def initUI(self):
""" Finished Dialog box
Simple dialog box that says "Finished", to
bw displayed when all image analysis has
finished. When OK button is pressed all
ImageJ windows are closed.
"""
panel = JPanel()
self.getContentPane().add(panel)
panel.setBackground(Color.WHITE)
panel.setLayout(None)
self.setTitle("Analysis has finished")
self.setSize(300, 150)
OKbutton = JButton("OK", actionPerformed=self.onOK)
OKbutton.setBackground(Color.BLACK)
OKbutton.setBounds(80, 50, 100, 30)
panel.add(OKbutton)
Title = JTextArea("Analysis has finised!! :-)")
Title.setBounds(15, 10, 250, 20)
panel.add(Title)
self.setLocationRelativeTo(None)
self.setLocation(int(IJ.getScreenSize().width * 0.01),
int(IJ.getScreenSize().height * 3 / 10))
self.setVisible(True)
def initUI(self):
panel = JPanel(size=(50, 50))
panel.setLayout(BorderLayout())
panel.setToolTipText("A Panel container")
joclButton = JButton("JOCL")
joclButton.setBounds(100, 500, 100, 30)
joclButton.setToolTipText("JOCL Button")
panel.add(joclButton)
qButton = JButton("Quit", actionPerformed=self.onQuit)
qButton.setBounds(200, 500, 80, 30)
qButton.setToolTipText("Quit Button")
panel.add(qButton)
inputImage = ImageIcon("input.png")
#JLabel imageLabel = inputImage
label1 = JLabel(inputImage)
label1.setBounds(1, 1, inputImage.getIconWidth(),
inputImage.getIconHeight())
#label1.setVerticalTextPosition(JLabel.BOTTOM)
#label1.setHorizontalTextPosition(JLabel.CENTER)
#label1.setSize(1,1)
panel.add(label1)
self.getContentPane().add(panel)
self.setTitle("GPU Demo")
self.setSize(1200, 600)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def build(self):
#labels
cl = JLabel("Celcius")
cl.setBounds(10, 10, 60, 20)
fl = JLabel("Farenheit")
fl.setBounds(120, 10, 60, 20)
kl = JLabel("Kelvin")
kl.setBounds(230, 10, 60, 20)
#celcius textfield
c = JTextField()
c.setBounds(10, 40, 60, 20)
c.addActionListener(lambda x: log(x))
#farenheit textfield
f = JTextField()
f.setBounds(120, 40, 60, 20)
f.addActionListener(lambda x: log(x))
#kelvin textfield
k = JTextField()
k.setBounds(230, 40, 60, 20)
k.addActionListener(lambda x: log(x))
#buttons
cv = JButton("Convert")
cv.addActionListener(lambda x: self.convert(x))
cv.setBounds(10, 70, 300 - 10, 30)
clean = JButton("Clean")
clean.addActionListener(lambda x: self.clean())
clean.setBounds(10, 110, 300 - 10, 30)
#add vars to frame
list(map(lambda x: self.add(x), [cl, kl, fl, c, f, k, cv, clean]))
self.k = k
self.c = c
self.f = f
self.textfields = {self.c, self.f, self.k}
def changePasswordForm(check):
global frame
global tfOldPassword
global tfNewPassword
global tfConfirmPassword
global value
value = check
frame = JFrame("Change Password")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(500, 350)
frame.setLocation(200, 200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(500, 350)
panel.setLocation(0, 0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.LIGHT_GRAY)
heading = JLabel("Change Password")
heading.setBounds(200, 30, 150, 40)
lbOldPassword = JLabel("Old Password")
lbNewPassword = JLabel("New Password")
lbConfirmPassword = JLabel("Confirm Password")
tfOldPassword = JTextField()
tfNewPassword = JTextField()
tfConfirmPassword = JTextField()
lbOldPassword.setBounds(50, 100, 150, 30)
lbNewPassword.setBounds(50, 150, 150, 30)
lbConfirmPassword.setBounds(50, 200, 150, 30)
tfOldPassword.setBounds(220, 100, 150, 30)
tfNewPassword.setBounds(220, 150, 150, 30)
tfConfirmPassword.setBounds(220, 200, 150, 30)
btnSave = JButton("Save", actionPerformed=clickSave)
btnCancel = JButton("Cancel", actionPerformed=clickCancel)
btnSave.setBounds(350, 280, 100, 30)
btnCancel.setBounds(50, 280, 100, 30)
panel.add(heading)
panel.add(lbOldPassword)
panel.add(lbNewPassword)
panel.add(lbConfirmPassword)
panel.add(tfOldPassword)
panel.add(tfNewPassword)
panel.add(tfConfirmPassword)
panel.add(btnSave)
panel.add(btnCancel)
frame.add(panel)
def addCourse():
global tfCourseName
global tfCourseId
global tfCourseFee
global frame
global btnEnter
frame = JFrame("Add Course ")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(450, 450)
frame.setLocation(200, 200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(450, 450)
panel.setLocation(0, 0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.LIGHT_GRAY)
heading = JLabel("ADD COURSE")
heading.setBounds(200, 30, 150, 40)
lbCourseName = JLabel("Course Name ")
lbCourseId = JLabel("Course Id")
lbCourseFee = JLabel(" Course Fee")
tfCourseName = JTextField()
tfCourseId = JTextField()
tfCourseFee = JTextField()
lbCourseName.setBounds(70, 120, 130, 30)
lbCourseId.setBounds(70, 170, 130, 30)
lbCourseFee.setBounds(70, 220, 130, 30)
tfCourseName.setBounds(220, 120, 150, 30)
tfCourseId.setBounds(220, 170, 150, 30)
tfCourseFee.setBounds(220, 220, 150, 30)
btnEnter = JButton("Enter", actionPerformed=clickAddCourseFee)
btnEnter.setBounds(300, 300, 100, 40)
btnCancel = JButton("Cancel", actionPerformed=clickCancel)
btnCancel.setBounds(70, 300, 100, 40)
panel.add(heading)
panel.add(lbCourseName)
panel.add(lbCourseId)
panel.add(lbCourseFee)
panel.add(tfCourseFee)
panel.add(tfCourseName)
panel.add(tfCourseId)
panel.add(tfCourseFee)
panel.add(btnEnter)
panel.add(btnCancel)
frame.add(panel)
def getButton(self, label, positionX, positionY):
"""
Creates a JButton with a specific label and position
"""
button = JButton(label)
button.setBounds(positionX, positionY, self.BUTTON_WIDTH,
self.BUTTON_HEIGHT)
return button
def getUiComponent(self):
panel = JPanel(BorderLayout())
panel.setLocation(100, 100)
panel.setLayout(None)
lbl1 = JLabel("Insert URL")
lbl1.setBounds(60, 20, 100, 40)
txt1 = JTextField(100)
txt1.setBounds(140, 20, 600, 40)
def btn1Click(event):
import requests
from bs4 import BeautifulSoup
url = requests.get("http://" + str(txt1.text))
# a=requests.get(str(txt1.text))
req = url.text
links = []
soup = BeautifulSoup(url.text, 'html.parser')
for link in soup.find_all('a'):
links.append(link.get('href'))
links = ((str(links).replace("[",
"")).replace("]",
"")).replace("u'", "'")
txt2.text = links #set info por table2
txt2.editable = False
txt2.wrapStyleWord = True
txt2.lineWrap = True
text2.aligmentx = Component.LEFT_ALIGMENT
txt2.size(300, 1)
return
btn = JButton("Click", actionPerformed=btn1Click)
btn.setBounds(400, 80, 60, 30)
panel.add(lbl1, BorderLayout.CENTER)
panel.add(txt1, BorderLayout.CENTER)
panel.add(btn, BorderLayout.CENTER)
lbl2 = JLabel("Output URLs")
lbl2.setBounds(60, 80, 150, 40)
txt2 = JTextArea()
txt2.setBounds(140, 120, 600, 600)
txt2.setBackground(Color.WHITE)
# set table color, if you want
panel.add(lbl2, BorderLayout.CENTER)
panel.add(txt2, BorderLayout.CENTER)
return panel
def install(helper):
print('install called');
frame = JFrame("Please Input Values")
frame.setLocation(100,100)
frame.setSize(500,400)
frame.setLayout(None)
lbl1 = JLabel("Input1: ")
lbl1.setBounds(60,20,60,20)
txt1 = JTextField(100)
txt1.setBounds(130,20,200,20)
lbl2 = JLabel("Input2: ")
lbl2.setBounds(60,50,100,20)
txt2 = JTextField(100)
txt2.setBounds(130,50,200,20)
lbl3 = JLabel("Input3: ")
lbl3.setBounds(60,80,140,20)
txt3 = JTextField(100)
txt3.setBounds(130,80,200,20)
lbl4 = JLabel("Input4: ")
lbl4.setBounds(60,110,180,20)
txt4 = JTextField(100)
txt4.setBounds(130,110,200,20)
def getValues(event):
print "clicked"
ScriptVars.setGlobalVar("Input1",str(txt1.getText()))
print(ScriptVars.getGlobalVar("Input1"))
ScriptVars.setGlobalVar("Input2",str(txt2.getText()))
print(ScriptVars.getGlobalVar("Input2"))
ScriptVars.setGlobalVar("Input3",str(txt3.getText()))
print(ScriptVars.getGlobalVar("Input3"))
ScriptVars.setGlobalVar("Input4",str(txt4.getText()))
print(ScriptVars.getGlobalVar("Input4"))
btn = JButton("Submit", actionPerformed = getValues)
btn.setBounds(160,150,100,20)
frame.add(lbl1)
frame.add(txt1)
frame.add(lbl2)
frame.add(txt2)
frame.add(btn)
frame.add(lbl3)
frame.add(txt3)
frame.add(lbl4)
frame.add(txt4)
frame.setVisible(True)
def install(helper):
print('install called')
frame = JFrame("Please Input Values")
frame.setLocation(100, 100)
frame.setSize(500, 400)
frame.setLayout(None)
lbl1 = JLabel("Input1: ")
lbl1.setBounds(60, 20, 60, 20)
txt1 = JTextField(100)
txt1.setBounds(130, 20, 200, 20)
lbl2 = JLabel("Input2: ")
lbl2.setBounds(60, 50, 100, 20)
txt2 = JTextField(100)
txt2.setBounds(130, 50, 200, 20)
lbl3 = JLabel("Input3: ")
lbl3.setBounds(60, 80, 140, 20)
txt3 = JTextField(100)
txt3.setBounds(130, 80, 200, 20)
lbl4 = JLabel("Input4: ")
lbl4.setBounds(60, 110, 180, 20)
txt4 = JTextField(100)
txt4.setBounds(130, 110, 200, 20)
def getValues(event):
print "clicked"
ScriptVars.setGlobalVar("Input1", str(txt1.getText()))
print(ScriptVars.getGlobalVar("Input1"))
ScriptVars.setGlobalVar("Input2", str(txt2.getText()))
print(ScriptVars.getGlobalVar("Input2"))
ScriptVars.setGlobalVar("Input3", str(txt3.getText()))
print(ScriptVars.getGlobalVar("Input3"))
ScriptVars.setGlobalVar("Input4", str(txt4.getText()))
print(ScriptVars.getGlobalVar("Input4"))
btn = JButton("Submit", actionPerformed=getValues)
btn.setBounds(160, 150, 100, 20)
frame.add(lbl1)
frame.add(txt1)
frame.add(lbl2)
frame.add(txt2)
frame.add(btn)
frame.add(lbl3)
frame.add(txt3)
frame.add(lbl4)
frame.add(txt4)
frame.setVisible(True)
def initUI(self):
panel = JPanel()
self.getContentPane().add(panel)
panel.setLayout(None)
qbutton = JButton("Quit", actionPerformed=self.onQuit)
qbutton.setBounds(50, 60, 80, 30)
panel.add(qbutton)
self.setTitle("Quit Button")
self.setSize(300, 200)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def initUI(self):
panel = JPanel()
self.getContentPane().add(panel)
panel.setLayout(None)
qbutton = JButton("Quit", actionPerformed=self.onQuit)
qbutton.setBounds(50, 60, 80, 30)
panel.add(qbutton)
self.setTitle("Quit Button")
self.setSize(300, 200)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def output(self, value):
#url = "https://dict.leo.org/englisch-deutsch/dog"
#import urllib.request
#with urllib.request.urlopen(url) as response:
#html = response.read()
#with open("leoausgabe.txt","w") as f:
#f.write(str(html))
t = ''
frame = JFrame(
'Lektion erstellen',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(500, 500),
)
def change_text(event):
text = feld.getText()
name = feld2.getText() + ".csv"
with open(name, "w") as f:
f.write(text)
#print(name + " gespeichert")
#print(text)
t = text
self.send(t)
#return(t)
button = JButton('Lektion speichern!',
actionPerformed=change_text,
size=(10, 20))
button.setBounds(20, 40, 20, 40)
pnl = JPanel()
pnl.setLayout(BoxLayout(pnl, BoxLayout.Y_AXIS))
feld = JTextArea()
feld.editable = True
feld.setText("Deutsch,Englisch\n")
feld2 = JTextField()
feld2.setText("Ersetzen durch Namen der Lektion")
pnl.add(feld2)
pnl.add(feld)
pnl.add(button)
frame.add(pnl)
frame.setVisible(True)
#change_text(value)
print(t)
print "Lektion erstellt"
def showLoginIdPassword(data):
global frame
frame = JFrame("Show Id Password ")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(500,350)
frame.setLocation(200,200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(500,350)
panel.setLocation(0,0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.LIGHT_GRAY)
heading = JLabel("LoginId AND Password")
heading.setBounds(200,30,150,40)
lbLoginId = JLabel("LoginId")
lbPassword = JLabel("password")
tfLoginId = JTextField(data[0].encode('ascii'))
tfPassword = JTextField(data[1].encode('ascii'))
tfLoginId.setEditable(False)
tfPassword.setEditable(False)
lbLoginId.setBounds(50,100,150,30)
lbPassword.setBounds(50,150,150,30)
tfLoginId.setBounds(220,100,150,30)
tfPassword.setBounds(220,150,150,30)
btnOk = JButton("Ok",actionPerformed=clickOk)
btnOk.setBounds(250,220,100,30)
panel.add(heading)
panel.add(lbLoginId)
panel.add(lbPassword)
panel.add(tfLoginId)
panel.add(tfPassword)
panel.add(btnOk)
frame.add(panel)
def initUI(self):
panel = JPanel()
self.getContentPane().add(panel)
panel.setLayout(None)
panel.setToolTipText("A panel container")
button = JButton("Button")
button.setBounds(100, 60, 100, 30)
button.setToolTipText("A button component")
panel.add(button)
self.setTitle("Tooltips")
self.setSize(300, 200)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def initUI(self):
panel = JPanel()
self.getContentPane().add(panel)
panel.setLayout(None)
panel.setToolTipText("A panel container")
button = JButton("Button")
button.setBounds(100, 60, 100, 30)
button.setToolTipText("A button component")
panel.add(button)
self.setTitle("Tooltips")
self.setSize(300, 200)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def gui(self):
# Hilfsfunktion für event
# erstellt ein Rezeptobjekt anhand einer URL
# schließt die GUI
def create(event):
url = field.getText()
self.recipe = Recipe(url)
frame.dispose()
print("created recipe for " + self.recipe.get_title())
# der Dialog wartet, bis "continue" gesendet wird
self.send("continue")
# Frame erstellen
frame = JFrame(
'URL eingeben',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(480, 200),
)
frame.setLayout(None)
# Text im Frame
fieldlabel = JLabel()
fieldlabel.setText(
"<html><font size=+1>Geben Sie die Internetadresse des Rezepts ein</font></html>"
)
fieldlabel.setBounds(20, 20, 500, 40)
frame.add(fieldlabel)
# Textfeld im Frame
field = JTextField()
field.setText("https://www.chefkoch.de/rezepte/...")
