class Tablas_Caracteres_Especiales(JFrame): def __init__(self): super(Tablas_Caracteres_Especiales, self).__init__() self.window() def window(self): self.setTitle("Tablas Caracteres") self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLayout(None) self.setLocationRelativeTo(None) self.setVisible(True) def config(): self.barra = JScrollPane() self.Tab_Caracteres_Especiales = JTable() nombre = ["nombre", "apeM", "apeP"] datos = ["victor", "esau", "cholo"] self.Tab_Caracteres_Especiales = JTable(datos, nombre) self.Tab_Caracteres_Especiales.addRow(datos) # self.Tab_Caracteres_Especiales.setFont(Font("Tahoma", 0, 14)); # NOI18N self.barra.setViewportView(self.Tab_Caracteres_Especiales) #TODO: imcompleto se nesita una array y python maneja listas :( self.getContentPane().add(self.barra) self.barra.setBounds(0, 0, 929, 574) self.setBounds(0, 0, 939, 604)
def getTextArea(self): """ Creates a scrollable textarea """ textarea = JTextArea() textarea.setBounds(180, 50, 800, 240) scrollPane = JScrollPane(textarea) scrollPane.setBounds(180, 50, 800, 240) return scrollPane
def buildReplacementRules(self, state, callbacks): """ Builds the replacement rules section in the configuration page """ rules = JPanel() rules.setLayout(None) rules.setMaximumSize(Dimension(self.CONFIG_PAGE_WIDTH, 300)) title = self.getTitle("Replacement Rules", 20, 10) add = self.getButton("Add", 20, 50) add.addActionListener(self.callbacks.addButtonClicked) edit = self.getButton("Edit", 20, 90) edit.addActionListener(self.callbacks.editButtonClicked) delete = self.getButton("Delete", 20, 130) delete.addActionListener(self.callbacks.deleteButtonClicked) table = Table(state.replacementRuleTableModel) tableView = JScrollPane(table) tableView.setBounds(180, 50, 800, 240) rules.add(title) rules.add(add) rules.add(edit) rules.add(delete) rules.add(tableView) try: storedReplacementRules = callbacks.loadExtensionSetting( "replacementRules") if storedReplacementRules: state.replacementRuleTableModel.importJsonRules( storedReplacementRules) else: log("No replacement rules stored.") except (ValueError, KeyError): log("Invalid replacement rules stored. Ignoring.") pass return rules
def configTab(self): Config = JLabel("Config") self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop) self.startButton.setBounds(40, 30, 200, 30) self.autoScroll = JCheckBox("Auto Scroll") self.autoScroll.setBounds(40, 80, 200, 30) self.xsscheck = JCheckBox("Detect XSS") self.xsscheck.setSelected(True) self.xsscheck.setBounds(40, 110, 200, 30) self.sqlicheck = JCheckBox("Detect SQLi") self.sqlicheck.setSelected(True) self.sqlicheck.setBounds(40, 140, 200, 30) self.ssticheck = JCheckBox("Detect SSTI") self.ssticheck.setSelected(True) self.ssticheck.setBounds(40, 170, 200, 30) self.blindxss = JCheckBox("Blind XSS") self.blindxss.setBounds(40, 200, 200, 30) self.BlindXSSText = JTextArea("", 5, 30) scrollbxssText = JScrollPane(self.BlindXSSText) scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollbxssText.setBounds(40, 250, 400, 110) self.configtab = JPanel() self.configtab.setLayout(None) self.configtab.setBounds(0, 0, 300, 300) self.configtab.add(Config) self.configtab.add(self.startButton) self.configtab.add(self.autoScroll) self.configtab.add(self.xsscheck) self.configtab.add(self.sqlicheck) self.configtab.add(self.ssticheck) self.configtab.add(self.blindxss) self.configtab.add(scrollbxssText)
class GUI(Helpers): def gui(self): x = 10 # panel padding y = 5 # panel padding self.panel = Panel() self.panel.setLayout(None) self.scn_lbl = JLabel("Enable scanning") self.scn_lbl.setBounds(x, y, 100, 20) self.panel.add(self.scn_lbl) self.enable = JCheckBox() self.enable.setBounds(x + 120, y, 50, 20) self.panel.add(self.enable) self.rand_lbl = JLabel("Randomize payloads") self.rand_lbl.setBounds(x, y + 15, 100, 20) self.panel.add(self.rand_lbl) self.randomize = JCheckBox() self.randomize.setBounds(x + 120, y + 15, 50, 20) self.panel.add(self.randomize) self.pyld_lbl = JLabel("Payloads List (Line separated)") self.pyld_lbl.setBounds(x, y + 30, 180, 20) self.panel.add(self.pyld_lbl) self.payloads_list = JTextArea() self.pyld_scrl = JScrollPane(self.payloads_list) self.pyld_scrl.setBounds(x, y + 50, 600, 200) self.panel.add(self.pyld_scrl) self.save_btn = JButton("Save", actionPerformed=self.save_settings) self.save_btn.setBounds(x, y + 250, 100, 30) self.panel.add(self.save_btn) # Settings loader from [utils/Helpers/load_settings] self.load_settings() return self
def output(self, value): eingabe = value.getString() if eingabe == "Lexikon": # Falls "Lexikon" an den Clienten übergeben wird, wird die GUI geöffnet, # in der man deutsche Wörter eingeben kann, die einem dann auf Englisch # vorgelesen werden. def change_text(event): text = feld.getText() x = suche(text) self.send(x) frame.visible = False frame = JFrame( 'Woerterbuch', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(380, 350), ) frame.setLayout(None) frame.visible = True hintergrund = ImageIcon("Hintergrund.jpg") hintergrundlabel = JLabel(hintergrund) frame.setContentPane(hintergrundlabel) uebersetzerlabel = JLabel() uebersetzerlabel.setForeground(Color(025, 025, 112)) uebersetzerlabel.setText( "<html><font size=+1>Welches Wort soll ich uebersetzen?</font></html>" ) uebersetzerlabel.setBounds(10, 20, 500, 50) frame.add(uebersetzerlabel) feld = JTextField() feld.setText("") feld.setBounds(20, 80, 300, 25) frame.add(feld) button = JButton('Uebersetzen', actionPerformed=change_text, size=(10, 20)) button.setBounds(20, 110, 300, 30) frame.add(button) if eingabe == "neue Lektion": # Falls dem Clienten "neue Lektion" übergeben wird, öffnet er er die # GUI für das Verwalten der Lektionen frame = JFrame('Lektion erstellen', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(1000, 1000)) frame.setLayout(None) def auflisten_in(ort): font = Font("Verdana", Font.BOLD, 15) liste_mit_Lektionen = [] with open(pfad, "r") as f: for line in f: liste_mit_Lektionen.append(line.strip()) liste_mit_Lektionen.sort() text = "" for lektion in liste_mit_Lektionen: text += lektion text += "\n" ort.setText(text) ort.setFont(font) frame.setLayout(None) uebersichtLabel = JLabel() def uebersetzen(event): frage = feld_frage.getText() x = suche(frage) feld_frage.setText(x) liste = [] with open(pfad, "r") as lektionen: for lektion in lektionen: if "nachgeschlagen" in lektion: liste.append(lektion) if liste: name = liste[-1] words = [] sql = "SELECT deutsch, englisch, symbol FROM " + name zeile = stmt.executeQuery(sql) while zeile.next(): d = zeile.getString("deutsch") e = zeile.getString("englisch") symb = zeile.getString("symbol") words.append((d, e, symb)) if len(words) < 50: sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, frage) pstmt.setString(2, x) pstmt.setString(3, "X") pstmt.executeUpdate() else: namensteile = name.split("_") nummer = int(namensteile[1].strip()) + 1 name = "nachgeschlagen_" + str(nummer) test = "" with open(pfad, "r") as f: for line in f: test += line if not name in test: with open(pfad, "a") as f: f.write(name + "\n") sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);" stmt.execute(sql) sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, frage) pstmt.setString(2, x) pstmt.setString(3, "X") pstmt.executeUpdate() else: name = "nachgeschlagen_1" test = "" with open(pfad, "r") as f: for line in f: test += line if not name in test: with open(pfad, "a") as f: f.write(name + "\n") sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);" stmt.execute(sql) sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, frage) pstmt.setString(2, x) pstmt.setString(3, "X") pstmt.executeUpdate() auflisten_in(uebersicht) def delete(event): name = feld.getText() print name print self.geladen if name == self.geladen: count = 0 while tabelle.getValueAt(count, 0) != None: tabelle.setValueAt(None, count, 0) tabelle.setValueAt(None, count, 1) count += 1 stmt.execute("DROP TABLE " + name + ";") lektionen = [] with open(pfad, "r") as f: for line in f: lektion = line.strip() if not name == lektion: lektionen.append(lektion) with open(pfad, "w") as f: for lektion in lektionen: f.write(lektion + "\n") auflisten_in(uebersicht) def laden(event): name = feld.getText() self.geladen = name sql = "SELECT deutsch, englisch FROM " + name results = stmt.executeQuery(sql) count = 0 while results.next(): d = results.getString("deutsch") e = results.getString("englisch") tabelle.setValueAt(d, count, 0) tabelle.setValueAt(e, count, 1) count += 1 while tabelle.getValueAt(count, 0) != None: tabelle.setValueAt(None, count, 0) tabelle.setValueAt(None, count, 1) count += 1 def erstelle_Lektionstabelle(event): reihen = [] for i in range(0, 50): deutsch = tabelle.getValueAt(i, 0) englisch = tabelle.getValueAt(i, 1) if deutsch != None: symbol = "X" reihen.append([deutsch, englisch, symbol]) else: break z = 0 name = feld.getText() sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);" try: stmt.execute(sql) except SQLError: stmt.execute("DROP TABLE " + name + ";") stmt.execute(sql) for reihe in reihen: print(reihe) deutsch = reihe[0] englisch = reihe[1] symbol = reihe[2] sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, deutsch) pstmt.setString(2, englisch) pstmt.setString(3, symbol) pstmt.executeUpdate() test = "" with open(pfad, "r") as f: for line in f: test += line if not name in test: with open(pfad, "a") as f: f.write(name + "\n") self.send(name) frame.setVisible(False) frame = JFrame('Vokabel Listen', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(1000, 1000)) frame.setLayout(None) label_enter = JLabel() label_enter.setText( "<html><font size=+0.5 color = 000000>Bitte vor dem Speichern<br>die Entertaste bedienen</font></html>" ) label_enter.setBounds(20, 720, 250, 50) uebersichtLabel = JLabel() uebersichtLabel.setText( "<html><font size=+1 color=#191970>Bereits vorhandene Lektionen:</font></html>" ) uebersichtLabel.setBounds(450, 230, 250, 50) uebersicht = JTextArea() uebersicht.editable = False uebersicht_scroll = JScrollPane(uebersicht) uebersicht_scroll.viewport.view = uebersicht uebersicht_scroll.setBounds(450, 300, 250, 380) auflisten_in(uebersicht) button = JButton('Lektion speichern/Lektion reseten', actionPerformed=erstelle_Lektionstabelle, size=(10, 20)) button.setBounds(20, 700, 300, 30) button_laden = JButton('vorhandene Lektion laden', actionPerformed=laden, size=(10, 20)) button_laden.setBounds(20, 110, 210, 30) button_delete = JButton("Lektion entfernen", actionPerformed=delete) button_delete.setBounds(20, 140, 210, 30) hintergrund = ImageIcon("Hintergrund.jpg") pnl = JPanel() hintergrundlabel = JLabel(hintergrund) frame.setContentPane(hintergrundlabel) lektionsnamensLabel = JLabel() lektionsnamensLabel.setForeground(Color(025, 025, 112)) lektionsnamensLabel.setText( "<html><font size=+1>Hier bitte Namen der Lektion eingeben<br>(Nur ein Wort lang)</font></html>" ) lektionsnamensLabel.setBounds(10, 20, 500, 50) frame.add(lektionsnamensLabel) feld = JTextField() feld.setText("") feld.setBounds(20, 80, 210, 25) frame.add(feld) column_names = [ "<html><font size=+1 color=#191970><b>Deutsch</b></font></html>", "<html><font size=+1 color=#191970><b>Englisch</b></font></html>" ] table_model = DefaultTableModel(column_names, 50) tabelle = JTable(table_model) lektionsnamensLabel.setForeground(Color(025, 025, 112)) scrollbar = JScrollPane(tabelle) scrollbar.viewport.view = tabelle scrollbar.setVerticalScrollBarPolicy( scrollbar.VERTICAL_SCROLLBAR_ALWAYS) scrollbar.setVisible(True) tabelle.setVisible(True) scrollbar.setBounds(20, 190, 300, 490) feld_frage = JTextField() feld_frage.setText("") feld_frage.setBounds(450, 30, 300, 50) uebersetzerlabel = JLabel() uebersetzerlabel.setForeground(Color(025, 025, 112)) uebersetzerlabel.setText( "<html><font size=+1>Hier kannst Du ein deutsches Wort eintragen,<br>dass ich fuer Dich nachschlage</font></html>" ) uebersetzerlabel.setBounds(450, 80, 500, 50) button_uebersetzen = JButton('Uebersetzen', actionPerformed=uebersetzen, size=(10, 20)) button_uebersetzen.setBounds(450, 130, 300, 30) frame.add(button_uebersetzen) frame.add(uebersetzerlabel) frame.add(feld_frage) frame.add(feld) frame.add(scrollbar) frame.add(button) frame.add(button_laden) frame.setVisible(True) frame.add(uebersicht_scroll) frame.add(uebersichtLabel) frame.add(button_delete) frame.add(label_enter) elif eingabe == "alle Lektionen auflisten": # Hier erstellt der Client eine dynamische Grammatik # mit den vorhandenen Lektionen, die man sich abfragen lassen kann # und gibt diese wieder an DialogOS zurück. # Außerdem wird der Feedback Frame geöffnet. def auflisten_in2(ort): font = Font("Verdana", Font.BOLD, 15) liste_mit_Lektionen = [] with open(pfad, "r") as f: for line in f: liste_mit_Lektionen.append(line.strip()) liste_mit_Lektionen.sort() text = "" for lektion in liste_mit_Lektionen: text += lektion text += "\n" ort.setText(text) ort.setFont(font) frame_feedback.setVisible(True) auflisten_in2(uebersicht2) grammatik = "" grammatik = "root $NamevonLektion;\n" grammatik += "$NamevonLektion = " with open(pfad, "r") as f: z = 0 for line in f: if z == 0: if not "_" in line: grammatik += line else: zeile = line.split("_") grammatik += zeile[0] + " " grammatik += zeile[1].strip() else: if not "_" in line: grammatik += "|" + line else: zeile = line.split("_") grammatik += "|" + zeile[0] + " " grammatik += zeile[1].strip() if line != "\n": z += 1 grammatik += ";" self.send(grammatik) elif "sende" in eingabe: # DialogOS sagt dem Clienten, welche Lektion der User abgefragt # werden möchte. Der Client ließt dann die entsprechende Lektion # aus der Datenbank aus und gibt eine Liste mit 2 Listen zurück. # In der ersten Liste befinden sich die deutschen Bedeutungen, der # noch nicht gewussten Wörter, in der 2. Liste die englsichen Bedeutungen. # Falls alle Wörter bereits gekonnt wurden, wird stattdessen eine entsprechende # Anmerkung an DialogOS geschickt und DialogOS informiert den User darüber. z = 0 if "nachgeschlagen" in eingabe: bestandteile = eingabe.split() name = bestandteile[1] + "_" + bestandteile[2] else: name = eingabe.split()[1] sql = "SELECT deutsch, englisch, symbol FROM " + name vokabelliste = stmt.executeQuery(sql) deutsch = [] englisch = [] symbol = [] while (vokabelliste.next()): deutsch.append(vokabelliste.getString("deutsch")) englisch.append(vokabelliste.getString("englisch")) symbol.append(vokabelliste.getString("symbol")) indices = range(0, len(deutsch)) random.shuffle(indices) vokabeln = [[], []] for index in indices: d = deutsch[index] e = englisch[index] s = symbol[index] if s == "X": vokabeln[0].append(d) vokabeln[1].append(e) if vokabeln[0]: self.send(vokabeln) else: self.send([ "Du kannst diese Lektion schon komplett. Wenn Du sie wieder abgefragt werden willst, resete sie bitte unter Wokabeln verwalten." ]) else: # Dieser Teil des Codes wird während der Abfrage ausgeführt. # Nach jeder neuen Vokabel wird dann in ein Feld im Feedback # Frame die deutsche, die englische Vokabel und ein Symbol angezeigt, # welches einen darüber informiert, ob man die Vokabel wusste, oder nicht. # (O für gewusst und X für nicht gewusst) nametext = eingabe.split(":") name = nametext[0] text = nametext[1] feld_feedback.setText(text) zeilen = text.split("\n") symb = zeilen[-2].split("\t")[-1] d = zeilen[-2].split("\t")[-3] print d sql = "UPDATE " + name + " SET symbol = ? WHERE deutsch = ?" pstmt = conn.prepareStatement(sql) pstmt.setString(1, symb) pstmt.setString(2, d) pstmt.executeUpdate()
frame_feedback.setVisible(False) frame_feedback = JFrame('Abfrage', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(1000, 1000)) frame_feedback.setLayout(None) uebersichtLabel2 = JLabel() uebersichtLabel2.setText( "<html><font size=+1 color=#191970>vorhandene Lektionen:</font></html>") uebersichtLabel2.setBounds(450, 200, 250, 50) uebersicht2 = JTextArea() uebersicht2.editable = False uebersicht_scroll2 = JScrollPane(uebersicht2) uebersicht_scroll2.viewport.view = uebersicht2 uebersicht_scroll2.setBounds(450, 250, 250, 410) feld_feedback = JTextArea() feld_feedback.editable = False feld_feedback.setBounds(50, 50, 300, 600) button_close = JButton('close window', actionPerformed=close2) button_close.setBounds(50, 650, 300, 30) hintergrund2 = ImageIcon("Hintergrund.jpg") pnl2 = JPanel() hintergrundlabel2 = JLabel(hintergrund2) frame_feedback.setContentPane(hintergrundlabel2) frame_feedback.add(button_close) frame_feedback.add(uebersicht_scroll2) frame_feedback.add(uebersichtLabel2) frame_feedback.add(feld_feedback) frame_feedback.setVisible(False)
