def defineCheckBox(self, caption, selected=True, enabled=True):
checkBox = JCheckBox(caption)
checkBox.setSelected(selected)
checkBox.setEnabled(enabled)
return checkBox
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# smart xss feature (print conclusion and observation)
# mark resulsts
# add automatic check pages in the same domain
self.tagPayloads = [
"<b>test", "<b onmouseover=test()>test",
"<img src=err onerror=test()>", "<script>test</script>"
"", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>",
"<scri<script>pt>test;</scr</script>ipt>",
"<SCRI<script>PT>test;</SCR</script>IPT>",
"<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>",
"<IMG \"\"\"><SCRIPT>test</SCRIPT>\">",
"<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>",
"<IFRAME SRC='f' onerror=\"test\"></IFRAME>",
"<IFRAME SRC='f' onerror='test'></IFRAME>",
"<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">",
"<img src='1' onerror='test'",
"<STYLE TYPE=\"text/javascript\">test;</STYLE>",
"<<SCRIPT>test//<</SCRIPT>"
]
self.attributePayloads = [
"\"\"\"><SCRIPT>test", "'''><SCRIPT>test'",
"\"><script>test</script>", "\"><script>test</script><\"",
"'><script>test</script>", "'><script>test</script><'",
"\";test;\"", "';test;'", ";test;", "\";test;//",
"\"onmouseover=test ", "onerror=\"test\"", "onerror='test'",
"onload=\"test\"", "onload='test'"
]
self.xssKey = 'xssme'
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("XSSor")
self.affectedResponses = ArrayList()
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
clearAPListBtn = JButton("Clear List",
actionPerformed=self.clearAPList)
clearAPListBtn.setBounds(10, 85, 120, 30)
apListLabel = JLabel('Affected Pages List:')
apListLabel.setBounds(10, 10, 140, 30)
self.affectedModel = DefaultListModel()
self.affectedList = JList(self.affectedModel)
self.affectedList.addListSelectionListener(listSelectedChange(self))
scrollAList = JScrollPane(self.affectedList)
scrollAList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollAList.setBounds(150, 10, 550, 200)
scrollAList.setBorder(LineBorder(Color.BLACK))
APtabs = JTabbedPane()
self._requestAPViewer = callbacks.createMessageEditor(self, False)
self._responseAPViewer = callbacks.createMessageEditor(self, False)
APtabs.addTab("Request", self._requestAPViewer.getComponent())
APtabs.addTab("Affeced Page Response",
self._responseAPViewer.getComponent())
APtabs.setBounds(0, 250, 700, 350)
APtabs.setSelectedIndex(1)
self.APpnl = JPanel()
self.APpnl.setBounds(0, 0, 1000, 1000)
self.APpnl.setLayout(None)
self.APpnl.add(scrollAList)
self.APpnl.add(clearAPListBtn)
self.APpnl.add(APtabs)
self.APpnl.add(apListLabel)
tabs.addTab("Affected Pages", self.APpnl)
self.intercept = 0
## init conf panel
startLabel = JLabel("Plugin status:")
startLabel.setBounds(10, 10, 140, 30)
payloadLabel = JLabel("Basic Payload:")
payloadLabel.setBounds(10, 50, 140, 30)
self.basicPayload = "<script>alert(1)</script>"
self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30)
self.basicPayloadTxt.setBounds(120, 50, 305, 30)
self.bruteForceMode = JCheckBox("Brute Force Mode")
self.bruteForceMode.setBounds(120, 80, 300, 30)
self.bruteForceMode.addItemListener(handleBFModeChange(self))
self.tagPayloadsCheck = JCheckBox("Tag paylods")
self.tagPayloadsCheck.setBounds(120, 100, 300, 30)
self.tagPayloadsCheck.setSelected(True)
self.tagPayloadsCheck.setEnabled(False)
self.tagPayloadsCheck.addItemListener(handleBFModeList(self))
self.attributePayloadsCheck = JCheckBox("Attribute payloads")
self.attributePayloadsCheck.setBounds(260, 100, 300, 30)
self.attributePayloadsCheck.setSelected(True)
self.attributePayloadsCheck.setEnabled(False)
self.attributePayloadsCheck.addItemListener(handleBFModeList(self))
payloadListLabel = JLabel("Payloads list (for BF mode):")
payloadListLabel.setBounds(10, 130, 140, 30)
self.payloadsModel = DefaultListModel()
self.payloadsList = JList(self.payloadsModel)
scrollPayloadsList = JScrollPane(self.payloadsList)
scrollPayloadsList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollPayloadsList.setBounds(120, 170, 300, 200)
scrollPayloadsList.setBorder(LineBorder(
Color.BLACK)) # add buttons to remove payloads and add
for payload in self.tagPayloads:
self.payloadsModel.addElement(payload)
for payload in self.attributePayloads:
self.payloadsModel.addElement(payload)
self.startButton = JButton("XSSor is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(120, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
consoleTab = JTabbedPane()
self.consoleLog = JTextArea("", 5, 30)
scrollLog = JScrollPane(self.consoleLog)
scrollLog.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollLog.setBounds(120, 170, 550, 200)
scrollLog.setBorder(LineBorder(Color.BLACK))
scrollLog.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
consoleTab.addTab("Console", scrollLog)
consoleTab.setBounds(0, 400, 500, 200)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(startLabel)
self.pnl.add(payloadLabel)
self.pnl.add(self.basicPayloadTxt)
self.pnl.add(self.bruteForceMode)
self.pnl.add(payloadListLabel)
self.pnl.add(scrollPayloadsList)
self.pnl.add(self.attributePayloadsCheck)
self.pnl.add(self.tagPayloadsCheck)
self.pnl.add(consoleTab)
tabs.addTab("Configuration", self.pnl)
tabs.setSelectedIndex(3)
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
print "Thank you for installing XSSor v0.1 extension"
print "Created by Barak Tawily"
print "\nGithub:\nhttps://github.com/Quitten/XSSor"
return
#
# implement ITab
#
def getTabCaption(self):
return "XSSor"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if self.intercept == 1:
if toolFlag == 4:
# only process requests
if not messageIsRequest:
self.checkForKey(messageInfo)
return
def printLog(self, message):
self.consoleLog.setText(self.consoleLog.getText() + '\r\n' + message)
def checkXSS(self, messageInfo, urlStr, requestBody, currentPayload):
self.printLog('trying exploit with the payload: ' + currentPayload)
requestURL = URL(urlStr.replace(self.xssKey, currentPayload))
requestBody = requestBody.replace(self.xssKey,
urllib.pathname2url(currentPayload))
httpService = self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https")
response = self._callbacks.makeHttpRequest(httpService, requestBody)
responseInfo = self._helpers.analyzeResponse(response.getResponse())
analyzedResponse = self._helpers.bytesToString(response.getResponse(
)) # change body offeset + make ui for affeccted pages
responseBody = analyzedResponse.encode('utf-8')
vulnOrNot = 'no'
if currentPayload in responseBody:
self.printLog('payload: ' + currentPayload +
' found to be vulnarble')
vulnOrNot = 'yes'
# mark the payload
if not len(self.affectedResponses) == 0:
for request in self.affectedResponses: # bug in case of no response in messageinfo
self.printLog('checking affeccted page' +
str(request.getUrl()))
requestURL = request.getUrl()
httpService = self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https")
affectedPageResponse = self._callbacks.makeHttpRequest(
httpService, request.getRequest())
analyzedResponse = self._helpers.bytesToString(
affectedPageResponse.getResponse())
responseBody = analyzedResponse.encode('utf-8')
if currentPayload in responseBody:
vulnOrNot = 'yes, affected page'
self.printLog('affeccted page has been found as vulnerable')
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(
self._helpers.analyzeRequest(response).getUrl(),
self._callbacks.saveBuffersToTempFiles(response),
currentPayload, vulnOrNot))
self.fireTableRowsInserted(row, row)
self._lock.release()
def checkForKey(self, messageInfo):
currentPayload = self.tagPayloads[0]
requestInfo = self._helpers.analyzeRequest(messageInfo)
requestHeaders = list(requestInfo.getHeaders())
requestURL = requestInfo.getUrl()
urlStr = str(requestURL)
self.printLog('checking for xss key in URL: ' + urlStr)
requestBody = self._helpers.bytesToString(messageInfo.getRequest())
requestBody = re.sub(
'Referer:.*\n', '', requestBody, flags=re.MULTILINE,
count=1) # workaround avoid xsskey in the referer newHeaders
if self.xssKey in urlStr or self.xssKey in requestBody:
self.printLog('xss key has been found')
if self.bruteForceMode.isSelected():
for i in range(0, self.payloadsModel.getSize()):
payload = self.payloadsModel.getElementAt(i)
self.checkXSS(messageInfo, urlStr, requestBody, payload)
else:
self.checkXSS(messageInfo, urlStr, requestBody,
self.basicPayloadTxt.getText())
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "URL"
if columnIndex == 1:
return "Payload"
if columnIndex == 2:
return "Vulnerable?"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
# return self._callbacks.getToolName(logEntry._tool)
return logEntry._url.toString()
if columnIndex == 1:
return logEntry._payload
if columnIndex == 2:
return logEntry._vulnOrNot
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def startOrStop(self, event):
if self.startButton.getText() == "XSSor is off":
self.startButton.setText("XSSor is on")
self.startButton.setBackground(Color.GREEN)
self.printLog('on, waiting for key word to be found (' +
self.xssKey + ')')
self.intercept = 1
else:
self.startButton.setText("XSSor is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
def clearAPList(self, event):
self.affectedModel.clear()
self.affectedResponses = ArrayList()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
affectedMenuItem = JMenuItem("XSSor: Add affected page")
affectedMenuItem.addActionListener(
handleMenuItems(self, responses[0], "affected"))
ret.add(affectedMenuItem)
return (ret)
return null
def addAfectedPage(self, messageInfo):
self.affectedModel.addElement(
str(self._helpers.analyzeRequest(messageInfo).getUrl()))
self.affectedResponses.add(messageInfo)
class SourceCellRenderer(TreeCellRenderer):
def __init__(self,tree,mapContext):
self.tree = tree
self.mapContext = mapContext
## Group
self.lblFolder = JLabel()
self.lblFolder.setBackground(Color(222,227,233)) #.BLUE.brighter())
self.lblFolder.setOpaque(True)
self.lblFolder.setText("plddddddddddddddddddddddddddddddddddddddddddddddddddddddd")
### Folder
self.pnlFolder = JPanel()
self.pnlFolder.setOpaque(False)
self.pnlFolder.setLayout(FlowLayout(FlowLayout.LEFT))
self.lblGroup = JLabel()
#self.lblGroup.setBackground(Color(222,227,233)) #.BLUE.brighter())
#self.lblGroup.setOpaque(True)
self.lblGroup.setText("plddddddddddddddddddddddddddddddddddddddddddddddddddddddd")
self.lblGroupPreferredSize = self.lblGroup.getPreferredSize()
self.lblGroupIcon = JLabel()
self.pnlFolder.add(self.lblGroupIcon)
self.pnlFolder.add(self.lblGroup)
#self.lblGroup.setBorder(
# BorderFactory.createLineBorder(Color(222,227,233).darker(),1)
#)
#self.lblGroupPreferredSize.setSize(30,200)#self.lblGroupPreferredSize.getHeight()+4, self.lblGroupPreferredSize.getWidth())
### LAYER
self.pnlLayer = JPanel()
self.pnlLayer.setOpaque(False)
#self.pnlLayer.setBorder(EmptyBorder(2,2,2,2))
self.pnlLayer.setLayout(FlowLayout(FlowLayout.LEFT))
self.chkLayerVisibility = JCheckBox()
self.chkLayerVisibility.setOpaque(False)
self.pnlLayer.add(self.chkLayerVisibility)
self.lblLayerIcon = JLabel()
self.lblLayerName = JLabel()
self.pnlLayer.add(self.lblLayerIcon)
self.pnlLayer.add(self.lblLayerName)
#self.tree.setRowHeight(int(self.pnlLayer.getPreferredSize().getHeight())) #+2
self.tree.setRowHeight(int(self.pnlFolder.getPreferredSize().getHeight()))
self.lblUnknown = JLabel()
def getTreeCellRendererComponent(self, tree, value, selected, expanded, leaf, row, hasFocus):
