def testCSVPipe(self): """testing the CSV pipe""" from java.io import PrintWriter, FileWriter from com.ziclix.python.sql.pipe import Pipe from com.ziclix.python.sql.pipe.db import DBSource from com.ziclix.python.sql.pipe.csv import CSVSink try: src = self.connect() fn = tempfile.mktemp(suffix="csv") writer = PrintWriter(FileWriter(fn)) csvSink = CSVSink(writer) c = self.cursor() try: c.execute("insert into zxtesting (id, name, state) values (?, ?, ?)", [(1000, 'this,has,a,comma', 'and a " quote')]) c.execute("insert into zxtesting (id, name, state) values (?, ?, ?)", [(1001, 'this,has,a,comma and a "', 'and a " quote')]) # ORACLE has a problem calling stmt.setObject(index, null) c.execute("insert into zxtesting (id, name, state) values (?, ?, ?)", [(1010, '"this,has,a,comma"', None)], {2:zxJDBC.VARCHAR}) self.db.commit() finally: self.db.rollback() c.close() dbSource = DBSource(src, c.datahandler.__class__, "zxtesting", None, None, None) cnt = Pipe().pipe(dbSource, csvSink) - 1 # ignore the header row finally: writer.close() src.close() os.remove(fn)
class BurpExtender(IBurpExtender, IScannerListener, IExtensionStateListener): # init module settings and variables # hoping to make this a GUI option (not sure how yet) # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # set our extension name callbacks.setExtensionName("Scanner Streamer [c22]") # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) # register ourselves as a Scanner listener callbacks.registerScannerListener(self) # register ourselves as an extension state listener callbacks.registerExtensionStateListener(self) # call initExtension routine initExtension() return # # implement IScannerListener # def newScanIssue(self, issue): if domainInScope(self, issue): # check if finding already displayed for this hostname if newFinding(issue): outputFinding(self, issue) else: # already displayed if verbose: self._stdout.println("[-] Finding already displayed (%s)" % issue.getIssueName()) return # # implement IExtensionStateListener # def extensionUnloaded(self): self._stdout.println("\n[!] Scanner_Streamer.py extension was unloaded") return
def register_script(self): """ Registers a pig scripts with its variables substituted. raises: IOException If a temp file containing the pig script could not be created. raises: ParseException The pig script could not have all its variables substituted. todo: Refactor this processes that result in calling this method. This method gets called twice for a single assert as every method that needs the data assumes no one else has called it (even methods that call other methods that call it (assertOutput() calls get_alias() which both call this method). """ pigIStream = BufferedReader(StringReader(self.orig_pig_code)) pigOStream = StringWriter() ps = ParameterSubstitutionPreprocessor(50) # Where does 50 come from? ps.genSubstitutedFile(pigIStream, pigOStream, self.args, self.arg_files) substitutedPig = pigOStream.toString() f = File.createTempFile("tmp", "pigunit") pw = PrintWriter(f) pw.println(substitutedPig) pw.close() pigSubstitutedFile = f.getCanonicalPath() self._temp_pig_script = pigSubstitutedFile self.pig.registerScript(pigSubstitutedFile, self.alias_overrides)
def dm_dump_dot(dmuid,filename): dmm = project.getDUM() uid = DMUID.parse(dmuid) dm = dmm.getDM(uid) if dm == None: printf('DM %s not found', dmuid) else: printf('Dumping %s...', dm) dot = AST2DOT(dm, project.getZDB()) dot.blacklistField("fParent") # dot.blacklistField("fSource") # dot.blacklistField("fStartCol") # dot.blacklistField("fStartLine") dot.blacklistField("fEndCol") dot.blacklistField("fEndLine") dot.blacklistField("fDeclarationMap") out = PrintWriter(BufferedWriter(FileWriter(filename))); dot.convert(out); out.close() printf("python: wrote dot file to %s", filename)
def ig_dump_dot(dmuid,filename): igm = project.getIGM() uid = DMUID.parse(dmuid) module = igm.findModule(Toplevel(uid, None)) if module == None: printf('DM %s not found', dmuid) else: printf('Dumping %s...', module) dot = IG2DOT(module); dot.blacklistField("fImportedLibs"); dot.blacklistField("fImportedPackages"); dot.blacklistField("fZPrjID"); dot.blacklistField("fSFDBID"); dot.blacklistField("fLine"); dot.blacklistField("fCol"); dot.blacklistField("fScore"); dot.blacklistField("fFailed"); dot.blacklistField("fReject"); dot.blacklistField("fInertial"); dot.blacklistField("fDelay"); out = PrintWriter(BufferedWriter(FileWriter(filename))); dot.convert(out); out.close() printf("python: wrote dot file to %s", filename)
def rtl_dump_svg(dmuid,filename): rtlmanager = project.getRTLM() uid = DMUID.parse(dmuid) rtlm = rtlmanager.findModule(Toplevel(uid, None)) if rtlm == None: printf('RTLM %s not found', dmuid) else: printf('Dumping %s...', rtlm) out = PrintWriter(BufferedWriter(FileWriter(filename))) gc = VGGCSVG(out) contentProvider = RTLVisualGraphContentProvider(rtlm) labelProvider = RTLVisualGraphLabelProvider(rtlm) selectionProvider = RTLVisualGraphSelectionProvider() layout = VGLayout(contentProvider, labelProvider, gc) layout.paint(selectionProvider); out.close() printf("python: wrote svg file to %s", filename)