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Otter") # create the log and a lock on which to synchronize when adding log entries self._log = ArrayList() self._lock = Lock() # main split pane for log entries and request/response viewing self._settingPanel = JPanel() self._logPane = JSplitPane(JSplitPane.VERTICAL_SPLIT) # setup settings pane ui self._settingPanel.setBounds(0,0,1000,1000) self._settingPanel.setLayout(None) self._isRegexp = JCheckBox("Use regexp for matching.") self._isRegexp.setBounds(10, 10, 220, 20) matchLabel = JLabel("String to Match:") matchLabel.setBounds(10, 40, 200, 20) self._matchString = JTextArea("User 1 Session Information") self._matchString.setWrapStyleWord(True) self._matchString.setLineWrap(True) matchString = JScrollPane(self._matchString) matchString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) matchString.setBounds(10, 60, 400, 200) replaceLabel = JLabel("String to Replace:") replaceLabel.setBounds(10, 270, 200, 20) self._replaceString = JTextArea("User 2 Session Information") self._replaceString.setWrapStyleWord(True) self._replaceString.setLineWrap(True) replaceString = JScrollPane(self._replaceString) replaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) replaceString.setBounds(10, 290, 400, 200) self._settingPanel.add(self._isRegexp) self._settingPanel.add(matchLabel) self._settingPanel.add(matchString) self._settingPanel.add(replaceLabel) self._settingPanel.add(replaceString) # table of log entries logTable = Table(self) logTable.getColumnModel().getColumn(0).setPreferredWidth(700) logTable.getColumnModel().getColumn(1).setPreferredWidth(150) logTable.getColumnModel().getColumn(2).setPreferredWidth(100) logTable.getColumnModel().getColumn(3).setPreferredWidth(130) logTable.getColumnModel().getColumn(4).setPreferredWidth(100) logTable.getColumnModel().getColumn(5).setPreferredWidth(130) scrollPane = JScrollPane(logTable) self._logPane.setLeftComponent(scrollPane) # tabs with request/response viewers logTabs = JTabbedPane() self._origRequestViewer = callbacks.createMessageEditor(self, False) self._origResponseViewer = callbacks.createMessageEditor(self, False) self._modRequestViewer = callbacks.createMessageEditor(self, False) self._modResponseViewer = callbacks.createMessageEditor(self, False) logTabs.addTab("Original Request", self._origRequestViewer.getComponent()) logTabs.addTab("Original Response", self._origResponseViewer.getComponent()) logTabs.addTab("Modified Request", self._modRequestViewer.getComponent()) logTabs.addTab("Modified Response", self._modResponseViewer.getComponent()) self._logPane.setRightComponent(logTabs) # top most tab interface that seperates log entries from settings maintabs = JTabbedPane() maintabs.addTab("Log Entries", self._logPane) maintabs.addTab("Settings", self._settingPanel) self._maintabs = maintabs # customize the UI components callbacks.customizeUiComponent(maintabs) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as an HTTP listener callbacks.registerHttpListener(self) return
def draw(self): """ init the match/replace tab """ #todo add an option to ignore large requests padding = 5 labelWidth = 140 labelHeight = 30 editHeight = 110 editWidth = 300 buttonWidth = 120 buttonHeight = 30 column1X = 10 column2X = column1X + labelWidth + padding column3X = column2X + editWidth + padding MRStrings = [ "Headers (simple string):", "Headers (regex):", "Body (simple string):", "Body (regex):" ] row1Y = 10 row2Y = row1Y + labelHeight + padding row3Y = row2Y + editHeight + padding row4Y = row3Y + editHeight + padding row5Y = row4Y + labelHeight + padding row6Y = row5Y + buttonHeight + padding MRTypeLabel = JLabel("Type:") MRTypeLabel.setBounds(column1X, row1Y, labelWidth, labelHeight) MContent = JLabel("Match:") MContent.setBounds(column1X, row2Y, labelWidth, labelHeight) RContent = JLabel("Replace:") RContent.setBounds(column1X, row3Y, labelWidth, labelHeight) MRLabelList = JLabel("Filter List:") MRLabelList.setBounds(column1X, row5Y, labelWidth, labelHeight) self._extender.MRType = JComboBox(MRStrings) self._extender.MRType.setBounds(column2X, row1Y, editWidth, labelHeight) self._extender.MText = JTextArea("", 5, 30) scrollMText = JScrollPane(self._extender.MText) scrollMText.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollMText.setBounds(column2X, row2Y, editWidth, editHeight) self._extender.RText = JTextArea("", 5, 30) scrollRText = JScrollPane(self._extender.RText) scrollRText.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollRText.setBounds(column2X, row3Y, editWidth, editHeight) # i couldn't figure out how to have a model that contained anythin other than a string # so i'll use 2 models, one with the data and one for the JList self._extender.badProgrammerMRModel = {} self._extender.MRModel = DefaultListModel() self._extender.MRList = JList(self._extender.MRModel) scrollMRList = JScrollPane(self._extender.MRList) scrollMRList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollMRList.setBounds(column2X, row5Y, editWidth, editHeight) scrollMRList.setBorder(LineBorder(Color.BLACK)) self._extender.MRAdd = JButton("Add filter", actionPerformed=self.addMRFilter) self._extender.MRAdd.setBounds(column2X, row4Y, buttonWidth, buttonHeight) self._extender.MRDel = JButton("Remove filter", actionPerformed=self.delMRFilter) self._extender.MRDel.setBounds(column3X, row5Y, buttonWidth, buttonHeight) self._extender.MRMod = JButton("Modify filter", actionPerformed=self.modMRFilter) self._extender.MRMod.setBounds(column3X, row5Y + buttonHeight + padding, buttonWidth, buttonHeight) self._extender.MRFeedback = JLabel("") self._extender.MRFeedback.setBounds(column1X, row6Y, column3X + buttonWidth, labelHeight) self._extender.MRPnl = JPanel() self._extender.MRPnl.setLayout(None) self._extender.MRPnl.setBounds(0, 0, 1000, 1000) self._extender.MRPnl.add(MRTypeLabel) self._extender.MRPnl.add(self._extender.MRType) self._extender.MRPnl.add(MContent) self._extender.MRPnl.add(scrollMText) self._extender.MRPnl.add(RContent) self._extender.MRPnl.add(scrollRText) self._extender.MRPnl.add(self._extender.MRAdd) self._extender.MRPnl.add(MRLabelList) self._extender.MRPnl.add(scrollMRList) self._extender.MRPnl.add(self._extender.MRDel) self._extender.MRPnl.add(self._extender.MRMod) self._extender.MRPnl.add(self._extender.MRFeedback)
def initProjSettingsTab(self): # init project settings projNameLabel = JLabel("Name:") projNameLabel.setBounds(10, 50, 140, 30) self.projName = JTextField("") self.projName.setBounds(140, 50, 320, 30) self.projName.getDocument().addDocumentListener(projTextChanged(self)) detailsLabel = JLabel("Details:") detailsLabel.setBounds(10, 120, 140, 30) reportLabel = JLabel("Generate Report:") reportLabel.setBounds(10, 375, 140, 30) types = ["DOCX","HTML","XLSX"] self.reportType = JComboBox(types) self.reportType.setBounds(10, 400, 140, 30) generateReportButton = JButton("Generate", actionPerformed=self.generateReport) generateReportButton.setBounds(160, 400, 90, 30) self.projDetails = JTextArea("", 5, 30) self.projDetails.setWrapStyleWord(True); self.projDetails.setLineWrap(True) projDetailsScroll = JScrollPane(self.projDetails) projDetailsScroll.setBounds(10, 150, 450, 175) projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) projPathLabel = JLabel("Path:") projPathLabel.setBounds(10, 90, 140, 30) self.projPath = JTextField("") self.projPath.setBounds(140, 90, 320, 30) chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath) chooseProjPathButton.setBounds(470, 90, 100, 30) importProjButton = JButton("Import",actionPerformed=self.importProj) importProjButton.setBounds(470, 10, 100, 30) exportProjButton = JButton("Export",actionPerformed=self.exportProj) exportProjButton.setBounds(575, 10, 100, 30) openProjButton = JButton("Open Directory",actionPerformed=self.openProj) openProjButton.setBounds(680, 10, 130, 30) currentProjectLabel = JLabel("Current:") currentProjectLabel.setBounds(10, 10, 140, 30) projects = self.config.options('projects') self.currentProject = JComboBox(projects) self.currentProject.addActionListener(projectChangeHandler(self)) self.currentProject.setBounds(140, 10, 140, 30) self.autoSave = JCheckBox("Auto Save Mode") self.autoSave.setEnabled(False) # implement this feature self.autoSave.setBounds(300, 10, 140, 30) self.autoSave.setToolTipText("Will save any changed value while focus is out") addProjButton = JButton("Add / Update",actionPerformed=self.addProj) addProjButton.setBounds(10, 330, 150, 30) removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj) removeProjButton.setBounds(315, 330, 146, 30) generalOptions = self.config.options('general') if 'default project' in generalOptions: defaultProj = self.config.get('general','default project') self.currentProject.getModel().setSelectedItem(defaultProj) self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem())) self.clearProjTab = True self.projectSettings = JPanel() self.projectSettings.setBounds(0, 0, 1000, 1000) self.projectSettings.setLayout(None) self.projectSettings.add(reportLabel) self.projectSettings.add(detailsLabel) self.projectSettings.add(projPathLabel) self.projectSettings.add(addProjButton) self.projectSettings.add(openProjButton) self.projectSettings.add(projNameLabel) self.projectSettings.add(projDetailsScroll) self.projectSettings.add(importProjButton) self.projectSettings.add(exportProjButton) self.projectSettings.add(removeProjButton) self.projectSettings.add(generateReportButton) self.projectSettings.add(chooseProjPathButton) self.projectSettings.add(currentProjectLabel) self.projectSettings.add(self.projPath) self.projectSettings.add(self.autoSave) self.projectSettings.add(self.projName) self.projectSettings.add(self.reportType) self.projectSettings.add(self.currentProject)