uo = value.getUserObject()
if isinstance(uo, DataFolder):
#self.lblFolder.setText(uo.getName())
text = "[" + str(value.getChildCount()) +"] " + uo.getName()
self.lblFolder.setText(text)
self.lblFolder.setPreferredSize(self.lblGroupPreferredSize)
if uo.getIcon()!=None:
self.lblGroupIcon.setIcon(uo.getIcon())
else:
self.lblGroupIcon.setIcon(getIconByName("librarybrowser-folder")) #icon-folder-open"))
return self.lblFolder
if isinstance(uo, DataGroup):
self.lblGroup.setText(uo.getName())
self.lblGroup.setPreferredSize(self.lblGroupPreferredSize)
if uo.getIcon()!=None:
self.lblGroupIcon.setIcon(uo.getIcon())
else:
#import pdb
#pdb.set_trace()
self.lblGroupIcon.setIcon(getIconByName("librarybrowser-folder")) #icon-folder-open"))
return self.pnlFolder
if isinstance(uo, DataLayer):
layer = uo.getLayer()
self.lblLayerName.setText(layer.getName())
self.lblLayerIcon.setIcon(getIconFromLayer(layer))
self.chkLayerVisibility.setSelected(layer.isVisible())
if layer.isWithinScale(self.mapContext.getScaleView()): # and layer.isVisible():
self.chkLayerVisibility.setEnabled(True)
else:
self.chkLayerVisibility.setEnabled(False)
self.lblLayerName.setForeground(Color.BLACK)
font = self.lblLayerName.getFont()
self.lblLayerName.setForeground(Color.BLACK)
if layer.isEditing():
self.lblLayerName.setForeground(Color.RED)
if layer.isActive() and font.isBold():
pass
elif layer.isActive() and not font.isBold():
newfont = font.deriveFont(Font.BOLD)
self.lblLayerName.setFont(newfont)
else:
newfont = font.deriveFont(Font.PLAIN)
self.lblLayerName.setFont(newfont)
#self.pnlLayer.repaint()
return self.pnlLayer
self.lblUnknown.setText("")
self.lblUnknown.setPreferredSize(Dimension(0,0))
return self.lblUnknown
def _initializeGui(self, callbacks):
tab = JPanel()
jLabel1 = JLabel("Original Hash:")
jLabel2 = JLabel("Original message:")
jLabel3 = JLabel("Message to append:")
jLabel5 = JLabel("Max key length:")
jTextField1 = JTextField("")
jTextField2 = JTextField("")
jTextField3 = JTextField("")
jTextField4 = JTextField("128")
jLabel4 = JLabel("Hashing functions")
jCheckBox1 = JCheckBox("MD4")
jCheckBox2 = JCheckBox("MD5")
jCheckBox3 = JCheckBox("SHA1")
jCheckBox4 = JCheckBox("SHA256")
jCheckBox5 = JCheckBox("SHA512")
jCheckBox1.setEnabled(False)
jCheckBox2.setEnabled(False)
jCheckBox3.setEnabled(False)
jCheckBox4.setEnabled(False)
jCheckBox5.setEnabled(False)
jScrollPane1 = JScrollPane()
jTable1 = JTable()
jButton1 = JButton("Generate", actionPerformed=self.generate_attack)
jButton1.setEnabled(False)
jButton2 = JButton("Copy messages", actionPerformed=self.copy_messages)
jButton3 = JButton("Copy hashes", actionPerformed=self.copy_hashes)
self._tab = tab
self._textfields = {
"original_hash": jTextField1,
"original_msg": jTextField2,
"append_msg": jTextField3,
"max_key_len": jTextField4,
}
self._checkboxes = {
md4: jCheckBox1,
md5: jCheckBox2,
sha1: jCheckBox3,
sha256: jCheckBox4,
sha512: jCheckBox5,
}
self._table = jTable1
self._extensions = {}
self._hashes, self._messages = [], []
# Hash field change event
jTextField1.getDocument().addDocumentListener(HashChangeListener(self._checkboxes, self._textfields['original_hash'], jButton1))
# Table columns
jTable1.setModel(DefaultTableModel([],["#", "Type","New Message", "Hash"]))
jScrollPane1.setViewportView(jTable1)
# Table column width
jTable1.getColumnModel().getColumn(0).setMaxWidth(50)
jTable1.getColumnModel().getColumn(1).setMaxWidth(60)
layout = GroupLayout(tab)
tab.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGap(24, 24, 24)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.TRAILING)
.addComponent(jLabel5)
.addComponent(jLabel1)
.addComponent(jLabel2)
.addComponent(jLabel3))
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING)
.addComponent(jTextField3, GroupLayout.DEFAULT_SIZE, 425, 32767)
.addComponent(jTextField2)
.addComponent(jTextField1)
.addGroup(layout.createSequentialGroup()
.addComponent(jTextField4, GroupLayout.PREFERRED_SIZE, 88, GroupLayout.PREFERRED_SIZE)
.addGap(0, 0, 32767)))
.addGap(30, 30, 30)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(jCheckBox1)
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jCheckBox2)
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jCheckBox3)
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jCheckBox4)
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jCheckBox5))
.addComponent(jLabel4)
.addGroup(layout.createSequentialGroup()
.addComponent(jButton1)
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jButton3)
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jButton2)))
.addGap(167, 167, 167))
.addComponent(jScrollPane1)
)
layout.setVerticalGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGap(26, 26, 26)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(jLabel1)
.addComponent(jTextField1, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)
.addComponent(jLabel4))
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(jTextField2, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)
.addComponent(jLabel2)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(jCheckBox2)
.addComponent(jCheckBox3)
.addComponent(jCheckBox1)
.addComponent(jCheckBox4)
.addComponent(jCheckBox5)))
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(jTextField3, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)
.addComponent(jLabel3))
.addPreferredGap(LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(jLabel5)
.addComponent(jTextField4, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)
.addComponent(jButton2)
.addComponent(jButton3)
.addComponent(jButton1))
.addGap(13, 13, 13)
.addComponent(jScrollPane1, GroupLayout.DEFAULT_SIZE, 971, 32767))
)
callbacks.customizeUiComponent(tab)
callbacks.addSuiteTab(self)
class BurpExtender(IBurpExtender, ISessionHandlingAction,
IExtensionStateListener, IHttpListener, ITab):
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.helpers
self.checkboxEnable = JCheckBox('Enabled')
self.checkboxEnable.setSelected(False)
self.checkboxEnable.setEnabled(True)
self.scriptpane = JTextPane()
self.scriptpane.setFont(Font('Monospaced', Font.PLAIN, 11))
self.scrollpane = JScrollPane()
self.scrollpane.setViewportView(self.scriptpane)
self.tab = JPanel()
layout = GroupLayout(self.tab)
self.tab.setLayout(layout)
layout.setAutoCreateGaps(True)
layout.setAutoCreateContainerGaps(True)
layout.setHorizontalGroup(layout.createParallelGroup().addComponent(
self.checkboxEnable).addComponent(self.scrollpane))
layout.setVerticalGroup(layout.createSequentialGroup().addComponent(
self.checkboxEnable).addComponent(self.scrollpane))
self._code = compile('', '<string>', 'exec')
self._script = ''
script = callbacks.loadExtensionSetting('script')
if script:
script = base64.b64decode(script)
self.scriptpane.document.insertString(
self.scriptpane.document.length, script, SimpleAttributeSet())
self._script = script
try:
self._code = compile(script, '<string>', 'exec')
except Exception as e:
traceback.print_exc(file=self.callbacks.getStderr())
callbacks.setExtensionName("Python Scripter (modified)")
callbacks.registerSessionHandlingAction(self)
callbacks.registerExtensionStateListener(self)
callbacks.registerHttpListener(self)
callbacks.customizeUiComponent(self.getUiComponent())
callbacks.addSuiteTab(self)
self.scriptpane.requestFocus()
return
def getActionName(self):
return 'Send to Python Scripter'
def extensionUnloaded(self):
try:
self.callbacks.saveExtensionSetting('script',
base64.b64encode(self._script))
except Exception:
traceback.print_exc(file=self.callbacks.getStderr())
return
def performAction(self, currentRequest, macroItems):
self.processHttpMessage(self.callbacks.TOOL_MACRO, 1, currentRequest,
macroItems)
return
def processHttpMessage(self,
toolFlag,
messageIsRequest,
messageInfo,
macroItems=[]):
if not self.checkboxEnable.isSelected():
return
try:
globals_ = {}
locals_ = {
'extender': self,
'callbacks': self.callbacks,
'helpers': self.helpers,
'toolFlag': toolFlag,
'messageIsRequest': messageIsRequest,
'messageInfo': messageInfo,
'macroItems': macroItems
}
exec(self.script, globals_, locals_)
except Exception:
traceback.print_exc(file=self.callbacks.getStderr())
return
def getTabCaption(self):
return 'Script'
def getUiComponent(self):
return self.tab
@property
def script(self):
end = self.scriptpane.document.length
_script = self.scriptpane.document.getText(0, end)
if _script == self._script:
return self._code
self._script = _script
self._code = compile(_script, '<string>', 'exec')
return self._code
class CustomCellRenderer(DefaultTreeCellRenderer):
"""Renders the various tree controls (checkbox, tristate checkbox, string values etc.)"""
def __init__(self):
DefaultTreeCellRenderer.__init__(self)
flowLayout = FlowLayout(FlowLayout.LEFT, 0, 0)
self.cbPanel = JPanel(flowLayout)
self.cb = JCheckBox()
self.cb.setBackground(None)
self.cbPanel.add(self.cb)
self.cbLabel = JLabel()
self.cbPanel.add(self.cbLabel)
self.tcbPanel = JPanel(flowLayout)
self.tcb = TristateCheckBox()
self.tcb.setBackground(None)
self.tcbPanel.add(self.tcb)
self.tcbLabel = JLabel()
self.tcbPanel.add(self.tcbLabel)
self.rbPanel = JPanel(flowLayout)
self.rb = JRadioButton()
self.rb.setBackground(None)
self.rbPanel.add(self.rb)
self.rbLabel = JLabel()
self.rbPanel.add(self.rbLabel)
def getTreeCellRendererComponent(self, tree, value, selected, expanded,
leaf, row, hasFocus):
"""Return a swing control appropriate for the node type of the supplied value"""
if isinstance(value, DefaultMutableTreeNode):
nodeData = value.getUserObject()
if isinstance(nodeData, TreeNodeData):
t = nodeData.getNodeType()
isEnabled = nodeData.getVisible() > 0
# Boolean checkbox
if t.isType([NodeType._bool]):
self.cbLabel.setText(nodeData.getText())
self.cb.setEnabled(isEnabled)
self.cbLabel.setEnabled(isEnabled)
if nodeData.getTriValue() == 0:
self.cb.setSelected(False)
else:
self.cb.setSelected(True)
control = self.cbPanel
# Tristate chekcbox
elif t.isType([NodeType._tri]):
control = self.tcbPanel
self.tcbLabel.setText(nodeData.getText())
self.tcb.setEnabled(isEnabled)
self.tcbLabel.setEnabled(isEnabled)
self.tcb.setTriState(nodeData.getTriValue())
# Radio button
elif t.isType([NodeType._radio]):
self.rbLabel.setText(nodeData.getText())
self.rb.setEnabled(isEnabled)
self.rbLabel.setEnabled(isEnabled)
if nodeData.getTriValue() == 0:
self.rb.setSelected(False)
else:
self.rb.setSelected(True)
control = self.rbPanel
# Text field
elif t.isType([NodeType._text]):
control = DefaultTreeCellRenderer.getTreeCellRendererComponent(
self, tree, value, selected, expanded, leaf, row,
hasFocus)
control.setText(nodeData.getText() + ": " +
str(nodeData.getValue()))
# Default tree cell (a node with an icon and a label)
else:
control = DefaultTreeCellRenderer.getTreeCellRendererComponent(
self, tree, value, selected, expanded, leaf, row,
hasFocus)
control.setText(nodeData.getText())
self.setColors(control, nodeData,
selected) # Background color for the tree item
# log.info("getTreeCellRendererComponent", t.getType(), isEnabled, "'" + nodeData.getText() + "'")
control.setEnabled(isEnabled)
return control
# log.info("Warning: getTreeCellRendererComponent() fallthrough", nodeData)
return DefaultTreeCellRenderer.getTreeCellRendererComponent(
self, tree, value, selected, expanded, leaf, row, hasFocus)
def setColors(self, control, data, selected):
"""Set background color fot the tree item."""