def createInputFile(self, fs, fileName, input_data): if(fs.exists(Path(fileName))): raise IOException("File " + fileName + " already exists on the minicluster") stream = fs.create(Path(fileName)) pw = PrintWriter(OutputStreamWriter(stream, "UTF-8")) for i in xrange(len(input_data)): pw.println(input_data[i]) pw.close();
def registerExtenderCallbacks(self, callbacks): callbacks.setExtensionName("Seccasts Tutorial - Jython") stdout = PrintWriter(callbacks.getStdout(), True) stdout.println("Hello from Seccasts!") return
def registerExtenderCallbacks(self, _callbacks): global helpers, callbacks, derr, dout callbacks = _callbacks helpers = callbacks.getHelpers() callbacks.setExtensionName("Parametreci v0.1") dout = PrintWriter(callbacks.getStdout(), True) derr = PrintWriter(callbacks.getStderr(), True) dout.println("Parametreci | twitter.com/0x94") callbacks.registerScannerCheck(ParametreScn()) callbacks.registerScannerCheck(Upload())
def registerExtenderCallbacks(self, callbacks): self.menuitems = dict() self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName(EXTENSION_NAME) callbacks.registerContextMenuFactory(self) self._contextMenuData = None self._stdout = PrintWriter(callbacks.getStdout(), True) self.generate_menu_items() return
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._callbacks.setExtensionName(self.NAME) self._callbacks.registerSessionHandlingAction(self) self.stdout = PrintWriter(self._callbacks.getStdout(), True) self.stdout.println(self.NAME + "\n") self.stdout.println('Registered: {:%Y-%m-%d %H:%M:%S}'.format(datetime.datetime.now())) self.stdout.println("-----------------------------------------------------------------\n\n") return
class BurpExtender(IBurpExtender, IHttpRequestResponse, IHttpService, ITab): def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName('Save URL List') self.panel = JPanel() self.myLabel = JLabel('Save URL List as a Text File', JLabel.CENTER) self.buttonFile = Button('Select File', actionPerformed=self.selectFile) self.buttonSaveProxy = Button('Save All Proxy History', actionPerformed=self.saveProxy) self.buttonSaveSiteTree = Button('Save All Target SiteTree ', actionPerformed=self.saveSiteTree) self.buttonSaveProxyScope = Button('Save In-Scope Proxy History', actionPerformed=self.saveProxyScope) self.buttonSaveSiteTreeScope = Button('Save In-Scope Target SiteTree', actionPerformed=self.saveSiteTreeScope) self.panel.add(self.myLabel) self.panel.add(self.buttonFile) self.panel.add(self.buttonSaveProxy) self.panel.add(self.buttonSaveSiteTree) self.panel.add(self.buttonSaveProxyScope) self.panel.add(self.buttonSaveSiteTreeScope) callbacks.customizeUiComponent(self.panel) callbacks.addSuiteTab(self) def getTabCaption(self): return 'URL List' def getUiComponent(self): return self.panel def selectFile(self, event): chooser = JFileChooser() retVal = chooser.showSaveDialog(None) self.saveFile = chooser.selectedFile.path def saveProxy(self, event): self.stdout.println('Writing Entire Proxy History URL List to File: ' + self.saveFile) writer = open(self.saveFile, 'w') proxyHistory = self.callbacks.getProxyHistory() if proxyHistory: for item in proxyHistory: try: request = item.getRequest() if request: service = item.getHttpService() myURL = self.helpers.analyzeRequest(service, request).getUrl().toString() writer.write(myURL + '\n') except Exception, e: self.stderr.println('Error Writing URL.') continue else:
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.helpers callbacks.setExtensionName("Burp Scripter Plus") stdout = PrintWriter(callbacks.getStdout(), True) stdout.println( """Successfully loaded Burp Scripter Plus v""" + VERSION + """\n Repository @ https://github.com/Acceis/BurpScripterPlus Send feedback or bug reports on twitter @G4N4P4T1""" ) self.scriptpane = JTextPane() self.scriptpane.setFont( Font("Monospaced", Font.PLAIN, 12) ) self.scrollpane = JScrollPane() self.scrollpane.setViewportView(self.scriptpane) self._code = compile("", "<string>", "exec") self._script = "" script = callbacks.loadExtensionSetting("script") if script: script = base64.b64decode(script) self.scriptpane.document.insertString( self.scriptpane.document.length, script, SimpleAttributeSet(), ) self._script = script try: self._code = compile( script, "<string>", "exec" ) except Exception as e: traceback.print_exc( file=self.callbacks.getStderr() ) callbacks.registerExtensionStateListener(self) callbacks.registerHttpListener(self) callbacks.customizeUiComponent( self.getUiComponent() ) callbacks.addSuiteTab(self) self.scriptpane.requestFocus()