class main(JFrame): def __init__(self): super(main,self).__init__() self.Config() self.windows() self.ruta="" def windows(self): self.setTitle("IDE Meta Compilador") self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLayout(None) self.setLocationRelativeTo(None) self.setVisible(True) def Config(self): self.panel = JScrollPane() self.txtArea_Principal =JTextArea() self.jScrollPane1 =JScrollPane() self.txtTerminal =JTextArea() self.Menu =JMenuBar() self.menu_Archivo =JMenu() self.menu_Nuevo =JMenuItem() self.menuabrir =JMenuItem() self.menucerrar =JMenuItem() self.menuguardar =JMenuItem() self.menuguardarcomo =JMenuItem() self.menusalir =JMenuItem() self.menu_Edicion =JMenu() self.menu_cortar =JMenuItem() self.menu_copiar =JMenuItem() self.menu_pegar =JMenuItem() self.menu_Tablas =JMenu() self.menu_TablasEstaticas =JMenu() self.submenu_palabrasReservadas =JMenuItem() self.submenu_CaracteresEspeciales =JMenuItem() self.submenu_operadores =JMenu() self.ta_di_conu_enteros =JMenuItem() self.ta_di_conu_reales =JMenuItem() self.ta_di_conu_cientificos =JMenuItem() self.menu_TablaasDinamicas =JMenu() self.submenu_simbolos =JMenuItem() self.submenu_identificadores =JMenuItem() self.submenu_errores =JMenuItem() self.submenu_constantesNumericas =JMenu() self.ta_es_op_aritmeticos =JMenuItem() self.ta_es_op_relacionales =JMenuItem() self.ta_es_op_logicos =JMenuItem() self.submenu_Constantes_No_Numericas =JMenu() self.tab_caracteres =JMenuItem() self.tab_cadenas =JMenuItem() self.menu_Analisis =JMenu() self.ana_lexico =JMenuItem() self.ana_sintactico =JMenuItem() self.ana_semantico =JMenuItem() self.menu_Acerca_de =JMenu() self.btn_integrantes =JMenuItem() ######################### self.jf = JFileChooser() ######################### self.txtArea_Principal.setColumns(20) self.txtArea_Principal.setRows(5) self.txtArea_Principal.setAutoscrolls(False) self.txtArea_Principal.setEnabled(False) self.panel.setViewportView(self.txtArea_Principal) self.getContentPane().add(self.panel) self.panel.setBounds(0, 0, 1080, 450) self.txtTerminal.setColumns(20) self.txtTerminal.setRows(5) self.txtTerminal.setAutoscrolls(False) self.txtTerminal.setFocusable(False) self.jScrollPane1.setViewportView(self.txtTerminal) self.getContentPane().add(self.jScrollPane1) self.jScrollPane1.setBounds(0, 460, 1080, 150) # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU ARCHIVOS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< self.menu_Archivo.setText("Archivo") self.menu_Nuevo.addActionListener(lambda event : self.nuevo(event)) self.menu_Nuevo.setText("Nuevo") self.menu_Archivo.add(self.menu_Nuevo) self.menuabrir.setText("Abrir") self.menuabrir.addActionListener(lambda event : self.abrir(event)) self.menu_Archivo.add(self.menuabrir) self.menucerrar.setText("Cerrar") self.menucerrar.addActionListener(lambda event : self.cerrar(event)) self.menu_Archivo.add(self.menucerrar) self.menuguardar.setText("Guardar") self.menuguardar.addActionListener(lambda event : self.guardar(event)) self.menu_Archivo.add(self.menuguardar) self.menuguardarcomo.setText("Guardar como") self.menuguardarcomo.addActionListener(lambda event : self.guardarcomo(event)) self.menu_Archivo.add(self.menuguardarcomo) self.menusalir.setText("Salir") self.menusalir.addActionListener(lambda event : self.salir(event)) self.menu_Archivo.add(self.menusalir) self.Menu.add(self.menu_Archivo) # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU EDICION<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< self.menu_Edicion.setText("Edicion") self.menu_cortar.setText("Cortar") self.menu_cortar.addActionListener(lambda event : self.cortar(event)) self.menu_Edicion.add(self.menu_cortar) self.menu_copiar.setText("Copiar") self.menu_copiar.addActionListener(lambda event : self.copiar(event)) self.menu_Edicion.add(self.menu_copiar) self.menu_pegar.setText("Pegar") self.menu_pegar.addActionListener(lambda event : self.pegar(event)) self.menu_Edicion.add(self.menu_pegar) self.Menu.add(self.menu_Edicion) # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU TABLAS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< self.menu_Tablas.setText("Tablas") self.menu_TablasEstaticas.setText("Tablas Estaticas") self.submenu_palabrasReservadas.setText("Tabla de palabras reservadas") self.menu_TablasEstaticas.add(self.submenu_palabrasReservadas) self.submenu_CaracteresEspeciales.setText("Tabla de caracteres especiales") self.menu_TablasEstaticas.add(self.submenu_CaracteresEspeciales) self.submenu_operadores.setText("Tabla de operadores") self.ta_es_op_aritmeticos.setText("Aritmeticos") self.submenu_operadores.add(self.ta_es_op_aritmeticos) self.ta_es_op_relacionales.setText("Relacionales") self.submenu_operadores.add(self.ta_es_op_relacionales) self.ta_es_op_logicos.setText("Logicos") self.submenu_operadores.add(self.ta_es_op_logicos) self.menu_TablasEstaticas.add(self.submenu_operadores) self.menu_Tablas.add(self.menu_TablasEstaticas) self.menu_TablaasDinamicas.setText("Tablas Dinamicas") self.submenu_simbolos.setText("Tabla de simbolos") self.menu_TablaasDinamicas.add(self.submenu_simbolos) self.submenu_identificadores.setText("Tabla de identificadores") self.menu_TablaasDinamicas.add(self.submenu_identificadores) self.submenu_errores.setText("Tabla de errores") self.menu_TablaasDinamicas.add(self.submenu_errores) self.submenu_constantesNumericas.setText("Tabla de constantes numericas") self.ta_di_conu_enteros.setText("Enteros") self.ta_di_conu_enteros.addActionListener(lambda event : self.numeroenteros(event)) self.submenu_constantesNumericas.add(self.ta_di_conu_enteros) self.ta_di_conu_reales.setText("Reales") self.ta_di_conu_reales.addActionListener(lambda event : self.numeroreales(event)) self.submenu_constantesNumericas.add(self.ta_di_conu_reales) self.ta_di_conu_cientificos.setText("Cientificos") self.submenu_constantesNumericas.add(self.ta_di_conu_cientificos) self.menu_TablaasDinamicas.add(self.submenu_constantesNumericas) self.submenu_Constantes_No_Numericas.setText("Tabla de constantes no numericas") self.tab_caracteres.setText("Caracteres") self.submenu_Constantes_No_Numericas.add(self.tab_caracteres) self.tab_cadenas.setText("Cadenas") self.submenu_Constantes_No_Numericas.add(self.tab_cadenas) self.menu_TablaasDinamicas.add(self.submenu_Constantes_No_Numericas) self.menu_Tablas.add(self.menu_TablaasDinamicas) self.Menu.add(self.menu_Tablas) # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU ANALISIS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< self.menu_Analisis.setText("Analisis") self.ana_lexico.setText("Lexico") self.ana_lexico.addActionListener(lambda event : self.lexico(event)) self.menu_Analisis.add(self.ana_lexico) self.ana_sintactico.setText("Sintactico") self.ana_sintactico.addActionListener(lambda event : self.sintactico(event)) self.menu_Analisis.add(self.ana_sintactico) self.ana_semantico.setText("Semantico") self.menu_Analisis.add(self.ana_semantico) self.Menu.add(self.menu_Analisis) # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU ACERCA DE<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< self.menu_Acerca_de.setText("Acerca de") self.btn_integrantes.setText("Integrante del proyecto") self.btn_integrantes.addActionListener(lambda event : self.integrantes(event)) self.menu_Acerca_de.add(self.btn_integrantes) self.Menu.add(self.menu_Acerca_de) self.setJMenuBar(self.Menu) self.setBounds(0, 0, 1095, 670) ###################################### def integrantes(self,event): informacion() def cortar(self,event): self.txtArea_Principal.cut() def copiar(self,event): self.txtArea_Principal.copy() def pegar(self,event): self.txtArea_Principal.paste() def salir(self,event): self.dispose() ###################################### def guardarcomo(self,event): pass def guardar(self,event): if self.ruta == "": self.txtTerminal.setText("no hay un directorio abierto") else: agregar(self.ruta,str(self.txtArea_Principal.getText())) def cerrar(self,event): self.txtArea_Principal.setText("") self.txtArea_Principal.setEnabled(False) self.ruta="" def abrir(self,event): self.jf.showOpenDialog(self) self.ruta = self.jf.getSelectedFile() self.txtArea_Principal.setEnabled(True) self.txtArea_Principal.setText(abrir(self.ruta)) def nuevo(self,event): if self.ruta == "": print("no pasa nada") else: print("hay un archivo existente") self.ruta ="" self.txtArea_Principal.setEnabled(True) self.txtArea_Principal.setText("") ###################################### def lexico(self,event): self.txtTerminal.setText("") archivo = open("{}".format(self.ruta),"r") texto = "" for a in prueba(self.txtArea_Principal.getText()): texto += a+"\n" self.txtTerminal.setText(texto) def sintactico(self,event): self.txtTerminal.setText("") texto="" for a in prueba_sintactica(self.txtArea_Principal.getText()): texto +=a+"\n" self.txtTerminal.setText(texto)
