def run(self): frame = JFrame('HTMLtext_03', size=(100, 100), locationRelativeTo=None, defaultCloseOperation=JFrame.EXIT_ON_CLOSE) text = '<html><font color="red">Off</font>' label = frame.add(JToggleButton(text, itemStateChanged=self.toggle)) frame.setVisible(1)
def configTab(self): Config = JLabel("Config") self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop) self.startButton.setBounds(40, 30, 200, 30) self.autoScroll = JCheckBox("Auto Scroll") self.autoScroll.setBounds(40, 80, 200, 30) self.xsscheck = JCheckBox("Detect XSS") self.xsscheck.setSelected(True) self.xsscheck.setBounds(40, 110, 200, 30) self.sqlicheck = JCheckBox("Detect SQLi") self.sqlicheck.setSelected(True) self.sqlicheck.setBounds(40, 140, 200, 30) self.ssticheck = JCheckBox("Detect SSTI") self.ssticheck.setSelected(True) self.ssticheck.setBounds(40, 170, 200, 30) self.blindxss = JCheckBox("Blind XSS") self.blindxss.setBounds(40, 200, 200, 30) self.BlindXSSText = JTextArea("", 5, 30) scrollbxssText = JScrollPane(self.BlindXSSText) scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollbxssText.setBounds(40, 250, 400, 110) self.configtab = JPanel() self.configtab.setLayout(None) self.configtab.setBounds(0, 0, 300, 300) self.configtab.add(Config) self.configtab.add(self.startButton) self.configtab.add(self.autoScroll) self.configtab.add(self.xsscheck) self.configtab.add(self.sqlicheck) self.configtab.add(self.ssticheck) self.configtab.add(self.blindxss) self.configtab.add(scrollbxssText)
def run( self ) : frame = JFrame( 'Toggle Button', layout = FlowLayout(), size = ( 275, 85 ), defaultCloseOperation = JFrame.EXIT_ON_CLOSE ) button = JToggleButton( # Make a toggle button 'Off' , # Initial button text itemStateChanged = self.toggle # Event handler ) frame.add( button ) frame.setVisible( 1 )
def startGui(self): frame = JFrame("Life", defaultCloseOperation=JFrame.EXIT_ON_CLOSE) self.gridPanel = JPanel(GridLayout(self.numRows, self.numCols)) self.cellButtons = self._doForAllCells(self._createCellButton) self.grid = self._doForAllCells(lambda r, c: False) frame.add(self.gridPanel) buttonPanel = JPanel(FlowLayout()) stepButton = JButton("Step", actionPerformed=self._step) runButton = JToggleButton("Run", actionPerformed=self._run) buttonPanel.add(stepButton) buttonPanel.add(runButton) frame.add(buttonPanel, SOUTH) frame.pack() frame.locationRelativeTo = None frame.visible = True
def startGui(self): frame = JFrame("Life", defaultCloseOperation=JFrame.EXIT_ON_CLOSE) (R, C) = (self.numRows, self.numCols) gridPanel = JPanel(GridLayout(R, C)) self.checkBoxes = [[JCheckBox() for c in range(C)] for r in range(R)] self.grid = [[False for c in range(C)] for r in range(R)] for r in range(R): for c in range(C): gridPanel.add(self.checkBoxes[r][c]) frame.add(gridPanel) buttonPanel = JPanel(FlowLayout()) stepButton = JButton("Step", actionPerformed=self._step) runButton = JToggleButton("Run", actionPerformed=self._run) buttonPanel.add(stepButton) buttonPanel.add(runButton) frame.add(buttonPanel, SOUTH) frame.pack() frame.locationRelativeTo = None frame.visible = True
def _createCellButton(self, r, c): button = JToggleButton() s = button.preferredSize button.preferredSize = (s.height, s.height) # Make square self.gridPanel.add(button) return button
def registerExtenderCallbacks(self, callbacks): print "PhantomJS RIA Crawler extension" print "Nikolay Matyunin @autorak <*****@*****.**>" # keep a reference to our callbacks object and helpers object self._callbacks = callbacks self._helpers = callbacks.getHelpers() # extension name callbacks.setExtensionName("Phantom RIA Crawler") # Create Tab UI components self._jPanel = JPanel() self._jPanel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5)); _titleLabel = JLabel("Phantom RIA Crawler", SwingConstants.LEFT) _titleLabelFont = _titleLabel.font _titleLabelFont = _titleLabelFont.deriveFont(Font.BOLD, 12); _titleLabel.setFont(_titleLabelFont); _titleLabel.setForeground(Color(230, 142, 11)) self._addressTextField = JTextField('') self._addressTextField.setColumns(50) _addressTextLabel = JLabel("Target URL:", SwingConstants.RIGHT) self._addressTextField.getDocument().addDocumentListener(self) self._phantomJsPathField = JTextField('phantomjs') # TODO: set permanent config value self._phantomJsPathField.setColumns(50) _phantomJsPathLabel = JLabel("PhantomJS path:", SwingConstants.RIGHT) self._startButton = JToggleButton('Start', actionPerformed=self.startToggled) self._startButton.setEnabled(False) _requestsMadeLabel = JLabel("DEPs found:", SwingConstants.RIGHT) self._requestsMadeInfo = JLabel("", SwingConstants.LEFT) _statesFoundLabel = JLabel("States found:", SwingConstants.RIGHT) self._statesFoundInfo = JLabel("", SwingConstants.LEFT) _separator = JSeparator(SwingConstants.HORIZONTAL) _configLabel = JLabel("Crawling configuration:") self._configButton = JButton("Load config", actionPerformed=self.loadConfigClicked) self._configFile = "" _listenersLabel= JLabel("Burp proxy listener:", SwingConstants.RIGHT) self._listenersCombo = JComboBox() self._configTimer = Timer(5000, None) self._configTimer.actionPerformed = self._configUpdated self._configTimer.stop() self._configUpdated(None) self._commandClient = CommandClient(self) # Layout management self._groupLayout = GroupLayout(self._jPanel) self._jPanel.setLayout(self._groupLayout) self._groupLayout.setAutoCreateGaps(True) self._groupLayout.setAutoCreateContainerGaps(True) self._groupLayout.setHorizontalGroup(self._groupLayout.createParallelGroup() .addComponent(_titleLabel) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_addressTextLabel) .addGroup(self._groupLayout.createParallelGroup() .addComponent(self._addressTextField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_requestsMadeLabel) .addComponent(self._requestsMadeInfo)) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_statesFoundLabel) .addComponent(self._statesFoundInfo))) .addComponent(self._startButton)) .addComponent(_separator) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_configLabel) .addComponent(self._configButton)) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_phantomJsPathLabel) .addComponent(self._phantomJsPathField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_listenersLabel) .addComponent(self._listenersCombo, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)) ) self._groupLayout.setVerticalGroup(self._groupLayout.createSequentialGroup() .addComponent(_titleLabel) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_addressTextLabel) .addComponent(self._addressTextField) .addComponent(self._startButton)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_requestsMadeLabel) .addComponent(self._requestsMadeInfo)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_statesFoundLabel) .addComponent(self._statesFoundInfo)) .addComponent(_separator, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_configLabel) .addComponent(self._configButton)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_phantomJsPathLabel) .addComponent(self._phantomJsPathField)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_listenersLabel) .addComponent(self._listenersCombo)) ) self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _phantomJsPathLabel); self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _listenersLabel); self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _statesFoundLabel, _requestsMadeLabel); # context menu data self._contextMenuData = None; self._running = False; # register callbacks callbacks.customizeUiComponent(self._jPanel) callbacks.registerContextMenuFactory(self) callbacks.addSuiteTab(self) return
class BurpExtender(IBurpExtender, ITab, IContextMenuFactory, DocumentListener, ChangeListener): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): print "PhantomJS RIA Crawler extension" print "Nikolay Matyunin @autorak <*****@*****.**>" # keep a reference to our callbacks object and helpers object self._callbacks = callbacks self._helpers = callbacks.getHelpers() # extension name callbacks.setExtensionName("Phantom RIA Crawler") # Create Tab UI components self._jPanel = JPanel() self._jPanel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5)); _titleLabel = JLabel("Phantom RIA Crawler", SwingConstants.LEFT) _titleLabelFont = _titleLabel.font _titleLabelFont = _titleLabelFont.deriveFont(Font.BOLD, 12); _titleLabel.setFont(_titleLabelFont); _titleLabel.setForeground(Color(230, 142, 11)) self._addressTextField = JTextField('') self._addressTextField.setColumns(50) _addressTextLabel = JLabel("Target URL:", SwingConstants.RIGHT) self._addressTextField.getDocument().addDocumentListener(self) self._phantomJsPathField = JTextField('phantomjs') # TODO: set permanent config value self._phantomJsPathField.setColumns(50) _phantomJsPathLabel = JLabel("PhantomJS path:", SwingConstants.RIGHT) self._startButton = JToggleButton('Start', actionPerformed=self.startToggled) self._startButton.setEnabled(False) _requestsMadeLabel = JLabel("DEPs found:", SwingConstants.RIGHT) self._requestsMadeInfo = JLabel("", SwingConstants.LEFT) _statesFoundLabel = JLabel("States found:", SwingConstants.RIGHT) self._statesFoundInfo = JLabel("", SwingConstants.LEFT) _separator = JSeparator(SwingConstants.HORIZONTAL) _configLabel = JLabel("Crawling configuration:") self._configButton = JButton("Load config", actionPerformed=self.loadConfigClicked) self._configFile = "" _listenersLabel= JLabel("Burp proxy listener:", SwingConstants.RIGHT) self._listenersCombo = JComboBox() self._configTimer = Timer(5000, None) self._configTimer.actionPerformed = self._configUpdated self._configTimer.stop() self._configUpdated(None) self._commandClient = CommandClient(self) # Layout management self._groupLayout = GroupLayout(self._jPanel) self._jPanel.setLayout(self._groupLayout) self._groupLayout.setAutoCreateGaps(True) self._groupLayout.setAutoCreateContainerGaps(True) self._groupLayout.setHorizontalGroup(self._groupLayout.createParallelGroup() .addComponent(_titleLabel) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_addressTextLabel) .addGroup(self._groupLayout.createParallelGroup() .addComponent(self._addressTextField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_requestsMadeLabel) .addComponent(self._requestsMadeInfo)) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_statesFoundLabel) .addComponent(self._statesFoundInfo))) .addComponent(self._startButton)) .addComponent(_separator) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_configLabel) .addComponent(self._configButton)) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_phantomJsPathLabel) .addComponent(self._phantomJsPathField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)) .addGroup(self._groupLayout.createSequentialGroup() .addComponent(_listenersLabel) .addComponent(self._listenersCombo, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)) ) self._groupLayout.setVerticalGroup(self._groupLayout.createSequentialGroup() .addComponent(_titleLabel) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_addressTextLabel) .addComponent(self._addressTextField) .addComponent(self._startButton)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_requestsMadeLabel) .addComponent(self._requestsMadeInfo)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_statesFoundLabel) .addComponent(self._statesFoundInfo)) .addComponent(_separator, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_configLabel) .addComponent(self._configButton)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_phantomJsPathLabel) .addComponent(self._phantomJsPathField)) .addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(_listenersLabel) .addComponent(self._listenersCombo)) ) self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _phantomJsPathLabel); self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _listenersLabel); self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _statesFoundLabel, _requestsMadeLabel); # context menu data self._contextMenuData = None; self._running = False; # register callbacks callbacks.customizeUiComponent(self._jPanel) callbacks.registerContextMenuFactory(self) callbacks.addSuiteTab(self) return # # implement ITab and Tab ChangeListener # def getTabCaption(self): return "Phantom RIA Crawler" def getUiComponent(self): return self._jPanel def stateChanged(self, ev): self._configUpdated() def _configUpdated(self, ev): config = self._callbacks.saveConfig() # update proxy listeners index = 0 listeners = DefaultComboBoxModel() while (("proxy.listener" + str(index)) in config): listenerItem = config["proxy.listener" + str(index)] listenerItems = listenerItem.split(".") if (listenerItems[0] == "1"): address = ".".join(listenerItems[2][1:].split("|")) if (len(address) == 0): address = "127.0.0.1" listeners.addElement(address + " : " + listenerItems[1]) index = index + 1 self._listenersCombo.setModel(listeners) return; # # implement button actions # def startToggled(self, ev): if (self._startButton.getModel().isSelected()): try: os.chdir(sys.path[0] + os.sep + "riacrawler" + os.sep + "scripts") except Exception as e: print >> sys.stderr, "RIA crawler scripts loading error", "I/O error({0}): {1}".format(e.errno, e.strerror) self._startButton.setSelected(False) return phantomJsPath = self._phantomJsPathField.text target = self._addressTextField.text config = "crawler.config" if (self._configFile): config = self._configFile listenerAddress = self._listenersCombo.getSelectedItem().replace(" ", "") p = Popen("{0} --proxy={3} main.js --target={1} --config={2}".format(phantomJsPath, target, config, listenerAddress), shell=True) self._running = True self._requestsMadeInfo.setText("") self._statesFoundInfo.setText("") self._commandClient.startCrawling() else: if (self._running): self._commandClient.stopCrawling() self._running = False def syncCrawlingState(self, result): print "RIA crawling state: ", result self._requestsMadeInfo.setText(str(result["requests_made"])) self._statesFoundInfo.setText(str(result["states_detected"])) if (result["running"] == False): self._commandClient.stopCrawling() self._running = False self._startButton.setSelected(False) def loadConfigClicked(self, ev): openFile = JFileChooser(); openFile.showOpenDialog(None); self._configFile = openFile.getSelectedFile() # # implement DocumentListener for _addressTextField # def removeUpdate(self, ev): self.updateStartButton() def insertUpdate(self, ev): self.updateStartButton() def updateStartButton(self): self._startButton.setEnabled(len(self._addressTextField.text) > 0) # # implement IContextMenuFactory # def createMenuItems(self, contextMenuInvocation): menuItemList = ArrayList() context = contextMenuInvocation.getInvocationContext() if (context == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST or context == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST or context == IContextMenuInvocation.CONTEXT_PROXY_HISTORY or context == IContextMenuInvocation.CONTEXT_TARGET_SITE_MAP_TABLE): self._contextMenuData = contextMenuInvocation.getSelectedMessages() menuItemList.add(JMenuItem("Send to Phantom RIA Crawler", actionPerformed = self.menuItemClicked)) return menuItemList def menuItemClicked(self, event): if (self._running == True): self._callbacks.issueAlert("Can't set data to Phantom RIA Crawler: crawling is running already.") return; dataIsSet = False; for message in self._contextMenuData: request = self._helpers.analyzeRequest(message) url = request.getUrl().toString() print url if (url): dataisSet = True; self._addressTextField.setText(url)
