def show_errors(self, label): """Display error messages.""" top_label = JLabel(label, JLabel.CENTER) top_label.putClientProperty("html.disable", None) frame = JFrame(self.ext_name) frame.setSize(550, 300) frame.setLayout(GridLayout(1, 1)) frame.add(top_label) frame.setLocationRelativeTo(None) frame.setVisible(True)
def create_add_tab(self): self.add_tab = JButton("+", actionPerformed=self.add_clicked) self.add_tab.font = Font('Monospaced', Font.PLAIN, 18) self.add_tab.contentAreaFilled = False self.add_tab.border = None self.emptyTab = JPanel(BorderLayout()) emptyScriptLabel = JLabel(ScriptTabbedPane.EMPTY_SCRIPT_TEXT, SwingConstants.CENTER) emptyScriptLabel.putClientProperty("html.disable", None) self.emptyTab.add(emptyScriptLabel, BorderLayout.CENTER) self.addTab(None, self.emptyTab) self.setTabComponentAt(0, self.add_tab)
def build_gui(self): """Construct GUI elements.""" panel = JPanel(BorderLayout(3, 3)) panel.setBorder(EmptyBorder(160, 160, 160, 160)) self.aws_access_key_inpt = JTextField(10) self.aws_secret_key_inpt = JTextField(10) self.aws_session_token_inpt = JTextField(10) self.gs_access_key_inpt = JTextField(10) self.gs_secret_key_inpt = JTextField(10) self.wordlist_path_inpt = JTextField(10) self.checkbox_inpt = JCheckBox('Enabled') save_btn = JButton('Save', actionPerformed=self.save_config) labels = JPanel(GridLayout(0, 1)) inputs = JPanel(GridLayout(0, 1)) panel.add(labels, BorderLayout.WEST) panel.add(inputs, BorderLayout.CENTER) top_label = JLabel('<html><b>Settings</b><br><br></html>') top_label.putClientProperty("html.disable", None) top_label.setHorizontalAlignment(JLabel.CENTER) panel.add(top_label, BorderLayout.NORTH) labels.add(JLabel('AWS Access Key:')) inputs.add(self.aws_access_key_inpt) labels.add(JLabel('AWS Secret Key:')) inputs.add(self.aws_secret_key_inpt) labels.add(JLabel('AWS Session Key (optional):')) inputs.add(self.aws_session_token_inpt) labels.add(JLabel('GS Access Key:')) inputs.add(self.gs_access_key_inpt) labels.add(JLabel('GS Secret Key:')) inputs.add(self.gs_secret_key_inpt) labels.add(JLabel('Wordlist Filepath (optional):')) inputs.add(self.wordlist_path_inpt) labels.add(JLabel('Passive Mode:')) inputs.add(self.checkbox_inpt) panel.add(save_btn, BorderLayout.SOUTH) return panel
def popup_translate(control, query, src, dst, message, selection, text, context, invoker, from_clipboard): editor = False result, result_src = translate(query, src, dst) cb.callbacks.printOutput( '[%s] %s --> [%s] %s' % (result_src, query.decode( 'utf-8', 'strict'), dst, result.decode('utf-8', 'strict'))) if (context == invoker.CONTEXT_MESSAGE_EDITOR_REQUEST or context == invoker.CONTEXT_MESSAGE_EDITOR_RESPONSE ) and from_clipboard == False: editor = True buttons = ['Replace Original', 'Copy to Clipboard', 'OK'] else: buttons = ['Copy to Clipboard', 'OK'] label = JLabel( '<html>%s to %s:<br><br><b>%s</b><br><br><img border=0 src="file:///%s/color-short.png"></html>' % (result_src, dst, result.decode('utf-8', 'strict'), get_script_dir())) label.putClientProperty("html.disable", None) label.addMouseListener(mouseAdapter()) popup_result = JOptionPane.showOptionDialog( control, label, '%s' % (BurpExtender.extension_name), 0, JOptionPane.PLAIN_MESSAGE, None, buttons, None) if (editor is True and popup_result == 1) or (editor is False and popup_result == 0): clipboard = Toolkit.getDefaultToolkit().getSystemClipboard() clipboard.setContents(StringSelection(result), None) elif (editor is True and popup_result == 0): if context == invoker.CONTEXT_MESSAGE_EDITOR_REQUEST: setter = message.setRequest else: setter = message.setResponse setter( cb.helpers.stringToBytes(text[:selection[0]] + result + text[selection[1]:]))
