| skipped 52 lines |
| 53 | 53 | | HTTP_STATUS_CODES_REASONS, |
| 54 | 54 | | AVOID_PARAMS, |
| 55 | 55 | | ) |
| | 56 | + | import base64 |
| 56 | 57 | | from ghauri.common.config import conf |
| 57 | 58 | | from ghauri.common.payloads import PAYLOADS |
| 58 | 59 | | from ghauri.logger.colored_logger import logger |
| skipped 10 lines |
| 69 | 70 | | return f"<Parameter('{self.__key}')>" |
| 70 | 71 | | |
| 71 | 72 | | |
| | 73 | + | def parse_burp_request(request_text): |
| | 74 | + | _temp = "" |
| | 75 | + | regex = r"(?is)(?:<request base64=(['\"])(?P<is_base64>(?:true|false))\1><!\[CDATA\[(?P<request>(.+?))\]\]></request>)" |
| | 76 | + | mobj = re.search(regex, request_text) |
| | 77 | + | if mobj: |
| | 78 | + | is_base64 = mobj.group("is_base64") == "true" |
| | 79 | + | req = mobj.group("request") |
| | 80 | + | if is_base64: |
| | 81 | + | # logger.debug("decoding and parsing base64 encoded burp request..") |
| | 82 | + | _temp = base64.b64decode(req).decode() |
| | 83 | + | else: |
| | 84 | + | # logger.debug("parsing burp request..") |
| | 85 | + | _temp = req |
| | 86 | + | else: |
| | 87 | + | # logger.debug("normal http request file..") |
| | 88 | + | _temp = request_text |
| | 89 | + | return _temp |
| | 90 | + | |
| | 91 | + | |
| 72 | 92 | | # source: https://stackoverflow.com/questions/4685217/parse-raw-http-headers |
| 73 | 93 | | class HTTPRequest(BaseHTTPRequestHandler): |
| 74 | 94 | | def __init__(self, request_text): |
| 75 | 95 | | self.__request = request_text |
| 76 | 96 | | request_text = request_text.replace("HTTP/2", "HTTP/1.1") |
| | 97 | + | request_text = parse_burp_request(request_text) |
| 77 | 98 | | if isinstance(request_text, str): |
| 78 | 99 | | request_text = request_text.encode("utf-8") |
| 79 | 100 | | self.rfile = BytesIO(request_text) |
| skipped 2019 lines |
