def updateTable(self): model = DefaultTableModel() #self.tblMunicipalities.getModel() manager = DALLocator.getDataManager() model.addColumn("CODMUN") model.addColumn("MUN") model.addColumn("FECHA") storeParameters = manager.createStoreParameters("H2Spatial") database_file = gvsig.getResource(__file__, "data", "municipalities.mv.db") storeParameters.setDynValue("database_file", database_file) storeParameters.setDynValue("Table", "Muni") storeH2 = manager.openStore("H2Spatial", storeParameters) muns = {} for f in storeH2: if not f.get("CODMUN") in muns.keys(): muns[f.get("CODMUN")] = [f.get("MUN"), f.get("CODMUN"), ''] for k in muns.keys(): model.addRow(muns[k]) storeH2.dispose() self.tblMunicipalities.setModel(model)
def lstPreviewForms_change(self, event): if event.getValueIsAdjusting(): return form = self.lstPreviewForms.getSelectedValue() if form == None or form.isEmpty(): self.tableSetVisible(self.tblPreviewForm, False) return model = DefaultTableModel() model.addColumn("") for item in form: row = jarray.array((item, ), Object) model.addRow(row) self.tblPreviewForm.setModel(model) renderer = FormItemPreviewCellRenderer() renderer.setForm(form) editor = FormItemPreviewCellEditor() editor.setForm(form) model = DefaultTableColumnModel() model.addColumn(TableColumn(0, 100, renderer, editor)) self.tblPreviewForm.setColumnModel(model) self.tblPreviewForm.getTableHeader().setUI(None) self.tableSetVisible(self.tblPreviewForm, True) self.cboForms.setSelectedItem(form)
class Mi_Extension(IHttpListener, IScannerCheck): def __init__(self, extender): self._callbacks = extender._callbacks self._helpers = extender._callbacks.getHelpers() self._callbacks.registerScannerCheck(self) # Creamos el contenedor de paneles. self.contenedor = JTabbedPane() # Campos del sub-tab 1 (mash up) self._tab1_nombre = JTextField() self._tab1_apellido = JTextField() self._tab1_FNacimiento = JTextField() self._tab1_mascota = JTextField() self._tab1_otro = JTextField() self._tab1_feedback_ta = JTextArea('This may take a while . . .') self._tab1_feedback_ta.setEditable(False) self._tab1_feedback_sp = JScrollPane(self._tab1_feedback_ta) self._tab1_minsize = JSlider(4, 16, 6) self._tab1_minsize.setMajorTickSpacing(1) self._tab1_minsize.setPaintLabels(True) self._tab1_maxsize = JSlider(4, 16, 10) self._tab1_maxsize.setMajorTickSpacing(1) self._tab1_maxsize.setPaintLabels(True) self._tab1_specialchars = JTextField('!,@,#,$,&,*') self._tab1_transformations = JCheckBox('1337 mode') self._tab1_firstcapital = JCheckBox('first capital letter') # Campos del sub-tab 2 (redirect) self._tab2_JTFa = JTextField() self._tab2_JTFaa = JTextField() self._tab2_JTFb = JTextField() self._tab2_JTFbb = JTextField() self._tab2_boton = JButton(' Redirect is Off ', actionPerformed=self.switch_redirect) self._tab2_boton.background = Color.lightGray self._tab2_encendido = False # Campos del sub-tab 3 (loader) self._tab3_urls_ta = JTextArea(15, 5) self._tab3_urls_sp = JScrollPane(self._tab3_urls_ta) # Campos del sub-tab 4 (headers) self._tab4_tabla_model = DefaultTableModel() self._tab4_headers_dict = {} # Campos del sub-tab 5 (reverse ip) self._tab5_target = JTextArea(15, 5) self._tab5_target_sp = JScrollPane(self._tab5_target) def create(self): # Estilo general para todas las sub-tab. gBC = GridBagConstraints() gBC.fill = GridBagConstraints.BOTH gBC.ipadx = 5 gBC.ipady = 5 gBC.insets = Insets(0, 5, 5, 5) gBC.weightx = 0.5 #gBC.weighty = 0.7 ####################################### ### Creamos la primera sub-tab. (MASHUP) ####################################### tab_1 = JPanel(GridBagLayout()) tab_1_jlabelAyuda = JLabel( '<html><i>•Tip: This Mashup receive one or more keywords in order to generate a list of possible passwords</i></html>' ) tab_1_jlabelAyuda.setFont(Font("Serif", 0, 12)) gBC.gridx = 0 gBC.gridy = 0 tab_1.add( JLabel('<html><font color=green><i>Income:</i></font></html>'), gBC) gBC.gridy = 1 tab_1.add(JLabel('<html><b>• Name:</b></html>'), gBC) gBC.gridy = 2 tab_1.add(self._tab1_nombre, gBC) gBC.gridy = 3 tab_1.add(JLabel('<html><b>• Surname:</b></html>'), gBC) gBC.gridy = 4 tab_1.add(self._tab1_apellido, gBC) gBC.gridy = 5 tab_1.add(JLabel('<html><b>• Birthdate: (DDMMYYYY)</b></html>'), gBC) gBC.gridy = 6 tab_1.add(self._tab1_FNacimiento, gBC) gBC.gridy = 7 tab_1.add(JLabel('<html><b>• Pet:</b></html>'), gBC) gBC.gridy = 8 tab_1.add(self._tab1_mascota, gBC) gBC.gridy = 9 tab_1.add(JLabel('<html><b>• Anyother:</b></html>'), gBC) gBC.gridy = 10 tab_1.add(self._tab1_otro, gBC) gBC.gridy = 11 tab_1.add(JLabel('<html><b>• Passwd Min Size:</b></html>'), gBC) gBC.gridy = 12 tab_1.add(self._tab1_minsize, gBC) gBC.gridy = 13 tab_1.add(JLabel('<html><b>• Passwd