if selected:
control.setForeground(self.getTextSelectionColor())
control.setBackground(self.getBackgroundSelectionColor())
else:
control.setForeground(self.getTextNonSelectionColor())
control.setBackground(self.getBackgroundNonSelectionColor())
class FEA_ConfigPanel(JPanel):
numThreads = 8
generateXLS = True
generateCSV = True
doNSLookup = True
doWBLookup = True
cbNSLookup = None
cbGenerateExcel = None
cbGenerateCSV = None
cbWayback = None
def __init__(self):
self.initComponents()
# get previous settings selected by the user
if (ModuleSettings.getConfigSetting("FEA", "doNSLookup") != None) and (
ModuleSettings.getConfigSetting("FEA", "doNSLookup") != ""):
if ModuleSettings.getConfigSetting("FEA", "doNSLookup"):
self.cbNSLookup.setSelected(True)
self.doNSLookup = True
else:
self.cbNSLookup.setSelected(False)
self.doNSLookup = False
if (ModuleSettings.getConfigSetting("FEA", "generateCSV") !=
None) and (ModuleSettings.getConfigSetting(
"FEA", "generateCSV") != ""):
if ModuleSettings.getConfigSetting("FEA", "generateCSV"):
self.cbGenerateCSV.setSelected(True)
self.generateCSV = True
else:
self.cbGenerateCSV.setSelected(False)
self.generateCSV = False
if (ModuleSettings.getConfigSetting("FEA", "generateXLS") !=
None) and (ModuleSettings.getConfigSetting(
"FEA", "generateXLS") != ""):
if ModuleSettings.getConfigSetting("FEA", "generateXLS"):
self.cbGenerateExcel.setSelected(True)
self.generateXLS = True
else:
self.cbGenerateExcel.setSelected(False)
self.generateXLS = False
if (ModuleSettings.getConfigSetting("FEA", "numThreads") != None) and (
ModuleSettings.getConfigSetting("FEA", "numThreads") != ""):
self.numThreads = ModuleSettings.getConfigSetting(
"FEA", "numThreads")
self.numberThreadsSlider.setValue(self.numThreads)
else:
self.numThreads = self.numberThreadsSlider.getValue()
def addStatusLabel(self, msg):
gbc = GridBagConstraints()
gbc.anchor = GridBagConstraints.NORTHWEST
gbc.gridx = 0
gbc.gridy = 7
lab = JLabel(msg)
self.add(lab, gbc)
def getDoNSLookup(self):
return self.doNSLookup
def getGenerateCSV(self):
return self.generateCSV
def getGenerateXLS(self):
return self.generateXLS
def getDoWBLookup(self):
return self.doWBLookup
def getNumThreads(self):
return self.numThreads
def initComponents(self):
self.setLayout(GridBagLayout())
gbc = GridBagConstraints()
gbc.anchor = GridBagConstraints.NORTHWEST
gbc.gridx = 0
gbc.gridy = 0
descriptionLabel = JLabel("FEA - Forensics Email Analysis")
self.add(descriptionLabel, gbc)
gbc.gridy = 1
self.cbNSLookup = JCheckBox(
"Perform DNS Lookup on email domains",
actionPerformed=self.cbNSLookupActionPerformed)
self.cbNSLookup.setSelected(True)
self.add(self.cbNSLookup, gbc)
# TODO: include option to browse for text file with list of emails to exclude from analysis
numberThreadsLabel = JLabel(
"Maximum number of threads for DNS Lookup task: ")
gbc.gridy = 2
self.add(numberThreadsLabel, gbc)
self.numberThreadsSlider = JSlider(
JSlider.HORIZONTAL,
1,
16,
8,
stateChanged=self.sliderActionPerformed)
self.numberThreadsSlider.setMajorTickSpacing(1)
self.numberThreadsSlider.setPaintLabels(True)
self.numberThreadsSlider.setPaintTicks(True)
self.numberThreadsSlider.setSnapToTicks(True)
self.numberThreadsSlider.setToolTipText(
"set maximum number of concurrent threads when performing DNS lookup on email domains"
)
gbc.gridy = 5
gbc.gridwidth = 15
gbc.gridheight = 1
gbc.fill = GridBagConstraints.BOTH
gbc.weightx = 0
gbc.weighty = 0
gbc.anchor = GridBagConstraints.NORTHWEST
gbc.gridy = 3
self.add(self.numberThreadsSlider, gbc)
self.cbGenerateExcel = JCheckBox(
"Generate Excel format report (more detailed)",
actionPerformed=self.cbGenerateExcelActionPerformed)
self.cbGenerateExcel.setSelected(True)
gbc.gridy = 4
self.add(self.cbGenerateExcel, gbc)
self.cbGenerateCSV = JCheckBox(
"Generate CSV format report (plaintext)",
actionPerformed=self.cbGenerateCSVActionPerformed)
self.cbGenerateCSV.setSelected(True)
gbc.gridy = 5
self.add(self.cbGenerateCSV, gbc)
gbc.gridy = 6
self.cbWayback = JCheckBox(
"Perform Wayback Machine Lookup on email domains (WARNING: can be a slow process!)",
actionPerformed=self.cbWaybackActionPerformed)
self.cbWayback.setSelected(True)
self.add(self.cbWayback, gbc)
def cbWaybackActionPerformed(self, event):
source = event.getSource()
if (source.isSelected()):
ModuleSettings.setConfigSetting("FEA", "doWBLookup", "true")
self.doWBLookup = True
else:
ModuleSettings.setConfigSetting("FEA", "doNSLookup", "false")
self.doWBLookup = False
def cbNSLookupActionPerformed(self, event):
source = event.getSource()
if (source.isSelected()):
ModuleSettings.setConfigSetting("FEA", "doNSLookup", "true")
self.doNSLookup = True
self.cbWayback.setEnabled(True)
else:
ModuleSettings.setConfigSetting("FEA", "doNSLookup", "false")
self.doNSLookup = False
self.cbWayback.setSelected(False)
self.cbWayback.setEnabled(False)
self.doWBLookup = False
def cbGenerateExcelActionPerformed(self, event):
source = event.getSource()
if (source.isSelected()):
ModuleSettings.setConfigSetting("FEA", "generateXLS", "true")
self.generateXLS = True
else:
ModuleSettings.setConfigSetting("FEA", "generateXLS", "false")
self.generateXLS = False
def cbGenerateCSVActionPerformed(self, event):
source = event.getSource()
if (source.isSelected()):
ModuleSettings.setConfigSetting("FEA", "generateCSV", "true")
self.generateCSV = True
else:
ModuleSettings.setConfigSetting("FEA", "generateCSV", "false")
self.generateCSV = False
def sliderActionPerformed(self, event):
source = event.getSource()
self.numThreads = source.getValue()
ModuleSettings.setConfigSetting("FEA", "numThreads", self.numThreads)
self.addStatusLabel("number of threads set: " + str(self.numThreads))
class BurpExtender(IBurpExtender, ITab):
def registerExtenderCallbacks(self, callbacks):
print "Loading..."
self._callbacks = callbacks
self._callbacks.setExtensionName('Burp SSL Scanner')
# self._callbacks.registerScannerCheck(self)
# self._callbacks.registerExtensionStateListener(self)
self._helpers = callbacks.getHelpers()
# initialize the main scanning event and thread
self.scanningEvent = Event()
self.scannerThread = None
self.targetURL = None
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._splitpane.setBorder(EmptyBorder(20, 20, 20, 20))
# sub split pane (top)
self._topPanel = JPanel(BorderLayout(10, 10))
self._topPanel.setBorder(EmptyBorder(0, 0, 10, 0))
# Setup Panel : [Target: ] [______________________] [START BUTTON]
self.setupPanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10))
self.setupPanel.add(
JLabel("Target:", SwingConstants.LEFT), BorderLayout.LINE_START)
self.hostField = JTextField('', 50)
self.setupPanel.add(self.hostField)
self.toggleButton = JButton(
'Start scanning', actionPerformed=self.startScan)
self.setupPanel.add(self.toggleButton)
if 'Professional' in callbacks.getBurpVersion()[0] :
self.addToSitemapCheckbox = JCheckBox('Add to sitemap', True)
else :
self.addToSitemapCheckbox = JCheckBox('Add to sitemap (requires Professional version)', False)
self.addToSitemapCheckbox.setEnabled(False)
self.setupPanel.add(self.addToSitemapCheckbox)
self.scanSiteMapHostCheckbox = JCheckBox('Scan sitemap hosts', True)
self.setupPanel.add(self.scanSiteMapHostCheckbox)
self._topPanel.add(self.setupPanel, BorderLayout.PAGE_START)
# Status bar
self.scanStatusPanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10))
self.scanStatusPanel.add(JLabel("Status: ", SwingConstants.LEFT))
self.scanStatusLabel = JLabel("Ready to scan", SwingConstants.LEFT)
self.scanStatusPanel.add(self.scanStatusLabel)
self._topPanel.add(self.scanStatusPanel, BorderLayout.LINE_START)
self._splitpane.setTopComponent(self._topPanel)
# bottom panel
self._bottomPanel = JPanel(BorderLayout(10, 10))
self._bottomPanel.setBorder(EmptyBorder(10, 0, 0, 0))
self.initialText = ('<h1 style="color: red;">Burp SSL Scanner<br />'
'Please note that TLS1.3 is still not supported by this extension.</h1>')
self.currentText = self.initialText
self.textPane = JTextPane()
self.textScrollPane = JScrollPane(self.textPane)
self.textPane.setContentType("text/html")
self.textPane.setText(self.currentText)
self.textPane.setEditable(False)
self._bottomPanel.add(self.textScrollPane, BorderLayout.CENTER)
