本帖最后由 PrimerBlack 于 2025-2-7 15:01 编辑
Enhanced BurpGPT 是一个 Burp Suite 插件,它能帮助你使用 AI(人工智能)来分析 Web 应用的安全问题。简单来说,当你测试网站时,它可以帮你自动分析请求和响应,找出潜在的安全漏洞。
项目亮点:自定义prompt、自定义apiurl、单独的gpt分析结果展示标签栏、导出分析结果等
部分运行截图:
配置deepseek:
使用deepseek分析:
配置栏:
结果展示栏:
分析栏:
源代码(部分):
[Python] 纯文本查看 复制代码 class GPTRequest:
def __init__([i]self[/i], [i]helpers[/i], [i]http_message[/i], [i]model[/i], [i]max_prompt_size[/i]):
[i]try[/i]:
[i]# 获取请求信息[/i]
request_info = [i]helpers[/i].analyzeRequest([i]http_message[/i])
[i]# 获取基本信息[/i]
[i]self[/i].url = str([i]http_message[/i].getUrl())
[i]self[/i].method = str(request_info.getMethod())
[i]# 获取请求和响应[/i]
request_bytes = [i]http_message[/i].getRequest()
[i]self[/i].request = [i]helpers[/i].bytesToString(request_bytes)
response_bytes = [i]http_message[/i].getResponse()
[i]self[/i].response = [i]helpers[/i].bytesToString(response_bytes) [i]if[/i] response_bytes [i]else[/i] ""
[i]self[/i].model = [i]model[/i]
[i]self[/i].max_prompt_size = [i]max_prompt_size[/i]
[i]self[/i].prompt = None
[i]except[/i] Exception [i]as[/i] e:
[i]raise[/i] Exception("Error initializing GPTRequest: " + str(e))
def set_prompt([i]self[/i], [i]prompt_template[/i]):
[i]try[/i]:
[i]# 构建提示词[/i]
prompt = [i]prompt_template[/i]
[i]# 替换占位符[/i]
prompt = prompt.replace("{URL}", [i]self[/i].url)
prompt = prompt.replace("{METHOD}", [i]self[/i].method)
prompt = prompt.replace("{REQUEST}", [i]self[/i].request)
prompt = prompt.replace("{RESPONSE}", [i]self[/i].response)
[i]# 截断过长的内容[/i]
[i]if[/i] len(prompt) > [i]self[/i].max_prompt_size:
prompt = prompt[:[i]self[/i].max_prompt_size]
[i]self[/i].prompt = prompt
[i]return[/i] prompt
[i]except[/i] Exception [i]as[/i] e:
[i]raise[/i] Exception("Error setting prompt: " + str(e))
def log([i]self[/i], [i]message[/i]):
[i]if[/i] hasattr([i]self[/i], '_callbacks'):
stdout = [i]self[/i]._callbacks.getStdout()
[i]if[/i] stdout:
writer = PrintWriter(stdout, True)
writer.println([i]message[/i])
class GPTResponse:
def __init__([i]self[/i], [i]raw_response[/i]):
[i]self[/i].raw_response = [i]raw_response[/i]
[i]self[/i].choices = [i]raw_response[/i].get("choices", [])
[i]self[/i].usage = [i]raw_response[/i].get("usage", {})
def get_content([i]self[/i]):
[i]if[/i] [i]self[/i].choices and len([i]self[/i].choices) > 0:
[i]return[/i] [i]self[/i].choices[0]["message"]["content"]
[i]return[/i] None
def get_token_usage([i]self[/i]):
[i]return[/i] {
"prompt_tokens": [i]self[/i].usage.get("prompt_tokens", 0),
"completion_tokens": [i]self[/i].usage.get("completion_tokens", 0),
"total_tokens": [i]self[/i].usage.get("total_tokens", 0)
}
class AnalysisResult:
def __init__([i]self[/i], [i]time[/i], [i]url[/i], [i]response[/i]):
[i]self[/i].time = [i]time[/i]
[i]self[/i].url = [i]url[/i]
[i]self[/i].response = [i]response[/i]
[i]self[/i].severity = "Information"
[i]self[/i].notes = ""
def __str__([i]self[/i]):
[i]return[/i] "[{}] {}".format([i]self[/i].time, [i]self[/i].url)
使用方法、完整代码见github项目地址
Github项目地址:https://github.com/yxdm02/EnhancedBurpGPT
| 
[复制链接]
发表于 2025-2-7 14:39
|
发表于 2025-2-10 15:56