field.setBounds(20, 60, 411, 40)
frame.add(field)
# Button im Frame
# ruft Hilfsfunktion create auf
button = JButton("Los!", actionPerformed=create)
button.setBounds(155, 100, 150, 30)
frame.add(button)
#Frame anzeigen
frame.setVisible(True)
def getCourseName(check):
global frame
global tfStudentCourseChoice
global value
value = check
frame = JFrame("Course Name ")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(500,250)
frame.setLocation(200,200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(500,250)
panel.setLocation(0,0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.LIGHT_GRAY)
heading = JLabel("Get Course Name")
heading.setBounds(200,30,150,40)
lbStudentCourseChoice = JLabel("Student course name")
tfStudentCourseChoice = JTextField()
lbStudentCourseChoice.setBounds(50,70,150,30)
tfStudentCourseChoice.setBounds(220,70,150,30)
btnEnter = JButton("Enter",actionPerformed=clickStudentCourseChoice)
btnCancel = JButton("Cancel",actionPerformed=clickBtnCancel)
btnEnter.setBounds(350,150,100,30)
btnCancel.setBounds(50,150,100,30)
panel.add(heading)
panel.add(lbStudentCourseChoice)
panel.add(tfStudentCourseChoice)
panel.add(btnEnter)
panel.add(btnCancel)
frame.add(panel)
def build(self):
self.label = JLabel("Cup")
self.label.setBounds(120, 10, 45, 15)
self.label2 = JLabel("KWh")
self.label2.setBounds(20, 10, 45, 15)
self.label3 = JLabel()
self.label3.setBounds(120, 30, 55, 15)
self.textfield = JTextField()
self.textfield.setBounds(15, 30, 75, 20)
self.textfield.addActionListener(lambda x: self.label3.setText(
str(calculate(self.textfield.getText()))))
button = JButton("Calcular")
button.setBounds(10, 55, 290, 35)
button.addActionListener(lambda x: self.label3.setText(
str(calculate(self.textfield.getText()))))
for var in [
self.label, self.label2, self.label3, self.textfield, button
]:
self.add(var)
def showAttendenceSheet():
global table
global heading
global frame
global panel
global btnSave
global btnCancel
frame = JFrame("Teacher Attendence Sheet ")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(500, 600)
frame.setLocation(200, 200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(500, 600)
panel.setLocation(0, 0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.WHITE)
heading = JLabel()
heading.setBounds(200, 10, 150, 30)
table = JTable()
table.setBounds(0, 50, 500, 450)
panel.add(table)
btnSave = JButton("Save", actionPerformed=clickSaveBtn)
btnCancel = JButton("Cancel", actionPerformed=clickCancelBtn)
btnSave.setBounds(350, 540, 100, 40)
btnCancel.setBounds(70, 540, 100, 40)
panel.add(heading)
panel.add(table)
panel.add(btnSave)
panel.add(btnCancel)
frame.add(panel)
def initUI(self):
panel = JPanel()
panel.setLayout(None)
panel.setToolTipText('A Panel container')
button = JButton('Click')
button.setBounds(120, 60, 100, 30)
button.setToolTipText('A button component')
panel.add(button)
qbutton = JButton('Quit', actionPerformed=self.onQuit)
qbutton.setBounds(10, 60, 80, 30)
panel.add(qbutton)
self.getContentPane().add(panel)
self.setTitle('Simple')
self.setSize(250, 200)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
class GUI(Helpers):
def gui(self):
x = 10 # panel padding
y = 5 # panel padding
self.panel = Panel()
self.panel.setLayout(None)
self.scn_lbl = JLabel("Enable scanning")
self.scn_lbl.setBounds(x, y, 100, 20)
self.panel.add(self.scn_lbl)
self.enable = JCheckBox()
self.enable.setBounds(x + 120, y, 50, 20)
self.panel.add(self.enable)
self.rand_lbl = JLabel("Randomize payloads")
self.rand_lbl.setBounds(x, y + 15, 100, 20)
self.panel.add(self.rand_lbl)
self.randomize = JCheckBox()
self.randomize.setBounds(x + 120, y + 15, 50, 20)
self.panel.add(self.randomize)
self.pyld_lbl = JLabel("Payloads List (Line separated)")
self.pyld_lbl.setBounds(x, y + 30, 180, 20)
self.panel.add(self.pyld_lbl)
self.payloads_list = JTextArea()
self.pyld_scrl = JScrollPane(self.payloads_list)
self.pyld_scrl.setBounds(x, y + 50, 600, 200)
self.panel.add(self.pyld_scrl)
self.save_btn = JButton("Save", actionPerformed=self.save_settings)
self.save_btn.setBounds(x, y + 250, 100, 30)
self.panel.add(self.save_btn)
# Settings loader from [utils/Helpers/load_settings]
self.load_settings()
return self
def initUI(self):
self.panel = JPanel(size=(50,50))
self.panel.setLayout(FlowLayout( ))
self.panel.setToolTipText("GPU Demo")
#TODO- change this so that it deletes itself when text is entered
self.textfield1 = JTextField('Smoothing Parameter',15)
self.panel.add(self.textfield1)
joclButton = JButton("JOCL",actionPerformed=self.onJocl)
joclButton.setBounds(100, 500, 100, 30)
joclButton.setToolTipText("JOCL Button")
self.panel.add(joclButton)
javaButton = JButton("Java",actionPerformed=self.onJava)
javaButton.setBounds(100, 500, 100, 30)
javaButton.setToolTipText("Java Button")
self.panel.add(javaButton)
qButton = JButton("Quit", actionPerformed=self.onQuit)
qButton.setBounds(200, 500, 80, 30)
qButton.setToolTipText("Quit Button")
self.panel.add(qButton)
newImage = ImageIO.read(io.File(getDataDir() + "input.png"))
resizedImage = newImage.getScaledInstance(600, 600,10)
newIcon = ImageIcon(resizedImage)
label1 = JLabel("Input Image",newIcon, JLabel.CENTER)
label1.setVerticalTextPosition(JLabel.TOP)
label1.setHorizontalTextPosition(JLabel.RIGHT)
label1.setSize(10,10)
label1.setBackground(Color.orange)
self.panel.add(label1)
self.getContentPane().add(self.panel)
self.clockLabel = JLabel()
self.clockLabel.setSize(1,1)
self.clockLabel.setBackground(Color.orange)
self.clockLabel.setVerticalTextPosition(JLabel.BOTTOM)
self.clockLabel.setHorizontalTextPosition(JLabel.LEFT)
myClockFont = Font("Serif", Font.PLAIN, 50)
self.clockLabel.setFont(myClockFont)
self.panel.add(self.clockLabel)
self.setTitle("Structure-oriented smoothing OpenCL Demo")
self.setSize(1200, 700)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def addDetails(self):
jf0 = JFrame()
jf0.setTitle("Add Issue");
jf0.setLayout(None);
txtEnterIssue = JTextField();
txtEnterIssue.setName("Enter Issue Name");
txtEnterIssue.setToolTipText("Enter Issue Name Here");
txtEnterIssue.setBounds(182, 58, 473, 40);
jf0.add(txtEnterIssue);
txtEnterIssue.setColumns(10);
btnNewButton = JButton("Add");
btnNewButton.setBounds(322, 178, 139, 41);
jf0.add(btnNewButton);
comboBox = JComboBox();
comboBox.setMaximumRowCount(20);
comboBox.setEditable(True);
comboBox.setToolTipText("Objective Name");
comboBox.setBounds(182, 125, 473, 40);
jf0.add(comboBox);
lblNewLabel = JLabel("Issue Name Here");
lblNewLabel.setFont(Font("Tahoma", Font.PLAIN, 16));
lblNewLabel.setBounds(25, 58, 130, 40);
jf0.add(lblNewLabel);
lblNewLabel_1 = JLabel("Objective Name");
lblNewLabel_1.setFont(Font("Tahoma", Font.PLAIN, 16));
lblNewLabel_1.setBounds(25, 125, 130, 40);
jf0.add(lblNewLabel_1);
jf0.setVisible(True)
jf0.setBounds(400, 300, 700, 300)
jf0.EXIT_ON_CLOSE
txtEnterIssue.addKeyListener(self)
def showStudentAttendenceSheetAdminLogined():
global table
global heading
global frame
global panel
global btnok
frame = JFrame("Student Attendence Sheet ")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(500, 600)
frame.setLocation(200, 200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(500, 600)
panel.setLocation(0, 0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.WHITE)
heading = JLabel("Student Attendence")
heading.setBounds(200, 10, 150, 30)
table = JTable()
table.setBounds(0, 50, 500, 450)
panel.add(table)
btnOk = JButton("Ok", actionPerformed=clickOk)
btnOk.setBounds(200, 540, 100, 40)
panel.add(heading)
panel.add(table)
panel.add(btnOk)
frame.add(panel)
def initUI(self):
panel = JPanel(size=(50,50))
panel.setLayout(BorderLayout( ))
panel.setToolTipText("A Panel container")
joclButton = JButton("JOCL", actionPerformed=self.onJOCL)
joclButton.setBounds(100, 500, 100, 30)
joclButton.setToolTipText("JOCL Button")
panel.add(joclButton)
qButton = JButton("Quit", actionPerformed=self.onQuit)
qButton.setBounds(200, 500, 80, 30)
qButton.setToolTipText("Quit Button")
panel.add(qButton)
newImage = ImageIO.read(io.File("input.png"))
resizedImage = newImage.getScaledInstance(500, 500,10)
newIcon = ImageIcon(resizedImage)
label1 = JLabel("Image and Text",newIcon, JLabel. CENTER)
label1.setVerticalTextPosition(JLabel.BOTTOM)
label1.setHorizontalTextPosition(JLabel.CENTER)
label1.setSize(10,10)
panel.add(label1)
self.getContentPane().add(panel)
self.setTitle("GPU Demo")
self.setSize(1200, 600)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def initUI(self):
panel = JPanel(size=(50,50))
panel.setLayout(BorderLayout( ))
panel.setToolTipText("A Panel container")
joclButton = JButton("JOCL")
joclButton.setBounds(100, 500, 100, 30)
joclButton.setToolTipText("JOCL Button")
panel.add(joclButton)
qButton = JButton("Quit", actionPerformed=self.onQuit)
qButton.setBounds(200, 500, 80, 30)
qButton.setToolTipText("Quit Button")
panel.add(qButton)
inputImage = ImageIcon("input.png")
#JLabel imageLabel = inputImage
label1 = JLabel(inputImage)
label1.setBounds(1, 1, inputImage.getIconWidth(), inputImage.getIconHeight())
#label1.setVerticalTextPosition(JLabel.BOTTOM)
#label1.setHorizontalTextPosition(JLabel.CENTER)
#label1.setSize(1,1)
panel.add(label1)
self.getContentPane().add(panel)
self.setTitle("GPU Demo")
self.setSize(1200, 600)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def initUI(self):
self.panel = JPanel(size=(50, 50))
self.panel.setLayout(FlowLayout())
self.panel.setToolTipText("GPU Demo")
self.textfield1 = JTextField('Smoothing Parameter', 15)
self.panel.add(self.textfield1)
joclButton = JButton("JOCL", actionPerformed=self.onJocl)
joclButton.setBounds(100, 500, 100, 30)
joclButton.setToolTipText("JOCL Button")
self.panel.add(joclButton)
javaButton = JButton("Java", actionPerformed=self.onJava)
javaButton.setBounds(100, 500, 100, 30)
javaButton.setToolTipText("Java Button")
self.panel.add(javaButton)
qButton = JButton("Quit", actionPerformed=self.onQuit)
qButton.setBounds(200, 500, 80, 30)
qButton.setToolTipText("Quit Button")
self.panel.add(qButton)
newImage = ImageIO.read(io.File("input.png"))
resizedImage = newImage.getScaledInstance(600, 600, 10)
newIcon = ImageIcon(resizedImage)
label1 = JLabel("Input Image", newIcon, JLabel.CENTER)
label1.setVerticalTextPosition(JLabel.TOP)
label1.setHorizontalTextPosition(JLabel.RIGHT)
label1.setSize(10, 10)
label1.setBackground(Color.orange)
self.panel.add(label1)
self.getContentPane().add(self.panel)
self.clockLabel = JLabel()
self.clockLabel.setSize(1, 1)
self.clockLabel.setBackground(Color.orange)
self.clockLabel.setVerticalTextPosition(JLabel.BOTTOM)
self.clockLabel.setHorizontalTextPosition(JLabel.LEFT)
myClockFont = Font("Serif", Font.PLAIN, 50)
self.clockLabel.setFont(myClockFont)
self.panel.add(self.clockLabel)
self.setTitle("GPU Demo")
self.setSize(1200, 600)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def initProjSettingsTab(self):
# init project settings
projNameLabel = JLabel("Name:")
projNameLabel.setBounds(10, 50, 140, 30)
self.projName = JTextField("")
self.projName.setBounds(140, 50, 320, 30)
self.projName.getDocument().addDocumentListener(projTextChanged(self))
detailsLabel = JLabel("Details:")
detailsLabel.setBounds(10, 120, 140, 30)
reportLabel = JLabel("Generate Report:")
reportLabel.setBounds(10, 375, 140, 30)
types = ["DOCX","HTML","XLSX"]
self.reportType = JComboBox(types)
self.reportType.setBounds(10, 400, 140, 30)
generateReportButton = JButton("Generate", actionPerformed=self.generateReport)
generateReportButton.setBounds(160, 400, 90, 30)
self.projDetails = JTextArea("", 5, 30)
self.projDetails.setWrapStyleWord(True);
self.projDetails.setLineWrap(True)
projDetailsScroll = JScrollPane(self.projDetails)
projDetailsScroll.setBounds(10, 150, 450, 175)
projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
projPathLabel = JLabel("Path:")
projPathLabel.setBounds(10, 90, 140, 30)
self.projPath = JTextField("")
self.projPath.setBounds(140, 90, 320, 30)
chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath)
chooseProjPathButton.setBounds(470, 90, 100, 30)
importProjButton = JButton("Import",actionPerformed=self.importProj)
importProjButton.setBounds(470, 10, 100, 30)
exportProjButton = JButton("Export",actionPerformed=self.exportProj)
exportProjButton.setBounds(575, 10, 100, 30)
openProjButton = JButton("Open Directory",actionPerformed=self.openProj)
openProjButton.setBounds(680, 10, 130, 30)
currentProjectLabel = JLabel("Current:")
currentProjectLabel.setBounds(10, 10, 140, 30)
projects = self.config.options('projects')
self.currentProject = JComboBox(projects)
self.currentProject.addActionListener(projectChangeHandler(self))
self.currentProject.setBounds(140, 10, 140, 30)
self.autoSave = JCheckBox("Auto Save Mode")
self.autoSave.setEnabled(False) # implement this feature
self.autoSave.setBounds(300, 10, 140, 30)
self.autoSave.setToolTipText("Will save any changed value while focus is out")
addProjButton = JButton("Add / Update",actionPerformed=self.addProj)
addProjButton.setBounds(10, 330, 150, 30)
removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj)
removeProjButton.setBounds(315, 330, 146, 30)
generalOptions = self.config.options('general')
if 'default project' in generalOptions:
defaultProj = self.config.get('general','default project')
self.currentProject.getModel().setSelectedItem(defaultProj)
self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem()))
self.clearProjTab = True
self.projectSettings = JPanel()
self.projectSettings.setBounds(0, 0, 1000, 1000)
self.projectSettings.setLayout(None)
self.projectSettings.add(reportLabel)
self.projectSettings.add(detailsLabel)
self.projectSettings.add(projPathLabel)
self.projectSettings.add(addProjButton)
self.projectSettings.add(openProjButton)
self.projectSettings.add(projNameLabel)
self.projectSettings.add(projDetailsScroll)
self.projectSettings.add(importProjButton)
self.projectSettings.add(exportProjButton)
self.projectSettings.add(removeProjButton)
self.projectSettings.add(generateReportButton)
self.projectSettings.add(chooseProjPathButton)
self.projectSettings.add(currentProjectLabel)
self.projectSettings.add(self.projPath)
self.projectSettings.add(self.autoSave)
self.projectSettings.add(self.projName)
self.projectSettings.add(self.reportType)
self.projectSettings.add(self.currentProject)
def initUI(self):
self.panel = JPanel()
self.panel.setLayout(GridLayout(6, 3))
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
labelVacio1 = JLabel(' ')
labelVacio2 = JLabel(' ')
labelVacio3 = JLabel(' ')
labelVacio4 = JLabel(' ')
labelVacio5 = JLabel(' ')
labelVacio6 = JLabel(' ')
labelVacio7 = JLabel(' ')
labelVacio8 = JLabel(' ')
labelVacio9 = JLabel(' ')
labelVacio10 = JLabel(' ')
labelVacio11 = JLabel(' ')
labelVacio12 = JLabel(' ')
labelVacio13 = JLabel(' ')
labelVacio14 = JLabel(' ')
labelVacio15 = JLabel(' ')
labelVacio16 = JLabel(' ')
labelURL = JLabel(' Introduzca las URL que desee analizar:')
chkboxSync = JCheckBox('Sincronizacion de cookies')
self.textfieldURL = JTextField(15)
chkboxResp = JCheckBox('Restauracion de cookies')
labelFichero = JLabel(' O seleccione un fichero que las contenga:')
self.area = JTextArea()
pane = JScrollPane()
pane.getViewport().add(self.area)
panelFichero = JPanel()
panelFichero.setLayout(None)
buttonFichero = JButton("Seleccionar fichero",
actionPerformed=self.open)
buttonFichero.setBounds(10, 0, 200, 25)
panelFichero.add(buttonFichero)
buttonEjecutar = JButton("Ejecutar", actionPerformed=self.ejecutar)
buttonEjecutar.setFont(Font("Tahoma", Font.BOLD, 24))
self.panel.add(labelURL)
self.panel.add(labelVacio4)
self.panel.add(chkboxSync)
self.panel.add(self.textfieldURL)
self.panel.add(labelVacio6)
self.panel.add(chkboxResp)
self.panel.add(labelFichero)
self.panel.add(labelVacio9)
self.panel.add(labelVacio10)
self.panel.add(pane)
self.panel.add(panelFichero)
#self.panel.add(buttonFichero)
self.panel.add(labelVacio11)
self.panel.add(labelVacio12)
self.panel.add(labelVacio13)
self.panel.add(labelVacio14)
self.panel.add(labelVacio15)
self.panel.add(buttonEjecutar)
self.panel.add(labelVacio16)
self.add(self.panel)
self.setTitle(
"HERRAMIENTA PARA LA DETECCION DE TECNICAS DE SEGUIMIENTO DE USUARIOS EN LA WEB"
)
self.setSize(1000, 450)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def registerExtenderCallbacks(self, callbacks):
# smart xss feature (print conclusion and observation)
# mark resulsts
# add automatic check pages in the same domain
self.tagPayloads = [
"<b>test", "<b onmouseover=test()>test",
"<img src=err onerror=test()>", "<script>test</script>"
"", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>",
"<scri<script>pt>test;</scr</script>ipt>",
"<SCRI<script>PT>test;</SCR</script>IPT>",
"<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>",
"<IMG \"\"\"><SCRIPT>test</SCRIPT>\">",
"<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>",
"<IFRAME SRC='f' onerror=\"test\"></IFRAME>",
"<IFRAME SRC='f' onerror='test'></IFRAME>",
"<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">",
"<img src='1' onerror='test'",
"<STYLE TYPE=\"text/javascript\">test;</STYLE>",
"<<SCRIPT>test//<</SCRIPT>"
]
self.attributePayloads = [
"\"\"\"><SCRIPT>test", "'''><SCRIPT>test'",
"\"><script>test</script>", "\"><script>test</script><\"",
"'><script>test</script>", "'><script>test</script><'",
"\";test;\"", "';test;'", ";test;", "\";test;//",
"\"onmouseover=test ", "onerror=\"test\"", "onerror='test'",
"onload=\"test\"", "onload='test'"
]
self.xssKey = 'xssme'
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("XSSor")
self.affectedResponses = ArrayList()
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
clearAPListBtn = JButton("Clear List",
actionPerformed=self.clearAPList)
clearAPListBtn.setBounds(10, 85, 120, 30)