self.savePanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10))
self.saveButton = JButton('Save to file', actionPerformed=self.saveToFile)
self.saveButton.setEnabled(False)
self.savePanel.add(self.saveButton)
self.clearScannedHostButton = JButton('Clear scanned host', actionPerformed=self.clearScannedHost)
self.savePanel.add(self.clearScannedHostButton)
self.savePanel.add(JLabel("Clear hosts that were scanned by active scan to enable rescanning", SwingConstants.LEFT))
self._bottomPanel.add(self.savePanel, BorderLayout.PAGE_END)
self._splitpane.setBottomComponent(self._bottomPanel)
callbacks.customizeUiComponent(self._splitpane)
callbacks.addSuiteTab(self)
print "SSL Scanner tab loaded"
self.scannerMenu = ScannerMenu(self)
callbacks.registerContextMenuFactory(self.scannerMenu)
print "SSL Scanner custom menu loaded"
self.scannerCheck = ScannerCheck(self, self.scanSiteMapHostCheckbox.isSelected)
callbacks.registerScannerCheck(self.scannerCheck)
print "SSL Scanner check registered"
projectConfig = json.loads(self._callbacks.saveConfigAsJson())
scanAccuracy = projectConfig['scanner']['active_scanning_optimization']['scan_accuracy']
scanSpeed = projectConfig['scanner']['active_scanning_optimization']['scan_speed']
print(scanAccuracy, scanSpeed)
self.scannedHost = []
print 'SSL Scanner loaded'
def startScan(self, ev) :
host = self.hostField.text
self.scanningEvent.set()
if(len(host) == 0):
return
if host.find("://") == -1:
host = "https://" + host
try:
self.targetURL = URL(host)
if(self.targetURL.getPort() == -1):
self.targetURL = URL("https", self.targetURL.getHost(), 443, "/")
self.hostField.setEnabled(False)
self.toggleButton.setEnabled(False)
self.saveButton.setEnabled(False)
self.addToSitemapCheckbox.setEnabled(False)
self.currentText = self.initialText
self.textPane.setText(self.currentText)
self.updateText("<h2>Scanning %s:%d</h2>" % (self.targetURL.getHost(), self.targetURL.getPort()))
print("Scanning %s:%d" % (self.targetURL.getHost(), self.targetURL.getPort()))
self.scannerThread = Thread(target=self.scan, args=(self.targetURL, ))
self.scannerThread.start()
except BaseException as e:
self.saveButton.setEnabled(False)
print(e)
return
def scan(self, url, usingBurpScanner=False):
def setScanStatusLabel(text) :
if not usingBurpScanner :
SwingUtilities.invokeLater(
ScannerRunnable(self.scanStatusLabel.setText,
(text,)))
def updateResultText(text) :
if not usingBurpScanner :
SwingUtilities.invokeLater(
ScannerRunnable(self.updateText, (text, )))
if usingBurpScanner :
res = result.Result(url, self._callbacks, self._helpers, False)
else :
res = result.Result(url, self._callbacks, self._helpers, self.addToSitemapCheckbox.isSelected())
host, port = url.getHost(), url.getPort()
### Get project configuration
projectConfig = json.loads(self._callbacks.saveConfigAsJson())
if 'scanner' in projectConfig:
# scanAccuracy: minimise_false_negatives, normal, minimise_false_positives
scanAccuracy = projectConfig['scanner']['active_scanning_optimization']['scan_accuracy']
# scanSpeed: fast, normal, thorough
scanSpeed = projectConfig['scanner']['active_scanning_optimization']['scan_speed']
else:
scanAccuracy = 'normal'
scanSpeed = 'normal'
updateResultText('<h2>Scanning speed: %s</h2> %s' % (scanSpeed, test_details.SCANNING_SPEED_INFO[scanSpeed]))
updateResultText('<h2>Scanning accuracy: %s</h2> %s' % (scanAccuracy, test_details.SCANNING_ACCURACY_INFO[scanAccuracy]))
try :
setScanStatusLabel("Checking for supported SSL/TLS versions")
con = connection_test.ConnectionTest(res, host, port, scanSpeed, scanAccuracy)
con.start()
conResultText = '<hr /><br /><h3>' + res.printResult('connectable') + '</h3>' + \
'<ul><li>' + res.printResult('offer_ssl2') + '</li>' + \
'<li>' + res.printResult('offer_ssl3') + '</li>' + \
'<li>' + res.printResult('offer_tls10') + '</li>' + \
'<li>' + res.printResult('offer_tls11') + '</li>' + \
'<li>' + res.printResult('offer_tls12') + '</li></ul>'
updateResultText(conResultText)
if not res.getResult('connectable') :
updateResultText("<h2>Scan terminated (Connection failed)</h2>")
raise BaseException('Connection failed')
setScanStatusLabel("Checking for supported cipher suites (This can take a long time)")
supportedCipher = supportedCipher_test.SupportedCipherTest(res, host, port, scanSpeed, scanAccuracy)
supportedCipher.start()
setScanStatusLabel("Checking for Cipherlist")
cipher = cipher_test.CipherTest(res, host, port, scanSpeed, scanAccuracy)
cipher.start()
cipherResultText = '<h3>Available ciphers:</h3>' + \
'<ul><li>' + res.printResult('cipher_NULL') + '</li>' + \
'<li>' + res.printResult('cipher_ANON') + '</li>' + \
'<li>' + res.printResult('cipher_EXP') + '</li>' + \
'<li>' + res.printResult('cipher_LOW') + '</li>' + \
'<li>' + res.printResult('cipher_WEAK') + '</li>' + \
'<li>' + res.printResult('cipher_3DES') + '</li>' + \
'<li>' + res.printResult('cipher_HIGH') + '</li>' + \
'<li>' + res.printResult('cipher_STRONG') + '</li></ul>'
updateResultText(cipherResultText)
setScanStatusLabel("Checking for Heartbleed")
heartbleed = heartbleed_test.HeartbleedTest(res, host, port, scanSpeed, scanAccuracy)
heartbleed.start()
heartbleedResultText = res.printResult('heartbleed')
updateResultText(heartbleedResultText)
setScanStatusLabel("Checking for CCS Injection")
ccs = ccs_test.CCSTest(res, host, port, scanSpeed, scanAccuracy)
ccs.start()
ccsResultText = res.printResult('ccs_injection')
updateResultText(ccsResultText)
setScanStatusLabel("Checking for TLS_FALLBACK_SCSV")
fallback = fallback_test.FallbackTest(res, host, port, scanSpeed, scanAccuracy)
fallback.start()
fallbackResultText = res.printResult('fallback_support')
updateResultText(fallbackResultText)
setScanStatusLabel("Checking for POODLE (SSLv3)")
poodle = poodle_test.PoodleTest(res, host, port, scanSpeed, scanAccuracy)
poodle.start()
poodleResultText = res.printResult('poodle_ssl3')
updateResultText(poodleResultText)
setScanStatusLabel("Checking for SWEET32")
sweet32 = sweet32_test.Sweet32Test(res, host, port, scanSpeed, scanAccuracy)
sweet32.start()
sweet32ResultText = res.printResult('sweet32')
updateResultText(sweet32ResultText)
setScanStatusLabel("Checking for DROWN")
drown = drown_test.DrownTest(res, host, port, scanSpeed, scanAccuracy)
drown.start()
drownResultText = res.printResult('drown')
updateResultText(drownResultText)
setScanStatusLabel("Checking for FREAK")
freak = freak_test.FreakTest(res, host, port, scanSpeed, scanAccuracy)
freak.start()
freakResultText = res.printResult('freak')
updateResultText(freakResultText)
setScanStatusLabel("Checking for LUCKY13")
lucky13 = lucky13_test.Lucky13Test(res, host, port, scanSpeed, scanAccuracy)
lucky13.start()
lucky13ResultText = res.printResult('lucky13')
updateResultText(lucky13ResultText)
setScanStatusLabel("Checking for CRIME")
crime = crime_test.CrimeTest(res, host, port, scanSpeed, scanAccuracy)
crime.start()
crimeResultText = res.printResult('crime_tls')
updateResultText(crimeResultText)
setScanStatusLabel("Checking for BREACH")
breach = breach_test.BreachTest(res, host, port, scanSpeed, scanAccuracy)
breach.start(self._callbacks, self._helpers)
breachResultText = res.printResult('breach')
updateResultText(breachResultText)
setScanStatusLabel("Checking for BEAST")
beast = beast_test.BeastTest(res, host, port, scanSpeed, scanAccuracy)
beast.start()
beastResultText = res.printResult('beast')
updateResultText(beastResultText)
setScanStatusLabel("Checking for LOGJAM")
logjam = logjam_test.LogjamTest(res, host, port, scanSpeed, scanAccuracy)
logjam.start()
logjamResultText = res.printResult('logjam_export') + '<br />' + res.printResult('logjam_common')
updateResultText(logjamResultText)
updateResultText('<h2>Finished scanning</h2><br /><hr /><br /><h2>Summary</h2>')
updateResultText('<h2>Supported ciphers (by Protocol)</h2>')
updateResultText(res.printCipherList())
updateResultText('<h2>Supported ciphers (by Vulnerability)</h2>')
updateResultText(res.printCipherListByVulns())
updateResultText('<h2>Issues found</h2>')
updateResultText(res.printAllIssue())
except BaseException as e :
print(e)
setScanStatusLabel("An error occurred. Please refer to the output/errors tab for more information.")