def registerExtenderCallbacks(self, callbacks): # main entry point for the extension # set our extension name callbacks.setExtensionName('BlockerLite') # register ourselves as extension state listener (IExtensionStateListener) callbacks.registerExtensionStateListener(self) # register ourselves as proxy listener (IProxyListener) callbacks.registerProxyListener(self) # keep a reference to our callbacks object self._callbacks = callbacks # get output streams in auto-flush mode self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # create and populate the blacklist self._blacklist = set() self._blacklist.add('http://ciscobinary.openh264.org') self._blacklist.add('http://detectportal.firefox.com') self._blacklist.add('https://location.services.mozilla.com') self._blacklist.add( 'https://activity-stream-icons.services.mozilla.com') self._blacklist.add('https://shavar.services.mozilla.com') self._blacklist.add('https://versioncheck-bg.addons.mozilla.org') self._blacklist.add('https://snippets.cdn.mozilla.net') self._blacklist.add('https://getpocket.com') self._blacklist.add('https://safebrowsing.googleapis.com') self._blacklist.add('https://tiles.services.mozilla.com') self._blacklist.add('https://incoming.telemetry.mozilla.org') self._blacklist.add('https://services.addons.mozilla.org') self._blacklist.add('https://aus5.mozilla.org') self._blacklist.add('https://normandy.cdn.mozilla.net') self._blacklist.add('https://blocklists.settings.services.mozilla.com') self._blacklist.add('https://firefox.settings.services.mozilla.com') self._blacklist.add('https://redirector.gvt1.com') self._blacklist.add('https://push.services.mozilla.com') self._blacklist.add('https://content-signature-2.cdn.mozilla.net') self._blacklist.add('https://content-autofill.googleapis.com') self._blacklist.add('http://www.gstatic.com') self._blacklist.add('https://www.gstatic.com') self._blacklist.add('http://update.googleapis.com') self._blacklist.add('https://update.googleapis.com') self._blacklist.add('https://accounts.google.com') self._blacklist.add('https://www.google.com') self._blacklist.add('https://translate.googleapis.com') self._blacklist.add('https://www.google-analytics.com') self._stdout.println('Extension was loaded') self._stdout.println('Running under version ' + sys.version) return
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName(self.EXTENSION_NAME) callbacks.issueAlert("AutoRecon is enabled") # add the custom tab to Burp's UI self.initUI() # self._newpanel.setLayout(FlowLayout()) # callbacks.customizeUiComponent(self._newpanel) callbacks.addSuiteTab(self) self.callable = [ # self.sublister, # self.shodan_search, self.certsh_search, # self.anubis, # self.googleDig, # self.censys, # self.certspotter, # self.bufferover_run, # self.urlscan, # self.otx_alienvault, # self.threatminer, # self.netcraft, # self.threatcrowd, # self.dnsdumpster, # self.virustotal, # self.ptrarchive, ] # self.callable = [self.censys] # define stdout writer self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) self._stdout.println(self.EXTENSION_NAME + " by @bourne") self._stdout.println( "================================================") self._stdout.println( 'TIP: Right click on any domain and add it to scope in "autoRecon"' ) self._stdout.println("") self.outputTxtArea.setText( self.EXTENSION_NAME + " by @bourne" + "\n" + "================================================" + "\n" + 'TIP: Right click on any domain and add it to scope in "autoRecon"\n' ) self.context = None callbacks.registerContextMenuFactory(self) return
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self._callbacks.setExtensionName("Json-to-Urlencoded") self.echo("[*] @author Abdulla Ismayilov - [email protected]") self._callbacks.registerContextMenuFactory(self)
class BurpExtender(IBurpExtender, IHttpListener, IProxyListener): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._helpers = callbacks.getHelpers() self.all_params = dict() # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) # set our extension name callbacks.setExtensionName("Burp Plugin For HTTP Analysis") # register ourselves as an HTTP listener callbacks.registerHttpListener(self) # register ourselves as a Proxy listener callbacks.registerProxyListener(self) return def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): return def processProxyMessage(self, messageIsRequest, message): if not messageIsRequest: # self._stdout.println("Proxy response from " + message.getMessageInfo().getHttpService().toString()) # self._stdout.println(message.getMessageInfo().getRequest().tostring()) self.extractParameter(message.getMessageInfo()) self.checkReflectedXSS(message.getMessageInfo()) return def extensionUnloaded(self): self._stdout.println("Extension was unloaded") return def checkMutiPart(self, headers): for i in headers: if (i.lower()[:12] == "content-type"): if (i.lower()[12:].find("multipart/form-data") > 0): return True, i else: return False, None break return False, None def parseMutiPart(self, request_headers, content_type_line): body = request_headers.split("\r\n\r\n")[1:] body = ("\r\n\r\n".join(body)) parsed = cgi.FieldStorage(IO(body), headers={content_type_line}, environ={'REQUEST_METHOD': 'POST'}) # Stuck here, wait def checkJsonString(self, check_str): try: json_object = json.loads(check_str) except ValueError, e: return False # invalid json else:
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks callbacks.setExtensionName("my http listener") self._stdout = PrintWriter(callbacks.getStdout(), True) callbacks.registerHttpListener(self) self._helpers = callbacks.getHelpers()
