def MultiFileDialog(title):
#hide/show debug prints
verbose = 0
# Choose image file(s) to open
fc = JFileChooser()
fc.setMultiSelectionEnabled(True)
fc.setDialogTitle(title)
sdir = OpenDialog.getDefaultDirectory()
if sdir!=None:
fdir = File(sdir)
if fdir!=None:
fc.setCurrentDirectory(fdir)
returnVal = fc.showOpenDialog(IJ.getInstance())
if returnVal!=JFileChooser.APPROVE_OPTION:
return
files = fc.getSelectedFiles()
paths = []
for i in range(len(files)):
paths.append(os.path.join(files[i].getParent(), files[i].getName()))
if verbose > 0:
for i in range(len(files)):
path = os.path.join(files[i].getParent(), files[i].getName())
print "Path: " + path
return paths
def MultiFileDialog(title):
#hide/show debug prints
verbose = 0
# Choose image file(s) to open
fc = JFileChooser()
fc.setMultiSelectionEnabled(True)
fc.setDialogTitle(title)
sdir = OpenDialog.getDefaultDirectory()
if sdir != None:
fdir = File(sdir)
if fdir != None:
fc.setCurrentDirectory(fdir)
returnVal = fc.showOpenDialog(IJ.getInstance())
if returnVal != JFileChooser.APPROVE_OPTION:
return
files = fc.getSelectedFiles()
paths = []
for i in range(len(files)):
paths.append(os.path.join(files[i].getParent(), files[i].getName()))
if verbose > 0:
for i in range(len(files)):
path = os.path.join(files[i].getParent(), files[i].getName())
print "Path: " + path
return paths
def openFolderDialog(dialogTitle):
from javax.swing import JFileChooser
chooser = JFileChooser()
chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
chooser.setDialogTitle(dialogTitle)
if chooser.showOpenDialog(None) == JFileChooser.APPROVE_OPTION:
return str(chooser.getSelectedFile())
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReport.csv"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tMethod\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0,self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id, self._log.get(i)._method, self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse is not None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse is not None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse is not None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
elif enforcementStatusFilter == "As table filter":
if ((self._extender.showAuthBypassModified.isSelected() and self.BYPASSSED_STR == self._log.get(i)._enfocementStatus) or
(self._extender.showAuthPotentiallyEnforcedModified.isSelected() and "Is enforced???" == self._log.get(i)._enfocementStatus) or
(self._extender.showAuthEnforcedModified.isSelected() and self.ENFORCED_STR == self._log.get(i)._enfocementStatus) or
(self._extender.showAuthBypassUnauthenticated.isSelected() and self.BYPASSSED_STR == self._log.get(i)._enfocementStatusUnauthorized) or
(self._extender.showAuthPotentiallyEnforcedUnauthenticated.isSelected() and "Is enforced???" == self._log.get(i)._enfocementStatusUnauthorized) or
(self._extender.showAuthEnforcedUnauthenticated.isSelected() and self.ENFORCED_STR == self._log.get(i)._enfocementStatusUnauthorized) or
(self._extender.showDisabledUnauthenticated.isSelected() and "Disabled" == self._log.get(i)._enfocementStatusUnauthorized)):
csvContent += "%d\t%s\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id, self._log.get(i)._method, self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse is not None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse is not None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse is not None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id, self._log.get(i)._method, self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse is not None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse is not None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse is not None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
def actionPerformed(self, e):
file_chooser = JFileChooser()
is_load_file = str(e.getActionCommand()) == "load"
is_save_file = str(e.getActionCommand()) == "save"
if is_load_file:
file_chooser.setDialogTitle("Load JSON File")
file_chooser.setDialogType(JFileChooser.OPEN_DIALOG)
open_dialog = file_chooser.showOpenDialog(self.file_button)
is_approve = open_dialog == JFileChooser.APPROVE_OPTION
if is_approve:
load_file = file_chooser.getSelectedFile()
file_name = str(load_file)
self.load_data(file_name)
else:
print("JSON file load cancelled")
if is_save_file:
file_chooser.setDialogTitle("Save JSON File")
file_chooser.setDialogType(JFileChooser.SAVE_DIALOG)
save_dialog = file_chooser.showSaveDialog(self.file_button)
is_approve = save_dialog == JFileChooser.APPROVE_OPTION
if is_approve:
save_file = str(file_chooser.getSelectedFile())
self.save_data(save_file)
else:
print("JSON file save cancelled")
def exportToHTML(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th>URL</th><th>Authorization Enforcement Status</th></tr></thead>
<tbody>"""
for i in range(0,self._log.size()):
color = ""
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[0]:
color = "red"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[1]:
color = "yellow"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[2]:
color = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (color,self._log.get(i)._url,self._log.get(i)._url, self._log.get(i)._enfocementStatus)
else:
if enforcementStatusFilter == self._log.get(i)._enfocementStatus:
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (color,self._log.get(i)._url,self._log.get(i)._url, self._log.get(i)._enfocementStatus)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
def createDialogBoxForImportExport(self, dialogTitle, extensionFilter, buttonText):
# create frame
frameImportExportDialogBox = JFrame()
# try to load the last used directory
try:
# load the directory for future imports/exports
fileChooserDirectory = self._callbacks.loadExtensionSetting("fileChooserDirectory")
# there is not a last used directory
except:
# set the last used directory to blank
fileChooserDirectory = ""
# create file chooser
fileChooserImportExportDialogBox = JFileChooser(fileChooserDirectory)
# set dialog title
fileChooserImportExportDialogBox.setDialogTitle(dialogTitle)
# create extension filter
filterImportExportDialogBox = FileNameExtensionFilter(extensionFilter[0], extensionFilter[1])
# set extension filter
fileChooserImportExportDialogBox.setFileFilter(filterImportExportDialogBox)
# show dialog box and get value
valueFileChooserImportExportDialogBox = fileChooserImportExportDialogBox.showDialog(frameImportExportDialogBox, buttonText)
# check if a file was not selected
if valueFileChooserImportExportDialogBox != JFileChooser.APPROVE_OPTION:
# return no path/file selected
return False, "No Path/File"
# get the directory
fileChooserDirectory = fileChooserImportExportDialogBox.getCurrentDirectory()
# store the directory for future imports/exports
self._callbacks.saveExtensionSetting("fileChooserDirectory", str(fileChooserDirectory))
# get absolute path of file
fileChosenImportExportDialogBox = fileChooserImportExportDialogBox.getSelectedFile().getAbsolutePath()
# split name and extension
fileNameImportExportDialogBox, fileExtensionImportExportDialogBox = os.path.splitext(fileChosenImportExportDialogBox)
# check if file does not have an extention
if fileExtensionImportExportDialogBox == "":
# add extension to file
fileChosenImportExportDialogBox = fileChosenImportExportDialogBox + extensionFilter[2]
# return dialog box value and path/file
return True, fileChosenImportExportDialogBox
def readFromTheFile(self,event):
choseFile = JFileChooser(FileSystemView.getFileSystemView().getHomeDirectory());
choseFile.setDialogTitle('Select The File Which Will Be Pasted')
choseFile.setFileSelectionMode(JFileChooser.FILES_ONLY)
returnValue = choseFile.showOpenDialog(None);
if(returnValue == JFileChooser.APPROVE_OPTION):
selectedFile = choseFile.getSelectedFile()
file=open(selectedFile.getAbsolutePath(),"r")
editedRequest = self._request[:self._position[0]]+str(file.read())+self._request[self._position[1]:]
self._message[0].setRequest(self._helpers.bytesToString(editedRequest))
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.csv"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0, self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (
self._log.get(i)._id, self._log.get(i)._url,
len(
self._log.get(
i)._originalrequestResponse.getResponse()) if
self._log.get(i)._originalrequestResponse != None else 0,
len(self._log.get(i)._requestResponse.getResponse())
if self._log.get(i)._requestResponse != None else 0,
len(
self._log.get(
i)._unauthorizedRequestResponse.getResponse())
if self._log.get(i)._unauthorizedRequestResponse != None
else 0, self._log.get(i)._enfocementStatus,
self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter
== self._log.get(i)._enfocementStatus) or (
enforcementStatusFilter
== self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (
self._log.get(i)._id, self._log.get(i)._url,
len(
self._log.get(
i)._originalrequestResponse.getResponse())
if self._log.get(i)._originalrequestResponse != None
else 0,
len(self._log.get(i)._requestResponse.getResponse())
if self._log.get(i)._requestResponse != None else 0,
len(
self._log.get(i)._unauthorizedRequestResponse.
getResponse()) if
self._log.get(i)._unauthorizedRequestResponse != None
else 0, self._log.get(i)._enfocementStatus,
self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
def openFolderDialog(dialogTitle):
from javax.swing import JFileChooser
chooser = JFileChooser()
chooser.setMultiSelectionEnabled(True)
chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
chooser.setDialogTitle(dialogTitle)
if chooser.showOpenDialog(None) == JFileChooser.APPROVE_OPTION:
folderPathStrings = []
for folderPath in chooser.getSelectedFiles():
folderPathStrings.append(str(folderPath))
return folderPathStrings
def saveResults(self, e):
self._stdout.println("Saving results")
fileChooser = JFileChooser()
fileChooser.setDialogTitle("Specify the file name")
userSelection = fileChooser.showSaveDialog(self.getUiComponent())
if userSelection == JFileChooser.APPROVE_OPTION:
f = fileChooser.getSelectedFile()
fileout = open(f, 'w')
for domain in self.domain_list:
self._stdout.println("writing ")
fileout.write("I AM FILE")
fileout.close()
def actionPerformed(self, actionEvent):
chooser = JFileChooser()
#chooser.setCurrentDirectory(".")
chooser.setDialogTitle("Choose file")
chooser.setFileSelectionMode(JFileChooser.FILES_ONLY)
chooser.setAcceptAllFileFilterUsed(False)
if chooser.showOpenDialog(self) == JFileChooser.APPROVE_OPTION:
print chooser.getCurrentDirectory()
print chooser.getSelectedFile()
self.field.setText(str(chooser.getSelectedFile()))
else:
print "No file selected"
def multiple_file_location_chooser(default_directory):
"""choose input data location with potential for being split over multiple files"""
chooser = JFileChooser(default_directory);
chooser.setDialogTitle("Choose one or more tiff files representing the data...");
ext_filter = FileNameExtensionFilter("*.tif", ["tif", "tiff"]);
chooser.setFileFilter(ext_filter);
chooser.setMultiSelectionEnabled(True);
chooser.showOpenDialog(None);
file_paths = [f.toString() for f in chooser.getSelectedFiles()];
if file_paths is None or len(file_paths)==0:
raise IOError('no input file chosen');
return file_paths;
def new_home_page():
openDialog = JFileChooser()
openDialog.setFileSelectionMode( JFileChooser.DIRECTORIES_ONLY )
openDialog.setDialogTitle('Choose directory to search for Mallard .page files')
response = openDialog.showDialog( None, 'Choose' )
if response == JFileChooser.APPROVE_OPTION:
sf = openDialog.getSelectedFile()
if sf is not None:
filename = sf.getPath()
if filename is not None and os.path.isdir( filename ):
return HomePage(filename)
return HomePage('.')
