class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuInvocation): name = "Blind XSS_" _jTabbedPane = JTabbedPane() _jPanel = JPanel() _jAboutPanel = JPanel() _jPanelConstraints = GridBagConstraints() _jLabelParameters = None _jTextFieldParameters = None _jLabelTechniques = None _jTextFieldURL = None _jLabelFuzzFactor = None _jTextFieldFuzzFactor = None _jLabelAdditionalCmdLine = None _jTextFieldAdditionalCmdLine = None _jButtonSetCommandLine = None _jLabelAbout = None # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name self._callbacks.setExtensionName(self.name) # lists of hosts with querys self._dictPayloads = {} self._dictPayloads_headers = {} self._dictPayloads_params = {} self._dictHeaders = {} self._dictParams = {} self.status_flag = False self.table_flag = 0 self.start_button_text = 'Run proxy' self._layout = GridBagLayout() self._jPanel.setLayout(self._layout) self._jPanel.setBounds(0, 0, 1000, 1000) self._jLabelTechniques = JLabel("Your URL (my.burpcollaborator.net):") self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 1 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self._jLabelTechniques, self._jPanelConstraints) self._jTextFieldURL = JTextField("", 30) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 1 self._jPanelConstraints.gridwidth = 4 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self._jTextFieldURL, self._jPanelConstraints) self._jLabelTechniques = JLabel("Press to start:") self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.anchor = GridBagConstraints.WEST self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 0 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self._jLabelTechniques, self._jPanelConstraints) self.submitSearchButton = swing.JButton( self.start_button_text, actionPerformed=self.active_flag) self.submitSearchButton.setBackground(Color.WHITE) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 0 self._jPanelConstraints.gridwidth = 4 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self.submitSearchButton, self._jPanelConstraints) self._tableModelPayloads = DefaultTableModel() self._tableModelPayloads.addColumn("Payload") self._tableModelPayloads.addColumn("Using") self._tableModelHeaders = DefaultTableModel() self._tableModelHeaders.addColumn("Header") self._tableModelHeaders.addColumn("Using") self._tableModelParams = DefaultTableModel() self._tableModelParams.addColumn("Parameter") self._tableModelParams.addColumn("Using") self._table = JTable(self._tableModelPayloads) self._table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) self._table.getModel().addTableModelListener( MyTableModelListener(self._table, self, 1)) self._scrolltable = JScrollPane(self._table) self._scrolltable.setMinimumSize(Dimension(300, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 2 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 0, 10) self._jPanel.add(self._scrolltable, self._jPanelConstraints) self._table = JTable(self._tableModelHeaders) self._table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) self._table.getModel().addTableModelListener( MyTableModelListener(self._table, self, 2)) self._scrolltable = JScrollPane(self._table) self._scrolltable.setMinimumSize(Dimension(300, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 2 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 0, 10) self._jPanel.add(self._scrolltable, self._jPanelConstraints) self._table = JTable(self._tableModelParams) self._table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) self._table.getModel().addTableModelListener( MyTableModelListener(self._table, self, 3)) self._scrolltable = JScrollPane(self._table) self._scrolltable.setMinimumSize(Dimension(300, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 4 self._jPanelConstraints.gridy = 2 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 0, 0) self._jPanel.add(self._scrolltable, self._jPanelConstraints) addPayloadButton = swing.JButton('Add', actionPerformed=self.addToPayload) addPayloadButton.setBackground(Color.WHITE) addPayloadButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 1 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 10) self._jPanel.add(addPayloadButton, self._jPanelConstraints) deletePayloadButton = swing.JButton( 'Delete', actionPerformed=self.deleteToPayload) deletePayloadButton.setBackground(Color.WHITE) deletePayloadButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(deletePayloadButton, self._jPanelConstraints) addHeaderButton = swing.JButton('Add', actionPerformed=self.addToHeader) addHeaderButton.setBackground(Color.WHITE) addHeaderButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 3 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 10) self._jPanel.add(addHeaderButton, self._jPanelConstraints) deleteHeaderButton = swing.JButton('Delete', actionPerformed=self.deleteToHeader) deleteHeaderButton.setBackground(Color.WHITE) deleteHeaderButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(deleteHeaderButton, self._jPanelConstraints) addParamsButton = swing.JButton('Add', actionPerformed=self.addToParams) addParamsButton.setBackground(Color.WHITE) addParamsButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 5 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(addParamsButton, self._jPanelConstraints) deleteParamsButton = swing.JButton('Delete', actionPerformed=self.deleteToParams) deleteParamsButton.setBackground(Color.WHITE) deleteParamsButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 4 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(deleteParamsButton, self._jPanelConstraints) self._resultsTextArea = swing.JTextArea() resultsOutput = swing.JScrollPane(self._resultsTextArea) resultsOutput.setMinimumSize(Dimension(800, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 4 self._jPanelConstraints.gridwidth = 6 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(10, 0, 0, 0) self._jPanel.add(resultsOutput, self._jPanelConstraints) self.clearSearchButton = swing.JButton( 'Clear Search Output', actionPerformed=self.clearOutput) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 5 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(self.clearSearchButton, self._jPanelConstraints) self._callbacks.customizeUiComponent(self._jPanel) self._callbacks.addSuiteTab(self) # register ourselves as an HTTP listener self._callbacks.registerHttpListener(self) return # def onCheck(self, event): # if self._checkBoxPayload.isSelected() and self.table_flag != 0: # self.table_flag = 0 # self._checkBoxHeader.setSelected(False) # self._checkBoxParam.setSelected(False) # if self._checkBoxHeader.isSelected() and self.table_flag != 1: # self.table_flag = 1 # self._checkBoxParam.setSelected(False) # self._checkBoxPayload.setSelected(False) # if self._checkBoxParam.isSelected() and self.table_flag != 2: # self.table_flag = 2 # self._checkBoxHeader.setSelected(False) # self._checkBoxPayload.setSelected(False) # run Query for Add to Queue Button def addToPayload(self, button): self._tableModelPayloads.insertRow( self._tableModelPayloads.getRowCount(), ['', '']) # self.appendToResults(str(self._tableModelPayloads.getDataVector())) def addToHeader(self, button): self._tableModelHeaders.insertRow( self._tableModelHeaders.getRowCount(), ['', '']) def addToParams(self, button): self._tableModelParams.insertRow(self._tableModelParams.getRowCount(), ['', '']) def deleteToPayload(self, button): self._tableModelPayloads.removeRow( self._tableModelPayloads.getRowCount() - 1) # self.appendToResults(str(self._tableModelPayloads.getDataVector())) def deleteToHeader(self, button): self._tableModelHeaders.removeRow( self._tableModelHeaders.getRowCount() - 1) # self.appendToResults(str(self._tableModelHeaders.getDataVector())) def deleteToParams(self, button): self._tableModelParams.removeRow(self._tableModelParams.getRowCount() - 1) # self.appendToResults(str(self._tableModelParams.getDataVector())) # Clear Queue Function def clearQueue(self, button): table_number = self.table_flag if table_number == 0: data = self._tableModelPayloads.getDataVector() try: self._dictPayloads.pop(data[-1][0]) except Exception: pass self._tableModelPayloads.removeRow( self._tableModelPayloads.getRowCount() - 1) elif table_number == 1: data = self._tableModelHeaders.getDataVector() try: self._dictHeaders.pop(data[-1][0]) except Exception: pass self._tableModelHeaders.removeRow( self._tableModelHeaders.getRowCount() - 1) elif table_number == 2: data = self._tableModelParams.getDataVector() try: self._dictParams.pop(data[-1][0]) except Exception: pass self._tableModelParams.removeRow( self._tableModelParams.getRowCount() - 1) def updateTables(self, button): self._dictPayloads = { x[0]: x[1] for x in self._tableModelPayloads.getDataVector() } self._dictHeaders = { x[0]: x[1] for x in self._tableModelHeaders.getDataVector() } self._dictParams = { x[0]: x[1] for x in self._tableModelParams.getDataVector() } # Clear GUI Output Function def clearOutput(self, button): self._resultsTextArea.setText("") def active_flag(self, button): if not self.status_flag: for idx, key in enumerate(self._dictHeaders): if self._dictHeaders[key] == '1': self._dictPayloads_headers[key] = self._dictHeaders[key] for idx, key in enumerate(self._dictParams): if self._dictParams[key] == '1': self._dictPayloads_params[key] = self._dictParams[key] self.status_flag = True self.submitSearchButton.setBackground(Color.GRAY) self.appendToResults("Proxy start...") elif self.status_flag: self.status_flag = False self.submitSearchButton.setBackground(Color.WHITE) self.appendToResults("Proxy stop...") def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): try: if not self.status_flag: return # only process requests if not messageIsRequest: return requestString = messageInfo.getRequest().tostring() listHeader = re.findall('([\w-]+):\s?(.*)', requestString) dictRealHeaders = {x[0].lower(): x[1] for x in listHeader} # self.appendToResults(str(self._dictHeaders)) for index, key in enumerate(self._dictPayloads_headers): if key.lower() in dictRealHeaders.keys(): if len(self._dictPayloads.keys()) == 0: pass else: payload = random.choice(self._dictPayloads.keys()) # payload = payload.replace("$HEADER$", self._jTextFieldURL.text, 1) payload = payload.replace("$URL$", self._jTextFieldURL.text, 1) requestString = requestString.replace( dictRealHeaders.get(key.lower()), payload, 1) else: pass listParam = re.findall('[\?|\&]([^=]+)\=([^& ])+', requestString) dictRealParams = {x[0].lower(): x[1] for x in listParam} url = requestString.split(" HTTP/1.") for index, key in enumerate(self._dictPayloads_params): if key.lower() in dictRealParams.keys(): if len(self._dictPayloads.keys()) == 0: pass else: payload = random.choice(self._dictPayloads.keys()) # payload = payload.replace("$PARAM$", self._jTextFieldURL.text, 1) payload = payload.replace("$URL$", self._jTextFieldURL.text, 1) url[0] = url[0].replace( dictRealParams.get(key.lower()), payload, 1) else: pass requestString = "{} HTTP/1.{}".format(url[0], url[1]) self.appendToResults(requestString.encode()) messageInfo.setRequest(requestString.encode()) except Exception as msg: self.appendToResults(msg) # Fnction to provide output to GUI def appendToResults(self, s): """Appends results to the resultsTextArea in a thread safe mannor. Results will be appended in the order that this function is called. """ def appendToResults_run(s): self._resultsTextArea.append(s) self._resultsTextArea.append('\n') swing.SwingUtilities.invokeLater(PyRunnable(appendToResults_run, s)) def getTabCaption(self): return self.name def getUiComponent(self): return self._jPanel