Max Size:</b></html>'), gBC) gBC.gridy = 14 tab_1.add(self._tab1_maxsize, gBC) gBC.gridy = 15 tab_1.add( JLabel( '<html><b>• Especial Chars: (comma separated)</b></html>' ), gBC) gBC.gridy = 16 tab_1.add(self._tab1_specialchars, gBC) gBC.gridy = 17 tab_1.add(self._tab1_transformations, gBC) gBC.gridy = 18 tab_1.add(self._tab1_firstcapital, gBC) gBC.gridy = 19 tab_1.add(JButton('Mashup!', actionPerformed=self.mashup), gBC) gBC.gridy = 20 gBC.gridwidth = 3 tab_1.add(JSeparator(), gBC) gBC.gridwidth = 1 gBC.gridy = 21 gBC.gridwidth = 3 tab_1.add(tab_1_jlabelAyuda, gBC) gBC.gridwidth = 1 gBC.gridx = 1 gBC.gridy = 0 gBC.gridheight = 20 gBC.weightx = 0 tab_1.add(JSeparator(SwingConstants.VERTICAL), gBC) gBC.gridheight = 1 gBC.weightx = 0.5 gBC.gridx = 2 gBC.gridy = 0 tab_1.add( JLabel('<html><font color=green><i>Outcome:</i></font></html>'), gBC) gBC.gridy = 1 gBC.gridwidth = 2 gBC.gridheight = 18 tab_1.add(self._tab1_feedback_sp, gBC) gBC.gridwidth = 1 gBC.gridheight = 1 gBC.gridy = 19 tab_1.add( JButton('Copy to clipboard!', actionPerformed=self.cpy_clipboard), gBC) ####################################### ### Creamos la segunda sub-tab. (REDIRECT) ####################################### tab_2 = JPanel(GridBagLayout()) tab_2_jlabelAyuda = JLabel( '<html><i>•Tip: This Redirect receive a pair of hosts x,y in order to redirect from x to y.</i></html>' ) tab_2_jlabelAyuda.setFont(Font("Serif", 0, 12)) gBC.gridx = 0 gBC.gridy = 0 tab_2.add( JLabel('<html><b>• From: (i.e. www.facebook.com)</b></html>'), gBC) gBC.gridx = 1 gBC.gridy = 0 tab_2.add(self._tab2_JTFa, gBC) gBC.gridx = 2 gBC.gridy = 0 tab_2.add( JLabel('<html><b>• To: (i.e. www.myhomepage.es)</b></html>'), gBC) gBC.gridx = 3 gBC.gridy = 0 tab_2.add(self._tab2_JTFaa, gBC) gBC.gridx = 0 gBC.gridy = 1 gBC.gridwidth = 4 tab_2.add(JSeparator(), gBC) gBC.gridwidth = 1 gBC.gridx = 0 gBC.gridy = 2 tab_2.add(JLabel('<html><b>• From:</b></html>'), gBC) gBC.gridx = 1 gBC.gridy = 2 tab_2.add(self._tab2_JTFb, gBC) gBC.gridx = 2 gBC.gridy = 2 tab_2.add(JLabel('<html><b>• To:</b></html>'), gBC) gBC.gridx = 3 gBC.gridy = 2 tab_2.add(self._tab2_JTFbb, gBC) gBC.gridx = 0 gBC.gridy = 3 gBC.gridwidth = 4 tab_2.add(self._tab2_boton, gBC) gBC.gridwidth = 1 gBC.gridx = 0 gBC.gridy = 4 gBC.gridwidth = 4 gBC.insets = Insets(100, 10, 5, 10) tab_2.add(JSeparator(), gBC) gBC.gridwidth = 1 gBC.insets = Insets(5, 10, 5, 10) gBC.gridx = 0 gBC.gridy = 5 gBC.gridwidth = 4 tab_2.add(tab_2_jlabelAyuda, gBC) gBC.gridwidth = 1 ####################################### ### Creamos la tercera sub-tab. (LOADER) ####################################### tab_3 = JPanel(GridBagLayout()) tab_3_jlabelAyuda = JLabel( '<html><i>•Tip: This Loader receive a list of Hosts or IPs that will be added to the Burp Scope.</i></html>' ) tab_3_jlabelAyuda.setFont(Font("Serif", 0, 12)) gBC.gridx = 0 gBC.gridy = 0 tab_3.add( JLabel( '<html><font color=green><i>List of targets: (i.e. http://www.mytargetweb.com)</i></font></html>' ), gBC) gBC.gridy = 1 gBC.gridheight = 10 gBC.weighty = 0.5 tab_3.add(self._tab3_urls_sp, gBC) gBC.gridheight = 1 gBC.weighty = 0 gBC.gridy = 11 tab_3.add( JButton('Load Into Target => Scope!', actionPerformed=self.loader), gBC) gBC.gridy = 12 gBC.gridwidth = 5 gBC.insets = Insets(100, 10, 5, 10) tab_3.add(JSeparator(), gBC) gBC.gridwidth = 1 gBC.insets = Insets(5, 10, 5, 10) gBC.gridy = 13 tab_3.add(tab_3_jlabelAyuda, gBC) ####################################### ### Creamos la cuarta sub-tab. (HEADERS) ####################################### tab_4_jlabelAyuda = JLabel( "<html><i>•Tip: This Headers records all unique headers that appear in every host, check out the security headers.</i></html>" ) tab_4_jlabelAyuda.setFont(Font("Serif", 0, 12)) tab_4_jLabelRecomendacion = JLabel( "<html>•<b>Server</b>: Don't give away much information.<br> •<b>Content-Security-Policy</b>: Protect your site from XSS attacks by whitelisting sources of approved content.<br> •<b>Strict-Transport-Security</b>: Enforce the browser to use HTTPS.<br> •<b>Public-Key-Pins</b>: Protect your site from MITM attacks.<br> •<b>X-Content-Type-Options</b>: the valid value is -> nosniff .<br> •<b>X-Frame-Options</b>: tells the browser whether you want to allow your site to be framed or not.<br> •<b>X-XSS-Protection</b>: the best value is -> 1; mode=block .