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.helpers = callbacks.getHelpers() callbacks.setExtensionName("Intruder WCF") callbacks.registerHttpListener(WCFIntruderListener(self)) callbacks.registerContextMenuFactory(WCFIntruderCtxMenu(self)) return
def registerExtenderCallbacks(self, callbacks): # set our extension name callbacks.setExtensionName("G2 Determine Session Cookie") callbacks.registerContextMenuFactory(DetermineCookieMenuItem(callbacks)) # obtain our output and error streams stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) # write a message to our output stream stdout.println("G2 Determine Session Cookie - Successful Initialization")
class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Cookie Via XSS") callbacks.registerHttpListener(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.issueAlert("Loaded Successfull.") def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): if messageIsRequest: requestInfo = self._helpers.analyzeRequest(currentRequest) self.headers = list(requestInfo.getHeaders()) # self.setHeader('Cookie',"Cookie_HelloMe") cookie_text = "" hook_host = requestInfo.getUrl().getHost() if os.path.exists(file_path): with open(file_path, 'r') as rf: cooki_domain = rf.readline().replace("\n","").split("=")[1] if str(cooki_domain) in str(hook_host): for line in rf.readlines(): cookie_text += line.replace("\n","") else: pass if len(cookie_text) > 10: self.stdout.println("[+]-------Hack Inject Cookie-------[+]") self.stdout.println(cookie_text) self.setHeader('Cookie',cookie_text) bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():] self.body = self._helpers.bytesToString(bodyBytes) newMessage = self._helpers.buildHttpMessage(self.headers, self.body) currentRequest.setRequest(newMessage) # Process responses else: pass def setHeader(self, header, value): new_headers = [] for h in self.headers: if header in h: h = header + ': ' + value new_headers.append(h) self.headers = new_headers
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() callbacks.setExtensionName("DetectSRI") callbacks.issueAlert("DetectSRI Passive Scanner check enabled") stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) callbacks.registerScannerCheck(self)
def makeRequest(self,host,port,protoChoice,request): stdout = PrintWriter(self._callbacks.getStdout(), True) try: self.resp = self._callbacks.makeHttpRequest( host, port, protoChoice, request ) except Exception as ex: stdout.println(ex)
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() # Register methods for error reporting self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.stdout.println("Module loaded successfully!") callbacks.setExtensionName('Add Luhn check digit') callbacks.registerIntruderPayloadProcessor(self) return
def fuzzParams(self, host, port, protoChoice, headers, body, method, urlpath, content_type, baseline): stdout = PrintWriter(self.callbacks.getStdout(), True) stdout.println("[!] FUZZING " + str(len(body)) + " PARAMETERS") issueList.clear() payloadSet = { "5": ' 00', "10": ' 00', "15": ' 00', "20": ' 00', "30": ' 00', "40": ' 00' } #Let's loop through each parameter for param in body: stdout.println(" [-] FUZZING: " + str(param)) fuzzParameter = str(param) for payLSD in payloadSet: stdout.println(" [-] PAYLOAD: " + payLSD) payload = payloadSet[payLSD] bodd = body bodd[fuzzParameter] = bodd[fuzzParameter] + payload if "json" not in content_type.lower(): new_body = "" new_body += '&'.join("%s=%s" % (key, str(val)) for (key, val) in bodd.iteritems()) #print(" " + new_body) if method == "GET": url1 = urlpath.split("?")[0] url2 = "?" + str(new_body) headers[0] = "GET " + str(url1) + str(url2) + " HTTP/1.1" self.getRequest(headers, [host, port, protoChoice]) else: self.postRequest(headers, new_body, [host, port, protoChoice]) #Here we take the lengh and status code of the body returned as a baseline reqFuzzResponse = self.helpers.analyzeResponse(self.resp) reqFuzzReq = self.helpers.analyzeRequest(self.resp) reqFuzzRespTxt = self.resp.tostring() respFuzzStatusCode = reqFuzzResponse.getStatusCode() resFuzzbodyOffset = reqFuzzResponse.getBodyOffset() respFuzzbodyLen = len(reqFuzzRespTxt[resFuzzbodyOffset:]) fuzzResponseData = str(respFuzzStatusCode) + str( respFuzzbodyLen) print(" " + fuzzResponseData) if fuzzResponseData != baseline: stdout.println(" [+] POSSIBLE INJECTION DETECTED") issue = ScanIssue(self.reqres[0], reqFuzzReq, "SQL Truncation Scanner", fuzzParameter + " | " + payLSD, "High") self.callbacks.addScanIssue(issue) return
def registerExtenderCallbacks(self, callbacks): # set our extension name callbacks.setExtensionName("JS Link Finder") # obtain our output stream self.stdout = PrintWriter(callbacks.getStdout(), True) # obtain an extension helpers object self.helpers = callbacks.getHelpers() # register ourselves as an HTTP listener callbacks.registerHttpListener(self)
def registerExtenderCallbacks(self, callbacks): # set our extension name self.callbacks = callbacks self.callbacks.setExtensionName("OgaSazSave") self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) saveSazhandler = RightClickHandler(self.callbacks) callbacks.registerContextMenuFactory(saveSazhandler) self.stdout.println("OgaSazSave v0.9.2 Load OK!!")