def draw(self): """ init interception filters tab """ self._extender.savedHeaders = [{"title": "Temporary headers", "headers": "Cookie: Insert=injected; cookie=or;\nHeader: here"}] # IFStrings has to contains : character IFStrings = ["Scope items only: (Content is not required)", "URL Contains (simple string): ", "URL Contains (regex): ", "URL Not Contains (simple string): ", "URL Not Contains (regex): ", "Only HTTP methods (newline separated): ", "Ignore HTTP methods (newline separated): ", "Ignore spider requests: (Content is not required)", "Ignore proxy requests: (Content is not required)", "Ignore target requests: (Content is not required)"] self._extender.IFType = JComboBox(IFStrings) self._extender.IFType.setBounds(80, 10, 430, 30) self._extender.IFModel = DefaultListModel() self._extender.IFList = JList(self._extender.IFModel) scrollIFList = JScrollPane(self._extender.IFList) scrollIFList.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollIFList.setBounds(80, 175, 300, 110) scrollIFList.setBorder(LineBorder(Color.BLACK)) # Adding some default interception filters # self.IFModel.addElement("Scope items only: (Content is not required)") # commented for better first impression. self._extender.IFModel.addElement("URL Not Contains (regex): \\.js|\\.css|\\.png|\\.jpg|\\.svg|\\.jpeg|\\.gif|\\.woff|\\.map|\\.bmp|\\.ico$") self._extender.IFModel.addElement("Ignore spider requests: ") self._extender.IFText = JTextArea("", 5, 30) scrollIFText = JScrollPane(self._extender.IFText) scrollIFText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollIFText.setBounds(80, 50, 300, 110) IFLType = JLabel("Type:") IFLType.setBounds(10, 10, 140, 30) IFLContent = JLabel("Content:") IFLContent.setBounds(10, 50, 140, 30) IFLabelList = JLabel("Filter List:") IFLabelList.setBounds(10, 165, 140, 30) self._extender.IFAdd = JButton("Add filter", actionPerformed=self.addIFFilter) self._extender.IFAdd.setBounds(390, 85, 120, 30) self._extender.IFDel = JButton("Remove filter", actionPerformed=self.delIFFilter) self._extender.IFDel.setBounds(390, 210, 120, 30) self._extender.IFMod = JButton("Modify filter", actionPerformed=self.modIFFilter) self._extender.IFMod.setBounds(390, 250, 120, 30) self._extender.filtersPnl = JPanel() self._extender.filtersPnl.setLayout(None) self._extender.filtersPnl.setBounds(0, 0, 1000, 1000) self._extender.filtersPnl.add(IFLType) self._extender.filtersPnl.add(self._extender.IFType) self._extender.filtersPnl.add(IFLContent) self._extender.filtersPnl.add(scrollIFText) self._extender.filtersPnl.add(self._extender.IFAdd) self._extender.filtersPnl.add(self._extender.IFDel) self._extender.filtersPnl.add(self._extender.IFMod) self._extender.filtersPnl.add(IFLabelList) self._extender.filtersPnl.add(scrollIFList)
class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IProxyListener): """ BurpSuite插件类 """ def __init__(self): self.plugin_name = u'orz Plugin' self.panel = None self.callbacks = None self.DEBUG = True self.context = None self.helpers = None self.log_box_width = 1000 self.log_box_height = 400 self.tools = Tools() self.now_version = VERSION def registerExtenderCallbacks(self, callbacks): # 注册插件 self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.callbacks.setExtensionName(self.plugin_name) # 绘制标签页UI self.tab_ui() self.callbacks.customizeUiComponent(self.panel) self.callbacks.addSuiteTab(self) self.callbacks.registerProxyListener(self) self.callbacks.registerContextMenuFactory(self) print('Plugin load successfully!') self.tools.log('INFO', '插件加载成功 - 当前版本: {}'.format(VERSION)) self.tools.log('INFO', '当前debug模式: {}'.format(self.DEBUG)) # 窗口大小检查线程 log_box_thread = threading.Thread(target=self.reset_log_box_size) log_box_thread.setDaemon(True) log_box_thread.start() return def createMenuItems(self, invocation): # 创建菜单右键菜单选项 self.context = invocation menu_list = JMenu('orz Plugin') if self.context.getToolFlag() == 0x40: menu_list.add( JMenuItem(u'添加IP伪造请求头', actionPerformed=self.update_client_src_ip)) menu_list.add( JMenuItem(u'生成DNSLog Payload', actionPerformed=self.dnslog_payload)) # DEBUG 按钮 menu_list.add( JMenuItem('orz - DEBUG', actionPerformed=self.debug_fun)) return [menu_list] def tab_ui(self): self.panel = JPanel() self.panel.setLayout(None) self.ui_client_dnslog_label_1 = JLabel('-' * 10 + u' IP伪造请求头 & DNSLog 配置 ' + '-' * 155) self.ui_client_dnslog_label_1.setBounds(20, 10, 1000, 28) self.ui_client_ip_label_1 = JLabel(u'伪造IP: ') self.ui_client_ip_label_1.setBounds(20, 40, 70, 30) self.ui_client_ip = JTextField('127.0.0.1') self.ui_client_ip.setBounds(80, 40, 200, 28) self.ui_client_url_label_1 = JLabel(u'dnslog url: ') self.ui_client_url_label_1.setBounds(10, 80, 70, 30) self.ui_client_url = JTextField('http://examlpe.com') self.ui_client_url.setBounds(80, 80, 200, 28) self.ui_button_label = JLabel('-' * 210) self.ui_button_label.setBounds(20, 110, 1000, 28) #self.ui_web_test_button = JButton(u'登录测试', actionPerformed=self.login_test) #self.ui_web_test_button.setBounds(20, 140, 100, 28) self.ui_save_button = JButton(u'保存配置', actionPerformed=self.save_configuration) self.ui_save_button.setBounds(20, 140, 100, 28) self.ui_debug_button = JButton('Debug', actionPerformed=self.debug_fun) self.ui_debug_button.setBounds(135, 140, 100, 28) self.panel.add(self.ui_debug_button) self.ui_log_box = JTextArea('') self.ui_log_box.setLineWrap(True) self.ui_log_box.setEditable(False) self.ui_log_scroll_pane = JScrollPane(self.ui_log_box) self.ui_log_scroll_pane.setBounds(20, 190, self.log_box_width, self.log_box_height) self.panel.add(self.ui_client_dnslog_label_1) self.panel.add(self.ui_client_ip_label_1) self.panel.add(self.ui_client_ip) self.panel.add(self.ui_client_url_label_1) self.panel.add(self.ui_client_url) self.panel.add(self.ui_button_label) #self.panel.add(self.ui_web_test_button) self.panel.add(self.ui_save_button) self.panel.add(self.ui_log_scroll_pane) self.tools.panel = self.panel self.tools.log_box = self.ui_log_box self.tools.log_scroll_pane = self.ui_log_scroll_pane def getTabCaption(self): # 设置标签页名称 return self.plugin_name def getUiComponent(self): # 设置标签页UI return self.panel def processProxyMessage(self, message_is_request, message): """ 处理Proxy请求 url: http://biubiu.com:80/h/p?id=24&a=123 request_methond: POST GET etc cookie: 顾名思义 content_type: 如 application/json; charset=UTF-8 request_header: 包含coolie的头 request_body: 顾名思义 host: 主机名 port: 端口号 protocol: 协议,如http、https url_parameters:url中的参数信息, 格式{'id':23,'a':123} """ if message_is_request and self.DEBUG: request = message.getMessageInfo().getRequest() analyzedRequest = self.helpers.analyzeRequest( message.getMessageInfo().getHttpService(), request) request_headers = analyzedRequest.getHeaders() request_body = request[analyzedRequest.getBodyOffset():].tostring() url = str(analyzedRequest.getUrl()) host = message.getMessageInfo().getHttpService().getHost() port = message.getMessageInfo().getHttpService().getPort() protocol = message.getMessageInfo().getHttpService().getProtocol() request_methond = str(analyzedRequest.getMethod()) parameters = analyzedRequest.getParameters() url_parameters = {} for parameter in parameters: if parameter.getType() == 0: url_parameters[str(parameter.getName())] = str( parameter.getValue()) cookie = "" content_type = "" request_header = {} for header in request_headers[2:]: header = str(header).strip() header_temp = header.split(':') request_header[header_temp[0].strip()] = ':'.join( header_temp[1:]).strip() if header.startswith("Cookie:"): cookie_temp = header.split(':') cookie = ':'.join(cookie_temp[1:]).strip() continue if header.startswith("Content-Type"): content_type = ':'.join(header.split(':')[1:]).strip() # self.tools.log('content_type', content_type) # self.tools.log('request_methond', request_methond) # self.tools.log('url', url) #self.tools.log('request_header', request_header) # self.tools.log('cookie', cookie) self.tools.http_deal(url, request_methond, cookie, content_type, request_header, request_body) # 多线程 # proxy_thread = threading.Thread(target=self.tools.http_deal, args=( # url, request_methond, cookie, content_type, request_header, request_body)) # proxy_thread.setDaemon(True) # proxy_thread.start() # 新增处理线程 def login_test(self, event): # 