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IScannerCheck): name = "Femida XSS" conf_path = "./config.py" _jTabbedPane = JTabbedPane() _jPanel = JPanel() _jAboutPanel = JPanel() _jPanelConstraints = GridBagConstraints() _jLabelParameters = None _jTextFieldParameters = None _jLabelTechniques = None _jTextFieldURL = None _jLabelFuzzFactor = None _jTextFieldFuzzFactor = None _jLabelAdditionalCmdLine = None _jTextFieldAdditionalCmdLine = None _jButtonSetCommandLine = None _jLabelAbout = None _overwriteHeader = False _overwriteParam = False _forkRequestParam = False def doActiveScan(self, baseRequestResponse, insertionPoint): scan_issues = [] try: requestString = str(baseRequestResponse.getRequest().tostring()) newRequestString = self.prepareRequest(requestString) vulnerable, verifyingRequestResponse = self.quickCheckScan( newRequestString, baseRequestResponse) except Exception as msg: print(msg) return [] def quickCheckScan(self, preparedRequest, requestResponse): check = self._callbacks.makeHttpRequest( requestResponse.getHttpService(), self._helpers.stringToBytes(preparedRequest)) vulner = self._helpers.analyzeResponse( check.getResponse()).getStatusCode() == 200 return vulner, check # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._callbacks.setExtensionName(self.name) self._callbacks.registerScannerCheck(self) self._dictPayloads = {} self._dictHeaders = {} self._dictParams = {} self.status_flag = False self.jfc = JFileChooser("./") self.jfc.setDialogTitle("Upload Payloads") self.jfc.setFileFilter(FileNameExtensionFilter("TXT file", ["txt"])) self._layout = GridBagLayout() self._jPanel.setLayout(self._layout) self._jLabelTechniques = JLabel("Press to start:") self.createAnyView(self._jLabelTechniques, 0, 0, 3, 1, Insets(0, 0, 10, 0)) self.submitSearchButton = swing.JButton( 'Run proxy', actionPerformed=self.active_flag) self.submitSearchButton.setBackground(Color.WHITE) self.createAnyView(self.submitSearchButton, 3, 0, 6, 1, Insets(0, 0, 10, 0)) self._jPanel.setBounds(0, 0, 1000, 1000) self._jLabelTechniques = JLabel("Your URL (my.burpcollaborator.net):") self.createAnyView(self._jLabelTechniques, 0, 1, 3, 1, Insets(0, 0, 10, 0)) self._jTextFieldURL = JTextField("", 30) self._jTextFieldURL.addActionListener(self.setCallbackUrl) self.createAnyView(self._jTextFieldURL, 3, 1, 5, 1, Insets(0, 0, 10, 0)) self._forkRequestButton = swing.JButton( 'Parallel Request', actionPerformed=self.forkRequest) self._forkRequestButton.setBackground(Color.WHITE) self.createAnyView(self._forkRequestButton, 8, 1, 1, 1, Insets(0, 0, 10, 0)) self._tableModelPayloads = DefaultTableModel() self._tableModelPayloads.addColumn("Payload") self._tableModelPayloads.addColumn("Active") self._tableModelHeaders = DefaultTableModel() self._tableModelHeaders.addColumn("Header") self._tableModelHeaders.addColumn("Active") self._tableModelParams = DefaultTableModel() self._tableModelParams.addColumn("Parameter") self._tableModelParams.addColumn("Active") self._payloadTable = self.createAnyTable(self._tableModelPayloads, 1, Dimension(300, 200)) self.createAnyView(self._payloadTable, 0, 2, 3, 1, Insets(0, 0, 0, 10)) self._headerTable = self.createAnyTable(self._tableModelHeaders, 2, Dimension(300, 200)) self.createAnyView(self._headerTable, 3, 2, 3, 1, Insets(0, 0, 0, 10)) self._paramTable = self.createAnyTable(self._tableModelParams, 3, Dimension(300, 200)) self.createAnyView(self._paramTable, 6, 2, 3, 1, Insets(0, 0, 0, 0)) deletePayloadButton = swing.JButton( 'Delete', actionPerformed=self.deleteToPayload) deletePayloadButton.setBackground(Color.WHITE) self.createAnyView(deletePayloadButton, 0, 3, 1, 1, Insets(3, 0, 0, 0)) deletePayloadButton = swing.JButton( 'Upload', actionPerformed=self.uploadToPayload) deletePayloadButton.setBackground(Color.WHITE) self.createAnyView(deletePayloadButton, 1, 3, 1, 1, Insets(3, 0, 0, 0)) addPayloadButton = swing.JButton('Add', actionPerformed=self.addToPayload) addPayloadButton.setBackground(Color.WHITE) self.createAnyView(addPayloadButton, 2, 3, 1, 1, Insets(3, 0, 0, 10)) deleteHeaderButton = swing.JButton('Delete', actionPerformed=self.deleteToHeader) deleteHeaderButton.setBackground(Color.WHITE) self.createAnyView(deleteHeaderButton, 3, 3, 1, 1, Insets(3, 0, 0, 0)) self._overwriteHeaderButton = swing.JButton( 'Overwrite', actionPerformed=self.overwriteHeader) self._overwriteHeaderButton.setBackground(Color.WHITE) self.createAnyView(self._overwriteHeaderButton, 4, 3, 1, 1, Insets(3, 0, 0, 0)) addHeaderButton = swing.JButton('Add', actionPerformed=self.addToHeader) addHeaderButton.setBackground(Color.WHITE) self.createAnyView(addHeaderButton, 5, 3, 1, 1, Insets(3, 0, 0, 10)) deleteParamsButton = swing.JButton('Delete', actionPerformed=self.deleteToParams) deleteParamsButton.setBackground(Color.WHITE) self.createAnyView(deleteParamsButton, 6, 3, 1, 1, Insets(3, 0, 0, 0)) self._overwriteParamButton = swing.JButton( 'Overwrite', actionPerformed=self.overwriteParam) self._overwriteParamButton.setBackground(Color.WHITE) self.createAnyView(self._overwriteParamButton, 7, 3, 1, 1, Insets(3, 0, 0, 0)) addParamsButton = swing.JButton('Add', actionPerformed=self.addToParams) addParamsButton.setBackground(Color.WHITE) self.createAnyView(addParamsButton, 8, 3, 1, 1, Insets(3, 0, 0, 0)) self._resultsTextArea = swing.JTextArea() resultsOutput = swing.JScrollPane(self._resultsTextArea) resultsOutput.setMinimumSize(Dimension(800, 200)) self.createAnyView(resultsOutput, 0, 4, 9, 1, Insets(10, 0, 0, 0)) self.clearSearchButton = swing.JButton( 'Clear Search Output', actionPerformed=self.clearOutput) self.createAnyView(self.clearSearchButton, 3, 6, 3, 1, Insets(3, 0, 0, 0)) self._callbacks.customizeUiComponent(self._jPanel) self._callbacks.addSuiteTab(self) self.starterPack() self._callbacks.registerHttpListener(self) self._callbacks.registerContextMenuFactory(self) return