def f2_clic_browse1(event):
print("Click browse 1")
fc = JFileChooser()
fc.setCurrentDirectory(gvars['path_JFileChooser'])
fc.setDialogTitle('Open original image')
result = fc.showOpenDialog( None )
if result == JFileChooser.APPROVE_OPTION :
message = 'Path to original image %s' % fc.getSelectedFile()
gvars['path_original_image'] = str(fc.getSelectedFile())
f2_txt1.setText(gvars['path_original_image'])
gvars['path_JFileChooser'] = fc.getCurrentDirectory()
else :
message = 'Request canceled by user'
print( message )
def initUI(self):
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
chooseFile = JFileChooser()
chooseFile.setDialogTitle("Select Export Location")
chooseFile.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
ret = chooseFile.showSaveDialog(self.panel)
if ret == JFileChooser.APPROVE_OPTION:
self.file_name = str(chooseFile.getSelectedFile())
if not chooseFile.getSelectedFile().isDirectory():
mkdirp(self.file_name)
def initUI(self):
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
chooseFile = JFileChooser()
chooseFile.setDialogTitle("Select Access Database")
fnfilter = FileNameExtensionFilter("Access Databases",
["mdb", "accdb"])
chooseFile.setFileFilter(fnfilter)
ret = chooseFile.showSaveDialog(self.panel)
if ret == JFileChooser.APPROVE_OPTION:
self.file_name = str(chooseFile.getSelectedFile())
def selectExportFile(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setDialogTitle("Specify file to save state")
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY)
userSelection = fileChooser.showOpenDialog(parentFrame)
if (userSelection == JFileChooser.APPROVE_OPTION):
fileLoad = fileChooser.getSelectedFile()
filename = fileLoad.getAbsolutePath()
self.selectPathText.setText(filename)
print 'Filename selected:' + filename
self._callbacks.saveExtensionSetting("exportFile", filename)
return
def f4_clic_browse1(event):
print("Click browse 1")
fc = JFileChooser()
fc.setCurrentDirectory(gvars['path_JFileChooser'])
fc.setDialogTitle('Select Directory for multiple images')
fc.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
result = fc.showOpenDialog( None )
if result == JFileChooser.APPROVE_OPTION :
if fc.getSelectedFile().isDirectory():
message = 'Path to original image %s' % fc.getSelectedFile()
gvars['path_multiple_image_directory'] = str(fc.getSelectedFile())
f4_txt1.setText(gvars['path_multiple_image_directory'])
gvars['path_JFileChooser'] = fc.getSelectedFile()
else :
message = 'Request canceled by user'
print( message )
def initUI(self, hidden, dir_only, title, defaultFile):
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
chosenFile = JFileChooser()
chosenFile.setSelectedFile(File(defaultFile))
chosenFile.setDialogTitle(title)
if dir_only:
chosenFile.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
chosenFile.setFileHidingEnabled(hidden)
ret = chosenFile.showOpenDialog(self.panel)
if ret == JFileChooser.APPROVE_OPTION:
if dir_only:
if chosenFile.getSelectedFile().isDirectory():
self.file_name = str(chosenFile.getSelectedFile())
else:
self.file_name = str(chosenFile.getSelectedFile())
def FolderDialog(title, folder):
fc = JFileChooser()
fc.setMultiSelectionEnabled(False)
fc.setDialogTitle(title)
fc.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
fc.setAcceptAllFileFilterUsed(False);
if folder ==None:
sdir = OpenDialog.getDefaultDirectory()
else:
sdir = folder
if sdir!=None:
fdir = File(sdir)
if fdir!=None:
fc.setCurrentDirectory(fdir)
returnVal = fc.showOpenDialog(IJ.getInstance())
if returnVal!=JFileChooser.APPROVE_OPTION:
return
folder = fc.getSelectedFile();
path = os.path.join(folder.getParent(), folder.getName())
return path
def go(self, fileTypes=None, default=None, directoryAllowed=False):
fileChooser = JFileChooser()
if self.title:
fileChooser.setDialogTitle(self.title)
if default:
fileChooser.setSelectedFile(java.io.File(default))
fileChooser.setCurrentDirectory(java.io.File("."))
if fileTypes:
for extension, description in fileTypes:
fileChooser.addChoosableFileFilter(FileFilterForExtension(extension, description))
if self.loadOrSave == "load":
result = fileChooser.showOpenDialog(self.parent)
else:
result = fileChooser.showSaveDialog(self.parent)
if (result == JFileChooser.APPROVE_OPTION):
fileResult = None
fileAndMaybeDir = fileChooser.getSelectedFile().getAbsoluteFile()
if directoryAllowed or not fileAndMaybeDir.isDirectory():
fileResult = str(fileAndMaybeDir)
return fileResult
else:
return None
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.csv"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0,self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
# Author: Michael Sengelmann
import ghidra.app.script.GhidraScript
state = getState()
currentProgram = state.getCurrentProgram()
name = currentProgram.getName()
location = currentProgram.getExecutablePath()
# print("The currently loaded program is: '{}'".format(name))
# print("Its location on disk is: '{}'".format(location))
if (getProgramFile() is None):
print("File doesn't exist locally.")
from java.io import File
from javax.swing import JFileChooser
chooser = JFileChooser()
chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
chooser.setDialogTitle("Export " + name + " to...")
chooser.showDialog(None, None)
path = chooser.getSelectedFile().getAbsolutePath()
fullpath = path + "/" + name
f = File(fullpath)
print("Creating " + f.getAbsolutePath())
from ghidra.app.util.exporter import BinaryExporter
bexp = BinaryExporter()
memory = currentProgram.getMemory()
monitor = getMonitor()
domainObj = currentProgram
bexp.export(f, domainObj, memory, monitor)
else:
print("File already exists at " + getProgramFile().getAbsolutePath())
all.add( button )
all.add( JLabel("Min") )
all.add( minField )
all.add( JLabel("Max") )
all.add(maxField )
all.add( JLabel("Score :") )
all.add(scoreField)
frame = JFrame("CCM scoring")
frame.getContentPane().add(JScrollPane(all))
frame.pack()
frame.addWindowListener( Closing() )
scoreField.requestFocusInWindow()
# Get the grid files
chooser = JFileChooser()
chooser.setDialogTitle("Choose plate grids")
chooser.setMultiSelectionEnabled(True)
chooser.setCurrentDirectory( File(os.path.expanduser("~")))
chooser.showOpenDialog(JPanel())
# This is a hack to get a file path from the
# sun.awt.shell.DefaultShellFolder object returned by the chooser
fp = [str(i) for i in chooser.getSelectedFiles()]
if len(fp) != 0:
gd = GenericDialog("Name your output file")
gd.addStringField("Score file name", "scores.csv")
gd.showDialog()
if not gd.wasCanceled():
scoreFile = gd.getNextString()
scoreFile = os.path.join( os.path.split(fp[0])[0], scoreFile)
def saveState(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setDialogTitle("State output file")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
exportFile = fileChooser.getSelectedFile()
with open(exportFile.getAbsolutePath(), 'wb') as csvfile:
csvwriter = csv.writer(csvfile,
delimiter='\t',
quotechar='|',
quoting=csv.QUOTE_MINIMAL)
for i in range(0, self._extender._log.size()):
tempRequestResponseHost = self._extender._log.get(
i)._requestResponse.getHttpService().getHost()
tempRequestResponsePort = self._extender._log.get(
i)._requestResponse.getHttpService().getPort()
tempRequestResponseProtocol = self._extender._log.get(
i)._requestResponse.getHttpService().getProtocol()
tempRequestResponseRequest = base64.b64encode(
self._extender._log.get(
i)._requestResponse.getRequest())
tempRequestResponseResponse = base64.b64encode(
self._extender._log.get(
i)._requestResponse.getResponse())
tempOriginalRequestResponseHost = self._extender._log.get(
i)._originalrequestResponse.getHttpService().getHost()
tempOriginalRequestResponsePort = self._extender._log.get(
i)._originalrequestResponse.getHttpService().getPort()
tempOriginalRequestResponseProtocol = self._extender._log.get(
i)._originalrequestResponse.getHttpService(
).getProtocol()
tempOriginalRequestResponseRequest = base64.b64encode(
self._extender._log.get(
i)._originalrequestResponse.getRequest())
tempOriginalRequestResponseResponse = base64.b64encode(
self._extender._log.get(
i)._originalrequestResponse.getResponse())
if self._extender._log.get(
i)._unauthorizedRequestResponse is not None:
tempUnauthorizedRequestResponseHost = self._extender._log.get(
i)._unauthorizedRequestResponse.getHttpService(
).getHost()
tempUnauthorizedRequestResponsePort = self._extender._log.get(
i)._unauthorizedRequestResponse.getHttpService(
).getPort()
tempUnauthorizedRequestResponseProtocol = self._extender._log.get(
i)._unauthorizedRequestResponse.getHttpService(
).getProtocol()
tempUnauthorizedRequestResponseRequest = base64.b64encode(
self._extender._log.get(
i)._unauthorizedRequestResponse.getRequest())
tempUnauthorizedRequestResponseResponse = base64.b64encode(
self._extender._log.get(
i)._unauthorizedRequestResponse.getResponse())
else:
tempUnauthorizedRequestResponseHost = None
tempUnauthorizedRequestResponsePort = None
tempUnauthorizedRequestResponseProtocol = None
tempUnauthorizedRequestResponseRequest = None
tempUnauthorizedRequestResponseResponse = None
tempEnforcementStatus = self._extender._log.get(
i)._enfocementStatus
tempEnforcementStatusUnauthorized = self._extender._log.get(
i)._enfocementStatusUnauthorized
tempRow = [
tempRequestResponseHost, tempRequestResponsePort,
tempRequestResponseProtocol,
tempRequestResponseRequest, tempRequestResponseResponse
]
tempRow.extend([
tempOriginalRequestResponseHost,
tempOriginalRequestResponsePort,
tempOriginalRequestResponseProtocol,
tempOriginalRequestResponseRequest,
tempOriginalRequestResponseResponse
])
tempRow.extend([
tempUnauthorizedRequestResponseHost,
tempUnauthorizedRequestResponsePort,
tempUnauthorizedRequestResponseProtocol,
tempUnauthorizedRequestResponseRequest,
tempUnauthorizedRequestResponseResponse
])
tempRow.extend([
tempEnforcementStatus,
tempEnforcementStatusUnauthorized
])
csvwriter.writerow(tempRow)
def restoreState(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setDialogTitle("State import file")
userSelection = fileChooser.showDialog(parentFrame, "Restore")
if userSelection == JFileChooser.APPROVE_OPTION:
importFile = fileChooser.getSelectedFile()
with open(importFile.getAbsolutePath(), 'r') as csvfile:
csvreader = csv.reader(csvfile, delimiter='\t', quotechar='|')
for row in csvreader:
tempRequestResponseHost = row[0]
tempRequestResponsePort = row[1]
tempRequestResponseProtocol = row[2]
tempRequestResponseRequest = base64.b64decode(row[3])
tempRequestResponseResponse = base64.b64decode(row[4])
tempRequestResponseHttpService = self._extender._helpers.buildHttpService(
tempRequestResponseHost, int(tempRequestResponsePort),
tempRequestResponseProtocol)
tempRequestResponse = IHttpRequestResponseImplementation(
tempRequestResponseHttpService,
tempRequestResponseRequest,
tempRequestResponseResponse)
tempOriginalRequestResponseHost = row[5]
tempOriginalRequestResponsePort = row[6]
tempOriginalRequestResponseProtocol = row[7]
tempOriginalRequestResponseRequest = base64.b64decode(
row[8])
tempOriginalRequestResponseResponse = base64.b64decode(
row[9])
tempOriginalRequestResponseHttpService = self._extender._helpers.buildHttpService(
tempOriginalRequestResponseHost,
int(tempOriginalRequestResponsePort),
tempOriginalRequestResponseProtocol)
tempOriginalRequestResponse = IHttpRequestResponseImplementation(
tempOriginalRequestResponseHttpService,
tempOriginalRequestResponseRequest,
tempOriginalRequestResponseResponse)
checkAuthentication = True
if row[10] != '':
tempUnauthorizedRequestResponseHost = row[10]
tempUnauthorizedRequestResponsePort = row[11]
tempUnauthorizedRequestResponseProtocol = row[12]
tempUnauthorizedRequestResponseRequest = base64.b64decode(
row[13])
tempUnauthorizedRequestResponseResponse = base64.b64decode(
row[14])
tempUnauthorizedRequestResponseHttpService = self._extender._helpers.buildHttpService(
tempUnauthorizedRequestResponseHost,
int(tempUnauthorizedRequestResponsePort),
tempUnauthorizedRequestResponseProtocol)
tempUnauthorizedRequestResponse = IHttpRequestResponseImplementation(
tempUnauthorizedRequestResponseHttpService,
tempUnauthorizedRequestResponseRequest,
tempUnauthorizedRequestResponseResponse)
else:
checkAuthentication = False
tempUnauthorizedRequestResponse = None
tempEnforcementStatus = row[15]
tempEnforcementStatusUnauthorized = row[16]
self._extender._lock.acquire()
row = self._extender._log.size()
if checkAuthentication:
self._extender._log.add(
LogEntry(
self._extender.currentRequestNumber,
self._extender._callbacks.
