def run(self):
frame = JFrame('HTMLtext_03',
size=(100, 100),
locationRelativeTo=None,
defaultCloseOperation=JFrame.EXIT_ON_CLOSE)
text = '<html><font color="red">Off</font>'
label = frame.add(JToggleButton(text, itemStateChanged=self.toggle))
frame.setVisible(1)
def configTab(self):
Config = JLabel("Config")
self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop)
self.startButton.setBounds(40, 30, 200, 30)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(40, 80, 200, 30)
self.xsscheck = JCheckBox("Detect XSS")
self.xsscheck.setSelected(True)
self.xsscheck.setBounds(40, 110, 200, 30)
self.sqlicheck = JCheckBox("Detect SQLi")
self.sqlicheck.setSelected(True)
self.sqlicheck.setBounds(40, 140, 200, 30)
self.ssticheck = JCheckBox("Detect SSTI")
self.ssticheck.setSelected(True)
self.ssticheck.setBounds(40, 170, 200, 30)
self.blindxss = JCheckBox("Blind XSS")
self.blindxss.setBounds(40, 200, 200, 30)
self.BlindXSSText = JTextArea("", 5, 30)
scrollbxssText = JScrollPane(self.BlindXSSText)
scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollbxssText.setBounds(40, 250, 400, 110)
self.configtab = JPanel()
self.configtab.setLayout(None)
self.configtab.setBounds(0, 0, 300, 300)
self.configtab.add(Config)
self.configtab.add(self.startButton)
self.configtab.add(self.autoScroll)
self.configtab.add(self.xsscheck)
self.configtab.add(self.sqlicheck)
self.configtab.add(self.ssticheck)
self.configtab.add(self.blindxss)
self.configtab.add(scrollbxssText)
def run( self ) :
frame = JFrame(
'Toggle Button',
layout = FlowLayout(),
size = ( 275, 85 ),
defaultCloseOperation = JFrame.EXIT_ON_CLOSE
)
button = JToggleButton( # Make a toggle button
'Off' , # Initial button text
itemStateChanged = self.toggle # Event handler
)
frame.add( button )
frame.setVisible( 1 )
def startGui(self):
frame = JFrame("Life", defaultCloseOperation=JFrame.EXIT_ON_CLOSE)
self.gridPanel = JPanel(GridLayout(self.numRows, self.numCols))
self.cellButtons = self._doForAllCells(self._createCellButton)
self.grid = self._doForAllCells(lambda r, c: False)
frame.add(self.gridPanel)
buttonPanel = JPanel(FlowLayout())
stepButton = JButton("Step", actionPerformed=self._step)
runButton = JToggleButton("Run", actionPerformed=self._run)
buttonPanel.add(stepButton)
buttonPanel.add(runButton)
frame.add(buttonPanel, SOUTH)
frame.pack()
frame.locationRelativeTo = None
frame.visible = True
def startGui(self):
frame = JFrame("Life", defaultCloseOperation=JFrame.EXIT_ON_CLOSE)
(R, C) = (self.numRows, self.numCols)
gridPanel = JPanel(GridLayout(R, C))
self.checkBoxes = [[JCheckBox() for c in range(C)] for r in range(R)]
self.grid = [[False for c in range(C)] for r in range(R)]
for r in range(R):
for c in range(C):
gridPanel.add(self.checkBoxes[r][c])
frame.add(gridPanel)
buttonPanel = JPanel(FlowLayout())
stepButton = JButton("Step", actionPerformed=self._step)
runButton = JToggleButton("Run", actionPerformed=self._run)
buttonPanel.add(stepButton)
buttonPanel.add(runButton)
frame.add(buttonPanel, SOUTH)
frame.pack()
frame.locationRelativeTo = None
frame.visible = True
def _createCellButton(self, r, c):
button = JToggleButton()
s = button.preferredSize
button.preferredSize = (s.height, s.height) # Make square
self.gridPanel.add(button)
return button
def registerExtenderCallbacks(self, callbacks):
print "PhantomJS RIA Crawler extension"
print "Nikolay Matyunin @autorak <*****@*****.**>"
# keep a reference to our callbacks object and helpers object
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# extension name
callbacks.setExtensionName("Phantom RIA Crawler")
# Create Tab UI components
self._jPanel = JPanel()
self._jPanel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
_titleLabel = JLabel("Phantom RIA Crawler", SwingConstants.LEFT)
_titleLabelFont = _titleLabel.font
_titleLabelFont = _titleLabelFont.deriveFont(Font.BOLD, 12);
_titleLabel.setFont(_titleLabelFont);
_titleLabel.setForeground(Color(230, 142, 11))
self._addressTextField = JTextField('')
self._addressTextField.setColumns(50)
_addressTextLabel = JLabel("Target URL:", SwingConstants.RIGHT)
self._addressTextField.getDocument().addDocumentListener(self)
self._phantomJsPathField = JTextField('phantomjs') # TODO: set permanent config value
self._phantomJsPathField.setColumns(50)
_phantomJsPathLabel = JLabel("PhantomJS path:", SwingConstants.RIGHT)
self._startButton = JToggleButton('Start', actionPerformed=self.startToggled)
self._startButton.setEnabled(False)
_requestsMadeLabel = JLabel("DEPs found:", SwingConstants.RIGHT)
self._requestsMadeInfo = JLabel("", SwingConstants.LEFT)
_statesFoundLabel = JLabel("States found:", SwingConstants.RIGHT)
self._statesFoundInfo = JLabel("", SwingConstants.LEFT)
_separator = JSeparator(SwingConstants.HORIZONTAL)
_configLabel = JLabel("Crawling configuration:")
self._configButton = JButton("Load config", actionPerformed=self.loadConfigClicked)
self._configFile = ""
_listenersLabel= JLabel("Burp proxy listener:", SwingConstants.RIGHT)
self._listenersCombo = JComboBox()
self._configTimer = Timer(5000, None)
self._configTimer.actionPerformed = self._configUpdated
self._configTimer.stop()
self._configUpdated(None)