生产环境Web方式获取Cookie测试 return def save_configuration(self, event): self.tools.client_src_ip = str(self.ui_client_ip.getText()).strip() self.tools.dnslog_url = str(self.ui_client_url.getText()).strip() self.tools.log('INFO', '配置保存成功') def reset_log_box_size(self): while self.tools.runtime(): time.sleep(1) new_width = int(self.panel.rootPane.getSize().width) - 40 new_height = int(self.panel.rootPane.getSize().height) - 290 if new_width != self.log_box_width or new_height != self.log_box_height: self.log_box_width = new_width self.log_box_height = new_height self.ui_log_scroll_pane.setBounds(20, 190, self.log_box_width, self.log_box_height) self.panel.updateUI() def debug_fun(self, event): if self.DEBUG: self.DEBUG = False self.tools.log('INFO', 'set debug = False') else: self.DEBUG = True self.tools.log('INFO', 'set debug = True') def update_web_cookie(self): http_traffic = self.context.getSelectedMessages()[0] traffic_analyze = self.helpers.analyzeRequest(http_traffic) return def web_cookie_web_prod(self, event): self.update_web_cookie() def update_client_src_ip(self, event): add_header = [ 'X-Originating-IP', 'X-Forwarded-For', 'X-Remote-IP', 'X-Remote-Addr', 'X-Client-IP', 'X-Real-IP', 'Proxy-Cllient-IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR' ] http_traffic = self.context.getSelectedMessages()[0] traffic_analyze = self.helpers.analyzeRequest(http_traffic) new_headers = [] tmp_add_header = map(str.lower, add_header) for header in traffic_analyze.getHeaders(): tmp_header = header.split(':')[0].strip().lower() if tmp_header not in tmp_add_header: new_headers.append(header) new_headers += map( lambda x: '{}: {}'.format(x, self.tools.client_src_ip), add_header) new_request = self.helpers.buildHttpMessage( new_headers, http_traffic.getRequest()[traffic_analyze.getBodyOffset():]) http_traffic.setRequest(new_request) def dnslog_payload(self, event): self.tools.msg_box('功能暂未实现,待更新')
def initVulnerabilityTab(self): # ## init vulnerability tab # nameLabel = JLabel("Vulnerability Name:") nameLabel.setBounds(10, 10, 140, 30) self.addButton = JButton("Add",actionPerformed=self.addVuln) self.addButton.setBounds(10, 500, 100, 30) rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln) rmVulnButton.setBounds(465, 500, 100, 30) mitigationLabel = JLabel("Mitigation:") mitigationLabel.setBounds(10, 290, 150, 30) addSSBtn = JButton("Add SS",actionPerformed=self.addSS) addSSBtn.setBounds(750, 40, 110, 30) deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS) deleteSSBtn.setBounds(750, 75, 110, 30) piclistLabel = JLabel("Images list:") piclistLabel.setBounds(580, 10, 140, 30) self.screenshotsList = DefaultListModel() self.ssList = JList(self.screenshotsList) self.ssList.setBounds(580, 40, 150, 250) self.ssList.addListSelectionListener(ssChangedHandler(self)) self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY)) previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)") previewPicLabel.setBounds(580, 290, 500, 30) copyImgMenu = JMenuItem("Copy") copyImgMenu.addActionListener(copyImg(self)) self.imgMenu = JPopupMenu("Popup") self.imgMenu.add(copyImgMenu) self.firstPic = JLabel() self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY)) self.firstPic.setBounds(580, 320, 550, 400) self.firstPic.addMouseListener(imageClicked(self)) self.vulnName = JTextField("") self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self)) self.vulnName.setBounds(140, 10, 422, 30) sevirities = ["Unclassified", "Critical","High","Medium","Low"] self.threatLevel = JComboBox(sevirities); self.threatLevel.setBounds(140, 45, 140, 30) colors = ["Color:", "Green", "Red"] self.colorCombo = JComboBox(colors); self.colorCombo.setBounds(465, 45, 100, 30) self.colorCombo severityLabel = JLabel("Threat Level:") severityLabel.setBounds(10, 45, 100, 30) descriptionLabel = JLabel("Description:") descriptionLabel.setBounds(10, 80, 100, 30) self.descriptionString = JTextArea("", 5, 30) self.descriptionString.setWrapStyleWord(True); self.descriptionString.setLineWrap(True) self.descriptionString.setBounds(10, 110, 555, 175) descriptionStringScroll = JScrollPane(self.descriptionString) descriptionStringScroll.setBounds(10, 110, 555, 175) descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.mitigationStr = JTextArea("", 5, 30) self.mitigationStr.setWrapStyleWord(True); self.mitigationStr.setLineWrap(True) self.mitigationStr.setBounds(10, 320, 555, 175) mitigationStrScroll = JScrollPane(self.mitigationStr) mitigationStrScroll.setBounds(10, 320, 555, 175) mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000); self.pnl.setLayout(None); self.pnl.add(addSSBtn) self.pnl.add(piclistLabel) self.pnl.add(nameLabel) self.pnl.add(deleteSSBtn) self.pnl.add(rmVulnButton) self.pnl.add(severityLabel) self.pnl.add(mitigationLabel) self.pnl.add(descriptionLabel) self.pnl.add(previewPicLabel) self.pnl.add(mitigationStrScroll) self.pnl.add(descriptionStringScroll) self.pnl.add(self.ssList) self.pnl.add(self.firstPic) self.pnl.add(self.addButton) self.pnl.add(self.vulnName) self.pnl.add(self.threatLevel) self.pnl.add(self.colorCombo)
class BurpExtender(IBurpExtender, ITab, IHttpListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("burp-sensitive-param-extractor") self._stdout = PrintWriter(callbacks.getStdout(), True) callbacks.registerHttpListener(self) #callbacks.registerMessageEditorTabFactory(self) print 'burp-sensitive-param-extractor loaded.\nAuthor:LSA\nhttps://github.com/theLSA/burp-sensitive-param-extractor' self.sensitiveParamR = getParamRegular() self._callbacks.customizeUiComponent(self.getUiComponent()) self._callbacks.addSuiteTab(self) #self.endColors = [] self.requestParamDict = {} self.resultSensitiveParamsDict = {} def getTabCaption(self): return 'BSPE' def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if messageIsRequest and toolFlag == 4: self.requestParamDict['urlParams'] = [] self.requestParamDict['BodyParams'] = [] self.requestParamDict['cookieParams'] = [] self.requestParamDict['jsonParams'] = [] cookieParamFlag = 0 service = messageInfo.getHttpService() request = messageInfo.getRequest() analyzeReq = self._helpers.analyzeRequest(service, request) reqUrl = self._helpers.analyzeRequest(messageInfo).getUrl() reqMethod = self._helpers.analyzeRequest(messageInfo).getMethod() reqParams = analyzeReq.getParameters() for param in reqParams: paramType = param.getType() if paramType == 0: #self.outputTxtArea.append("\nurlParams-") paramName = param.getName() paramValue = param.getValue() print 'urlParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]" % paramName) self.requestParamDict['urlParams'].append( paramName.strip()) if paramType == 1: #self.outputTxtArea.append("\nBodyParams-") paramName = param.getName() paramValue = param.getValue() print 'BodyParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]\n" % paramName) self.requestParamDict['BodyParams'].append( paramName.strip()) if paramType == 2: #self.outputTxtArea.append("\ncookieParams-") paramName = param.getName() paramValue = param.getValue() print 'CookieParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]\n" % paramName) self.requestParamDict['cookieParams'].append( paramName.strip()) cookieParamFlag = 1 if paramType == 6: #self.outputTxtArea.append("\njsonParams-") paramName = param.getName() paramValue = param.getValue() print 'JsonParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]\n" % paramName) self.requestParamDict['jsonParams'].append( paramName.strip()) self.resultSensitiveParamsDict = self.findSensitiveParam( self.requestParamDict) #print self.resultSensitiveParamsDict for rspdKey in self.resultSensitiveParamsDict.keys(): if self.resultSensitiveParamsDict[rspdKey] != []: print "[%s][%s]" % (reqMethod, reqUrl) self.outputTxtArea.append( "\n------------------------------------------------------\n" ) self.outputTxtArea.append("[%s][%s]\n" % (reqMethod, reqUrl)) break for rspdKey in self.resultSensitiveParamsDict.keys(): if self.resultSensitiveParamsDict[rspdKey] != []: self.outputTxtArea.append( "\n" + rspdKey + "--" + str(self.resultSensitiveParamsDict[rspdKey])) self.write2file() #pass else: return def findSensitiveParam(self, requestParamDict): #sensitiveParamR = getParamRegular() resultSensitiveParamsDict = {} resultSensitiveParamsDict['urlParams'] = [] resultSensitiveParamsDict['BodyParams'] = [] resultSensitiveParamsDict['cookieParams'] = [] resultSensitiveParamsDict['jsonParams'] = [] #print requestParamDict for spr in self.sensitiveParamR: for key in requestParamDict.keys(): for reqParam in requestParamDict[key]: if len(spr) == 1: if spr == reqParam.lower(): resultSensitiveParamsDict[key].append(reqParam) else: if spr in