class BurpExtender(IBurpExtender, IExtensionStateListener, ITab, IHttpListener): def __init__(self): self.allEndpoints = [] self.currentEndpoint = 0 self.aws_access_key_id = '' self.aws_secret_accesskey = '' self.enabled_regions = {} def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.helpers self.isEnabled = False callbacks.registerHttpListener(self) callbacks.registerExtensionStateListener(self) callbacks.setExtensionName(EXT_NAME) callbacks.addSuiteTab(self) def getTargetProtocol(self): if self.https_button.isSelected() == True: return 'https' else: return 'http' def getRegions(self): self.enabled_regions = {} for region in AVAIL_REGIONS: cur_region = region.replace('-','_') cur_region = cur_region+'_status' region_status = getattr(self,cur_region) if region_status.isSelected(): #dict to contain the running regions and API gateway IDs self.enabled_regions.update({region:''}) return #AWS functions #Uses boto3 to test the AWS keys and make sure they are valid NOT IMPLEMENTED def testKeys(self): return #Uses boto3 to spin up an API Gateway def startAPIGateway(self): self.getRegions() for region in self.enabled_regions.keys(): self.awsclient = boto3.client('apigateway', aws_access_key_id=self.access_key.text, aws_secret_access_key=self.secret_key.text, region_name=region ) self.create_api_response = self.awsclient.create_rest_api( name=API_NAME, endpointConfiguration={ 'types': [ 'REGIONAL', ] } ) get_resource_response = self.awsclient.get_resources( restApiId=self.create_api_response['id'] ) self.restAPIId = self.create_api_response['id'] self.enabled_regions[region] = self.restAPIId create_resource_response = self.awsclient.create_resource( restApiId=self.create_api_response['id'], parentId=get_resource_response['items'][0]['id'], pathPart='{proxy+}' ) self.awsclient.put_method( restApiId=self.create_api_response['id'], resourceId=get_resource_response['items'][0]['id'], httpMethod='ANY', authorizationType='NONE', requestParameters={ 'method.request.path.proxy':True, 'method.request.header.X-My-X-Forwarded-For':True } ) self.awsclient.put_integration( restApiId=self.create_api_response['id'], resourceId=get_resource_response['items'][0]['id'], type='HTTP_PROXY', httpMethod='ANY', integrationHttpMethod='ANY', uri=self.getTargetProtocol()+'://'+self.target_host.text + '/', connectionType='INTERNET', requestParameters={ 'integration.request.path.proxy':'method.request.path.proxy', 'integration.request.header.X-Forwarded-For': 'method.request.header.X-My-X-Forwarded-For' } ) self.awsclient.put_method( restApiId=self.create_api_response['id'], resourceId=create_resource_response['id'], httpMethod='ANY', authorizationType='NONE', requestParameters={ 'method.request.path.proxy':True, 'method.request.header.X-My-X-Forwarded-For':True } ) self.awsclient.put_integration( restApiId=self.create_api_response['id'], resourceId=create_resource_response['id'], type= 'HTTP_PROXY', httpMethod= 'ANY', integrationHttpMethod='ANY', uri= self.getTargetProtocol()+'://'+self.target_host.text+'/{proxy}', connectionType= 'INTERNET', requestParameters={ 'integration.request.path.proxy':'method.request.path.proxy', 'integration.request.header.X-Forwarded-For': 'method.request.header.X-My-X-Forwarded-For' } ) self.deploy_response = self.awsclient.create_deployment( restApiId=self.restAPIId, stageName=STAGE_NAME ) self.allEndpoints.append(self.restAPIId+'.execute-api.'