class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IExtensionStateListener): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Burp Scope Monitor Experimental") self.GLOBAL_HANDLER_ANALYZED = False self.GLOBAL_HANDLER = False self.STATUS = False self.AUTOSAVE_REQUESTS = 10 self.AUTOSAVE_TIMEOUT = 600 # 10 minutes should be fine self.CONFIG_INSCOPE = True self.BAD_EXTENSIONS_DEFAULT = [ '.gif', '.png', '.js', '.woff', '.woff2', '.jpeg', '.jpg', '.css', '.ico', '.m3u8', '.ts', '.svg' ] self.BAD_MIMES_DEFAULT = [ 'gif', 'script', 'jpeg', 'jpg', 'png', 'video', 'mp2t' ] self.BAD_EXTENSIONS = self.BAD_EXTENSIONS_DEFAULT self.BAD_MIMES = self.BAD_MIMES_DEFAULT # create the log and a lock on which to synchronize when adding log entries self._currentlyDisplayedItem = None self.SELECTED_MODEL_ROW = 0 self.SELECTED_VIEW_ROW = 0 self._log = ArrayList() self._fullLog = ArrayList() self._lock = Lock() self._lockFile = Lock() # main split pane self._parentPane = JTabbedPane() self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) ##### config pane self._config = JTabbedPane() config = JPanel() iexport = JPanel() #config.setLayout(BorderLayout()) config.setLayout(None) iexport.setLayout(None) # config radio button X_BASE = 40 Y_OFFSET = 5 Y_OPTION = 200 Y_OPTION_SPACING = 20 Y_CHECKMARK_SPACING = 20 self.showAllButton = JRadioButton(SHOW_ALL_BUTTON_LABEL, True) self.showNewButton = JRadioButton(SHOW_NEW_BUTTON_LABEL, False) self.showTestedButton = JRadioButton(SHOW_TEST_BUTTON_LABEL, False) self.showAllButton.setBounds(40, 60 + Y_OFFSET, 400, 30) self.showNewButton.setBounds(40, 80 + Y_OFFSET, 400, 30) self.showTestedButton.setBounds(40, 100 + Y_OFFSET, 400, 30) #self.showNewButton = JRadioButton(SHOW_NEW_BUTTON_LABEL, False) #self.showTestedButton = JRadioButton(SHOW_TEST_BUTTON_LABEL, False) self.showAllButton.addActionListener(self.handleRadioConfig) self.showNewButton.addActionListener(self.handleRadioConfig) self.showTestedButton.addActionListener(self.handleRadioConfig) self.clearButton = JButton("Clear") self.clearButton.addActionListener(self.handleClearButton) self.clearButton.setBounds(40, 20, 100, 30) self.startButton = JButton(MONITOR_ON_LABEL) self.startButton.addActionListener(self.handleStartButton) self.startButton.setBounds(150, 20, 200, 30) self.badExtensionsLabel = JLabel("Ignore extensions:") self.badExtensionsLabel.setBounds(X_BASE, 150, 200, 30) self.badExtensionsText = JTextArea("") self.loadBadExtensions() self.badExtensionsText.setBounds(X_BASE, 175, 310, 30) self.badExtensionsButton = JButton("Save") self.badExtensionsButton.addActionListener( self.handleBadExtensionsButton) self.badExtensionsButton.setBounds(355, 175, 70, 30) self.badExtensionsDefaultButton = JButton("Load Defaults") self.badExtensionsDefaultButton.addActionListener( self.handleBadExtensionsDefaultButton) self.badExtensionsDefaultButton.setBounds(430, 175, 120, 30) self.badMimesLabel = JLabel("Ignore mime types:") self.badMimesLabel.setBounds(X_BASE, 220, 200, 30) self.badMimesText = JTextArea("") self.loadBadMimes() self.badMimesText.setBounds(X_BASE, 245, 310, 30) self.badMimesButton = JButton("Save") self.badMimesButton.addActionListener(self.handleBadMimesButton) self.badMimesButton.setBounds(355, 245, 70, 30) self.badMimesDefaultButton = JButton("Load Defaults") self.badMimesDefaultButton.addActionListener( self.handleBadMimesDefaultButton) self.badMimesDefaultButton.setBounds(430, 245, 120, 30) self.otherLabel = JLabel("Other:") self.otherLabel.setBounds(40, 300, 120, 30) self.otherLabel2 = JLabel("Other:") self.otherLabel2.setBounds(X_BASE, Y_OPTION, 120, 30) self.autoSaveOption = JCheckBox("Auto save periodically") self.autoSaveOption.setSelected(True) self.autoSaveOption.addActionListener(self.handleAutoSaveOption) self.autoSaveOption.setBounds(X_BASE, Y_OPTION + Y_CHECKMARK_SPACING, 420, 30) self.repeaterOptionButton = JCheckBox( "Repeater request automatically marks as analyzed") self.repeaterOptionButton.setSelected(True) self.repeaterOptionButton.addActionListener( self.handleRepeaterOptionButton) self.repeaterOptionButton.setBounds(50, 330, 420, 30) self.scopeOptionButton = JCheckBox("Follow Burp Target In Scope rules") self.scopeOptionButton.setSelected(True) self.scopeOptionButton.addActionListener(self.handleScopeOptionButton) self.scopeOptionButton.setBounds(50, 350, 420, 30) self.startOptionButton = JCheckBox("Autostart Scope Monitor") self.startOptionButton.setSelected(True) self.startOptionButton.addActionListener(self.handleStartOption) self.startOptionButton.setBounds(50, 350 + Y_OPTION_SPACING, 420, 30) self.markTestedRequestsProxy = JCheckBox( "Color request in Proxy tab if analyzed") self.markTestedRequestsProxy.setSelected(True) self.markTestedRequestsProxy.addActionListener( self.handleTestedRequestsProxy) self.markTestedRequestsProxy.setBounds(50, 350 + Y_OPTION_SPACING * 2, 420, 30) self.markNotTestedRequestsProxy = JCheckBox( "Color request in Proxy tab if NOT analyzed") self.markNotTestedRequestsProxy.setSelected(True) self.markNotTestedRequestsProxy.addActionListener( self.handleNotTestedRequestsProxy) self.markNotTestedRequestsProxy.setBounds(50, 350 + Y_OPTION_SPACING * 3, 420, 30) self.saveButton = JButton("Save now") self.saveButton.addActionListener(self.handleSaveButton) self.saveButton.setBounds(X_BASE + 320, 95, 90, 30) self.loadButton = JButton("Load now") self.loadButton.addActionListener(self.handleLoadButton) self.loadButton.setBounds(X_BASE + 420, 95, 90, 30) self.selectPath = JButton("Select path") self.selectPath.addActionListener(self.selectExportFile) self.selectPath.setBounds(X_BASE + 530, 60, 120, 30) self.selectPathText = JTextArea("") self.selectPathText.setBounds(X_BASE, 60, 510, 30) self.selectPathLabel = JLabel("State file:") self.selectPathLabel.setBounds(X_BASE, 30, 200, 30) bGroup = ButtonGroup() bGroup.add(self.showAllButton) bGroup.add(self.showNewButton) bGroup.add(self.showTestedButton) config.add(self.clearButton) config.add(self.startButton) config.add(self.startOptionButton) config.add(self.showAllButton) config.add(self.showNewButton) config.add(self.showTestedButton) config.add(self.badExtensionsButton) config.add(self.badExtensionsText) config.add(self.badExtensionsLabel) config.add(self.badMimesButton) config.add(self.badMimesText) config.add(self.badMimesLabel) config.add(self.badExtensionsDefaultButton) config.add(self.badMimesDefaultButton) config.add(self.otherLabel) config.add(self.repeaterOptionButton) config.add(self.scopeOptionButton) config.add(self.markTestedRequestsProxy) config.add(self.markNotTestedRequestsProxy) iexport.add(self.saveButton) iexport.add(self.loadButton) iexport.add(self.selectPath) iexport.add(self.selectPathText) iexport.add(self.selectPathLabel) iexport.add(self.otherLabel2) iexport.add(self.autoSaveOption) self._config.addTab("General", config) self._config.addTab("Import/Export", iexport) ##### end config pane self._parentPane.addTab("Monitor", self._splitpane) self._parentPane.addTab("Config", self._config) # table of log entries self.logTable = Table(self) #self.logTable.setDefaultRenderer(self.logTable.getColumnClass(0), ColoredTableCellRenderer(self)) self.logTable.setAutoCreateRowSorter(True) self.logTable.setRowSelectionAllowed(True) renderer = ColoredTableCellRenderer(self) #column = TableColumn(0, 190, renderer, None) print 'Initiating... ' # this could be improved by fetching initial dimensions self.logTable.getColumn("URL").setPreferredWidth(720) # noscope