reqParam.lower(): print spr + ' in ' + reqParam resultSensitiveParamsDict[key].append(reqParam) #print resultSensitiveParamsDict for key in resultSensitiveParamsDict.keys(): resultSensitiveParamsDict[key] = {}.fromkeys( resultSensitiveParamsDict[key]).keys() #resultSensitiveParamsDict[key] = sorted(resultSensitiveParamsDict[key],key=resultSensitiveParamsDict[key].index) #print resultSensitiveParamsDict return resultSensitiveParamsDict def write2file(self): sensitiveParamsList = getSensitiveParamsFromFile() newSensitiveParamsList = [] #print self.resultSensitiveParamsDict for rspdKey in self.resultSensitiveParamsDict.keys(): if (self.resultSensitiveParamsDict[rspdKey] != []) and (set( self.resultSensitiveParamsDict[rspdKey]).issubset( set(sensitiveParamsList)) == False): newSensitiveParamsList.extend([ newSensitiveParam for newSensitiveParam in self.resultSensitiveParamsDict[rspdKey] if newSensitiveParam not in sensitiveParamsList ]) #print str(newSensitiveParamsList) if newSensitiveParamsList != []: newSensitiveParamsList = {}.fromkeys(newSensitiveParamsList).keys() with open('sensitive-params.txt', 'a') as sps: for nsp in newSensitiveParamsList: #print 'writeNewParams:'+nsp sps.write('\n' + nsp) def addAndSaveNewParamRegular(self, event): NewParamRegular = self.addAndSaveNewParamRegularTextField.getText() if NewParamRegular not in self.sensitiveParamR: self.sensitiveParamR.append(NewParamRegular) with open(paramRegularFile, 'a') as prf: prf.write('\n' + NewParamRegular) self.alertSaveSuccess.showMessageDialog(self.spePanel, "Add and save success!") else: self.alertSaveSuccess.showMessageDialog(self.tab, "paramRegular existed.") self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR) self.sensitiveParamsRegularListPanel.revalidate() #self.sensitiveParamR = getParamRegular() def delParamRegular(self, event): #delParamRegularsIndex = self.sensitiveParamsRegularListPanel.selectedIndex #if delParamRegularsIndex >= 0: # print delParamRegularsIndex # print self.sensitiveParamR[delParamRegularsIndex] for sprlp in self.sensitiveParamsRegularListPanel.getSelectedValuesList( ): #print sprlp self.sensitiveParamR.remove(sprlp) #with open(paramRegularFile,'r') as prf1: # lines = prf1.readlines() with open(paramRegularFile, 'w') as prf2: #print self.sensitiveParamsRegularListPanel.getSelectedValuesList() #for line in lines: # if line.strip() in self.sensitiveParamsRegularListPanel.getSelectedValuesList(): # print 'remove:'+line # lines.remove(line) #for spr1 in lines: # #print spr1 # prf2.write(spr1) for spr2i, spr2 in enumerate(self.sensitiveParamR): print spr2i print spr2 if spr2i == len(self.sensitiveParamR) - 1: prf2.write(spr2) else: prf2.write(spr2 + '\n') self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR) self.sensitiveParamsRegularListPanel.revalidate() #self.sensitiveParamR = getParamRegular() def clearRst(self, event): self.outputTxtArea.setText("") def exportRst(self, event): chooseFile = JFileChooser() ret = chooseFile.showDialog(self.logPane, "Choose file") filename = chooseFile.getSelectedFile().getCanonicalPath() print "\n" + "Export to : " + filename open(filename, 'w', 0).write(self.outputTxtArea.text) def getUiComponent(self): self.spePanel = JPanel() self.spePanel.setBorder(None) self.spePanel.setLayout(None) self.logPane = JScrollPane() self.outputTxtArea = JTextArea() self.outputTxtArea.setFont(Font("Consolas", Font.PLAIN, 12)) self.outputTxtArea.setLineWrap(True) self.logPane.setViewportView(self.outputTxtArea) self.spePanel.add(self.logPane) self.clearBtn = JButton("Clear", actionPerformed=self.clearRst) self.exportBtn = JButton("Export", actionPerformed=self.exportRst) self.parentFrm = JFileChooser() self.spePanel.add(self.clearBtn) self.spePanel.add(self.exportBtn) self.logPane.setBounds(20, 50, 800, 600) self.clearBtn.setBounds(20, 650, 100, 30) self.exportBtn.setBounds(600, 650, 100, 30) self.sensitiveParamsRegularListPanel = JList(self.sensitiveParamR) self.sensitiveParamsRegularListPanel.setVisibleRowCount( len(self.sensitiveParamR)) #self.spePanel.add(self.sensitiveParamsRegularListPanel) #self.sensitiveParamsRegularListPanel.setBounds(850,50,150,600) self.sensitiveParamsRegularListScrollPanel = JScrollPane() self.sensitiveParamsRegularListScrollPanel.setViewportView( self.sensitiveParamsRegularListPanel) self.spePanel.add(self.sensitiveParamsRegularListScrollPanel) self.sensitiveParamsRegularListScrollPanel.setBounds(850, 50, 150, 600) self.addAndSaveNewParamRegularButton = JButton( 'add&&save', actionPerformed=self.addAndSaveNewParamRegular) self.spePanel.add(self.addAndSaveNewParamRegularButton) self.addAndSaveNewParamRegularButton.setBounds(1000, 50, 150, 30) self.addAndSaveNewParamRegularTextField = JTextField('NewParamRegular') self.spePanel.add(self.addAndSaveNewParamRegularTextField) self.addAndSaveNewParamRegularTextField.setBounds(1150, 50, 100, 30) self.alertSaveSuccess = JOptionPane() self.spePanel.add(self.alertSaveSuccess) self.delParamRegularButton = JButton( "delete", actionPerformed=self.delParamRegular) self.spePanel.add(self.delParamRegularButton) self.delParamRegularButton.setBounds(1000, 90, 100, 30) return self.spePanel
def draw(self): """ init configuration tab """ self._extender.startButton = JToggleButton("Autorize is off", actionPerformed=self.startOrStop) self._extender.startButton.setBounds(10, 20, 230, 30) self._extender.clearButton = JButton("Clear List", actionPerformed=self.clearList) self._extender.clearButton.setBounds(10, 80, 100, 30) self._extender.autoScroll = JCheckBox("Auto Scroll") self._extender.autoScroll.setBounds(145, 80, 130, 30) self._extender.ignore304 = JCheckBox("Ignore 304/204 status code responses") self._extender.ignore304.setBounds(280, 5, 300, 30) self._extender.ignore304.setSelected(True) self._extender.prevent304 = JCheckBox("Prevent 304 Not Modified status code") self._extender.prevent304.setBounds(280, 25, 300, 30) self._extender.interceptRequestsfromRepeater = JCheckBox("Intercept requests from Repeater") self._extender.interceptRequestsfromRepeater.setBounds(280, 45, 300, 30) self._extender.doUnauthorizedRequest = JCheckBox("Check unauthenticated") self._extender.doUnauthorizedRequest.setBounds(280, 65, 300, 30) self._extender.doUnauthorizedRequest.setSelected(True) self._extender.saveHeadersButton = JButton("Save headers", actionPerformed=self.saveHeaders) self._extender.saveHeadersButton.setBounds(360, 115, 120, 30) savedHeadersTitles = self.getSavedHeadersTitles() self._extender.savedHeadersTitlesCombo = JComboBox(savedHeadersTitles) self._extender.savedHeadersTitlesCombo.addActionListener(SavedHeaderChange(self._extender)) self._extender.savedHeadersTitlesCombo.setBounds(10, 115, 300, 30) self._extender.replaceString = JTextArea("Cookie: Insert=injected; cookie=or;\nHeader: here", 5, 30) self._extender.replaceString.setWrapStyleWord(True) self._extender.replaceString.setLineWrap(True) scrollReplaceString = JScrollPane(self._extender.replaceString) scrollReplaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollReplaceString.setBounds(10, 150, 470, 150) self._extender.fetchButton = JButton("Fetch cookies from last request", actionPerformed=self.fetchCookies) self._extender.fetchButton.setEnabled(False) self._extender.fetchButton.setBounds(10, 305, 250, 30) self._extender.filtersTabs = JTabbedPane() self._extender.filtersTabs = self._extender.filtersTabs self._extender.filtersTabs.addTab("Enforcement Detector", self._extender.EDPnl) self._extender.filtersTabs.addTab("Detector Unauthenticated", self._extender.EDPnlUnauth) self._extender.filtersTabs.addTab("Interception Filters", self._extender.filtersPnl) self._extender.filtersTabs.addTab("Match/Replace", self._extender.MRPnl) self._extender.filtersTabs.addTab("Table Filter", self._extender.filterPnl) self._extender.filtersTabs.addTab("Save/Restore", self._extender.exportPnl) self._extender.filtersTabs.setSelectedIndex(2) self._extender.filtersTabs.setBounds(0, 350, 2000, 700) self._extender.pnl = JPanel() self.pnl = self._extender.pnl self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self._extender.startButton) self.pnl.add(self._extender.clearButton) self.pnl.add(scrollReplaceString) self.pnl.add(self._extender.saveHeadersButton) self.pnl.add(self._extender.savedHeadersTitlesCombo) self.pnl.add(self._extender.fetchButton) self.pnl.add(self._extender.autoScroll) self.pnl.add(self._extender.interceptRequestsfromRepeater) self.pnl.add(self._extender.ignore304) self.pnl.add(self._extender.prevent304) self.pnl.add(self._extender.doUnauthorizedRequest) self.pnl.add(self._extender.filtersTabs)