time.sleep(2)
if usingBurpScanner :
return res.getAllIssue()
else :
self.scanningEvent.clear()
SwingUtilities.invokeLater(
ScannerRunnable(self.toggleButton.setEnabled, (True, ))
)
SwingUtilities.invokeLater(
ScannerRunnable(self.hostField.setEnabled, (True, ))
)
SwingUtilities.invokeLater(
ScannerRunnable(self.saveButton.setEnabled, (True, ))
)
if 'Professional' in self._callbacks.getBurpVersion()[0] :
SwingUtilities.invokeLater(
ScannerRunnable(self.addToSitemapCheckbox.setEnabled, (True, ))
)
setScanStatusLabel("Ready to scan")
print("Finished scanning")
def updateText(self, stringToAppend):
self.currentText += ('<br />' + stringToAppend)
self.textPane.setText(self.currentText)
def saveToFile(self, event):
fileChooser = JFileChooser()
if not (self.targetURL is None):
fileChooser.setSelectedFile(File("Burp_SSL_Scanner_Result_%s.html" \
% (self.targetURL.getHost())))
else:
fileChooser.setSelectedFile(File("Burp_SSL_Scanner_Result.html"))
if (fileChooser.showSaveDialog(self.getUiComponent()) == JFileChooser.APPROVE_OPTION):
fw = FileWriter(fileChooser.getSelectedFile())
fw.write(self.textPane.getText())
fw.flush()
fw.close()
print "Saved results to disk"
def clearScannedHost(self, event) :
self.scannedHost = []
def addHostToScannedList(self, host, port) :
self.scannedHost.append([host, port])
def getTabCaption(self):
return "SSL Scanner"
def getUiComponent(self):
return self._splitpane
def show_detectable_objects_dialog(self, e):
parentComponent = SwingUtilities.windowForComponent(self.panel0)
self.detectable_obejcts_dialog = JDialog(
parentComponent, "List of Objects to Detect",
ModalityType.APPLICATION_MODAL)
panel = JPanel()
self.detectable_obejcts_dialog.add(panel)
gbPanel = GridBagLayout()
gbcPanel = GridBagConstraints()
panel.setLayout(gbPanel)
y = 0
x = 0
for line in self.local_settings.getClassesOfInterest():
if y > 15:
y = 0
x = x + 1
class_check_box = JCheckBox(line['name'])
self.classes_of_interest_checkboxes.append(class_check_box)
class_check_box.setEnabled(True)
class_check_box.setSelected(line['enabled'])
class_check_box.addItemListener(self.on_class_checkbox_clicked)
gbcPanel.gridx = x
gbcPanel.gridy = y
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 1
gbcPanel.weighty = 1
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(class_check_box, gbcPanel)
panel.add(class_check_box)
y = y + 1
blank_1_L = JLabel(" ")
blank_1_L.setEnabled(True)
gbcPanel.gridx = 0
gbcPanel.gridy = y + 1
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 1
gbcPanel.weighty = 0
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(blank_1_L, gbcPanel)
panel.add(blank_1_L)
deselect_all_button = JButton("Deselect all")
deselect_all_button.setEnabled(True)
deselect_all_button.addActionListener(self.on_deselect_all_clicked)
gbcPanel.gridx = 1
gbcPanel.gridy = y + 2
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 2
gbcPanel.weighty = 1
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(deselect_all_button, gbcPanel)
panel.add(deselect_all_button)
select_all_button = JButton("Select all")
select_all_button.setEnabled(True)
select_all_button.addActionListener(self.on_select_all_clicked)
gbcPanel.gridx = 3
gbcPanel.gridy = y + 2
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 2
gbcPanel.weighty = 1
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(select_all_button, gbcPanel)
panel.add(select_all_button)
blank_2_L = JLabel(" ")
blank_2_L.setEnabled(True)
gbcPanel.gridx = 0
gbcPanel.gridy = y + 3
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 1
gbcPanel.weighty = 0
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(blank_2_L, gbcPanel)
panel.add(blank_2_L)
cancel_button = JButton("Cancel")
cancel_button.setEnabled(True)
cancel_button.addActionListener(
self.on_cancel_classes_of_interest_click)
gbcPanel.gridx = 1
gbcPanel.gridy = y + 4
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 2
gbcPanel.weighty = 1
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(cancel_button, gbcPanel)
panel.add(cancel_button)
save_button = JButton("Save")
save_button.setEnabled(True)
save_button.addActionListener(self.on_save_classes_of_interest_click)
gbcPanel.gridx = 3
gbcPanel.gridy = y + 4
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 2
gbcPanel.weighty = 1
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(save_button, gbcPanel)
panel.add(save_button)
blank_3_L = JLabel(" ")
blank_3_L.setEnabled(True)
gbcPanel.gridx = 0
gbcPanel.gridy = y + 5
gbcPanel.gridwidth = 1
gbcPanel.gridheight = 1
gbcPanel.fill = GridBagConstraints.BOTH
gbcPanel.weightx = 1
gbcPanel.weighty = 0
gbcPanel.anchor = GridBagConstraints.NORTH
gbPanel.setConstraints(blank_3_L, gbcPanel)
panel.add(blank_3_L)
self.detectable_obejcts_dialog.pack()
screenSize = Toolkit.getDefaultToolkit().getScreenSize()
self.detectable_obejcts_dialog.setLocation(
int((screenSize.getWidth() / 2) -
(self.detectable_obejcts_dialog.getWidth() / 2)),
int((screenSize.getHeight() / 2) -
(self.detectable_obejcts_dialog.getHeight() / 2)))
self.detectable_obejcts_dialog.setVisible(True)
def __init__(self, instructionsURI=''):
self.instructionsURI = instructionsURI
self.logger = logging.getLogger('sasi_runner_gui')
self.logger.addHandler(logging.StreamHandler())
def log_fn(msg):
self.log_msg(msg)
self.logger.addHandler(FnLogHandler(log_fn))
self.logger.setLevel(logging.DEBUG)
self.selected_input_file = None
self.selected_output_file = None
self.frame = JFrame(
"SASI Runner",
defaultCloseOperation = WindowConstants.EXIT_ON_CLOSE,
)
self.frame.size = (650, 600,)
self.main_panel = JPanel()
self.main_panel.layout = BoxLayout(self.main_panel, BoxLayout.Y_AXIS)
self.frame.add(self.main_panel)
self.top_panel = JPanel(SpringLayout())
self.top_panel.alignmentX = Component.CENTER_ALIGNMENT
self.main_panel.add(self.top_panel)
self.stageCounter = 1
def getStageLabel(txt):
label = JLabel("%s. %s" % (self.stageCounter, txt))
self.stageCounter += 1
return label
# Instructions link.
self.top_panel.add(getStageLabel("Read the instructions:"))
instructionsButton = JButton(
('<HTML><FONT color="#000099">'
'<U>open instructions</U></FONT><HTML>'),
actionPerformed=self.browseInstructions)
instructionsButton.setHorizontalAlignment(SwingConstants.LEFT);
instructionsButton.setBorderPainted(False);
instructionsButton.setOpaque(False);
instructionsButton.setBackground(Color.WHITE);
instructionsButton.setToolTipText(self.instructionsURI);
self.top_panel.add(instructionsButton)
# 'Select input' elements.
self.top_panel.add(getStageLabel(
"Select a SASI .zip file or data folder:"))
self.top_panel.add(
JButton("Select input...", actionPerformed=self.openInputChooser))
# 'Select output' elements.
self.top_panel.add(getStageLabel("Specify an output file:"))
self.top_panel.add(
JButton("Specify output...", actionPerformed=self.openOutputChooser))
# 'Set result fields' elements.
result_fields = [
{'id': 'gear_id', 'label': 'Gear', 'selected': True,
'enabled': False},
{'id': 'substrate_id', 'label': 'Substrate', 'selected': True},
{'id': 'energy_id', 'label': 'Energy', 'selected': False},
{'id': 'feature_id', 'label': 'Feature', 'selected': False},
{'id': 'feature_category_id', 'label': 'Feature Category',
'selected': False}
]
self.selected_result_fields = {}
resolutionLabelPanel = JPanel(GridLayout(0,1))
resolutionLabelPanel.add(getStageLabel("Set result resolution:"))
resolutionLabelPanel.add(
JLabel(("<html><i>This sets the specificity with which<br>"
"results will be grouped. Note that enabling<br>"
"more fields can *greatly* increase resulting<br>"
"output sizes and run times.</i>")))
#self.top_panel.add(getStageLabel("Set result resolution:"))
self.top_panel.add(resolutionLabelPanel)
checkPanel = JPanel(GridLayout(0, 1))
self.top_panel.add(checkPanel)
self.resultFieldCheckBoxes = {}
for result_field in result_fields:
self.selected_result_fields.setdefault(
result_field['id'], result_field['selected'])
checkBox = JCheckBox(
result_field['label'], result_field['selected'])
checkBox.setEnabled(result_field.get('enabled', True))
checkBox.addItemListener(self)
checkPanel.add(checkBox)
self.resultFieldCheckBoxes[checkBox] = result_field
# 'Run' elements.
self.top_panel.add(getStageLabel("Run SASI: (this might take a while)"))
self.run_button = JButton("Run...", actionPerformed=self.runSASI)
self.top_panel.add(self.run_button)
SpringUtilities.makeCompactGrid(
self.top_panel, self.stageCounter - 1, 2, 6, 6, 6, 6)
# Progress bar.
self.progressBar = JProgressBar(0, 100)
self.main_panel.add(self.progressBar)
# Log panel.
self.log_panel = JPanel()
self.log_panel.alignmentX = Component.CENTER_ALIGNMENT
self.log_panel.setBorder(EmptyBorder(10,10,10,10))
self.main_panel.add(self.log_panel)
self.log_panel.setLayout(BorderLayout())
self.log = JTextArea()
self.log.editable = False
self.logScrollPane = JScrollPane(self.log)
self.logScrollPane.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
self.logScrollBar = self.logScrollPane.getVerticalScrollBar()
self.log_panel.add(self.logScrollPane, BorderLayout.CENTER)
# File selectors
self.inputChooser = JFileChooser()
self.inputChooser.fileSelectionMode = JFileChooser.FILES_AND_DIRECTORIES
self.outputChooser = JFileChooser()
defaultOutputFile = os.path.join(System.getProperty("user.home"),
"sasi_project.zip")
self.outputChooser.setSelectedFile(File(defaultOutputFile));
self.outputChooser.fileSelectionMode = JFileChooser.FILES_ONLY
self.frame.setLocationRelativeTo(None)
self.frame.visible = True
def defineCheckBox(self, caption, selected=True, enabled=True):
checkBox = JCheckBox(caption)
checkBox.setSelected(selected)
checkBox.setEnabled(enabled)
return checkBox
class SelectionCellRenderer(TreeCellRenderer):
def __init__(self, tree, mapContext):
self.tree = tree
self.mapContext = mapContext
self.lblGroup = JLabel()
self.lblGroup.setBackground(Color(222, 227, 233)) #.BLUE.brighter())
self.lblGroup.setOpaque(True)
self.lblGroup.setText(
"plddddddddddddddddddddddddddddddddddddddddddddddddddddddd")
self.lblGroupPreferredSize = self.lblGroup.getPreferredSize()
#h = self.lblGroupPreferredSize.getHeight()
#w = self.lblGroupPreferredSize.getWidth()
#self.lblGroupPreferredSize.setSize(h, w)
self.pnlLayer = JPanel()
self.pnlLayer.setOpaque(False)
self.pnlLayer.setLayout(FlowLayout(FlowLayout.LEFT))
self.lblClean = JLabel()
self.chkLayerVisibility = JCheckBox()
self.chkLayerVisibility.setOpaque(False)
self.lblLayerName = JLabel()
self.lblLayerIcon = JLabel()
self.lblFeatureSelecteds = JLabel()
self.pnlLayer.add(self.chkLayerVisibility)
self.pnlLayer.add(self.lblClean)
self.pnlLayer.add(self.lblFeatureSelecteds)
self.pnlLayer.add(self.lblLayerIcon)
self.pnlLayer.add(self.lblLayerName)
self.tree.setRowHeight(
int(self.pnlLayer.getPreferredSize().getHeight()) - 3)
self.lblUnknown = JLabel()
## Feature
self.lblFeatureIcon = JLabel()
self.lblFeatureName = JLabel()
i18n = ToolsLocator.getI18nManager()
self.lblFeatureName.setText(i18n.getTranslation("_Feature"))
self.pnlFeature = JPanel()
self.pnlFeature.setOpaque(False)
self.pnlFeature.setLayout(FlowLayout(FlowLayout.LEFT))
self.pnlFeature.add(self.lblFeatureIcon)
self.pnlFeature.add(self.lblFeatureName)
def getTreeCellRendererComponent(self, tree, value, selected, expanded,
leaf, row, hasFocus):
uo = value.getUserObject()
if isinstance(uo, DataGroup):
text = "[" + str(value.getChildCount()) + "] " + uo.getName()
self.lblGroup.setText(text)
self.lblGroup.setPreferredSize(self.lblGroupPreferredSize)
return self.lblGroup
if isinstance(uo, DataLayer):
layer = uo.getLayer()
self.lblLayerName.setText(uo.getName())
self.lblLayerIcon.setIcon(getIconFromLayer(layer))
if layer.isVisible():
self.lblLayerName.setEnabled(True)
else:
self.lblLayerName.setEnabled(False)
self.lblClean.setIcon(getIconByName("edit-clear"))
self.chkLayerVisibility.setSelected(layer.isVisible())
if layer.isWithinScale(
self.mapContext.getScaleView()): # and layer.isVisible():
