-
Notifications
You must be signed in to change notification settings - Fork 4
/
burp_item2appendix.py
executable file
·75 lines (63 loc) · 2.59 KB
/
burp_item2appendix.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/env python2
# jue ago 28 19:27:37 CEST 2014
#
# Reads an Burp Suite issues XML file and
# print all the issues, payloads and details
# based on previous work by Pablo Catalina
#
import sys
import re
from base64 import b64decode
from xml.dom import minidom
import html2text
import urllib
if len(sys.argv) != 2:
print ("\n\tUsage: %s <items.xml>\n" % sys.argv[0])
sys.exit(1)
filename = sys.argv[1]
xmldoc = minidom.parse(filename)
idict={}
try:
itemlist = xmldoc.getElementsByTagName('item')
except Exception as e:
raise Exception("%s does not contain items" % filename)
for item in itemlist:
tmpitem = {}
tmpitem['url'] = item.getElementsByTagName('url')[0].firstChild.data
tmpitem['host'] = item.getElementsByTagName('host')[0].firstChild.data
#tmpitem['request'] = b64decode(item.getElementsByTagName('request')[0].firstChild.data)
#tmpitem['response'] = b64decode(item.getElementsByTagName('response')[0].firstChild.data)
#tmpitem['referer'] = re.search(r"Referer:\s*(.*)\n", tmpitem['request']).groups()[0]
host = tmpitem['host']
if host not in idict.keys():
idict[host]=tmpitem
else:
print ("[ERROR] host %s already added" % (host))
number = 0
for host in sorted(idict.keys()):
print ("-------------------------------------[ HTTP Request Snip ]-------------------------------------")
print (" Instance number %s" % number)
print (" Host: %s" % idict[host]['host'])
print (" URL: %s" % urllib.unquote_plus(idict[host]['url']))
#print (" Referer: %s" % idict[host]['referer'])
print ("-------------------------------------[ HTTP Request Snip ]-------------------------------------")
print ("\n")
#print ("=============================================================================================")
#print ("\n[*] HTTP Request to %s :\n" % url)
##print ("<code>")
#print ("-----------------------------------[ SNIP STARTS ]-----------------------------------")
#print ("%s" % idict[host][''][0],)
#print ("------------------------------------[ SNIP ENDS ]------------------------------------")
##print ("</code>")
#print
#print ("[*] HTTP Response to %s :" % url)
#print
##print ("<code>")
#print ("-----------------------------------[ SNIP STARTS ]-----------------------------------")
#print ("%s" % idict[url][param][1],)
#print ("------------------------------------[ SNIP ENDS ]------------------------------------")
##print ("</code>")
#print ("\n[*] Issue detail :\n")
#print ("%s\n\n" % idict[url][param][2])
number = number + 1