def registerExtenderCallbacks(self, callbacks): # smart xss feature (print conclusion and observation) # mark resulsts # add automatic check pages in the same domain self.tagPayloads = [ "<b>test", "<b onmouseover=test()>test", "<img src=err onerror=test()>", "<script>test</script>" "", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>", "<scri<script>pt>test;</scr</script>ipt>", "<SCRI<script>PT>test;</SCR</script>IPT>", "<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>", "<IMG \"\"\"><SCRIPT>test</SCRIPT>\">", "<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>", "<IFRAME SRC='f' onerror=\"test\"></IFRAME>", "<IFRAME SRC='f' onerror='test'></IFRAME>", "<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">", "<img src='1' onerror='test'", "<STYLE TYPE=\"text/javascript\">test;</STYLE>", "<<SCRIPT>test//<</SCRIPT>" ] self.attributePayloads = [ "\"\"\"><SCRIPT>test", "'''><SCRIPT>test'", "\"><script>test</script>", "\"><script>test</script><\"", "'><script>test</script>", "'><script>test</script><'", "\";test;\"", "';test;'", ";test;", "\";test;//", "\"onmouseover=test ", "onerror=\"test\"", "onerror='test'", "onload=\"test\"", "onload='test'" ] self.xssKey = 'xssme' # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("XSSor") self.affectedResponses = ArrayList() self._log = ArrayList() self._lock = Lock() # main split pane self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) # table of log entries logTable = Table(self) scrollPane = JScrollPane(logTable) self._splitpane.setLeftComponent(scrollPane) # tabs with request/response viewers tabs = JTabbedPane() self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) tabs.addTab("Request", self._requestViewer.getComponent()) tabs.addTab("Response", self._responseViewer.getComponent()) clearAPListBtn = JButton("Clear List", actionPerformed=self.clearAPList) clearAPListBtn.setBounds(10, 85, 120, 30) apListLabel = JLabel('Affected Pages List:') apListLabel.setBounds(10, 10, 140, 30) self.affectedModel = DefaultListModel() self.affectedList = JList(self.affectedModel) self.affectedList.addListSelectionListener(listSelectedChange(self)) scrollAList = JScrollPane(self.affectedList) scrollAList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollAList.setBounds(150, 10, 550, 200) scrollAList.setBorder(LineBorder(Color.BLACK)) APtabs = JTabbedPane() self._requestAPViewer = callbacks.createMessageEditor(self, False) self._responseAPViewer = callbacks.createMessageEditor(self, False) APtabs.addTab("Request", self._requestAPViewer.getComponent()) APtabs.addTab("Affeced Page Response", self._responseAPViewer.getComponent()) APtabs.setBounds(0, 250, 700, 350) APtabs.setSelectedIndex(1) self.APpnl = JPanel() self.APpnl.setBounds(0, 0, 1000, 1000) self.APpnl.setLayout(None) self.APpnl.add(scrollAList) self.APpnl.add(clearAPListBtn) self.APpnl.add(APtabs) self.APpnl.add(apListLabel) tabs.addTab("Affected Pages", self.APpnl) self.intercept = 0 ## init conf panel startLabel = JLabel("Plugin status:") startLabel.setBounds(10, 10, 140, 30) payloadLabel = JLabel("Basic Payload:") payloadLabel.setBounds(10, 50, 140, 30) self.basicPayload = "<script>alert(1)</script>" self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30) self.basicPayloadTxt.setBounds(120, 50, 305, 30) self.bruteForceMode = JCheckBox("Brute Force Mode") self.bruteForceMode.setBounds(120, 80, 300, 30) self.bruteForceMode.addItemListener(handleBFModeChange(self)) self.tagPayloadsCheck = JCheckBox("Tag paylods") self.tagPayloadsCheck.setBounds(120, 100, 300, 30) self.tagPayloadsCheck.setSelected(True) self.tagPayloadsCheck.setEnabled(False) self.tagPayloadsCheck.addItemListener(handleBFModeList(self)) self.attributePayloadsCheck = JCheckBox("Attribute payloads") self.attributePayloadsCheck.setBounds(260, 100, 300, 30) self.attributePayloadsCheck.setSelected(True) self.attributePayloadsCheck.setEnabled(False) self.attributePayloadsCheck.addItemListener(handleBFModeList(self)) payloadListLabel = JLabel("Payloads list (for BF mode):") payloadListLabel.setBounds(10, 130, 140, 30) self.payloadsModel = DefaultListModel() self.payloadsList = JList(self.payloadsModel) scrollPayloadsList = JScrollPane(self.payloadsList) scrollPayloadsList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollPayloadsList.setBounds(120, 170, 300, 200) scrollPayloadsList.setBorder(LineBorder( Color.BLACK)) # add buttons to remove payloads and add for payload in self.tagPayloads: self.payloadsModel.addElement(payload) for payload in self.attributePayloads: self.payloadsModel.addElement(payload) self.startButton = JButton("XSSor is off", actionPerformed=self.startOrStop) self.startButton.setBounds(120, 10, 120, 30) self.startButton.setBackground(Color(255, 100, 91, 255)) consoleTab = JTabbedPane() self.consoleLog = JTextArea("", 5, 30) scrollLog = JScrollPane(self.consoleLog) scrollLog.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollLog.setBounds(120, 170, 550, 200) scrollLog.setBorder(LineBorder(Color.BLACK)) scrollLog.getVerticalScrollBar().addAdjustmentListener( autoScrollListener(self)) consoleTab.addTab("Console", scrollLog) consoleTab.setBounds(0, 400, 500, 200) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self.startButton) self.pnl.add(startLabel) self.pnl.add(payloadLabel) self.pnl.add(self.basicPayloadTxt) self.pnl.add(self.bruteForceMode) self.pnl.add(payloadListLabel) self.pnl.add(scrollPayloadsList) self.pnl.add(self.attributePayloadsCheck) self.pnl.add(self.tagPayloadsCheck) self.pnl.add(consoleTab) tabs.addTab("Configuration", self.pnl) tabs.setSelectedIndex(3) self._splitpane.setRightComponent(tabs) # customize our UI components callbacks.customizeUiComponent(self._splitpane) callbacks.customizeUiComponent(logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(tabs) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as an HTTP listener callbacks.registerHttpListener(self) self._callbacks.registerContextMenuFactory(self) print "Thank you for installing XSSor v0.1 extension" print "Created by Barak Tawily" print "\nGithub:\nhttps://github.com/Quitten/XSSor" return
def draw_unauthenticated(self): """ init enforcement detector tab """ EDLType = JLabel("Type:") EDLType.setBounds(10, 10, 140, 30) EDLContent = JLabel("Content:") EDLContent.setBounds(10, 50, 140, 30) EDLabelList = JLabel("Filter List:") EDLabelList.setBounds(10, 165, 140, 30) EDStrings = [ "Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced message headers contains)", "Body (simple string): (enforced message body contains)", "Body (regex): (enforced message body contains)", "Full response (simple string): (enforced message contains)", "Full response (regex): (enforced message contains)", "Full response length: (of enforced response)", "Status code equals: (numbers only)" ] self._extender.EDTypeUnauth = JComboBox(EDStrings) self._extender.EDTypeUnauth.setBounds(80, 10, 430, 30) self._extender.EDTextUnauth = JTextArea("", 5, 30) scrollEDTextUnauth = JScrollPane(self._extender.EDTextUnauth) scrollEDTextUnauth.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollEDTextUnauth.setBounds(80, 50, 300, 110) self._extender.EDModelUnauth = DefaultListModel() self._extender.EDListUnauth = JList(self._extender.EDModelUnauth) scrollEDListUnauth = JScrollPane(self._extender.EDListUnauth) scrollEDListUnauth.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollEDListUnauth.setBounds(80, 175, 300, 110) scrollEDListUnauth.setBorder(LineBorder(Color.BLACK)) self._extender.EDAddUnauth = JButton( "Add filter", actionPerformed=self.addEDFilterUnauth) self._extender.EDAddUnauth.setBounds(390, 85, 120, 30) self._extender.EDDelUnauth = JButton( "Remove filter", actionPerformed=self.delEDFilterUnauth) self._extender.EDDelUnauth.setBounds(390, 210, 120, 30) self._extender.EDModUnauth = JButton( "Modify filter", actionPerformed=self.modEDFilterUnauth) self._extender.EDModUnauth.setBounds(390, 250, 120, 30) AndOrStrings = ["And", "Or"] self._extender.AndOrTypeUnauth = JComboBox(AndOrStrings) self._extender.AndOrTypeUnauth.setBounds(390, 170, 120, 30) self._extender.EDPnlUnauth = JPanel() self._extender.EDPnlUnauth.setLayout(None) self._extender.EDPnlUnauth.setBounds(0, 0, 1000, 1000) self._extender.EDPnlUnauth.add(EDLType) self._extender.EDPnlUnauth.add(self._extender.EDTypeUnauth) self._extender.EDPnlUnauth.add(EDLContent) self._extender.EDPnlUnauth.add(scrollEDTextUnauth) self._extender.EDPnlUnauth.add(self._extender.EDAddUnauth) self._extender.EDPnlUnauth.add(self._extender.AndOrTypeUnauth) self._extender.EDPnlUnauth.add(self._extender.EDDelUnauth) self._extender.EDPnlUnauth.add(self._extender.EDModUnauth) self._extender.EDPnlUnauth.add(EDLabelList) self._extender.EDPnlUnauth.add(scrollEDListUnauth)