class Evidence(object):
def __init__(self, *literals):
self.vector = Vector()
self.addAll(*literals)
def add(self, *strings):
'''
adds a single piece of evidence. You may pass
* a list of strings that directly use the probcog evidence format, i.e. a list (function, arg1, arg2, value)
* a single string with an MLN-style literal definition, e.g. "function(arg1,arg2,value)" or "!pred(arg1)"
* a single string with a single BLOG-style assignment, e.g. "function(arg1,arg2)=value"
'''
if len(strings) == 1:
strings = parseLiteral(strings[0].strip())
jarr = jarray.array(strings, String)
self.vector.add(jarr)
def addAll(self, *literals):
for lit in literals:
self.add(lit)
def getData(self):
return self.vector
def clear(self):
self.vector.clear()
def configure_model_view_single(self, atfText):
'''
At present the model view can only cope with files which represent a
single fragment. This method has been moved out of init so we only
call it if a single fragment file is loaded.
'''
# Add a new tab in the view per object in the text
objectID = "&" + atfText.code + " = " + atfText.description
self.view.addObject(objectID)
# TODO: ATF protocols are not saved in the model yet, but need to be
# passed here:
# self.view.objectTab[objectID].addMetadata(objectID, atfText.project,
# atfText.language,
# atfText.protocols)
self.view.addMetadata(objectID, atfText.project, atfText.language)
for item in atfText.children:
itemType = "@" + item.objecttype
for side in item.children:
# TODO Display side type and make panel as convenient to show
# all sides
if not(isinstance(side, Translation)):
sideType = side.objecttype
# self.view.addText(objectID, itemType, sideType)
for line in side.children:
# TODO Display label and words and lemmas in dropdown
# boxes
content = Vector()
# TODO use polimorfism - see
# http://stackoverflow.com/questions/5579309/switch-instanceof
if (isinstance(line, Line)):
label = line.label
words = " ".join(line.words)
lemmas = ", ".join(line.lemmas)
content.clear()
content.add(words)
content.add(lemmas)
# content.add(translations)
self.view.addLine(objectID, label, content)
if (isinstance(line, Ruling)):
label = "$ ruling"
if line.type == "single":
ruling = "-------------"
content.clear()
content.add(ruling)
self.view.addLine(objectID, label, content)
if (isinstance(line, Comment)):
label = "# Comment"
comment = line.content
content.clear()
content.add(comment)
self.view.addLine(objectID, label, content)
# Display model view
self.view.display()
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, IContextMenuFactory, ActionListener,
AbstractTableModel, Runnable):
#
# Implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# Initialize the global stdout stream
global stdout
# Keep a reference to our callbacks object
self._callbacks = callbacks
# Obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Burpsuite Yara Scanner")
# Create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
splitpane.setLeftComponent(scrollPane)
# Options panel
optionsPanel = JPanel()
optionsPanel.setLayout(GridBagLayout())
constraints = GridBagConstraints()
yara_exe_label = JLabel("Yara Executable Location:")
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 0
constraints.gridy = 0
optionsPanel.add(yara_exe_label, constraints)
self._yara_exe_txtField = JTextField(25)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 0
optionsPanel.add(self._yara_exe_txtField, constraints)
yara_rules_label = JLabel("Yara Rules File:")
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 0
constraints.gridy = 1
optionsPanel.add(yara_rules_label, constraints)
self._yara_rules_files = Vector()
self._yara_rules_files.add("< None >")
self._yara_rules_fileList = JList(self._yara_rules_files)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 1
optionsPanel.add(self._yara_rules_fileList, constraints)
self._yara_rules_select_files_button = JButton("Select Files")
self._yara_rules_select_files_button.addActionListener(self)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 2
optionsPanel.add(self._yara_rules_select_files_button, constraints)
self._yara_clear_button = JButton("Clear Yara Results Table")
self._yara_clear_button.addActionListener(self)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 3
optionsPanel.add(self._yara_clear_button, constraints)
# Tabs with request/response viewers
viewerTabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
viewerTabs.addTab("Request", self._requestViewer.getComponent())
viewerTabs.addTab("Response", self._responseViewer.getComponent())
splitpane.setRightComponent(viewerTabs)
# Tabs for the Yara output and the Options
self._mainTabs = JTabbedPane()
self._mainTabs.addTab("Yara Output", splitpane)
self._mainTabs.addTab("Options", optionsPanel)
# customize our UI components
callbacks.customizeUiComponent(splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(viewerTabs)
callbacks.customizeUiComponent(self._mainTabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# add ourselves as a context menu factory
callbacks.registerContextMenuFactory(self)
# Custom Menu Item
self.menuItem = JMenuItem("Scan with Yara")
self.menuItem.addActionListener(self)
# obtain our output stream
stdout = PrintWriter(callbacks.getStdout(), True)
# Print a startup notification
stdout.println("Burpsuite Yara scanner initialized.")
