burp識別驗證碼爆破

前言

最近逛T00ls論壇，有個大佬自己本地訓練識別驗證碼並打包exe發到論壇，准確率滿高的。

Burp對接本地驗證碼識別

作者在文章burp對接本地驗證碼識別上傳了一個視頻演示通過NEW_xp_CAPTCHA插件識別驗證碼爆破演示，我將視頻轉載到了B站要看的如下鏈接。

https://www.bilibili.com/video/BV17S4y1X7cQ?share_source=copy_web

xp_CAPTCHA插件

下載地址xp_CAPTCHA(白嫖版)
修改xp_CAPTCHAcha.py

#!/usr/bin/env python
#coding:gbk
from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadGenerator
import base64
import json
import re
import urllib2
import ssl
#這里修改為本地的ip和端口
host = ('192.168.100.129', 3333)

class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory):
    def registerExtenderCallbacks(self, callbacks):
        #注冊payload生成器
        callbacks.registerIntruderPayloadGeneratorFactory(self)
        #插件里面顯示的名字
        callbacks.setExtensionName("xp_CAPTCHA")
        print 'xp_CAPTCHA  中文名:瞎跑驗證碼\nblog：http://www.nmd5.com/\nT00ls：https://www.t00ls.net/ \nThe loner安全團隊 author:算命縖子\n\n用法：\n在head頭部添加xiapao:驗證碼的URL\n\n如：\n\nPOST /login HTTP/1.1\nHost: www.baidu.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\nAccept: text/plain, */*; q=0.01\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nxiapao:http://www.baidu.com/get-validate-code\nContent-Length: 84\nConnection: close\nCookie: JSESSIONID=24D59677C5EDF0ED7AFAB8566DC366F0\n\nusername=admin&password=admin&vcode=8888\n\n'

    def getGeneratorName(self):
        return "xp_CAPTCHA"

    def createNewInstance(self, attack):
        return xp_CAPTCHA(attack)

class xp_CAPTCHA(IIntruderPayloadGenerator):
    def __init__(self, attack):
        tem = "".join(chr(abs(x)) for x in attack.getRequestTemplate()) #request內容
        cookie = re.findall("Cookie: (.+?)\r\n", tem)[0] #獲取cookie
        xp_CAPTCHA = re.findall("xiapao:(.+?)\r\n", tem)[0]
        ssl._create_default_https_context = ssl._create_unverified_context #忽略證書，防止證書報錯
        print xp_CAPTCHA+'\n'
        print 'cookie:' + cookie+'\n'
        self.xp_CAPTCHA = xp_CAPTCHA
        self.cookie = cookie
        self.max = 1 #payload最大使用次數
        self.num = 0 #標記payload的使用次數
        self.attack = attack

    def hasMorePayloads(self):
        #如果payload使用到了最大次數reset就清0
        if self.num == self.max:
            return False  # 當達到最大次數的時候就調用reset
        else:
            return True

    def getNextPayload(self, payload):  # 這個函數請看下文解釋
        xp_CAPTCHA_url = self.xp_CAPTCHA #驗證碼url

        print xp_CAPTCHA_url
        headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36","Cookie":self.cookie}
        request = urllib2.Request(xp_CAPTCHA_url,headers=headers)
        CAPTCHA = urllib2.urlopen(request) #獲取圖片
        CAPTCHA_base64 = 'data:image/png;base64,' + base64.b64encode(CAPTCHA.read()) #把圖片base64編碼

        request = urllib2.Request('http://%s:%s/api'%host,'url=' +CAPTCHA_base64)
        response = urllib2.urlopen(request).read()
        print(response)
        return response

    def reset(self):
        self.num = 0  # 清零
        return