apListLabel = JLabel('Affected Pages List:')
apListLabel.setBounds(10, 10, 140, 30)
self.affectedModel = DefaultListModel()
self.affectedList = JList(self.affectedModel)
self.affectedList.addListSelectionListener(listSelectedChange(self))
scrollAList = JScrollPane(self.affectedList)
scrollAList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollAList.setBounds(150, 10, 550, 200)
scrollAList.setBorder(LineBorder(Color.BLACK))
APtabs = JTabbedPane()
self._requestAPViewer = callbacks.createMessageEditor(self, False)
self._responseAPViewer = callbacks.createMessageEditor(self, False)
APtabs.addTab("Request", self._requestAPViewer.getComponent())
APtabs.addTab("Affeced Page Response",
self._responseAPViewer.getComponent())
APtabs.setBounds(0, 250, 700, 350)
APtabs.setSelectedIndex(1)
self.APpnl = JPanel()
self.APpnl.setBounds(0, 0, 1000, 1000)
self.APpnl.setLayout(None)
self.APpnl.add(scrollAList)
self.APpnl.add(clearAPListBtn)
self.APpnl.add(APtabs)
self.APpnl.add(apListLabel)
tabs.addTab("Affected Pages", self.APpnl)
self.intercept = 0
## init conf panel
startLabel = JLabel("Plugin status:")
startLabel.setBounds(10, 10, 140, 30)
payloadLabel = JLabel("Basic Payload:")
payloadLabel.setBounds(10, 50, 140, 30)
self.basicPayload = "<script>alert(1)</script>"
self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30)
self.basicPayloadTxt.setBounds(120, 50, 305, 30)
self.bruteForceMode = JCheckBox("Brute Force Mode")
self.bruteForceMode.setBounds(120, 80, 300, 30)
self.bruteForceMode.addItemListener(handleBFModeChange(self))
self.tagPayloadsCheck = JCheckBox("Tag paylods")
self.tagPayloadsCheck.setBounds(120, 100, 300, 30)
self.tagPayloadsCheck.setSelected(True)
self.tagPayloadsCheck.setEnabled(False)
self.tagPayloadsCheck.addItemListener(handleBFModeList(self))
self.attributePayloadsCheck = JCheckBox("Attribute payloads")
self.attributePayloadsCheck.setBounds(260, 100, 300, 30)
self.attributePayloadsCheck.setSelected(True)
self.attributePayloadsCheck.setEnabled(False)
self.attributePayloadsCheck.addItemListener(handleBFModeList(self))
payloadListLabel = JLabel("Payloads list (for BF mode):")
payloadListLabel.setBounds(10, 130, 140, 30)
self.payloadsModel = DefaultListModel()
self.payloadsList = JList(self.payloadsModel)
scrollPayloadsList = JScrollPane(self.payloadsList)
scrollPayloadsList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollPayloadsList.setBounds(120, 170, 300, 200)
scrollPayloadsList.setBorder(LineBorder(
Color.BLACK)) # add buttons to remove payloads and add
for payload in self.tagPayloads:
self.payloadsModel.addElement(payload)
for payload in self.attributePayloads:
self.payloadsModel.addElement(payload)
self.startButton = JButton("XSSor is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(120, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
consoleTab = JTabbedPane()
self.consoleLog = JTextArea("", 5, 30)
scrollLog = JScrollPane(self.consoleLog)
scrollLog.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollLog.setBounds(120, 170, 550, 200)
scrollLog.setBorder(LineBorder(Color.BLACK))
scrollLog.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
consoleTab.addTab("Console", scrollLog)
consoleTab.setBounds(0, 400, 500, 200)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(startLabel)
self.pnl.add(payloadLabel)
self.pnl.add(self.basicPayloadTxt)
self.pnl.add(self.bruteForceMode)
self.pnl.add(payloadListLabel)
self.pnl.add(scrollPayloadsList)
self.pnl.add(self.attributePayloadsCheck)
self.pnl.add(self.tagPayloadsCheck)
self.pnl.add(consoleTab)
tabs.addTab("Configuration", self.pnl)
tabs.setSelectedIndex(3)
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
print "Thank you for installing XSSor v0.1 extension"
print "Created by Barak Tawily"
print "\nGithub:\nhttps://github.com/Quitten/XSSor"
return
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# smart xss feature (print conclusion and observation)
# mark resulsts
# add automatic check pages in the same domain
self.tagPayloads = [
"<b>test", "<b onmouseover=test()>test",
"<img src=err onerror=test()>", "<script>test</script>"
"", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>",
"<scri<script>pt>test;</scr</script>ipt>",
"<SCRI<script>PT>test;</SCR</script>IPT>",
"<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>",
"<IMG \"\"\"><SCRIPT>test</SCRIPT>\">",
"<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>",
"<IFRAME SRC='f' onerror=\"test\"></IFRAME>",
"<IFRAME SRC='f' onerror='test'></IFRAME>",
"<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">",
"<img src='1' onerror='test'",
"<STYLE TYPE=\"text/javascript\">test;</STYLE>",
"<<SCRIPT>test//<</SCRIPT>"
]
self.attributePayloads = [
"\"\"\"><SCRIPT>test", "'''><SCRIPT>test'",
"\"><script>test</script>", "\"><script>test</script><\"",
"'><script>test</script>", "'><script>test</script><'",
"\";test;\"", "';test;'", ";test;", "\";test;//",
"\"onmouseover=test ", "onerror=\"test\"", "onerror='test'",
"onload=\"test\"", "onload='test'"
]
self.xssKey = 'xssme'
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("XSSor")
self.affectedResponses = ArrayList()
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
clearAPListBtn = JButton("Clear List",
actionPerformed=self.clearAPList)
clearAPListBtn.setBounds(10, 85, 120, 30)
apListLabel = JLabel('Affected Pages List:')
apListLabel.setBounds(10, 10, 140, 30)
self.affectedModel = DefaultListModel()
self.affectedList = JList(self.affectedModel)
self.affectedList.addListSelectionListener(listSelectedChange(self))
scrollAList = JScrollPane(self.affectedList)
scrollAList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollAList.setBounds(150, 10, 550, 200)
scrollAList.setBorder(LineBorder(Color.BLACK))
APtabs = JTabbedPane()
self._requestAPViewer = callbacks.createMessageEditor(self, False)
self._responseAPViewer = callbacks.createMessageEditor(self, False)
APtabs.addTab("Request", self._requestAPViewer.getComponent())
APtabs.addTab("Affeced Page Response",
self._responseAPViewer.getComponent())
APtabs.setBounds(0, 250, 700, 350)
APtabs.setSelectedIndex(1)
self.APpnl = JPanel()
self.APpnl.setBounds(0, 0, 1000, 1000)
self.APpnl.setLayout(None)
self.APpnl.add(scrollAList)
self.APpnl.add(clearAPListBtn)
self.APpnl.add(APtabs)
self.APpnl.add(apListLabel)
tabs.addTab("Affected Pages", self.APpnl)
self.intercept = 0
## init conf panel
startLabel = JLabel("Plugin status:")
startLabel.setBounds(10, 10, 140, 30)
payloadLabel = JLabel("Basic Payload:")
payloadLabel.setBounds(10, 50, 140, 30)
self.basicPayload = "<script>alert(1)</script>"
self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30)
self.basicPayloadTxt.setBounds(120, 50, 305, 30)
self.bruteForceMode = JCheckBox("Brute Force Mode")
self.bruteForceMode.setBounds(120, 80, 300, 30)
self.bruteForceMode.addItemListener(handleBFModeChange(self))
self.tagPayloadsCheck = JCheckBox("Tag paylods")
self.tagPayloadsCheck.setBounds(120, 100, 300, 30)
self.tagPayloadsCheck.setSelected(True)
self.tagPayloadsCheck.setEnabled(False)
self.tagPayloadsCheck.addItemListener(handleBFModeList(self))
self.attributePayloadsCheck = JCheckBox("Attribute payloads")
self.attributePayloadsCheck.setBounds(260, 100, 300, 30)
self.attributePayloadsCheck.setSelected(True)
self.attributePayloadsCheck.setEnabled(False)
self.attributePayloadsCheck.addItemListener(handleBFModeList(self))
payloadListLabel = JLabel("Payloads list (for BF mode):")
payloadListLabel.setBounds(10, 130, 140, 30)
self.payloadsModel = DefaultListModel()
self.payloadsList = JList(self.payloadsModel)
scrollPayloadsList = JScrollPane(self.payloadsList)
scrollPayloadsList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollPayloadsList.setBounds(120, 170, 300, 200)
scrollPayloadsList.setBorder(LineBorder(
Color.BLACK)) # add buttons to remove payloads and add
for payload in self.tagPayloads:
self.payloadsModel.addElement(payload)
for payload in self.attributePayloads:
self.payloadsModel.addElement(payload)
self.startButton = JButton("XSSor is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(120, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
consoleTab = JTabbedPane()
self.consoleLog = JTextArea("", 5, 30)
scrollLog = JScrollPane(self.consoleLog)
scrollLog.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollLog.setBounds(120, 170, 550, 200)
scrollLog.setBorder(LineBorder(Color.BLACK))
scrollLog.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
consoleTab.addTab("Console", scrollLog)
consoleTab.setBounds(0, 400, 500, 200)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(startLabel)
self.pnl.add(payloadLabel)
self.pnl.add(self.basicPayloadTxt)
self.pnl.add(self.bruteForceMode)
self.pnl.add(payloadListLabel)
self.pnl.add(scrollPayloadsList)
self.pnl.add(self.attributePayloadsCheck)
self.pnl.add(self.tagPayloadsCheck)
self.pnl.add(consoleTab)
tabs.addTab("Configuration", self.pnl)
tabs.setSelectedIndex(3)
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
print "Thank you for installing XSSor v0.1 extension"
print "Created by Barak Tawily"
print "\nGithub:\nhttps://github.com/Quitten/XSSor"
return
#
# implement ITab
#
def getTabCaption(self):
return "XSSor"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if self.intercept == 1:
if toolFlag == 4:
# only process requests
if not messageIsRequest:
self.checkForKey(messageInfo)
return
def printLog(self, message):
self.consoleLog.setText(self.consoleLog.getText() + '\r\n' + message)
def checkXSS(self, messageInfo, urlStr, requestBody, currentPayload):
self.printLog('trying exploit with the payload: ' + currentPayload)
requestURL = URL(urlStr.replace(self.xssKey, currentPayload))
requestBody = requestBody.replace(self.xssKey,
urllib.pathname2url(currentPayload))
httpService = self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https")
response = self._callbacks.makeHttpRequest(httpService, requestBody)
responseInfo = self._helpers.analyzeResponse(response.getResponse())
analyzedResponse = self._helpers.bytesToString(response.getResponse(
)) # change body offeset + make ui for affeccted pages
responseBody = analyzedResponse.encode('utf-8')
vulnOrNot = 'no'
if currentPayload in responseBody:
self.printLog('payload: ' + currentPayload +
' found to be vulnarble')
vulnOrNot = 'yes'
# mark the payload
if not len(self.affectedResponses) == 0:
for request in self.affectedResponses: # bug in case of no response in messageinfo
self.printLog('checking affeccted page' +
str(request.getUrl()))
requestURL = request.getUrl()
httpService = self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https")
affectedPageResponse = self._callbacks.makeHttpRequest(
httpService, request.getRequest())
analyzedResponse = self._helpers.bytesToString(
affectedPageResponse.getResponse())
responseBody = analyzedResponse.encode('utf-8')
if currentPayload in responseBody:
vulnOrNot = 'yes, affected page'
self.printLog('affeccted page has been found as vulnerable')
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(
self._helpers.analyzeRequest(response).getUrl(),
self._callbacks.saveBuffersToTempFiles(response),
currentPayload, vulnOrNot))
self.fireTableRowsInserted(row, row)
self._lock.release()
def checkForKey(self, messageInfo):
currentPayload = self.tagPayloads[0]
requestInfo = self._helpers.analyzeRequest(messageInfo)
requestHeaders = list(requestInfo.getHeaders())
requestURL = requestInfo.getUrl()
urlStr = str(requestURL)
self.printLog('checking for xss key in URL: ' + urlStr)
requestBody = self._helpers.bytesToString(messageInfo.getRequest())
requestBody = re.sub(
'Referer:.*\n', '', requestBody, flags=re.MULTILINE,
count=1) # workaround avoid xsskey in the referer newHeaders
if self.xssKey in urlStr or self.xssKey in requestBody:
self.printLog('xss key has been found')
if self.bruteForceMode.isSelected():
for i in range(0, self.payloadsModel.getSize()):
payload = self.payloadsModel.getElementAt(i)
self.checkXSS(messageInfo, urlStr, requestBody, payload)
else:
self.checkXSS(messageInfo, urlStr, requestBody,
self.basicPayloadTxt.getText())
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "URL"
if columnIndex == 1:
return "Payload"
if columnIndex == 2:
return "Vulnerable?"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
# return self._callbacks.getToolName(logEntry._tool)
return logEntry._url.toString()
if columnIndex == 1:
return logEntry._payload
if columnIndex == 2:
return logEntry._vulnOrNot
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def startOrStop(self, event):
if self.startButton.getText() == "XSSor is off":
self.startButton.setText("XSSor is on")
self.startButton.setBackground(Color.GREEN)
self.printLog('on, waiting for key word to be found (' +
self.xssKey + ')')
self.intercept = 1
else:
self.startButton.setText("XSSor is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
def clearAPList(self, event):
self.affectedModel.clear()
self.affectedResponses = ArrayList()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
affectedMenuItem = JMenuItem("XSSor: Add affected page")
affectedMenuItem.addActionListener(
handleMenuItems(self, responses[0], "affected"))
ret.add(affectedMenuItem)
return (ret)
return null
def addAfectedPage(self, messageInfo):
self.affectedModel.addElement(
str(self._helpers.analyzeRequest(messageInfo).getUrl()))
self.affectedResponses.add(messageInfo)
class TicTacToeGame(WindowAdapter):
# Tic Tac Toe game with Mario and Dizzy animated icons/music.
# Computer plays with Mario and player plays with Dizzy.
# game title
game_title = "Tic Tac Toe: You vs Mario"
# welcome status message.
welcome_status = "Welcome! Please make your first move."
# in-game status message.
in_game_status = "Mario chases You! Hurry up!"
# board 3x3 with the default color - white
board = [[' ', ' ', ' '], [' ', ' ', ' '], [' ', ' ', ' ']]
# total number of cells
size = len(board) * len(board)
# size of cell
tile_size = 128
# status bar height
status_bar_height = 50
# status bar top margin
status_bar_margin_top = -15
# status bar left margin
status_bar_margin_left = 10
# number of cells in a row/column
cells = 3
# winner
winner = None
# Mario image
mario = '/MARIO_128x128.gif'
# Dizzy image
dizzy = None
# Blank
blank = '/BLANK.gif'
# supported musice sounds
sounds = ['/DIZZY.wav', '/MARIO.wav']
# currently played sound
sound = None
# last chosen sound
last_sound = 0
# won sound
won_sound = '/WON.wav'
# lose sound
lose_sound = '/LOSE.wav'
# tie sound
tie_sound = '/TIE.wav'
# action sound
action_sound = '/ACTION.wav'
def __init__(self, resources_directory):
# Game constructor.
#
# Parameters:
# resources_directory Directory to look for images and audio files.
is_windows = platform.platform().lower().find('win') > 0
self.main_window_padding_right = 20 if is_windows else 0
self.main_window_padding_bottom = 40 if is_windows else 0
self.resources_directory = resources_directory
self.button1 = JButton("", actionPerformed=self.clicked1)
self.button2 = JButton("", actionPerformed=self.clicked2)
self.button3 = JButton("", actionPerformed=self.clicked3)
self.button4 = JButton("", actionPerformed=self.clicked4)
self.button5 = JButton("", actionPerformed=self.clicked5)
self.button6 = JButton("", actionPerformed=self.clicked6)
self.button7 = JButton("", actionPerformed=self.clicked7)
self.button8 = JButton("", actionPerformed=self.clicked8)
self.button9 = JButton("", actionPerformed=self.clicked9)
image_size = self.tile_size
self.button1.setBounds(0 * image_size, 0 * image_size, image_size,
image_size)
self.button2.setBounds(1 * image_size, 0 * image_size, image_size,
image_size)
self.button3.setBounds(2 * image_size, 0 * image_size, image_size,
image_size)
self.button4.setBounds(0 * image_size, 1 * image_size, image_size,
image_size)
self.button5.setBounds(1 * image_size, 1 * image_size, image_size,
image_size)
self.button6.setBounds(2 * image_size, 1 * image_size, image_size,
image_size)
self.button7.setBounds(0 * image_size, 2 * image_size, image_size,
image_size)
self.button8.setBounds(1 * image_size, 2 * image_size, image_size,
image_size)
self.button9.setBounds(2 * image_size, 2 * image_size, image_size,
image_size)
self.buttons = [
self.button1, self.button2, self.button3, self.button4,
self.button5, self.button6, self.button7, self.button8,
self.button9
]
self.buttons_mapped = [[self.button1, self.button2, self.button3],
[self.button4, self.button5, self.button6],
[self.button7, self.button8, self.button9]]
width = self.tile_size * self.cells
height = width
self.frame = JFrame(self.game_title,
size=(width, height + self.status_bar_height))
self.frame.setLocation(200, 100)
self.frame.setLayout(None)
for button in self.buttons:
self.frame.add(button)
self.status_label = JLabel("")
self.status_label.setBounds(self.status_bar_margin_left,
height + self.status_bar_margin_top, width,
self.status_bar_height)
self.frame.add(self.status_label)
self.frame.setVisible(True)
self.frame.addWindowListener(self)
random.shuffle(self.sounds)
self.restart()
# Restarts the game.
def restart(self):
self.dizzy = None
self.dizzy = self.choosePlayer()
self.winner = None
self.board = [[' ', ' ', ' '], [' ', ' ', ' '], [' ', ' ', ' ']]
for button in self.buttons:
button.setIcon(ImageIcon(self.resources_directory + self.blank))
self.stop_playing_background()
self.sound = self.play_sound_safe(self.sounds[self.last_sound])
self.last_sound = self.last_sound + 1
if self.last_sound >= len(self.sounds):
self.last_sound = 0
self.status_label.setText(self.welcome_status)
# Stops playing any background music, if any playing now.
def stop_playing_background(self):
if self.sound != None:
self.sound.stopPlaying()
self.sound = None
def set_dizzy(self, button):