#
# Implement ITab
#
def getTabCaption(self):
return "Yara"
def getUiComponent(self):
return self._mainTabs
#
# Implement IContextMenuFactory
#
def createMenuItems(self, invocation):
if invocation.getInvocationContext() == invocation.CONTEXT_TARGET_SITE_MAP_TREE:
self.requestResponses = invocation.getSelectedMessages()
return [self.menuItem]
else:
self.requestResponses = None
return None
#
# Implement Action
#
def actionPerformed(self, actionEvent):
global yara_rules
global yara_path
if actionEvent.getSource() is self.menuItem:
yara_path = self._yara_exe_txtField.getText()
yara_rules = self._yara_rules_files
t = Thread(self)
t.start()
elif actionEvent.getSource() is self._yara_clear_button:
# Delete the LogEntry objects from the log
row = self._log.size()
self._lock.acquire()
self._log.clear()
# Update the Table
self.fireTableRowsDeleted(0, row)
# Clear data regarding any selected LogEntry objects from the request / response viewers
self._requestViewer.setMessage([], True)
self._responseViewer.setMessage([], False)
self._currentlyDisplayedItem = None
self._lock.release()
elif actionEvent.getSource() is self._yara_rules_select_files_button:
fileChooser = JFileChooser()
yarFilter = FileNameExtensionFilter("Yara Rules", ["yar"])
fileChooser.addChoosableFileFilter(yarFilter)
fileChooser.setFileFilter(yarFilter)
fileChooser.setMultiSelectionEnabled(True)
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY)
ret = fileChooser.showOpenDialog(None)
if ret == JFileChooser.APPROVE_OPTION:
self._yara_rules_files.clear()
for file in fileChooser.getSelectedFiles():
self._yara_rules_files.add(file.getPath())
self._yara_rules_fileList.setListData(self._yara_rules_files)
else:
stdout.println("Unknown Event Received.")
#
# Implement Runnable
#
def run(self):
self.yaraScan()
#
# Extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Rule Name"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._ruleName
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# Implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# Implement the Yara scanning logic
#
def yaraScan(self):
# If stdout has not yet been initialized, punt.
if stdout is None:
return
# If the location of the yara executable and rules files are NULL, punt.
if yara_rules is None or yara_path is None or yara_rules.size() == 0 or yara_rules.contains("< None >") or len(yara_path) == 0:
JOptionPane.showMessageDialog(None, "Error: Please specify the path to the yara executable and rules file in "
"the options tab.")
return
# If iRequestResponses is None, punt.
if self.requestResponses is None:
JOptionPane.showMessageDialog(None, "Error: No Request/Responses were selected.")
return
else:
stdout.println("Processing %d item(s)." % len(self.requestResponses))
# Get the OS temp folder
os_name = System.getProperty("os.name").lower()
temp_folder = None
if "linux" in os_name:
temp_folder = "/tmp"
elif "windows" in os_name:
temp_folder = os.environ.get("TEMP")
if temp_folder is None:
temp_folder = os.environ.get("TMP")
if temp_folder is None:
stdout.println("Error: Could not determine TEMP folder location.")
return
# Keep track of the number of matches.
matchCount = 0
# Process the site map selected messages
for idx, iRequestResponse in enumerate(self.requestResponses):
# Process the request
request = iRequestResponse.getRequest()
if request is not None:
if len(request) > 0:
try:
# Yara does not support scanning from stdin so we will need to create a temp file and scan it
req_filename = os.path.join(temp_folder, "req_" + str(idx) + ".tmp")
req_file = open(req_filename, "wb")
req_file.write(request)
req_file.close()
for rules in yara_rules:
yara_req_output = subprocess.check_output([yara_path, rules, req_filename])
if yara_req_output is not None and len(yara_req_output) > 0:
ruleName = (yara_req_output.split())[0]
self._lock.acquire()
row = self._log.size()
# TODO: Don't add duplicate items to the table
self._log.add(LogEntry(ruleName, iRequestResponse, self._helpers.analyzeRequest(iRequestResponse).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
matchCount += 1
except Exception as e:
JOptionPane.showMessageDialog(None, "Error running Yara. Please check your configuration and rules.")
return
finally:
# Remove the temp file
if req_file is not None:
req_file.close()
os.remove(req_filename)
# Process the response
response = iRequestResponse.getResponse()
if response is not None:
if len(response) > 0:
try:
# Yara does not support scanning from stdin so we will need to create a temp file and scan it
resp_filename = os.path.join(temp_folder, "resp_" + str(idx) + ".tmp")
resp_file = open(resp_filename, "wb")
resp_file.write(response)
resp_file.close()
for rules in yara_rules:
yara_resp_output = subprocess.check_output([yara_path, rules, resp_filename])
if yara_resp_output is not None and len(yara_resp_output) > 0:
ruleName = (yara_resp_output.split())[0]
self._lock.acquire()
row = self._log.size()
# TODO: Don't add duplicate items to the table
self._log.add(LogEntry(ruleName, iRequestResponse, self._helpers.analyzeRequest(iRequestResponse).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
matchCount += 1
except Exception as e:
JOptionPane.showMessageDialog(None, "Error running Yara. Please check your configuration and rules.")
