{"id":26509854,"url":"https://github.com/pizz33/burp_handling","last_synced_at":"2025-03-21T01:37:42.929Z","repository":{"id":266037257,"uuid":"897187559","full_name":"Pizz33/burp_handling","owner":"Pizz33","description":"处理burp history导出的数据，方便进一步的渗透","archived":false,"fork":false,"pushed_at":"2024-12-02T07:39:39.000Z","size":0,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-02T08:30:28.900Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Pizz33.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-02T07:33:54.000Z","updated_at":"2024-12-02T08:24:08.000Z","dependencies_parsed_at":"2024-12-02T08:42:10.416Z","dependency_job_id":null,"html_url":"https://github.com/Pizz33/burp_handling","commit_stats":null,"previous_names":["pizz33/burp_handling"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2Fburp_handling","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2Fburp_handling/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2Fburp_handling/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2Fburp_handling/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Pizz33","download_url":"https://codeload.github.com/Pizz33/burp_handling/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244722690,"owners_count":20499151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-21T01:37:42.459Z","updated_at":"2025-03-21T01:37:42.921Z","avatar_url":"https://github.com/Pizz33.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# burp_handling\n处理burp history导出的数据，方便进一步的渗透\n\n![image](https://github.com/user-attachments/assets/c29256f8-51e7-494f-9aa1-543fb4dfc086)\n\n右键选中 save item，导出对应的xml文件\n\n![image](https://github.com/user-attachments/assets/a859be37-6f0d-467d-8f82-9c643565d261)\n\n导出文件格式还需要做进一步的处理：\n\n1. **Base64 解码**：\n\n - 将 XML 中的 `\u003crequest\u003e` 元素的内容进行 Base64 解码，解码得到完整的 HTTP 请求内容。\n \n3. **解析请求**：\n\n - 根据 HTTP 请求格式，第一行包含了请求方法和路径，例如：POST /api/login HTTP/1.1，提取 `/api/login`\n \n4. **提取 POST 数据**：\n\n - 通过检查是否遇到 HTTP 请求头结束标志 `\\r\\n\\r\\n`，来提取请求体\n \n5. **写入 CSV 文件**：\n\n - 将提取到的请求方法、API 路径和 POST 数据写入到 CSV 文件中\n\n导出文件命名为 `burp_history.xml`，导出文件为 `burp_history.csv`\n\n```\nimport os\nimport xml.etree.ElementTree as ET\nimport csv\nimport base64\n\ninput_file = \"burp_history.xml\"\noutput_file = \"burp_history.csv\"\n\nif os.path.exists(output_file):\n try:\n os.rename(output_file, output_file)\n except PermissionError:\n print(f\"文件 {output_file} 正在被占用，请关闭相关程序后重试。\")\n exit(1)\n\ntree = ET.parse(input_file)\nroot = tree.getroot()\n\ntry:\n with open(output_file, mode=\"w\", newline=\"\", encoding=\"utf-8\") as csvfile:\n csv_writer = csv.writer(csvfile)\n csv_writer.writerow([\"Method\", \"API Endpoint\", \"POST Content\"])\n\n for item in root.findall('./item'):\n request_element = item.find('request')\n\n if request_element is not None and request_element.text:\n try:\n request_data = base64.b64decode(request_element.text).decode(\"utf-8\", errors=\"ignore\")\n except Exception as e:\n print(f\"Base64 解码失败: {e}\")\n continue\n\n header_body_split = request_data.split(\"\\r\\n\\r\\n\", 1)\n\n if len(header_body_split) == 2:\n headers = header_body_split[0]\n body = header_body_split[1].strip()\n\n header_lines = headers.split(\"\\r\\n\")\n if header_lines:\n first_line = header_lines[0].strip()\n parts = first_line.split(\" \")\n if len(parts) \u003e= 2:\n method = parts[0].upper()\n path = parts[1]\n else:\n method = \"UNKNOWN\"\n path = first_line\n\n post_content = body if method == \"POST\" else \"\"\n csv_writer.writerow([method, path, post_content])\n else:\n csv_writer.writerow([\"ERROR\", \"INVALID REQUEST\", \"\"])\n else:\n csv_writer.writerow([\"ERROR\", \"EMPTY REQUEST\", \"\"])\n\n print(f\"已成功将数据整理为 {output_file}\")\n\nexcept PermissionError:\n print(f\"无法创建或写入文件 {output_file}，请检查权限。\")\nexcept Exception as e:\n print(f\"发生意外错误：{e}\")\n```\n\n![image](https://github.com/user-attachments/assets/1395820f-279f-485a-bb0e-9b1538a582ba)\n\nintruder测试选择 `Pitchfork` 模式进行发包\n\n![image](https://github.com/user-attachments/assets/2505674d-9eb9-4c26-8b09-df7635e3dc7a)\n\npayload encoding 取消勾选\n\n![image](https://github.com/user-attachments/assets/2633e612-908f-4058-ad14-9b3f78648fc1)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpizz33%2Fburp_handling","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpizz33%2Fburp_handling","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpizz33%2Fburp_handling/lists"}