# Draws Dizzy in a given button, sets game status to "Playing" and
# plays action sound.
#
# Parameters:
# button to set Dizzy icon to.
button.setIcon(ImageIcon(self.resources_directory + self.dizzy))
self.status_label.setText(self.in_game_status)
self.play_sound_safe(self.action_sound)
def set_mario(self, button):
# Draws Mario in a given button.
#
# Parameters:
# button to set Mario icon to.
button.setIcon(ImageIcon(self.resources_directory + self.mario))
def clicked1(self, event):
# Event listener method for the button of the game at 0x0.
#
# Parameters:
# event Click event.
if self.board[0][0] != ' ':
return
self.board[0][0] = 'X'
self.set_dizzy(self.button1)
self.computer_move()
def clicked2(self, event):
# Event listener method for the button of the game at 0x1.
#
# Parameters:
# event Click event.
if self.board[0][1] != ' ':
return
self.board[0][1] = 'X'
self.set_dizzy(self.button2)
self.computer_move()
def clicked3(self, event):
# Event listener method for the button of the game at 0x2.
#
# Parameters:
# event Click event.
if self.board[0][2] != ' ':
return
self.board[0][2] = 'X'
self.set_dizzy(self.button3)
self.computer_move()
def clicked4(self, event):
# Event listener method for the button of the game at 1x0.
#
# Parameters:
# event Click event.
if self.board[1][0] != ' ':
return
self.board[1][0] = 'X'
self.set_dizzy(self.button4)
self.computer_move()
def clicked5(self, event):
# Event listener method for the button of the game at 1x1.
#
# Parameters:
# event Click event.
if self.board[1][1] != ' ':
return
self.board[1][1] = 'X'
self.set_dizzy(self.button5)
self.computer_move()
def clicked6(self, event):
# Event listener method for the button of the game at 1x2.
#
# Parameters:
# event Click event.
if self.board[1][2] != ' ':
return
self.board[1][2] = 'X'
self.set_dizzy(self.button6)
self.computer_move()
def clicked7(self, event):
# Event listener method for the button of the game at 2x0.
#
# Parameters:
# event Click event.
if self.board[2][0] != ' ':
return
self.board[2][0] = 'X'
self.set_dizzy(self.button7)
self.computer_move()
def clicked8(self, event):
# Event listener method for the button of the game at 2x1.
# Parameters:
# event Click event.
if self.board[2][1] != ' ':
return
self.board[2][1] = 'X'
self.set_dizzy(self.button8)
self.computer_move()
def clicked9(self, event):
# Event listener method for the button of the game at 2x2.
#
# Parameters:
# event Click event.
if self.board[2][2] != ' ':
return
self.board[2][2] = 'X'
self.set_dizzy(self.button9)
self.computer_move()
# Makes the next move on the board on behalf of the computer.
def computer_move(self):
# first move optimization - always start in the middle if possible
if self.board[1][1] == ' ':
self.board[1][1] = '0'
self.set_mario(self.buttons_mapped[1][1])
self.test_state()
return
while self.has_empty_cell():
y = random.randint(0, self.cells - 1)
x = random.randint(0, self.cells - 1)
if self.board[y][x] == ' ':
self.board[y][x] = '0'
self.set_mario(self.buttons_mapped[y][x])
break
self.test_state()
def test_state(self):
# Tests the board for a winning state.
# If there is a winner then stops currently playing
# background sound, creates winning label, plays result
# sound and notifies/asks the user about continuation.
if self.is_any_line_filled('X'):
self.winner = self.dizzy # dizzy
elif self.is_any_line_filled('0'):
self.winner = self.mario # mario
elif not self.has_empty_cell():
self.winner = self.blank # tie
if self.winner:
label = 'Tie.'
self.stop_playing_background()
if self.winner == self.mario:
label = 'You lose!'
self.play_sound_safe(self.lose_sound)
elif self.winner == self.dizzy:
label = 'You won!'
self.play_sound_safe(self.won_sound)
else:
self.play_sound_safe(self.tie_sound)
self.notify_and_ask_about_continuation(label)
def notify_and_ask_about_continuation(self, label):
# Shows modal window with the result of the game and asks the use whether they want to
# continue the game.
# If user answers "Y" or "y" restarts the game.
# If user answers "N" or "n" closes the game window and frees the resources.
# Parameters:
# label Game result label.
answer = None
self.status_label.setText(label)
while True:
answer = str(
requestString(label + "\r\n" +
"Do you want to play again? (Y/N)"))
if answer.lower() == "y":
self.restart()
break
elif answer.lower() == "n":
self.windowClosing(None)
break
def is_any_line_filled(self, character):
# Checks the winning condition for the given character 'X' or '0'.
#
# Returns:
# Whether the given character 'X' or '0' has a winning line filled.
is_row = self.is_row_filled(character)
is_col = self.is_col_filled(character)
is_d1 = self.is_diag_filled1(character)
is_d2 = self.is_diag_filled2(character)
return is_row or is_col or is_d1 or is_d2
def has_empty_cell(self):
#Checks if the game board contains an empty cell for the next move.
#
#Returns:
# Whether there is an empty cell on the board.
for row in range(len(self.board)):
for col in range(len(self.board)):
if self.board[row][col] == ' ':
return True
return False
def is_row_filled(self, color):
# Check row win condition.
#
# Parameters:
# color (string) - color to check if the whole row of the same color
# Returns:
# True (boolean) - if the whole row of the same color
# False (boolean) - if the row is not of the same color
for row in range(len(self.board)):
count = 0
for col in range(len(self.board)):
if self.board[row][col] == color:
count = count + 1
if count == self.cells:
return True
return False
def is_col_filled(self, color):
#Check column win condition.
#
# Parameters:
# color (string) - color to check if the whole column of the same color
# Returns:
# True (boolean) - if the whole column of the same color
# False (boolean) - if the column is not of the same color
for col in range(len(self.board)):
count = 0
for row in range(len(self.board)):
if self.board[row][col] == color:
count = count + 1
if count == self.cells:
return True
return False
def is_diag_filled1(self, color):
# Checks first diagonal win condition.
#
# Parameters:
# color (string) - color to check if the whole diagonal of the same color
# Returns:
# True (boolean) - if the whole diagonal of the same color
# False (boolean) - if the diagonal is not of the same color
count = 0
for idx in range(len(self.board)):
if self.board[idx][idx] == color:
count = count + 1
return count == self.cells
def is_diag_filled2(self, color):
# Checks second diagonal win condition.
#
# Parameters:
# color (string) - color to check if the whole diagonal of the same color
# Returns:
# True (boolean) - if the whole diagonal of the same color
# False (boolean) - if the diagonal is not of the same color
count = 0
for idx in range(len(self.board)):
if self.board[idx][self.cells - 1 - idx] == color:
count = count + 1
return count == self.cells
def play_sound_safe(self, sound):
# Method tries to play given sound catching possible exceptions.
# For example, if the sound wasn't found in resource directory
#
# Parameters:
# sound string with a file of a sound with leading slash '/'.
# Returns:
# Created Sound object fromo makeSound.
snd = None
try:
snd = makeSound(self.resources_directory + sound)
play(snd)
except:
showError("Error while playing sound " + str(sound) + ".")
return snd
def windowClosing(self, event):
# Method is invoked when a user closes game window or finishes playing.
# It is the implementation of WindowAdapter interface.
#
# Parameters: final event from Swing/AWT
self.stop_playing_background()
self.buttons = []
self.buttons_mapped = []
self.button1 = None
self.button2 = None
self.button3 = None
self.button4 = None
self.button5 = None
self.button6 = None
self.button7 = None
self.button8 = None
self.button9 = None
self.status_label = None
self.frame.getContentPane().removeAll()
self.frame.dispose()
self.frame = None
def choosePlayer(self):
while true:
select = requestString(
"You are against Mario. Choose Your Character: penguin chrome fox fish bird charizard sonic "
)
selection = select.lower()
if selection == "penguin":
return rpenguin
break
if selection == "chrome":
return rchrome
break
if selection == "fox":
return rfox
break
if selection == "fish":
return rfish
break
if selection == "bird":
return rbird
break
if selection == "charizard":
return rcharizard
break
if selection == "sonic":
return rsonic
break
def createStudentFeeForm(stFeeObj):
global tfStudentId
global tfStudentName
global tfTotalAmount
global tfPaidAmount
global tfRemainingAmount
global frame
frame = JFrame("Student Fee Form ")
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
frame.setSize(500,500)
frame.setLocation(200,200)
frame.setLayout(None)
frame.setVisible(True)
panel = JPanel()
panel.setSize(500,500)
panel.setLocation(0,0)
panel.setLayout(None)
panel.setVisible(True)
panel.setBackground(Color.LIGHT_GRAY)
heading = JLabel("STUDENT FEE")
heading.setBounds(200,30,150,40)
lbStudentId = JLabel(" Student id")
lbStudentName = JLabel(" student name")
lbTotalAmount = JLabel("Total Amount ")
lbPaidAmount = JLabel("Paid Amount")
lbRemainingAmount = JLabel("Remaining amount")
studentId =getattr(stFeeObj,'studentId')
studentName =getattr(stFeeObj,'studentName')
totalAmount =getattr(stFeeObj,'totalAmount')
paidAmount =getattr(stFeeObj,'paidAmount')
remainingAmount =getattr(stFeeObj,'remainingAmount')
tfStudentId = JTextField(str(studentId))
tfStudentName = JTextField(str(studentName))
tfTotalAmount = JTextField(str(totalAmount))
tfPaidAmount = JTextField(str(paidAmount))
tfRemainingAmount = JTextField(str(remainingAmount))
tfStudentId.setEditable(False)
tfStudentName.setEditable(False)
tfTotalAmount.setEditable(False)
tfRemainingAmount.setEditable(False)
lbStudentId.setBounds(70,100,130,30)
lbStudentName.setBounds(70,150,130,30)
lbTotalAmount.setBounds(70,200,130,30)
lbPaidAmount.setBounds(70,250,130,30)
lbRemainingAmount.setBounds(70,300,130,30)
tfStudentId.setBounds(220,100,130,30)
tfStudentName.setBounds(220,150,130,30)
tfTotalAmount.setBounds(220,200,130,30)
tfPaidAmount.setBounds(220,250,130,30)
tfRemainingAmount.setBounds(220,300,130,30)
btnPay = JButton("Paid",actionPerformed=clickPay)
btnPay.setBounds(350,410,100,40)
btnCancel = JButton("Cancel",actionPerformed=clickbtnCancelForm)
btnCancel.setBounds(50,410,100,40)
panel.add(heading)
panel.add(lbStudentId)
panel.add(lbStudentName)
panel.add(lbTotalAmount)
panel.add(lbPaidAmount)
panel.add(lbRemainingAmount)
panel.add(tfStudentId)
panel.add(tfStudentName)
panel.add(tfTotalAmount)
panel.add(tfPaidAmount)
panel.add(tfRemainingAmount)
panel.add(btnPay)
panel.add(btnCancel)
frame.add(panel)
class BurpExtender(IBurpExtender, ITab, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("burp-sensitive-param-extractor")
self._stdout = PrintWriter(callbacks.getStdout(), True)
callbacks.registerHttpListener(self)
#callbacks.registerMessageEditorTabFactory(self)
print 'burp-sensitive-param-extractor loaded.\nAuthor:LSA\nhttps://github.com/theLSA/burp-sensitive-param-extractor'
self.sensitiveParamR = getParamRegular()
self._callbacks.customizeUiComponent(self.getUiComponent())
self._callbacks.addSuiteTab(self)
#self.endColors = []
self.requestParamDict = {}
self.resultSensitiveParamsDict = {}
def getTabCaption(self):
return 'BSPE'
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if messageIsRequest and toolFlag == 4:
self.requestParamDict['urlParams'] = []
self.requestParamDict['BodyParams'] = []
self.requestParamDict['cookieParams'] = []
self.requestParamDict['jsonParams'] = []
cookieParamFlag = 0
service = messageInfo.getHttpService()
request = messageInfo.getRequest()
analyzeReq = self._helpers.analyzeRequest(service, request)
reqUrl = self._helpers.analyzeRequest(messageInfo).getUrl()
reqMethod = self._helpers.analyzeRequest(messageInfo).getMethod()
reqParams = analyzeReq.getParameters()
for param in reqParams:
paramType = param.getType()
if paramType == 0:
#self.outputTxtArea.append("\nurlParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'urlParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]" % paramName)
self.requestParamDict['urlParams'].append(
paramName.strip())
if paramType == 1:
#self.outputTxtArea.append("\nBodyParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'BodyParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]\n" % paramName)
self.requestParamDict['BodyParams'].append(
paramName.strip())
if paramType == 2:
#self.outputTxtArea.append("\ncookieParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'CookieParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]\n" % paramName)
self.requestParamDict['cookieParams'].append(
paramName.strip())
cookieParamFlag = 1
if paramType == 6:
#self.outputTxtArea.append("\njsonParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'JsonParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]\n" % paramName)
self.requestParamDict['jsonParams'].append(
paramName.strip())
self.resultSensitiveParamsDict = self.findSensitiveParam(
self.requestParamDict)
#print self.resultSensitiveParamsDict
for rspdKey in self.resultSensitiveParamsDict.keys():
if self.resultSensitiveParamsDict[rspdKey] != []:
print "[%s][%s]" % (reqMethod, reqUrl)
self.outputTxtArea.append(
"\n------------------------------------------------------\n"
)
self.outputTxtArea.append("[%s][%s]\n" %
(reqMethod, reqUrl))
break
for rspdKey in self.resultSensitiveParamsDict.keys():
if self.resultSensitiveParamsDict[rspdKey] != []:
self.outputTxtArea.append(
"\n" + rspdKey + "--" +
str(self.resultSensitiveParamsDict[rspdKey]))
self.write2file()
#pass
else:
return
def findSensitiveParam(self, requestParamDict):
#sensitiveParamR = getParamRegular()
resultSensitiveParamsDict = {}
resultSensitiveParamsDict['urlParams'] = []
resultSensitiveParamsDict['BodyParams'] = []
resultSensitiveParamsDict['cookieParams'] = []
resultSensitiveParamsDict['jsonParams'] = []
#print requestParamDict
for spr in self.sensitiveParamR:
for key in requestParamDict.keys():
for reqParam in requestParamDict[key]:
if len(spr) == 1:
if spr == reqParam.lower():
resultSensitiveParamsDict[key].append(reqParam)
else:
if spr in reqParam.lower():
print spr + ' in ' + reqParam
resultSensitiveParamsDict[key].append(reqParam)
#print resultSensitiveParamsDict
for key in resultSensitiveParamsDict.keys():
resultSensitiveParamsDict[key] = {}.fromkeys(
resultSensitiveParamsDict[key]).keys()
#resultSensitiveParamsDict[key] = sorted(resultSensitiveParamsDict[key],key=resultSensitiveParamsDict[key].index)
#print resultSensitiveParamsDict
return resultSensitiveParamsDict
def write2file(self):
sensitiveParamsList = getSensitiveParamsFromFile()
newSensitiveParamsList = []
#print self.resultSensitiveParamsDict
for rspdKey in self.resultSensitiveParamsDict.keys():
if (self.resultSensitiveParamsDict[rspdKey] != []) and (set(
self.resultSensitiveParamsDict[rspdKey]).issubset(
set(sensitiveParamsList)) == False):
newSensitiveParamsList.extend([
newSensitiveParam for newSensitiveParam in
self.resultSensitiveParamsDict[rspdKey]
if newSensitiveParam not in sensitiveParamsList
])
#print str(newSensitiveParamsList)
if newSensitiveParamsList != []:
newSensitiveParamsList = {}.fromkeys(newSensitiveParamsList).keys()
with open('sensitive-params.txt', 'a') as sps:
for nsp in newSensitiveParamsList:
#print 'writeNewParams:'+nsp
sps.write('\n' + nsp)
def addAndSaveNewParamRegular(self, event):
NewParamRegular = self.addAndSaveNewParamRegularTextField.getText()
if NewParamRegular not in self.sensitiveParamR:
self.sensitiveParamR.append(NewParamRegular)
with open(paramRegularFile, 'a') as prf:
prf.write('\n' + NewParamRegular)
self.alertSaveSuccess.showMessageDialog(self.spePanel,
"Add and save success!")
else:
self.alertSaveSuccess.showMessageDialog(self.tab,
"paramRegular existed.")