self._commandClient = CommandClient(self)
# Layout management
self._groupLayout = GroupLayout(self._jPanel)
self._jPanel.setLayout(self._groupLayout)
self._groupLayout.setAutoCreateGaps(True)
self._groupLayout.setAutoCreateContainerGaps(True)
self._groupLayout.setHorizontalGroup(self._groupLayout.createParallelGroup()
.addComponent(_titleLabel)
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_addressTextLabel)
.addGroup(self._groupLayout.createParallelGroup()
.addComponent(self._addressTextField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_requestsMadeLabel)
.addComponent(self._requestsMadeInfo))
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_statesFoundLabel)
.addComponent(self._statesFoundInfo)))
.addComponent(self._startButton))
.addComponent(_separator)
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_configLabel)
.addComponent(self._configButton))
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_phantomJsPathLabel)
.addComponent(self._phantomJsPathField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE))
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_listenersLabel)
.addComponent(self._listenersCombo, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE))
)
self._groupLayout.setVerticalGroup(self._groupLayout.createSequentialGroup()
.addComponent(_titleLabel)
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_addressTextLabel)
.addComponent(self._addressTextField)
.addComponent(self._startButton))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_requestsMadeLabel)
.addComponent(self._requestsMadeInfo))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_statesFoundLabel)
.addComponent(self._statesFoundInfo))
.addComponent(_separator, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_configLabel)
.addComponent(self._configButton))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_phantomJsPathLabel)
.addComponent(self._phantomJsPathField))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_listenersLabel)
.addComponent(self._listenersCombo))
)
self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _phantomJsPathLabel);
self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _listenersLabel);
self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _statesFoundLabel, _requestsMadeLabel);
# context menu data
self._contextMenuData = None;
self._running = False;
# register callbacks
callbacks.customizeUiComponent(self._jPanel)
callbacks.registerContextMenuFactory(self)
callbacks.addSuiteTab(self)
return
class BurpExtender(IBurpExtender, ITab, IContextMenuFactory, DocumentListener, ChangeListener):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
print "PhantomJS RIA Crawler extension"
print "Nikolay Matyunin @autorak <*****@*****.**>"
# keep a reference to our callbacks object and helpers object
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# extension name
callbacks.setExtensionName("Phantom RIA Crawler")
# Create Tab UI components
self._jPanel = JPanel()
self._jPanel.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
_titleLabel = JLabel("Phantom RIA Crawler", SwingConstants.LEFT)
_titleLabelFont = _titleLabel.font
_titleLabelFont = _titleLabelFont.deriveFont(Font.BOLD, 12);
_titleLabel.setFont(_titleLabelFont);
_titleLabel.setForeground(Color(230, 142, 11))
self._addressTextField = JTextField('')
self._addressTextField.setColumns(50)
_addressTextLabel = JLabel("Target URL:", SwingConstants.RIGHT)
self._addressTextField.getDocument().addDocumentListener(self)
self._phantomJsPathField = JTextField('phantomjs') # TODO: set permanent config value
self._phantomJsPathField.setColumns(50)
_phantomJsPathLabel = JLabel("PhantomJS path:", SwingConstants.RIGHT)
self._startButton = JToggleButton('Start', actionPerformed=self.startToggled)
self._startButton.setEnabled(False)
_requestsMadeLabel = JLabel("DEPs found:", SwingConstants.RIGHT)
self._requestsMadeInfo = JLabel("", SwingConstants.LEFT)
_statesFoundLabel = JLabel("States found:", SwingConstants.RIGHT)
self._statesFoundInfo = JLabel("", SwingConstants.LEFT)
_separator = JSeparator(SwingConstants.HORIZONTAL)
_configLabel = JLabel("Crawling configuration:")
self._configButton = JButton("Load config", actionPerformed=self.loadConfigClicked)
self._configFile = ""
_listenersLabel= JLabel("Burp proxy listener:", SwingConstants.RIGHT)
self._listenersCombo = JComboBox()
self._configTimer = Timer(5000, None)
self._configTimer.actionPerformed = self._configUpdated
self._configTimer.stop()
self._configUpdated(None)
self._commandClient = CommandClient(self)
# Layout management
self._groupLayout = GroupLayout(self._jPanel)
self._jPanel.setLayout(self._groupLayout)
self._groupLayout.setAutoCreateGaps(True)
self._groupLayout.setAutoCreateContainerGaps(True)
self._groupLayout.setHorizontalGroup(self._groupLayout.createParallelGroup()
.addComponent(_titleLabel)
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_addressTextLabel)
.addGroup(self._groupLayout.createParallelGroup()
.addComponent(self._addressTextField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_requestsMadeLabel)
.addComponent(self._requestsMadeInfo))