self.chkLayerVisibility.setEnabled(True)
else:
self.chkLayerVisibility.setEnabled(False)
if layer.getDataStore() != None and layer.getDataStore(
).getSelection() != None and layer.getDataStore().getSelection(
).getSize() != 0: # and layer.isVisible():
self.lblClean.setEnabled(True)
self.lblFeatureSelecteds.setText(
str(layer.getDataStore().getSelection().getSize()))
self.lblFeatureSelecteds.setEnabled(True)
else:
self.lblClean.setEnabled(False)
self.lblFeatureSelecteds.setText("0")
self.lblFeatureSelecteds.setEnabled(False)
font = self.lblLayerName.getFont()
self.lblLayerName.setForeground(Color.BLACK)
if layer.isEditing():
self.lblLayerName.setForeground(Color.RED)
#if layer.isActive():
if layer.isActive(): # and not font.isBold():
newfont = font.deriveFont(Font.BOLD)
self.lblLayerName.setFont(newfont)
else:
newfont = font.deriveFont(Font.PLAIN)
self.lblLayerName.setFont(newfont)
return self.pnlLayer
if isinstance(uo, FeatureDataLayerNode):
self.lblFeatureName.setText(uo.getFeature().toString())
self.lblFeatureIcon.setIcon(getIconByName("edit-clear"))
return self.pnlFeature
self.lblUnknown.setText("")
self.lblUnknown.setPreferredSize(Dimension(0, 0))
return self.lblUnknown
class FEA_CC_ConfigPanel(JPanel):
generateXLS = True
generateCSV = True
removeFalsePositives = True
cbRemoveFalsePositives = None
cbGenerateExcel = None
cbGenerateCSV = None
def __init__(self):
self.initComponents()
# get previous settings selected by the user
if (ModuleSettings.getConfigSetting("FEA", "removeFalsePositives") != None) and (ModuleSettings.getConfigSetting("FEA","removeFalsePositives") != ""):
if ModuleSettings.getConfigSetting("FEA","removeFalsePositives"):
self.cbRemoveFalsePositives.setSelected(True)
self.removeFalsePositives = True
else:
self.cbRemoveFalsePositives.setSelected(False)
self.removeFalsePositives = False
if (ModuleSettings.getConfigSetting("FEA", "generateCSV") != None) and (ModuleSettings.getConfigSetting("FEA","generateCSV") != ""):
if ModuleSettings.getConfigSetting("FEA","generateCSV"):
self.cbGenerateCSV.setSelected(True)
self.generateCSV = True
else:
self.cbGenerateCSV.setSelected(False)
self.generateCSV = False
if (ModuleSettings.getConfigSetting("FEA", "generateXLS") != None) and (ModuleSettings.getConfigSetting("FEA","generateXLS") != ""):
if ModuleSettings.getConfigSetting("FEA","generateXLS"):
self.cbGenerateExcel.setSelected(True)
self.generateXLS = True
else:
self.cbGenerateExcel.setSelected(False)
self.generateXLS = False
def addStatusLabel(self, msg):
gbc = GridBagConstraints()
gbc.anchor = GridBagConstraints.NORTHWEST
gbc.gridx = 0
gbc.gridy = 7
lab = JLabel(msg)
self.add(lab, gbc)
def getGenerateCSV(self):
return self.generateCSV
def getGenerateXLS(self):
return self.generateXLS
def getRemoveFalsePositives(self):
return self.removeFalsePositives
def initComponents(self):
self.setLayout(GridBagLayout())
gbc = GridBagConstraints()
gbc.anchor = GridBagConstraints.NORTHWEST
gbc.gridx = 0
gbc.gridy = 0
descriptionLabel = JLabel("FEA - Credit Card module")
self.add(descriptionLabel, gbc)
self.cbGenerateExcel = JCheckBox("Generate Excel format report (more detailed)", actionPerformed=self.cbGenerateExcelActionPerformed)
self.cbGenerateExcel.setSelected(True)
gbc.gridy = 2
self.add(self.cbGenerateExcel, gbc)
self.cbGenerateCSV = JCheckBox("Generate CSV format report (plaintext)", actionPerformed=self.cbGenerateCSVActionPerformed)
self.cbGenerateCSV.setSelected(True)
gbc.gridy = 3
self.add(self.cbGenerateCSV, gbc)
self.cbRemoveFalsePositives = JCheckBox("Remove False Positives from Autopsy", actionPerformed=self.cbRemoveFalsePositivesActionPerformed)
self.cbRemoveFalsePositives.setSelected(True)
gbc.gridy = 4
self.cbRemoveFalsePositives.setEnabled(False)
self.add(self.cbRemoveFalsePositives, gbc)
def cbGenerateExcelActionPerformed(self, event):
source = event.getSource()
if(source.isSelected()):
ModuleSettings.setConfigSetting("FEA","generateXLS","true")
self.generateXLS = True
else:
ModuleSettings.setConfigSetting("FEA","generateXLS","false")
self.generateXLS = False
def cbGenerateCSVActionPerformed(self, event):
source = event.getSource()
if(source.isSelected()):
ModuleSettings.setConfigSetting("FEA","generateCSV","true")
self.generateCSV = True
else:
ModuleSettings.setConfigSetting("FEA","generateCSV","false")
self.generateCSV = False
def cbRemoveFalsePositivesActionPerformed(self, event):
source = event.getSource()
if(source.isSelected()):
ModuleSettings.setConfigSetting("FEA","removeFalsePositives","true")
self.removeFalsePositives = True
else:
ModuleSettings.setConfigSetting("FEA","removeFalsePositives","false")
self.removeFalsePositives = False
def _initializeGui(self, callbacks):
tab = JPanel()
jLabel1 = JLabel("Original Hash:")
jLabel2 = JLabel("Original message:")
jLabel3 = JLabel("Message to append:")
jLabel5 = JLabel("Max key length:")
jTextField1 = JTextField("")
jTextField2 = JTextField("")
jTextField3 = JTextField("")
jTextField4 = JTextField("128")
jLabel4 = JLabel("Hashing functions")
jCheckBox1 = JCheckBox("MD4")
jCheckBox2 = JCheckBox("MD5")
jCheckBox3 = JCheckBox("SHA1")
jCheckBox4 = JCheckBox("SHA256")
jCheckBox5 = JCheckBox("SHA512")
jCheckBox1.setEnabled(False)
jCheckBox2.setEnabled(False)
jCheckBox3.setEnabled(False)
jCheckBox4.setEnabled(False)
jCheckBox5.setEnabled(False)
jScrollPane1 = JScrollPane()
jTable1 = JTable()
jButton1 = JButton("Generate", actionPerformed=self.generate_attack)
jButton1.setEnabled(False)
jButton2 = JButton("Copy messages", actionPerformed=self.copy_messages)
jButton3 = JButton("Copy hashes", actionPerformed=self.copy_hashes)
self._tab = tab
self._textfields = {
"original_hash": jTextField1,
"original_msg": jTextField2,
"append_msg": jTextField3,
"max_key_len": jTextField4,
}
self._checkboxes = {
md4: jCheckBox1,
md5: jCheckBox2,
sha1: jCheckBox3,
sha256: jCheckBox4,
sha512: jCheckBox5,
}
self._table = jTable1
self._extensions = {}
self._hashes, self._messages = [], []
# Hash field change event
jTextField1.getDocument().addDocumentListener(
HashChangeListener(self._checkboxes,
self._textfields['original_hash'], jButton1))
# Table columns
jTable1.setModel(
DefaultTableModel([], ["#", "Type", "New Message", "Hash"]))
jScrollPane1.setViewportView(jTable1)
# Table column width
jTable1.getColumnModel().getColumn(0).setMaxWidth(50)
jTable1.getColumnModel().getColumn(1).setMaxWidth(60)
layout = GroupLayout(tab)
tab.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
layout.createSequentialGroup().addGap(24, 24, 24).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.TRAILING).addComponent(jLabel5).
addComponent(jLabel1).addComponent(jLabel2).
addComponent(jLabel3)).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jTextField3, GroupLayout.DEFAULT_SIZE, 425,
32767).addComponent(jTextField2).
addComponent(jTextField1).addGroup(
layout.createSequentialGroup().addComponent(
jTextField4, GroupLayout.PREFERRED_SIZE,
88, GroupLayout.PREFERRED_SIZE).addGap(
0, 0, 32767))).addGap(30, 30, 30).
addGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING).
addGroup(layout.createSequentialGroup(
).addComponent(jCheckBox1).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(jCheckBox2).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(jCheckBox3).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(jCheckBox4).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
jCheckBox5)).addComponent(jLabel4).addGroup(
layout.createSequentialGroup().addComponent(
jButton1).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(jButton3).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(jButton2))).addGap(
167, 167,
167)).addComponent(jScrollPane1))
layout.setVerticalGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
layout.createSequentialGroup().addGap(26, 26, 26).addGroup(
layout.createParallelGroup(GroupLayout.Alignment.BASELINE).
addComponent(jLabel1).addComponent(
jTextField1, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(jLabel4)).
addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jTextField2, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addComponent(jLabel2).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jCheckBox2).addComponent(jCheckBox3).
addComponent(jCheckBox1).addComponent(jCheckBox4).
addComponent(jCheckBox5))).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jTextField3, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(jLabel3)
).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).
addComponent(jLabel5).addComponent(
jTextField4, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(jButton2).
addComponent(jButton3).addComponent(jButton1)).addGap(
13, 13, 13).addComponent(jScrollPane1,
GroupLayout.DEFAULT_SIZE,
971, 32767)))
callbacks.customizeUiComponent(tab)
callbacks.addSuiteTab(self)
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("PT Vulnerabilities Manager")
self.config = SafeConfigParser()
self.createSection('projects')
self.createSection('general')
self.config.read('config.ini')
self.chooser = JFileChooser()
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.logTable = Table(self)
self.logTable.getColumnModel().getColumn(0).setMaxWidth(35)
self.logTable.getColumnModel().getColumn(1).setMinWidth(100)
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self.initVulnerabilityTab()
self.initProjSettingsTab()
self.initTabs()
self.initCallbacks()
if self.projPath.getText() != None:
self.loadVulnerabilities(self.projPath.getText())
print "Thank you for installing PT Vulnerabilities Manager v1.0 extension"
print "by Barak Tawily\n\n\n"
print "Disclaimer:\nThis extension might create folders and files in your hardisk which might be declared as sensitive information, make sure you are creating projects under encrypted partition"
return
def initVulnerabilityTab(self):
#
## init vulnerability tab
#
nameLabel = JLabel("Vulnerability Name:")
nameLabel.setBounds(10, 10, 140, 30)
self.addButton = JButton("Add",actionPerformed=self.addVuln)
self.addButton.setBounds(10, 500, 100, 30)
rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln)
rmVulnButton.setBounds(465, 500, 100, 30)
mitigationLabel = JLabel("Mitigation:")
mitigationLabel.setBounds(10, 290, 150, 30)
addSSBtn = JButton("Add SS",actionPerformed=self.addSS)
addSSBtn.setBounds(750, 40, 110, 30)
deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS)
deleteSSBtn.setBounds(750, 75, 110, 30)
piclistLabel = JLabel("Images list:")
piclistLabel.setBounds(580, 10, 140, 30)
self.screenshotsList = DefaultListModel()
self.ssList = JList(self.screenshotsList)
self.ssList.setBounds(580, 40, 150, 250)
self.ssList.addListSelectionListener(ssChangedHandler(self))
self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY))
previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)")
previewPicLabel.setBounds(580, 290, 500, 30)
copyImgMenu = JMenuItem("Copy")
copyImgMenu.addActionListener(copyImg(self))
self.imgMenu = JPopupMenu("Popup")
self.imgMenu.add(copyImgMenu)
self.firstPic = JLabel()
self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY))
self.firstPic.setBounds(580, 320, 550, 400)
self.firstPic.addMouseListener(imageClicked(self))
self.vulnName = JTextField("")
self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self))
self.vulnName.setBounds(140, 10, 422, 30)
sevirities = ["Unclassified", "Critical","High","Medium","Low"]
self.threatLevel = JComboBox(sevirities);
self.threatLevel.setBounds(140, 45, 140, 30)
colors = ["Color:", "Green", "Red"]
self.colorCombo = JComboBox(colors);
self.colorCombo.setBounds(465, 45, 100, 30)
self.colorCombo
severityLabel = JLabel("Threat Level:")
severityLabel.setBounds(10, 45, 100, 30)
descriptionLabel = JLabel("Description:")
descriptionLabel.setBounds(10, 80, 100, 30)
self.descriptionString = JTextArea("", 5, 30)
self.descriptionString.setWrapStyleWord(True);
self.descriptionString.setLineWrap(True)