self.logTable.getColumn("URL").setResizable(True) self.logTable.getColumn("Checked").setCellRenderer(renderer) self.logTable.getColumn("Checked").setPreferredWidth(80) self.logTable.getColumn("Checked").setMaxWidth(80) self.logTable.getColumn("Method").setPreferredWidth(120) #self.logTable.getColumn("Method").setMaxWidth(120) self.logTable.getColumn("Method").setResizable(True) self.logTable.getColumn("Time").setPreferredWidth(120) # noscope self.logTable.getColumn("Time").setResizable(True) scrollPane = JScrollPane(self.logTable) self._splitpane.setLeftComponent(scrollPane) # tabs with request/response viewers tabs = JTabbedPane() self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) tabs.addTab("Request", self._requestViewer.getComponent()) tabs.addTab("Response", self._responseViewer.getComponent()) self._splitpane.setRightComponent(tabs) ## Row sorter shit #self._tableRowSorterAutoProxyAutoAction = CustomTableRowSorter(self.logTable.getModel()) #self.logTable.setRowSorter(self._tableRowSorterAutoProxyAutoAction) markAnalyzedButton = JMenuItem("Mark Requests as Analyzed") markAnalyzedButton.addActionListener(markRequestsHandler(self, True)) markNotAnalyzedButton = JMenuItem("Mark Requests as NOT Analyzed") markNotAnalyzedButton.addActionListener( markRequestsHandler(self, False)) sendRequestMenu = JMenuItem("Send Request to Repeater") sendRequestMenu.addActionListener(sendRequestRepeater(self)) deleteRequestMenu = JMenuItem("Delete request") deleteRequestMenu.addActionListener(deleteRequestHandler(self)) self.menu = JPopupMenu("Popup") self.menu.add(markAnalyzedButton) self.menu.add(markNotAnalyzedButton) self.menu.add(sendRequestMenu) self.menu.add(deleteRequestMenu) # customize our UI components callbacks.customizeUiComponent(self._parentPane) callbacks.customizeUiComponent(self._splitpane) callbacks.customizeUiComponent(self._config) callbacks.customizeUiComponent(config) callbacks.customizeUiComponent(self.logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(tabs) callbacks.registerContextMenuFactory(self) callbacks.registerExtensionStateListener(self) callbacks.registerScannerCheck(passiveScanner(self)) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as an HTTP listener callbacks.registerHttpListener(self) self.loadConfigs() print "Loaded!" print "Experimental import state.. " self.importState("") self.SC = sched.scheduler(time.time, time.sleep) self.SCC = self.SC.enter(10, 1, self.autoSave, (self.SC, )) self.SC.run() return ##### CUSTOM CODE ##### def loadConfigs(self): if self._callbacks.loadExtensionSetting("CONFIG_AUTOSTART") == "False": self.startOptionButton.setSelected(False) self.startOrStop(None, False) else: self.startOptionButton.setSelected(True) self.startOrStop(None, True) if self._callbacks.loadExtensionSetting("exportFile") != "": self.selectPathText.setText( self._callbacks.loadExtensionSetting("exportFile")) if self._callbacks.loadExtensionSetting("CONFIG_REPEATER") == "True": self.repeaterOptionButton.setSelected(True) else: self.repeaterOptionButton.setSelected(False) if self._callbacks.loadExtensionSetting("CONFIG_INSCOPE") == "True": self.scopeOptionButton.setSelected(True) else: self.scopeOptionButton.setSelected(False) if self._callbacks.loadExtensionSetting("CONFIG_AUTOSAVE") == "True": self.autoSaveOption.setSelected(True) else: self.autoSaveOption.setSelected(False) if self._callbacks.loadExtensionSetting( "CONFIG_HIGHLIGHT_TESTED") == "True": self.markTestedRequestsProxy.setSelected(True) else: self.markTestedRequestsProxy.setSelected(False) if self._callbacks.loadExtensionSetting( "CONFIG_HIGHLIGHT_NOT_TESTED") == "True": self.markNotTestedRequestsProxy.setSelected(True) else: self.markNotTestedRequestsProxy.setSelected(False) return def selectExportFile(self, event): parentFrame = JFrame() fileChooser = JFileChooser() fileChooser.setDialogTitle("Specify file to save state") fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY) userSelection = fileChooser.showOpenDialog(parentFrame) if (userSelection == JFileChooser.APPROVE_OPTION): fileLoad = fileChooser.getSelectedFile() filename = fileLoad.getAbsolutePath() self.selectPathText.setText(filename) print 'Filename selected:' + filename self._callbacks.saveExtensionSetting("exportFile", filename) return def extensionUnloaded(self): print 'extension unloading.. ' print 'canceling scheduler.. ' map(self.SC.cancel, self.SC.queue) return def loadBadExtensions(self): bad = self._callbacks.loadExtensionSetting("badExtensions") if bad: self.badExtensionsText.setText(bad) # transform text to array bad = bad.replace(" ", "") self.BAD_EXTENSIONS = bad.split(",") else: print 'no bad extension saved, reverting' self.badExtensionsText.setText(", ".join(self.BAD_EXTENSIONS)) def loadBadMimes(self): bad = self._callbacks.loadExtensionSetting("badMimes") if bad: self.badMimesText.setText(bad) bad = bad.replace(" ", "") self.BAD_MIMES = bad.split(",") else: print 'no bad mimes saved, reverting' self.badMimesText.setText(", ".join(self.BAD_MIMES)) ## GLOBAL CONTEXT CODE ## def createMenuItems(self, invocation): responses = invocation.getSelectedMessages() if responses > 0: ret = LinkedList() analyzedMenuItem = JMenuItem("Mark as analyzed") notAnalyzedMenuItem = JMenuItem("Mark as NOT analyzed") for response in responses: analyzedMenuItem.addActionListener( handleMenuItems(self, response, "analyzed")) notAnalyzedMenuItem.addActionListener( handleMenuItems(self, response, "not")) ret.add(analyzedMenuItem) ret.add(notAnalyzedMenuItem) return ret def getEndpoint(self, requestResponse): url_ = str(self._helpers.analyzeRequest(requestResponse).getUrl()) o = urlparse(url_) url = o.scheme + "://" + o.netloc + o.path #print "Url3: " + url return url def getMethod(self, requestResponse): return self._helpers.analyzeRequest(requestResponse).getMethod() ##### CUSTOM CODE ##### def handleTestedRequestsProxy(self, event): self._callbacks.saveExtensionSetting( "CONFIG_HIGHLIGHT_TESTED", str(self.markTestedRequestsProxy.isSelected())) return def handleNotTestedRequestsProxy(self, event): self._callbacks.saveExtensionSetting( "CONFIG_HIGHLIGHT_NOT_TESTED", str(self.markNotTestedRequestsProxy.isSelected())) return def handleStartOption(self, event): self._callbacks.saveExtensionSetting( "CONFIG_AUTOSTART", str(self.startOptionButton.isSelected())) #print 'saving autostart: ' + str(self.startOptionButton.isSelected()) return def startOrStop(self, event, autoStart): if (self.startButton.getText() == MONITOR_OFF_LABEL) or autoStart: self.startButton.setText(MONITOR_ON_LABEL) self.startButton.setBackground(GREEN_COLOR) self.STATUS = True else: self.startButton.setText(MONITOR_OFF_LABEL) self.startButton.setBackground(RED_COLOR) self.STATUS = False def handleStartButton(self, event): self.startOrStop(event, False) def handleAutoSaveOption(self, event): self._callbacks.saveExtensionSetting( "CONFIG_AUTOSAVE", str(self.autoSaveOption.isSelected())) return def handleSaveButton(self, event): self.exportState("") def handleLoadButton(self, event): self.importState("") def handleRepeaterOptionButton(self, event): self._callbacks.saveExtensionSetting( "CONFIG_REPEATER", str(self.repeaterOptionButton.isSelected())) return def handleScopeOptionButton(self, event): self.CONFIG_INSCOPE = self.scopeOptionButton.isSelected() self._callbacks.saveExtensionSetting("CONFIG_INSCOPE", str(self.CONFIG_INSCOPE)) return def handleBadExtensionsButton(self, event): #print "before BAD array: " print self.BAD_EXTENSIONS extensions = self.badExtensionsText.getText() self._callbacks.saveExtensionSetting("badExtensions", extensions) print 'New extensions blocked: ' + extensions bad = extensions.replace(" ", "") self.BAD_EXTENSIONS = bad.split(",") #print "BAD array: " #print self.BAD_EXTENSIONS def handleBadExtensionsDefaultButton(self, event): self.BAD_EXTENSIONS = self.BAD_EXTENSIONS_DEFAULT self.badExtensionsText.setText(", ".join(self.BAD_EXTENSIONS)) self._callbacks.saveExtensionSetting("badExtensions", ", ".join(self.BAD_EXTENSIONS)) return def handleBadMimesDefaultButton(self, event): self.BAD_MIMES = self.BAD_MIMES_DEFAULT self.badMimesText.setText(", ".join(self.BAD_MIMES)) self._callbacks.saveExtensionSetting("badExtensions", ", ".join(self.BAD_MIMES)) return def handleBadMimesButton(self, event): mimes = self.badMimesText.getText() self._callbacks.saveExtensionSetting("badMimes", mimes) print 'New mimes blocked: ' + mimes bad = mimes.replace(" ", "") self.BAD_MIMES = bad.split(",") def handleClearButton(self, event): print 'Clearing table' self._lock.acquire() self._log = ArrayList() self._fullLog = ArrayList() self._lock.release() return def handleRadioConfig(self, event): #print ' radio button clicked ' #print event.getActionCommand() self._lock.acquire() if event.getActionCommand() == SHOW_ALL_BUTTON_LABEL: print "Showing all" self._log = self._fullLog elif event.getActionCommand() == SHOW_NEW_BUTTON_LABEL: print "Showing new scope only" tmpLog = ArrayList() for item in self._fullLog: if not (item._analyzed): tmpLog.add(item) self._log = tmpLog elif event.getActionCommand() == SHOW_TEST_BUTTON_LABEL: print "Showing tested scope only" tmpLog = ArrayList() for item in self._fullLog: if item._analyzed: tmpLog.add(item) self._log = tmpLog else: print "unrecognized radio label" self.fireTableDataChanged() #self._tableRowSorterAutoProxyAutoAction.toggleSortOrder(1) #self.toggleSortOrder(2) #self.logTable.toggleSortOrder(2) # refresh table? self._lock.release() # # implement ITab # def getTabCaption(self): return "Scope Monitor" def getUiComponent(self): return self._parentPane # # implement IHttpListener # def markAnalyzed(self, messageIsRequest, state): #print "markAnalyzed..." self._lock.acquire() url = self.getEndpoint(messageIsRequest) for item in self._log: if url == item._url: item._analyzed = state self._lock.release() return self._lock.release() return def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests #print "processing httpMessage.." #print messageIsRequest print "processHttpMessage toolFlag: " + str(toolFlag) #print " -- " + str(self._callbacks.getToolName(toolFlag)) + " -- " if not (self.STATUS): return #print "global handler status: (true): " + str(self.GLOBAL_HANDLER) #print "(processHTTP) messageIsRequest" #print messageIsRequest isFromPassiveScan = False if toolFlag == 1234: print "1 processHttpMessage: processing passiveScan item" isFromPassiveScan = True if toolFlag != 1234: if messageIsRequest and not (self.GLOBAL_HANDLER): print "1.5 processHttpMessage droping message" return if self.scopeOptionButton.isSelected(): url = self._helpers.analyzeRequest(messageInfo).getUrl() if not self._callbacks.isInScope(url): #print 'Url not in scope, skipping.. ' return #print "still processing httpMessage.., request came from: " + self._callbacks.getToolName(toolFlag) if toolFlag == 1234: print "2 processHttpMessage: processing passiveScan item; setting toolFlag to proxy (4)" toolFlag = 4 #toolFlag = 4 if ((self._callbacks.getToolName(toolFlag) != "Repeater") and (self._callbacks.getToolName(toolFlag) != "Proxy") and (self._callbacks.getToolName(toolFlag) != "Target")): #print 'Aborting processHTTP, request came from: ' + str(self._callbacks.getToolName(toolFlag)) print "Droping request from " + str( self._callbacks.getToolName(toolFlag)) return #print "---> still processing from tool: " + str(self._callbacks.getToolName(toolFlag)) url = self.getEndpoint(messageInfo) method = self.getMethod(messageInfo) #print "(processHTTP) before extensions check: " + url for extension in self.BAD_EXTENSIONS: if url.endswith(extension): return if messageInfo.getResponse(): mime = self._helpers.analyzeResponse( messageInfo.getResponse()).getStatedMimeType() #print 'Declared mime:' + mime mime = mime.lower() if mime in self.BAD_MIMES: #print 'Bad mime:' + mime return #print "[httpMessage] before lock" # create a new log entry with the message details self._lock.acquire() row = self._log.size() for item in self._log: if url == item._url: if method == self._helpers.analyzeRequest( item._requestResponse).getMethod(): #print 'duplicate URL+method, skipping.. ' self._lock.release() # has it been analyzed? analyzed = False if self._callbacks.getToolName(toolFlag) == "Repeater": if self.repeaterOptionButton.isSelected(): analyzed = True #print "[httpMessage] setting analyzed as true" if self.GLOBAL_HANDLER_ANALYZED: analyzed = True item._analyzed = analyzed self.paintItems(messageInfo, item) return #print "[httpMessage] before setComment" if not (isFromPassiveScan): messageInfo.setComment(SCOPE_MONITOR_COMMENT) # reached here, must be new entry analyzed = False if self._callbacks.getToolName(toolFlag) == "Repeater": if self.repeaterOptionButton.isSelected(): analyzed = True #print "[httpMessage] setting analyzed as true" if self.GLOBAL_HANDLER_ANALYZED: analyzed = True #print "[httpMessage] after comment" #print 'in httpmessage, response:' #print self._helpers.analyzeResponse(messageInfo.getResponse()) date = datetime.datetime.fromtimestamp( time.time()).strftime('%H:%M:%S %d %b %Y') entry = LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(messageInfo), url, analyzed, date, method) #print "toolFlag: " + str(toolFlag) #print "(processHTTP) Adding URL: " + url self._log.add(entry) self._fullLog.add(entry) self.fireTableRowsInserted(row, row) self.paintItems(messageInfo, entry) self._lock.release() #print "columnCoun:" + str(self.logTable.getColumnCount()) # # extend AbstractTableModel # def paintItems(self, messageInfo, item): ''' print "in paint Items" print "mark color is: (true)" + str(self.markTestedRequestsProxy.isSelected()) print "global handler analyzed: :" + str(self.GLOBAL_HANDLER_ANALYZED) print "item analyzed should be the same ^^:" + str(item._analyzed) ''' if (self.markTestedRequestsProxy.isSelected()) and ( item._analyzed and self.GLOBAL_HANDLER_ANALYZED): messageInfo.setHighlight("green") return if self.markNotTestedRequestsProxy.isSelected() and not ( item._analyzed): messageInfo.setHighlight("red") def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 4 def getColumnName(self, columnIndex): if columnIndex == 0: return "Checked" if columnIndex == 1: return "URL" if columnIndex == 2: return "Method" if columnIndex == 3: return "Time" def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) #self.setBackground(Color.GREEN) return self.returnEntry(rowIndex, columnIndex, logEntry) if self.showNewButton.isSelected() and not (logEntry._analyzed): return self.returnEntry(rowIndex, columnIndex, logEntry) elif self.showTestedButton.isSelected() and logEntry._analyzed: return self.returnEntry(rowIndex, columnIndex, logEntry) elif self.showAllButton.isSelected(): return self.returnEntry(rowIndex, columnIndex, logEntry) def returnEntry(self, rowIndex, columnIndex, entry): logEntry = self._log.get(rowIndex) if columnIndex == 0: if logEntry._analyzed: return "True" else: return "False" if columnIndex == 1: return self._helpers.urlDecode(logEntry._url) if columnIndex == 2: return logEntry._method if columnIndex == 3: return logEntry._date # return date return "" # # implement IMessageEditorController # this allows our request/response viewers to obtain details about the messages