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName('CSRF Handling (' + self.SETUP_NAME + ')') callbacks.registerHttpListener(self) self.CSRF_Values = dict() for i in self.CSRF_Tokens.keys(): self.CSRF_Values[i] = None if self.DEBUG: self.stdout.println('[*] Debug enabled')
class Connection(object): def __init__(self, addr, port): self.socket = Socket(addr, port) self.in = BufferedReader(InputStreamReader(self.socket.getInputStream())) self.out = PrintWriter(self.socket.getOutputStream(), True) def sendMessage(self, msg): self.out.println(str(msg)) response = self.in.readLine() if response is None: # abort abort abort exit(1) decoded = Message.decode(response) return decoded.msgData # empty string or hash
def registerExtenderCallbacks(self, callbacks): # set our extension name callbacks.setExtensionName("G2 Determine Session Cookie") callbacks.registerContextMenuFactory( DetermineCookieMenuItem(callbacks)) # obtain our output and error streams stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) # write a message to our output stream stdout.println( "G2 Determine Session Cookie - Successful Initialization")
def registerExtenderCallbacks(self, callbacks): # properties self._title = "Generate Python Template" self._templatePath = '###### ----> PUT HERE THE ABSOLUTE PATH TO template.py <--- ####' # set our extension name callbacks.setExtensionName(self._title) # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # obtain std streams self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # main pane (top/bottom) self._mainpane = JPanel() self._mainpane.setLayout(GridLayout(2, 1)) # configure bottom pane for buttons self._botPane = JPanel() flowLayout = FlowLayout() self._botPane.setLayout(flowLayout) self._botPane.add( JButton("Generate", actionPerformed=self.regeneratePy)) self._botPane.add(JButton("Export", actionPerformed=self.exportPy)) # Configure pyViewer (JTextArea) for python output --> top pane self._pyViewer = JTextArea(5, 20) scrollPane = JScrollPane(self._pyViewer) self._pyViewer.setEditable(True) self._pyViewer.setText("Waiting request ...") ### Assign top / bottom components self._mainpane.add(scrollPane) self._mainpane.add(self._botPane) # customize our UI components callbacks.customizeUiComponent(self._mainpane) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as a ContextMenuFactory callbacks.registerContextMenuFactory(self) return
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._helpers = callbacks.getHelpers() self.all_params = dict() # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) # set our extension name callbacks.setExtensionName("Burp Plugin For HTTP Analysis") # register ourselves as an HTTP listener callbacks.registerHttpListener(self) # register ourselves as a Proxy listener callbacks.registerProxyListener(self) return
class BurpExtender(IBurpExtender, IIntruderPayloadProcessor): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() # Register methods for error reporting self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.stdout.println("Module loaded successfully!") callbacks.setExtensionName('Simple Burp Intruder Payload Processor') callbacks.registerIntruderPayloadProcessor(self) return def getProcessorName(): return "Capitalize Payload Process" def processPayload(currentPayload, originalPayload, baseValue): try: # Data will be outputted to Burp UI by default self.stdout.println("currentPayload: %s" % currentPayload) newPayload = capitalize(currentPayload) self.stdout.println("newPayload: %s" % newPayload) except: print "Unexpected error:", sys.exc_info()[0] return newPayload def capitalize(data): # A simple function that will capitalize strings self.stdout.println("data: %s" % data) return data.upper()
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("403 Directory Bypasser") self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) # register ourselves as a custom scanner check callbacks.registerScannerCheck(self)
def performAction(self, currentRequest, macroItems): #Update the secret key for HMAC Secret = "THIS-IS-A-SeCRet" stdout = PrintWriter(self._callbacks.getStdout(), True) requestInfo = self._helpers.analyzeRequest(currentRequest) #Get Response #responseByte = currentRequest.getResponse() #responseInfo = self._helpers.analyzeRespons(macroItems[0].getResponse()) #macro_msg = macroItems[0].getResponse() #resp_body = macro_msg[responseInfo.getBodyOffset():] #macro_body_string = self._helpers.bytesToString(resp_body) #Get body response #ResponseBodyBytes = responseByte[responseInfo.getBodyOffset():] #ResponseBodyStr = self._helpers.bytesToString(ResponseBodyBytes) #ResponseHeaders = responseInfo.getHeaders() #Get URL path (the bit after the FQDN) urlpath = self._helpers.analyzeRequest( currentRequest).getUrl().getPath() urlpath = self._helpers.urlEncode(urlpath) #Get body BodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():] BodyStr = self._helpers.bytesToString(BodyBytes) #Get time timestamp = datetime.now() timestamp = timestamp.isoformat() #Compute HMAC content = urlpath + BodyStr + timestamp stdout.println(content) #_hmac = base64.b64encode(hmac.new(Secret, content, digestmod=hashlib.sha256).hexdigest()) #stdout.println(_hmac) #Add to headers array headers = requestInfo.getHeaders() #hmacheader = "Authentication Bearer: "+_hmac+":"+timestamp #headers.add(hmacheader) # Build new HTTP message with the new HMAC header message = self._helpers.buildHttpMessage(headers, BodyStr) # Update request with the new header and send it on its way currentRequest.setRequest(message) return