saveBuffersToTempFiles(tempRequestResponse),
self._extender._helpers.analyzeRequest(
tempRequestResponse).getMethod(),
self._extender._helpers.analyzeRequest(
tempRequestResponse).getUrl(),
self._extender._callbacks.
saveBuffersToTempFiles(
tempOriginalRequestResponse),
tempEnforcementStatus,
self._extender._callbacks.
saveBuffersToTempFiles(
tempUnauthorizedRequestResponse),
tempEnforcementStatusUnauthorized))
else:
self._extender._log.add(
LogEntry(
self._extender.currentRequestNumber,
self._extender._callbacks.
saveBuffersToTempFiles(tempRequestResponse),
self._extender._helpers.analyzeRequest(
tempRequestResponse).getMethod(),
self._extender._helpers.analyzeRequest(
tempRequestResponse).getUrl(),
self._extender._callbacks.
saveBuffersToTempFiles(
tempOriginalRequestResponse),
tempEnforcementStatus, None,
tempEnforcementStatusUnauthorized))
SwingUtilities.invokeLater(
UpdateTableEDT(self._extender, "insert", row, row))
self._extender.currentRequestNumber = self._extender.currentRequestNumber + 1
self._extender._lock.release()
lastRow = self._extender._log.size()
if lastRow > 0:
cookies = self._extender.getCookieFromMessage(
self._extender._log.get(lastRow - 1)._requestResponse)
if cookies:
self._extender.lastCookies = cookies
self._extender.fetchButton.setEnabled(True)
def exportToHTML(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th>URL</th><th>Authorization Enforcement Status</th></tr></thead>
<tbody>"""
for i in range(0, self._log.size()):
color = ""
if self._log.get(
i
)._enfocementStatus == "Authorization enforced??? (please configure enforcement detector)":
color = "yellow"
if self._log.get(i)._enfocementStatus == "Authorization bypass!":
color = "red"
if self._log.get(i)._enfocementStatus == "Authorization enforced!":
color = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (
color, self._log.get(i)._url, self._log.get(i)._url,
self._log.get(i)._enfocementStatus)
else:
if enforcementStatusFilter == self._log.get(
i)._enfocementStatus:
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (
color, self._log.get(i)._url, self._log.get(i)._url,
self._log.get(i)._enfocementStatus)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("PT Vulnerabilities Manager")
self.config = SafeConfigParser()
self.createSection('projects')
self.createSection('general')
self.config.read('config.ini')
self.chooser = JFileChooser()
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.logTable = Table(self)
self.logTable.getColumnModel().getColumn(0).setMaxWidth(35)
self.logTable.getColumnModel().getColumn(1).setMinWidth(100)
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self.initVulnerabilityTab()
self.initProjSettingsTab()
self.initTabs()
self.initCallbacks()
if self.projPath.getText() != None:
self.loadVulnerabilities(self.projPath.getText())
print "Thank you for installing PT Vulnerabilities Manager v1.0 extension"
print "by Barak Tawily\n\n\n"
print "Disclaimer:\nThis extension might create folders and files in your hardisk which might be declared as sensitive information, make sure you are creating projects under encrypted partition"
return
def initVulnerabilityTab(self):
#
## init vulnerability tab
#
nameLabel = JLabel("Vulnerability Name:")
nameLabel.setBounds(10, 10, 140, 30)
self.addButton = JButton("Add",actionPerformed=self.addVuln)
self.addButton.setBounds(10, 500, 100, 30)
rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln)
rmVulnButton.setBounds(465, 500, 100, 30)
mitigationLabel = JLabel("Mitigation:")
mitigationLabel.setBounds(10, 290, 150, 30)
addSSBtn = JButton("Add SS",actionPerformed=self.addSS)
addSSBtn.setBounds(750, 40, 110, 30)
deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS)
deleteSSBtn.setBounds(750, 75, 110, 30)
piclistLabel = JLabel("Images list:")
piclistLabel.setBounds(580, 10, 140, 30)
self.screenshotsList = DefaultListModel()
self.ssList = JList(self.screenshotsList)
self.ssList.setBounds(580, 40, 150, 250)
self.ssList.addListSelectionListener(ssChangedHandler(self))
self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY))
previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)")
previewPicLabel.setBounds(580, 290, 500, 30)
copyImgMenu = JMenuItem("Copy")
copyImgMenu.addActionListener(copyImg(self))
self.imgMenu = JPopupMenu("Popup")
self.imgMenu.add(copyImgMenu)
self.firstPic = JLabel()
self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY))
self.firstPic.setBounds(580, 320, 550, 400)
self.firstPic.addMouseListener(imageClicked(self))
self.vulnName = JTextField("")
self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self))
self.vulnName.setBounds(140, 10, 422, 30)
sevirities = ["Unclassified", "Critical","High","Medium","Low"]
self.threatLevel = JComboBox(sevirities);
self.threatLevel.setBounds(140, 45, 140, 30)
colors = ["Color:", "Green", "Red"]
self.colorCombo = JComboBox(colors);
self.colorCombo.setBounds(465, 45, 100, 30)
self.colorCombo
severityLabel = JLabel("Threat Level:")
severityLabel.setBounds(10, 45, 100, 30)
descriptionLabel = JLabel("Description:")
descriptionLabel.setBounds(10, 80, 100, 30)
self.descriptionString = JTextArea("", 5, 30)
self.descriptionString.setWrapStyleWord(True);
self.descriptionString.setLineWrap(True)
self.descriptionString.setBounds(10, 110, 555, 175)
descriptionStringScroll = JScrollPane(self.descriptionString)
descriptionStringScroll.setBounds(10, 110, 555, 175)
descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.mitigationStr = JTextArea("", 5, 30)
self.mitigationStr.setWrapStyleWord(True);
self.mitigationStr.setLineWrap(True)
self.mitigationStr.setBounds(10, 320, 555, 175)
mitigationStrScroll = JScrollPane(self.mitigationStr)
mitigationStrScroll.setBounds(10, 320, 555, 175)
mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(addSSBtn)
self.pnl.add(piclistLabel)
self.pnl.add(nameLabel)
self.pnl.add(deleteSSBtn)
self.pnl.add(rmVulnButton)
self.pnl.add(severityLabel)
self.pnl.add(mitigationLabel)
self.pnl.add(descriptionLabel)
self.pnl.add(previewPicLabel)
self.pnl.add(mitigationStrScroll)
self.pnl.add(descriptionStringScroll)
self.pnl.add(self.ssList)
self.pnl.add(self.firstPic)
self.pnl.add(self.addButton)
self.pnl.add(self.vulnName)
self.pnl.add(self.threatLevel)
self.pnl.add(self.colorCombo)
def initProjSettingsTab(self):
# init project settings
projNameLabel = JLabel("Name:")
projNameLabel.setBounds(10, 50, 140, 30)
self.projName = JTextField("")
self.projName.setBounds(140, 50, 320, 30)
self.projName.getDocument().addDocumentListener(projTextChanged(self))
detailsLabel = JLabel("Details:")
detailsLabel.setBounds(10, 120, 140, 30)
reportLabel = JLabel("Generate Report:")
reportLabel.setBounds(10, 375, 140, 30)
types = ["DOCX","HTML","XLSX"]
self.reportType = JComboBox(types)
self.reportType.setBounds(10, 400, 140, 30)
generateReportButton = JButton("Generate", actionPerformed=self.generateReport)
generateReportButton.setBounds(160, 400, 90, 30)
self.projDetails = JTextArea("", 5, 30)
self.projDetails.setWrapStyleWord(True);
self.projDetails.setLineWrap(True)
projDetailsScroll = JScrollPane(self.projDetails)
projDetailsScroll.setBounds(10, 150, 450, 175)
projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
projPathLabel = JLabel("Path:")
projPathLabel.setBounds(10, 90, 140, 30)
self.projPath = JTextField("")
self.projPath.setBounds(140, 90, 320, 30)
chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath)
chooseProjPathButton.setBounds(470, 90, 100, 30)
importProjButton = JButton("Import",actionPerformed=self.importProj)
importProjButton.setBounds(470, 10, 100, 30)
exportProjButton = JButton("Export",actionPerformed=self.exportProj)
exportProjButton.setBounds(575, 10, 100, 30)
openProjButton = JButton("Open Directory",actionPerformed=self.openProj)
openProjButton.setBounds(680, 10, 130, 30)
currentProjectLabel = JLabel("Current:")
currentProjectLabel.setBounds(10, 10, 140, 30)
projects = self.config.options('projects')
self.currentProject = JComboBox(projects)
self.currentProject.addActionListener(projectChangeHandler(self))
self.currentProject.setBounds(140, 10, 140, 30)
self.autoSave = JCheckBox("Auto Save Mode")
self.autoSave.setEnabled(False) # implement this feature
self.autoSave.setBounds(300, 10, 140, 30)
self.autoSave.setToolTipText("Will save any changed value while focus is out")
addProjButton = JButton("Add / Update",actionPerformed=self.addProj)
addProjButton.setBounds(10, 330, 150, 30)
removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj)
removeProjButton.setBounds(315, 330, 146, 30)
generalOptions = self.config.options('general')
if 'default project' in generalOptions:
defaultProj = self.config.get('general','default project')
self.currentProject.getModel().setSelectedItem(defaultProj)
self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem()))
self.clearProjTab = True
self.projectSettings = JPanel()
self.projectSettings.setBounds(0, 0, 1000, 1000)
self.projectSettings.setLayout(None)
self.projectSettings.add(reportLabel)
self.projectSettings.add(detailsLabel)
self.projectSettings.add(projPathLabel)
self.projectSettings.add(addProjButton)
self.projectSettings.add(openProjButton)
self.projectSettings.add(projNameLabel)
self.projectSettings.add(projDetailsScroll)
self.projectSettings.add(importProjButton)
self.projectSettings.add(exportProjButton)
self.projectSettings.add(removeProjButton)
self.projectSettings.add(generateReportButton)
self.projectSettings.add(chooseProjPathButton)
self.projectSettings.add(currentProjectLabel)
self.projectSettings.add(self.projPath)
self.projectSettings.add(self.autoSave)
self.projectSettings.add(self.projName)
self.projectSettings.add(self.reportType)
self.projectSettings.add(self.currentProject)
def initTabs(self):
#
## init autorize tabs
#
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
colorsMenu = JMenu("Paint")
redMenu = JMenuItem("Red")
noneMenu = JMenuItem("None")
greenMenu = JMenuItem("Green")
