class BurpExtender(IBurpExtender, IHttpListener, IScannerListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._callbacks.setExtensionName("Carbonator") self._helpers = self._callbacks.getHelpers() self.clivars = None self.spider_results=[] self.scanner_results=[] self.packet_timeout=5 self.last_packet_seen= int(time.time()) #initialize the start of the spider/scan if not self.processCLI(): return None else: self.clivars = True print "Initiating Carbonator Against: ", str(self.url) #add to scope if not already in there. if self._callbacks.isInScope(self.url) == 0: self._callbacks.includeInScope(self.url) #added to ensure that the root directory is scanned base_request = str.encode(str("GET "+self.path+" HTTP/1.1\nHost: "+self.fqdn+"\n\n")) if(self.scheme == 'HTTPS'): print self._callbacks.doActiveScan(self.fqdn,self.port,1,base_request) else: print self._callbacks.doActiveScan(self.fqdn,self.port,0,base_request) self._callbacks.sendToSpider(self.url) self._callbacks.registerHttpListener(self) self._callbacks.registerScannerListener(self) while int(time.time())-self.last_packet_seen <= self.packet_timeout: time.sleep(1) print "No packets seen in the last", self.packet_timeout, "seconds." print "Removing Listeners" self._callbacks.removeHttpListener(self) self._callbacks.removeScannerListener(self) self._callbacks.excludeFromScope(self.url) print "Generating Report" self.generateReport(self.rtype) print "Report Generated" print "Closing Burp in", self.packet_timeout, "seconds." time.sleep(self.packet_timeout) if self.clivars: self._callbacks.exitSuite(False) return def processHttpMessage(self, tool_flag, isRequest, current): self.last_packet_seen = int(time.time()) if tool_flag == self._callbacks.TOOL_SPIDER and isRequest: #if is a spider request then send to scanner self.spider_results.append(current) print "Sending new URL to Vulnerability Scanner: URL #",len(self.spider_results) if self.scheme == 'https': self._callbacks.doActiveScan(self.fqdn,self.port,1,current.getRequest()) #returns scan queue, push to array else: self._callbacks.doActiveScan(self.fqdn,self.port,0,current.getRequest()) #returns scan queue, push to array return def newScanIssue(self, issue): self.scanner_results.append(issue) print "New issue identified: Issue #",len(self.scanner_results); return def generateReport(self, format): if format != 'XML': format = 'HTML' file_name = self.output self._callbacks.generateScanReport(format,self.scanner_results,File(file_name)) time.sleep(5) return def processCLI(self): cli = self._callbacks.getCommandLineArguments() if len(cli) < 0: print "Incomplete target information provided." return False elif not cli: print "Integris Security Carbonator is now loaded." print "If Carbonator was loaded through the BApp store then you can run in headless mode simply adding the `-Djava.awt.headless=true` flag from within your shell. Note: If burp doesn't close at the conclusion of a scan then disable Automatic Backup on Exit." print "For questions or feature requests contact us at carbonator at integris security dot com." print "Visit carbonator at https://www.integrissecurity.com/Carbonator" return False else: self.url = URL(cli[0]) self.rtype = cli[1] self.output = cli[2] self.scheme = self.url.getProtocol() self.fqdn = self.url.getHost() self.port1 = self.url.getPort() if self.port1 == -1 and self.scheme == 'http': self.port = 80 elif self.port1 == -1 and self.scheme == 'https': self.port = 443 else: self.port = self.port1 self.path = self.url.getFile() print "self.url: " + str(self.url) + "\n" print "Scheme: " + self.scheme + "\n" print "FQDN: " + self.fqdn + "\n" print "Port: " + str(self.port1) + "\n" print "Path: " + self.path + "\n" return True