self.descriptionString.setBounds(10, 110, 555, 175)
descriptionStringScroll = JScrollPane(self.descriptionString)
descriptionStringScroll.setBounds(10, 110, 555, 175)
descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.mitigationStr = JTextArea("", 5, 30)
self.mitigationStr.setWrapStyleWord(True);
self.mitigationStr.setLineWrap(True)
self.mitigationStr.setBounds(10, 320, 555, 175)
mitigationStrScroll = JScrollPane(self.mitigationStr)
mitigationStrScroll.setBounds(10, 320, 555, 175)
mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(addSSBtn)
self.pnl.add(piclistLabel)
self.pnl.add(nameLabel)
self.pnl.add(deleteSSBtn)
self.pnl.add(rmVulnButton)
self.pnl.add(severityLabel)
self.pnl.add(mitigationLabel)
self.pnl.add(descriptionLabel)
self.pnl.add(previewPicLabel)
self.pnl.add(mitigationStrScroll)
self.pnl.add(descriptionStringScroll)
self.pnl.add(self.ssList)
self.pnl.add(self.firstPic)
self.pnl.add(self.addButton)
self.pnl.add(self.vulnName)
self.pnl.add(self.threatLevel)
self.pnl.add(self.colorCombo)
def initProjSettingsTab(self):
# init project settings
projNameLabel = JLabel("Name:")
projNameLabel.setBounds(10, 50, 140, 30)
self.projName = JTextField("")
self.projName.setBounds(140, 50, 320, 30)
self.projName.getDocument().addDocumentListener(projTextChanged(self))
detailsLabel = JLabel("Details:")
detailsLabel.setBounds(10, 120, 140, 30)
reportLabel = JLabel("Generate Report:")
reportLabel.setBounds(10, 375, 140, 30)
types = ["DOCX","HTML","XLSX"]
self.reportType = JComboBox(types)
self.reportType.setBounds(10, 400, 140, 30)
generateReportButton = JButton("Generate", actionPerformed=self.generateReport)
generateReportButton.setBounds(160, 400, 90, 30)
self.projDetails = JTextArea("", 5, 30)
self.projDetails.setWrapStyleWord(True);
self.projDetails.setLineWrap(True)
projDetailsScroll = JScrollPane(self.projDetails)
projDetailsScroll.setBounds(10, 150, 450, 175)
projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
projPathLabel = JLabel("Path:")
projPathLabel.setBounds(10, 90, 140, 30)
self.projPath = JTextField("")
self.projPath.setBounds(140, 90, 320, 30)
chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath)
chooseProjPathButton.setBounds(470, 90, 100, 30)
importProjButton = JButton("Import",actionPerformed=self.importProj)
importProjButton.setBounds(470, 10, 100, 30)
exportProjButton = JButton("Export",actionPerformed=self.exportProj)
exportProjButton.setBounds(575, 10, 100, 30)
openProjButton = JButton("Open Directory",actionPerformed=self.openProj)
openProjButton.setBounds(680, 10, 130, 30)
currentProjectLabel = JLabel("Current:")
currentProjectLabel.setBounds(10, 10, 140, 30)
projects = self.config.options('projects')
self.currentProject = JComboBox(projects)
self.currentProject.addActionListener(projectChangeHandler(self))
self.currentProject.setBounds(140, 10, 140, 30)
self.autoSave = JCheckBox("Auto Save Mode")
self.autoSave.setEnabled(False) # implement this feature
self.autoSave.setBounds(300, 10, 140, 30)
self.autoSave.setToolTipText("Will save any changed value while focus is out")
addProjButton = JButton("Add / Update",actionPerformed=self.addProj)
addProjButton.setBounds(10, 330, 150, 30)
removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj)
removeProjButton.setBounds(315, 330, 146, 30)
generalOptions = self.config.options('general')
if 'default project' in generalOptions:
defaultProj = self.config.get('general','default project')
self.currentProject.getModel().setSelectedItem(defaultProj)
self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem()))
self.clearProjTab = True
self.projectSettings = JPanel()
self.projectSettings.setBounds(0, 0, 1000, 1000)
self.projectSettings.setLayout(None)
self.projectSettings.add(reportLabel)
self.projectSettings.add(detailsLabel)
self.projectSettings.add(projPathLabel)
self.projectSettings.add(addProjButton)
self.projectSettings.add(openProjButton)
self.projectSettings.add(projNameLabel)
self.projectSettings.add(projDetailsScroll)
self.projectSettings.add(importProjButton)
self.projectSettings.add(exportProjButton)
self.projectSettings.add(removeProjButton)
self.projectSettings.add(generateReportButton)
self.projectSettings.add(chooseProjPathButton)
self.projectSettings.add(currentProjectLabel)
self.projectSettings.add(self.projPath)
self.projectSettings.add(self.autoSave)
self.projectSettings.add(self.projName)
self.projectSettings.add(self.reportType)
self.projectSettings.add(self.currentProject)
def initTabs(self):
#
## init autorize tabs
#
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
colorsMenu = JMenu("Paint")
redMenu = JMenuItem("Red")
noneMenu = JMenuItem("None")
greenMenu = JMenuItem("Green")
redMenu.addActionListener(paintChange(self, "Red"))
noneMenu.addActionListener(paintChange(self, None))
greenMenu.addActionListener(paintChange(self, "Green"))
colorsMenu.add(redMenu)
colorsMenu.add(noneMenu)
colorsMenu.add(greenMenu)
self.menu = JPopupMenu("Popup")
self.menu.add(colorsMenu)
self.tabs = JTabbedPane()
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Vulnerability", self.pnl)
self.tabs.addTab("Project Settings", self.projectSettings)
self.tabs.setSelectedIndex(2)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
def loadVulnerabilities(self, projPath):
self.clearList(None)
selected = False
for root, dirs, files in os.walk(projPath): # make it go only for dirs
for dirName in dirs:
xmlPath = projPath+"/"+dirName+"/vulnerability.xml"
# xmlPath = xmlPath.replace("/","//")
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
vulnName = nodeList.item(0).getTextContent()
severity = nodeList.item(1).getTextContent()
description = nodeList.item(2).getTextContent()
mitigation = nodeList.item(3).getTextContent()
color = nodeList.item(4).getTextContent()
test = vulnerability(vulnName,severity,description,mitigation,color)
self._lock.acquire()
row = self._log.size()
self._log.add(test)
self.fireTableRowsInserted(row, row)
self._lock.release()
if vulnName == self.vulnName.getText():
self.logTable.setRowSelectionInterval(row,row)
selected = True
if selected == False and self._log.size() > 0:
self.logTable.setRowSelectionInterval(0, 0)
self.loadVulnerability(self._log.get(0))
def createSection(self, sectioName):
self.config.read('config.ini')
if not (sectioName in self.config.sections()):
self.config.add_section(sectioName)
cfgfile = open("config.ini",'w')
self.config.write(cfgfile)
cfgfile.close()
def saveCfg(self):
f = open('config.ini', 'w')
self.config.write(f)
f.close()
def getXMLDoc(self, xmlPath):
try:
document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlPath)
return document
except:
self._extender.popup("XML file not found")
return
def saveXMLDoc(self, doc, xmlPath):
transformerFactory = TransformerFactory.newInstance()
transformer = transformerFactory.newTransformer()
source = DOMSource(doc)
result = StreamResult(File(xmlPath))
transformer.transform(source, result)
def generateReport(self,event):
if self.reportType.getSelectedItem() == "HTML":
path = self.reportToHTML()
if self.reportType.getSelectedItem() == "XLSX":
path = self.reportToXLS()
if self.reportType.getSelectedItem() == "DOCX":
path = self.generateReportFromDocxTemplate('template.docx',"newfile.docx", 'word/document.xml')
n = JOptionPane.showConfirmDialog(None, "Report generated successfuly:\n%s\nWould you like to open it?" % (path), "PT Manager", JOptionPane.YES_NO_OPTION)
if n == JOptionPane.YES_OPTION:
os.system('"' + path + '"') # Bug! stucking burp until the file get closed
def exportProj(self,event):
self.chooser.setDialogTitle("Save project")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showSaveDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
dst = str(self.chooser.getSelectedFile())
shutil.make_archive(dst,"zip",self.getCurrentProjPath())
self.popup("Project export successfuly")
def importProj(self,event):
self.chooser.setDialogTitle("Select project zip to directory")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
zipPath = str(self.chooser.getSelectedFile())
self.chooser.setDialogTitle("Select project directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
with zipfile.ZipFile(zipPath, "r") as z:
z.extractall(projPath)
xmlPath = projPath + "/project.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
projName = nodeList.item(0).getTextContent()
nodeList.item(1).setTextContent(projPath)
self.saveXMLDoc(document, xmlPath)
self.config.set('projects', projName, projPath)
self.saveCfg()
self.reloadProjects()
self.currentProject.getModel().setSelectedItem(projName)
self.clearVulnerabilityTab()
def reportToXLS(self):
if not xlsxwriterImported:
self.popup("xlsxwriter library is not imported")
return
workbook = xlsxwriter.Workbook(self.getCurrentProjPath() + '/PT Manager Report.xlsx')
worksheet = workbook.add_worksheet()
bold = workbook.add_format({'bold': True})
worksheet.write(0, 0, "Vulnerability Name", bold)
worksheet.write(0, 1, "Threat Level", bold)
worksheet.write(0, 2, "Description", bold)
worksheet.write(0, 3, "Mitigation", bold)
row = 1
for i in range(0,self._log.size()):
worksheet.write(row, 0, self._log.get(i).getName())
worksheet.write(row, 1, self._log.get(i).getSeverity())
worksheet.write(row, 2, self._log.get(i).getDescription())
worksheet.write(row, 3, self._log.get(i).getMitigation())
row = row + 1
# add requests and images as well
workbook.close()
return self.getCurrentProjPath() + '/PT Manager Report.xlsx'
def reportToHTML(self):
htmlContent = """<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="he" dir="ltr">
<head>
<title>PT Manager Report</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style>
body {
background-repeat: no-repeat;
background-attachment: fixed;
font-family: Arial,Tahoma,sens-serif;
font-size: 13px;
margin: auto;
}
#warpcenter {
width: 900px;
margin: 0px auto;
}
table {
border: 2px dashed #000000;
}
td {
border-top: 2px dashed #000000;
padding: 10px;
}
img {
border: 0px;
}
</style>
<script language="javascript">
function divHideShow(divToHideOrShow)
{
var div = document.getElementById(divToHideOrShow);
if (div.style.display == "block")
{
div.style.display = "none";
}
else
{
div.style.display = "block";
}
}
</script>
</head>
<body>
<div id="warpcenter">
<h1> PT Manager Report </h1>
<h2> Project: %s</h1>
""" % (self.projName.getText())
for i in range(0,self._log.size()):
name = self._log.get(i).getName()
request = "None"
response = "None"
path = self.getVulnReqResPath("request",name)
if os.path.exists(path):
request = self.newlineToBR(self.getFileContent(path))
path = self.getVulnReqResPath("response",name)
if os.path.exists(path):
response = self.newlineToBR(self.getFileContent(path))
images = ""
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(name)):
if fileName.endswith(".jpg"):
images += "%s<br><img src=\"%s\"><br><br>" % (fileName, self.projPath.getText()+"/"+self.clearStr(name) + "/" + fileName)
description = self.newlineToBR(self._log.get(i).getDescription())
mitigation = self.newlineToBR(self._log.get(i).getMitigation())
htmlContent += self.convertVulntoTable(i,name,self._log.get(i).getSeverity(), description,mitigation, request, response, images)
htmlContent += "</div></body></html>"
f = open(self.getCurrentProjPath() + '/PT Manager Report.html', 'w')
f.writelines(htmlContent)
f.close()
return self.getCurrentProjPath() + '/PT Manager Report.html'
def newlineToBR(self,string):
return "<br />".join(string.split("\n"))
def getFileContent(self,path):
f = open(path, "rb")
content = f.read()
f.close()
return content
def convertVulntoTable(self, number, name, severity, description, mitigation, request = "None", response = "None", images = "None"):
return """<div style="width: 100%%;height: 30px;text-align: center;background-color:#E0E0E0;font-size: 17px;font-weight: bold;color: #000;padding-top: 10px;">%s <a href="javascript:divHideShow('Table_%s');" style="color:#191970">(OPEN / CLOSE)</a></div>