def draw(self): """ init configuration tab """ self._extender.startButton = JToggleButton("Autorize is off", actionPerformed=self.startOrStop) self._extender.startButton.setBounds(10, 20, 230, 30) self._extender.clearButton = JButton("Clear List", actionPerformed=self.clearList) self._extender.clearButton.setBounds(10, 80, 100, 30) self._extender.autoScroll = JCheckBox("Auto Scroll") self._extender.autoScroll.setBounds(145, 80, 130, 30) self._extender.ignore304 = JCheckBox("Ignore 304/204 status code responses") self._extender.ignore304.setBounds(280, 5, 300, 30) self._extender.ignore304.setSelected(True) self._extender.prevent304 = JCheckBox("Prevent 304 Not Modified status code") self._extender.prevent304.setBounds(280, 25, 300, 30) self._extender.interceptRequestsfromRepeater = JCheckBox("Intercept requests from Repeater") self._extender.interceptRequestsfromRepeater.setBounds(280, 45, 300, 30) self._extender.doUnauthorizedRequest = JCheckBox("Check unauthenticated") self._extender.doUnauthorizedRequest.setBounds(280, 65, 300, 30) self._extender.doUnauthorizedRequest.setSelected(True) self._extender.saveHeadersButton = JButton("Save headers", actionPerformed=self.saveHeaders) self._extender.saveHeadersButton.setBounds(360, 115, 120, 30) savedHeadersTitles = self.getSavedHeadersTitles() self._extender.savedHeadersTitlesCombo = JComboBox(savedHeadersTitles) self._extender.savedHeadersTitlesCombo.addActionListener(SavedHeaderChange(self._extender)) self._extender.savedHeadersTitlesCombo.setBounds(10, 115, 300, 30) self._extender.replaceString = JTextArea("Cookie: Insert=injected; cookie=or;\nHeader: here", 5, 30) self._extender.replaceString.setWrapStyleWord(True) self._extender.replaceString.setLineWrap(True) scrollReplaceString = JScrollPane(self._extender.replaceString) scrollReplaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollReplaceString.setBounds(10, 150, 470, 150) self._extender.fetchButton = JButton("Fetch cookies from last request", actionPerformed=self.fetchCookies) self._extender.fetchButton.setEnabled(False) self._extender.fetchButton.setBounds(10, 305, 250, 30) self._extender.filtersTabs = JTabbedPane() self._extender.filtersTabs = self._extender.filtersTabs self._extender.filtersTabs.addTab("Enforcement Detector", self._extender.EDPnl) self._extender.filtersTabs.addTab("Detector Unauthenticated", self._extender.EDPnlUnauth) self._extender.filtersTabs.addTab("Interception Filters", self._extender.filtersPnl) self._extender.filtersTabs.addTab("Match/Replace", self._extender.MRPnl) self._extender.filtersTabs.addTab("Table Filter", self._extender.filterPnl) self._extender.filtersTabs.addTab("Save/Restore", self._extender.exportPnl) self._extender.filtersTabs.setSelectedIndex(2) self._extender.filtersTabs.setBounds(0, 350, 2000, 700) self._extender.pnl = JPanel() self.pnl = self._extender.pnl self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self._extender.startButton) self.pnl.add(self._extender.clearButton) self.pnl.add(scrollReplaceString) self.pnl.add(self._extender.saveHeadersButton) self.pnl.add(self._extender.savedHeadersTitlesCombo) self.pnl.add(self._extender.fetchButton) self.pnl.add(self._extender.autoScroll) self.pnl.add(self._extender.interceptRequestsfromRepeater) self.pnl.add(self._extender.ignore304) self.pnl.add(self._extender.prevent304) self.pnl.add(self._extender.doUnauthorizedRequest) self.pnl.add(self._extender.filtersTabs)
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IHttpRequestResponseWithMarkers, ITextEditor): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks #Initialize callbacks to be used later self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Trishul") self._log = ArrayList() #_log used to store our outputs for a URL, which is retrieved later by the tool self._lock = Lock() #Lock is used for locking threads while updating logs in order such that no multiple updates happen at once self.intercept = 0 self.FOUND = "Found" self.CHECK = "Possible! Check Manually" self.NOT_FOUND = "Not Found" #Static Values for output #Initialize GUI self.issuesTab() self.advisoryReqResp() self.configTab() self.tabsInit() self.definecallbacks() print("Thank You for Installing Trishul") return # #Initialize Issues Tab displaying the JTree # def issuesTab(self): self.root = DefaultMutableTreeNode('Issues') frame = JFrame("Issues Tree") self.tree = JTree(self.root) self.rowSelected = '' self.tree.addMouseListener(mouseclick(self)) self.issuepanel = JScrollPane() self.issuepanel.setPreferredSize(Dimension(300,450)) self.issuepanel.getViewport().setView((self.tree)) frame.add(self.issuepanel,BorderLayout.CENTER) # #Adding Issues to Issues TreePath # def addIssues(self, branch, branchData=None): if branchData == None: branch.add(DefaultMutableTreeNode('No valid data')) else: for item in branchData: branch.add(DefaultMutableTreeNode(item)) # #Initialize the Config Tab to modify tool settings # def configTab(self): Config = JLabel("Config") self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop) self.startButton.setBounds(40, 30, 200, 30) self.autoScroll = JCheckBox("Auto Scroll") self.autoScroll.setBounds(40, 80, 200, 30) self.xsscheck = JCheckBox("Detect XSS") self.xsscheck.setSelected(True) self.xsscheck.setBounds(40, 110, 200, 30) self.sqlicheck = JCheckBox("Detect SQLi") self.sqlicheck.setSelected(True) self.sqlicheck.setBounds(40, 140, 200, 30) self.ssticheck = JCheckBox("Detect SSTI") self.ssticheck.setSelected(True) self.ssticheck.setBounds(40, 170, 200, 30) self.blindxss = JCheckBox("Blind XSS") self.blindxss.setBounds(40, 200, 200, 30) self.BlindXSSText = JTextArea("", 5, 30) scrollbxssText = JScrollPane(self.BlindXSSText) scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollbxssText.setBounds(40, 250, 400, 110) self.configtab = JPanel() self.configtab.setLayout(None) self.configtab.setBounds(0, 0, 300, 300) self.configtab.add(Config) self.configtab.add(self.startButton) self.configtab.add(self.autoScroll) self.configtab.add(self.xsscheck) self.configtab.add(self.sqlicheck) self.configtab.add(self.ssticheck) self.configtab.add(self.blindxss) self.configtab.add(scrollbxssText) # #Turn Intercept from Proxy on or off # def startOrStop(self, event): if self.startButton.getText() == "Intercept Off": self.startButton.setText("Intercept On") self.startButton.setSelected(True) self.intercept = 1 else: self.startButton.setText("Intercept Off") self.startButton.setSelected(False) self.intercept = 0 # #Intialize the Advisory, Request and Response Tabs # def advisoryReqResp(self): self.textfield = JEditorPane("text/html", "") self.kit = HTMLEditorKit() self.textfield.setEditorKit(self.kit) self.doc = self.textfield.getDocument() self.textfield.setEditable(0) self.advisorypanel = JScrollPane() self.advisorypanel.getVerticalScrollBar() self.advisorypanel.setPreferredSize(Dimension(300,450)) self.advisorypanel.getViewport().setView((self.textfield)) self.selectedreq = [] self._requestViewer = self._callbacks.createMessageEditor(self, False) self._responseViewer = self._callbacks.createMessageEditor(self, False) self._texteditor = self._callbacks.createTextEditor() self._texteditor.setEditable(False) # #Initialize Trishul Tabs # def tabsInit(self): self.logTable = Table(self) tableWidth = self.logTable.getPreferredSize().width self.logTable.getColumn("#").setPreferredWidth(Math.round(tableWidth / 50 * 0.1)) self.logTable.getColumn("Method").setPreferredWidth(Math.round(tableWidth / 50 * 3)) self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 40)) self.logTable.getColumn("Parameters").setPreferredWidth(Math.round(tableWidth / 50 * 1)) self.logTable.getColumn("XSS").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("SQLi").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("SSTI").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("Request Time").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.tableSorter = TableRowSorter(self) self.logTable.setRowSorter(self.tableSorter) self._bottomsplit = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self._bottomsplit.setDividerLocation(500) self.issuetab = JTabbedPane() self.issuetab.addTab("Config",self.configtab) self.issuetab.addTab("Issues",self.issuepanel) self._bottomsplit.setLeftComponent(self.issuetab) self.tabs = JTabbedPane() self.tabs.addTab("Advisory",self.advisorypanel) self.tabs.addTab("Request", self._requestViewer.getComponent()) self.tabs.addTab("Response", self._responseViewer.getComponent()) self.tabs.addTab("Highlighted Response", self._texteditor.getComponent()) self._bottomsplit.setRightComponent(self.tabs) self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) self._splitpane.setDividerLocation(450) self._splitpane.setResizeWeight(1) self.scrollPane = JScrollPane(self.logTable) self._splitpane.setLeftComponent(self.scrollPane) self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self)) self._splitpane.setRightComponent(self._bottomsplit) # #Initialize burp callbacks # def definecallbacks(self): self._callbacks.registerHttpListener(self) self._callbacks.customizeUiComponent(self._splitpane) self._callbacks.customizeUiComponent(self.logTable) self._callbacks.customizeUiComponent(self.scrollPane) self._callbacks.customizeUiComponent(self._bottomsplit) self._callbacks.registerContextMenuFactory(self) self._callbacks.addSuiteTab(self) # #Menu Item to send Request to Trishul # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages() if responses > 0: ret = LinkedList() requestMenuItem = JMenuItem("Send request to Trishul") for response in responses: requestMenuItem.addActionListener(handleMenuItems(self,response, "request")) ret.add(requestMenuItem) return ret return None # #Highlighting Response # def markHttpMessage( self, requestResponse, responseMarkString ): responseMarkers = None if responseMarkString: response = requestResponse.getResponse() responseMarkBytes = self._helpers.stringToBytes( responseMarkString ) start = self._helpers.indexOf( response, responseMarkBytes, False, 0, len( response ) ) if -1 < start: responseMarkers = [ array( 'i',[ start, start + len( responseMarkBytes ) ] ) ] requestHighlights = [array( 'i',[ 0, 5 ] )] return self._callbacks.applyMarkers( requestResponse, requestHighlights, responseMarkers ) def getTabCaption(self): return "Trishul" def getUiComponent(self): return self._splitpane # #Table Model to display URL's and results based on the log size # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 8 def getColumnName(self, columnIndex): data = ['#','Method', 'URL', 'Parameters', 'XSS', 'SQLi', "SSTI", "Request Time"] try: return data[columnIndex] except IndexError: return "" def getColumnClass(self, columnIndex): data = [Integer, String, String, Integer, String, String, String, String] try: return data[columnIndex] except IndexError: return "" #Get Data stored in log and display in the respective columns def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) if columnIndex == 0: return rowIndex+1 if columnIndex == 1: return logEntry._method if columnIndex == 2: return logEntry._url.toString() if columnIndex == 3: return len(logEntry._parameter) if columnIndex == 4: return logEntry._XSSStatus if columnIndex == 5: return logEntry._SQLiStatus if columnIndex == 6: return logEntry._SSTIStatus if columnIndex == 7: return logEntry._req_time return "" def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): return self._currentlyDisplayedItem.getRequest() def getResponse(self): return self._currentlyDisplayedItem.getResponse() #For Intercepted requests perform tests in scope def processHttpMessage(self, toolFlag, messageIsRequest, messageInf): if self.intercept == 1: if toolFlag == self._callbacks.TOOL_PROXY: if not messageIsRequest: requestInfo = self._helpers.analyzeRequest(messageInf) requeststr = requestInfo.getUrl() parameters = requestInfo.getParameters() param_new = [p for p in parameters if p.getType() != 2] if len(param_new) != 0: if self._callbacks.isInScope(URL(str(requeststr))): start_new_thread(self.sendRequestToTrishul,(messageInf,)) return # #Main processing of Trishul # def sendRequestToTrishul(self,messageInfo): request = messageInfo.getRequest() req_time = datetime.datetime.today() requestURL = self._helpers.analyzeRequest(messageInfo).getUrl() messageInfo = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), request) resp_time = datetime.datetime.today() time_taken = (resp_time - req_time).total_seconds() response = messageInfo.getResponse() #initialozations of default value SQLiimp = self.NOT_FOUND SSTIimp = self.NOT_FOUND XSSimp = self.NOT_FOUND Comp_req = messageInfo requestInfo = self._helpers.analyzeRequest(messageInfo) self.content_resp = self._helpers.analyzeResponse(response) requestURL = requestInfo.getUrl() parameters = requestInfo.getParameters() requeststring = self._helpers.bytesToString(request) headers = requestInfo.getHeaders() #Used to obtain GET, POST and JSON parameters from burp api param_new = [p for p in parameters if p.getType() == 0 or p.getType() == 1 or p.getType() == 6] i = 0 xssflag=0 sqliflag=0 sstiflag=0 resultxss = [] resultsqli = [] resultssti = [] xssreqresp = [] sqlireqresp = [] sstireqresp = [] ssti_description = [] sqli_description = [] xss_description = [] for i in range(len(param_new)): name = param_new[i].getName() ptype = param_new[i].getType() param_value = param_new[i].getValue() #check XSS if ticked if self.xsscheck.isSelected(): score = 0 flag1 = 0 XSSimp = self.NOT_FOUND payload_array = ["<", ">", "\\\\'asd", "\\\\\"asd", "\\", "'\""] json_payload_array = ["<", ">", "\\\\'asd", "\\\"asd", "\\", "\'\\\""] payload_all = "" json_payload = "" rand_str = "testtest" for payload in payload_array: payload_all = payload_all+rand_str+payload payload_all = URLEncoder.encode(payload_all, "UTF-8") for payload in json_payload_array: json_payload = json_payload+rand_str+payload json_payload = URLEncoder.encode(json_payload, "UTF-8") if ptype == 0 or ptype == 1: new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype) updated_request = self._helpers.updateParameter(request, new_paramters_value) else: jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1) new = jsonreq.split(name+"\":",1)[1] if new.startswith('\"'): newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload) else: newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"") updated_request = self._helpers.buildHttpMessage(headers, newjsonreq) attack = self.makeRequest(Comp_req, updated_request) response = attack.getResponse() response_str = self._helpers.bytesToString(response) xssreqresp.append(attack) if_found_payload = "" non_encoded_symbols = "" for check_payload in payload_array: if_found_payload = rand_str+check_payload if if_found_payload in response_str: non_encoded_symbols = non_encoded_symbols+"<br>"+check_payload.replace('<', '<') score = score+1 flag1 = 1 if score > 2: XSSimp = self.CHECK if score > 3: XSSimp = self.FOUND xssflag = self.checkBetterScore(score,xssflag) if non_encoded_symbols == " \\\\'asd": XSSimp = self.NOT_FOUND if non_encoded_symbols != '': xss_description.append("The Payload <b>" + payload_all.replace('<', '<') + "</b> was passed in the request for the paramater <b>" + self._helpers.urlDecode(name) + "</b>. Some Tags were observed in the output unfiltered. A payload can be generated with the observed tags.