def createAnyTable(self, table_model, table_number, min_size): _table = JTable(table_model) _table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) for i in range(2): column = _table.getColumnModel().getColumn(i) if i == 0: column.setPreferredWidth(250) else: column.setPreferredWidth(50) _scrolltable = JScrollPane(_table) _scrolltable.setMinimumSize(min_size) return _scrolltable def insertAnyTable(self, table, data): def detectTable(table): name = table.getColumnName(0) if name == 'Payloads': return 0 elif name == 'Headers': return 1 elif name == 'Parameters': return 2 tableNum = detectTable(table) new_data = [str(x) for x in data] table.insertRow(table.getRowCount(), new_data) return table.getRowCount() def replaceLine(self, file_path, new_line): from tempfile import mkstemp from shutil import move from os import fdopen, remove #Create temp file fh, abs_path = mkstemp() with fdopen(fh, 'w') as new_file: with open(file_path) as old_file: for line in old_file: a = re.findall('^Callback_url[ =]+(.+)$', line) if a: for k in a: temp = k.replace("\'", "").replace("\"", "") new_file.write(line.replace(temp, new_line)) else: new_file.write(line) #Remove original file remove(file_path) #Move new file move(abs_path, file_path) def createAnyView(self, _component, gridx, gridy, gridwidth, gridheight, insets): self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = gridx self._jPanelConstraints.gridy = gridy self._jPanelConstraints.gridwidth = gridwidth self._jPanelConstraints.gridheight = gridheight self._jPanelConstraints.insets = insets self._jPanel.add(_component, self._jPanelConstraints) def createMenuItems(self, contextMenuInvocation): context = contextMenuInvocation.getInvocationContext() filterMenu = JMenu("Femida XSS") self._contextMenuData = contextMenuInvocation if (context == 0 or context == 1 or context == 2 or context == 3 or context == 8 or context == 9): filterMenu.add( JMenuItem("Add to Headers", actionPerformed=self.addToHeadersItem)) filterMenu.add( JMenuItem("Add to Parameters", actionPerformed=self.addToParametersItem)) return Arrays.asList(filterMenu) return Arrays.asList([]) def addToHeadersItem(self, event): start, end = self._contextMenuData.getSelectionBounds() message = self._contextMenuData.getSelectedMessages()[0] ctx = self._contextMenuData.getInvocationContext() if ctx == 0 or ctx == 2: message = message.getRequest() elif ctx == 1 or ctx == 3: message = message.getResponse() else: print(ctx) return try: selected_text = self._helpers.bytesToString(message)[start:end] self.insertAnyTable(self._tableModelHeaders, [str(selected_text), '1']) except Exception: pass def addToParametersItem(self, event): start, end = self._contextMenuData.getSelectionBounds() message = self._contextMenuData.getSelectedMessages()[0] ctx = self._contextMenuData.getInvocationContext() if ctx == 0 or ctx == 2: message = message.getRequest() elif ctx == 1 or ctx == 3: message = message.getResponse() else: print(ctx) return try: selected_text = self._helpers.bytesToString(message)[start:end] self.insertAnyTable(self._tableModelParams, [str(selected_text), '1']) except Exception: pass def starterPack(self): self.addFromFileAsync(config.Payloads, self._tableModelPayloads) self.addFromFileAsync(config.Headers, self._tableModelHeaders) self.addFromFileAsync(config.Parameters, self._tableModelParams) self._jTextFieldURL.setText(config.Callback_url) self._tableModelPayloads.addTableModelListener( MyTableModelListener(self._tableModelPayloads, self, self._dictPayloads, config.Payloads)) self._tableModelHeaders.addTableModelListener( MyTableModelListener(self._tableModelHeaders, self, self._dictHeaders, config.Headers)) self._tableModelParams.addTableModelListener( MyTableModelListener(self._tableModelParams, self, self._dictParams, config.Parameters)) def setCallbackUrl(self, event): self.replaceLine(self.conf_path, self._jTextFieldURL.getText()) self.appendToResults('New url={} saved.'.format( self._jTextFieldURL.getText())) def addToPayload(self, button): self.insertAnyTable(self._tableModelPayloads, ['', '1']) def addToHeader(self, button): self.insertAnyTable(self._tableModelHeaders, ['', '1']) def addToParams(self, button): self.insertAnyTable(self._tableModelParams, ['', '1']) def uploadToPayload(self, button): self._returnFileChooser = self.jfc.showDialog(None, "Open") if (self._returnFileChooser == JFileChooser.APPROVE_OPTION): selectedFile = self.jfc.getSelectedFile() self.fileUpload(selectedFile, self._tableModelPayloads) def deleteToPayload(self, button): try: val = self._tableModelPayloads.getValueAt( self._tableModelPayloads.getRowCount() - 1, 0) self._tableModelPayloads.removeRow( self._tableModelPayloads.getRowCount() - 1) self._dictPayloads.pop(val) self.saveToFileAsync(config.Payloads, self._dictPayloads) except Exception as msg: # print(msg) pass def deleteToHeader(self, button): try: val = self._tableModelHeaders.getValueAt( self._tableModelHeaders.getRowCount() - 1, 0) self._tableModelHeaders.removeRow( self._tableModelHeaders.getRowCount() - 1) self._dictHeaders.pop(val) self.saveToFileAsync(config.Headers, self._dictHeaders) except Exception as msg: # print(msg) pass def deleteToParams(self, button): try: val = self._tableModelParams.getValueAt( self._tableModelParams.getRowCount() - 1, 0) self._tableModelParams.removeRow( self._tableModelParams.getRowCount() - 1) self._dictParams.pop(val) self.saveToFileAsync(config.Parameters, self._dictParams) except Exception as msg: # print(msg) pass def clearOutput(self, button): self._resultsTextArea.setText("") def fileUpload(self, path, table): with open(str(path), "r") as f: for line in f: self.insertAnyTable(table, [str(line), '1']) def active_flag(self, button): if not self.status_flag: self.status_flag = True self.submitSearchButton.setBackground(Color.GRAY) self.appendToResults("Proxy start...