class BurpExtender(IBurpExtender, IHttpListener, IScannerListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._callbacks.setExtensionName("Carbonator") self._helpers = self._callbacks.getHelpers() self.clivars = None self.spider_results = [] self.scanner_results = [] self.packet_timeout = 5 self.last_packet_seen = int( time.time()) #initialize the start of the spider/scan if not self.processCLI(): return None else: self.clivars = True print("Initiating Carbonator Against: ", str(self.url)) #add to scope if not already in there. if self._callbacks.isInScope(self.url) == 0: self._callbacks.includeInScope(self.url) #added to ensure that the root directory is scanned base_request = str.encode( str("GET " + self.path + " HTTP/1.1\nHost: " + self.fqdn + "\n\n")) if (self.scheme == 'HTTPS'): print( self._callbacks.doActiveScan(self.fqdn, self.port, 1, base_request)) else: print( self._callbacks.doActiveScan(self.fqdn, self.port, 0, base_request)) self._callbacks.sendToSpider(self.url) self._callbacks.registerHttpListener(self) self._callbacks.registerScannerListener(self) while int(time.time()) - self.last_packet_seen <= self.packet_timeout: time.sleep(1) print("No packets seen in the last", self.packet_timeout, "seconds.") print("Removing Listeners") self._callbacks.removeHttpListener(self) self._callbacks.removeScannerListener(self) self._callbacks.excludeFromScope(self.url) print("Generating Report") self.generateReport(self.rtype) print("Report Generated") print("Closing Burp in", self.packet_timeout, "seconds.") time.sleep(self.packet_timeout) if self.clivars: self._callbacks.exitSuite(False) return def processHttpMessage(self, tool_flag, isRequest, current): self.last_packet_seen = int(time.time()) if tool_flag == self._callbacks.TOOL_SPIDER and isRequest: #if is a spider request then send to scanner self.spider_results.append(current) print("Sending new URL to Vulnerability Scanner: URL #", len(self.spider_results)) if self.scheme == 'https': self._callbacks.doActiveScan( self.fqdn, self.port, 1, current.getRequest()) #returns scan queue, push to array else: self._callbacks.doActiveScan( self.fqdn, self.port, 0, current.getRequest()) #returns scan queue, push to array return def newScanIssue(self, issue): self.scanner_results.append(issue) print("New issue identified: Issue #", len(self.scanner_results)) return def generateReport(self, format): if format != 'XML': format = 'HTML' file_name = self.output self._callbacks.generateScanReport(format, self.scanner_results, File(file_name)) time.sleep(5) return def processCLI(self): cli = self._callbacks.getCommandLineArguments() if len(cli) < 0: print("Incomplete target information provided.") return False elif not cli: print("Integris Security Carbonator is now loaded.") print( "If Carbonator was loaded through the BApp store then you can run in headless mode simply adding the `-Djava.awt.headless=true` flag from within your shell. Note: If burp doesn't close at the conclusion of a scan then disable Automatic Backup on Exit." ) print( "For questions or feature requests contact us at carbonator at integris security dot com." ) print( "Visit carbonator at https://www.integrissecurity.com/Carbonator" ) return False else: self.url = URL(cli[0]) self.rtype = cli[1] self.output = cli[2] self.scheme = self.url.getProtocol() self.fqdn = self.url.getHost() self.port1 = self.url.getPort() if self.port1 == -1 and self.scheme == 'http': self.port = 80 elif self.port1 == -1 and self.scheme == 'https': self.port = 443 else: self.port = self.port1 self.path = self.url.getFile() print("self.url: " + str(self.url) + "\n") print("Scheme: " + self.scheme + "\n") print("FQDN: " + self.fqdn + "\n") print("Port: " + str(self.port1) + "\n") print("Path: " + self.path + "\n") return True # I'm Py3
from java.net import URL url = URL( "https://www.google.co.in/?gfe_rd=cr&ei=8jCkWNfYK4Pj8weB8qeABw&gws_rd=ssl") print(url) print("File: " + url.getFile()) print("path: " + url.getPath()) print("Port: " + str(url.getPort())) print("Host: " + url.getHost()) print("protocol: " + url.getProtocol()) k = url.getContent() print("Authority: " + url.getAuthority()) print("Querystring: " + url.getQuery()) #print ("userInfo: "+str(url.getUserInfo())) #print ("ref: "+url.getRef())