self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR)
self.sensitiveParamsRegularListPanel.revalidate()
#self.sensitiveParamR = getParamRegular()
def delParamRegular(self, event):
#delParamRegularsIndex = self.sensitiveParamsRegularListPanel.selectedIndex
#if delParamRegularsIndex >= 0:
# print delParamRegularsIndex
# print self.sensitiveParamR[delParamRegularsIndex]
for sprlp in self.sensitiveParamsRegularListPanel.getSelectedValuesList(
):
#print sprlp
self.sensitiveParamR.remove(sprlp)
#with open(paramRegularFile,'r') as prf1:
# lines = prf1.readlines()
with open(paramRegularFile, 'w') as prf2:
#print self.sensitiveParamsRegularListPanel.getSelectedValuesList()
#for line in lines:
# if line.strip() in self.sensitiveParamsRegularListPanel.getSelectedValuesList():
# print 'remove:'+line
# lines.remove(line)
#for spr1 in lines:
# #print spr1
# prf2.write(spr1)
for spr2i, spr2 in enumerate(self.sensitiveParamR):
print spr2i
print spr2
if spr2i == len(self.sensitiveParamR) - 1:
prf2.write(spr2)
else:
prf2.write(spr2 + '\n')
self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR)
self.sensitiveParamsRegularListPanel.revalidate()
#self.sensitiveParamR = getParamRegular()
def clearRst(self, event):
self.outputTxtArea.setText("")
def exportRst(self, event):
chooseFile = JFileChooser()
ret = chooseFile.showDialog(self.logPane, "Choose file")
filename = chooseFile.getSelectedFile().getCanonicalPath()
print "\n" + "Export to : " + filename
open(filename, 'w', 0).write(self.outputTxtArea.text)
def getUiComponent(self):
self.spePanel = JPanel()
self.spePanel.setBorder(None)
self.spePanel.setLayout(None)
self.logPane = JScrollPane()
self.outputTxtArea = JTextArea()
self.outputTxtArea.setFont(Font("Consolas", Font.PLAIN, 12))
self.outputTxtArea.setLineWrap(True)
self.logPane.setViewportView(self.outputTxtArea)
self.spePanel.add(self.logPane)
self.clearBtn = JButton("Clear", actionPerformed=self.clearRst)
self.exportBtn = JButton("Export", actionPerformed=self.exportRst)
self.parentFrm = JFileChooser()
self.spePanel.add(self.clearBtn)
self.spePanel.add(self.exportBtn)
self.logPane.setBounds(20, 50, 800, 600)
self.clearBtn.setBounds(20, 650, 100, 30)
self.exportBtn.setBounds(600, 650, 100, 30)
self.sensitiveParamsRegularListPanel = JList(self.sensitiveParamR)
self.sensitiveParamsRegularListPanel.setVisibleRowCount(
len(self.sensitiveParamR))
#self.spePanel.add(self.sensitiveParamsRegularListPanel)
#self.sensitiveParamsRegularListPanel.setBounds(850,50,150,600)
self.sensitiveParamsRegularListScrollPanel = JScrollPane()
self.sensitiveParamsRegularListScrollPanel.setViewportView(
self.sensitiveParamsRegularListPanel)
self.spePanel.add(self.sensitiveParamsRegularListScrollPanel)
self.sensitiveParamsRegularListScrollPanel.setBounds(850, 50, 150, 600)
self.addAndSaveNewParamRegularButton = JButton(
'add&&save', actionPerformed=self.addAndSaveNewParamRegular)
self.spePanel.add(self.addAndSaveNewParamRegularButton)
self.addAndSaveNewParamRegularButton.setBounds(1000, 50, 150, 30)
self.addAndSaveNewParamRegularTextField = JTextField('NewParamRegular')
self.spePanel.add(self.addAndSaveNewParamRegularTextField)
self.addAndSaveNewParamRegularTextField.setBounds(1150, 50, 100, 30)
self.alertSaveSuccess = JOptionPane()
self.spePanel.add(self.alertSaveSuccess)
self.delParamRegularButton = JButton(
"delete", actionPerformed=self.delParamRegular)
self.spePanel.add(self.delParamRegularButton)
self.delParamRegularButton.setBounds(1000, 90, 100, 30)
return self.spePanel
def output(self, value):
eingabe = value.getString()
if eingabe == "Lexikon":
# Falls "Lexikon" an den Clienten übergeben wird, wird die GUI geöffnet,
# in der man deutsche Wörter eingeben kann, die einem dann auf Englisch
# vorgelesen werden.
def change_text(event):
text = feld.getText()
x = suche(text)
self.send(x)
frame.visible = False
frame = JFrame(
'Woerterbuch',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(380, 350),
)
frame.setLayout(None)
frame.visible = True
hintergrund = ImageIcon("Hintergrund.jpg")
hintergrundlabel = JLabel(hintergrund)
frame.setContentPane(hintergrundlabel)
uebersetzerlabel = JLabel()
uebersetzerlabel.setForeground(Color(025, 025, 112))
uebersetzerlabel.setText(
"<html><font size=+1>Welches Wort soll ich uebersetzen?</font></html>"
)
uebersetzerlabel.setBounds(10, 20, 500, 50)
frame.add(uebersetzerlabel)
feld = JTextField()
feld.setText("")
feld.setBounds(20, 80, 300, 25)
frame.add(feld)
button = JButton('Uebersetzen',
actionPerformed=change_text,
size=(10, 20))
button.setBounds(20, 110, 300, 30)
frame.add(button)
if eingabe == "neue Lektion":
# Falls dem Clienten "neue Lektion" übergeben wird, öffnet er er die
# GUI für das Verwalten der Lektionen
frame = JFrame('Lektion erstellen',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(1000, 1000))
frame.setLayout(None)
def auflisten_in(ort):
font = Font("Verdana", Font.BOLD, 15)
liste_mit_Lektionen = []
with open(pfad, "r") as f:
for line in f:
liste_mit_Lektionen.append(line.strip())
liste_mit_Lektionen.sort()
text = ""
for lektion in liste_mit_Lektionen:
text += lektion
text += "\n"
ort.setText(text)
ort.setFont(font)
frame.setLayout(None)
uebersichtLabel = JLabel()
def uebersetzen(event):
frage = feld_frage.getText()
x = suche(frage)
feld_frage.setText(x)
liste = []
with open(pfad, "r") as lektionen:
for lektion in lektionen:
if "nachgeschlagen" in lektion:
liste.append(lektion)
if liste:
name = liste[-1]
words = []
sql = "SELECT deutsch, englisch, symbol FROM " + name
zeile = stmt.executeQuery(sql)
while zeile.next():
d = zeile.getString("deutsch")
e = zeile.getString("englisch")
symb = zeile.getString("symbol")
words.append((d, e, symb))
if len(words) < 50:
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, frage)
pstmt.setString(2, x)
pstmt.setString(3, "X")
pstmt.executeUpdate()
else:
namensteile = name.split("_")
nummer = int(namensteile[1].strip()) + 1
name = "nachgeschlagen_" + str(nummer)
test = ""
with open(pfad, "r") as f:
for line in f:
test += line
if not name in test:
with open(pfad, "a") as f:
f.write(name + "\n")
sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);"
stmt.execute(sql)
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, frage)
pstmt.setString(2, x)
pstmt.setString(3, "X")
pstmt.executeUpdate()
else:
name = "nachgeschlagen_1"
test = ""
with open(pfad, "r") as f:
for line in f:
test += line
if not name in test:
with open(pfad, "a") as f:
f.write(name + "\n")
sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);"
stmt.execute(sql)
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, frage)
pstmt.setString(2, x)
pstmt.setString(3, "X")
pstmt.executeUpdate()
auflisten_in(uebersicht)
def delete(event):
name = feld.getText()
print name
print self.geladen
if name == self.geladen:
count = 0
while tabelle.getValueAt(count, 0) != None:
tabelle.setValueAt(None, count, 0)
tabelle.setValueAt(None, count, 1)
count += 1
stmt.execute("DROP TABLE " + name + ";")
lektionen = []
with open(pfad, "r") as f:
for line in f:
lektion = line.strip()
if not name == lektion:
lektionen.append(lektion)
with open(pfad, "w") as f:
for lektion in lektionen:
f.write(lektion + "\n")
auflisten_in(uebersicht)
def laden(event):
name = feld.getText()
self.geladen = name
sql = "SELECT deutsch, englisch FROM " + name
results = stmt.executeQuery(sql)
count = 0
while results.next():
d = results.getString("deutsch")
e = results.getString("englisch")
tabelle.setValueAt(d, count, 0)
tabelle.setValueAt(e, count, 1)
count += 1
while tabelle.getValueAt(count, 0) != None:
tabelle.setValueAt(None, count, 0)
tabelle.setValueAt(None, count, 1)
count += 1
def erstelle_Lektionstabelle(event):
reihen = []
for i in range(0, 50):
deutsch = tabelle.getValueAt(i, 0)
englisch = tabelle.getValueAt(i, 1)
if deutsch != None:
symbol = "X"
reihen.append([deutsch, englisch, symbol])
else:
break
z = 0
name = feld.getText()
sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);"
try:
stmt.execute(sql)
except SQLError:
stmt.execute("DROP TABLE " + name + ";")
stmt.execute(sql)
for reihe in reihen:
print(reihe)
deutsch = reihe[0]
englisch = reihe[1]
symbol = reihe[2]
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, deutsch)
pstmt.setString(2, englisch)
pstmt.setString(3, symbol)
pstmt.executeUpdate()
test = ""
with open(pfad, "r") as f:
for line in f:
test += line
if not name in test:
with open(pfad, "a") as f:
f.write(name + "\n")
self.send(name)
frame.setVisible(False)
frame = JFrame('Vokabel Listen',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(1000, 1000))
frame.setLayout(None)
label_enter = JLabel()
label_enter.setText(
"<html><font size=+0.5 color = 000000>Bitte vor dem Speichern<br>die Entertaste bedienen</font></html>"
)
label_enter.setBounds(20, 720, 250, 50)
uebersichtLabel = JLabel()
uebersichtLabel.setText(
"<html><font size=+1 color=#191970>Bereits vorhandene Lektionen:</font></html>"
)
uebersichtLabel.setBounds(450, 230, 250, 50)
uebersicht = JTextArea()
uebersicht.editable = False
uebersicht_scroll = JScrollPane(uebersicht)
uebersicht_scroll.viewport.view = uebersicht
uebersicht_scroll.setBounds(450, 300, 250, 380)
auflisten_in(uebersicht)
button = JButton('Lektion speichern/Lektion reseten',
actionPerformed=erstelle_Lektionstabelle,
size=(10, 20))
button.setBounds(20, 700, 300, 30)
button_laden = JButton('vorhandene Lektion laden',
actionPerformed=laden,
size=(10, 20))
button_laden.setBounds(20, 110, 210, 30)
button_delete = JButton("Lektion entfernen",
actionPerformed=delete)
button_delete.setBounds(20, 140, 210, 30)
hintergrund = ImageIcon("Hintergrund.jpg")
pnl = JPanel()
hintergrundlabel = JLabel(hintergrund)
frame.setContentPane(hintergrundlabel)
lektionsnamensLabel = JLabel()
lektionsnamensLabel.setForeground(Color(025, 025, 112))
lektionsnamensLabel.setText(
"<html><font size=+1>Hier bitte Namen der Lektion eingeben<br>(Nur ein Wort lang)</font></html>"
)
lektionsnamensLabel.setBounds(10, 20, 500, 50)
frame.add(lektionsnamensLabel)
feld = JTextField()
feld.setText("")
feld.setBounds(20, 80, 210, 25)
frame.add(feld)
column_names = [
"<html><font size=+1 color=#191970><b>Deutsch</b></font></html>",
"<html><font size=+1 color=#191970><b>Englisch</b></font></html>"
]
table_model = DefaultTableModel(column_names, 50)
tabelle = JTable(table_model)
lektionsnamensLabel.setForeground(Color(025, 025, 112))
scrollbar = JScrollPane(tabelle)
scrollbar.viewport.view = tabelle
scrollbar.setVerticalScrollBarPolicy(
scrollbar.VERTICAL_SCROLLBAR_ALWAYS)
scrollbar.setVisible(True)
tabelle.setVisible(True)
scrollbar.setBounds(20, 190, 300, 490)
feld_frage = JTextField()
feld_frage.setText("")
feld_frage.setBounds(450, 30, 300, 50)
uebersetzerlabel = JLabel()
uebersetzerlabel.setForeground(Color(025, 025, 112))
uebersetzerlabel.setText(
"<html><font size=+1>Hier kannst Du ein deutsches Wort eintragen,<br>dass ich fuer Dich nachschlage</font></html>"
)
uebersetzerlabel.setBounds(450, 80, 500, 50)
button_uebersetzen = JButton('Uebersetzen',
actionPerformed=uebersetzen,
size=(10, 20))
button_uebersetzen.setBounds(450, 130, 300, 30)
frame.add(button_uebersetzen)
frame.add(uebersetzerlabel)
frame.add(feld_frage)
frame.add(feld)
frame.add(scrollbar)
frame.add(button)
frame.add(button_laden)
frame.setVisible(True)
frame.add(uebersicht_scroll)
frame.add(uebersichtLabel)
frame.add(button_delete)
frame.add(label_enter)
elif eingabe == "alle Lektionen auflisten":
# Hier erstellt der Client eine dynamische Grammatik
# mit den vorhandenen Lektionen, die man sich abfragen lassen kann
# und gibt diese wieder an DialogOS zurück.
# Außerdem wird der Feedback Frame geöffnet.
def auflisten_in2(ort):
font = Font("Verdana", Font.BOLD, 15)
liste_mit_Lektionen = []
with open(pfad, "r") as f:
for line in f:
liste_mit_Lektionen.append(line.strip())
liste_mit_Lektionen.sort()
text = ""
for lektion in liste_mit_Lektionen:
text += lektion
text += "\n"
ort.setText(text)
ort.setFont(font)
frame_feedback.setVisible(True)
auflisten_in2(uebersicht2)
grammatik = ""
grammatik = "root $NamevonLektion;\n"
grammatik += "$NamevonLektion = "
with open(pfad, "r") as f:
z = 0
for line in f:
if z == 0:
if not "_" in line:
grammatik += line
else:
zeile = line.split("_")
grammatik += zeile[0] + " "
grammatik += zeile[1].strip()
else:
if not "_" in line:
grammatik += "|" + line
else:
zeile = line.split("_")
grammatik += "|" + zeile[0] + " "
grammatik += zeile[1].strip()
if line != "\n":
z += 1
grammatik += ";"
self.send(grammatik)
elif "sende" in eingabe:
# DialogOS sagt dem Clienten, welche Lektion der User abgefragt
# werden möchte. Der Client ließt dann die entsprechende Lektion
# aus der Datenbank aus und gibt eine Liste mit 2 Listen zurück.
# In der ersten Liste befinden sich die deutschen Bedeutungen, der
# noch nicht gewussten Wörter, in der 2. Liste die englsichen Bedeutungen.
# Falls alle Wörter bereits gekonnt wurden, wird stattdessen eine entsprechende
# Anmerkung an DialogOS geschickt und DialogOS informiert den User darüber.
z = 0
if "nachgeschlagen" in eingabe:
bestandteile = eingabe.split()
name = bestandteile[1] + "_" + bestandteile[2]
else:
name = eingabe.split()[1]
sql = "SELECT deutsch, englisch, symbol FROM " + name
vokabelliste = stmt.executeQuery(sql)
deutsch = []
englisch = []
symbol = []
while (vokabelliste.next()):
deutsch.append(vokabelliste.getString("deutsch"))
englisch.append(vokabelliste.getString("englisch"))
symbol.append(vokabelliste.getString("symbol"))
indices = range(0, len(deutsch))
random.shuffle(indices)
vokabeln = [[], []]
for index in indices:
d = deutsch[index]
e = englisch[index]
s = symbol[index]
if s == "X":
vokabeln[0].append(d)
vokabeln[1].append(e)
if vokabeln[0]:
self.send(vokabeln)
else:
self.send([
"Du kannst diese Lektion schon komplett. Wenn Du sie wieder abgefragt werden willst, resete sie bitte unter Wokabeln verwalten."
])
else:
# Dieser Teil des Codes wird während der Abfrage ausgeführt.
# Nach jeder neuen Vokabel wird dann in ein Feld im Feedback
# Frame die deutsche, die englische Vokabel und ein Symbol angezeigt,
# welches einen darüber informiert, ob man die Vokabel wusste, oder nicht.
# (O für gewusst und X für nicht gewusst)
nametext = eingabe.split(":")
name = nametext[0]
text = nametext[1]
feld_feedback.setText(text)
zeilen = text.split("\n")
symb = zeilen[-2].split("\t")[-1]
d = zeilen[-2].split("\t")[-3]
print d
sql = "UPDATE " + name + " SET symbol = ? WHERE deutsch = ?"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, symb)
pstmt.setString(2, d)
pstmt.executeUpdate()
size=(1000, 1000))
frame_feedback.setLayout(None)
uebersichtLabel2 = JLabel()
uebersichtLabel2.setText(
"<html><font size=+1 color=#191970>vorhandene Lektionen:</font></html>")
uebersichtLabel2.setBounds(450, 200, 250, 50)
uebersicht2 = JTextArea()
uebersicht2.editable = False
uebersicht_scroll2 = JScrollPane(uebersicht2)
uebersicht_scroll2.viewport.view = uebersicht2
uebersicht_scroll2.setBounds(450, 250, 250, 410)
feld_feedback = JTextArea()
feld_feedback.editable = False
feld_feedback.setBounds(50, 50, 300, 600)
button_close = JButton('close window', actionPerformed=close2)
button_close.setBounds(50, 650, 300, 30)
hintergrund2 = ImageIcon("Hintergrund.jpg")
pnl2 = JPanel()
hintergrundlabel2 = JLabel(hintergrund2)
frame_feedback.setContentPane(hintergrundlabel2)
frame_feedback.add(button_close)
frame_feedback.add(uebersicht_scroll2)
frame_feedback.add(uebersichtLabel2)
frame_feedback.add(feld_feedback)
frame_feedback.setVisible(False)
class Main(Client):
def __init__(self):
pass
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Autorize")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.intercept = 0
self.initInterceptionFilters()
self.initEnforcementDetector()
self.initExport()
self.initConfigurationTab()
self.initTabs()
self.initCallbacks()
print "Thank you for installing Autorize v0.9 extension"
print "by Barak Tawily"
return
def initExport(self):
#
## init enforcement detector tab
#
exportLType = JLabel("File Type:")
exportLType.setBounds(10, 10, 100, 30)
exportLES = JLabel("Enforcement Statuses:")
exportLES.setBounds(10, 50, 160, 30)
exportFileTypes = ["HTML"]
self.exportType = JComboBox(exportFileTypes)
self.exportType.setBounds(100, 10, 200, 30)
exportES = [
"All Statuses", "Authorization bypass!",
"Authorization enforced??? (please configure enforcement detector)",
"Authorization enforced!"
