mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-18 11:45:25 +00:00
5f0b7eb19b
* feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
62 lines
1.6 KiB
Go
62 lines
1.6 KiB
Go
package burp
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"io"
|
|
"strings"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/input/formats"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/input/types"
|
|
"github.com/projectdiscovery/utils/conversion"
|
|
"github.com/seh-msft/burpxml"
|
|
)
|
|
|
|
// BurpFormat is a Burp XML File parser
|
|
type BurpFormat struct {
|
|
opts formats.InputFormatOptions
|
|
}
|
|
|
|
// New creates a new Burp XML File parser
|
|
func New() *BurpFormat {
|
|
return &BurpFormat{}
|
|
}
|
|
|
|
var _ formats.Format = &BurpFormat{}
|
|
|
|
// Name returns the name of the format
|
|
func (j *BurpFormat) Name() string {
|
|
return "burp"
|
|
}
|
|
|
|
func (j *BurpFormat) SetOptions(options formats.InputFormatOptions) {
|
|
j.opts = options
|
|
}
|
|
|
|
// Parse parses the input and calls the provided callback
|
|
// function for each RawRequest it discovers.
|
|
func (j *BurpFormat) Parse(input io.Reader, resultsCb formats.ParseReqRespCallback, filePath string) error {
|
|
items, err := burpxml.Parse(input, true)
|
|
if err != nil {
|
|
return errors.Wrap(err, "could not decode burp xml schema")
|
|
}
|
|
|
|
// Print the parsed data for verification
|
|
for _, item := range items.Items {
|
|
item := item
|
|
binx, err := base64.StdEncoding.DecodeString(item.Request.Raw)
|
|
if err != nil {
|
|
return errors.Wrap(err, "could not decode base64")
|
|
}
|
|
if strings.TrimSpace(conversion.String(binx)) == "" {
|
|
continue
|
|
}
|
|
rawRequest, err := types.ParseRawRequestWithURL(conversion.String(binx), item.Url)
|
|
if err != nil {
|
|
return errors.Wrap(err, "could not parse raw request")
|
|
}
|
|
resultsCb(rawRequest) // TODO: Handle false and true from callback
|
|
}
|
|
return nil
|
|
}
|