</html>" ) tab_4_jLabelRecomendacion.setFont(Font("Dialog", 0, 13)) tab_4 = JPanel(GridBagLayout()) splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) tab_4_top = JPanel(GridBagLayout()) tab_4_bottom = JPanel(GridBagLayout()) gBC_table = GridBagConstraints() gBC_table.fill = GridBagConstraints.BOTH gBC_table.ipadx = 5 gBC_table.ipady = 5 gBC_table.insets = Insets(5, 10, 5, 10) gBC_table.weightx = 1 gBC_table.weighty = 1 tabla_datos = [] tabla_headers = ('Severity', 'Header', 'Value', 'Host') self._tab4_tabla_model = DefaultTableModel(tabla_datos, tabla_headers) tabla_ej = JTable(self._tab4_tabla_model) tabla_example = JScrollPane(tabla_ej, JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED, JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED) gBC_table.gridx = 0 gBC_table.gridy = 0 gBC_table.gridheight = 5 tab_4_top.add(tabla_example, gBC_table) gBC_table.gridheight = 1 gBC_table.weightx = 0.5 gBC_table.weighty = 0 gBC_table.gridwidth = 2 gBC_table.gridx = 0 gBC_table.gridy = 0 tab_4_bottom.add(JSeparator(), gBC_table) gBC_table.gridy = 1 tab_4_bottom.add(tab_4_jlabelAyuda, gBC_table) gBC_table.gridy = 2 tab_4_bottom.add(tab_4_jLabelRecomendacion, gBC_table) splitpane.setTopComponent(tab_4_top) splitpane.setBottomComponent(tab_4_bottom) gBC_table.weightx = 1 gBC_table.weighty = 1 gBC_table.gridx = 0 gBC_table.gridy = 0 tab_4.add(splitpane, gBC_table) ####################################### ### Creamos la quinta sub-tab. (ACTIVE SCAN) ####################################### tab_5 = JPanel(GridBagLayout()) tab_5_jlabelAyuda = JLabel( '<html><i>•Tip: This Quick Scan receive a list of targets and launch an active scan.</i></html>' ) tab_5_jlabelAyuda.setFont(Font("Serif", 0, 12)) tab_5_jlabelWarning = JLabel( '<html><font color=red><i>•Warning: Active scanning generates large numbers of requests which are malicious in form and which may result in compromise of the application. You should use this scanning mode with caution, only with the explicit permission of the application owner. For more information, read the documentation of active scan, Burp Suite.</font></i></html>' ) tab_5_jlabelWarning.setFont(Font("Dialog", 0, 13)) gBC.gridx = 0 gBC.gridy = 0 tab_5.add( JLabel( '<html><font color=green><i>List of targets: (i.e. http://192.168.1.1/index.html)</i></font></html>' ), gBC) gBC.gridy = 1 gBC.gridheight = 8 gBC.weighty = 0.5 tab_5.add(self._tab5_target_sp, gBC) gBC.gridheight = 1 gBC.weighty = 0 gBC.gridy = 9 tab_5.add(JButton('Launch Scan!', actionPerformed=self.do_active_scan), gBC) gBC.gridy = 10 gBC.gridwidth = 5 gBC.insets = Insets(100, 10, 5, 10) tab_5.add(JSeparator(), gBC) gBC.gridwidth = 1 gBC.insets = Insets(5, 10, 5, 10) gBC.gridy = 11 tab_5.add(tab_5_jlabelAyuda, gBC) gBC.gridy = 12 tab_5.add(tab_5_jlabelWarning, gBC) ####################################### ### Creamos la ultima sub-tab. ####################################### tab_about = JPanel(GridBagLayout()) gBC_about = GridBagConstraints() gBC_about.fill = GridBagConstraints.HORIZONTAL gBC_about.ipadx = 5 gBC_about.ipady = 5 gBC_about.insets = Insets(5, 10, 5, 10) gBC_about.weightx = 1 gBC_about.weighty = 1 Jlabel1 = JLabel('<html><b>Plug-in L-Tools</b></html>') Jlabel1.setFont(Font("Dialog", 1, 18)) jlabel2 = JLabel( '<html>This Plug-in provides utilities for pentesters, researchers and developers, in order to support their work.</html>' ) jlabel3 = JLabel('<html><b>CC-BY 4.0, 2017. Gino Angles</b></html>') jlabel3.setFont(Font("Dialog", 1, 14)) jlabel4 = JLabel('<html><b>License</b></html>') jlabel4.setFont(Font("Dialog", 1, 14)) jlabel5 = JLabel( '<html><img alt="Licensed under a Creative Commons BY" style="border-width:0" src="https://licensebuttons.net/l/by/4.0/88x31.png"></html>' ) jlabel6 = JLabel( '<html>This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.</html>' ) jlabel7 = JLabel('<html><b>Dependencies</b></html>') jlabel7.setFont(Font("Dialog", 1, 14)) jlabel8 = JLabel('Jython +2.7') jlabel9 = JLabel('http://www.jython.org') gBC_about.gridx = 0 gBC_about.gridy = 0 tab_about.add(Jlabel1, gBC_about) gBC_about.gridy = 1 tab_about.add(jlabel2, gBC_about) gBC_about.gridy = 2 tab_about.add(jlabel3, gBC_about) gBC_about.gridy = 3 gBC_about.gridwidth = 5 tab_about.add(JSeparator(), gBC_about) gBC_about.gridwidth = 1 gBC_about.gridy = 4 tab_about.add(jlabel4, gBC_about) gBC_about.gridy = 5 tab_about.add(jlabel5, gBC_about) gBC_about.gridy = 6 tab_about.add(jlabel6, gBC_about) gBC_about.gridy = 7 gBC_about.gridwidth = 5 tab_about.add(JSeparator(), gBC_about) gBC_about.gridwidth = 1 gBC_about.gridy = 8 tab_about.add(jlabel7, gBC_about) gBC_about.gridy = 9 tab_about.add(jlabel8, gBC_about) gBC_about.gridy = 10 tab_about.add(jlabel9, gBC_about) # Añadimos los sub-tab al contenedor y lo devolvemos. self.contenedor.addTab('Mashup', tab_1) self.contenedor.addTab('Redirect', tab_2) self.contenedor.addTab('Loader', tab_3) self.contenedor.addTab('Headers', tab_4) self.contenedor.addTab('Quick Scan', tab_5) self.contenedor.addTab('About', tab_about) return self.contenedor # Funcion que copia el contenido de texto al clipboard. def cpy_clipboard(self, event): toolkit = Toolkit.getDefaultToolkit() clipboard = toolkit.getSystemClipboard() clipboard.setContents(StringSelection(self._tab1_feedback_ta.text), None) JOptionPane.showMessageDialog(self.contenedor, "Output copied to clipboard", "Information", JOptionPane.INFORMATION_MESSAGE) return # Funcion que instancia la clase Masher() y hace el mashup del sub-tab1 (mashup). def mashup(self, event): if self._tab1_minsize.value > self._tab1_maxsize.value: self._callbacks.issueAlert( 'Mashup=> min size have to be bigger than max size.') else: estado_JCH_trans = self._tab1_transformations.isSelected() especial_chars = self._tab1_specialchars.text.split(",") mymash = Masher(self._tab1_minsize.value, self._tab1_maxsize.value, especial_chars, estado_JCH_trans) reverse_name = self._tab1_nombre.text[::-1] if self._tab1_firstcapital.isSelected(): lista_palabras = [ self._tab1_nombre.text.title(), self._tab1_apellido.text.title(), self._tab1_FNacimiento.text, self._tab1_mascota.text.title(), self._tab1_otro.text.title(), reverse_name.title() ] else: lista_palabras = [ self._tab1_nombre.text, self._tab1_apellido.text, self._tab1_FNacimiento.text, self._tab1_mascota.text, self._tab1_otro.text, reverse_name ] while "" in lista_palabras: lista_palabras.remove("") rdo_rdo = mymash.mashup(lista_palabras, self._tab1_FNacimiento.text) self._tab1_feedback_ta.text = "\n".join(rdo_rdo) return # Funcion que activa/desactiva el redirect. def switch_redirect(self, event): if not self._tab2_encendido: self._tab2_boton.text = ' Redirect is On ' self._tab2_boton.background = Color.gray self._tab2_encendido = True # Registramos la instancia del escuchador http. self._callbacks.registerHttpListener(self) else: self._tab2_boton.text = ' Redirect is Off ' self._tab2_boton.background = Color.lightGray self._tab2_encendido = False # Borramos la instancia del escuchador http. self._callbacks.removeHttpListener(self) return # @override def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if messageIsRequest and self._tab2_encendido: serviceHttp = messageInfo.getHttpService() if messageInfo.getHttpService().getHost() == self._tab2_JTFa.text: if self._tab2_JTFaa.text == '': self._tab2_JTFaa.text = 'localhost' messageInfo.setHttpService( self._helpers.buildHttpService(self._tab2_JTFaa.text, serviceHttp.getPort(), serviceHttp.getProtocol())) elif messageInfo.getHttpService().getHost( ) == self._tab2_JTFb.text: if self._tab2_JTFbb.text == '': self._tab2_JTFbb.text = 'localhost' messageInfo.setHttpService( self._helpers.buildHttpService(self._tab2_JTFbb.text, serviceHttp.getPort(), serviceHttp.getProtocol())) return # Funcion que carga el textArea de URL a Scope. def loader(self, event): lista_url = self._tab3_urls_ta.text.split("\n") for newUrl in lista_url: self._callbacks.includeInScope(URL(newUrl)) return # @override def doPassiveScan(self, request_response): _response = request_response.getResponse() _request = request_response.getRequest() _httpService = request_response.getHttpService() _url = request_response.getHttpService().getHost() info_response = self._helpers.analyzeResponse(_response) info_request = self._helpers.analyzeRequest(_httpService, _request) headers = info_response.getHeaders() _fullUrl = info_request.getUrl().toString() for head in headers: head_w1 = head.split("\n") for head_w2 in head_w1: head_w3 = head_w2.split(":") if len(head_w3) > 1: head_w3[0].encode('ascii', 'ignore') head_w3[1].encode('ascii', 'ignore') key = "%s-%s" % (_url, head_w3[0]) if key not in self._tab4_headers_dict: critical = self.analizeHeader(head_w3[0]) fila_tabla = [ critical, head_w3[0], head_w3[1], _fullUrl ] self._tab4_headers_dict[key] = fila_tabla self._tab4_tabla_model.addRow(fila_tabla) return # devuelve cuan importante es la cabecera HTTP. def analizeHeader(self, header): if header == "Content-Security-Policy": return "High" elif header == "X-Content-Type-Options": return "High" elif header == "X-Frame-Options": return "High" elif header == "X-XSS-Protection": return "High" elif header == "Strict-Transport-Security": return "High" elif header == "Public-Key-Pins": return "High" elif header == "Access-Control-Allow-Origin": return "High" elif header == "X-Permitted-Cross-Domain-Policies": return "High" elif header == "X-Powered-By": return "Information" elif header == "Server": return "Information" elif header == "Referrer-Policy": return "Medium" else: return " " # realiza un escaner al host/s apuntado. def do_active_scan(self, event): _lista_urls = self._tab5_target.text.split("\n") for _x_url in _lista_urls: _target_url = URL(_x_url) _target_request = self._helpers.buildHttpRequest(_target_url) _host = _target_url.getHost() _port = _target_url.getDefaultPort() _isHttps = True if _target_url.getProtocol() == "https" else False try: self._callbacks.doActiveScan(_host, _port, _isHttps, _target_request) except: pass return