]
self.exportES = JComboBox(exportES)
self.exportES.setBounds(100, 50, 200, 30)
exportLES = JLabel("Statuses:")
exportLES.setBounds(10, 50, 100, 30)
self.exportButton = JButton("Export",
actionPerformed=self.exportToHTML)
self.exportButton.setBounds(390, 25, 100, 30)
self.exportPnl = JPanel()
self.exportPnl.setLayout(None)
self.exportPnl.setBounds(0, 0, 1000, 1000)
self.exportPnl.add(exportLType)
self.exportPnl.add(self.exportType)
self.exportPnl.add(exportLES)
self.exportPnl.add(self.exportES)
self.exportPnl.add(self.exportButton)
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = [
"Finger Print: (enforced message body contains)",
"Content-Length: (constant Content-Length number of enforced response)"
]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel()
self.EDList = JList(self.EDModel)
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter", actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter", actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None)
self.EDPnl.setBounds(0, 0, 1000, 1000)
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = [
"URL Contains: ", "Scope items only: (Content is not required)"
]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel()
self.IFList = JList(self.IFModel)
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter", actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter", actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None)
self.filtersPnl.setBounds(0, 0, 1000, 1000)
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(290, 45, 140, 30)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",
actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;",
5, 30)
self.replaceString.setWrapStyleWord(True)
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.filtersTabs)
def initTabs(self):
#
## init autorize tabs
#
self.logTable = Table(self)
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
copyURLitem = JMenuItem("Copy URL")
copyURLitem.addActionListener(copySelectedURL(self))
self.menu = JPopupMenu("Popup")
self.menu.add(copyURLitem)
self.tabs = JTabbedPane()
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._originalrequestViewer = self._callbacks.createMessageEditor(
self, False)
self._originalresponseViewer = self._callbacks.createMessageEditor(
self, False)
self.tabs.addTab("Modified Request",
self._requestViewer.getComponent())
self.tabs.addTab("Modified Response",
self._responseViewer.getComponent())
self.tabs.addTab("Original Request",
self._originalrequestViewer.getComponent())
self.tabs.addTab("Original Response",
self._originalresponseViewer.getComponent())
self.tabs.addTab("Configuration", self.pnl)
self.tabs.setSelectedIndex(4)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.customizeUiComponent(self.filtersTabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
#
## Events functions
#
def startOrStop(self, event):
if self.startButton.getText() == "Autorize is off":
self.startButton.setText("Autorize is on")
self.startButton.setBackground(Color.GREEN)
self.intercept = 1
self._callbacks.registerHttpListener(self)
else:
self.startButton.setText("Autorize is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
self._callbacks.removeHttpListener(self)
def addEDFilter(self, event):
typeName = self.EDType.getSelectedItem().split(":")[0]
self.EDModel.addElement(typeName + ": " + self.EDText.getText())
def delEDFilter(self, event):
index = self.EDList.getSelectedIndex()
if not index == -1:
self.EDModel.remove(index)
def addIFFilter(self, event):
typeName = self.IFType.getSelectedItem().split(":")[0]
self.IFModel.addElement(typeName + ": " + self.IFText.getText())
def delIFFilter(self, event):
index = self.IFList.getSelectedIndex()
if not index == -1:
self.IFModel.remove(index)
def clearList(self, event):
self._lock.acquire()
self._log = ArrayList()
row = self._log.size()
self.fireTableRowsInserted(row, row)
self._lock.release()
def exportToHTML(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th>URL</th><th>Authorization Enforcement Status</th></tr></thead>
<tbody>"""
for i in range(0, self._log.size()):
color = ""
if self._log.get(
i
)._enfocementStatus == "Authorization enforced??? (please configure enforcement detector)":
color = "yellow"
if self._log.get(i)._enfocementStatus == "Authorization bypass!":
color = "red"
if self._log.get(i)._enfocementStatus == "Authorization enforced!":
color = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (
color, self._log.get(i)._url, self._log.get(i)._url,
self._log.get(i)._enfocementStatus)
else:
if enforcementStatusFilter == self._log.get(
i)._enfocementStatus:
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (
color, self._log.get(i)._url, self._log.get(i)._url,
self._log.get(i)._enfocementStatus)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Autorize")
cookieMenuItem = JMenuItem("Send cookie to Autorize")
requestMenuItem.addActionListener(
handleMenuItems(self, responses[0], "request"))
cookieMenuItem.addActionListener(
handleMenuItems(self, responses[0], "cookie"))
ret.add(requestMenuItem)
ret.add(cookieMenuItem)
return (ret)
return null
#
# implement ITab
#
def getTabCaption(self):
return "Autorize"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "URL"
if columnIndex == 1:
return "Authorization Enforcement Status"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._url.toString()
if columnIndex == 1:
return logEntry._enfocementStatus
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if self.intercept == 1:
if self.prevent304.isSelected():
if messageIsRequest:
requestHeaders = list(
self._helpers.analyzeRequest(messageInfo).getHeaders())
newHeaders = list()
found = 0
for header in requestHeaders:
if not "If-None-Match:" in header and not "If-Modified-Since:" in header:
newHeaders.append(header)
found = 1
if found == 1:
requestInfo = self._helpers.analyzeRequest(messageInfo)
bodyBytes = messageInfo.getRequest()[requestInfo.
getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
messageInfo.setRequest(
self._helpers.buildHttpMessage(
newHeaders, bodyStr))
if not messageIsRequest:
if not self.replaceString.getText(
) in self._helpers.analyzeRequest(messageInfo).getHeaders():
if self.ignore304.isSelected():
firstHeader = self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders()[0]
if "304" in firstHeader or "204" in firstHeader:
return
if self.IFList.getModel().getSize() == 0:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders())
else:
urlString = str(
self._helpers.analyzeRequest(messageInfo).getUrl())
for i in range(0, self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "Scope items only":
currentURL = URL(urlString)
if self._callbacks.isInScope(currentURL):
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).
getHeaders())
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "URL Contains":
if self.IFList.getModel().getElementAt(
i)[14:] in urlString:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).
getHeaders())
return
def makeRequest(self, messageInfo, message):
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(
self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https"), message)
def makeMessage(self, messageInfo, removeOrNot):
requestInfo = self._helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
if removeOrNot:
headers = list(headers)
removeHeaders = ArrayList()
removeHeaders.add(self.replaceString.getText()
[0:self.replaceString.getText().index(":")])
for header in headers[:]:
for removeHeader in removeHeaders:
if removeHeader in header:
headers.remove(header)
headers.append(self.replaceString.getText())
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
return self._helpers.buildHttpMessage(headers, msgBody)
def checkAuthorization(self, messageInfo, originalHeaders):
message = self.makeMessage(messageInfo, True)
requestResponse = self.makeRequest(messageInfo, message)
analyzedResponse = self._helpers.analyzeResponse(
requestResponse.getResponse())
oldStatusCode = originalHeaders[0]
newStatusCode = analyzedResponse.getHeaders()[0]
oldContentLen = self.getContentLength(originalHeaders)
newContentLen = self.getContentLength(analyzedResponse.getHeaders())
impression = ""
EDFilters = self.EDModel.toArray()
if oldStatusCode == newStatusCode:
if oldContentLen == newContentLen:
impression = "Authorization bypass!"
else:
impression = "Authorization enforced??? (please configure enforcement detector)"
for filter in EDFilters:
if str(filter).startswith("Content-Length: "):
if newContentLen == filter:
impression = "Authorization enforced!"
if str(filter).startswith("Finger Print: "):
if filter[14:] in self._helpers.bytesToString(
requestResponse.getResponse()
[analyzedResponse.getBodyOffset():]):
impression = "Authorization enforced!"
else:
impression = "Authorization enforced!"
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(self._callbacks.saveBuffersToTempFiles(requestResponse),
self._helpers.analyzeRequest(requestResponse).getUrl(),
messageInfo,
impression)) # same requests not include again.
self.fireTableRowsInserted(row, row)
self._lock.release()
def getContentLength(self, analyzedResponseHeaders):
for header in analyzedResponseHeaders:
if "Content-Length:" in header:
return header
return "null"
def getCookieFromMessage(self, messageInfo):
headers = list(
self._helpers.analyzeRequest(
messageInfo.getRequest()).getHeaders())
for header in headers:
if "Cookie:" in header:
return header
return None
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Autorize")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self._enfocementStatuses = ["Authorization bypass!","Authorization enforced??? (please configure enforcement detector)","Authorization enforced!"]
self.intercept = 0
self.initInterceptionFilters()
self.initEnforcementDetector()
self.initEnforcementDetectorUnauthorized()
self.initExport()
self.initConfigurationTab()
self.initTabs()
self.initCallbacks()
self.currentRequestNumber = 1
print "Thank you for installing Autorize v0.12 extension"
print "Created by Barak Tawily"
print "Contributors: Barak Tawily, Federico Dotta"
print "\nGithub:\nhttps://github.com/Quitten/Autorize"
return
def initExport(self):
#
## init enforcement detector tab
#
exportLType = JLabel("File Type:")
exportLType.setBounds(10, 10, 100, 30)
exportLES = JLabel("Enforcement Statuses:")
exportLES.setBounds(10, 50, 160, 30)
exportFileTypes = ["HTML","CSV"]
self.exportType = JComboBox(exportFileTypes)
self.exportType.setBounds(100, 10, 200, 30)
exportES = ["All Statuses", self._enfocementStatuses[0], self._enfocementStatuses[1], self._enfocementStatuses[2]]
self.exportES = JComboBox(exportES)
self.exportES.setBounds(100, 50, 200, 30)
exportLES = JLabel("Statuses:")
exportLES.setBounds(10, 50, 100, 30)
self.exportButton = JButton("Export",actionPerformed=self.export)
self.exportButton.setBounds(390, 25, 100, 30)
self.exportPnl = JPanel()
self.exportPnl.setLayout(None);
self.exportPnl.setBounds(0, 0, 1000, 1000);
self.exportPnl.add(exportLType)
self.exportPnl.add(self.exportType)
self.exportPnl.add(exportLES)
self.exportPnl.add(self.exportES)
self.exportPnl.add(self.exportButton)
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
# These two variable appears to be unused...
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel();
self.EDList = JList(self.EDModel);
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter",actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter",actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None);
self.EDPnl.setBounds(0, 0, 1000, 1000);
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def initEnforcementDetectorUnauthorized(self):
#
## init enforcement detector tab
#
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDTypeUnauth = JComboBox(EDStrings)
self.EDTypeUnauth.setBounds(80, 10, 430, 30)
self.EDTextUnauth = JTextArea("", 5, 30)
self.EDTextUnauth.setBounds(80, 50, 300, 110)
self.EDModelUnauth = DefaultListModel();
self.EDListUnauth = JList(self.EDModelUnauth);
self.EDListUnauth.setBounds(80, 175, 300, 110)
self.EDListUnauth.setBorder(LineBorder(Color.BLACK))
self.EDAddUnauth = JButton("Add filter",actionPerformed=self.addEDFilterUnauth)
self.EDAddUnauth.setBounds(390, 85, 120, 30)
self.EDDelUnauth = JButton("Remove filter",actionPerformed=self.delEDFilterUnauth)
self.EDDelUnauth.setBounds(390, 210, 120, 30)
self.EDPnlUnauth = JPanel()
self.EDPnlUnauth.setLayout(None);
self.EDPnlUnauth.setBounds(0, 0, 1000, 1000);
self.EDPnlUnauth.add(EDLType)
self.EDPnlUnauth.add(self.EDTypeUnauth)
self.EDPnlUnauth.add(EDLContent)
self.EDPnlUnauth.add(self.EDTextUnauth)
self.EDPnlUnauth.add(self.EDAddUnauth)
self.EDPnlUnauth.add(self.EDDelUnauth)
self.EDPnlUnauth.add(EDLabelList)
self.EDPnlUnauth.add(self.EDListUnauth)
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = ["Scope items only: (Content is not required)","URL Contains (simple string): ","URL Contains (regex): ","URL Not Contains (simple string): ","URL Not Contains (regex): "]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel();
self.IFList = JList(self.IFModel);
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter",actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter",actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None);
self.filtersPnl.setBounds(0, 0, 1000, 1000);
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
#self.autoScroll.setBounds(290, 45, 140, 30)
self.autoScroll.setBounds(160, 40, 140, 30)
self.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self.doUnauthorizedRequest.setBounds(290, 45, 300, 30)
self.doUnauthorizedRequest.setSelected(True)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;", 5, 30)
self.replaceString.setWrapStyleWord(True);
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Detector Unauthenticated", self.EDPnlUnauth)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.doUnauthorizedRequest)
self.pnl.add(self.filtersTabs)
def initTabs(self):
#
## init autorize tabs
#
self.logTable = Table(self)
self.logTable.setAutoCreateRowSorter(True)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("ID").setPreferredWidth(Math.round(tableWidth / 50 * 2))
self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 24))
self.logTable.getColumn("Orig. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Modif. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Unauth. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Authorization Enforcement Status").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Authorization Unauth. Status").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self))
self.menuES0 = JCheckBoxMenuItem(self._enfocementStatuses[0],True)
self.menuES1 = JCheckBoxMenuItem(self._enfocementStatuses[1],True)
self.menuES2 = JCheckBoxMenuItem(self._enfocementStatuses[2],True)
self.menuES0.addItemListener(menuTableFilter(self))
self.menuES1.addItemListener(menuTableFilter(self))
self.menuES2.addItemListener(menuTableFilter(self))
copyURLitem = JMenuItem("Copy URL");
copyURLitem.addActionListener(copySelectedURL(self))
self.menu = JPopupMenu("Popup")
self.menu.add(copyURLitem)
self.menu.add(self.menuES0)
self.menu.add(self.menuES1)
self.menu.add(self.menuES2)
self.tabs = JTabbedPane()
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._originalrequestViewer = self._callbacks.createMessageEditor(self, False)
self._originalresponseViewer = self._callbacks.createMessageEditor(self, False)
self._unauthorizedrequestViewer = self._callbacks.createMessageEditor(self, False)
self._unauthorizedresponseViewer = self._callbacks.createMessageEditor(self, False)
self.tabs.addTab("Modified Request", self._requestViewer.getComponent())
self.tabs.addTab("Modified Response", self._responseViewer.getComponent())
self.tabs.addTab("Original Request", self._originalrequestViewer.getComponent())
self.tabs.addTab("Original Response", self._originalresponseViewer.getComponent())
self.tabs.addTab("Unauthenticated Request", self._unauthorizedrequestViewer.getComponent())
self.tabs.addTab("Unauthenticated Response", self._unauthorizedresponseViewer.getComponent())
self.tabs.addTab("Configuration", self.pnl)
self.tabs.setSelectedIndex(6)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.customizeUiComponent(self.filtersTabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
#
## Events functions
#
def startOrStop(self, event):
if self.startButton.getText() == "Autorize is off":
self.startButton.setText("Autorize is on")
self.startButton.setBackground(Color.GREEN)
self.intercept = 1
self._callbacks.registerHttpListener(self)
else:
self.startButton.setText("Autorize is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
self._callbacks.removeHttpListener(self)
def addEDFilter(self, event):
typeName = self.EDType.getSelectedItem().split(":")[0]
self.EDModel.addElement(typeName + ": " + self.EDText.getText())
def delEDFilter(self, event):
index = self.EDList.getSelectedIndex();
if not index == -1:
self.EDModel.remove(index);
def addEDFilterUnauth(self, event):
typeName = self.EDTypeUnauth.getSelectedItem().split(":")[0]
self.EDModelUnauth.addElement(typeName + ": " + self.EDTextUnauth.getText())
def delEDFilterUnauth(self, event):
index = self.EDListUnauth.getSelectedIndex();
if not index == -1:
self.EDModelUnauth.remove(index);
def addIFFilter(self, event):
typeName = self.IFType.getSelectedItem().split(":")[0]
self.IFModel.addElement(typeName + ": " + self.IFText.getText())
def delIFFilter(self, event):
index = self.IFList.getSelectedIndex();
if not index == -1:
self.IFModel.remove(index);
def clearList(self, event):
self._lock.acquire()
oldSize = self._log.size()
self._log.clear()
self.fireTableRowsDeleted(0, oldSize - 1)
self._lock.release()
def export(self, event):
if self.exportType.getSelectedItem() == "HTML":
self.exportToHTML()
else:
self.exportToCSV()
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.csv"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0,self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
def exportToHTML(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th width=\"3%\">ID</th><th width=\"48%\">URL</th><th width=\"9%\">Original length</th><th width=\"9%\">Modified length</th><th width=\"9%\">Unauthorized length</th><th width=\"11%\">Authorization Enforcement Status</th><th width=\"11%\">Authorization Unauthenticated Status</th></tr></thead>
<tbody>"""
for i in range(0,self._log.size()):
color_modified = ""
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[0]:
color_modified = "red"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[1]:
color_modified = "yellow"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[2]:
color_modified = "LawnGreen"
color_unauthorized = ""
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[0]:
color_unauthorized = "red"
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[1]:
color_unauthorized = "yellow"
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[2]:
color_unauthorized = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Autorize");
cookieMenuItem = JMenuItem("Send cookie to Autorize");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
cookieMenuItem.addActionListener(handleMenuItems(self, responses[0], "cookie"))
ret.add(requestMenuItem);
ret.add(cookieMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "Autorize"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 7
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "ID"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Orig. Length"
if columnIndex == 3:
return "Modif. Length"
if columnIndex == 4:
return "Unauth. Length"
if columnIndex == 5:
return "Authorization Enforcement Status"
if columnIndex == 6:
return "Authorization Unauth. Status"
return ""
def getColumnClass(self, columnIndex):
if columnIndex == 0:
return Integer
if columnIndex == 1:
return String
if columnIndex == 2:
return Integer
if columnIndex == 3:
return Integer
if columnIndex == 4:
return Integer
if columnIndex == 5:
return String
if columnIndex == 6:
return String
return String
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._id
if columnIndex == 1:
return logEntry._url.toString()
if columnIndex == 2:
return len(logEntry._originalrequestResponse.getResponse())
if columnIndex == 3:
return len(logEntry._requestResponse.getResponse())
if columnIndex == 4:
if logEntry._unauthorizedRequestResponse != None:
return len(logEntry._unauthorizedRequestResponse.getResponse())
else:
#return "-"
return 0
if columnIndex == 5:
return logEntry._enfocementStatus
if columnIndex == 6:
return logEntry._enfocementStatusUnauthorized
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
#if (self.intercept == 1) and (toolFlag != self._callbacks.TOOL_EXTENDER):
if (self.intercept == 1) and (toolFlag == self._callbacks.TOOL_PROXY):
if self.prevent304.isSelected():
if messageIsRequest:
requestHeaders = list(self._helpers.analyzeRequest(messageInfo).getHeaders())
newHeaders = list()
found = 0
for header in requestHeaders:
if not "If-None-Match:" in header and not "If-Modified-Since:" in header:
newHeaders.append(header)
found = 1
if found == 1:
requestInfo = self._helpers.analyzeRequest(messageInfo)
bodyBytes = messageInfo.getRequest()[requestInfo.getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
messageInfo.setRequest(self._helpers.buildHttpMessage(newHeaders, bodyStr))
if not messageIsRequest:
if not self.replaceString.getText() in self._helpers.analyzeRequest(messageInfo).getHeaders():
if self.ignore304.isSelected():
firstHeader = self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders()[0]
if "304" in firstHeader or "204" in firstHeader:
return
if self.IFList.getModel().getSize() == 0:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
else:
urlString = str(self._helpers.analyzeRequest(messageInfo).getUrl())
do_the_check = 1
for i in range(0,self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(":")[0] == "Scope items only":
currentURL = URL(urlString)
if not self._callbacks.isInScope(currentURL):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (simple string)":
if self.IFList.getModel().getElementAt(i)[30:] not in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (regex)":
regex_string = self.IFList.getModel().getElementAt(i)[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(urlString):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (simple string)":
if self.IFList.getModel().getElementAt(i)[34:] in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (regex)":
regex_string = self.IFList.getModel().getElementAt(i)[26:]
p = re.compile(regex_string, re.IGNORECASE)
if p.search(urlString):
do_the_check = 0
if do_the_check:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
return
def sendRequestToAutorizeWork(self,messageInfo):
if messageInfo.getResponse() == None:
message = self.makeMessage(messageInfo,False,False)
requestResponse = self.makeRequest(messageInfo, message)
self.checkAuthorization(requestResponse,self._helpers.analyzeResponse(requestResponse.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
else:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
def makeRequest(self, messageInfo, message):
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message)
def makeMessage(self, messageInfo, removeOrNot, authorizeOrNot):
requestInfo = self._helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
if removeOrNot:
headers = list(headers)
removeHeaders = ArrayList()
removeHeaders.add(self.replaceString.getText()[0:self.replaceString.getText().index(":")])
for header in headers[:]:
for removeHeader in removeHeaders:
if removeHeader in header:
headers.remove(header)
if authorizeOrNot:
headers.append(self.replaceString.getText())
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
return self._helpers.buildHttpMessage(headers, msgBody)
def checkBypass(self,oldStatusCode,newStatusCode,oldContentLen,newContentLen,filters,requestResponse):
analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse())
impression = ""
if oldStatusCode == newStatusCode:
if oldContentLen == newContentLen:
impression = self._enfocementStatuses[0]
else:
auth_enforced = 1
for filter in filters:
if str(filter).startswith("Headers (simple string): "):
if not(filter[25:] in self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Headers (regex): "):
regex_string = filter[17:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Body (simple string): "):
if not(filter[22:] in self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Body (regex): "):
regex_string = filter[14:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Full request (simple string): "):
if not(filter[30:] in self._helpers.bytesToString(requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Full request (regex): "):
regex_string = filter[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Content-Length: "):
if newContentLen != filter:
auth_enforced = 0
if auth_enforced:
impression = self._enfocementStatuses[2]
else:
impression = self._enfocementStatuses[1]
else:
impression = self._enfocementStatuses[2]
return impression
def checkAuthorization(self, messageInfo, originalHeaders, checkUnauthorized):
message = self.makeMessage(messageInfo,True,True)
requestResponse = self.makeRequest(messageInfo, message)
analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse())
oldStatusCode = originalHeaders[0]
newStatusCode = analyzedResponse.getHeaders()[0]
oldContentLen = self.getContentLength(originalHeaders)
newContentLen = self.getContentLength(analyzedResponse.getHeaders())
# Check unauthorized request
if checkUnauthorized:
messageUnauthorized = self.makeMessage(messageInfo,True,False)
requestResponseUnauthorized = self.makeRequest(messageInfo, messageUnauthorized)
analyzedResponseUnauthorized = self._helpers.analyzeResponse(requestResponseUnauthorized.getResponse())
statusCodeUnauthorized = analyzedResponseUnauthorized.getHeaders()[0]
contentLenUnauthorized = self.getContentLength(analyzedResponseUnauthorized.getHeaders())
EDFilters = self.EDModel.toArray()
impression = self.checkBypass(oldStatusCode,newStatusCode,oldContentLen,newContentLen,EDFilters,requestResponse)
if checkUnauthorized:
EDFiltersUnauth = self.EDModelUnauth.toArray()
impressionUnauthorized = self.checkBypass(oldStatusCode,statusCodeUnauthorized,oldContentLen,contentLenUnauthorized,EDFiltersUnauth,requestResponseUnauthorized)
self._lock.acquire()
row = self._log.size()
if checkUnauthorized:
self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,self._callbacks.saveBuffersToTempFiles(requestResponseUnauthorized),impressionUnauthorized)) # same requests not include again.