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_statesFoundLabel)
.addComponent(self._statesFoundInfo)))
.addComponent(self._startButton))
.addComponent(_separator)
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_configLabel)
.addComponent(self._configButton))
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_phantomJsPathLabel)
.addComponent(self._phantomJsPathField, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE))
.addGroup(self._groupLayout.createSequentialGroup()
.addComponent(_listenersLabel)
.addComponent(self._listenersCombo, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE))
)
self._groupLayout.setVerticalGroup(self._groupLayout.createSequentialGroup()
.addComponent(_titleLabel)
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_addressTextLabel)
.addComponent(self._addressTextField)
.addComponent(self._startButton))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_requestsMadeLabel)
.addComponent(self._requestsMadeInfo))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_statesFoundLabel)
.addComponent(self._statesFoundInfo))
.addComponent(_separator, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE)
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_configLabel)
.addComponent(self._configButton))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_phantomJsPathLabel)
.addComponent(self._phantomJsPathField))
.addGroup(self._groupLayout.createParallelGroup(GroupLayout.Alignment.BASELINE)
.addComponent(_listenersLabel)
.addComponent(self._listenersCombo))
)
self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _phantomJsPathLabel);
self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _configLabel, _listenersLabel);
self._groupLayout.linkSize(SwingConstants.HORIZONTAL, _statesFoundLabel, _requestsMadeLabel);
# context menu data
self._contextMenuData = None;
self._running = False;
# register callbacks
callbacks.customizeUiComponent(self._jPanel)
callbacks.registerContextMenuFactory(self)
callbacks.addSuiteTab(self)
return
#
# implement ITab and Tab ChangeListener
#
def getTabCaption(self):
return "Phantom RIA Crawler"
def getUiComponent(self):
return self._jPanel
def stateChanged(self, ev):
self._configUpdated()
def _configUpdated(self, ev):
config = self._callbacks.saveConfig()
# update proxy listeners
index = 0
listeners = DefaultComboBoxModel()
while (("proxy.listener" + str(index)) in config):
listenerItem = config["proxy.listener" + str(index)]
listenerItems = listenerItem.split(".")
if (listenerItems[0] == "1"):
address = ".".join(listenerItems[2][1:].split("|"))
if (len(address) == 0):
address = "127.0.0.1"
listeners.addElement(address + " : " + listenerItems[1])
index = index + 1
self._listenersCombo.setModel(listeners)
return;
#
# implement button actions
#
def startToggled(self, ev):
if (self._startButton.getModel().isSelected()):
try:
os.chdir(sys.path[0] + os.sep + "riacrawler" + os.sep + "scripts")
except Exception as e:
print >> sys.stderr, "RIA crawler scripts loading error", "I/O error({0}): {1}".format(e.errno, e.strerror)
self._startButton.setSelected(False)
return
phantomJsPath = self._phantomJsPathField.text
target = self._addressTextField.text
config = "crawler.config"
if (self._configFile):
config = self._configFile
listenerAddress = self._listenersCombo.getSelectedItem().replace(" ", "")
p = Popen("{0} --proxy={3} main.js --target={1} --config={2}".format(phantomJsPath, target, config, listenerAddress), shell=True)
self._running = True
self._requestsMadeInfo.setText("")
self._statesFoundInfo.setText("")
self._commandClient.startCrawling()
else:
if (self._running):
self._commandClient.stopCrawling()
self._running = False
def syncCrawlingState(self, result):
print "RIA crawling state: ", result
self._requestsMadeInfo.setText(str(result["requests_made"]))
self._statesFoundInfo.setText(str(result["states_detected"]))
if (result["running"] == False):
self._commandClient.stopCrawling()
self._running = False
self._startButton.setSelected(False)
def loadConfigClicked(self, ev):
openFile = JFileChooser();
openFile.showOpenDialog(None);
self._configFile = openFile.getSelectedFile()
#
# implement DocumentListener for _addressTextField
#
def removeUpdate(self, ev):
self.updateStartButton()
def insertUpdate(self, ev):
self.updateStartButton()
def updateStartButton(self):
self._startButton.setEnabled(len(self._addressTextField.text) > 0)
#
# implement IContextMenuFactory
#
def createMenuItems(self, contextMenuInvocation):
menuItemList = ArrayList()
context = contextMenuInvocation.getInvocationContext()
if (context == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST or context == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST or
context == IContextMenuInvocation.CONTEXT_PROXY_HISTORY or context == IContextMenuInvocation.CONTEXT_TARGET_SITE_MAP_TABLE):
self._contextMenuData = contextMenuInvocation.getSelectedMessages()
menuItemList.add(JMenuItem("Send to Phantom RIA Crawler", actionPerformed = self.menuItemClicked))
return menuItemList
def menuItemClicked(self, event):
if (self._running == True):
self._callbacks.issueAlert("Can't set data to Phantom RIA Crawler: crawling is running already.")