class PropertyEditor(WindowAdapter): """ Edits Tabular Properties of a given WindowAdapter """ instances = {} last_location = None locations = {} last_size = None sizes = {} NEW_WINDOW_OFFSET = 32 offset = NEW_WINDOW_OFFSET @staticmethod def get_instance(text="Property Editor", columns=None, data=None, empty=None, add_actions=True, actions=None): """ Singleton Method based on the text property. It tries to generate only one property configuration page per text. :param text: getinstance key :param columns: proparty columns it should be an array alike :param data: it contains the current property rows :param empty: empty row property when adding a new one :param add_actions: include or not new actions :param actions: default set of actions to be appended to Add and Delete Rows :return: a new instance of PropertyEditor or a reused one. """ if not actions: actions = [] if not columns: columns = [] if data == None: data = [] if not empty: empty = [] try: PropertyEditor.instances[text] except KeyError: PropertyEditor.instances[text] = \ PropertyEditor().__private_init__(text, columns, data, empty, add_actions, actions) try: PropertyEditor.instances[text].this.setLocation( PropertyEditor.locations[text]) except KeyError: if PropertyEditor.last_location: PropertyEditor.instances[text].this.setLocation( PropertyEditor.last_location.x + PropertyEditor.offset, PropertyEditor.last_location.y + PropertyEditor.offset) PropertyEditor.offset = PropertyEditor.NEW_WINDOW_OFFSET try: PropertyEditor.instances[text].this.setSize( PropertyEditor.sizes[text]) except KeyError: if PropertyEditor.last_size: PropertyEditor.instances[text].this.setSize( PropertyEditor.last_size) PropertyEditor.last_location = PropertyEditor.instances[ text].this.getLocation() PropertyEditor.last_size = PropertyEditor.instances[ text].this.getSize() ## Hack ON: Bring on Front PropertyEditor.instances[text].this.setAlwaysOnTop(True) PropertyEditor.instances[text].this.setAlwaysOnTop(False) ## Hack OFF return PropertyEditor.instances[text] def __private_init__(self, text="Property Editor", columns=None, data=None, empty=None, add_actions=True, actions=None): if not actions: actions = [] if not columns: columns = [] if data == None: data = [] if not empty: empty = [] self._text = text self.this = JFrame(text) self._table = JTable() self._dtm = DefaultTableModel(0, 0) self._dtm.setColumnIdentifiers(columns) self._table.setModel(self._dtm) self._data = data for d in data: self._dtm.addRow(d) self._pane = JScrollPane(self._table) self.this.add(self._pane) self._empty = empty self.this.addWindowListener(self) self._dtm.addTableModelListener(lambda _: self._update_model()) self.this.setLocation(PropertyEditor.NEW_WINDOW_OFFSET, PropertyEditor.NEW_WINDOW_OFFSET) if add_actions: self._popup = JPopupMenu() self._pane.setComponentPopupMenu(self._popup) inherits_popup_menu(self._pane) self._actions = actions self._actions.append( ExecutorAction('Remove Selected Rows', action=lambda e: self._remove_row())) self._actions.append( ExecutorAction('Add New Row', action=lambda e: self._add_row())) for action in self._actions: self._popup.add(action.menuitem) self.this.setForeground(Color.black) self.this.setBackground(Color.lightGray) self.this.pack() self.this.setVisible(True) self.this.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE) return self def _add_row(self): """ Add a new row the selection :return: None """ self._dtm.addRow(self._empty) def _remove_row(self): """ Remove all the selected rows from the selection :return: """ rows = self._table.getSelectedRows() for i in range(0, len(rows)): self._dtm.removeRow(rows[i] - i) def windowClosing(self, evt): """ Overrides WindowAdapter method :param evt: unused :return: None """ PropertyEditor.locations[self._text] = self.this.getLocation() PropertyEditor.sizes[self._text] = self.this.getSize() PropertyEditor.last_location = self.this.getLocation() PropertyEditor.last_size = self.this.getSize() PropertyEditor.offset = 0 self.this.setVisible(False) self.this.dispose() del PropertyEditor.instances[self._text] def _update_model(self): """ Update the data content with the updated rows :return: None """ del self._data[:] nRow = self._dtm.getRowCount() nCol = self._dtm.getColumnCount() for i in range(0, nRow): self._data.append([None] * nCol) for j in range(0, nCol): d = str(self._dtm.getValueAt(i, j)).lower() if d == 'none' or d == '': self._data[i][j] = None elif d == 'true' or d == 't': self._data[i][j] = True elif d == 'false' or d == 'f': self._data[i][j] = False else: try: self._data[i][j] = int(self._dtm.getValueAt(i, j)) except ValueError: self._data[i][j] = self._dtm.getValueAt(i, j)
