我看到我操作的多个 Web 服务发出了大量 HTTP 请求,如下所示:
[[#22]][[#3]][[#1]][[#1]] [[#1]][[#0]][[#1]][[#28]][[#3]][[#3]]MÚ [[#7]]eÀ…Ʀá"¢ÛË…'Ð8zÃE¹ÔH“¶·[[#22]]~
À[[#20]][[#0]]9À À[[#19]][[#0]]3[[#0]][[#0]][[#0]]=[[#0]]<[[#0]]5[[#0]]/[[#0]]ÿ[[#1]][[#0]][[#0]][[#0]][[#11]][[#0]][[#4]][[#3]][[#0]][[#1]][[#2]][[#0]]:
[[#0]][[#12]][[#0]]:
[[#0]][[#29]][[#0]][[#23]][[#0]][[#30]][[#0]][[#25]][[#0]][[#24]][[#0]]#[[#0]][[#0]][[#0]][[#22]][[#0]][[#0]][[#0]][[#23]][[#0]][[#0]][[#0]] [[#0]]0[[#0]].[[#4]][[#3]][[#5]][[#3]][[#6]][[#3]][[#8]][[#7]][[#8]][[#8]][[#8]] [[#8]]:
[[#8]][[#11]][[#8]][[#4]][[#8]][[#5]][[#8]][[#6]][[#4]][[#1]][[#5]][[#1]][[#6]][[#1]][[#3]][[#3]][[#2]][[#3]][[#3]][[#1]][[#2]][[#1]][[#3]][[#2]][[#2]][[#2]][[#4]][[#2]][[#5]][[#2]][[#6]][[#2]][[#0]]+[[#0]] [[#8]][[#3]][[#4]][[#3]][[#3]][[#3]][[#2]][[#3]][[#1]][[#0]]-[[#0]][[#2]][[#1]][[#1]][[#0]]3[[#0]]&[[#0]]$[[#0]][[#29]][[#0]] U¿[[#19]]|}¯ $Â[[#1]]`¤^;d{²À[[#11]]&[[#20]]ó1Z:
它确实似乎是一个异常且可能恶意的请求,但我很难对其进行解码以了解其意图或可能造成的危害。是否有任何具体背景信息可以解释为什么这些请求被如此频繁地使用、它们试图实现什么以及如何正确解码它们的意图?
答案1
由于格式错误的请求千变万化,使用 Burp Suite 分析格式错误的 HTTP 请求可能非常具有挑战性。下面是一个简化的 Python 脚本,演示了如何使用 Burp Suite 分析格式错误的 HTTP 请求:
from burp import IBurpExtender
from burp import ITab
from burp import IHttpListener
from burp import IHttpRequestResponse
from burp import IRequestInfo
# Import the required Burp API classes
class BurpExtender(IBurpExtender, ITab, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Set the extension name and add the tab to Burp Suite
callbacks.setExtensionName("Malformed Request Analyzer")
callbacks.addSuiteTab(self)
# Register HTTP listener to capture requests and responses
callbacks.registerHttpListener(self)
def getTabCaption(self):
return "Malformed Request Analyzer"
def getUiComponent(self):
return None
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if messageIsRequest:
# Process request
request = messageInfo.getRequest()
analyzed_payload = self.analyze_request(request)
if analyzed_payload:
self.alert_on_malformed_request(analyzed_payload)
def analyze_request(self, request):
try:
# Parse the request
request_info = self._helpers.analyzeRequest(request)
# Implement your analysis logic here
# Check for malformed request patterns or any other issues
# Example: Check if the request contains an excessively long header
for header in request_info.getHeaders():
if len(header) > 1000:
return "Malformed Request: Excessive Header Length"
# Return the analyzed payload or None if no issues are found
return None
except Exception as e:
return "Error analyzing request: " + str(e)
def alert_on_malformed_request(self, payload):
# Implement how you want to alert on malformed requests
# This could be logging, sending alerts, or any other action
# Instantiate the BurpExtender class
burp_extender = BurpExtender()
在此脚本中:
我们为 Burp Suite 实现了一个扩展,它充当“格式错误请求分析器”,并注册一个 HTTP 监听器来捕获 HTTP 请求。
在该
processHttpMessage方法中,我们处理HTTP请求,并调用该analyze_request方法对请求内容进行自定义分析。您应该在此方法中实现您的分析逻辑。如果检测到格式错误的请求(根据您的分析),该
alert_on_malformed_request方法可用于定义您如何警报或处理格式错误的请求。
请注意,此脚本提供了分析格式错误的请求的基本框架。您需要扩展和自定义分析逻辑以满足您的特定要求和场景。此外,您还需要在 Burp Suite 应用程序本身内安装和配置此 Burp Suite 扩展。