redMenu.addActionListener(paintChange(self, "Red"))
noneMenu.addActionListener(paintChange(self, None))
greenMenu.addActionListener(paintChange(self, "Green"))
colorsMenu.add(redMenu)
colorsMenu.add(noneMenu)
colorsMenu.add(greenMenu)
self.menu = JPopupMenu("Popup")
self.menu.add(colorsMenu)
self.tabs = JTabbedPane()
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Vulnerability", self.pnl)
self.tabs.addTab("Project Settings", self.projectSettings)
self.tabs.setSelectedIndex(2)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
def loadVulnerabilities(self, projPath):
self.clearList(None)
selected = False
for root, dirs, files in os.walk(projPath): # make it go only for dirs
for dirName in dirs:
xmlPath = projPath+"/"+dirName+"/vulnerability.xml"
# xmlPath = xmlPath.replace("/","//")
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
vulnName = nodeList.item(0).getTextContent()
severity = nodeList.item(1).getTextContent()
description = nodeList.item(2).getTextContent()
mitigation = nodeList.item(3).getTextContent()
color = nodeList.item(4).getTextContent()
test = vulnerability(vulnName,severity,description,mitigation,color)
self._lock.acquire()
row = self._log.size()
self._log.add(test)
self.fireTableRowsInserted(row, row)
self._lock.release()
if vulnName == self.vulnName.getText():
self.logTable.setRowSelectionInterval(row,row)
selected = True
if selected == False and self._log.size() > 0:
self.logTable.setRowSelectionInterval(0, 0)
self.loadVulnerability(self._log.get(0))
def createSection(self, sectioName):
self.config.read('config.ini')
if not (sectioName in self.config.sections()):
self.config.add_section(sectioName)
cfgfile = open("config.ini",'w')
self.config.write(cfgfile)
cfgfile.close()
def saveCfg(self):
f = open('config.ini', 'w')
self.config.write(f)
f.close()
def getXMLDoc(self, xmlPath):
try:
document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlPath)
return document
except:
self._extender.popup("XML file not found")
return
def saveXMLDoc(self, doc, xmlPath):
transformerFactory = TransformerFactory.newInstance()
transformer = transformerFactory.newTransformer()
source = DOMSource(doc)
result = StreamResult(File(xmlPath))
transformer.transform(source, result)
def generateReport(self,event):
if self.reportType.getSelectedItem() == "HTML":
path = self.reportToHTML()
if self.reportType.getSelectedItem() == "XLSX":
path = self.reportToXLS()
if self.reportType.getSelectedItem() == "DOCX":
path = self.generateReportFromDocxTemplate('template.docx',"newfile.docx", 'word/document.xml')
n = JOptionPane.showConfirmDialog(None, "Report generated successfuly:\n%s\nWould you like to open it?" % (path), "PT Manager", JOptionPane.YES_NO_OPTION)
if n == JOptionPane.YES_OPTION:
os.system('"' + path + '"') # Bug! stucking burp until the file get closed
def exportProj(self,event):
self.chooser.setDialogTitle("Save project")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showSaveDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
dst = str(self.chooser.getSelectedFile())
shutil.make_archive(dst,"zip",self.getCurrentProjPath())
self.popup("Project export successfuly")
def importProj(self,event):
self.chooser.setDialogTitle("Select project zip to directory")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
zipPath = str(self.chooser.getSelectedFile())
self.chooser.setDialogTitle("Select project directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
with zipfile.ZipFile(zipPath, "r") as z:
z.extractall(projPath)
xmlPath = projPath + "/project.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
projName = nodeList.item(0).getTextContent()
nodeList.item(1).setTextContent(projPath)
self.saveXMLDoc(document, xmlPath)
self.config.set('projects', projName, projPath)
self.saveCfg()
self.reloadProjects()
self.currentProject.getModel().setSelectedItem(projName)
self.clearVulnerabilityTab()
def reportToXLS(self):
if not xlsxwriterImported:
self.popup("xlsxwriter library is not imported")
return
workbook = xlsxwriter.Workbook(self.getCurrentProjPath() + '/PT Manager Report.xlsx')
worksheet = workbook.add_worksheet()
bold = workbook.add_format({'bold': True})
worksheet.write(0, 0, "Vulnerability Name", bold)
worksheet.write(0, 1, "Threat Level", bold)
worksheet.write(0, 2, "Description", bold)
worksheet.write(0, 3, "Mitigation", bold)
row = 1
for i in range(0,self._log.size()):
worksheet.write(row, 0, self._log.get(i).getName())
worksheet.write(row, 1, self._log.get(i).getSeverity())
worksheet.write(row, 2, self._log.get(i).getDescription())
worksheet.write(row, 3, self._log.get(i).getMitigation())
row = row + 1
# add requests and images as well
workbook.close()
return self.getCurrentProjPath() + '/PT Manager Report.xlsx'
def reportToHTML(self):
htmlContent = """<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="he" dir="ltr">
<head>
<title>PT Manager Report</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style>
body {
background-repeat: no-repeat;
background-attachment: fixed;
font-family: Arial,Tahoma,sens-serif;
font-size: 13px;
margin: auto;
}
#warpcenter {
width: 900px;
margin: 0px auto;
}
table {
border: 2px dashed #000000;
}
td {
border-top: 2px dashed #000000;
padding: 10px;
}
img {
border: 0px;
}
</style>
<script language="javascript">
function divHideShow(divToHideOrShow)
{
var div = document.getElementById(divToHideOrShow);
if (div.style.display == "block")
{
div.style.display = "none";
}
else
{
div.style.display = "block";
}
}
</script>
</head>
<body>
<div id="warpcenter">
<h1> PT Manager Report </h1>
<h2> Project: %s</h1>
""" % (self.projName.getText())
for i in range(0,self._log.size()):
name = self._log.get(i).getName()
request = "None"
response = "None"
path = self.getVulnReqResPath("request",name)
if os.path.exists(path):
request = self.newlineToBR(self.getFileContent(path))
path = self.getVulnReqResPath("response",name)
if os.path.exists(path):
response = self.newlineToBR(self.getFileContent(path))
images = ""
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(name)):
if fileName.endswith(".jpg"):
images += "%s<br><img src=\"%s\"><br><br>" % (fileName, self.projPath.getText()+"/"+self.clearStr(name) + "/" + fileName)
description = self.newlineToBR(self._log.get(i).getDescription())
mitigation = self.newlineToBR(self._log.get(i).getMitigation())
htmlContent += self.convertVulntoTable(i,name,self._log.get(i).getSeverity(), description,mitigation, request, response, images)
htmlContent += "</div></body></html>"
f = open(self.getCurrentProjPath() + '/PT Manager Report.html', 'w')
f.writelines(htmlContent)
f.close()
return self.getCurrentProjPath() + '/PT Manager Report.html'
def newlineToBR(self,string):
return "<br />".join(string.split("\n"))
def getFileContent(self,path):
f = open(path, "rb")
content = f.read()
f.close()
return content
def convertVulntoTable(self, number, name, severity, description, mitigation, request = "None", response = "None", images = "None"):
return """<div style="width: 100%%;height: 30px;text-align: center;background-color:#E0E0E0;font-size: 17px;font-weight: bold;color: #000;padding-top: 10px;">%s <a href="javascript:divHideShow('Table_%s');" style="color:#191970">(OPEN / CLOSE)</a></div>
<div id="Table_%s" style="display: none;">
<table width="100%%" cellspacing="0" cellpadding="0" style="margin: 0px auto;text-align: left;border-top: 0px;">
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Threat Level: </span>
<span style="color:#8b8989">%s</span>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Description</span>
<a href="javascript:divHideShow('Table_%s_Command_03');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_03" style="display: none;margin-top: 25px;">
%s
</div>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Mitigration</span>
<a href="javascript:divHideShow('Table_%s_Command_04');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_04" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Request</span>
<a href="javascript:divHideShow('Table_%s_Command_05');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_05" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Response</span>
<a href="javascript:divHideShow('Table_%s_Command_06');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_06" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Images</span>
<a href="javascript:divHideShow('Table_%s_Command_07');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_07" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
</table>
</div><br><br>""" % (name,number,number,severity,number,number,description,number,number,mitigation,number,number,request,number,number,response,number,number,images)
def clearVulnerabilityTab(self, rmVuln=True):
if rmVuln:
self.vulnName.setText("")
self.descriptionString.setText("")
self.mitigationStr.setText("")
self.colorCombo.setSelectedIndex(0)
self.threatLevel.setSelectedIndex(0)
self.screenshotsList.clear()
self.addButton.setText("Add")
self.firstPic.setIcon(None)
def saveRequestResponse(self, type, requestResponse, vulnName):
path = self.getVulnReqResPath(type,vulnName)
f = open(path, 'wb')
f.write(requestResponse)
f.close()
def openProj(self, event):
os.system('explorer ' + self.projPath.getText())
def getVulnReqResPath(self, requestOrResponse, vulnName):
return self.getCurrentProjPath() + "/" + self.clearStr(vulnName) + "/"+requestOrResponse+"_" + self.clearStr(vulnName)
def htmlEscape(self,data):
return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')
def generateReportFromDocxTemplate(self, zipname, newZipName, filename):
newZipName = self.getCurrentProjPath() + "/" + newZipName
with zipfile.ZipFile(zipname, 'r') as zin:
with zipfile.ZipFile(newZipName, 'w') as zout:
zout.comment = zin.comment
for item in zin.infolist():
if item.filename != filename:
zout.writestr(item, zin.read(item.filename))
else:
xml_content = zin.read(item.filename)