def registerExtenderCallbacks(self, callbacks): self._actionName = "PoC generator" self._helers = callbacks.getHelpers() self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("PoC generator") callbacks.registerContextMenuFactory(self) # obtain our output and error streams self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # write a message to the Burp alerts tab callbacks.issueAlert("Installed PoC generator")
def write_ordered_variables(program_name, variable_map, file_path, append=False): """ Write variables to file while preserving order of the variables. :param program_name: name of the calling program :param variable_map: map or variable properties to write to file :param file_path: the file to which to write the properties :param append: defaults to False. Append properties to the end of file :raises VariableException if an error occurs while storing the variables in the file """ _method_name = 'write_ordered_variables' _logger.entering(program_name, file_path, append, class_name=_class_name, method_name=_method_name) pw = None try: pw = PrintWriter(FileOutputStream(File(file_path), Boolean(append)), Boolean('true')) for key, value in variable_map.iteritems(): formatted = '%s=%s' % (key, value) pw.println(formatted) pw.close() except IOException, ioe: _logger.fine('WLSDPLY-20007', file_path, ioe.getLocalizedMessage()) ex = exception_helper.create_variable_exception( 'WLSDPLY-20007', file_path, ioe.getLocalizedMessage(), error=ioe) _logger.throwing(ex, class_name=_class_name, method_name=_method_name) if pw is not None: pw.close() raise ex
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("sql time delay check") # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) # register ourselves as a Proxy listener callbacks.registerProxyListener(self)
def registerExtenderCallbacks(self, callbacks): try: self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._callbacks.setExtensionName(self.extension_name) self._stdout = PrintWriter(self._callbacks.getStdout(), True) self._stderr = PrintWriter(self._callbacks.getStderr(), True) callbacks.registerScannerCheck(self) self._stdout.println("Extension Successfully Installed") return except Exception as e: self._stderr.println("Installation Problem ?") self._stderr.println(str(e)) return
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._stdout = PrintWriter(callbacks.getStdout(), True) callbacks.setExtensionName("Argument Injection Hammer") self._create_brute_payloads() self._stdout.println('==================================') self._stdout.println(" ,") self._stdout.println(" /( ___________") self._stdout.println(" | >:===========`") self._stdout.println(" )(") self._stdout.println('== AIH "" Hammer Smash Party =====') self._stdout.println('== Neil Bergman - NCC Group =====') self._stdout.println('==================================') self._checkbox_brute = self._define_check_box("Brute-force Short Argument Flags", False) self._button_save = JButton("Save Configuration", actionPerformed=self._save_config) self.tab = JPanel() layout = GroupLayout(self.tab) self.tab.setLayout(layout) layout.setAutoCreateGaps(True) layout.setAutoCreateContainerGaps(True) layout.setHorizontalGroup( layout.createSequentialGroup().addGroup( layout.createParallelGroup() .addComponent(self._checkbox_brute) ).addGroup( layout.createParallelGroup() .addComponent(self._button_save) ) ) layout.setVerticalGroup( layout.createSequentialGroup().addGroup( layout.createParallelGroup() .addComponent(self._checkbox_brute) ).addGroup( layout.createParallelGroup() .addComponent(self._button_save) ) ) callbacks.addSuiteTab(self) self._restore_config() callbacks.registerScannerCheck(self) return
def registerExtenderCallbacks(self, callbacks): global burp_callbacks burp_callbacks = callbacks global burp_helpers burp_helpers = burp_callbacks.getHelpers() burp_callbacks.setExtensionName("BugBountyPlugin") self.stdout = PrintWriter(burp_callbacks.getStdout(), True) self.println("SQL/XSS custom plugin (c) @httpsonly") burp_callbacks.registerScannerCheck(self) burp_callbacks.registerProxyListener(self) return
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # define stdout writer self._stdout = PrintWriter(callbacks.getStdout(), True) self._stdout.println(self.EXTENSION_NAME + ' by @luxcupitor') self._stdout.println('================================') self._stdout.println('') self._stdout.println('TIP: Go to "Custom Scanner" tab and click "Execute on Proxy History"') self._stdout.println('to run the scanner checks on recently imported session files.') self._stdout.println('') # set our extension name callbacks.setExtensionName(self.EXTENSION_NAME) callbacks.registerScannerCheck(self) # add the custom tab and button to Burp's UI self._newpanel = Panel() self._newpanel.setLayout(FlowLayout()) self._button = JButton("Execute on Proxy History", actionPerformed=self.checkProxyHistory) self._newpanel.add(self._button) callbacks.customizeUiComponent(self._newpanel) callbacks.addSuiteTab(self) return
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # set our extension name callbacks.setExtensionName("WicketRequestHandler") callbacks.registerSessionHandlingAction(self) # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) self._helper = callbacks.getHelpers() return