<div id="Table_%s" style="display: none;">
<table width="100%%" cellspacing="0" cellpadding="0" style="margin: 0px auto;text-align: left;border-top: 0px;">
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Threat Level: </span>
<span style="color:#8b8989">%s</span>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Description</span>
<a href="javascript:divHideShow('Table_%s_Command_03');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_03" style="display: none;margin-top: 25px;">
%s
</div>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Mitigration</span>
<a href="javascript:divHideShow('Table_%s_Command_04');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_04" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Request</span>
<a href="javascript:divHideShow('Table_%s_Command_05');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_05" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Response</span>
<a href="javascript:divHideShow('Table_%s_Command_06');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_06" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Images</span>
<a href="javascript:divHideShow('Table_%s_Command_07');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_07" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
</table>
</div><br><br>""" % (name,number,number,severity,number,number,description,number,number,mitigation,number,number,request,number,number,response,number,number,images)
def clearVulnerabilityTab(self, rmVuln=True):
if rmVuln:
self.vulnName.setText("")
self.descriptionString.setText("")
self.mitigationStr.setText("")
self.colorCombo.setSelectedIndex(0)
self.threatLevel.setSelectedIndex(0)
self.screenshotsList.clear()
self.addButton.setText("Add")
self.firstPic.setIcon(None)
def saveRequestResponse(self, type, requestResponse, vulnName):
path = self.getVulnReqResPath(type,vulnName)
f = open(path, 'wb')
f.write(requestResponse)
f.close()
def openProj(self, event):
os.system('explorer ' + self.projPath.getText())
def getVulnReqResPath(self, requestOrResponse, vulnName):
return self.getCurrentProjPath() + "/" + self.clearStr(vulnName) + "/"+requestOrResponse+"_" + self.clearStr(vulnName)
def htmlEscape(self,data):
return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')
def generateReportFromDocxTemplate(self, zipname, newZipName, filename):
newZipName = self.getCurrentProjPath() + "/" + newZipName
with zipfile.ZipFile(zipname, 'r') as zin:
with zipfile.ZipFile(newZipName, 'w') as zout:
zout.comment = zin.comment
for item in zin.infolist():
if item.filename != filename:
zout.writestr(item, zin.read(item.filename))
else:
xml_content = zin.read(item.filename)
result = re.findall("(.*)<w:body>(?:.*)<\/w:body>(.*)",xml_content)[0]
newXML = result[0]
templateBody = re.findall("<w:body>(.*)<\/w:body>", xml_content)[0]
newBody = ""
for i in range(0,self._log.size()):
tmp = templateBody
tmp = tmp.replace("$vulnerability", self.htmlEscape(self._log.get(i).getName()))
tmp = tmp.replace("$severity", self.htmlEscape(self._log.get(i).getSeverity()))
tmp = tmp.replace("$description", self.htmlEscape(self._log.get(i).getDescription()))
tmp = tmp.replace("$mitigation", self.htmlEscape(self._log.get(i).getMitigation()))
newBody = newBody + tmp
newXML = newXML + newBody
newXML = newXML + result[1]
with zipfile.ZipFile(newZipName, mode='a', compression=zipfile.ZIP_DEFLATED) as zf:
zf.writestr(filename, newXML)
return newZipName
def chooseProjPath(self, event):
self.chooser.setDialogTitle("Select target directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
os.makedirs(projPath)
self.projPath.setText(projPath)
def reloadProjects(self):
self.currentProject.setModel(DefaultComboBoxModel(self.config.options('projects')))
def rmProj(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.projPath.getText())
self.config.remove_option('projects',self.currentProject.getSelectedItem())
self.reloadProjects()
self.currentProject.setSelectedIndex(0)
self.loadVulnerabilities(self.projPath.getText())
def popup(self,msg):
JOptionPane.showMessageDialog(None,msg)
def addProj(self, event):
projPath = self.projPath.getText()
if projPath == None or projPath == "":
self.popup("Please select path")
return
self.config.set('projects', self.projName.getText(), projPath)
self.saveCfg()
xml = ET.Element('project')
name = ET.SubElement(xml, "name")
path = ET.SubElement(xml, "path")
details = ET.SubElement(xml, "details")
autoSaveMode = ET.SubElement(xml, "autoSaveMode")
name.text = self.projName.getText()
path.text = projPath
details.text = self.projDetails.getText()
autoSaveMode.text = str(self.autoSave.isSelected())
tree = ET.ElementTree(xml)
try:
tree.write(self.getCurrentProjPath()+'/project.xml')
except:
self.popup("Invalid path")
return
self.reloadProjects()
self.clearVulnerabilityTab()
self.clearList(None)
self.currentProject.getModel().setSelectedItem(self.projName.getText())
def resize(self, image, width, height):
bi = BufferedImage(width, height, BufferedImage.TRANSLUCENT)
g2d = bi.createGraphics()
g2d.addRenderingHints(RenderingHints(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY))
g2d.drawImage(image, 0, 0, width, height, None)
g2d.dispose()
return bi;
def clearStr(self, var):
return var.replace(" " , "_").replace("\\" , "").replace("/" , "").replace(":" , "").replace("*" , "").replace("?" , "").replace("\"" , "").replace("<" , "").replace(">" , "").replace("|" , "").replace("(" , "").replace(")" , "")
def popUpAreYouSure(self):
dialogResult = JOptionPane.showConfirmDialog(None,"Are you sure?","Warning",JOptionPane.YES_NO_OPTION)
if dialogResult == 0:
return 0
return 1
def removeSS(self,event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
os.remove(self.getCurrentVulnPath() + "/" + self.ssList.getSelectedValue())
self.ssList.getModel().remove(self.ssList.getSelectedIndex())
self.firstPic.setIcon(ImageIcon(None))
# check if there is images and select the first one
# bug in linux
def addSS(self,event):
clipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
try:
image = clipboard.getData(DataFlavor.imageFlavor)
except:
self.popup("Clipboard not contains image")
return
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
name = self.clearStr(self.vulnName.getText()) + str(random.randint(1, 99999))+".jpg"
fileName = self.projPath.getText()+"/"+ self.clearStr(self.vulnName.getText()) + "/" + name
file = File(fileName)
bufferedImage = BufferedImage(image.getWidth(None), image.getHeight(None), BufferedImage.TYPE_INT_RGB);
g = bufferedImage.createGraphics();
g.drawImage(image, 0, 0, bufferedImage.getWidth(), bufferedImage.getHeight(), Color.WHITE, None);
ImageIO.write(bufferedImage, "jpg", file)
self.addVuln(self)
self.ssList.setSelectedValue(name,True)
def rmVuln(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.getCurrentVulnPath())
self.clearVulnerabilityTab()
self.loadVulnerabilities(self.getCurrentProjPath())
def addVuln(self, event):
if self.colorCombo.getSelectedItem() == "Color:":
colorTxt = None
else:
colorTxt = self.colorCombo.getSelectedItem()
self._lock.acquire()
row = self._log.size()
vulnObject = vulnerability(self.vulnName.getText(),self.threatLevel.getSelectedItem(),self.descriptionString.getText(),self.mitigationStr.getText() ,colorTxt)
self._log.add(vulnObject)
self.fireTableRowsInserted(row, row)
self._lock.release()
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
xml = ET.Element('vulnerability')
name = ET.SubElement(xml, "name")
severity = ET.SubElement(xml, "severity")
description = ET.SubElement(xml, "description")
mitigation = ET.SubElement(xml, "mitigation")
color = ET.SubElement(xml, "color")
name.text = self.vulnName.getText()
severity.text = self.threatLevel.getSelectedItem()
description.text = self.descriptionString.getText()
mitigation.text = self.mitigationStr.getText()
color.text = colorTxt
tree = ET.ElementTree(xml)
tree.write(vulnPath+'/vulnerability.xml')
self.loadVulnerabilities(self.getCurrentProjPath())
self.loadVulnerability(vulnObject)
def vulnNameChanged(self):
if os.path.exists(self.getCurrentVulnPath()) and self.vulnName.getText() != "":
self.addButton.setText("Update")
elif self.addButton.getText() != "Add":
options = ["Create a new vulnerability", "Change current vulnerability name"]
n = JOptionPane.showOptionDialog(None,
"Would you like to?",
"Vulnerability Name",
JOptionPane.YES_NO_CANCEL_OPTION,
JOptionPane.QUESTION_MESSAGE,
None,
options,
options[0]);
if n == 0:
self.clearVulnerabilityTab(False)
self.addButton.setText("Add")
else:
newName = JOptionPane.showInputDialog(
None,
"Enter new name:",
"Vulnerability Name",
JOptionPane.PLAIN_MESSAGE,
None,
None,
self.vulnName.getText())
row = self.logTable.getSelectedRow()
old = self.logTable.getValueAt(row,1)
self.changeVulnName(newName,old)
def changeVulnName(self,new,old):
newpath = self.getCurrentProjPath() + "/" + new
oldpath = self.getCurrentProjPath() + "/" + old
os.rename(oldpath,newpath)
self.changeCurrentVuln(new,0, newpath + "/vulnerability.xml")
def getCurrentVulnPath(self):
return self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
def getCurrentProjPath(self):
return self.projPath.getText()
def loadSS(self, imgPath):
image = ImageIO.read(File(imgPath))
if image.getWidth() <= 550 and image.getHeight() <= 400:
self.firstPic.setIcon(ImageIcon(image))
self.firstPic.setSize(image.getWidth(),image.getHeight())
else:
self.firstPic.setIcon(ImageIcon(self.resize(image,550, 400)))
self.firstPic.setSize(550,400)
def clearProjectTab(self):
self.projPath.setText("")
self.projDetails.setText("")
def clearList(self, event):
self._lock.acquire()
self._log = ArrayList()
row = self._log.size()
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send to PT Manager");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
ret.add(requestMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "PT Manager"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Vulnerability Name"
if columnIndex == 2:
return "Threat Level"
return ""
def getValueAt(self, rowIndex, columnIndex):
vulnObject = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return vulnObject.getName()
if columnIndex == 2:
return vulnObject.getSeverity()
if columnIndex == 3:
return vulnObject.getMitigation()
if columnIndex == 4:
return vulnObject.getColor()
return ""
def changeCurrentVuln(self,value,fieldNumber, xmlPath = "def"):
if xmlPath == "def":
xmlPath = self.getCurrentVulnPath() + "/vulnerability.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
nodeList.item(fieldNumber).setTextContent(value)
self.saveXMLDoc(document, xmlPath)
self.loadVulnerabilities(self.getCurrentProjPath())
def loadVulnerability(self, vulnObject):
self.addButton.setText("Update")
self.vulnName.setText(vulnObject.getName())
self.threatLevel.setSelectedItem(vulnObject.getSeverity())
self.descriptionString.setText(vulnObject.getDescription())
self.mitigationStr.setText(vulnObject.getMitigation())
if vulnObject.getColor() == "" or vulnObject.getColor() == None:
self.colorCombo.setSelectedItem("Color:")
else:
self.colorCombo.setSelectedItem(vulnObject.getColor())
self.screenshotsList.clear()
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())):
if fileName.endswith(".jpg"):
self.screenshotsList.addElement(fileName)
imgPath = self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())+'/'+fileName
# imgPath = imgPath.replace("/","//")
self.loadSS(imgPath)
if (self.screenshotsList.getSize() == 0):
self.firstPic.setIcon(None)
else:
self.ssList.setSelectedIndex(0)
path = self.getVulnReqResPath("request",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._requestViewer.setMessage(f, False)
else:
self._requestViewer.setMessage("None", False)
path = self.getVulnReqResPath("response",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._responseViewer.setMessage(f, False)
else:
self._responseViewer.setMessage("None", False)