class BurpExtender(IBurpExtender, ISessionHandlingAction, ITab, IContextMenuFactory, IContextMenuInvocation, ActionListener, ITextEditor): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # save the helpers for later self.helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Custom Request Handler") callbacks.registerSessionHandlingAction(self) callbacks.registerContextMenuFactory(self) self._text_editor = callbacks.createTextEditor() self._text_editor.setEditable(False) #How much loaded the table row self.current_column_id = 0 #GUI self._split_main = JSplitPane(JSplitPane.VERTICAL_SPLIT) self._split_top = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self._split_top.setPreferredSize(Dimension(100, 50)) self._split_top.setDividerLocation(700) self._split_center = JSplitPane(JSplitPane.VERTICAL_SPLIT) boxVertical = swing.Box.createVerticalBox() box_top = swing.Box.createHorizontalBox() boxHorizontal = swing.Box.createHorizontalBox() buttonHorizontal = swing.Box.createHorizontalBox() boxVertical.add(boxHorizontal) box_regex = swing.Box.createVerticalBox() border = BorderFactory.createTitledBorder(LineBorder(Color.BLACK), "Extract target strings", TitledBorder.LEFT, TitledBorder.TOP) box_regex.setBorder(border) self._add_btn = JButton("Add") self._add_btn.addActionListener(self) self._remove_btn = JButton("Remove") self._remove_btn.addActionListener(self) items = [ 'JSON', 'Header', ] self._dropdown = JComboBox(items) type_panel = JPanel(FlowLayout(FlowLayout.LEADING)) type_panel.add(JLabel('Type:')) type_panel.add(self._dropdown) self._jLabel_param = JLabel("Name:") self._param_error = JLabel("Name is required") self._param_error.setVisible(False) self._param_error.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._param_error.setForeground(Color.red) regex_checkbox = JPanel(FlowLayout(FlowLayout.LEADING)) self._is_use_regex = JCheckBox("Extract from regex group") regex_checkbox.add(self._is_use_regex) self._jTextIn_param = JTextField(20) self._jLabel_regex = JLabel("Regex:") self._jTextIn_regex = JTextField(20) self._regex_error = JLabel("No group defined") self._regex_error.setVisible(False) self._regex_error.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._regex_error.setForeground(Color.red) self._param_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._param_panel.add(self._jLabel_param) self._param_panel.add(self._jTextIn_param) self._param_panel.add(self._param_error) self._regex_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._regex_panel.add(self._jLabel_regex) self._regex_panel.add(self._jTextIn_regex) self._regex_panel.add(self._regex_error) button_panel = JPanel(FlowLayout(FlowLayout.LEADING)) #padding button_panel.add(JPanel()) button_panel.add(JPanel()) button_panel.add(JPanel()) button_panel.add(self._add_btn) button_panel.add(self._remove_btn) box_regex.add(type_panel) box_regex.add(self._param_panel) box_regex.add(regex_checkbox) box_regex.add(self._regex_panel) buttonHorizontal.add(button_panel) box_regex.add(buttonHorizontal) boxVertical.add(box_regex) box_top.add(boxVertical) box_file = swing.Box.createHorizontalBox() checkbox_panel = JPanel(FlowLayout(FlowLayout.LEADING)) border = BorderFactory.createTitledBorder( LineBorder(Color.BLACK), 'Payload Sets [Simple list]', TitledBorder.LEFT, TitledBorder.TOP) box_file.setBorder(border) box_param = swing.Box.createVerticalBox() box_param.add(checkbox_panel) file_column_names = [ "Type", "Name", "Payload", ] data = [] self.file_table_model = DefaultTableModel(data, file_column_names) self.file_table = JTable(self.file_table_model) self.file_table.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) column_model = self.file_table.getColumnModel() for count in xrange(column_model.getColumnCount()): column = column_model.getColumn(count) column.setPreferredWidth(160) self.file_table.preferredScrollableViewportSize = Dimension(500, 70) self.file_table.setFillsViewportHeight(True) panel_dropdown = JPanel(FlowLayout(FlowLayout.LEADING)) self._file_dropdown = JComboBox(items) panel_dropdown.add(JLabel('Type:')) panel_dropdown.add(self._file_dropdown) box_param.add(panel_dropdown) box_param.add(JScrollPane(self.file_table)) callbacks.customizeUiComponent(self.file_table) file_param_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._file_param = JLabel("Name:") self._file_param_text = JTextField(20) file_param_panel.add(self._file_param) file_param_panel.add(self._file_param_text) self._error_message = JLabel("Name is required") self._error_message.setVisible(False) self._error_message.