else:
self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,None,"Disabled")) # same requests not include again.
self.fireTableRowsInserted(row, row)
self.currentRequestNumber = self.currentRequestNumber + 1
self._lock.release()
def getContentLength(self, analyzedResponseHeaders):
for header in analyzedResponseHeaders:
if "Content-Length:" in header:
return header;
return "null"
def getCookieFromMessage(self, messageInfo):
headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders())
for header in headers:
if "Cookie:" in header:
return header
return None
def initVulnerabilityTab(self):
#
## init vulnerability tab
#
nameLabel = JLabel("Vulnerability Name:")
nameLabel.setBounds(10, 10, 140, 30)
self.addButton = JButton("Add",actionPerformed=self.addVuln)
self.addButton.setBounds(10, 500, 100, 30)
rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln)
rmVulnButton.setBounds(465, 500, 100, 30)
mitigationLabel = JLabel("Mitigation:")
mitigationLabel.setBounds(10, 290, 150, 30)
addSSBtn = JButton("Add SS",actionPerformed=self.addSS)
addSSBtn.setBounds(750, 40, 110, 30)
deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS)
deleteSSBtn.setBounds(750, 75, 110, 30)
piclistLabel = JLabel("Images list:")
piclistLabel.setBounds(580, 10, 140, 30)
self.screenshotsList = DefaultListModel()
self.ssList = JList(self.screenshotsList)
self.ssList.setBounds(580, 40, 150, 250)
self.ssList.addListSelectionListener(ssChangedHandler(self))
self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY))
previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)")
previewPicLabel.setBounds(580, 290, 500, 30)
copyImgMenu = JMenuItem("Copy")
copyImgMenu.addActionListener(copyImg(self))
self.imgMenu = JPopupMenu("Popup")
self.imgMenu.add(copyImgMenu)
self.firstPic = JLabel()
self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY))
self.firstPic.setBounds(580, 320, 550, 400)
self.firstPic.addMouseListener(imageClicked(self))
self.vulnName = JTextField("")
self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self))
self.vulnName.setBounds(140, 10, 422, 30)
sevirities = ["Unclassified", "Critical","High","Medium","Low"]
self.threatLevel = JComboBox(sevirities);
self.threatLevel.setBounds(140, 45, 140, 30)
colors = ["Color:", "Green", "Red"]
self.colorCombo = JComboBox(colors);
self.colorCombo.setBounds(465, 45, 100, 30)
self.colorCombo
severityLabel = JLabel("Threat Level:")
severityLabel.setBounds(10, 45, 100, 30)
descriptionLabel = JLabel("Description:")
descriptionLabel.setBounds(10, 80, 100, 30)
self.descriptionString = JTextArea("", 5, 30)
self.descriptionString.setWrapStyleWord(True);
self.descriptionString.setLineWrap(True)
self.descriptionString.setBounds(10, 110, 555, 175)
descriptionStringScroll = JScrollPane(self.descriptionString)
descriptionStringScroll.setBounds(10, 110, 555, 175)
descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.mitigationStr = JTextArea("", 5, 30)
self.mitigationStr.setWrapStyleWord(True);
self.mitigationStr.setLineWrap(True)
self.mitigationStr.setBounds(10, 320, 555, 175)
mitigationStrScroll = JScrollPane(self.mitigationStr)
mitigationStrScroll.setBounds(10, 320, 555, 175)
mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(addSSBtn)
self.pnl.add(piclistLabel)
self.pnl.add(nameLabel)
self.pnl.add(deleteSSBtn)
self.pnl.add(rmVulnButton)
self.pnl.add(severityLabel)
self.pnl.add(mitigationLabel)
self.pnl.add(descriptionLabel)
self.pnl.add(previewPicLabel)
self.pnl.add(mitigationStrScroll)
self.pnl.add(descriptionStringScroll)
self.pnl.add(self.ssList)
self.pnl.add(self.firstPic)
self.pnl.add(self.addButton)
self.pnl.add(self.vulnName)
self.pnl.add(self.threatLevel)
self.pnl.add(self.colorCombo)
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("PT Vulnerabilities Manager")
self.config = SafeConfigParser()
self.createSection('projects')
self.createSection('general')
self.config.read('config.ini')
self.chooser = JFileChooser()
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.logTable = Table(self)
self.logTable.getColumnModel().getColumn(0).setMaxWidth(35)
self.logTable.getColumnModel().getColumn(1).setMinWidth(100)
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self.initVulnerabilityTab()
self.initProjSettingsTab()
self.initTabs()
self.initCallbacks()
if self.projPath.getText() != None:
self.loadVulnerabilities(self.projPath.getText())
print "Thank you for installing PT Vulnerabilities Manager v1.0 extension"
print "by Barak Tawily\n\n\n"
print "Disclaimer:\nThis extension might create folders and files in your hardisk which might be declared as sensitive information, make sure you are creating projects under encrypted partition"
return
def initVulnerabilityTab(self):
#
## init vulnerability tab
#
nameLabel = JLabel("Vulnerability Name:")
nameLabel.setBounds(10, 10, 140, 30)
self.addButton = JButton("Add",actionPerformed=self.addVuln)
self.addButton.setBounds(10, 500, 100, 30)
rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln)
rmVulnButton.setBounds(465, 500, 100, 30)
mitigationLabel = JLabel("Mitigation:")
mitigationLabel.setBounds(10, 290, 150, 30)
addSSBtn = JButton("Add SS",actionPerformed=self.addSS)
addSSBtn.setBounds(750, 40, 110, 30)
deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS)
deleteSSBtn.setBounds(750, 75, 110, 30)
piclistLabel = JLabel("Images list:")
piclistLabel.setBounds(580, 10, 140, 30)
self.screenshotsList = DefaultListModel()
self.ssList = JList(self.screenshotsList)
self.ssList.setBounds(580, 40, 150, 250)
self.ssList.addListSelectionListener(ssChangedHandler(self))
self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY))
previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)")
previewPicLabel.setBounds(580, 290, 500, 30)
copyImgMenu = JMenuItem("Copy")
copyImgMenu.addActionListener(copyImg(self))
self.imgMenu = JPopupMenu("Popup")
self.imgMenu.add(copyImgMenu)
self.firstPic = JLabel()
self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY))
self.firstPic.setBounds(580, 320, 550, 400)
self.firstPic.addMouseListener(imageClicked(self))
self.vulnName = JTextField("")
self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self))
self.vulnName.setBounds(140, 10, 422, 30)
sevirities = ["Unclassified", "Critical","High","Medium","Low"]
self.threatLevel = JComboBox(sevirities);
self.threatLevel.setBounds(140, 45, 140, 30)
colors = ["Color:", "Green", "Red"]
self.colorCombo = JComboBox(colors);
self.colorCombo.setBounds(465, 45, 100, 30)
self.colorCombo
severityLabel = JLabel("Threat Level:")
severityLabel.setBounds(10, 45, 100, 30)
descriptionLabel = JLabel("Description:")
descriptionLabel.setBounds(10, 80, 100, 30)
self.descriptionString = JTextArea("", 5, 30)
self.descriptionString.setWrapStyleWord(True);
self.descriptionString.setLineWrap(True)
self.descriptionString.setBounds(10, 110, 555, 175)
descriptionStringScroll = JScrollPane(self.descriptionString)
descriptionStringScroll.setBounds(10, 110, 555, 175)
descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.mitigationStr = JTextArea("", 5, 30)
self.mitigationStr.setWrapStyleWord(True);
self.mitigationStr.setLineWrap(True)
self.mitigationStr.setBounds(10, 320, 555, 175)
mitigationStrScroll = JScrollPane(self.mitigationStr)
mitigationStrScroll.setBounds(10, 320, 555, 175)
mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(addSSBtn)
self.pnl.add(piclistLabel)
self.pnl.add(nameLabel)
self.pnl.add(deleteSSBtn)
self.pnl.add(rmVulnButton)
self.pnl.add(severityLabel)
self.pnl.add(mitigationLabel)
self.pnl.add(descriptionLabel)
self.pnl.add(previewPicLabel)
self.pnl.add(mitigationStrScroll)
self.pnl.add(descriptionStringScroll)
self.pnl.add(self.ssList)
self.pnl.add(self.firstPic)
self.pnl.add(self.addButton)
self.pnl.add(self.vulnName)
self.pnl.add(self.threatLevel)
self.pnl.add(self.colorCombo)
def initProjSettingsTab(self):
# init project settings
projNameLabel = JLabel("Name:")
projNameLabel.setBounds(10, 50, 140, 30)
self.projName = JTextField("")
self.projName.setBounds(140, 50, 320, 30)
self.projName.getDocument().addDocumentListener(projTextChanged(self))
detailsLabel = JLabel("Details:")
detailsLabel.setBounds(10, 120, 140, 30)
reportLabel = JLabel("Generate Report:")
reportLabel.setBounds(10, 375, 140, 30)
types = ["DOCX","HTML","XLSX"]
self.reportType = JComboBox(types)
self.reportType.setBounds(10, 400, 140, 30)
generateReportButton = JButton("Generate", actionPerformed=self.generateReport)
generateReportButton.setBounds(160, 400, 90, 30)
self.projDetails = JTextArea("", 5, 30)
self.projDetails.setWrapStyleWord(True);
self.projDetails.setLineWrap(True)
projDetailsScroll = JScrollPane(self.projDetails)
projDetailsScroll.setBounds(10, 150, 450, 175)
projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
projPathLabel = JLabel("Path:")
projPathLabel.setBounds(10, 90, 140, 30)
self.projPath = JTextField("")
self.projPath.setBounds(140, 90, 320, 30)
chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath)
chooseProjPathButton.setBounds(470, 90, 100, 30)
importProjButton = JButton("Import",actionPerformed=self.importProj)
importProjButton.setBounds(470, 10, 100, 30)
exportProjButton = JButton("Export",actionPerformed=self.exportProj)
exportProjButton.setBounds(575, 10, 100, 30)
openProjButton = JButton("Open Directory",actionPerformed=self.openProj)
openProjButton.setBounds(680, 10, 130, 30)
currentProjectLabel = JLabel("Current:")
currentProjectLabel.setBounds(10, 10, 140, 30)
projects = self.config.options('projects')
self.currentProject = JComboBox(projects)
self.currentProject.addActionListener(projectChangeHandler(self))
self.currentProject.setBounds(140, 10, 140, 30)
self.autoSave = JCheckBox("Auto Save Mode")
self.autoSave.setEnabled(False) # implement this feature
self.autoSave.setBounds(300, 10, 140, 30)
self.autoSave.setToolTipText("Will save any changed value while focus is out")
addProjButton = JButton("Add / Update",actionPerformed=self.addProj)
addProjButton.setBounds(10, 330, 150, 30)
removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj)
removeProjButton.setBounds(315, 330, 146, 30)
generalOptions = self.config.options('general')
if 'default project' in generalOptions:
defaultProj = self.config.get('general','default project')
self.currentProject.getModel().setSelectedItem(defaultProj)
self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem()))
self.clearProjTab = True
self.projectSettings = JPanel()
self.projectSettings.setBounds(0, 0, 1000, 1000)
self.projectSettings.setLayout(None)
self.projectSettings.add(reportLabel)
self.projectSettings.add(detailsLabel)
self.projectSettings.add(projPathLabel)
self.projectSettings.add(addProjButton)
self.projectSettings.add(openProjButton)
self.projectSettings.add(projNameLabel)
self.projectSettings.add(projDetailsScroll)
self.projectSettings.add(importProjButton)
self.projectSettings.add(exportProjButton)
self.projectSettings.add(removeProjButton)
self.projectSettings.add(generateReportButton)
self.projectSettings.add(chooseProjPathButton)
self.projectSettings.add(currentProjectLabel)
self.projectSettings.add(self.projPath)
self.projectSettings.add(self.autoSave)
self.projectSettings.add(self.projName)
self.projectSettings.add(self.reportType)
self.projectSettings.add(self.currentProject)
def initTabs(self):
#
## init autorize tabs
#
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
colorsMenu = JMenu("Paint")
redMenu = JMenuItem("Red")
noneMenu = JMenuItem("None")
greenMenu = JMenuItem("Green")
redMenu.addActionListener(paintChange(self, "Red"))
noneMenu.addActionListener(paintChange(self, None))
greenMenu.addActionListener(paintChange(self, "Green"))
colorsMenu.add(redMenu)
colorsMenu.add(noneMenu)
colorsMenu.add(greenMenu)
self.menu = JPopupMenu("Popup")
self.menu.add(colorsMenu)
self.tabs = JTabbedPane()
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Vulnerability", self.pnl)
self.tabs.addTab("Project Settings", self.projectSettings)
self.tabs.setSelectedIndex(2)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
def loadVulnerabilities(self, projPath):
self.clearList(None)
selected = False
for root, dirs, files in os.walk(projPath): # make it go only for dirs
for dirName in dirs:
xmlPath = projPath+"/"+dirName+"/vulnerability.xml"
# xmlPath = xmlPath.replace("/","//")
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
vulnName = nodeList.item(0).getTextContent()
severity = nodeList.item(1).getTextContent()
description = nodeList.item(2).getTextContent()
mitigation = nodeList.item(3).getTextContent()
color = nodeList.item(4).getTextContent()
test = vulnerability(vulnName,severity,description,mitigation,color)
self._lock.acquire()
row = self._log.size()
self._log.add(test)
self.fireTableRowsInserted(row, row)
self._lock.release()
if vulnName == self.vulnName.getText():
self.logTable.setRowSelectionInterval(row,row)
selected = True
if selected == False and self._log.size() > 0:
self.logTable.setRowSelectionInterval(0, 0)
self.loadVulnerability(self._log.get(0))
def createSection(self, sectioName):
self.config.read('config.ini')
if not (sectioName in self.config.sections()):
self.config.add_section(sectioName)
cfgfile = open("config.ini",'w')
self.config.write(cfgfile)
cfgfile.close()
def saveCfg(self):
f = open('config.ini', 'w')
self.config.write(f)
f.close()
def getXMLDoc(self, xmlPath):
try:
document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlPath)
return document
except:
self._extender.popup("XML file not found")
return
def saveXMLDoc(self, doc, xmlPath):
transformerFactory = TransformerFactory.newInstance()
transformer = transformerFactory.newTransformer()
source = DOMSource(doc)
result = StreamResult(File(xmlPath))
transformer.transform(source, result)
def generateReport(self,event):
if self.reportType.getSelectedItem() == "HTML":
path = self.reportToHTML()
if self.reportType.getSelectedItem() == "XLSX":
path = self.reportToXLS()
if self.reportType.getSelectedItem() == "DOCX":
path = self.generateReportFromDocxTemplate('template.docx',"newfile.docx", 'word/document.xml')
n = JOptionPane.showConfirmDialog(None, "Report generated successfuly:\n%s\nWould you like to open it?" % (path), "PT Manager", JOptionPane.YES_NO_OPTION)
if n == JOptionPane.YES_OPTION:
os.system('"' + path + '"') # Bug! stucking burp until the file get closed
def exportProj(self,event):
self.chooser.setDialogTitle("Save project")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showSaveDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
dst = str(self.chooser.getSelectedFile())
shutil.make_archive(dst,"zip",self.getCurrentProjPath())
self.popup("Project export successfuly")
def importProj(self,event):
self.chooser.setDialogTitle("Select project zip to directory")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
zipPath = str(self.chooser.getSelectedFile())
self.chooser.setDialogTitle("Select project directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
with zipfile.ZipFile(zipPath, "r") as z:
z.extractall(projPath)
xmlPath = projPath + "/project.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
projName = nodeList.item(0).getTextContent()
nodeList.item(1).setTextContent(projPath)
self.saveXMLDoc(document, xmlPath)
self.config.set('projects', projName, projPath)
self.saveCfg()
self.reloadProjects()