result = re.findall("(.*)<w:body>(?:.*)<\/w:body>(.*)",xml_content)[0]
newXML = result[0]
templateBody = re.findall("<w:body>(.*)<\/w:body>", xml_content)[0]
newBody = ""
for i in range(0,self._log.size()):
tmp = templateBody
tmp = tmp.replace("$vulnerability", self.htmlEscape(self._log.get(i).getName()))
tmp = tmp.replace("$severity", self.htmlEscape(self._log.get(i).getSeverity()))
tmp = tmp.replace("$description", self.htmlEscape(self._log.get(i).getDescription()))
tmp = tmp.replace("$mitigation", self.htmlEscape(self._log.get(i).getMitigation()))
newBody = newBody + tmp
newXML = newXML + newBody
newXML = newXML + result[1]
with zipfile.ZipFile(newZipName, mode='a', compression=zipfile.ZIP_DEFLATED) as zf:
zf.writestr(filename, newXML)
return newZipName
def chooseProjPath(self, event):
self.chooser.setDialogTitle("Select target directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
os.makedirs(projPath)
self.projPath.setText(projPath)
def reloadProjects(self):
self.currentProject.setModel(DefaultComboBoxModel(self.config.options('projects')))
def rmProj(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.projPath.getText())
self.config.remove_option('projects',self.currentProject.getSelectedItem())
self.reloadProjects()
self.currentProject.setSelectedIndex(0)
self.loadVulnerabilities(self.projPath.getText())
def popup(self,msg):
JOptionPane.showMessageDialog(None,msg)
def addProj(self, event):
projPath = self.projPath.getText()
if projPath == None or projPath == "":
self.popup("Please select path")
return
self.config.set('projects', self.projName.getText(), projPath)
self.saveCfg()
xml = ET.Element('project')
name = ET.SubElement(xml, "name")
path = ET.SubElement(xml, "path")
details = ET.SubElement(xml, "details")
autoSaveMode = ET.SubElement(xml, "autoSaveMode")
name.text = self.projName.getText()
path.text = projPath
details.text = self.projDetails.getText()
autoSaveMode.text = str(self.autoSave.isSelected())
tree = ET.ElementTree(xml)
try:
tree.write(self.getCurrentProjPath()+'/project.xml')
except:
self.popup("Invalid path")
return
self.reloadProjects()
self.clearVulnerabilityTab()
self.clearList(None)
self.currentProject.getModel().setSelectedItem(self.projName.getText())
def resize(self, image, width, height):
bi = BufferedImage(width, height, BufferedImage.TRANSLUCENT)
g2d = bi.createGraphics()
g2d.addRenderingHints(RenderingHints(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY))
g2d.drawImage(image, 0, 0, width, height, None)
g2d.dispose()
return bi;
def clearStr(self, var):
return var.replace(" " , "_").replace("\\" , "").replace("/" , "").replace(":" , "").replace("*" , "").replace("?" , "").replace("\"" , "").replace("<" , "").replace(">" , "").replace("|" , "").replace("(" , "").replace(")" , "")
def popUpAreYouSure(self):
dialogResult = JOptionPane.showConfirmDialog(None,"Are you sure?","Warning",JOptionPane.YES_NO_OPTION)
if dialogResult == 0:
return 0
return 1
def removeSS(self,event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
os.remove(self.getCurrentVulnPath() + "/" + self.ssList.getSelectedValue())
self.ssList.getModel().remove(self.ssList.getSelectedIndex())
self.firstPic.setIcon(ImageIcon(None))
# check if there is images and select the first one
# bug in linux
def addSS(self,event):
clipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
try:
image = clipboard.getData(DataFlavor.imageFlavor)
except:
self.popup("Clipboard not contains image")
return
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
name = self.clearStr(self.vulnName.getText()) + str(random.randint(1, 99999))+".jpg"
fileName = self.projPath.getText()+"/"+ self.clearStr(self.vulnName.getText()) + "/" + name
file = File(fileName)
bufferedImage = BufferedImage(image.getWidth(None), image.getHeight(None), BufferedImage.TYPE_INT_RGB);
g = bufferedImage.createGraphics();
g.drawImage(image, 0, 0, bufferedImage.getWidth(), bufferedImage.getHeight(), Color.WHITE, None);
ImageIO.write(bufferedImage, "jpg", file)
self.addVuln(self)
self.ssList.setSelectedValue(name,True)
def rmVuln(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.getCurrentVulnPath())
self.clearVulnerabilityTab()
self.loadVulnerabilities(self.getCurrentProjPath())
def addVuln(self, event):
if self.colorCombo.getSelectedItem() == "Color:":
colorTxt = None
else:
colorTxt = self.colorCombo.getSelectedItem()
self._lock.acquire()
row = self._log.size()
vulnObject = vulnerability(self.vulnName.getText(),self.threatLevel.getSelectedItem(),self.descriptionString.getText(),self.mitigationStr.getText() ,colorTxt)
self._log.add(vulnObject)
self.fireTableRowsInserted(row, row)
self._lock.release()
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
xml = ET.Element('vulnerability')
name = ET.SubElement(xml, "name")
severity = ET.SubElement(xml, "severity")
description = ET.SubElement(xml, "description")
mitigation = ET.SubElement(xml, "mitigation")
color = ET.SubElement(xml, "color")
name.text = self.vulnName.getText()
severity.text = self.threatLevel.getSelectedItem()
description.text = self.descriptionString.getText()
mitigation.text = self.mitigationStr.getText()
color.text = colorTxt
tree = ET.ElementTree(xml)
tree.write(vulnPath+'/vulnerability.xml')
self.loadVulnerabilities(self.getCurrentProjPath())
self.loadVulnerability(vulnObject)
def vulnNameChanged(self):
if os.path.exists(self.getCurrentVulnPath()) and self.vulnName.getText() != "":
self.addButton.setText("Update")
elif self.addButton.getText() != "Add":
options = ["Create a new vulnerability", "Change current vulnerability name"]
n = JOptionPane.showOptionDialog(None,
"Would you like to?",
"Vulnerability Name",
JOptionPane.YES_NO_CANCEL_OPTION,
JOptionPane.QUESTION_MESSAGE,
None,
options,
options[0]);
if n == 0:
self.clearVulnerabilityTab(False)
self.addButton.setText("Add")
else:
newName = JOptionPane.showInputDialog(
None,
"Enter new name:",
"Vulnerability Name",
JOptionPane.PLAIN_MESSAGE,
None,
None,
self.vulnName.getText())
row = self.logTable.getSelectedRow()
old = self.logTable.getValueAt(row,1)
self.changeVulnName(newName,old)
def changeVulnName(self,new,old):
newpath = self.getCurrentProjPath() + "/" + new
oldpath = self.getCurrentProjPath() + "/" + old
os.rename(oldpath,newpath)
self.changeCurrentVuln(new,0, newpath + "/vulnerability.xml")
def getCurrentVulnPath(self):
return self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
def getCurrentProjPath(self):
return self.projPath.getText()
def loadSS(self, imgPath):
image = ImageIO.read(File(imgPath))
if image.getWidth() <= 550 and image.getHeight() <= 400:
self.firstPic.setIcon(ImageIcon(image))
self.firstPic.setSize(image.getWidth(),image.getHeight())
else:
self.firstPic.setIcon(ImageIcon(self.resize(image,550, 400)))
self.firstPic.setSize(550,400)
def clearProjectTab(self):
self.projPath.setText("")
self.projDetails.setText("")
def clearList(self, event):
self._lock.acquire()
self._log = ArrayList()
row = self._log.size()
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send to PT Manager");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
ret.add(requestMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "PT Manager"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Vulnerability Name"
if columnIndex == 2:
return "Threat Level"
return ""
def getValueAt(self, rowIndex, columnIndex):
vulnObject = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return vulnObject.getName()
if columnIndex == 2:
return vulnObject.getSeverity()
if columnIndex == 3:
return vulnObject.getMitigation()
if columnIndex == 4:
return vulnObject.getColor()
return ""
def changeCurrentVuln(self,value,fieldNumber, xmlPath = "def"):
if xmlPath == "def":
xmlPath = self.getCurrentVulnPath() + "/vulnerability.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
nodeList.item(fieldNumber).setTextContent(value)
self.saveXMLDoc(document, xmlPath)
self.loadVulnerabilities(self.getCurrentProjPath())
def loadVulnerability(self, vulnObject):
self.addButton.setText("Update")
self.vulnName.setText(vulnObject.getName())
self.threatLevel.setSelectedItem(vulnObject.getSeverity())
self.descriptionString.setText(vulnObject.getDescription())
self.mitigationStr.setText(vulnObject.getMitigation())
if vulnObject.getColor() == "" or vulnObject.getColor() == None:
self.colorCombo.setSelectedItem("Color:")
else:
self.colorCombo.setSelectedItem(vulnObject.getColor())
self.screenshotsList.clear()
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())):
if fileName.endswith(".jpg"):
self.screenshotsList.addElement(fileName)
imgPath = self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())+'/'+fileName
# imgPath = imgPath.replace("/","//")
self.loadSS(imgPath)
if (self.screenshotsList.getSize() == 0):
self.firstPic.setIcon(None)
else:
self.ssList.setSelectedIndex(0)
path = self.getVulnReqResPath("request",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._requestViewer.setMessage(f, False)
else:
self._requestViewer.setMessage("None", False)
path = self.getVulnReqResPath("response",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._responseViewer.setMessage(f, False)
else:
self._responseViewer.setMessage("None", False)
print filename
filenana, file_extension = os.path.splitext(filename)
return file_extension
argvs = sys.argv
argc = len(argvs)
defaultpath = '/'
frontoutputpath2 = '/'
xmlfil = XMLFilter('kike')
print xmlfil.getDescription()
chooser = JFileChooser()
fakefile = File(defaultpath)
chooser.setCurrentDirectory(fakefile)
chooser.setDialogTitle("Select xml file")
chooser.setFileSelectionMode(JFileChooser.FILES_AND_DIRECTORIES)
chooser.setAcceptAllFileFilterUsed(False)
InputFolderPath = ''
if (chooser.showOpenDialog(None) == JFileChooser.APPROVE_OPTION):
IJ.log("getCrrentDirectory(): " + chooser.getCurrentDirectory().toString())
InputFolderPath = chooser.getSelectedFile().toString()
else:
IJ.log("No selection")
file = File(InputFolderPath)