<br>Symbols not encoded for parameter <b>" + name + "</b>: " + non_encoded_symbols) else: xss_description.append("") else: XSSimp = "Disabled" resultxss.append(XSSimp) if self.sqlicheck.isSelected(): SQLiimp = self.NOT_FOUND score = 0 value = "%27and%28select%2afrom%28select%28sleep%285%29%29%29a%29--" orig_time = datetime.datetime.today() if ptype == 0 or ptype == 1: new_paramters_value = self._helpers.buildParameter(name, value, ptype) updated_request = self._helpers.updateParameter(request, new_paramters_value) else: jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1) new = jsonreq.split(name+"\":",1)[1] if new.startswith('\"'): newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+value) else: newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+value+"\"") updated_request = self._helpers.buildHttpMessage(headers, newjsonreq) attack1 = self.makeRequest(Comp_req, updated_request) response1 = attack1.getResponse() new_time = datetime.datetime.today() response_str1 = self._helpers.bytesToString(response1) sqlireqresp.append(attack1) diff = (new_time - orig_time).total_seconds() if (diff - time_taken) > 3: score = 4 self.error_array = ["check the manual that corresponds to your", "You have an error", "syntax error", "SQL syntax", "SQL statement", "ERROR:", "Error:", "MySQL","Warning:","mysql_fetch_array()"] found_text = "" for error in self.error_array: if error in response_str1: found_text = found_text + error score = score + 1 if score > 1: SQLiimp = self.CHECK if score > 2: SQLiimp = self.FOUND sqliflag = self.checkBetterScore(score,sqliflag) if found_text != '': sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. Some errors were generated in the response which confirms that there is an Error based SQLi. Please check the request and response for this parameter") elif (diff - time_taken) > 3: sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. The response was in a delay of <b>"+str(diff)+"</b> seconds as compared to original <b>"+str(time_taken)+"</b> seconds. This indicates that there is a time based SQLi. Please check the request and response for this parameter") else: sqli_description.append("") else: SQLiimp = "Disabled" resultsqli.append(SQLiimp) if self.ssticheck.isSelected(): score = 0 SSTIimp = self.NOT_FOUND payload_array = ["${123*456}", "<%=123*567%>", "{{123*678}}"] json_payload_array = ["$\{123*456\}", "<%=123*567%>", "\{\{123*678\}\}"] payload_all = "" rand_str = "jjjjjjj" json_payload = "" for payload in payload_array: payload_all = payload_all+rand_str+payload for payload in json_payload_array: json_payload = json_payload+rand_str+payload payload_all = URLEncoder.encode(payload_all, "UTF-8") json_payload = URLEncoder.encode(json_payload, "UTF-8") if ptype == 0 or ptype == 1: new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype) updated_request = self._helpers.updateParameter(request, new_paramters_value) else: jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1) new = jsonreq.split(name+"\":",1)[1] if new.startswith('\"'): newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload) else: newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"") updated_request = self._helpers.buildHttpMessage(headers, newjsonreq) attack = self.makeRequest(Comp_req, updated_request) response = attack.getResponse() response_str = self._helpers.bytesToString(response) self.expected_output = ["56088","69741","83394","3885","777777777777777"] for output in self.expected_output: if_found_payload = rand_str+output if if_found_payload in response_str: if output == self.expected_output[0]: sstireqresp.append(attack) ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Java</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>56088</b>") score = 2 if output == self.expected_output[1]: sstireqresp.append(attack) ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Ruby</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>69741</b>") score = 2 if output == self.expected_output[2]: payload_new = "{{5*'777'}}" json_payload_ssti = "\{\{5*'777'\}\}" payload = URLEncoder.encode("{{5*'777'}}", "UTF-8") json_ssti = URLEncoder.encode("\{\{5*'777'\}\}", "UTF-8") if ptype == 0 or ptype == 1: new_paramters = self._helpers.buildParameter(name, payload, ptype) ssti_updated_request = self._helpers.updateParameter(request, new_paramters) else: jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1) new = jsonreq.split(name+"\":",1)[1] if new.startswith('\"'): newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_ssti) else: newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_ssti+"\"") ssti_updated_request = self._helpers.buildHttpMessage(headers, newjsonreq) self.ssti_attack = self.makeRequest(Comp_req, ssti_updated_request) ssti_response = self.ssti_attack.getResponse() ssti_response_str = self._helpers.bytesToString(ssti_response) if self.expected_output[3] in ssti_response_str: sstireqresp.append(self.ssti_attack) ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Twig</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>3885</b>") score = 2 elif self.expected_output[4] in ssti_response_str: sstireqresp.append(self.ssti_attack) self.responseMarkString = "777777777777777" ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Jinja2</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>777777777777777</b>") score = 2 if score > 0: SSTIimp = self.CHECK if score > 1: SSTIimp = self.FOUND sstiflag = self.checkBetterScore(score,sstiflag) else: SSTIimp = "Disabled" resultssti.append(SSTIimp) if self.blindxss.isSelected(): blindxss_value = self.BlindXSSText.getText() if ptype == 0 or ptype == 1: new_paramters_value = self._helpers.buildParameter(name, blindxss_value, ptype) updated_request = self._helpers.updateParameter(request, new_paramters_value) else: jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1) new = jsonreq.split(name+"\":",1)[1] if new.startswith('\"'): newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+blindxss_value) else: newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+blindxss_value+"\"") updated_request = self._helpers.buildHttpMessage(headers, newjsonreq) attack = self.makeRequest(Comp_req, updated_request) if XSSimp != "Disabled": if xssflag > 3: XSSimp = self.FOUND elif xssflag > 2: XSSimp = self.CHECK else: XSSimp = self.NOT_FOUND if SSTIimp != "Disabled": if sstiflag > 1: SSTIimp = self.FOUND elif sstiflag > 0: SSTIimp = self.CHECK else: SSTIimp = self.NOT_FOUND if SQLiimp != "Disabled": if sqliflag > 3: SQLiimp = self.FOUND elif sqliflag > 2: SQLiimp = self.CHECK else: SQLiimp = self.NOT_FOUND self.addToLog(messageInfo, XSSimp, SQLiimp, SSTIimp, param_new, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp , xss_description, sqli_description, ssti_description, req_time.strftime('%H:%M:%S %m/%d/%y')) # #Function used to check if the score originally and mentioned is better # def checkBetterScore(self, score, ogscore): if score > ogscore: ogscore = score return ogscore def makeRequest(self, messageInfo, message): request = messageInfo.getRequest() requestURL = self._helpers.analyzeRequest(messageInfo).getUrl() return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message) def addToLog(self, messageInfo, XSSimp, SQLiimp, SSTIimp, parameters, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description, req_time): requestInfo = self._helpers.analyzeRequest(messageInfo) method = requestInfo.getMethod() self._lock.acquire() row = self._log.size() self._log.add(LogEntry(self._callbacks.saveBuffersToTempFiles(messageInfo), requestInfo.getUrl(),method,XSSimp,SQLiimp,SSTIimp,req_time, parameters,resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description)) # same requests not include again. SwingUtilities.invokeLater(UpdateTableEDT(self,"insert",row,row)) self._lock.release()
def registerExtenderCallbacks(self, callbacks): # set our extension name self._callbacks = callbacks self.ATTRIBUTE_QUOTES = "(\".*\")|(\'.*\')" callbacks.setExtensionName("Rexsser") # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) self._helpers = callbacks.getHelpers() # register ourselves as an HTTP listener self._log = ArrayList() self._lock = Lock() # main split pane self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) # table of log entries logTable = Table(self) scrollPane = JScrollPane(logTable) self.logTable = logTable self._splitpane.setLeftComponent(scrollPane) splane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) btn = JToggleButton("Turn on/off") self._btn = btn panel = JPanel() panel1 = JPanel() chxbox = JCheckBox("In Scope Only") self.chxbox = chxbox panel1.add(self._btn) panel1.add(chxbox) panel.add(panel1) panel2 = JPanel() panel2.setLayout(BoxLayout(panel2, BoxLayout.Y_AXIS)) textarea = JTextArea("text/html\napplication/json") textarea.setRows(5) textarea.setColumns(5) textarea.setLineWrap(1) panel2.add(JLabel("Content Types: ")) panel2.add(textarea) panel.add(panel2) self.content_types = textarea panel3 = JPanel() panel3.add(JLabel("Status Codes: ")) txtarea = JTextArea("200,500") txtarea.setRows(3) txtarea.setLineWrap(1) self.status_codes = txtarea panel3.add(txtarea) panel3.setLayout(BoxLayout(panel3, BoxLayout.Y_AXIS)) panel.add(panel3) panel.setLayout(BoxLayout(panel, BoxLayout.Y_AXIS)) tabs = JTabbedPane() splane.setLeftComponent(panel) self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) tabs.addTab("Request", self._requestViewer.getComponent()) tabs.addTab("Response", self._responseViewer.getComponent()) splane.setRightComponent(tabs) self._splitpane.setRightComponent(splane) # customize our UI components callbacks.customizeUiComponent(self._splitpane) callbacks.customizeUiComponent(logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(splane) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) callbacks.registerHttpListener(self) return