being displayed # def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): #print 'getRequest called' return self._currentlyDisplayedItem.getRequest() def getResponse(self): #print 'getResponse called: ' print self._currentlyDisplayedItem.getResponse() return self._currentlyDisplayedItem.getResponse() def exportRequest(self, entity, filename): line = str(entity._analyzed) + "," line = line + self._helpers.urlEncode(entity._url).replace( ",", "%2c") + "," # URL is encoded so we should be good line = line + entity._method + "," line = line + entity._date line = line + '\n' #print 'Exporting: "' + line + '"' return line def exportUrlEncode(self, url): return self._helpers.urlEncode(url).replace(",", "%2c") def exportState(self, filename): filename = self.selectPathText.getText() if filename == "": filename = self._callbacks.loadExtensionSetting("exportFile") print 'Empty filename, skipping export' return else: self._callbacks.saveExtensionSetting("exportFile", filename) print 'saving state to: ' + filename savedUrls = [] self._lockFile.acquire() try: with open(filename, 'r') as fr: savedEntries = fr.read().splitlines() savedUrls = [] for savedEntry in savedEntries: savedUrls.append(savedEntry.split(",")[1]) #print "savedUrls len: " + str(len(savedUrls)) #print "savedUrls:" #print savedUrls fr.close() except IOError: print "Autosaving skipped as file doesn't exist yet" with open(filename, 'a+') as f: for item in self._log: if self.exportUrlEncode(item._url) not in savedUrls: line = self.exportRequest(item, "xx") f.write(line) f.close() self._lockFile.release() return def importState(self, filename): filename = self.selectPathText.getText() if filename == "": filename = self._callbacks.loadExtensionSetting("exportFile") print 'Empty filename, skipping import' return else: self._callbacks.saveExtensionSetting("exportFile", filename) print 'loading state from: ' + filename self.STATUS = False self._lockFile.acquire() with open(filename, 'r') as f: proxy = self._callbacks.getProxyHistory() proxyItems = [] for item in proxy: if item.getComment(): if SCOPE_MONITOR_COMMENT in item.getComment(): proxyItems.append(item) print 'proxyItems has: ' + str(len(proxyItems)) # TODO - if no proxy items, sraight to import lines = f.read().splitlines() for line in lines: data = line.split(",") url = data[1] url = self._helpers.urlDecode(url) #print 'Saving: ' + url if not self._callbacks.isInScope(URL(url)): print '-- imported url not in scope, skipping.. ' continue analyzed = False if data[0] == "True": analyzed = True #print '.. simulating url search.. ' requestResponse = None for request in proxyItems: if url == self.getEndpoint(request): #print 'Match found when importing for url: ' + url requestResponse = request break self._log.add( LogEntry("", requestResponse, url, analyzed, data[3], data[2])) self._lockFile.release() print 'finished loading.. ' #print 'size: ' + str(self._log.size()) self.fireTableDataChanged() if self.startButton.getText() == MONITOR_ON_LABEL: self.STATUS = True return def autoSave(self, sc): #print 'autosaving.. lol what' if self.autoSaveOption.isSelected(): print "[" + self.getTime( ) + "] autosaving to " + self._callbacks.loadExtensionSetting( "exportFile") self.exportState("") self.SC.enter(self.AUTOSAVE_TIMEOUT, 1, self.autoSave, (self.SC, )) return def getTime(self): date = datetime.datetime.fromtimestamp( time.time()).strftime('%H:%M:%S') return date
class BurpExtender(IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): global EXTENSION_NAME sys.stdout = callbacks.getStdout() sys.stderr = callbacks.getStderr() # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName(EXTENSION_NAME) # register ourselves as a Http Listener callbacks.registerHttpListener(self) # register ourselves as a message editor tab factory callbacks.registerMessageEditorTabFactory(self) # setup the UI self.initGui() # add the custom tab to Burp's UI self._callbacks.addSuiteTab(self) return # # create the Gui # def initGui(self): #~ if DEBUG: #~ import pdb; #~ pdb.set_trace() tabPane = JTabbedPane(JTabbedPane.TOP) CreditsText = "<html># Burp Custom Deserializer<br/># Copyright (c) 2016, Marco Tinari<br/>#<br/># This program is free software: you can redistribute it and/or modify<br/># it under the terms of the GNU General Public License as published by<br/># the Free Software Foundation, either version 3 of the License, or<br/># (at your option) any later version.<br/>#<br/># This program is distributed in the hope that it will be useful,<br/># but WITHOUT ANY WARRANTY; without even the implied warranty of<br/># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br/># GNU General Public License for more details.<br/>#<br/># You should have received a copy of the GNU General Public License<br/># along with this program. If not, see <http://www.gnu.org/licenses/>.)<br/></html>" label1 = JLabel( "<html>Usage:<br>1 - Select the desired encoding functions<br>2 - Enter the name of the parameter in the input field below and press the Apply button!</html>" ) label2 = JLabel(CreditsText) panel1 = JPanel() #set layout panel1.setLayout(GridLayout(11, 1)) panel2 = JPanel() panel1.add(label1) panel2.add(label2) tabPane.addTab("Configuration", panel1) tabPane.addTab("Credits", panel2) applyButton = JButton('Apply', actionPerformed=self.reloadConf) panel1.add(applyButton, BorderLayout.SOUTH) #define GET/POST/COOKIE radio button self.GETparameterTypeRadioButton = JRadioButton('GET parameter') self.POSTparameterTypeRadioButton = JRadioButton('POST parameter') self.COOKIEparameterTypeRadioButton = JRadioButton('COOKIE parameter') self.POSTparameterTypeRadioButton.setSelected(True) group = ButtonGroup() group.add(self.GETparameterTypeRadioButton) group.add(self.POSTparameterTypeRadioButton) group.add(self.COOKIEparameterTypeRadioButton) self.base64Enabled = JCheckBox("Base64 encode") self.URLEnabled = JCheckBox("URL encode") self.ASCII2HexEnabled = JCheckBox("ASCII to Hex") self.ScannerEnabled = JCheckBox( "<html>Enable serialization in Burp Scanner<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.rightclick->Actively scan defined insertion points)</html>" ) self.IntruderEnabled = JCheckBox( "<html>Enable serialization in Burp Intruder<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.Start the attack</html>" ) self.parameterName = JTextField("Parameter name goes here...", 60) #set the tooltips self.parameterName.setToolTipText( "Fill in the parameter name and apply") self.base64Enabled.setToolTipText("Enable base64 encoding/decoding") self.ASCII2HexEnabled.setToolTipText( "Enable ASCII 2 Hex encoding/decoding") self.URLEnabled.setToolTipText("Enable URL encoding/decoding") self.IntruderEnabled.setToolTipText( "Check this if You want the extension to intercept and modify every request made by the Burp Intruder containing the selected paramter" ) self.ScannerEnabled.setToolTipText( "Check this if You want the extension to intercept and modify every request made by the Burp Scanner containing the selected paramter" ) #add checkboxes to the panel panel1.add(self.parameterName) panel1.add(self.POSTparameterTypeRadioButton) panel1.add(self.GETparameterTypeRadioButton) panel1.add(self.COOKIEparameterTypeRadioButton) panel1.add(self.base64Enabled) panel1.add(self.URLEnabled) panel1.add(self.ASCII2HexEnabled) panel1.add(self.IntruderEnabled) panel1.add(self.ScannerEnabled) #assign tabPane self.tab = tabPane def reloadConf(self, event): #~ if DEBUG: #~ import pdb; pdb.set_trace() source = event.getSource() print 'APPLY button clicked. New configuration