return;
dataIsSet = False;
for message in self._contextMenuData:
request = self._helpers.analyzeRequest(message)
url = request.getUrl().toString()
print url
if (url):
dataisSet = True;
self._addressTextField.setText(url)
def draw(self):
""" init configuration tab
"""
self._extender.startButton = JToggleButton("Autorize is off",
actionPerformed=self.startOrStop)
self._extender.startButton.setBounds(10, 20, 230, 30)
self._extender.clearButton = JButton("Clear List", actionPerformed=self.clearList)
self._extender.clearButton.setBounds(10, 80, 100, 30)
self._extender.autoScroll = JCheckBox("Auto Scroll")
self._extender.autoScroll.setBounds(145, 80, 130, 30)
self._extender.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self._extender.ignore304.setBounds(280, 5, 300, 30)
self._extender.ignore304.setSelected(True)
self._extender.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self._extender.prevent304.setBounds(280, 25, 300, 30)
self._extender.interceptRequestsfromRepeater = JCheckBox("Intercept requests from Repeater")
self._extender.interceptRequestsfromRepeater.setBounds(280, 45, 300, 30)
self._extender.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self._extender.doUnauthorizedRequest.setBounds(280, 65, 300, 30)
self._extender.doUnauthorizedRequest.setSelected(True)
self._extender.saveHeadersButton = JButton("Save headers",
actionPerformed=self.saveHeaders)
self._extender.saveHeadersButton.setBounds(360, 115, 120, 30)
savedHeadersTitles = self.getSavedHeadersTitles()
self._extender.savedHeadersTitlesCombo = JComboBox(savedHeadersTitles)
self._extender.savedHeadersTitlesCombo.addActionListener(SavedHeaderChange(self._extender))
self._extender.savedHeadersTitlesCombo.setBounds(10, 115, 300, 30)
self._extender.replaceString = JTextArea("Cookie: Insert=injected; cookie=or;\nHeader: here", 5, 30)
self._extender.replaceString.setWrapStyleWord(True)
self._extender.replaceString.setLineWrap(True)
scrollReplaceString = JScrollPane(self._extender.replaceString)
scrollReplaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollReplaceString.setBounds(10, 150, 470, 150)
self._extender.fetchButton = JButton("Fetch cookies from last request",
actionPerformed=self.fetchCookies)
self._extender.fetchButton.setEnabled(False)
self._extender.fetchButton.setBounds(10, 305, 250, 30)
self._extender.filtersTabs = JTabbedPane()
self._extender.filtersTabs = self._extender.filtersTabs
self._extender.filtersTabs.addTab("Enforcement Detector", self._extender.EDPnl)
self._extender.filtersTabs.addTab("Detector Unauthenticated", self._extender.EDPnlUnauth)
self._extender.filtersTabs.addTab("Interception Filters", self._extender.filtersPnl)
self._extender.filtersTabs.addTab("Match/Replace", self._extender.MRPnl)
self._extender.filtersTabs.addTab("Table Filter", self._extender.filterPnl)
self._extender.filtersTabs.addTab("Save/Restore", self._extender.exportPnl)
self._extender.filtersTabs.setSelectedIndex(2)
self._extender.filtersTabs.setBounds(0, 350, 2000, 700)
self._extender.pnl = JPanel()
self.pnl = self._extender.pnl
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self._extender.startButton)
self.pnl.add(self._extender.clearButton)
self.pnl.add(scrollReplaceString)
self.pnl.add(self._extender.saveHeadersButton)
self.pnl.add(self._extender.savedHeadersTitlesCombo)
self.pnl.add(self._extender.fetchButton)
self.pnl.add(self._extender.autoScroll)
self.pnl.add(self._extender.interceptRequestsfromRepeater)
self.pnl.add(self._extender.ignore304)
self.pnl.add(self._extender.prevent304)
self.pnl.add(self._extender.doUnauthorizedRequest)
self.pnl.add(self._extender.filtersTabs)
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IHttpRequestResponseWithMarkers, ITextEditor):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
#Initialize callbacks to be used later
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Trishul")
self._log = ArrayList()
#_log used to store our outputs for a URL, which is retrieved later by the tool
self._lock = Lock()
#Lock is used for locking threads while updating logs in order such that no multiple updates happen at once
self.intercept = 0
self.FOUND = "Found"
self.CHECK = "Possible! Check Manually"
self.NOT_FOUND = "Not Found"
#Static Values for output
#Initialize GUI
self.issuesTab()
self.advisoryReqResp()
self.configTab()
self.tabsInit()
self.definecallbacks()
print("Thank You for Installing Trishul")
return
#
#Initialize Issues Tab displaying the JTree