\n") else: self.status_flag = False self.submitSearchButton.setBackground(Color.WHITE) self.appendToResults("Proxy stop...\n") def overwriteHeader(self, button): if not self._overwriteHeader: self._overwriteHeader = True self._overwriteHeaderButton.setBackground(Color.GRAY) else: self._overwriteHeader = False self._overwriteHeaderButton.setBackground(Color.WHITE) def overwriteParam(self, button): if not self._overwriteParam: self._overwriteParam = True self._overwriteParamButton.setBackground(Color.GRAY) else: self._overwriteParam = False self._overwriteParamButton.setBackground(Color.WHITE) def forkRequest(self, button): if not self._forkRequestParam: self._forkRequestParam = True self._forkRequestButton.setBackground(Color.GRAY) else: self._forkRequestParam = False self._forkRequestButton.setBackground(Color.WHITE) def prepareRequest(self, requestString, messageInfo=None): requestString = str(requestString) listHeader = re.findall('([\w-]+):\s?(.*)', requestString) dictRealHeaders = {x[0].lower(): x[1] for x in listHeader} selectedPayloads = {} for ind, k in enumerate(self._dictPayloads): if self._dictPayloads[k] == '1': selectedPayloads[k] = '1' else: continue for index, key in enumerate(self._dictHeaders): if key.lower() in dictRealHeaders.keys( ) and self._dictHeaders[key] == '1': if len(self._dictPayloads.keys()) == 0: pass elif self._overwriteHeader: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) requestString = requestString.replace( dictRealHeaders.get(key.lower()), payload, 1) elif not self._overwriteHeader: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) payload = dictRealHeaders.get(key.lower()) + payload requestString = requestString.replace( dictRealHeaders.get(key.lower()), payload, 1) else: pass for index, key in enumerate(self._dictParams): analyzed = self._helpers.analyzeRequest(requestString.encode()) param = analyzed.getParameters() dictRealParams = { x.getName().lower(): [x.getValue(), x.getValueStart(), x.getValueEnd()] for x in param } if key.lower() in dictRealParams.keys( ) and self._dictParams[key] == '1': if len(self._dictPayloads.keys()) == 0: pass elif self._overwriteParam: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) start_word = dictRealParams[key.lower()][1] end_word = dictRealParams[key.lower()][2] requestString = requestString[: start_word] + payload + requestString[ end_word:] elif not self._overwriteParam: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) payload = dictRealParams[key.lower()][0] + payload start_word = dictRealParams[key.lower()][1] end_word = dictRealParams[key.lower()][2] requestString = requestString[: start_word] + payload + requestString[ end_word:] else: pass return requestString def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if not self.status_flag: return # only process requests if not messageIsRequest: return if self._forkRequestParam: requestString = messageInfo.getRequest().tostring() # SOOOO HARD FIX! It should be better if requestString[0] == '@': messageInfo.setRequest( self._helpers.stringToBytes(requestString[1:])) else: newRequestString = self.prepareRequest(requestString, messageInfo) self.appendToResults('Parallel Request:') self.appendToResults(newRequestString.encode()) newRequestString = '@' + newRequestString func = self._callbacks.makeHttpRequest thread = Thread( target=func, args=(messageInfo.getHttpService(), self._helpers.stringToBytes(newRequestString))) thread.start() else: requestString = messageInfo.getRequest().tostring() newRequestString = self.prepareRequest(requestString, messageInfo) self.appendToResults(newRequestString.encode()) messageInfo.setRequest( self._helpers.stringToBytes(newRequestString)) # Fnction to provide output to GUI def appendToResults(self, s): def appendToResults_run(s): self._resultsTextArea.append(s) self._resultsTextArea.append('\n') swing.SwingUtilities.invokeLater( PyRunnable(appendToResults_run, str(s))) def addFromFileAsync(self, file, table): def addFromFile_run(file, table): if os.path.exists(file): with open(file, 'r') as f: for row in f.readlines(): if row != '': temp = row[:-1] if row[-1] == '\n' else row self.insertAnyTable(table, [str(temp), '1']) swing.SwingUtilities.invokeLater( PyRunnable(addFromFile_run, file, table)) def saveToFileAsync(self, file, data, isAppend=False): def saveToFile_run(file, data, isAppend): isAppend = 'w' with open(file, isAppend) as f: for i, k in enumerate(data): f.write("{}\n".format(k)) f.seek(-1, os.SEEK_END) f.truncate() swing.SwingUtilities.invokeLater( PyRunnable(saveToFile_run, file, data, isAppend)) def getTabCaption(self): return self.name def getUiComponent(self): return self._jPanel
class PropertyEditor(WindowAdapter): """ Edits Tabular Properties of a given WindowAdapter """ instances = {} last_location = None locations = {} last_size = None sizes = {} NEW_WINDOW_OFFSET = 32 offset = NEW_WINDOW_OFFSET @staticmethod def get_instance(text="Property Editor", columns=None, data=None, empty=None, add_actions=True, actions=None): """ Singleton Method based on the text property. It tries to generate only one property configuration page per text. :param text: getinstance key :param columns: proparty columns it should be an array alike :param data: it contains the current property rows :param empty: empty row property when adding a new one :param add_actions: include or not new actions :param actions: default set of actions to be appended to Add and Delete Rows :return: a new instance of PropertyEditor or a reused one. """ if not actions: actions = [] if not columns: columns = [] if data == None: data = [] if not empty: empty = [] try: PropertyEditor.instances[text] except KeyError: PropertyEditor.instances[text] = \ PropertyEditor().