+region+'.amazonaws.com') self.usage_response = self.awsclient.create_usage_plan( name='burpusage', description=self.restAPIId, apiStages=[ { 'apiId': self.restAPIId, 'stage': STAGE_NAME } ] ) #Print out some info to burp console print 'Following regions and API IDs started:' print self.enabled_regions print 'List of endpoints being used:' print self.allEndpoints return #Uses boto3 to delete the API Gateway def deleteAPIGateway(self): if self.enabled_regions: for region in self.enabled_regions.keys(): self.awsclient = boto3.client('apigateway', aws_access_key_id=self.access_key.text, aws_secret_access_key=self.secret_key.text, region_name=region ) response = self.awsclient.delete_rest_api( restApiId=self.enabled_regions[region] ) print response self.enabled_regions = {} self.allEndpoints = [] return #Called on "save" button click to save the settings def saveKeys(self, event): aws_access_key_id=self.access_key.text aws_secret_access_key=self.secret_key.text self.callbacks.saveExtensionSetting("aws_access_key_id", aws_access_key_id) self.callbacks.saveExtensionSetting("aws_secret_access_key", aws_secret_access_key) return #Called on "Enable" button click to spin up the API Gateway def enableGateway(self, event): self.startAPIGateway() self.status_indicator.text = ENABLED self.isEnabled = True self.enable_button.setEnabled(False) self.secret_key.setEnabled(False) self.access_key.setEnabled(False) self.target_host.setEnabled(False) self.disable_button.setEnabled(True) return #Called on "Disable" button click to delete API Gateway def disableGateway(self, event): self.deleteAPIGateway() self.status_indicator.text = DISABLED self.isEnabled = False self.enable_button.setEnabled(True) self.secret_key.setEnabled(True) self.access_key.setEnabled(True) self.target_host.setEnabled(True) self.disable_button.setEnabled(False) return def getCurrEndpoint(): return #Traffic redirecting def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if not messageIsRequest or not self.isEnabled: return # get the HTTP service for the request httpService = messageInfo.getHttpService() #Modify the request host, host header, and path to point to the new API endpoint #Should always use HTTPS because API Gateway only uses HTTPS if ':' in self.target_host.text: #hacky fix for https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension/issues/14 host_no_port = self.target_host.text.split(':')[0] else: host_no_port = self.target_host.text if (host_no_port == httpService.getHost()): #Cycle through all the endpoints each request until then end of the list is reached if self.currentEndpoint < len(self.allEndpoints)-1: self.currentEndpoint += 1 #Reset to 0 when end it reached else: self.currentEndpoint = 0 messageInfo.setHttpService( self.helpers.buildHttpService( self.allEndpoints[self.currentEndpoint], 443, True ) ) requestInfo = self.helpers.analyzeRequest(messageInfo) new_headers = requestInfo.headers #Update the path to point to the API Gateway path req_head = new_headers[0] #hacky fix for https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension/issues/14 if 'http://' in req_head or 'https://' in req_head: cur_path = re.findall('https?:\/\/.*?\/(.*) ',req_head)[0] new_headers[0] = re.sub(' (.