loaded.' global MAGIC_PARAMETER global PARAMETERISPOST global PARAMETERISGET global PARAMETERISCOOKIE global BASE64ENCODINGENABLED global ASCII2HEXENCODINGENABLED global URLENCODINGENABLED global INTRUDERENABLED global SCANNERENABLED MAGIC_PARAMETER = self.parameterName.getText() print 'Base64 checkbox is: ' + str(self.base64Enabled.isSelected()) if self.base64Enabled.isSelected(): BASE64ENCODINGENABLED = True else: BASE64ENCODINGENABLED = False print 'ASCII2Hex checkbox is: ' + str( self.ASCII2HexEnabled.isSelected()) if self.ASCII2HexEnabled.isSelected(): ASCII2HEXENCODINGENABLED = True else: ASCII2HEXENCODINGENABLED = False print 'URL checkbox is: ' + str(self.URLEnabled.isSelected()) if self.URLEnabled.isSelected(): URLENCODINGENABLED = True else: URLENCODINGENABLED = False print 'New Magic parameter is: ' + str(MAGIC_PARAMETER) if self.POSTparameterTypeRadioButton.isSelected(): #BODYPARAM PARAMETERISPOST = True print "parameterispost has been set to: " + str(PARAMETERISPOST) else: PARAMETERISPOST = False print "parameterispost has been set to: " + str(PARAMETERISPOST) if self.GETparameterTypeRadioButton.isSelected(): #GETPARAM PARAMETERISGET = True print "parameterisget has been set to: " + str(PARAMETERISGET) else: PARAMETERISGET = False print "parameterisget has been set to: " + str(PARAMETERISGET) if self.COOKIEparameterTypeRadioButton.isSelected(): #COOKIEPARAM PARAMETERISCOOKIE = True print "parameteriscookie has been set to: " + str( PARAMETERISCOOKIE) else: PARAMETERISCOOKIE = False print "parameteriscookie has been set to: " + str( PARAMETERISCOOKIE) if self.ScannerEnabled.isSelected(): SCANNERENABLED = True print "Scanner Enabled" else: SCANNERENABLED = False if self.IntruderEnabled.isSelected(): INTRUDERENABLED = True print "Intruder Enabled" else: INTRUDERENABLED = False # # implement IHTTPListener # def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): global PARAMETERISPOST global PARAMETERISGET global PARAMETERISCOOKIE global URLENCODINGENABLED global BASE64ENCODINGENABLED global ASCII2HEXENCODINGENABLED global INTRUDERENABLED global SCANNERENABLED #only process requests if not messageIsRequest: return #only process messages from Intruder and Scanner, otherwise exit #if (not self._callbacks.TOOL_INTRUDER == toolFlag): if ((not ( (self._callbacks.TOOL_INTRUDER == toolFlag) and INTRUDERENABLED)) and (not ((self._callbacks.TOOL_SCANNER == toolFlag) and SCANNERENABLED))): #print "exiting- toolflag:"+str(toolFlag)+' INTRUDERENABLED='+str(INTRUDERENABLED)+' SCANNERENABLED='+str(SCANNERENABLED) return #if ((not self._callbacks.TOOL_INTRUDER == toolFlag)) and ((not self._callbacks.TOOL_SCANNER == toolFlag)):#remove the comment to always enable if DEBUG: print "IHTTPListener Enabled in: " + str(toolFlag) requestInfo = self._helpers.analyzeRequest(currentRequest) timestamp = datetime.now() if DEBUG: print "Intercepting message at: ", timestamp.isoformat() #parameters = requestInfo.getParameters() dataParameter = self._helpers.getRequestParameter( currentRequest.getRequest(), MAGIC_PARAMETER) #FIXME: add exception handling for multiple parameters with the same name and/or in a different position!!! if DEBUG: print 'dataparameter:' + str(dataParameter) if (dataParameter == None): if DEBUG: print 'Parameter does not exist' return serializedValue = dataParameter.getValue() #FIXME: substitute '[AND]' placeholder with '&' charachter - we should do something more elegant here :/ serializedValue = re.sub(r'\[AND\]', '&', serializedValue) print "unserialized parameter value: ", str(serializedValue) if BASE64ENCODINGENABLED: #if base64Encode is selected serializedValue = self._helpers.base64Encode(serializedValue) if DEBUG: print "base64 encoded parameter value: ", str(serializedValue) if URLENCODINGENABLED: #if URLEncode is selected serializedValue = self._helpers.urlEncode(serializedValue) if DEBUG: print "URL ecoded parameter value: ", str(serializedValue) if ASCII2HEXENCODINGENABLED: #if ASCII2HexEncode is selected serializedValue = convert_ascii2hex(serializedValue) if DEBUG: print "ASCII2Hex ecoded parameter value: ", str( serializedValue) print "serialized parameter value: ", serializedValue if PARAMETERISPOST: if DEBUG: print "parameter is BODY" currentRequest.setRequest( self._helpers.updateParameter( currentRequest.getRequest(), self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue, IParameter.PARAM_BODY))) elif PARAMETERISGET: if DEBUG: print "parameter is in URL" currentRequest.setRequest( self._helpers.updateParameter( currentRequest.getRequest(), self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue, IParameter.PARAM_URL))) elif PARAMETERISCOOKIE: if DEBUG: print "parameter is a COOKIE" currentRequest.setRequest( self._helpers.updateParameter( currentRequest.getRequest(), self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue, IParameter.PARAM_COOKIE))) return # # implement ITab # def getTabCaption(self): global EXTENSION_TABCAPTION return (EXTENSION_TABCAPTION) def getUiComponent(self): #~ return self._splitpane return self.tab # # implement IMessageEditorTabFactory # def createNewInstance(self, controller, editable): # create a new instance of our custom editor tab return CustomInputTab(self, controller, editable)
class BurpExtender(IBurpExtender, IContextMenuFactory): # Implement IBurpExtender def registerExtenderCallbacks(self, callbacks): self.printHeader() # Set extension name callbacks.setExtensionName("Directory Listing Parser for Burp Suite") # Callbacks object self._callbacks = callbacks # Helpers object self._helpers = callbacks.getHelpers() # Register a factory for custom context menu items callbacks.registerContextMenuFactory(self) return # Create a menu item if the appropriate section of the UI is selected def createMenuItems(self, invocation): menu = [] # Which part of the interface the user selects ctx = invocation.getInvocationContext() # Message Viewer Req/Res, Site Map Table, and Proxy History will show menu item if selected by the user if ctx == 2 or ctx == 3 or ctx == 4 or ctx == 5 or ctx == 6: menu.append(JMenuItem("Import Directory Listing", None, actionPerformed=lambda x, inv=invocation: self.openGUI(inv))) return menu if menu else None # Create and place GUI components on JFrame def openGUI(self, invocation): try: # Get values from request or response the extension is invoked from and prepopulate GUI values invMessage = invocation.getSelectedMessages() message = invMessage[0] originalHttpService = message.getHttpService() self.originalMsgProtocol = originalHttpService.getProtocol() self.originalMsgHost = originalHttpService.getHost() self.originalMsgPort = originalHttpService.getPort() except: self.originalMsgProtocol = '' self.originalMsgHost = '' self.originalMsgPort = '' try: self.cookies = self._callbacks.getCookieJarContents() self.cookie = '' except: pass self.SSL = 'http://' self.listType = '' self.parsedList = [] # Set up main window (JFrame) self.window = JFrame("Directory Listing Parser for Burp Suite", preferredSize=(600, 475), windowClosing=self.closeUI) self.window.