#
def issuesTab(self):
self.root = DefaultMutableTreeNode('Issues')
frame = JFrame("Issues Tree")
self.tree = JTree(self.root)
self.rowSelected = ''
self.tree.addMouseListener(mouseclick(self))
self.issuepanel = JScrollPane()
self.issuepanel.setPreferredSize(Dimension(300,450))
self.issuepanel.getViewport().setView((self.tree))
frame.add(self.issuepanel,BorderLayout.CENTER)
#
#Adding Issues to Issues TreePath
#
def addIssues(self, branch, branchData=None):
if branchData == None:
branch.add(DefaultMutableTreeNode('No valid data'))
else:
for item in branchData:
branch.add(DefaultMutableTreeNode(item))
#
#Initialize the Config Tab to modify tool settings
#
def configTab(self):
Config = JLabel("Config")
self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop)
self.startButton.setBounds(40, 30, 200, 30)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(40, 80, 200, 30)
self.xsscheck = JCheckBox("Detect XSS")
self.xsscheck.setSelected(True)
self.xsscheck.setBounds(40, 110, 200, 30)
self.sqlicheck = JCheckBox("Detect SQLi")
self.sqlicheck.setSelected(True)
self.sqlicheck.setBounds(40, 140, 200, 30)
self.ssticheck = JCheckBox("Detect SSTI")
self.ssticheck.setSelected(True)
self.ssticheck.setBounds(40, 170, 200, 30)
self.blindxss = JCheckBox("Blind XSS")
self.blindxss.setBounds(40, 200, 200, 30)
self.BlindXSSText = JTextArea("", 5, 30)
scrollbxssText = JScrollPane(self.BlindXSSText)
scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollbxssText.setBounds(40, 250, 400, 110)
self.configtab = JPanel()
self.configtab.setLayout(None)
self.configtab.setBounds(0, 0, 300, 300)
self.configtab.add(Config)
self.configtab.add(self.startButton)
self.configtab.add(self.autoScroll)
self.configtab.add(self.xsscheck)
self.configtab.add(self.sqlicheck)
self.configtab.add(self.ssticheck)
self.configtab.add(self.blindxss)
self.configtab.add(scrollbxssText)
#
#Turn Intercept from Proxy on or off
#
def startOrStop(self, event):
if self.startButton.getText() == "Intercept Off":
self.startButton.setText("Intercept On")
self.startButton.setSelected(True)
self.intercept = 1
else:
self.startButton.setText("Intercept Off")
self.startButton.setSelected(False)
self.intercept = 0
#
#Intialize the Advisory, Request and Response Tabs
#
def advisoryReqResp(self):
self.textfield = JEditorPane("text/html", "")
self.kit = HTMLEditorKit()
self.textfield.setEditorKit(self.kit)
self.doc = self.textfield.getDocument()
self.textfield.setEditable(0)
self.advisorypanel = JScrollPane()
self.advisorypanel.getVerticalScrollBar()
self.advisorypanel.setPreferredSize(Dimension(300,450))
self.advisorypanel.getViewport().setView((self.textfield))
self.selectedreq = []
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._texteditor = self._callbacks.createTextEditor()
self._texteditor.setEditable(False)
#
#Initialize Trishul Tabs
#
def tabsInit(self):
self.logTable = Table(self)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("#").setPreferredWidth(Math.round(tableWidth / 50 * 0.1))
self.logTable.getColumn("Method").setPreferredWidth(Math.round(tableWidth / 50 * 3))
self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 40))
self.logTable.getColumn("Parameters").setPreferredWidth(Math.round(tableWidth / 50 * 1))
self.logTable.getColumn("XSS").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("SQLi").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("SSTI").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Request Time").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.tableSorter = TableRowSorter(self)
self.logTable.setRowSorter(self.tableSorter)
self._bottomsplit = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._bottomsplit.setDividerLocation(500)
self.issuetab = JTabbedPane()
self.issuetab.addTab("Config",self.configtab)
self.issuetab.addTab("Issues",self.issuepanel)
self._bottomsplit.setLeftComponent(self.issuetab)
self.tabs = JTabbedPane()
self.tabs.addTab("Advisory",self.advisorypanel)
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Highlighted Response", self._texteditor.getComponent())
self._bottomsplit.setRightComponent(self.tabs)
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._splitpane.setDividerLocation(450)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self))
self._splitpane.setRightComponent(self._bottomsplit)
#
#Initialize burp callbacks
#
def definecallbacks(self):
self._callbacks.registerHttpListener(self)
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self._bottomsplit)