self.currentProject.getModel().setSelectedItem(projName)
self.clearVulnerabilityTab()
def reportToXLS(self):
if not xlsxwriterImported:
self.popup("xlsxwriter library is not imported")
return
workbook = xlsxwriter.Workbook(self.getCurrentProjPath() + '/PT Manager Report.xlsx')
worksheet = workbook.add_worksheet()
bold = workbook.add_format({'bold': True})
worksheet.write(0, 0, "Vulnerability Name", bold)
worksheet.write(0, 1, "Threat Level", bold)
worksheet.write(0, 2, "Description", bold)
worksheet.write(0, 3, "Mitigation", bold)
row = 1
for i in range(0,self._log.size()):
worksheet.write(row, 0, self._log.get(i).getName())
worksheet.write(row, 1, self._log.get(i).getSeverity())
worksheet.write(row, 2, self._log.get(i).getDescription())
worksheet.write(row, 3, self._log.get(i).getMitigation())
row = row + 1
# add requests and images as well
workbook.close()
return self.getCurrentProjPath() + '/PT Manager Report.xlsx'
def reportToHTML(self):
htmlContent = """<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="he" dir="ltr">
<head>
<title>PT Manager Report</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style>
body {
background-repeat: no-repeat;
background-attachment: fixed;
font-family: Arial,Tahoma,sens-serif;
font-size: 13px;
margin: auto;
}
#warpcenter {
width: 900px;
margin: 0px auto;
}
table {
border: 2px dashed #000000;
}
td {
border-top: 2px dashed #000000;
padding: 10px;
}
img {
border: 0px;
}
</style>
<script language="javascript">
function divHideShow(divToHideOrShow)
{
var div = document.getElementById(divToHideOrShow);
if (div.style.display == "block")
{
div.style.display = "none";
}
else
{
div.style.display = "block";
}
}
</script>
</head>
<body>
<div id="warpcenter">
<h1> PT Manager Report </h1>
<h2> Project: %s</h1>
""" % (self.projName.getText())
for i in range(0,self._log.size()):
name = self._log.get(i).getName()
request = "None"
response = "None"
path = self.getVulnReqResPath("request",name)
if os.path.exists(path):
request = self.newlineToBR(self.getFileContent(path))
path = self.getVulnReqResPath("response",name)
if os.path.exists(path):
response = self.newlineToBR(self.getFileContent(path))
images = ""
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(name)):
if fileName.endswith(".jpg"):
images += "%s<br><img src=\"%s\"><br><br>" % (fileName, self.projPath.getText()+"/"+self.clearStr(name) + "/" + fileName)
description = self.newlineToBR(self._log.get(i).getDescription())
mitigation = self.newlineToBR(self._log.get(i).getMitigation())
htmlContent += self.convertVulntoTable(i,name,self._log.get(i).getSeverity(), description,mitigation, request, response, images)
htmlContent += "</div></body></html>"
f = open(self.getCurrentProjPath() + '/PT Manager Report.html', 'w')
f.writelines(htmlContent)
f.close()
return self.getCurrentProjPath() + '/PT Manager Report.html'
def newlineToBR(self,string):
return "<br />".join(string.split("\n"))
def getFileContent(self,path):
f = open(path, "rb")
content = f.read()
f.close()
return content
def convertVulntoTable(self, number, name, severity, description, mitigation, request = "None", response = "None", images = "None"):
return """<div style="width: 100%%;height: 30px;text-align: center;background-color:#E0E0E0;font-size: 17px;font-weight: bold;color: #000;padding-top: 10px;">%s <a href="javascript:divHideShow('Table_%s');" style="color:#191970">(OPEN / CLOSE)</a></div>
<div id="Table_%s" style="display: none;">
<table width="100%%" cellspacing="0" cellpadding="0" style="margin: 0px auto;text-align: left;border-top: 0px;">
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Threat Level: </span>
<span style="color:#8b8989">%s</span>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Description</span>
<a href="javascript:divHideShow('Table_%s_Command_03');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_03" style="display: none;margin-top: 25px;">
%s
</div>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Mitigration</span>
<a href="javascript:divHideShow('Table_%s_Command_04');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_04" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Request</span>
<a href="javascript:divHideShow('Table_%s_Command_05');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_05" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Response</span>
<a href="javascript:divHideShow('Table_%s_Command_06');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_06" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Images</span>
<a href="javascript:divHideShow('Table_%s_Command_07');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_07" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
</table>
</div><br><br>""" % (name,number,number,severity,number,number,description,number,number,mitigation,number,number,request,number,number,response,number,number,images)
def clearVulnerabilityTab(self, rmVuln=True):
if rmVuln:
self.vulnName.setText("")
self.descriptionString.setText("")
self.mitigationStr.setText("")
self.colorCombo.setSelectedIndex(0)
self.threatLevel.setSelectedIndex(0)
self.screenshotsList.clear()
self.addButton.setText("Add")
self.firstPic.setIcon(None)
def saveRequestResponse(self, type, requestResponse, vulnName):
path = self.getVulnReqResPath(type,vulnName)
f = open(path, 'wb')
f.write(requestResponse)
f.close()
def openProj(self, event):
os.system('explorer ' + self.projPath.getText())
def getVulnReqResPath(self, requestOrResponse, vulnName):
return self.getCurrentProjPath() + "/" + self.clearStr(vulnName) + "/"+requestOrResponse+"_" + self.clearStr(vulnName)
def htmlEscape(self,data):
return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')
def generateReportFromDocxTemplate(self, zipname, newZipName, filename):
newZipName = self.getCurrentProjPath() + "/" + newZipName
with zipfile.ZipFile(zipname, 'r') as zin:
with zipfile.ZipFile(newZipName, 'w') as zout:
zout.comment = zin.comment
for item in zin.infolist():
if item.filename != filename:
zout.writestr(item, zin.read(item.filename))
else:
xml_content = zin.read(item.filename)
result = re.findall("(.*)<w:body>(?:.*)<\/w:body>(.*)",xml_content)[0]
newXML = result[0]
templateBody = re.findall("<w:body>(.*)<\/w:body>", xml_content)[0]
newBody = ""
for i in range(0,self._log.size()):
tmp = templateBody
tmp = tmp.replace("$vulnerability", self.htmlEscape(self._log.get(i).getName()))
tmp = tmp.replace("$severity", self.htmlEscape(self._log.get(i).getSeverity()))
tmp = tmp.replace("$description", self.htmlEscape(self._log.get(i).getDescription()))
tmp = tmp.replace("$mitigation", self.htmlEscape(self._log.get(i).getMitigation()))
newBody = newBody + tmp
newXML = newXML + newBody
newXML = newXML + result[1]
with zipfile.ZipFile(newZipName, mode='a', compression=zipfile.ZIP_DEFLATED) as zf:
zf.writestr(filename, newXML)
return newZipName
def chooseProjPath(self, event):
self.chooser.setDialogTitle("Select target directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
os.makedirs(projPath)
self.projPath.setText(projPath)
def reloadProjects(self):
self.currentProject.setModel(DefaultComboBoxModel(self.config.options('projects')))
def rmProj(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.projPath.getText())
self.config.remove_option('projects',self.currentProject.getSelectedItem())
self.reloadProjects()
self.currentProject.setSelectedIndex(0)
self.loadVulnerabilities(self.projPath.getText())
def popup(self,msg):
JOptionPane.showMessageDialog(None,msg)
def addProj(self, event):
projPath = self.projPath.getText()
if projPath == None or projPath == "":
self.popup("Please select path")
return
self.config.set('projects', self.projName.getText(), projPath)
self.saveCfg()
xml = ET.Element('project')
name = ET.SubElement(xml, "name")
path = ET.SubElement(xml, "path")
details = ET.SubElement(xml, "details")
autoSaveMode = ET.SubElement(xml, "autoSaveMode")
name.text = self.projName.getText()
path.text = projPath
details.text = self.projDetails.getText()
autoSaveMode.text = str(self.autoSave.isSelected())
tree = ET.ElementTree(xml)
try:
tree.write(self.getCurrentProjPath()+'/project.xml')
except:
self.popup("Invalid path")
return
self.reloadProjects()
self.clearVulnerabilityTab()
self.clearList(None)
self.currentProject.getModel().setSelectedItem(self.projName.getText())
def resize(self, image, width, height):
bi = BufferedImage(width, height, BufferedImage.TRANSLUCENT)
g2d = bi.createGraphics()
g2d.addRenderingHints(RenderingHints(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY))
g2d.drawImage(image, 0, 0, width, height, None)
g2d.dispose()
return bi;
def clearStr(self, var):
return var.replace(" " , "_").replace("\\" , "").replace("/" , "").replace(":" , "").replace("*" , "").replace("?" , "").replace("\"" , "").replace("<" , "").replace(">" , "").replace("|" , "").replace("(" , "").replace(")" , "")
def popUpAreYouSure(self):
dialogResult = JOptionPane.showConfirmDialog(None,"Are you sure?","Warning",JOptionPane.YES_NO_OPTION)
if dialogResult == 0:
return 0
return 1
def removeSS(self,event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
os.remove(self.getCurrentVulnPath() + "/" + self.ssList.getSelectedValue())
self.ssList.getModel().remove(self.ssList.getSelectedIndex())
self.firstPic.setIcon(ImageIcon(None))
# check if there is images and select the first one
# bug in linux
def addSS(self,event):
clipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
try:
image = clipboard.getData(DataFlavor.imageFlavor)
except:
self.popup("Clipboard not contains image")
return
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
name = self.clearStr(self.vulnName.getText()) + str(random.randint(1, 99999))+".jpg"
fileName = self.projPath.getText()+"/"+ self.clearStr(self.vulnName.getText()) + "/" + name
file = File(fileName)
bufferedImage = BufferedImage(image.getWidth(None), image.getHeight(None), BufferedImage.TYPE_INT_RGB);
g = bufferedImage.createGraphics();
g.drawImage(image, 0, 0, bufferedImage.getWidth(), bufferedImage.getHeight(), Color.WHITE, None);
ImageIO.write(bufferedImage, "jpg", file)
self.addVuln(self)
self.ssList.setSelectedValue(name,True)
def rmVuln(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.getCurrentVulnPath())
self.clearVulnerabilityTab()
self.loadVulnerabilities(self.getCurrentProjPath())
def addVuln(self, event):
if self.colorCombo.getSelectedItem() == "Color:":
colorTxt = None
else:
colorTxt = self.colorCombo.getSelectedItem()
self._lock.acquire()
row = self._log.size()
vulnObject = vulnerability(self.vulnName.getText(),self.threatLevel.getSelectedItem(),self.descriptionString.getText(),self.mitigationStr.getText() ,colorTxt)
self._log.add(vulnObject)
self.fireTableRowsInserted(row, row)
self._lock.release()
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
xml = ET.Element('vulnerability')
name = ET.SubElement(xml, "name")
severity = ET.SubElement(xml, "severity")
description = ET.SubElement(xml, "description")
mitigation = ET.SubElement(xml, "mitigation")
color = ET.SubElement(xml, "color")
name.text = self.vulnName.getText()
severity.text = self.threatLevel.getSelectedItem()
description.text = self.descriptionString.getText()
mitigation.text = self.mitigationStr.getText()
color.text = colorTxt
tree = ET.ElementTree(xml)
tree.write(vulnPath+'/vulnerability.xml')
self.loadVulnerabilities(self.getCurrentProjPath())
self.loadVulnerability(vulnObject)
def vulnNameChanged(self):
if os.path.exists(self.getCurrentVulnPath()) and self.vulnName.getText() != "":
self.addButton.setText("Update")
elif self.addButton.getText() != "Add":
options = ["Create a new vulnerability", "Change current vulnerability name"]
n = JOptionPane.showOptionDialog(None,
"Would you like to?",
"Vulnerability Name",
JOptionPane.YES_NO_CANCEL_OPTION,
JOptionPane.QUESTION_MESSAGE,
None,
options,
options[0]);
if n == 0:
self.clearVulnerabilityTab(False)
self.addButton.setText("Add")
else:
newName = JOptionPane.showInputDialog(
None,
"Enter new name:",
"Vulnerability Name",
JOptionPane.PLAIN_MESSAGE,
None,
None,
self.vulnName.getText())
row = self.logTable.getSelectedRow()
old = self.logTable.getValueAt(row,1)
self.changeVulnName(newName,old)
def changeVulnName(self,new,old):
newpath = self.getCurrentProjPath() + "/" + new
oldpath = self.getCurrentProjPath() + "/" + old
os.rename(oldpath,newpath)
self.changeCurrentVuln(new,0, newpath + "/vulnerability.xml")
def getCurrentVulnPath(self):
return self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
def getCurrentProjPath(self):
return self.projPath.getText()
def loadSS(self, imgPath):
image = ImageIO.read(File(imgPath))
if image.getWidth() <= 550 and image.getHeight() <= 400:
self.firstPic.setIcon(ImageIcon(image))
self.firstPic.setSize(image.getWidth(),image.getHeight())
else:
self.firstPic.setIcon(ImageIcon(self.resize(image,550, 400)))
self.firstPic.setSize(550,400)
def clearProjectTab(self):
self.projPath.setText("")
self.projDetails.setText("")
def clearList(self, event):
self._lock.acquire()
self._log = ArrayList()
row = self._log.size()
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send to PT Manager");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
ret.add(requestMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "PT Manager"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Vulnerability Name"
if columnIndex == 2:
return "Threat Level"
return ""
def getValueAt(self, rowIndex, columnIndex):
vulnObject = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return vulnObject.getName()
if columnIndex == 2:
return vulnObject.getSeverity()
if columnIndex == 3:
return vulnObject.getMitigation()
if columnIndex == 4:
return vulnObject.getColor()
return ""
def changeCurrentVuln(self,value,fieldNumber, xmlPath = "def"):
if xmlPath == "def":
xmlPath = self.getCurrentVulnPath() + "/vulnerability.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
nodeList.item(fieldNumber).setTextContent(value)
self.saveXMLDoc(document, xmlPath)
self.loadVulnerabilities(self.getCurrentProjPath())
def loadVulnerability(self, vulnObject):
self.addButton.setText("Update")
self.vulnName.setText(vulnObject.getName())
self.threatLevel.setSelectedItem(vulnObject.getSeverity())
self.descriptionString.setText(vulnObject.getDescription())
self.mitigationStr.setText(vulnObject.getMitigation())
if vulnObject.getColor() == "" or vulnObject.getColor() == None:
self.colorCombo.setSelectedItem("Color:")
else:
self.colorCombo.setSelectedItem(vulnObject.getColor())
self.screenshotsList.clear()
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())):
if fileName.endswith(".jpg"):
self.screenshotsList.addElement(fileName)
imgPath = self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())+'/'+fileName
# imgPath = imgPath.replace("/","//")
self.loadSS(imgPath)
if (self.screenshotsList.getSize() == 0):
self.firstPic.setIcon(None)
else:
self.ssList.setSelectedIndex(0)
path = self.getVulnReqResPath("request",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._requestViewer.setMessage(f, False)
else:
self._requestViewer.setMessage("None", False)
path = self.getVulnReqResPath("response",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._responseViewer.setMessage(f, False)
else:
self._responseViewer.setMessage("None", False)