__private_init__(text, columns, data, empty, add_actions, actions) try: PropertyEditor.instances[text].this.setLocation( PropertyEditor.locations[text]) except KeyError: if PropertyEditor.last_location: PropertyEditor.instances[text].this.setLocation( PropertyEditor.last_location.x + PropertyEditor.offset, PropertyEditor.last_location.y + PropertyEditor.offset) PropertyEditor.offset = PropertyEditor.NEW_WINDOW_OFFSET try: PropertyEditor.instances[text].this.setSize( PropertyEditor.sizes[text]) except KeyError: if PropertyEditor.last_size: PropertyEditor.instances[text].this.setSize( PropertyEditor.last_size) PropertyEditor.last_location = PropertyEditor.instances[ text].this.getLocation() PropertyEditor.last_size = PropertyEditor.instances[ text].this.getSize() ## Hack ON: Bring on Front PropertyEditor.instances[text].this.setAlwaysOnTop(True) PropertyEditor.instances[text].this.setAlwaysOnTop(False) ## Hack OFF return PropertyEditor.instances[text] def __private_init__(self, text="Property Editor", columns=None, data=None, empty=None, add_actions=True, actions=None): if not actions: actions = [] if not columns: columns = [] if data == None: data = [] if not empty: empty = [] self._text = text self.this = JFrame(text) self._table = JTable() self._dtm = DefaultTableModel(0, 0) self._dtm.setColumnIdentifiers(columns) self._table.setModel(self._dtm) self._data = data for d in data: self._dtm.addRow(d) self._pane = JScrollPane(self._table) self.this.add(self._pane) self._empty = empty self.this.addWindowListener(self) self._dtm.addTableModelListener(lambda _: self._update_model()) self.this.setLocation(PropertyEditor.NEW_WINDOW_OFFSET, PropertyEditor.NEW_WINDOW_OFFSET) if add_actions: self._popup = JPopupMenu() self._pane.setComponentPopupMenu(self._popup) inherits_popup_menu(self._pane) self._actions = actions self._actions.append( ExecutorAction('Remove Selected Rows', action=lambda e: self._remove_row())) self._actions.append( ExecutorAction('Add New Row', action=lambda e: self._add_row())) for action in self._actions: self._popup.add(action.menuitem) self.this.setForeground(Color.black) self.this.setBackground(Color.lightGray) self.this.pack() self.this.setVisible(True) self.this.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE) return self def _add_row(self): """ Add a new row the selection :return: None """ self._dtm.addRow(self._empty) def _remove_row(self): """ Remove all the selected rows from the selection :return: """ rows = self._table.getSelectedRows() for i in range(0, len(rows)): self._dtm.removeRow(rows[i] - i) def windowClosing(self, evt): """ Overrides WindowAdapter method :param evt: unused :return: None """ PropertyEditor.locations[self._text] = self.this.getLocation() PropertyEditor.sizes[self._text] = self.this.getSize() PropertyEditor.last_location = self.this.getLocation() PropertyEditor.last_size = self.this.getSize() PropertyEditor.offset = 0 self.this.setVisible(False) self.this.dispose() del PropertyEditor.instances[self._text] def _update_model(self): """ Update the data content with the updated rows :return: None """ del self._data[:] nRow = self._dtm.getRowCount() nCol = self._dtm.getColumnCount() for i in range(0, nRow): self._data.append([None] * nCol) for j in range(0, nCol): d = str(self._dtm.getValueAt(i, j)).lower() if d == 'none' or d == '': self._data[i][j] = None elif d == 'true' or d == 't': self._data[i][j] = True elif d == 'false' or d == 'f': self._data[i][j] = False else: try: self._data[i][j] = int(self._dtm.getValueAt(i, j)) except ValueError: self._data[i][j] = self._dtm.getValueAt(i, j)
class BurpExtender(IBurpExtender, ISessionHandlingAction, ITab, IContextMenuFactory, IContextMenuInvocation, ActionListener, ITextEditor): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # save the helpers for later self.helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Custom Request Handler") callbacks.registerSessionHandlingAction(self) callbacks.registerContextMenuFactory(self) self._text_editor = callbacks.createTextEditor() self._text_editor.setEditable(False) #How much loaded the table row self.current_column_id = 0 #GUI self._split_main = JSplitPane(JSplitPane.VERTICAL_SPLIT) self._split_top = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self._split_top.setPreferredSize(Dimension(100, 50)) self._split_top.setDividerLocation(700) self._split_center = JSplitPane(JSplitPane.VERTICAL_SPLIT) boxVertical = swing.Box.createVerticalBox() box_top = swing.Box.createHorizontalBox() boxHorizontal = swing.Box.createHorizontalBox() buttonHorizontal = swing.Box.createHorizontalBox() boxVertical.add(boxHorizontal) box_regex = swing.Box.createVerticalBox() border = BorderFactory.createTitledBorder(LineBorder(Color.BLACK), "Extract target strings", TitledBorder.LEFT, TitledBorder.TOP) box_regex.setBorder(border) self._add_btn = JButton("Add") self._add_btn.addActionListener(self) self._remove_btn = JButton("Remove") self._remove_btn.addActionListener(self) items = [ 'JSON', 'Header', ] self._dropdown = JComboBox(items) type_panel = JPanel(FlowLayout(FlowLayout.LEADING)) type_panel.add(JLabel('Type:')) type_panel.add(self._dropdown) self._jLabel_param = JLabel("Name:") self._param_error = JLabel("Name is required") self._param_error.setVisible(False) self._param_error.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._param_error.setForeground(Color.red) regex_checkbox = JPanel(FlowLayout(FlowLayout.LEADING)) self._is_use_regex = JCheckBox("Extract from regex group") regex_checkbox.add(self._is_use_regex) self._jTextIn_param = JTextField(20) self._jLabel_regex = JLabel("Regex:") self._jTextIn_regex = JTextField(20) self._regex_error = JLabel("No group defined") self._regex_error.setVisible(False) self._regex_error.