return
finally:
# Remove the temp file
if resp_file is not None:
resp_file.close()
os.remove(resp_filename)
# Print a completion notification
JOptionPane.showMessageDialog(None, "Yara scanning complete. %d rule(s) matched." % matchCount)
def __init__(self, mainControler, parsedAtf):
"""
1. Parse text area content
2. Change atfArea mode to model view from parent controller?
3. Process parsed data and serialize in separate JPanel
4. Think about whether the other user options should remain visible or
should this just be shown in a separate window?
"""
#Create view with a reference to its controller to handle events
self.view = ModelView(self)
#Will also need delegating to parent presenter
self.controller = mainControler
#Get ATF object parsed from text displated in text area
self.atf = parsedAtf
#Go through parsed ATF object, serialize and pass elements to view
atfText = parsedAtf.text
#Add a new tab in the view per object in the text
objectID = "&" + atfText.code + " = " + atfText.description
self.view.addObject(objectID)
#TODO: ATF protocols are not saved in the model yet, but need to be passed here:
#self.view.objectTab[objectID].addMetadata(objectID, atfText.project, \
# atfText.language, \
# atfText.protocols)
self.view.addMetadata(objectID, atfText.project, \
atfText.language)
for item in atfText.children:
itemType = "@" + item.objecttype
for side in item.children:
#TODO Display side type and make panel as convenient to show all sides
if not(isinstance(side, Translation)):
sideType = side.objecttype
#self.view.addText(objectID, itemType, sideType)
for line in side.children:
#TODO Display label and words and lemmas in dropdown boxes
content = Vector()
#TODO use polimorfism - see http://stackoverflow.com/questions/5579309/switch-instanceof
if (isinstance(line, Line)):
label = line.label
words = " ".join(line.words)
lemmas = ", ".join(line.lemmas)
content.clear()
content.add(words)
content.add(lemmas)
#content.add(translations)
self.view.addLine(objectID, label, content)
if (isinstance(line, Ruling)):
label = "$ ruling"
if line.type == "single":
ruling = "-------------"
content.clear()
content.add(ruling)
self.view.addLine(objectID, label, content)
if (isinstance(line, Comment)):
label = "# Comment"
comment = line.content
content.clear()
content.add(comment)
self.view.addLine(objectID, label, content)
#Display model view
self.view.display()
def __init__(self, mainControler, parsedAtf):
"""
1. Parse text area content
2. Change atfArea mode to model view from parent controller?
3. Process parsed data and serialize in separate JPanel
4. Think about whether the other user options should remain visible or
should this just be shown in a separate window?
"""
# Will also need delegating to parent presenter
self.controller = mainControler
# Load settings config:
self.config = self.controller.config
# Create view with a reference to its controller to handle events
self.view = ModelView(self)
# Get ATF object parsed from text displated in text area
self.atf = parsedAtf
# Go through parsed ATF object, serialize and pass elements to view
atfText = parsedAtf.text
# Add a new tab in the view per object in the text
objectID = "&" + atfText.code + " = " + atfText.description
self.view.addObject(objectID)
# TODO: ATF protocols are not saved in the model yet, but need to be
# passed here:
# self.view.objectTab[objectID].addMetadata(objectID, atfText.project,
# atfText.language,
# atfText.protocols)
self.view.addMetadata(objectID, atfText.project, atfText.language)
for item in atfText.children:
itemType = "@" + item.objecttype
for side in item.children:
# TODO Display side type and make panel as convenient to show
# all sides
if not (isinstance(side, Translation)):
sideType = side.objecttype
# self.view.addText(objectID, itemType, sideType)
for line in side.children:
# TODO Display label and words and lemmas in dropdown
# boxes
content = Vector()
# TODO use polimorfism - see
# http://stackoverflow.com/questions/5579309/switch-instanceof
if (isinstance(line, Line)):
label = line.label
words = " ".join(line.words)
lemmas = ", ".join(line.lemmas)
content.clear()
content.add(words)
content.add(lemmas)
# content.add(translations)
self.view.addLine(objectID, label, content)
if (isinstance(line, Ruling)):
label = "$ ruling"
if line.type == "single":
ruling = "-------------"
content.clear()
content.add(ruling)
self.view.addLine(objectID, label, content)
if (isinstance(line, Comment)):
label = "# Comment"
comment = line.content
content.clear()
content.add(comment)
self.view.addLine(objectID, label, content)
# Display model view
self.view.display()