# We have to feed a logger to the reader.
logger = Logger.IJ_LOGGER
#-------------------
# Instantiate reader
def exportToHTML(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReport.html"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th width=\"3%\">ID</th><th width=\"5%\">Method</th><th width=\"43%\">URL</th><th width=\"9%\">Original length</th><th width=\"9%\">Modified length</th><th width=\"9%\">Unauthorized length</th><th width=\"11%\">Authorization Enforcement Status</th><th width=\"11%\">Authorization Unauthenticated Status</th></tr></thead>
<tbody>"""
for i in range(0,self._log.size()):
color_modified = ""
if self._log.get(i)._enfocementStatus == self.BYPASSSED_STR:
color_modified = "red"
elif self._log.get(i)._enfocementStatus == self.IS_ENFORCED_STR:
color_modified = "yellow"
elif self._log.get(i)._enfocementStatus == self.ENFORCED_STR:
color_modified = "LawnGreen"
color_unauthorized = ""
if self._log.get(i)._enfocementStatusUnauthorized == self.BYPASSSED_STR:
color_unauthorized = "red"
elif self._log.get(i)._enfocementStatusUnauthorized == self.IS_ENFORCED_STR:
color_unauthorized = "yellow"
elif self._log.get(i)._enfocementStatusUnauthorized == self.ENFORCED_STR:
color_unauthorized = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr><td>%d</td><td>%s</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id, self._log.get(i)._method, self._log.get(i)._url, self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse is not None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse is not None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse is not None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
elif enforcementStatusFilter == "As table filter":
if ((self._extender.showAuthBypassModified.isSelected() and self.BYPASSSED_STR == self._log.get(i)._enfocementStatus) or
(self._extender.showAuthPotentiallyEnforcedModified.isSelected() and "Is enforced???" == self._log.get(i)._enfocementStatus) or
(self._extender.showAuthEnforcedModified.isSelected() and self.ENFORCED_STR == self._log.get(i)._enfocementStatus) or
(self._extender.showAuthBypassUnauthenticated.isSelected() and self.BYPASSSED_STR == self._log.get(i)._enfocementStatusUnauthorized) or
(self._extender.showAuthPotentiallyEnforcedUnauthenticated.isSelected() and "Is enforced???" == self._log.get(i)._enfocementStatusUnauthorized) or
(self._extender.showAuthEnforcedUnauthenticated.isSelected() and self.ENFORCED_STR == self._log.get(i)._enfocementStatusUnauthorized) or
(self._extender.showDisabledUnauthenticated.isSelected() and "Disabled" == self._log.get(i)._enfocementStatusUnauthorized)):
htmlContent += "<tr><td>%d</td><td>%s</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id, self._log.get(i)._method, self._log.get(i)._url, self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse is not None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse is not None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse is not None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
htmlContent += "<tr><td>%d</td><td>%s</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id, self._log.get(i)._method, self._log.get(i)._url, self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse is not None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse is not None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse is not None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
class BurpExtender(IBurpExtender, ITab, IMessageEditorController,
AbstractTableModel):
"""
Implements IBurpExtender
"""
def registerExtenderCallbacks(self, callbacks):
# Save callbacks and helpers for later use
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Set extension name
self._callbacks.setExtensionName("Burp XML Export Viewer")
# Create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# Main panel
self._mainPanel = JPanel(BorderLayout())
# Button to load Burp XML Export file
self._loadButton = JButton('Select Burp XML Export File')
self._loadButton.addActionListener(self.loadButtonTapped)
self._mainPanel.add(self._loadButton, BorderLayout.PAGE_START)
# File chooser for Burp XML Export file
self._fc = JFileChooser()
self._fc.setDialogTitle("Select Burp XML Export File")
# Splitpane for table and request/response view
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._mainPanel.add(self._splitpane, BorderLayout.CENTER)
# Table of log entries
self._logTable = Table(self)
self._scrollPane = JScrollPane(self._logTable)
self._splitpane.setTopComponent(self._scrollPane)
# Set column width of table
self._logTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF)
self._logTable.getColumnModel().getColumn(0).setPreferredWidth(40)
self._logTable.getColumnModel().getColumn(1).setPreferredWidth(60)
self._logTable.getColumnModel().getColumn(2).setPreferredWidth(70)
self._logTable.getColumnModel().getColumn(3).setPreferredWidth(300)
self._logTable.getColumnModel().getColumn(4).setPreferredWidth(500)
self._logTable.getColumnModel().getColumn(5).setPreferredWidth(300)
self._logTable.getColumnModel().getColumn(6).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(7).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(8).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(9).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(10).setPreferredWidth(230)
self._logTable.getColumnModel().getColumn(11).setMaxWidth(100000)
# Tabs with request and response viewers
self._tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
self._tabs.addTab("Request", self._requestViewer.getComponent())
self._tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setBottomComponent(self._tabs)
# Customize UI components
self._callbacks.customizeUiComponent(self._mainPanel)
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self._logTable)
self._callbacks.customizeUiComponent(self._scrollPane)
self._callbacks.customizeUiComponent(self._tabs)
# Add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
return
"""
Helper Functions
"""
def loadButtonTapped(self, actionEvent):
# Display the file chooser dialog
retVal = self._fc.showOpenDialog(None)
if retVal == JFileChooser.APPROVE_OPTION:
self._file = self._fc.getSelectedFile()
self.resetList() # clear the table from all previous entries
self.parseXML(
self._file) # parse the file and load all entries to the table
else:
print("Open command cancelled by user.")
def parseXML(self, file):
# Initialize XML stuff
dbFactory = DocumentBuilderFactory.newInstance()
dBuilder = dbFactory.newDocumentBuilder()
doc = dBuilder.parse(file)
doc.getDocumentElement().normalize()
# All entries in Burp's XML Export File have tag <item>...</item>
nodeList = doc.getElementsByTagName("item")
# for i in reversed(range(0, nodeList.getLength())):
for i in range(0, nodeList.getLength()):
node = nodeList.item(i)
if node.getNodeType() == Node.ELEMENT_NODE:
request = node.getElementsByTagName("request").item(
0).getTextContent()
response = node.getElementsByTagName("response").item(
0).getTextContent()
request_isBase64 = node.getElementsByTagName("request").item(
0).getAttribute("base64")
response_isBase64 = node.getElementsByTagName("response").item(
0).getAttribute("base64")
if request_isBase64 == "true":
request = Base64.getDecoder().decode(request)
if response_isBase64 == "true":
response = Base64.getDecoder().decode(response)
info = {
"time":
node.getElementsByTagName("time").item(0).getTextContent(),
"url":
node.getElementsByTagName("url").item(0).getTextContent(),
"host":
node.getElementsByTagName("host").item(0).getTextContent(),
"port":
node.getElementsByTagName("port").item(0).getTextContent(),
"protocol":
node.getElementsByTagName("protocol").item(
0).getTextContent(),
"method":
node.getElementsByTagName("method").item(
0).getTextContent(),
"path":
node.getElementsByTagName("path").item(0).getTextContent(),
"extension":
node.getElementsByTagName("extension").item(
0).getTextContent(),
"request":
request,
"status":
node.getElementsByTagName("status").item(
0).getTextContent(),
"responselength":
node.getElementsByTagName("responselength").item(
0).getTextContent(),
"mimetype":
node.getElementsByTagName("mimetype").item(
0).getTextContent(),
"response":
response,
"comment":
node.getElementsByTagName("comment").item(
0).getTextContent(),
"highlight":
""
}
logEntry = LogEntry(info)
# Remove GET parameters from path component
# Path component usually looks like this: /some/path/index.html?q=foo&z=faa
info["path"] = info["path"].split("?")[0]
# Extract GET parameters
params = []
for param in self._helpers.analyzeRequest(
logEntry).getParameters():
if param.getType() == IParameter.PARAM_URL:
params.append("{}={}".format(param.getName(),
param.getValue()))
info["params"] = "&".join(params)
self.addLogEntryToList(logEntry)
def addLogEntryToList(self, logEntry):
self._lock.acquire()
row = self._log.size()
self._log.add(logEntry)
self.fireTableRowsInserted(row, row)
self._lock.release()
def resetList(self):
self._lock.acquire()
self._log.clear()
self.fireTableRowsInserted(0, 0)
self._lock.release()
"""
Implements ITab
"""
def getTabCaption(self):
return "Burp XML Export Viewer"
def getUiComponent(self):
return self._mainPanel
"""
Extends AbstractTableModel
"""
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 12
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Method"
if columnIndex == 2:
return "Protocol"
if columnIndex == 3:
return "Host"
if columnIndex == 4:
return "Path"
if columnIndex == 5:
return "Parameters"
if columnIndex == 6:
return "Status"
if columnIndex == 7:
return "Length"
if columnIndex == 8:
return "MIME type"
if columnIndex == 9:
return "Extension"
if columnIndex == 10:
return "Time"
if columnIndex == 11:
return "Comment"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return "{}".format(rowIndex)
if columnIndex == 1:
return logEntry._info["method"]
if columnIndex == 2:
return logEntry._info["protocol"]
if columnIndex == 3:
return logEntry.getHttpService().getHost()
if columnIndex == 4:
return logEntry._info["path"]
if columnIndex == 5:
return logEntry._info["params"]
if columnIndex == 6:
return logEntry._info["status"]
if columnIndex == 7:
return logEntry._info["responselength"]
if columnIndex == 8:
return logEntry._info["mimetype"]
if columnIndex == 9:
return logEntry._info["extension"]
if columnIndex == 10:
return logEntry._info["time"]
if columnIndex == 11:
return logEntry._info["comment"]
return ""
"""
Implements IMessageEditorController
Allows request and response viewers to obtain details about the messages being displayed
"""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory, IScannerCheck):
name = "Femida XSS"
conf_path = "./config.py"
_jTabbedPane = JTabbedPane()
_jPanel = JPanel()
_jAboutPanel = JPanel()
_jPanelConstraints = GridBagConstraints()
_jLabelParameters = None
_jTextFieldParameters = None
_jLabelTechniques = None
_jTextFieldURL = None
_jLabelFuzzFactor = None
_jTextFieldFuzzFactor = None
_jLabelAdditionalCmdLine = None
_jTextFieldAdditionalCmdLine = None
_jButtonSetCommandLine = None
_jLabelAbout = None
_overwriteHeader = False
_overwriteParam = False
_forkRequestParam = False
def doActiveScan(self, baseRequestResponse, insertionPoint):
scan_issues = []
try:
requestString = str(baseRequestResponse.getRequest().tostring())
newRequestString = self.prepareRequest(requestString)
vulnerable, verifyingRequestResponse = self.quickCheckScan(
newRequestString, baseRequestResponse)
except Exception as msg:
print(msg)
return []
def quickCheckScan(self, preparedRequest, requestResponse):
check = self._callbacks.makeHttpRequest(
requestResponse.getHttpService(),
self._helpers.stringToBytes(preparedRequest))
vulner = self._helpers.analyzeResponse(
check.getResponse()).getStatusCode() == 200
return vulner, check
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self._callbacks.setExtensionName(self.name)
self._callbacks.registerScannerCheck(self)
self._dictPayloads = {}
self._dictHeaders = {}
self._dictParams = {}
self.status_flag = False
self.jfc = JFileChooser("./")
self.jfc.setDialogTitle("Upload Payloads")
self.jfc.setFileFilter(FileNameExtensionFilter("TXT file", ["txt"]))
self._layout = GridBagLayout()
self._jPanel.setLayout(self._layout)
self._jLabelTechniques = JLabel("Press to start:")
self.createAnyView(self._jLabelTechniques, 0, 0, 3, 1,
Insets(0, 0, 10, 0))
self.submitSearchButton = swing.JButton(
'Run proxy', actionPerformed=self.active_flag)
self.submitSearchButton.setBackground(Color.WHITE)
self.createAnyView(self.submitSearchButton, 3, 0, 6, 1,
Insets(0, 0, 10, 0))
self._jPanel.setBounds(0, 0, 1000, 1000)
self._jLabelTechniques = JLabel("Your URL (my.burpcollaborator.net):")
self.createAnyView(self._jLabelTechniques, 0, 1, 3, 1,
Insets(0, 0, 10, 0))
self._jTextFieldURL = JTextField("", 30)
self._jTextFieldURL.addActionListener(self.setCallbackUrl)
self.createAnyView(self._jTextFieldURL, 3, 1, 5, 1,
Insets(0, 0, 10, 0))
self._forkRequestButton = swing.JButton(
'Parallel Request', actionPerformed=self.forkRequest)
self._forkRequestButton.setBackground(Color.WHITE)
self.createAnyView(self._forkRequestButton, 8, 1, 1, 1,
Insets(0, 0, 10, 0))
self._tableModelPayloads = DefaultTableModel()
self._tableModelPayloads.addColumn("Payload")
self._tableModelPayloads.addColumn("Active")
self._tableModelHeaders = DefaultTableModel()
self._tableModelHeaders.addColumn("Header")
self._tableModelHeaders.addColumn("Active")
self._tableModelParams = DefaultTableModel()
self._tableModelParams.addColumn("Parameter")
self._tableModelParams.addColumn("Active")
self._payloadTable = self.createAnyTable(self._tableModelPayloads, 1,
Dimension(300, 200))
self.createAnyView(self._payloadTable, 0, 2, 3, 1, Insets(0, 0, 0, 10))
self._headerTable = self.createAnyTable(self._tableModelHeaders, 2,
Dimension(300, 200))
self.createAnyView(self._headerTable, 3, 2, 3, 1, Insets(0, 0, 0, 10))
self._paramTable = self.createAnyTable(self._tableModelParams, 3,
Dimension(300, 200))
self.createAnyView(self._paramTable, 6, 2, 3, 1, Insets(0, 0, 0, 0))
deletePayloadButton = swing.JButton(
'Delete', actionPerformed=self.deleteToPayload)
deletePayloadButton.setBackground(Color.WHITE)
self.createAnyView(deletePayloadButton, 0, 3, 1, 1, Insets(3, 0, 0, 0))
deletePayloadButton = swing.JButton(
'Upload', actionPerformed=self.uploadToPayload)
deletePayloadButton.setBackground(Color.WHITE)
self.createAnyView(deletePayloadButton, 1, 3, 1, 1, Insets(3, 0, 0, 0))
addPayloadButton = swing.JButton('Add',
actionPerformed=self.addToPayload)
addPayloadButton.setBackground(Color.WHITE)
self.createAnyView(addPayloadButton, 2, 3, 1, 1, Insets(3, 0, 0, 10))
deleteHeaderButton = swing.JButton('Delete',
actionPerformed=self.deleteToHeader)
deleteHeaderButton.setBackground(Color.WHITE)
self.createAnyView(deleteHeaderButton, 3, 3, 1, 1, Insets(3, 0, 0, 0))
self._overwriteHeaderButton = swing.JButton(
'Overwrite', actionPerformed=self.overwriteHeader)
self._overwriteHeaderButton.setBackground(Color.WHITE)
self.createAnyView(self._overwriteHeaderButton, 4, 3, 1, 1,
Insets(3, 0, 0, 0))
addHeaderButton = swing.JButton('Add',
actionPerformed=self.addToHeader)
addHeaderButton.setBackground(Color.WHITE)
self.createAnyView(addHeaderButton, 5, 3, 1, 1, Insets(3, 0, 0, 10))
deleteParamsButton = swing.JButton('Delete',
actionPerformed=self.deleteToParams)
deleteParamsButton.setBackground(Color.WHITE)
self.createAnyView(deleteParamsButton, 6, 3, 1, 1, Insets(3, 0, 0, 0))
self._overwriteParamButton = swing.JButton(
'Overwrite', actionPerformed=self.overwriteParam)
self._overwriteParamButton.setBackground(Color.WHITE)
self.createAnyView(self._overwriteParamButton, 7, 3, 1, 1,
Insets(3, 0, 0, 0))
addParamsButton = swing.JButton('Add',
actionPerformed=self.addToParams)
addParamsButton.setBackground(Color.WHITE)
self.createAnyView(addParamsButton, 8, 3, 1, 1, Insets(3, 0, 0, 0))
self._resultsTextArea = swing.JTextArea()
resultsOutput = swing.JScrollPane(self._resultsTextArea)
resultsOutput.setMinimumSize(Dimension(800, 200))
self.createAnyView(resultsOutput, 0, 4, 9, 1, Insets(10, 0, 0, 0))
self.clearSearchButton = swing.JButton(
'Clear Search Output', actionPerformed=self.clearOutput)
self.createAnyView(self.clearSearchButton, 3, 6, 3, 1,
Insets(3, 0, 0, 0))
self._callbacks.customizeUiComponent(self._jPanel)
self._callbacks.addSuiteTab(self)
self.starterPack()
self._callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
return
def createAnyTable(self, table_model, table_number, min_size):
_table = JTable(table_model)
_table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS)
for i in range(2):
column = _table.getColumnModel().getColumn(i)
if i == 0:
column.setPreferredWidth(250)
else:
column.setPreferredWidth(50)
_scrolltable = JScrollPane(_table)
_scrolltable.setMinimumSize(min_size)
return _scrolltable
def insertAnyTable(self, table, data):
def detectTable(table):
name = table.getColumnName(0)
if name == 'Payloads':
return 0
elif name == 'Headers':
return 1
elif name == 'Parameters':
return 2
tableNum = detectTable(table)
new_data = [str(x) for x in data]
table.insertRow(table.getRowCount(), new_data)
return table.getRowCount()
def replaceLine(self, file_path, new_line):
from tempfile import mkstemp
from shutil import move
from os import fdopen, remove
#Create temp file
fh, abs_path = mkstemp()
with fdopen(fh, 'w') as new_file:
with open(file_path) as old_file:
for line in old_file:
a = re.findall('^Callback_url[ =]+(.+)$', line)
if a:
for k in a:
temp = k.replace("\'", "").replace("\"", "")
new_file.write(line.replace(temp, new_line))
else:
new_file.write(line)
#Remove original file
remove(file_path)
#Move new file
move(abs_path, file_path)
def createAnyView(self, _component, gridx, gridy, gridwidth, gridheight,
insets):
self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = gridx
self._jPanelConstraints.gridy = gridy
self._jPanelConstraints.gridwidth = gridwidth
self._jPanelConstraints.gridheight = gridheight
self._jPanelConstraints.insets = insets
self._jPanel.add(_component, self._jPanelConstraints)
def createMenuItems(self, contextMenuInvocation):
context = contextMenuInvocation.getInvocationContext()
filterMenu = JMenu("Femida XSS")
self._contextMenuData = contextMenuInvocation
if (context == 0 or context == 1 or context == 2 or context == 3
or context == 8 or context == 9):
filterMenu.add(
JMenuItem("Add to Headers",
actionPerformed=self.addToHeadersItem))
filterMenu.add(
JMenuItem("Add to Parameters",
actionPerformed=self.addToParametersItem))
return Arrays.asList(filterMenu)
return Arrays.asList([])
def addToHeadersItem(self, event):
start, end = self._contextMenuData.getSelectionBounds()
message = self._contextMenuData.getSelectedMessages()[0]
ctx = self._contextMenuData.getInvocationContext()
if ctx == 0 or ctx == 2:
message = message.getRequest()
elif ctx == 1 or ctx == 3:
message = message.getResponse()
else:
print(ctx)
return
try:
selected_text = self._helpers.bytesToString(message)[start:end]
self.insertAnyTable(self._tableModelHeaders,
[str(selected_text), '1'])
except Exception:
pass
def addToParametersItem(self, event):
start, end = self._contextMenuData.getSelectionBounds()
message = self._contextMenuData.getSelectedMessages()[0]
ctx = self._contextMenuData.getInvocationContext()
if ctx == 0 or ctx == 2:
message = message.getRequest()
elif ctx == 1 or ctx == 3:
message = message.getResponse()
else:
print(ctx)