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._error_message.setForeground(Color.red) file_param_panel.add(self._error_message) box_param.add(file_param_panel) box_button_file = swing.Box.createVerticalBox() self._file_load_btn = JButton("Load") self._file_clear_btn = JButton("Clear") self._file_clear_btn.addActionListener(self) self._file_load_btn.addActionListener(self) box_button_file.add(self._file_load_btn) box_button_file.add(self._file_clear_btn) box_file.add(box_button_file) box_file.add(box_param) boxVertical.add(box_file) regex_column_names = [ "Type", "Name", "Regex", "Start at offset", "End at offset", ] #clear target.json with open("target.json", "w") as f: pass data = [] self.target_table_model = DefaultTableModel(data, regex_column_names) self.target_table = JTable(self.target_table_model) self.target_table.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) column_model = self.target_table.getColumnModel() for count in xrange(column_model.getColumnCount()): column = column_model.getColumn(count) column.setPreferredWidth(100) self.target_table.preferredScrollableViewportSize = Dimension(500, 70) self.target_table.setFillsViewportHeight(True) callbacks.customizeUiComponent(self.target_table) callbacks.customizeUiComponent(boxVertical) table_panel = swing.Box.createVerticalBox() table_panel.add(JScrollPane(self.target_table)) box_top.add(table_panel) self._jScrollPaneOut = JScrollPane() #self._split_main.setBottomComponent(self._jScrollPaneOut) self._split_main.setBottomComponent(self._text_editor.getComponent()) self._split_main.setTopComponent(box_top) self._split_main.setDividerLocation(450) callbacks.customizeUiComponent(self._split_main) callbacks.addSuiteTab(self) return def getTabCaption(self): return "CRH" def getUiComponent(self): return self._split_main def createMenuItems(self, invocation): menu = [] ctx = invocation.getInvocationContext() menu.append( swing.JMenuItem("Send to CRH", None, actionPerformed=lambda x, inv=invocation: self. menu_action(inv))) return menu if menu else None # # Implementation of Menu Action # def menu_action(self, invocation): try: invMessage = invocation.getSelectedMessages() message = invMessage[0].getResponse() res_info = self.helpers.analyzeResponse(message) send_res = message.tostring() self._text_editor.setText(send_res) except: print('Failed to add data to CRH tab.') # # Implementation of event action # def actionPerformed(self, actionEvent): # onclick add button of extract from regex group if actionEvent.getSource() is self._add_btn: start, end = self._text_editor.getSelectionBounds() value = None regex = None item = self._dropdown.getSelectedItem() param = self._jTextIn_param.getText() if len(param) is 0: self._param_error.setVisible(True) return self._param_error.setVisible(False) is_selected = self._is_use_regex.isSelected() if is_selected: start = None end = None regex = self._jTextIn_regex.getText() if len(regex) is 0: self._regex_error.setVisible(True) return req = self._text_editor.getText() try: pattern = re.compile(regex) match = pattern.search(req) value = match.group(1) if match else None if value is None: raise IndexError except IndexError: self._regex_error.setVisible(True) return self._regex_error.setVisible(False) data = [ item, param, regex, start, end, ] self.target_table_model.addRow(data) with open("target.json", "r+") as f: try: json_data = json.load(f) except ValueError: json_data = dict() if is_selected: data = { param: [ item, regex, ] } else: data = { param: [ item, start, end, ] } json_data.update(data) self.write_file(f, json.dumps(json_data)) # onclick remove button of extract from regex group if actionEvent.getSource() is self._remove_btn: rowno = self.target_table.getSelectedRow() if rowno != -1: column_model = self.target_table.getColumnModel() param_name = self.target_table_model.getValueAt(rowno, 1) start = self.target_table_model.getValueAt(rowno, 3) self.target_table_model.removeRow(rowno) with open("target.json", 'r+') as f: try: json_data = json.load(f) except ValueError: json_data = dict() for key, value in json_data.items(): if value[1] == start and key == param_name: try: del json_data[key] except IndexError: print('Error: {0}: No such json key.'