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._regex_error.setForeground(Color.red) self._param_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._param_panel.add(self._jLabel_param) self._param_panel.add(self._jTextIn_param) self._param_panel.add(self._param_error) self._regex_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._regex_panel.add(self._jLabel_regex) self._regex_panel.add(self._jTextIn_regex) self._regex_panel.add(self._regex_error) button_panel = JPanel(FlowLayout(FlowLayout.LEADING)) #padding button_panel.add(JPanel()) button_panel.add(JPanel()) button_panel.add(JPanel()) button_panel.add(self._add_btn) button_panel.add(self._remove_btn) box_regex.add(type_panel) box_regex.add(self._param_panel) box_regex.add(regex_checkbox) box_regex.add(self._regex_panel) buttonHorizontal.add(button_panel) box_regex.add(buttonHorizontal) boxVertical.add(box_regex) box_top.add(boxVertical) box_file = swing.Box.createHorizontalBox() checkbox_panel = JPanel(FlowLayout(FlowLayout.LEADING)) border = BorderFactory.createTitledBorder( LineBorder(Color.BLACK), 'Payload Sets [Simple list]', TitledBorder.LEFT, TitledBorder.TOP) box_file.setBorder(border) box_param = swing.Box.createVerticalBox() box_param.add(checkbox_panel) file_column_names = [ "Type", "Name", "Payload", ] data = [] self.file_table_model = DefaultTableModel(data, file_column_names) self.file_table = JTable(self.file_table_model) self.file_table.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) column_model = self.file_table.getColumnModel() for count in xrange(column_model.getColumnCount()): column = column_model.getColumn(count) column.setPreferredWidth(160) self.file_table.preferredScrollableViewportSize = Dimension(500, 70) self.file_table.setFillsViewportHeight(True) panel_dropdown = JPanel(FlowLayout(FlowLayout.LEADING)) self._file_dropdown = JComboBox(items) panel_dropdown.add(JLabel('Type:')) panel_dropdown.add(self._file_dropdown) box_param.add(panel_dropdown) box_param.add(JScrollPane(self.file_table)) callbacks.customizeUiComponent(self.file_table) file_param_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._file_param = JLabel("Name:") self._file_param_text = JTextField(20) file_param_panel.add(self._file_param) file_param_panel.add(self._file_param_text) self._error_message = JLabel("Name is required") self._error_message.setVisible(False) self._error_message.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._error_message.setForeground(Color.red) file_param_panel.add(self._error_message) box_param.add(file_param_panel) box_button_file = swing.Box.createVerticalBox() self._file_load_btn = JButton("Load") self._file_clear_btn = JButton("Clear") self._file_clear_btn.addActionListener(self) self._file_load_btn.addActionListener(self) box_button_file.add(self._file_load_btn) box_button_file.add(self._file_clear_btn) box_file.add(box_button_file) box_file.add(box_param) boxVertical.add(box_file) regex_column_names = [ "Type", "Name", "Regex", "Start at offset", "End at offset", ] #clear target.json with open("target.json", "w") as f: pass data = [] self.target_table_model = DefaultTableModel(data, regex_column_names) self.target_table = JTable(self.target_table_model) self.target_table.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) column_model = self.target_table.getColumnModel() for count in xrange(column_model.getColumnCount()): column = column_model.getColumn(count) column.setPreferredWidth(100) self.target_table.preferredScrollableViewportSize = Dimension(500, 70) self.target_table.setFillsViewportHeight(True) callbacks.customizeUiComponent(self.target_table) callbacks.customizeUiComponent(boxVertical) table_panel = swing.Box.createVerticalBox() table_panel.add(JScrollPane(self.target_table)) box_top.add(table_panel) self._jScrollPaneOut = JScrollPane() #self._split_main.setBottomComponent(self._jScrollPaneOut) self._split_main.setBottomComponent(self._text_editor.getComponent()) self._split_main.setTopComponent(box_top) self._split_main.setDividerLocation(450) callbacks.customizeUiComponent(self._split_main) callbacks.addSuiteTab(self) return def getTabCaption(self): return "CRH" def getUiComponent(self): return self._split_main def createMenuItems(self, invocation): menu = [] ctx = invocation.getInvocationContext() menu.append( swing.JMenuItem("Send to CRH", None, actionPerformed=lambda x, inv=invocation: self. menu_action(inv))) return menu if menu else None # # Implementation of Menu Action # def menu_action(self, invocation): try: invMessage = invocation.getSelectedMessages() message = invMessage[0].getResponse() res_info = self.helpers.analyzeResponse(message) send_res = message.tostring() self._text_editor.setText(send_res) except: print('Failed to add data to CRH tab.') # # Implementation of event action # def actionPerformed(self, actionEvent): # onclick add button of extract from regex group if actionEvent.getSource() is self._add_btn: start, end = self._text_editor.getSelectionBounds() value = None regex = None item = self._dropdown.getSelectedItem() param = self._jTextIn_param.getText() if len(param) is 0: self._param_error.setVisible(True) return self._param_error.setVisible(False) is_selected = self._is_use_regex.isSelected() if is_selected: start = None end = None regex = self._jTextIn_regex.getText() if len(regex) is 0: self._regex_error.setVisible(True) return req = self._text_editor.getText() try: pattern = re.compile(regex) match = pattern.search(req) value = match.group(1) if match else None if value is None: raise IndexError except IndexError: self._regex_error.setVisible(True) return self._regex_error.setVisible(False) data = [ item, param, regex, start, end, ] self.target_table_model.addRow(data) with open("target.json", "r+") as f: try: json_data = json.load(f) except ValueError: json_data = dict() if is_selected: data = { param: [ item, regex, ] } else: data = { param: [ item, start, end, ] } json_data.update(data) self.write_file(f, json.dumps(json_data)) # onclick remove button of extract from regex group if actionEvent.getSource() is self._remove_btn: rowno = self.target_table.getSelectedRow() if rowno != -1: column_model = self.target_table.getColumnModel() param_name = self.target_table_model.getValueAt(rowno, 1) start = self.target_table_model.getValueAt(rowno, 3) self.target_table_model.removeRow(rowno) with open("target.json", 'r+') as f: try: json_data = json.load(f) except ValueError: json_data = dict() for key, value in json_data.items(): if value[1] == start and key == param_name: try: del json_data[key] except IndexError: print('Error: {0}: No such json key.'