def registerExtenderCallbacks(self, callbacks): # Keep a reference to our callbacks object self.callbacks = callbacks # Obtain an extension helpers object self.helpers = callbacks.getHelpers() # Exclude Requests self.excludext = re.compile('\.(gif|jpg|jpeg|bmp|js|tif|tiff|docx|doc|pdf|png|jif|jfif|svg|swf|ico|css)\s') # Writing streams self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) # Set our extension name callbacks.setExtensionName("logme") # Main panel self.panel = JPanel() #self.panel = JPanel(GridLayout(1,3)) # Create Labels self.labelProxy = JLabel("Proxy", JLabel.CENTER) self.labelScanner = JLabel("Scanner", JLabel.CENTER) # Create buttons self.buttonFile = Button("File", actionPerformed=self.selectFile) self.buttonSave = Button("Save", actionPerformed=self.save) # Add labels and buttons to pane. # Order matters for GridLayout self.panel.add(self.labelProxy) self.panel.add(self.buttonFile) self.panel.add(self.buttonSave) #self.panel.add(self.labelScanner) # Add panel to Burps UI callbacks.customizeUiComponent(self.panel) # Add tab to Burp callbacks.addSuiteTab(self)
def _parse_and_rewrite_svg_file(svg_input_path, svg_output_path): write_str = "" file_reader = FileReader(svg_input_path) buffered_reader = BufferedReader(file_reader) read_line = "" check = False while True: read_line = buffered_reader.readLine() if read_line is None: break if "viewBox" in read_line: view_box_content = _get_viewbox_content(read_line) view_box_values = _get_viewbox_values(view_box_content) if view_box_values[0] != 0: view_box_values[2] = abs(view_box_values[2]) + abs(view_box_values[0]) view_box_values[0] = 0 if view_box_values[1] != 0: view_box_values[3] = abs(view_box_values[3]) + abs(view_box_values[1]) view_box_values[1] = 0 read_line = re.sub(r"viewBox=\"[\-|0-9| ]+\"", "", read_line, 1) read_line = re.sub(r"width=\"[0-9]+\"", "width=\""+ str(view_box_values[2]) + "\"", read_line, 1) read_line = re.sub(r"height=\"[0-9]+\"", "height=\""+ str(view_box_values[3]) + "\"", read_line, 1) check = True if "g id=\"ID" in read_line and not check: if "transform=" in read_line: _log.info(read_line) read_line = read_line[0:read_line.find("transform")] + ">" check = True write_str += read_line + "\n" buffered_reader.close() file_reader.close() file_writer = PrintWriter(svg_output_path) file_writer.print(write_str) file_writer.close()
def _testXMLPipe(self): """testing the XML pipe""" from java.io import PrintWriter, FileWriter from com.ziclix.python.sql.pipe import Pipe from com.ziclix.python.sql.pipe.db import DBSource from com.ziclix.python.sql.pipe.xml import XMLSink try: src = self.connect() fn = tempfile.mktemp(suffix="csv") writer = PrintWriter(FileWriter(fn)) xmlSink = XMLSink(writer) dbSource = DBSource(src, self.datahandler, "zxtesting", None, None, None) cnt = Pipe().pipe(dbSource, xmlSink) - 1 # ignore the header row finally: writer.close() src.close() os.remove(fn)
class BurpExtender(IBurpExtender, IIntruderPayloadProcessor): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() # Register methods for error reporting self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.stdout.println("Module loaded successfully!") callbacks.setExtensionName('Add Luhn check digit') callbacks.registerIntruderPayloadProcessor(self) return def getProcessorName(self): return "Add Luhn check digit to the number" def processPayload(self,currentPayload, originalPayload, baseValue): payload = self._helpers.bytesToString(currentPayload) if not payload.isdigit(): print "You need to pass a digit" return currentPayload try: # Data will be outputted to Burp UI by default self.stdout.println("currentPayload: %s" % payload) payload = addluhn(payload) self.stdout.println("newPayload: %s" % payload) except: print "Unexpected error:", sys.exc_info()[0] newPayload = self._helpers.stringToBytes(payload) return newPayload
def _parse_and_rewrite_svg_file(svg_input_path, svg_output_path): write_str = "" file_reader = FileReader(svg_input_path) buffered_reader = BufferedReader(file_reader) read_line = "" while True: read_line = buffered_reader.readLine() if read_line is None: break if "viewBox" in read_line: view_box_content = _get_viewbox_content(read_line) view_box_values = _get_viewbox_values(view_box_content) if view_box_values[0] != 0: view_box_values[2] += view_box_values[0] view_box_values[0] = 0 if view_box_values[1] != 0: view_box_values[3] += view_box_values[1] view_box_values[1] = 0 new_view_box = str(view_box_values[0]) + " " + str(view_box_values[1]) + " " + \ str(view_box_values[2]) + " " + str(view_box_values[3]) read_line = re.sub(r"viewBox=\"[\-|0-9| ]+\"", "viewBox=\"" + new_view_box + "\"", read_line, 1) read_line = re.sub(r"width=\"[0-9]+\"", "width=\""+ str(view_box_values[2]) + "\"", read_line, 1) read_line = re.sub(r"height=\"[0-9]+\"", "height=\""+ str(view_box_values[3]) + "\"", read_line, 1) write_str += read_line + "\n" buffered_reader.close() file_reader.close() file_writer = PrintWriter(svg_output_path) file_writer.print(write_str) file_writer.close()
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName('CSRF Handling ('+self.SETUP_NAME+')') callbacks.registerHttpListener(self) self.CSRF_Values = dict() for i in self.CSRF_Tokens.keys(): self.CSRF_Values[i] = None if self.DEBUG: self.stdout.println('[*] Debug enabled')
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() callbacks.setExtensionName("Hello Burp") self.panel = JPanel() self.label = JLabel("Hello Burp") self.buttonOutput = Button("Print to Output", actionPerformed=self.printToOutput) self.buttonErrors = Button("Print to Errors", actionPerformed=self.printToErrors) self.buttonAlerts = Button("Print to Alerts", actionPerformed=self.printToAlerts) self.panel.add(self.label) self.panel.add(self.buttonOutput) self.panel.add(self.buttonErrors) self.panel.add(self.buttonAlerts) callbacks.customizeUiComponent(self.panel) callbacks.addSuiteTab(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) burpInfo = callbacks.getBurpVersion() self.stdout.println("Hello " + burpInfo[0] + " v" + burpInfo[1] + "." + burpInfo[2] +"!")
