|
| 1 | +# Version 1.0 |
| 2 | +# @author RUFFENACH Timothée |
| 3 | +# Get OAST burp colaborator. |
| 4 | + |
| 5 | +from javax.swing import JFrame, JPanel, JComboBox, JOptionPane,JFileChooser,JOptionPane |
| 6 | +import urllib2 |
| 7 | +import json |
| 8 | +import sys |
| 9 | +import base64 |
| 10 | +import time |
| 11 | + |
| 12 | + |
| 13 | +global biid |
| 14 | + |
| 15 | +def main(): |
| 16 | + global biid |
| 17 | + biid = getString("what is your biid ?") |
| 18 | + |
| 19 | + # Get number for update info |
| 20 | + update = getNumber(1,3600, "how many time do you want refresh information ?") |
| 21 | + |
| 22 | + while True: |
| 23 | + # URL request |
| 24 | + url = "http://polling.oastify.com/burpresults?biid="+biid |
| 25 | + |
| 26 | + # Get response |
| 27 | + response = urllib2.urlopen(url) |
| 28 | + data = response.read() |
| 29 | + |
| 30 | + # analyse response JSON |
| 31 | + json_data = json.loads(data) |
| 32 | + |
| 33 | + # get json data |
| 34 | + browseJson(json_data) |
| 35 | + |
| 36 | + # wait |
| 37 | + time.sleep(update) |
| 38 | + |
| 39 | +# find object JSON |
| 40 | +def browseJson(obj, path=""): |
| 41 | + if isinstance(obj, dict): |
| 42 | + for key, value in obj.items(): |
| 43 | + newPath = path + "." + key if path else key |
| 44 | + browseJson(value, newPath) |
| 45 | + elif isinstance(obj, list): |
| 46 | + for index, item in enumerate(obj): |
| 47 | + newPath = path + "[{}]".format(index) |
| 48 | + browseJson(item, newPath) |
| 49 | + else: |
| 50 | + obj = str(obj) |
| 51 | + obj = convertBase64(obj) |
| 52 | + sys.stdout.write("key : {}\n".format(path)) |
| 53 | + sys.stdout.write("info : {}\n\n".format(obj)) |
| 54 | + |
| 55 | +# check if string is base64 and convert it |
| 56 | +def convertBase64(text): |
| 57 | + # Add padding |
| 58 | + padding = len(text) % 4 |
| 59 | + textBase64 = text |
| 60 | + if padding > 0: |
| 61 | + textBase64 += '=' * (4-padding) |
| 62 | + try: |
| 63 | + # Decode string |
| 64 | + textDecode = base64.b64decode(textBase64).decode('utf-8') |
| 65 | + return textDecode |
| 66 | + except Exception as e: |
| 67 | + if str(e) == 'Incorrect padding': |
| 68 | + return text |
| 69 | + else: |
| 70 | + # if not base64, is not decoded |
| 71 | + return text |
| 72 | + |
| 73 | +def getNumber(min,max,asked): |
| 74 | + number = JOptionPane.showInputDialog(None, asked, "Input", JOptionPane.QUESTION_MESSAGE) |
| 75 | + |
| 76 | + if int(number) >= min and int(number) <= max: |
| 77 | + number = int(number) |
| 78 | + return number |
| 79 | + else: |
| 80 | + JOptionPane.showMessageDialog(None, "Choose number between " + min + " to " + max) |
| 81 | + getNumber() |
| 82 | + |
| 83 | + |
| 84 | +def getString(question): |
| 85 | + stringInput = JOptionPane.showInputDialog(None, question, "Input", JOptionPane.QUESTION_MESSAGE) |
| 86 | + return stringInput |
| 87 | + |
| 88 | +main() |
0 commit comments