*?) '," /"+STAGE_NAME+"/"+cur_path+" ",req_head) else: new_headers[0] = re.sub(' \/'," /"+STAGE_NAME+"/",req_head) #Replace the Host header with the Gateway host for header in new_headers: if header.startswith('Host: '): host_header_index = new_headers.index(header) new_headers[host_header_index] = 'Host: '+self.allEndpoints[self.currentEndpoint] #Update the headers insert the existing body body = messageInfo.request[requestInfo.getBodyOffset():len(messageInfo.request)] messageInfo.request = self.helpers.buildHttpMessage( new_headers, body ) #Tab name def getTabCaption(self): return EXT_NAME #Handle extension unloading def extensionUnloaded(self): self.deleteAPIGateway() return #Layout the UI def getUiComponent(self): aws_access_key_id = self.callbacks.loadExtensionSetting("aws_access_key_id") aws_secret_accesskey = self.callbacks.loadExtensionSetting("aws_secret_access_key") if aws_access_key_id: self.aws_access_key_id = aws_access_key_id if aws_secret_accesskey: self.aws_secret_accesskey = aws_secret_accesskey self.panel = JPanel() self.main = JPanel() self.main.setLayout(BoxLayout(self.main, BoxLayout.Y_AXIS)) self.access_key_panel = JPanel() self.main.add(self.access_key_panel) self.access_key_panel.setLayout(BoxLayout(self.access_key_panel, BoxLayout.X_AXIS)) self.access_key_panel.add(JLabel('Access Key: ')) self.access_key = JTextField(self.aws_access_key_id,25) self.access_key_panel.add(self.access_key) self.secret_key_panel = JPanel() self.main.add(self.secret_key_panel) self.secret_key_panel.setLayout(BoxLayout(self.secret_key_panel, BoxLayout.X_AXIS)) self.secret_key_panel.add(JLabel('Secret Key: ')) self.secret_key = JPasswordField(self.aws_secret_accesskey,25) self.secret_key_panel.add(self.secret_key) self.target_host_panel = JPanel() self.main.add(self.target_host_panel) self.target_host_panel.setLayout(BoxLayout(self.target_host_panel, BoxLayout.X_AXIS)) self.target_host_panel.add(JLabel('Target host: ')) self.target_host = JTextField('example.com', 25) self.target_host_panel.add(self.target_host) self.buttons_panel = JPanel() self.main.add(self.buttons_panel) self.buttons_panel.setLayout(BoxLayout(self.buttons_panel, BoxLayout.X_AXIS)) self.save_button = JButton('Save Keys', actionPerformed = self.saveKeys) self.buttons_panel.add(self.save_button) self.enable_button = JButton('Enable', actionPerformed = self.enableGateway) self.buttons_panel.add(self.enable_button) self.disable_button = JButton('Disable', actionPerformed = self.disableGateway) self.buttons_panel.add(self.disable_button) self.disable_button.setEnabled(False) self.protocol_panel = JPanel() self.main.add(self.protocol_panel) self.protocol_panel.setLayout(BoxLayout(self.protocol_panel, BoxLayout.Y_AXIS)) self.protocol_panel.add(JLabel("Target Protocol:")) self.https_button = JRadioButton("HTTPS",True) self.http_button = JRadioButton("HTTP",False) self.protocol_panel.add(self.http_button) self.protocol_panel.add(self.https_button) buttongroup = ButtonGroup() buttongroup.add(self.https_button) buttongroup.add(self.http_button) self.regions_title = JPanel() self.main.add(self.regions_title) self.regions_title.add(JLabel("Regions to launch API Gateways in:")) self.regions_panel = JPanel() self.main.add(self.regions_panel) glayout = GridLayout(4,3) self.regions_panel.setLayout(glayout) for region in AVAIL_REGIONS: cur_region = region.replace('-','_') cur_region = cur_region+'_status' setattr(self,cur_region,JCheckBox(region,True)) attr = getattr(self,cur_region) self.regions_panel.add(attr) self.status = JPanel() self.main.add(self.status) self.status.setLayout(BoxLayout(self.status, BoxLayout.X_AXIS)) self.status_indicator = JLabel(DISABLED,JLabel.CENTER) self.status_indicator.putClientProperty("html.disable", None) self.status.add(self.status_indicator) self.panel.add(self.main) return self.panel