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE) emptyBorder = BorderFactory.createEmptyBorder(10, 10, 10, 10) self.window.contentPane.setBorder(emptyBorder) self.window.contentPane.layout = BorderLayout() # Main window title placed at the top of the main window with an invisible bottom border titlePanel = JPanel() titleBorder = BorderFactory.createEmptyBorder(0, 0, 10, 0) title = JLabel("Directory Listing Parser for Burp Suite", JLabel.CENTER) title.setBorder(titleBorder) title.setFont(Font("Default", Font.PLAIN, 18)) titlePanel.add(title) self.window.contentPane.add("North", titlePanel) # Left panel for user input, consisting of hostname, directory prefix, ssl, port, type of listing, and file self.leftPanel = JPanel() self.leftPanel.layout = GridLayout(14, 1, 3, 3) hostnameLabel = JLabel("Hostname:") if self.originalMsgHost: self.hostnameTextField = JTextField(self.originalMsgHost.rstrip()) else: self.hostnameTextField = JTextField('Hostname') dirPrefixLabel = JLabel("Full Directory Prefix (Windows):") self.dirPrefixField = JTextField('C:\\var\www\\') sslLabel = JLabel("SSL:") self.radioBtnSslEnabled = JRadioButton('Enabled (https)', actionPerformed=self.radioSsl) self.radioBtnSslDisabled = JRadioButton('Disabled (http)', actionPerformed=self.radioSsl) sslButtonGroup = ButtonGroup() sslButtonGroup.add(self.radioBtnSslEnabled) sslButtonGroup.add(self.radioBtnSslDisabled) if self.originalMsgProtocol == "https": self.radioBtnSslEnabled.setSelected(True) else: self.radioBtnSslDisabled.setSelected(True) portLabel = JLabel("Port:") if self.originalMsgPort: self.portTextField = JTextField(str(self.originalMsgPort).rstrip()) else: self.portTextField = JTextField('80') osLabel = JLabel("Type of File Listing:") self.types = ('Windows \'dir /s\'', 'Linux \'ls -lR\'', 'Linux \'ls -R\'') self.comboListingType = JComboBox(self.types) uploadLabel = JLabel("Directory Listing File:") self.uploadTextField = JTextField('') uploadButton = JButton('Choose File', actionPerformed=self.chooseFile) self.leftPanel.add(hostnameLabel) self.leftPanel.add(self.hostnameTextField) self.leftPanel.add(dirPrefixLabel) self.leftPanel.add(self.dirPrefixField) self.leftPanel.add(sslLabel) self.leftPanel.add(self.radioBtnSslEnabled) self.leftPanel.add(self.radioBtnSslDisabled) self.leftPanel.add(portLabel) self.leftPanel.add(self.portTextField) self.leftPanel.add(osLabel) self.leftPanel.add(self.comboListingType) self.leftPanel.add(uploadLabel) self.leftPanel.add(self.uploadTextField) self.leftPanel.add(uploadButton) # Right panel consisting of a text area for the URL list self.UrlPanelLabel = JLabel("URL List:") self.textArea = JTextArea() self.textArea.setEditable(True) self.textArea.setFont(Font("Default", Font.PLAIN, 14)) if self.cookies: self.textArea.append('Cookies Found:\n') for cookie in self.cookies: if cookie.getDomain() in self.originalMsgHost: self.cookie += cookie.getName() + '=' + cookie.getValue() + '; ' self.textArea.append(cookie.getName() + '=' + cookie.getValue() + '\n') scrollArea = JScrollPane(self.textArea) scrollArea.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS) scrollArea.setPreferredSize(Dimension(400, 200)) self.rightPanel = JPanel() self.rightPanel.setLayout(BorderLayout(3, 3)) self.rightPanel.add(self.UrlPanelLabel, BorderLayout.NORTH) self.rightPanel.add(scrollArea, BorderLayout.CENTER) # Panel for the generate URL list and import URL list buttons generatePanel = JPanel() generatePanel.layout = BorderLayout(3, 3) generateButton = JButton('Generate URL List', actionPerformed=self.generateUrlList) importButton = JButton('Import URL List to Burp Site Map', actionPerformed=self.confirmImport) generatePanel.add("North", generateButton) generatePanel.add("South", importButton) self.rightPanel.add("South", generatePanel) # Add the two main panels to the left and right sides self.window.contentPane.add("East", self.rightPanel) self.window.contentPane.add("West", self.leftPanel) # Create a panel to be used for the file chooser window self.uploadPanel = JPanel() self.window.pack() self.window.show() # JFileChooser and showDialog for the user to specify their directory listing input file def chooseFile(self, event): chooseFile = JFileChooser() filter = FileNameExtensionFilter("c files", ["c"]) chooseFile.addChoosableFileFilter(filter) chooseFile.showDialog(self.uploadPanel, "Choose File") chosenFile = chooseFile.getSelectedFile() self.uploadTextField.text = str(chosenFile) # Set whether https is enabled. Default is disabled (http) def radioSsl(self, event): if self.radioBtnSslEnabled.isSelected(): self.SSL = 'https://' else: self.SSL = 'http://' # Create a parser object and pass the user's specified options. Retrieve the results and print them to a text area def generateUrlList(self, event): fileListingType = self.comboListingType.selectedIndex self.listType = self.types[fileListingType] urlsMade = 0 if os.path.isfile(self.uploadTextField.text): parser = ListingParser() parser.parse(self.hostnameTextField.getText(), self.dirPrefixField.getText().rstrip(), self.SSL, self.portTextField.getText(), self.listType, self.uploadTextField.getText()) self.parsedList = parser.returnList() self.textArea.setText('') for item in self.parsedList: self.textArea.append(item + '\n') urlsMade = str(len(self.parsedList)) if self.parsedList and urlsMade: self.textArea.append('\n' + 'Total Directories Found: ' + str(parser.directoryCount)) self.textArea.append('\n' + 'Total URLs Created: ' + urlsMade) else: self.textArea.append('Error occurred during parsing.\n') self.textArea.append('Please make sure the directory listing is a valid format and all input is correct.\n') self.textArea.append('E-mail [email protected] with errors or for further help.') else: JOptionPane.showMessageDialog(None, 'ERROR: File is not valid file or not found!') def closeUI(self, event): self.window.setVisible(False) self.window.dispose() # This is initiated by the user selecting the 'import to burp' button. Checks each generated URL for a valid response and adds it to the site map def importList(self): if self.parsedList: urlsAdded = 0 # Loop through each URL and check the response. If the response code is less than 404, add to site map for item in self.parsedList: # Pass exception if urlopen returns an http error if the URL is not reachable try: code = urlopen(item).code if code < 404: javaURL = URL(item) newRequest = self._helpers.buildHttpRequest(javaURL) stringNewRequest = self._helpers.bytesToString(newRequest).rstrip() if self.cookie: stringNewRequest += '\nCookie: ' + self.cookie.rstrip('; ') + '\r\n\r\n' requestResponse = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(javaURL.getHost()), int(javaURL.getPort()), javaURL.getProtocol() == "https"), stringNewRequest) else: requestResponse = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(javaURL.getHost()), int(javaURL.getPort()), javaURL.getProtocol() == "https"), newRequest) self._callbacks.addToSiteMap(requestResponse) urlsAdded += 1 except Exception, e: print e pass JOptionPane.showMessageDialog(None, str(urlsAdded) + " URL(s) added to Burp site map.") else:
class BurpExtender(IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): global EXTENSION_NAME sys.stdout = callbacks.getStdout() sys.stderr = callbacks.getStderr() # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName(EXTENSION_NAME) # register ourselves as a Http Listener callbacks.registerHttpListener(self) # register ourselves as a message editor tab factory callbacks.registerMessageEditorTabFactory(self) # setup the UI self.initGui() # add the custom tab to Burp's UI self._callbacks.addSuiteTab(self) return # # create the Gui # def initGui(self): #~ if DEBUG: #~ import pdb; #~ pdb.set_trace() tabPane = JTabbedPane(JTabbedPane.TOP) CreditsText = "<html># Burp Custom Deserializer<br/># Copyright (c) 2016, Marco Tinari<br/>#<br/># This program is free software: you can redistribute it and/or modify<br/># it under the terms of the GNU General Public License as published by<br/># the Free Software Foundation, either version 3 of the License, or<br/># (at your option) any later version.<br/>#<br/># This program is distributed in the hope that it will be useful,<br/># but WITHOUT ANY WARRANTY; without even the implied warranty of<br/># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br/># GNU General Public License for more details.<br/>#<br/># You should have received a copy of the GNU General Public License<br/># along with this program. If not, see <http://www.gnu.org/licenses/>.)<br/></html>" label1 = JLabel("<html>Usage:<br>1 - Select the desired encoding functions<br>2 - Enter the name of the parameter in the input field below and press the Apply button!</html>") label2 = JLabel(CreditsText) panel1 = JPanel() #set layout panel1.setLayout(GridLayout(11,1)) panel2 = JPanel() panel1.add(label1) panel2.add(label2) tabPane.addTab("Configuration", panel1) tabPane.addTab("Credits", panel2) applyButton = JButton('Apply',actionPerformed=self.reloadConf) panel1.add(applyButton, BorderLayout.SOUTH) #define GET/POST/COOKIE radio button self.GETparameterTypeRadioButton = JRadioButton('GET parameter') self.POSTparameterTypeRadioButton = JRadioButton('POST parameter') self.COOKIEparameterTypeRadioButton = JRadioButton('COOKIE parameter') self.POSTparameterTypeRadioButton.setSelected(True) group = ButtonGroup() group.add(self.GETparameterTypeRadioButton) group.add(self.POSTparameterTypeRadioButton) group.add(self.COOKIEparameterTypeRadioButton) self.base64Enabled = JCheckBox("Base64 encode") self.URLEnabled = JCheckBox("URL encode") self.ASCII2HexEnabled = JCheckBox("ASCII to Hex") self.ScannerEnabled = JCheckBox("<html>Enable serialization in Burp Scanner<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.rightclick->Actively scan defined insertion points)</html>") self.IntruderEnabled = JCheckBox("<html>Enable serialization in Burp Intruder<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.Start the attack</html>") self.parameterName = JTextField("Parameter name goes here...",60) #set the tooltips self.parameterName.setToolTipText("Fill in the parameter name and apply") self.base64Enabled.setToolTipText("Enable base64 encoding/decoding") self.ASCII2HexEnabled.setToolTipText("Enable ASCII 2 Hex encoding/decoding") self.URLEnabled.setToolTipText("Enable URL encoding/decoding") self.IntruderEnabled.setToolTipText("Check this if You want the extension to intercept and modify every request made by the Burp Intruder containing the selected paramter") self.ScannerEnabled.setToolTipText("Check this if You want the extension to intercept and modify every request made by the Burp Scanner containing the selected paramter") #add checkboxes to the panel panel1.add(self.parameterName) panel1.add(self.POSTparameterTypeRadioButton) panel1.add(self.GETparameterTypeRadioButton) panel1.add(self.COOKIEparameterTypeRadioButton) panel1.add(self.base64Enabled) panel1.add(self.URLEnabled) panel1.add(self.ASCII2HexEnabled) panel1.add(self.IntruderEnabled) panel1.add(self.ScannerEnabled) #assign tabPane self.tab = tabPane def reloadConf(self,event): #~ if DEBUG: #~ import pdb; pdb.set_trace() source = event.getSource() print 'APPLY button clicked. New configuration loaded.' global MAGIC_PARAMETER global PARAMETERISPOST global PARAMETERISGET global PARAMETERISCOOKIE global BASE64ENCODINGENABLED global ASCII2HEXENCODINGENABLED global URLENCODINGENABLED global INTRUDERENABLED global SCANNERENABLED MAGIC_PARAMETER=self.parameterName.getText() print 'Base64 checkbox is: '+str(self.base64Enabled.isSelected()) if self.base64Enabled.isSelected(): BASE64ENCODINGENABLED=True else: BASE64ENCODINGENABLED=False print 'ASCII2Hex checkbox is: '+str(self.ASCII2HexEnabled.isSelected()) if self.ASCII2HexEnabled.isSelected(): ASCII2HEXENCODINGENABLED=True else: ASCII2HEXENCODINGENABLED=False print 'URL checkbox is: '+str(self.URLEnabled.isSelected()) if self.URLEnabled.isSelected(): URLENCODINGENABLED=True else: URLENCODINGENABLED=False print 'New Magic parameter is: '+str(MAGIC_PARAMETER) if self.POSTparameterTypeRadioButton.isSelected(): #BODYPARAM PARAMETERISPOST=True print "parameterispost has been set to: " + str(PARAMETERISPOST) else: PARAMETERISPOST=False print "parameterispost has been set to: " + str(PARAMETERISPOST) if self.GETparameterTypeRadioButton.isSelected(): #GETPARAM PARAMETERISGET=True print "parameterisget has been set to: " + str(PARAMETERISGET) else: PARAMETERISGET=False print "parameterisget has been set to: " + str(PARAMETERISGET) if self.COOKIEparameterTypeRadioButton.isSelected(): #COOKIEPARAM PARAMETERISCOOKIE=True print "parameteriscookie has been set to: " + str(PARAMETERISCOOKIE) else: PARAMETERISCOOKIE=False print "parameteriscookie has been set to: " + str(PARAMETERISCOOKIE) if self.ScannerEnabled.isSelected(): SCANNERENABLED=True print "Scanner Enabled" else: SCANNERENABLED=False if self.IntruderEnabled.isSelected(): INTRUDERENABLED=True print "Intruder Enabled" else: INTRUDERENABLED=False # # implement IHTTPListener # def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): global PARAMETERISPOST global PARAMETERISGET global PARAMETERISCOOKIE global URLENCODINGENABLED global BASE64ENCODINGENABLED global ASCII2HEXENCODINGENABLED global INTRUDERENABLED global SCANNERENABLED #only process requests if not messageIsRequest: return #only process messages from Intruder and Scanner, otherwise exit #if (not self._callbacks.TOOL_INTRUDER == toolFlag): if ((not ((self._callbacks.TOOL_INTRUDER == toolFlag) and INTRUDERENABLED)) and (not ((self._callbacks.TOOL_SCANNER == toolFlag) and SCANNERENABLED))): #print "exiting- toolflag:"+str(toolFlag)+' INTRUDERENABLED='+str(INTRUDERENABLED)+' SCANNERENABLED='+str(SCANNERENABLED) return #if ((not self._callbacks.TOOL_INTRUDER == toolFlag)) and ((not self._callbacks.TOOL_SCANNER == toolFlag)):#remove the comment to always enable if DEBUG: print "IHTTPListener Enabled in: " + str(toolFlag) requestInfo = self._helpers.analyzeRequest(currentRequest) timestamp = datetime.now() if DEBUG: print "Intercepting message at: ", timestamp.isoformat() #parameters = requestInfo.getParameters() dataParameter = self._helpers.getRequestParameter(currentRequest.getRequest(), MAGIC_PARAMETER) #FIXME: add exception handling for multiple parameters with the same name and/or in a different position!!! if DEBUG: print 'dataparameter:'+str(dataParameter) if (dataParameter == None): if DEBUG: print 'Parameter does not exist' return serializedValue = dataParameter.getValue() #FIXME: substitute '[AND]' placeholder with '&' charachter - we should do something more elegant here :/ serializedValue = re.sub(r'\[AND\]', '&', serializedValue) print "unserialized parameter value: ", str(serializedValue) if BASE64ENCODINGENABLED: #if base64Encode is selected serializedValue = self._helpers.base64Encode(serializedValue) if DEBUG: print "base64 encoded parameter value: ", str(serializedValue) if URLENCODINGENABLED: #if URLEncode is selected serializedValue = self._helpers.urlEncode(serializedValue) if DEBUG: print "URL ecoded parameter value: ", str(serializedValue) if ASCII2HEXENCODINGENABLED: #if ASCII2HexEncode is selected serializedValue = convert_ascii2hex(serializedValue) if DEBUG: print "ASCII2Hex ecoded parameter value: ", str(serializedValue) print "serialized parameter value: ", serializedValue if PARAMETERISPOST: if DEBUG: print "parameter is BODY" currentRequest.setRequest(self._helpers.updateParameter(currentRequest.getRequest(),self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue,IParameter.PARAM_BODY))) elif PARAMETERISGET: if DEBUG: print "parameter is in URL" currentRequest.setRequest(self._helpers.updateParameter(currentRequest.getRequest(),self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue,IParameter.PARAM_URL))) elif PARAMETERISCOOKIE: if DEBUG: print "parameter is a COOKIE" currentRequest.setRequest(self._helpers.updateParameter(currentRequest.getRequest(),self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue,IParameter.PARAM_COOKIE))) return # # implement ITab # def getTabCaption(self): global EXTENSION_TABCAPTION return(EXTENSION_TABCAPTION) def getUiComponent(self): #~ return self._splitpane return self.tab # # implement IMessageEditorTabFactory # def createNewInstance(self, controller, editable): # create a new instance of our custom editor tab return CustomInputTab(self, controller, editable)