self._callbacks.registerContextMenuFactory(self)
self._callbacks.addSuiteTab(self)
#
#Menu Item to send Request to Trishul
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Trishul")
for response in responses:
requestMenuItem.addActionListener(handleMenuItems(self,response, "request"))
ret.add(requestMenuItem)
return ret
return None
#
#Highlighting Response
#
def markHttpMessage( self, requestResponse, responseMarkString ):
responseMarkers = None
if responseMarkString:
response = requestResponse.getResponse()
responseMarkBytes = self._helpers.stringToBytes( responseMarkString )
start = self._helpers.indexOf( response, responseMarkBytes, False, 0, len( response ) )
if -1 < start:
responseMarkers = [ array( 'i',[ start, start + len( responseMarkBytes ) ] ) ]
requestHighlights = [array( 'i',[ 0, 5 ] )]
return self._callbacks.applyMarkers( requestResponse, requestHighlights, responseMarkers )
def getTabCaption(self):
return "Trishul"
def getUiComponent(self):
return self._splitpane
#
#Table Model to display URL's and results based on the log size
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 8
def getColumnName(self, columnIndex):
data = ['#','Method', 'URL', 'Parameters', 'XSS', 'SQLi', "SSTI", "Request Time"]
try:
return data[columnIndex]
except IndexError:
return ""
def getColumnClass(self, columnIndex):
data = [Integer, String, String, Integer, String, String, String, String]
try:
return data[columnIndex]
except IndexError:
return ""
#Get Data stored in log and display in the respective columns
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return logEntry._method
if columnIndex == 2:
return logEntry._url.toString()
if columnIndex == 3:
return len(logEntry._parameter)
if columnIndex == 4:
return logEntry._XSSStatus
if columnIndex == 5:
return logEntry._SQLiStatus
if columnIndex == 6:
return logEntry._SSTIStatus
if columnIndex == 7:
return logEntry._req_time
return ""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#For Intercepted requests perform tests in scope
def processHttpMessage(self, toolFlag, messageIsRequest, messageInf):
if self.intercept == 1:
if toolFlag == self._callbacks.TOOL_PROXY:
if not messageIsRequest:
requestInfo = self._helpers.analyzeRequest(messageInf)
requeststr = requestInfo.getUrl()
parameters = requestInfo.getParameters()
param_new = [p for p in parameters if p.getType() != 2]
if len(param_new) != 0:
if self._callbacks.isInScope(URL(str(requeststr))):
start_new_thread(self.sendRequestToTrishul,(messageInf,))
return
#
#Main processing of Trishul
#
def sendRequestToTrishul(self,messageInfo):
request = messageInfo.getRequest()
req_time = datetime.datetime.today()
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
messageInfo = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), request)
resp_time = datetime.datetime.today()
time_taken = (resp_time - req_time).total_seconds()
response = messageInfo.getResponse()
#initialozations of default value
SQLiimp = self.NOT_FOUND
SSTIimp = self.NOT_FOUND
XSSimp = self.NOT_FOUND
Comp_req = messageInfo
requestInfo = self._helpers.analyzeRequest(messageInfo)
self.content_resp = self._helpers.analyzeResponse(response)
requestURL = requestInfo.getUrl()
parameters = requestInfo.getParameters()
requeststring = self._helpers.bytesToString(request)
headers = requestInfo.getHeaders()
#Used to obtain GET, POST and JSON parameters from burp api
param_new = [p for p in parameters if p.getType() == 0 or p.getType() == 1 or p.getType() == 6]
i = 0
xssflag=0
sqliflag=0
sstiflag=0
resultxss = []
resultsqli = []
resultssti = []
xssreqresp = []
sqlireqresp = []
sstireqresp = []
ssti_description = []
sqli_description = []
xss_description = []
for i in range(len(param_new)):
name = param_new[i].getName()
ptype = param_new[i].getType()
param_value = param_new[i].getValue()
#check XSS if ticked
if self.xsscheck.isSelected():
score = 0
flag1 = 0
XSSimp = self.NOT_FOUND
payload_array = ["<", ">", "\\\\'asd", "\\\\\"asd", "\\", "'\""]
json_payload_array = ["<", ">", "\\\\'asd", "\\\"asd", "\\", "\'\\\""]
payload_all = ""
json_payload = ""
rand_str = "testtest"
for payload in payload_array:
payload_all = payload_all+rand_str+payload
payload_all = URLEncoder.encode(payload_all, "UTF-8")
for payload in json_payload_array:
json_payload = json_payload+rand_str+payload
json_payload = URLEncoder.encode(json_payload, "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
response = attack.getResponse()
