def retrieve_ranked_apis(question_id):
docs = coll.find(BasicDBObject({"question_id": question_id}))
apis = []
for doc in docs:
answer = doc.toMap()
apis.append(answer["typed_method_call"])
print apis
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName('ReplayAndDiff')
System.out.println('\n\n:: ReplayAndDiff Headless Extension ::\n\n')
#Default configuration
mongo_host = '127.0.0.1'
mongo_port = 27017
output_dir = '/tmp/'
report_name = 'burpreport_' + str(System.currentTimeMillis()) + '.html'
timeout = 10 #seconds
#Parse command line arguments and store values in local variables
#-h|--host=<IP>, -p|--port=<port>, -o|--ouput=<dir>, -e|--report=<filename>, -t|--timeout=<seconds>
args = callbacks.getCommandLineArguments()
for arg in args:
if (arg.contains('-h=') or arg.contains('--host=')):
mongo_host = arg.substring(arg.indexOf('=') + 1)
elif (arg.contains('-p=') or arg.contains('--port=')):
mongo_port = Integer.valueOf(arg.substring(arg.indexOf('=') + 1))
elif (arg.contains('-o=') or arg.contains('--ouput=')):
output_dir = arg.substring(arg.indexOf('=') + 1)
elif (arg.contains('-r=') or arg.contains('--report=')):
report_name = arg.substring(arg.indexOf('=') + 1)
elif (arg.contains('-t=') or arg.contains('--timeout=')):
timeout = Integer.valueOf(arg.substring(arg.indexOf('=') + 1))
System.out.println('[*] Configuration {mongo_host=' + mongo_host + ',mongo_port=' + str(mongo_port) + ',output_dir=' + output_dir + ',report_name=' + report_name + ',timeout=' + str(timeout) + '}')
#Retrieve site info and login request from MongoDB
mongo = None
try:
mongo = MongoClient(mongo_host, mongo_port)
except UnknownHostException as ex:
System.err.println('[!] MongoDB Connection Error: ' + ex.toString())
db = mongo.getDB('sitelogger')
table = db.getCollection('login')
cursor = table.find()
host = None
while (cursor.hasNext()):
entry = cursor.next()
#Replay the HTTP request and save the fresh cookie in Burp's Cookies JAR
host = entry.get('host')
System.out.println('[*] Retrieving record for: ' + host)
response = callbacks.makeHttpRequest(host, int(entry.get('port')), 'https' == entry.get('protocol'), self.b64d(entry.get('request')))
cookies = self.helpers.analyzeResponse(response).getCookies().iterator()
while (cookies.hasNext()):
try:
cookie = cookies.next()
System.out.println('[*] Obtained cookie: ' + cookie.getName() + ':' + cookie.getValue())
callbacks.updateCookieJar(cookie)
except NullPointerException as npe:
System.out.println('[!] Missing cookie attributes - e.g. domain not set')
#Replay a scan on all URLs previously saved for the same site
if (host != None):
table = db.getCollection(host.replace("\\.", '_') + '_site')
else:
raise NullPointerException()
cursor = table.find()
website = None
while (cursor.hasNext()):
entry = cursor.next()
#Add host in scope. This is meant to prevent popup since the extension is running headless
try:
website = URL((entry.get('protocol')) + '://' + (entry.get('host')))
callbacks.includeInScope(website)
#Execute passive and active scans
item = callbacks.doActiveScan(entry.get('host'), entry.get('port'), 'https' == entry.get('protocol'), self.b64d(entry.get('request')))
System.out.println(item.getStatus())
System.out.println(item.getPercentageComplete())
try:
time.sleep(4)
except InterruptedException as ex:
System.err.println('[!] InterruptedException: ' + ex.toString())
System.out.println(item.getStatus())
System.out.println(item.getPercentageComplete())
#Make a new HTTP request and pass request/response to Burp's passive scanner
response = callbacks.makeHttpRequest(entry.get('host'), int(entry.get('port')), 'https' == entry.get('protocol'), self.b64d(entry.get('request')))
callbacks.doPassiveScan(entry.get('host'), entry.get('port'), 'https' == entry.get('protocol'), self.b64d(entry.get('request')), response)
except MalformedURLException as ex:
System.err.println('[!] Malformed website URL: ' + ex.toString())
except NullPointerException as ex:
System.err.println('[!] Missing request or response: ' + ex.toString())
try:
System.out.println('[*] Pausing extension...')