.format( key)) self.write_file(f, json.dumps(json_data)) # onclick load button of payload sets if actionEvent.getSource() is self._file_load_btn: #clear table self.remove_all(self.file_table_model) self.current_column_id = 0 target_param = self._file_param_text.getText() item = self._file_dropdown.getSelectedItem() if len(target_param) == 0: self._error_message.setVisible(True) return self._error_message.setVisible(False) chooser = JFileChooser() chooser.showOpenDialog(actionEvent.getSource()) file_path = chooser.getSelectedFile().getAbsolutePath() with open(file_path, 'r') as f: while True: line = f.readline().strip() if not line: break data = [ item, target_param, line, ] self.file_table_model.addRow(data) with open('target.json', 'r+') as f: try: json_data = json.load(f) except ValueError: json_data = dict() json_data.update({target_param: [ item, 'Set payload', ]}) self.write_file(f, json.dumps(json_data)) # onclick clear button of payload sets if actionEvent.getSource() is self._file_clear_btn: self.remove_all(self.file_table_model) self.current_column_id = 0 with open("target.json", 'r+') as f: try: json_data = json.load(f) except: json_data = dict() for key, value in json_data.items(): if isinstance(value[1], unicode): if value[1].encode('utf-8') == 'Set payload': try: del json_data[key] except IndexError: print('Error: {0}: No such json key.'.format( key)) self.write_file(f, json.dumps(json_data)) # # Implementaion of ISessionHandlingAction # def getActionName(self): return "custom request handler" def performAction(self, current_request, macro_items): if len(macro_items) == 0: return # extract the response headers final_response = macro_items[len(macro_items) - 1].getResponse() if final_response is None: return req = self.helpers.analyzeRequest(current_request) try: with open('target.json', 'r') as f: read_data = f.read() self.read_data = json.loads(read_data) except ValueError: sys.stderr.write('Error: json.loads()') return for key, value in self.read_data.items(): if value[0] == 'JSON': self.set_json_parameter(current_request, final_response, key, value) elif value[0] == 'Header': self.set_header(current_request, final_response, key, value) def set_json_parameter(self, current_request, final_response, key, value): req = self.helpers.analyzeRequest(current_request) if IRequestInfo.CONTENT_TYPE_JSON != req.getContentType(): return False body = current_request.getRequest()[req.getBodyOffset():].tostring() json_data = json.loads(body, object_pairs_hook=collections.OrderedDict) target_keys = filter(lambda x: x == key, json_data.keys()) if not target_keys: return req_data = json_data column_model = self.file_table.getColumnModel() row_count = self.file_table_model.getRowCount() for key in target_keys: if value[-1] == 'Set payload': if row_count > self.current_column_id: req_value = self.file_table_model.getValueAt( self.current_column_id, 2) self.current_column_id += 1 else: # No selected regex if len(value) > 2: start, end = value[1:] req_value = final_response[start:end].tostring() else: regex = value[1] match = re.search(regex, final_response.tostring()) req_value = match.group(1) if match else None req_data[key] = req_value req = current_request.getRequest() json_data_start = self.helpers.indexOf(req, bytearray(body), False, 0, len(req)) # glue together header + customized json of request current_request.setRequest( req[0:json_data_start] + self.helpers.stringToBytes(json.dumps(req_data))) def set_header(self, current_request, final_response, key, value): req = self.helpers.analyzeRequest(current_request) headers = req.getHeaders() target_keys = [] for header in headers: if header.startswith(key): target_keys += [key] if not target_keys: return column_model = self.file_table.getColumnModel() row_count = self.file_table_model.getRowCount() req = current_request.getRequest() for key in target_keys: if value[-1] == 'Set payload': if row_count > self.current_column_id: req_value = self.file_table_model.getValueAt( self.current_column_id, 2) self.current_column_id += 1 else: # No selected regex if len(value) > 2: start, end = value[1:] req_value = final_response[start:end].tostring() else: regex = value[1] match = re.search(regex, final_response.string()) req_value = match.group(1) if match else None key_start = self.helpers.indexOf(req, bytearray(key.encode('utf-8')), False, 0, len(req)) key_end = self.helpers.indexOf(req, bytearray('\r\n'), False, key_start, len(req)) keylen = len(key) # glue together first line + customized hedaer + rest of request current_request.setRequest( req[0:key_start] + self.helpers.stringToBytes("%s: %s" % (key.encode('utf-8'), req_value)) + req[key_end:]) # # Implementation of function for Remove all for specific table data # def remove_all(self, model): count = model.getRowCount() for i in xrange(count): model.removeRow(0) # # Implementaion of function for write data for specific file # def write_file(self, f, data): f.seek(0) f.write(data) f.truncate() return