return
try:
selected_text = self._helpers.bytesToString(message)[start:end]
self.insertAnyTable(self._tableModelParams,
[str(selected_text), '1'])
except Exception:
pass
def starterPack(self):
self.addFromFileAsync(config.Payloads, self._tableModelPayloads)
self.addFromFileAsync(config.Headers, self._tableModelHeaders)
self.addFromFileAsync(config.Parameters, self._tableModelParams)
self._jTextFieldURL.setText(config.Callback_url)
self._tableModelPayloads.addTableModelListener(
MyTableModelListener(self._tableModelPayloads, self,
self._dictPayloads, config.Payloads))
self._tableModelHeaders.addTableModelListener(
MyTableModelListener(self._tableModelHeaders, self,
self._dictHeaders, config.Headers))
self._tableModelParams.addTableModelListener(
MyTableModelListener(self._tableModelParams, self,
self._dictParams, config.Parameters))
def setCallbackUrl(self, event):
self.replaceLine(self.conf_path, self._jTextFieldURL.getText())
self.appendToResults('New url={} saved.'.format(
self._jTextFieldURL.getText()))
def addToPayload(self, button):
self.insertAnyTable(self._tableModelPayloads, ['', '1'])
def addToHeader(self, button):
self.insertAnyTable(self._tableModelHeaders, ['', '1'])
def addToParams(self, button):
self.insertAnyTable(self._tableModelParams, ['', '1'])
def uploadToPayload(self, button):
self._returnFileChooser = self.jfc.showDialog(None, "Open")
if (self._returnFileChooser == JFileChooser.APPROVE_OPTION):
selectedFile = self.jfc.getSelectedFile()
self.fileUpload(selectedFile, self._tableModelPayloads)
def deleteToPayload(self, button):
try:
val = self._tableModelPayloads.getValueAt(
self._tableModelPayloads.getRowCount() - 1, 0)
self._tableModelPayloads.removeRow(
self._tableModelPayloads.getRowCount() - 1)
self._dictPayloads.pop(val)
self.saveToFileAsync(config.Payloads, self._dictPayloads)
except Exception as msg:
# print(msg)
pass
def deleteToHeader(self, button):
try:
val = self._tableModelHeaders.getValueAt(
self._tableModelHeaders.getRowCount() - 1, 0)
self._tableModelHeaders.removeRow(
self._tableModelHeaders.getRowCount() - 1)
self._dictHeaders.pop(val)
self.saveToFileAsync(config.Headers, self._dictHeaders)
except Exception as msg:
# print(msg)
pass
def deleteToParams(self, button):
try:
val = self._tableModelParams.getValueAt(
self._tableModelParams.getRowCount() - 1, 0)
self._tableModelParams.removeRow(
self._tableModelParams.getRowCount() - 1)
self._dictParams.pop(val)
self.saveToFileAsync(config.Parameters, self._dictParams)
except Exception as msg:
# print(msg)
pass
def clearOutput(self, button):
self._resultsTextArea.setText("")
def fileUpload(self, path, table):
with open(str(path), "r") as f:
for line in f:
self.insertAnyTable(table, [str(line), '1'])
def active_flag(self, button):
if not self.status_flag:
self.status_flag = True
self.submitSearchButton.setBackground(Color.GRAY)
self.appendToResults("Proxy start...\n")
else:
self.status_flag = False
self.submitSearchButton.setBackground(Color.WHITE)
self.appendToResults("Proxy stop...\n")
def overwriteHeader(self, button):
if not self._overwriteHeader:
self._overwriteHeader = True
self._overwriteHeaderButton.setBackground(Color.GRAY)
else:
self._overwriteHeader = False
self._overwriteHeaderButton.setBackground(Color.WHITE)
def overwriteParam(self, button):
if not self._overwriteParam:
self._overwriteParam = True
self._overwriteParamButton.setBackground(Color.GRAY)
else:
self._overwriteParam = False
self._overwriteParamButton.setBackground(Color.WHITE)
def forkRequest(self, button):
if not self._forkRequestParam:
self._forkRequestParam = True
self._forkRequestButton.setBackground(Color.GRAY)
else:
self._forkRequestParam = False
self._forkRequestButton.setBackground(Color.WHITE)
def prepareRequest(self, requestString, messageInfo=None):
requestString = str(requestString)
listHeader = re.findall('([\w-]+):\s?(.*)', requestString)
dictRealHeaders = {x[0].lower(): x[1] for x in listHeader}
selectedPayloads = {}
for ind, k in enumerate(self._dictPayloads):
if self._dictPayloads[k] == '1':
selectedPayloads[k] = '1'
else:
continue
for index, key in enumerate(self._dictHeaders):
if key.lower() in dictRealHeaders.keys(
) and self._dictHeaders[key] == '1':
if len(self._dictPayloads.keys()) == 0:
pass
elif self._overwriteHeader:
payload = random.choice(selectedPayloads.keys())
payload = payload.replace(r"{URL}",
self._jTextFieldURL.getText(), 1)
requestString = requestString.replace(
dictRealHeaders.get(key.lower()), payload, 1)
elif not self._overwriteHeader:
payload = random.choice(selectedPayloads.keys())
payload = payload.replace(r"{URL}",
self._jTextFieldURL.getText(), 1)
payload = dictRealHeaders.get(key.lower()) + payload
requestString = requestString.replace(
dictRealHeaders.get(key.lower()), payload, 1)
else:
pass
for index, key in enumerate(self._dictParams):
analyzed = self._helpers.analyzeRequest(requestString.encode())
param = analyzed.getParameters()
dictRealParams = {
x.getName().lower():
[x.getValue(),
x.getValueStart(),
x.getValueEnd()]
for x in param
}
if key.lower() in dictRealParams.keys(
) and self._dictParams[key] == '1':
if len(self._dictPayloads.keys()) == 0:
pass
elif self._overwriteParam:
payload = random.choice(selectedPayloads.keys())
payload = payload.replace(r"{URL}",
self._jTextFieldURL.getText(), 1)
start_word = dictRealParams[key.lower()][1]
end_word = dictRealParams[key.lower()][2]
requestString = requestString[:
start_word] + payload + requestString[
end_word:]
elif not self._overwriteParam:
payload = random.choice(selectedPayloads.keys())
payload = payload.replace(r"{URL}",
self._jTextFieldURL.getText(), 1)
payload = dictRealParams[key.lower()][0] + payload
start_word = dictRealParams[key.lower()][1]
end_word = dictRealParams[key.lower()][2]
requestString = requestString[:
start_word] + payload + requestString[
end_word:]
else:
pass
return requestString
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if not self.status_flag:
return
# only process requests
if not messageIsRequest:
return
if self._forkRequestParam:
requestString = messageInfo.getRequest().tostring()
# SOOOO HARD FIX! It should be better
if requestString[0] == '@':
messageInfo.setRequest(
self._helpers.stringToBytes(requestString[1:]))
else:
newRequestString = self.prepareRequest(requestString,
messageInfo)
self.appendToResults('Parallel Request:')
self.appendToResults(newRequestString.encode())
newRequestString = '@' + newRequestString
func = self._callbacks.makeHttpRequest
thread = Thread(
target=func,
args=(messageInfo.getHttpService(),
self._helpers.stringToBytes(newRequestString)))
thread.start()
else:
requestString = messageInfo.getRequest().tostring()
newRequestString = self.prepareRequest(requestString, messageInfo)
self.appendToResults(newRequestString.encode())
messageInfo.setRequest(
self._helpers.stringToBytes(newRequestString))
# Fnction to provide output to GUI
def appendToResults(self, s):
def appendToResults_run(s):
self._resultsTextArea.append(s)
self._resultsTextArea.append('\n')
swing.SwingUtilities.invokeLater(
PyRunnable(appendToResults_run, str(s)))
def addFromFileAsync(self, file, table):
def addFromFile_run(file, table):
if os.path.exists(file):
with open(file, 'r') as f:
for row in f.readlines():
if row != '':
temp = row[:-1] if row[-1] == '\n' else row
self.insertAnyTable(table, [str(temp), '1'])
swing.SwingUtilities.invokeLater(
PyRunnable(addFromFile_run, file, table))
def saveToFileAsync(self, file, data, isAppend=False):
def saveToFile_run(file, data, isAppend):
isAppend = 'w'
with open(file, isAppend) as f:
for i, k in enumerate(data):
f.write("{}\n".format(k))
f.seek(-1, os.SEEK_END)
f.truncate()
swing.SwingUtilities.invokeLater(
PyRunnable(saveToFile_run, file, data, isAppend))
def getTabCaption(self):
return self.name
def getUiComponent(self):
return self._jPanel
import glob
from time import time
import jmri
import java
from javax.swing import JFileChooser, JOptionPane
from javax.swing.filechooser import FileNameExtensionFilter
dialogTitle = "Bundle Keys Report"
##
# Select a properties file to be anaylzed. This will normally be the
# default (English) file.
##
fc = JFileChooser(FileUtil.getProgramPath())
fc.setDialogTitle(dialogTitle)
fc.setFileFilter(FileNameExtensionFilter("Bundle Properties", ["properties"]))
ret = fc.showOpenDialog(None)
if ret == JFileChooser.APPROVE_OPTION:
selectedBundle = fc.getSelectedFile().toString()
startTime = time()
else:
print "No file selected, bye"
quit()
# set up path info
bundleFile = os.path.basename(selectedBundle)
fullPath = os.path.dirname(selectedBundle)
splitPath = fullPath.split(os.sep + "src" + os.sep)
jmriPath = splitPath[0]
bundlePath = splitPath[1]
from os.path import join
import glob
import jmri
import java
import com.csvreader
from javax.swing import JFileChooser, JOptionPane
from javax.swing.filechooser import FileNameExtensionFilter
dialogTitle = "Class Keys Report"
print " {}".format(dialogTitle)
keyList = []
# Select a Java program or package directory to be analyzed.
fc = JFileChooser(FileUtil.getProgramPath())
fc.setDialogTitle(dialogTitle)
fc.setFileFilter(FileNameExtensionFilter("Java Program", ["java"]));
fc.setFileSelectionMode(JFileChooser.FILES_AND_DIRECTORIES)
ret = fc.showOpenDialog(None)
if ret == JFileChooser.APPROVE_OPTION:
selectedItem = fc.getSelectedFile().toString()
else:
print 'No file selected, bye'
quit()
# RegEx patterns. Capture the first word after the start of the match string.
# The first one looks for a word within double quotes.
# The second one looks for a plain word.
# A word contains a-z, A-Z, 0-9 or underscore characters.
reStrKey = re.compile('\W*"(\w+)"\W*[,)]')
reVarKey = re.compile('\W*(\w+)\W')