response_str = self._helpers.bytesToString(response)
xssreqresp.append(attack)
if_found_payload = ""
non_encoded_symbols = ""
for check_payload in payload_array:
if_found_payload = rand_str+check_payload
if if_found_payload in response_str:
non_encoded_symbols = non_encoded_symbols+"<br>"+check_payload.replace('<', '<')
score = score+1
flag1 = 1
if score > 2: XSSimp = self.CHECK
if score > 3: XSSimp = self.FOUND
xssflag = self.checkBetterScore(score,xssflag)
if non_encoded_symbols == " \\\\'asd":
XSSimp = self.NOT_FOUND
if non_encoded_symbols != '':
xss_description.append("The Payload <b>" + payload_all.replace('<', '<') + "</b> was passed in the request for the paramater <b>" + self._helpers.urlDecode(name) + "</b>. Some Tags were observed in the output unfiltered. A payload can be generated with the observed tags.<br>Symbols not encoded for parameter <b>" + name + "</b>: " + non_encoded_symbols)
else:
xss_description.append("")
else:
XSSimp = "Disabled"
resultxss.append(XSSimp)
if self.sqlicheck.isSelected():
SQLiimp = self.NOT_FOUND
score = 0
value = "%27and%28select%2afrom%28select%28sleep%285%29%29%29a%29--"
orig_time = datetime.datetime.today()
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, value, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+value)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+value+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack1 = self.makeRequest(Comp_req, updated_request)
response1 = attack1.getResponse()
new_time = datetime.datetime.today()
response_str1 = self._helpers.bytesToString(response1)
sqlireqresp.append(attack1)
diff = (new_time - orig_time).total_seconds()
if (diff - time_taken) > 3:
score = 4
self.error_array = ["check the manual that corresponds to your", "You have an error", "syntax error", "SQL syntax", "SQL statement", "ERROR:", "Error:", "MySQL","Warning:","mysql_fetch_array()"]
found_text = ""
for error in self.error_array:
if error in response_str1:
found_text = found_text + error
score = score + 1
if score > 1: SQLiimp = self.CHECK
if score > 2: SQLiimp = self.FOUND
sqliflag = self.checkBetterScore(score,sqliflag)
if found_text != '':
sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. Some errors were generated in the response which confirms that there is an Error based SQLi. Please check the request and response for this parameter")
elif (diff - time_taken) > 3:
sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. The response was in a delay of <b>"+str(diff)+"</b> seconds as compared to original <b>"+str(time_taken)+"</b> seconds. This indicates that there is a time based SQLi. Please check the request and response for this parameter")
else:
sqli_description.append("")
else:
SQLiimp = "Disabled"
resultsqli.append(SQLiimp)
if self.ssticheck.isSelected():
score = 0
SSTIimp = self.NOT_FOUND
payload_array = ["${123*456}", "<%=123*567%>", "{{123*678}}"]
json_payload_array = ["$\{123*456\}", "<%=123*567%>", "\{\{123*678\}\}"]
payload_all = ""
rand_str = "jjjjjjj"
json_payload = ""
for payload in payload_array:
payload_all = payload_all+rand_str+payload
for payload in json_payload_array:
json_payload = json_payload+rand_str+payload
payload_all = URLEncoder.encode(payload_all, "UTF-8")
json_payload = URLEncoder.encode(json_payload, "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
response = attack.getResponse()
response_str = self._helpers.bytesToString(response)
self.expected_output = ["56088","69741","83394","3885","777777777777777"]
for output in self.expected_output:
if_found_payload = rand_str+output
if if_found_payload in response_str:
if output == self.expected_output[0]:
sstireqresp.append(attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Java</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>56088</b>")
score = 2
if output == self.expected_output[1]:
sstireqresp.append(attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Ruby</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>69741</b>")
score = 2
if output == self.expected_output[2]:
payload_new = "{{5*'777'}}"
json_payload_ssti = "\{\{5*'777'\}\}"
payload = URLEncoder.encode("{{5*'777'}}", "UTF-8")
json_ssti = URLEncoder.encode("\{\{5*'777'\}\}", "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters = self._helpers.buildParameter(name, payload, ptype)
ssti_updated_request = self._helpers.updateParameter(request, new_paramters)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_ssti)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_ssti+"\"")