# HOMEWORK - Build a queuing system to check scans status and confirm once all scans are done
time.sleep(1 * timeout)
System.out.println('[*] Resuming extension...')
except InterruptedException as ex:
System.err.println('[!] InterruptedException: ' + ex.toString())
table = db.getCollection(host.replace('\\.', '_') + '_vuln')
searchQuery = None
allVulns = None
newFinding = False
#Obtain the new scan findings
if (website != None):
allVulns = callbacks.getScanIssues(website.toString())
for allVuln in allVulns:
#Diff new and old scan results.
searchQuery = BasicDBObject()
searchQuery.put('type', allVuln.getIssueType())
searchQuery.put('name', allVuln.getIssueName())
searchQuery.put('URL', allVuln.getUrl().toString())
System.out.println('[*] Looking for: ' + searchQuery.toString())
cursor = table.find(searchQuery)
if (cursor.size() == 0):
#There's at least one new finding
System.out.println('[*] Got a new finding!')
newFinding = True
if (newFinding):
System.out.println('[*] New findings! Generating report...')
callbacks.generateScanReport('HTML', allVulns, File(output_dir + report_name))
else:
System.out.println('[*] Scan and diff completed. No new results.')
else:
raise NullPointerException()
System.out.println('[*] Ready to shutdown...Bye!')
callbacks.exitSuite(false)
def logButtonActionPerformed(
self, evt): #GEN-FIRST:event_logButtonActionPerformed
stdout = PrintWriter(self.callbacks.getStdout(), True)
stderr = PrintWriter(self.callbacks.getStderr(), True)
try:
#Connect to the database and create the collections
mongo = MongoClient(self.mongohost.getText(),
Integer.parseInt(self.mongoport.getText()))
db = mongo.getDB("sitelogger")
siteUrl = URL(self.website.getText())
tableSite = db.getCollection(siteUrl.getHost().replace(".", "_") +
"_site")
tableVuln = db.getCollection(siteUrl.getHost().replace(".", "_") +
"_vuln")
#Retrieve SiteMap HTTP Requests and Responses and save to the database
allReqRes = self.callbacks.getSiteMap(self.website.getText())
for rc in xrange(0, len(allReqRes)):
document = BasicDBObject()
document.put("host", allReqRes[rc].getHost())
document.put("port", allReqRes[rc].getPort())
document.put("protocol", allReqRes[rc].getProtocol())
document.put("URL", allReqRes[rc].getUrl().toString())
document.put("status_code", allReqRes[rc].getStatusCode())
if (allReqRes[rc].getRequest() != None):
document.put(
"request",
self.helpers.base64Encode(allReqRes[rc].getRequest()))
if (allReqRes[rc].getResponse() != None):
document.put(
"response",
self.helpers.base64Encode(allReqRes[rc].getResponse()))
tableSite.insert(document)
#Retrieve Scan findings and save to the database
allVulns = self.callbacks.getScanIssues(self.website.getText())
for vc in xrange(0, len(allVulns)):
document = BasicDBObject()
document.put("type", allVulns[vc].getIssueType())
document.put("name", allVulns[vc].getIssueName())
document.put("detail", allVulns[vc].getIssueDetail())
document.put("severity", allVulns[vc].getSeverity())
document.put("confidence", allVulns[vc].getConfidence())
document.put("host", allVulns[vc].getHost())
document.put("port", allVulns[vc].getPort())
document.put("protocol", allVulns[vc].getProtocol())
document.put("URL", allVulns[vc].getUrl().toString())
if (len(allVulns[vc].getHttpMessages()) > 1):
if (allVulns[vc].getHttpMessages()[0].getRequest() !=
None):
document.put(
"request",
self.helpers.base64Encode(
allVulns[vc].getHttpMessages()
[0].getRequest()))
if (allVulns[vc].getHttpMessages()[0].getResponse() !=
None):
document.put(
"response",
self.helpers.base64Encode(
allVulns[vc].getHttpMessages()
[0].getResponse()))
tableVuln.insert(document)
self.callbacks.issueAlert("Data Saved!")
