From 90d09df28d797a0ae9df835b5133e493382fa2b5 Mon Sep 17 00:00:00 2001
From: CodeXTF2 <ethanseow2002@gmail.com>
Date: Mon, 15 Aug 2022 18:13:17 +0800
Subject: [PATCH] Added feature to store data in existing headers

---
 burp2malleable.py | 49 ++++++++++++++++++++++---
 generated.profile | 91 -----------------------------------------------
 2 files changed, 45 insertions(+), 95 deletions(-)
 delete mode 100644 generated.profile

diff --git a/burp2malleable.py b/burp2malleable.py
index 45ccaf9..c8b990e 100644
--- a/burp2malleable.py
+++ b/burp2malleable.py
@@ -26,16 +26,41 @@ def printbold(msg):
 def printmsg(msg):
   print(colored("[*] ","cyan",attrs=["bold"]) + msg)
 
+def blend(string):
+    isok = False
+    while not isok:
+        print("The current value of the field is:\n" + colored(string,"green"))
+        toreplace = input("\nWhat part would you like to replace with the data?\n> ")
+        strarray = string.split(toreplace)
+        while len(strarray) <2:
+            strarray.append("")
+        print(f"The resulting field will look something like this:\n" + colored(f"{strarray[0]}DDovyDgKGfg{strarray[1]}\n","green"))
+        isok_str = input("Does this look ok? (Y/n)\n> ")
+        if isok_str == '' or isok_str.lower() == 'y':
+            isok=True
+
+    return strarray[0],strarray[1]
 
 def storelocation(item):
-    print(colored(toolbanner,"cyan"))
+    global reqheaders
+    global reqparams_dict
+    prepend = ''
+    append = ''
     location = input(f"Where do you want to store {item}?\n\t1. Header\n\t2. Body\n\t3. URI-Param\n>")
     if location == "1":
         headername = input("Header name: ")
-        return ['header',headername]
+        if headername in reqheaderlist:
+            print("This header already exists.")
+            prepend,append = blend(str(reqheaders.get(headername)))
+            reqheaders.pop(headername)
+        return ['header',headername,prepend,append]
     elif location == "3":
         paramname = input("Param name: ")
-        return ['uriparam',paramname]
+        if paramname in reqparams_dict.keys():
+            print(f"This parameter {paramname} already exists.")
+            prepend,append = blend(reqparams_dict[paramname])
+            reqparams_dict.pop(paramname)
+        return ['uriparam',paramname,prepend,append]
     else:
         return ['body','']
 
@@ -60,9 +85,16 @@ def storelocation(item):
 requri = reqfile.split("\n")[0].split(" ")[1].split("?")[0]
 
 try:
-    reqparams = reqfile.split("\n")[0].split(" ")[1].split("?")[1]
+    reqparams = reqfile.split("\n")[0].split(" ")[1].split("?")[1].split("&")
 except:
     reqparams= ""
+
+reqparams_dict = {}
+for x in reqparams:
+    x_split = x.split("=")
+    key = x_split[0]
+    value = x_split[1]
+    reqparams_dict[key] = value
 reqmethod = reqfile.split("\n")[0].split(" ")[0]
 
 reqheaders, reqdata = burpee.parse_request("tempreq")
@@ -77,6 +109,9 @@ def storelocation(item):
 for x in resfile.split("\n"):
     resfile_commented += "# " + x + "\n"
 
+reqheaderlist = []
+for x in reqheaders.items():
+    reqheaderlist.append(x[0])
 
 
 original = "# Original HTTP request\n#\n" + reqfile_commented + "\n#"
@@ -146,12 +181,18 @@ def storelocation(item):
 
 #metadata
 if beaconmeta[0] == "body":
+    metadata.add_statement("prepend",beaconmeta[2])
+    metadata.add_statement("append",beaconmeta[3])
     metadata.add_statement("print")
     printmsg(f"Storing beacon metadata in request body")
 elif beaconmeta[0] == "uriparam":
+    metadata.add_statement("prepend",beaconmeta[2])
+    metadata.add_statement("append",beaconmeta[3])
     metadata.add_statement("parameter",beaconmeta[1])
     printmsg(f"Storing beacon metadata in the URI parameter {beaconmeta[1]}")
 else:
+    metadata.add_statement("prepend",beaconmeta[2])
+    metadata.add_statement("append",beaconmeta[3])
     metadata.add_statement("header",beaconmeta[1])
     printmsg(f"Storing beacon metadata in request header {beaconmeta[1]}")
 
diff --git a/generated.profile b/generated.profile
deleted file mode 100644
index 75af9c9..0000000
--- a/generated.profile
+++ /dev/null
@@ -1,91 +0,0 @@
-
-############################################################################
-# Generated by Burp2Malleable - https://github.com/CodeXTF2/Burp2Malleable #     
-# By: CodeX                                                                #
-############################################################################
-# Automatically generated with pyMalleableC2
-# https://github.com/Porchetta-Industries/pyMalleableC2
-#
-# !!! Make sure to run this profile through c2lint before using !!!
-
-http-get {
-    set verb "GET";
-    set uri "/";
-    client {
-        header "Host" "example.com";
-        header "Upgrade-Insecure-Requests" "1";
-        header "User-Agent" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36";
-        header "Accept" "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9";
-        header "Accept-Encoding" "gzip, deflate";
-        header "Accept-Language" "en-US,en;q=0.9";
-        header "Connection" "close";
-        metadata {
-            mask;
-            base64url;
-            header "Cookie";
-        }
-    }
-    server {
-        output {
-            mask;
-            base64url;
-            print;
-        }
-        header "Accept-Ranges" "bytes";
-        header "Age" "441594";
-        header "Cache-Control" "max-age=604800";
-        header "Content-Type" "text/html; charset=UTF-8";
-        header "Date" "Sun, 14 Aug 2022 17:45:50 GMT";
-        header "Etag" "'3147526947'";
-        header "Expires" "Sun, 21 Aug 2022 17:45:50 GMT";
-        header "Last-Modified" "Thu, 17 Oct 2019 07:18:26 GMT";
-        header "Server" "ECS (oxr/832D)";
-        header "Vary" "Accept-Encoding";
-        header "X-Cache" "HIT";
-        header "Content-Length" "1256";
-        header "Connection" "close";
-    }
-}
-http-post {
-    set verb "GET";
-    set uri "//";
-    client {
-        header "Host" "example.com";
-        header "Upgrade-Insecure-Requests" "1";
-        header "User-Agent" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36";
-        header "Accept" "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9";
-        header "Accept-Encoding" "gzip, deflate";
-        header "Accept-Language" "en-US,en;q=0.9";
-        header "Connection" "close";
-        id {
-            mask;
-            base64url;
-            parameter "id";
-        }
-        output {
-            mask;
-            base64url;
-            header "data";
-        }
-    }
-    server {
-        output {
-            mask;
-            base64url;
-            print;
-        }
-        header "Accept-Ranges" "bytes";
-        header "Age" "441594";
-        header "Cache-Control" "max-age=604800";
-        header "Content-Type" "text/html; charset=UTF-8";
-        header "Date" "Sun, 14 Aug 2022 17:45:50 GMT";
-        header "Etag" "'3147526947'";
-        header "Expires" "Sun, 21 Aug 2022 17:45:50 GMT";
-        header "Last-Modified" "Thu, 17 Oct 2019 07:18:26 GMT";
-        header "Server" "ECS (oxr/832D)";
-        header "Vary" "Accept-Encoding";
-        header "X-Cache" "HIT";
-        header "Content-Length" "1256";
-        header "Connection" "close";
-    }
-}