ssti_updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
self.ssti_attack = self.makeRequest(Comp_req, ssti_updated_request)
ssti_response = self.ssti_attack.getResponse()
ssti_response_str = self._helpers.bytesToString(ssti_response)
if self.expected_output[3] in ssti_response_str:
sstireqresp.append(self.ssti_attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Twig</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>3885</b>")
score = 2
elif self.expected_output[4] in ssti_response_str:
sstireqresp.append(self.ssti_attack)
self.responseMarkString = "777777777777777"
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Jinja2</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>777777777777777</b>")
score = 2
if score > 0: SSTIimp = self.CHECK
if score > 1: SSTIimp = self.FOUND
sstiflag = self.checkBetterScore(score,sstiflag)
else:
SSTIimp = "Disabled"
resultssti.append(SSTIimp)
if self.blindxss.isSelected():
blindxss_value = self.BlindXSSText.getText()
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, blindxss_value, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+blindxss_value)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+blindxss_value+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
if XSSimp != "Disabled":
if xssflag > 3: XSSimp = self.FOUND
elif xssflag > 2: XSSimp = self.CHECK
else: XSSimp = self.NOT_FOUND
if SSTIimp != "Disabled":
if sstiflag > 1: SSTIimp = self.FOUND
elif sstiflag > 0: SSTIimp = self.CHECK
else: SSTIimp = self.NOT_FOUND
if SQLiimp != "Disabled":
if sqliflag > 3: SQLiimp = self.FOUND
elif sqliflag > 2: SQLiimp = self.CHECK
else: SQLiimp = self.NOT_FOUND
self.addToLog(messageInfo, XSSimp, SQLiimp, SSTIimp, param_new, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp , xss_description, sqli_description, ssti_description, req_time.strftime('%H:%M:%S %m/%d/%y'))
#
#Function used to check if the score originally and mentioned is better
#
def checkBetterScore(self, score, ogscore):
if score > ogscore:
ogscore = score
return ogscore
def makeRequest(self, messageInfo, message):
request = messageInfo.getRequest()
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message)
def addToLog(self, messageInfo, XSSimp, SQLiimp, SSTIimp, parameters, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description, req_time):
requestInfo = self._helpers.analyzeRequest(messageInfo)
method = requestInfo.getMethod()
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(self._callbacks.saveBuffersToTempFiles(messageInfo), requestInfo.getUrl(),method,XSSimp,SQLiimp,SSTIimp,req_time, parameters,resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description)) # same requests not include again.
SwingUtilities.invokeLater(UpdateTableEDT(self,"insert",row,row))
self._lock.release()
def registerExtenderCallbacks(self, callbacks):
# set our extension name
self._callbacks = callbacks
self.ATTRIBUTE_QUOTES = "(\".*\")|(\'.*\')"
callbacks.setExtensionName("Rexsser")
# obtain our output stream
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._helpers = callbacks.getHelpers()
# register ourselves as an HTTP listener
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self.logTable = logTable
self._splitpane.setLeftComponent(scrollPane)
splane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
btn = JToggleButton("Turn on/off")
self._btn = btn
panel = JPanel()
panel1 = JPanel()
chxbox = JCheckBox("In Scope Only")
self.chxbox = chxbox
panel1.add(self._btn)
panel1.add(chxbox)
panel.add(panel1)
panel2 = JPanel()
panel2.setLayout(BoxLayout(panel2, BoxLayout.Y_AXIS))
textarea = JTextArea("text/html\napplication/json")
textarea.setRows(5)
textarea.setColumns(5)
textarea.setLineWrap(1)
panel2.add(JLabel("Content Types: "))
panel2.add(textarea)
panel.add(panel2)
self.content_types = textarea
panel3 = JPanel()
panel3.add(JLabel("Status Codes: "))
txtarea = JTextArea("200,500")
txtarea.setRows(3)
txtarea.setLineWrap(1)
self.status_codes = txtarea
panel3.add(txtarea)
panel3.setLayout(BoxLayout(panel3, BoxLayout.Y_AXIS))
panel.add(panel3)
panel.setLayout(BoxLayout(panel, BoxLayout.Y_AXIS))
tabs = JTabbedPane()
splane.setLeftComponent(panel)
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
splane.setRightComponent(tabs)
self._splitpane.setRightComponent(splane)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(splane)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
callbacks.registerHttpListener(self)
return