except UnknownHostException as ex:
stderr.println("Mongo DB Connection Error:" + ex.toString())
except MalformedURLException as ex:
stderr.println("Malformed URL:" + ex.toString())
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName('ReplayAndDiff')
System.out.println('\n\n:: ReplayAndDiff Headless Extension ::\n\n')
#Default configuration
mongo_host = '127.0.0.1'
mongo_port = 27017
output_dir = '/tmp/'
report_name = 'burpreport_' + str(System.currentTimeMillis()) + '.html'
timeout = 10 #seconds
# 1 - Parse command line arguments and store values in local variables
# -h|--host=<IP>, -p|--port=<port>, -o|--ouput=<dir>, -r|--report=<filename>, -t|--timeout=<seconds>
args = callbacks.getCommandLineArguments()
for arg in args:
if ('-h=' in arg or '--host=' in arg):
mongo_host = arg[(arg.index('=') + 1):]
elif ('-p=' in arg or '--port=' in arg):
mongo_port = int(arg[(arg.index('=') + 1):])
elif ('-o=' in arg or '--output=' in arg):
output_dir = arg[(arg.index('=') + 1):]
elif ('-r=' in arg or '--report=' in arg):
report_name = arg[(arg.index('=') + 1):]
elif ('-t=' in arg or '--timeout=' in arg):
timeout = int(arg[(arg.index('=') + 1):])
System.out.println('[*] Configuration {mongo_host=' + mongo_host + ',mongo_port=' + str(mongo_port) + ',output_dir=' + output_dir + ',report_name=' + report_name + ',timeout=' + str(timeout) + '}')
# 2 - Connect to MongoDB
mongo = None
try:
mongo = MongoClient(mongo_host, mongo_port)
except UnknownHostException as ex:
System.err.println('[!] MongoDB Connection Error: ' + ex.toString())
# 3 - Retrieve login requests from the 'login' collection in db 'sitelogger'
db = mongo.getDB('sitelogger')
table = db.getCollection('login')
cursor = table.find()
host = None
while (cursor.hasNext()):
# 4 - For each entry, issue a new HTTP request (using Burp's makeHttpRequest) and collect the cookies (using Burp's analyzeResponse)
# 5 - If there are cookies, update Burp's Cookies jar (using Burp's updateCookieJar)
# TODO
# 6 - Retrieve from the database all previously saved HTTP requests
if (host != None):
table = db.getCollection(host.replace(".", '_') + '_site')
else:
raise NullPointerException()
cursor = table.find()
website = None
while (cursor.hasNext()):
# 7 - Trigger a new active scan on the same URL (using Burp's doActiveScan)
# 8 - Reissue a new HTTP request and trigger a new passive scan on the same URL (using Burp's doPassiveScan)
# TODO
# 9 - Wait until all scans are completed
try:
System.out.println('[*] Pausing extension...')
# HOMEWORK - Build a queuing system to check scans status and confirm once all scans are done
time.sleep(1 * timeout)
System.out.println('[*] Resuming extension...')
except InterruptedException as ex:
System.err.println('[!] InterruptedException: ' + ex.toString())
table = db.getCollection(host.replace('.', '_') + '_vuln')
searchQuery = None
allVulns = None
newFinding = False
# 10 - Obtain the list of new findings (using Burp's getScanIssues)
if (website != None):
allVulns = callbacks.getScanIssues(website.toString())
for allVuln in allVulns:
# 11 - Diff old and new findings
# For now, let's use a simple heuristic: if there's at least a new finding (not previously reported), success!
searchQuery = BasicDBObject()
searchQuery.put('type', allVuln.getIssueType())
searchQuery.put('name', allVuln.getIssueName())
searchQuery.put('URL', allVuln.getUrl().toString())
System.out.println('[*] Looking for: ' + searchQuery.toString())
cursor = table.find(searchQuery)
if (cursor.size() == 0):
#There's at least one new finding
System.out.println('[*] Got a new finding!')
newFinding = True
# 12 - In case of new findings, generate the report (using Burp's generateScanReport)
if (newFinding):
# TODO
pass
else:
raise NullPointerException()
System.out.println('[*] Ready to shutdown...Bye!')
callbacks.exitSuite(False)