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName('Save URL List') self.panel = JPanel() self.myLabel = JLabel('Save URL List as a Text File', JLabel.CENTER) self.buttonFile = Button('Select File', actionPerformed=self.selectFile) self.buttonSaveProxy = Button('Save All Proxy History', actionPerformed=self.saveProxy) self.buttonSaveSiteTree = Button('Save All Target SiteTree ', actionPerformed=self.saveSiteTree) self.buttonSaveProxyScope = Button('Save In-Scope Proxy History', actionPerformed=self.saveProxyScope) self.buttonSaveSiteTreeScope = Button('Save In-Scope Target SiteTree', actionPerformed=self.saveSiteTreeScope) self.panel.add(self.myLabel) self.panel.add(self.buttonFile) self.panel.add(self.buttonSaveProxy) self.panel.add(self.buttonSaveSiteTree) self.panel.add(self.buttonSaveProxyScope) self.panel.add(self.buttonSaveSiteTreeScope) callbacks.customizeUiComponent(self.panel) callbacks.addSuiteTab(self)
def registerExtenderCallbacks(self, callbacks): # properties self._title = "Generate Python Template" self._templatePath = '###### ----> PUT HERE THE ABSOLUTE PATH TO template.py <--- ####' # set our extension name callbacks.setExtensionName(self._title) # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # obtain std streams self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # main pane (top/bottom) self._mainpane = JPanel() self._mainpane.setLayout( GridLayout(2,1) ) # configure bottom pane for buttons self._botPane = JPanel() flowLayout = FlowLayout() self._botPane.setLayout( flowLayout ) self._botPane.add( JButton("Generate", actionPerformed=self.regeneratePy) ) self._botPane.add( JButton("Export", actionPerformed=self.exportPy) ) # Configure pyViewer (JTextArea) for python output --> top pane self._pyViewer = JTextArea(5, 20); scrollPane = JScrollPane(self._pyViewer); self._pyViewer.setEditable(True); self._pyViewer.setText( "Waiting request ..." ); ### Assign top / bottom components self._mainpane.add(scrollPane) self._mainpane.add(self._botPane) # customize our UI components callbacks.customizeUiComponent(self._mainpane) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as a ContextMenuFactory callbacks.registerContextMenuFactory(self) return
def registerExtenderCallbacks(self, callbacks): self._cb = callbacks self.helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Cookie Cycler") # obtain our output and error streams self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.stdout.println(EXTENSION_INFO) # register ourselves as an HTTP listener #callbacks.registerHttpListener(self) # disabled, too much noise callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._scanlist = [] # Holds scan items (Burp data structures) self._scantarget = [] # Holds list of URLs added to scan # set our extension name callbacks.setExtensionName("Headless Scanner Driver") # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # register ourselves as listeners callbacks.registerScannerListener(self) callbacks.registerProxyListener(self) self._stdout.println(json.dumps({"running": 1})) # Indicate we're up self._stdout.flush() return
def __init__(self, server, socket, connectionTrack): self.server = server self.connectionTrack = connectionTrack self.kill = False self.notes = {} self.socket = socket self.in = BufferedReader(InputStreamReader(self.socket.getInputStream())) self.out = PrintWriter(self.socket.getOutputStream(), True) self.handlers = { Message.ADD_NOTE: self._addNote, Message.ADD_LOOPED_NOTE: self._addLoopedNote, Message.DELETE_NOTE: self._deleteNote, Message.DELETE_ALL_NOTES: self._deleteAllNotes }
def registerExtenderCallbacks(self, callbacks): # Writing streams self.stdout = PrintWriter(callbacks.getStdout(), True) self.stdout.println('Heada extension loaded.') # Keep a reference to our callbacks object self.callbacks = callbacks # Obtain an extension helpers object self.helpers = callbacks.getHelpers() # Set our extension name callbacks.setExtensionName('heada') # Register a custom scanner check callbacks.registerScannerCheck(self)
def logScanIssue(self, baseRequestResponse): '''This is redundant (mostly) of the doPassiveScan function''' reqPATTERN=self.reqPattern.text resPATTERN=self.resPattern.text ISSUE_NAME=self.issueNameField.text ISSUE_DETAIL=self.issueDetailField.text ISSUE_BACKGROUND=self.issueBackgroundField.text REMEDIATION_BACKGROUND=self.remediationBackgroundField.text REMEDIATION_DETAIL=self.remediationDetailField.text if self.radioBtnSevHigh.isSelected(): SEVERITY="High" elif self.radioBtnSevMedium.isSelected(): SEVERITY="Medium" else: SEVERITY="Low" CONFIDENCE="Certain" self._stdout = PrintWriter(self._callbacks.getStdout(), True) self._stdout.println('logScanIssue has been called') self._stdout.println('[-] ISSUE_NAME: ' + ISSUE_NAME) self._stdout.println('[-] ISSUE_DETAIL: ' + ISSUE_DETAIL) self._stdout.println('[-] ISSUE_BACKGROUND: ' + ISSUE_BACKGROUND) self._stdout.println('[-] REMEDIATION_DETAIL: ' + REMEDIATION_DETAIL) self._stdout.println('[-] REMEDIATION_BACKGROUND: ' + REMEDIATION_BACKGROUND) self._stdout.println('[-] SEVERITY: ' + SEVERITY) self._stdout.println('[-] CONFIDENCE: ' + CONFIDENCE) match = False if reqPATTERN == "": reqmatch = None else: reqmatch = self.getMatches(baseRequestResponse.getRequest(), reqPATTERN) match = True if resPATTERN == "": resmatch = None else: resmatch = self.getMatches(baseRequestResponse.getResponse(), resPATTERN) match = True if match: httpmsgs = [self._callbacks.applyMarkers(baseRequestResponse,reqmatch,resmatch)] issue=ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs, ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, ISSUE_BACKGROUND, REMEDIATION_DETAIL, REMEDIATION_BACKGROUND) self._callbacks.addScanIssue(issue) self.closeUI(None) return