| skipped 52 lines |
53 | 53 | | HTTP_STATUS_CODES_REASONS, |
54 | 54 | | AVOID_PARAMS, |
55 | 55 | | ) |
| 56 | + | import base64 |
56 | 57 | | from ghauri.common.config import conf |
57 | 58 | | from ghauri.common.payloads import PAYLOADS |
58 | 59 | | from ghauri.logger.colored_logger import logger |
| skipped 10 lines |
69 | 70 | | return f"<Parameter('{self.__key}')>" |
70 | 71 | | |
71 | 72 | | |
| 73 | + | def parse_burp_request(request_text): |
| 74 | + | _temp = "" |
| 75 | + | regex = r"(?is)(?:<request base64=(['\"])(?P<is_base64>(?:true|false))\1><!\[CDATA\[(?P<request>(.+?))\]\]></request>)" |
| 76 | + | mobj = re.search(regex, request_text) |
| 77 | + | if mobj: |
| 78 | + | is_base64 = mobj.group("is_base64") == "true" |
| 79 | + | req = mobj.group("request") |
| 80 | + | if is_base64: |
| 81 | + | # logger.debug("decoding and parsing base64 encoded burp request..") |
| 82 | + | _temp = base64.b64decode(req).decode() |
| 83 | + | else: |
| 84 | + | # logger.debug("parsing burp request..") |
| 85 | + | _temp = req |
| 86 | + | else: |
| 87 | + | # logger.debug("normal http request file..") |
| 88 | + | _temp = request_text |
| 89 | + | return _temp |
| 90 | + | |
| 91 | + | |
72 | 92 | | # source: https://stackoverflow.com/questions/4685217/parse-raw-http-headers |
73 | 93 | | class HTTPRequest(BaseHTTPRequestHandler): |
74 | 94 | | def __init__(self, request_text): |
75 | 95 | | self.__request = request_text |
76 | 96 | | request_text = request_text.replace("HTTP/2", "HTTP/1.1") |
| 97 | + | request_text = parse_burp_request(request_text) |
77 | 98 | | if isinstance(request_text, str): |
78 | 99 | | request_text = request_text.encode("utf-8") |
79 | 100 | | self.rfile = BytesIO(request_text) |
| skipped 2019 lines |