannerCheck [as 別名]
def doPassiveScan(self, baseRequestResponse):
"""
Override IScannerCheck method.
:param baseRequestResponse: burp requestResponse message.
:return: issues containing all the burp findings, they will be added to the found issues.
"""
issues = []
for check in TECH_CHECKS:
# look for matches of our passive check grep string
matches = self._get_matches(baseRequestResponse.getResponse(), bytearray(check))
if len(matches) != 0:
# report the issue
issues.extend([_CustomScanIssue(
http_service=baseRequestResponse.getHttpService(),
url=self._helpers.analyzeRequest(baseRequestResponse).getUrl(),
http_messages=[self._callbacks.applyMarkers(baseRequestResponse, None, matches)],
name="GraphQL Technology",
detail="The website is using GraphQL Technology!<br><br>"
"GraphQL is an open-source data query and manipulation language for APIs, and a runtime for fulfilling queries with existing data. GraphQL was developed internally by Facebook in 2012 before being publicly released in 2015.<br><br>"
"It provides an efficient, powerful and flexible approach to developing web APIs, and has been compared and contrasted with REST and other web service architectures. It allows clients to define the structure of the data required, and exactly the same structure of the data is returned from the server, therefore preventing excessively large amounts of data from being returned, but this has implications for how effective web caching of query results can be. The flexibility and richness of the query language also adds complexity that may not be worthwhile for simple APIs. It consists of a type system, query language and execution semantics, static validation, and type introspection.<br><br>"
"GraphQL supports reading, writing (mutating) and subscribing to changes to data (realtime updates).",
severity="Information", confidence="Firm", issuebg="Not posing any imminent security risk.",
rembg="<ul><li><a href='https://graphql.org/'>GraphQL</a></li></ul>",
remdet=""
)])
for check in CONSOLE_CHECKS:
# look for matches of our passive check grep string
matches = self._get_matches(baseRequestResponse.getResponse(), bytearray(check))
if len(matches) != 0:
# report the issue
issues.extend([_CustomScanIssue(
http_service=baseRequestResponse.getHttpService(),
url=self._helpers.analyzeRequest(baseRequestResponse).getUrl(),
http_messages=[self._callbacks.applyMarkers(baseRequestResponse, None, matches)],
name="Exposed GraphQL Development Console",
detail="GraphQL is a query language for APIs and a runtime for fulfilling queries with existing data.<br><br>"
"<b>GraphiQL/GraphQL Playground</b> are in-browser tools for writing, validating, and testing GraphQL queries.<br><br>"
"The response contains the following string: <b>%s</b>." % check,
severity="Low", confidence="Firm", issuebg="Not posing any imminent security risk.",
rembg="<ul>"
"<li><a href='https://graphql.org/'>GraphQL</a></li>"
"<li><a href='https://github.com/graphql/graphiql'>GraphiQL</a></li>"
"<li><a href='https://github.com/prisma/graphql-playground'>GraphQL Playground</a></li>"
"</ul>",
remdet="Remove the GraphQL development console from web-application in a production stage.<br><br>"
"Disable GraphiQL<br>"
"<pre>if (process.env.NODE_ENV === 'development') {</pre></br>"
"<pre> app.all(</pre></br>"
"<pre> '/graphiql',</pre></br>"
"<pre> graphiqlExpress({</pre></br>"
"<pre> endpointURL: '/graphql',</pre></br>"
"<pre> }),</pre></br>"
"<pre> );</pre></br>"
"<pre>}</pre>"
)])
return issues