This repository has been archived by the owner on Feb 9, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
burp-payload-processor.py
132 lines (99 loc) · 4.39 KB
/
burp-payload-processor.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
from burp import IBurpExtender
from burp import IBurpExtenderCallbacks
from burp import IIntruderPayloadProcessor
from java.io import PrintWriter
class BurpExtender(IBurpExtender, IIntruderPayloadProcessor):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Register methods for error reporting
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self.stdout.println("Module loaded successfully!")
callbacks.setExtensionName('Add Luhn check digit')
callbacks.registerIntruderPayloadProcessor(self)
return
def getProcessorName(self):
return "Add Luhn check digit to the number"
def processPayload(self,currentPayload, originalPayload, baseValue):
payload = self._helpers.bytesToString(currentPayload)
if not payload.isdigit():
print "You need to pass a digit"
return currentPayload
try:
# Data will be outputted to Burp UI by default
self.stdout.println("currentPayload: %s" % payload)
payload = addluhn(payload)
self.stdout.println("newPayload: %s" % payload)
except:
print "Unexpected error:", sys.exc_info()[0]
newPayload = self._helpers.stringToBytes(payload)
return newPayload
def addluhn(data):
checkdigit = generate(data)
data += checkdigit
return data
decimal_decoder = lambda s: int(s, 10)
decimal_encoder = lambda i: str(i)
def luhn_sum_mod_base(string, base=10, decoder=decimal_decoder):
# Adapted from http://en.wikipedia.org/wiki/Luhn_algorithm
digits = list(map(decoder, string))
return (
sum(digits[::-2]) +
sum(list(map(lambda d: sum(divmod(2 * d, base)), digits[-2::-2])))
) % base
def generate(string, base=10, encoder=decimal_encoder,
decoder=decimal_decoder):
"""
Calculates the Luhn mod N check character for the given input string. This
character should be appended to the input string to produce a valid Luhn
mod N string in the given base.
>>> value = '4205092350249'
>>> generate(value)
'1'
When operating in a base other than decimal, encoder and decoder callables
should be supplied. The encoder should take a single argument, an integer,
and return the character corresponding to that integer in the operating
base. Conversely, the decoder should take a string containing a single
character and return its integer value in the operating base. Note that
the mapping between values and characters defined by the encoder and
decoder should be one-to-one.
For example, when working in hexadecimal:
>>> hex_alphabet = '0123456789abcdef'
>>> hex_encoder = lambda i: hex_alphabet[i]
>>> hex_decoder = lambda s: hex_alphabet.index(s)
>>> value = 'a8b56f'
>>> generate(value, base=16, encoder=hex_encoder, decoder=hex_decoder)
'b'
>>> verify('a8b56fb', base=16, decoder=hex_decoder)
True
>>> verify('a8b56fc', base=16, decoder=hex_decoder)
False
"""
d = luhn_sum_mod_base(string + encoder(0), base=base, decoder=decoder)
if d != 0:
d = base - d
return encoder(d)
def verify(string, base=10, decoder=decimal_decoder):
"""
Verifies that the given string is a valid Luhn mod N string.
>>> verify('5105105105105100') # MasterCard test number
True
When operating in a base other than decimal, encoder and decoder callables
should be supplied. The encoder should take a single argument, an integer,
and return the character corresponding to that integer in the operating
base. Conversely, the decoder should take a string containing a single
character and return its integer value in the operating base. Note that
the mapping between values and characters defined by the encoder and
decoder should be one-to-one.
For example, 'b' is the correct check character for the hexadecimal string
'a8b56f':
>>> hex_decoder = lambda s: '0123456789abcdef'.index(s)
>>> verify('a8b56fb', base=16, decoder=hex_decoder)
True
Any other check digit (in this example: 'c'), will result in a failed
verification:
>>> verify('a8b56fc', base=16, decoder=hex_decoder)
False
"""
return luhn_sum_mod_base(string, base=base, decoder=decoder) == 0