.format( key)) self.write_file(f, json.dumps(json_data)) # onclick load button of payload sets if actionEvent.getSource() is self._file_load_btn: #clear table self.remove_all(self.file_table_model) self.current_column_id = 0 target_param = self._file_param_text.getText() item = self._file_dropdown.getSelectedItem() if len(target_param) == 0: self._error_message.setVisible(True) return self._error_message.setVisible(False) chooser = JFileChooser() chooser.showOpenDialog(actionEvent.getSource()) file_path = chooser.getSelectedFile().getAbsolutePath() with open(file_path, 'r') as f: while True: line = f.readline().strip() if not line: break data = [ item, target_param, line, ] self.file_table_model.addRow(data) with open('target.json', 'r+') as f: try: json_data = json.load(f) except ValueError: json_data = dict() json_data.update({target_param: [ item, 'Set payload', ]}) self.write_file(f, json.dumps(json_data)) # onclick clear button of payload sets if actionEvent.getSource() is self._file_clear_btn: self.remove_all(self.file_table_model) self.current_column_id = 0 with open("target.json", 'r+') as f: try: json_data = json.load(f) except: json_data = dict() for key, value in json_data.items(): if isinstance(value[1], unicode): if value[1].encode('utf-8') == 'Set payload': try: del json_data[key] except IndexError: print('Error: {0}: No such json key.'.format( key)) self.write_file(f, json.dumps(json_data)) # # Implementaion of ISessionHandlingAction # def getActionName(self): return "custom request handler" def performAction(self, current_request, macro_items): if len(macro_items) == 0: return # extract the response headers final_response = macro_items[len(macro_items) - 1].getResponse() if final_response is None: return req = self.helpers.analyzeRequest(current_request) try: with open('target.json', 'r') as f: read_data = f.read() self.read_data = json.loads(read_data) except ValueError: sys.stderr.write('Error: json.loads()') return for key, value in self.read_data.items(): if value[0] == 'JSON': self.set_json_parameter(current_request, final_response, key, value) elif value[0] == 'Header': self.set_header(current_request, final_response, key, value) def set_json_parameter(self, current_request, final_response, key, value): req = self.helpers.analyzeRequest(current_request) if IRequestInfo.CONTENT_TYPE_JSON != req.getContentType(): return False body = current_request.getRequest()[req.getBodyOffset():].tostring() json_data = json.loads(body, object_pairs_hook=collections.OrderedDict) target_keys = filter(lambda x: x == key, json_data.keys()) if not target_keys: return req_data = json_data column_model = self.file_table.getColumnModel() row_count = self.file_table_model.getRowCount() for key in target_keys: if value[-1] == 'Set payload': if row_count > self.current_column_id: req_value = self.file_table_model.getValueAt( self.current_column_id, 2) self.current_column_id += 1 else: # No selected regex if len(value) > 2: start, end = value[1:] req_value = final_response[start:end].tostring() else: regex = value[1] match = re.search(regex, final_response.tostring()) req_value = match.group(1) if match else None req_data[key] = req_value req = current_request.getRequest() json_data_start = self.helpers.indexOf(req, bytearray(body), False, 0, len(req)) # glue together header + customized json of request current_request.setRequest( req[0:json_data_start] + self.helpers.stringToBytes(json.dumps(req_data))) def set_header(self, current_request, final_response, key, value): req = self.helpers.analyzeRequest(current_request) headers = req.getHeaders() target_keys = [] for header in headers: if header.startswith(key): target_keys += [key] if not target_keys: return column_model = self.file_table.getColumnModel() row_count = self.file_table_model.getRowCount() req = current_request.getRequest() for key in target_keys: if value[-1] == 'Set payload': if row_count > self.current_column_id: req_value = self.file_table_model.getValueAt( self.current_column_id, 2) self.current_column_id += 1 else: # No selected regex if len(value) > 2: start, end = value[1:] req_value = final_response[start:end].tostring() else: regex = value[1] match = re.search(regex, final_response.string()) req_value = match.group(1) if match else None key_start = self.helpers.indexOf(req, bytearray(key.encode('utf-8')), False, 0, len(req)) key_end = self.helpers.indexOf(req, bytearray('\r\n'), False, key_start, len(req)) keylen = len(key) # glue together first line + customized hedaer + rest of request current_request.setRequest( req[0:key_start] + self.helpers.stringToBytes("%s: %s" % (key.encode('utf-8'), req_value)) + req[key_end:]) # # Implementation of function for Remove all for specific table data # def remove_all(self, model): count = model.getRowCount() for i in xrange(count): model.removeRow(0) # # Implementaion of function for write data for specific file # def write_file(self, f, data): f.seek(0) f.write(data) f.truncate() return