class ConfigurationPanel(JPanel, PropertyChangeListener): def __init__(self): ''' Configuration Panel ''' # pconfig = JPanel(GridBagLayout()) # pconfig.setSize(Dimension(500,300)) self.setLayout(GridBagLayout()) # super(self,GridBagLayout()) self.setSize(Dimension(500,300)) ''' fila 1 ''' label = JLabel('Configuration panel') c1 = GridBagConstraints() c1.fill = GridBagConstraints.HORIZONTAL c1.weightx = 0.5 c1.gridwidth = 4 c1.gridx = 0 c1.gridy = 0 self.add(label, c1) ''' fila 2 ''' self.radioBtnOMC = JRadioButton('OpenModelica') c2 = GridBagConstraints() c2.fill = GridBagConstraints.HORIZONTAL c2.weightx = 0.5 c2.gridx = 0 c2.gridy = 1 self.add(self.radioBtnOMC, c2) self.radioBtnJM = JRadioButton('JModelica') c3 = GridBagConstraints() c3.fill = GridBagConstraints.HORIZONTAL c3.weightx = 0.5 c3.gridx = 1 c3.gridy = 1 self.add(self.radioBtnJM, c3) self.radioBtnDY = JRadioButton('Dymola') c4 = GridBagConstraints() c4.fill = GridBagConstraints.HORIZONTAL c4.weightx = 0.5 c4.gridx = 2 c4.gridy = 1 self.add(self.radioBtnDY, c4) rbBtnGroup = ButtonGroup() rbBtnGroup.add(self.radioBtnOMC) rbBtnGroup.add(self.radioBtnJM) rbBtnGroup.add(self.radioBtnDY) ''' fila 2 ''' label = JLabel('Start time') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 0 c.gridy = 2 self.add(label, c) self.txtstart= JTextField('0') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 1 c.gridy = 2 self.add(self.txtstart, c) label = JLabel('Stop time') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 2 c.gridy = 2 self.add(label, c) self.txtstop= JTextField('0') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 3 c.gridy = 2 self.add(self.txtstop, c) ''' fila 3 ''' label = JLabel('Solver') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 0 c.gridy = 3 self.add(label, c) self.cbsolver= JComboBox(['dassl','rkfix2']) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 1 c.gridy = 3 self.add(self.cbsolver, c) label = JLabel('Algorithm (JM)') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 2 c.gridy = 3 self.add(label, c) self.cbalgorithm= JComboBox(['AssimuloAlg']) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 3 c.gridy = 3 self.add(self.cbalgorithm, c) ''' fila 4 ''' label = JLabel('Interval') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 0 c.gridy = 4 self.add(label, c) self.txtinterval= JTextField('0') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 1 c.gridy = 4 self.add(self.txtinterval, c) ''' fila 5 ''' label = JLabel('Tolerance') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 0 c.gridy = 5 self.add(label, c) self.txttolerance= JTextField('0') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 1 c.gridy = 5 self.add(self.txttolerance, c) ''' fila 6 ''' label = JLabel('Output format') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 0 c.gridy = 6 self.add(label, c) self.cboutformat= JComboBox(['.mat','.h5','.csv']) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 1 c.gridy = 6 self.add(self.cboutformat, c) label = JLabel('Initialize (JM)') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 2 c.gridy = 6 self.add(label, c) self.cbinitialize= JComboBox(['True','False']) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridx = 3 c.gridy = 6 self.add(self.cbinitialize, c) ''' fila 7 ''' bSaveCfg= JButton('Save Configuration', actionPerformed= self.saveConfiguration) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridwidth = 2 c.gridx = 0 c.gridy = 7 self.add(bSaveCfg, c) self.bSimulation= JButton('Load Configuration', actionPerformed= self.loadConfiguration) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 0.5 c.gridwidth = 2 c.gridx = 2 c.gridy = 7 self.add(self.bSimulation, c) ''' fila 8 ''' self.bSimulation= JButton('Simulate', actionPerformed= self.startSimlation) self.bSimulation.enabled= 0 c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 1 c.gridwidth = 4 c.gridx = 0 c.gridy = 8 self.add(self.bSimulation, c) ''' file 9 ''' simProgress= JProgressBar(0, self.getWidth(), value=0, stringPainted=True) c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 1 c.gridwidth = 4 c.gridx = 0 c.gridy = 9 self.add(simProgress, c) ''' fila 10 ''' self.lblResult= JLabel('Simulation information') c = GridBagConstraints() c.fill = GridBagConstraints.HORIZONTAL c.weightx = 1 c.gridwidth = 4 c.gridx = 0 c.gridy = 10 self.add(self.lblResult, c) def startSimlation(self, event): "Invoked when the user presses the start button" self.bSimulation.enabled = False #Instances of javax.swing.SwingWorker are not reusable, so #we create new instances as needed. self.simtask = SimulationTask(self) # self.simtask.addPropertyChangeListener(self) self.simtask.execute() def saveConfiguration(self,event): if self.radioBtnOMC.isSelected() or self.radioBtnDY.isSelected(): self.config= SimulationConfigOMCDY() self.config.set_starttime(self.txtstart.getText()) self.config.set_stoptime(self.txtstop.getText()) self.config.set_tolerance(self.txttolerance.getText()) self.config.set_intervals(self.txtinterval.getText()) self.config.set_method(self.cbsolver.selectedItem) self.config.set_outputformat(self.cboutformat.selectedItem) if self.radioBtnOMC.isSelected(): nomfile= './config/simConfigurationOMC.properties' if self.radioBtnDY.isSelected(): nomfile= './config/simConfigurationDY.properties' self.config.save_Properties(nomfile, 'Simulation Configuration') if self.radioBtnJM.isSelected(): self.config= SimulationConfigJM() self.config.set_starttime(self.txtstart.getText()) self.config.set_stoptime(self.txtstop.getText()) self.config.set_intervals(self.txtinterval.text) self.config.set_method(self.cbsolver.selectedItem) self.config.set_algorithm(self.cbalgorithm.selectedItem) self.config.set_initialization(self.cbinitialize.selectedItem) self.config.set_outputformat(self.cboutformat.selectedItem) nomfile= './config/simConfigurationJM.properties' self.config.save_Properties(nomfile, 'Simulation Configuration') self.bSimulation.enabled= 1 def loadConfiguration(self, event): if self.radioBtnOMC.isSelected() or self.radioBtnDY.isSelected(): self.config= SimulationConfigOMCDY() self.config.load_Properties('./config/simConfigurationOMC.properties') self.txtstart.setText(self.config.get_starttime()) self.txtstop.setText(self.config.get_stoptime()) self.txttolerance.setText(self.config.get_tolerance()) self.txtinterval.setText(self.config.get_intervals()) self.cbsolver.selectedItem= self.config.get_method() self.cboutformat.selectedItem= self.config.get_outputformat() if self.radioBtnJM.isSelected(): self.config= SimulationConfigJM() self.config.load_Properties('./config/simConfigurationJM.properties') self.txtstart.setText(self.config.get_starttime()) self.txtstop.setText(self.config.get_stoptime()) self.txtinterval.setText(self.config.get_intervals()) self.cbsolver.selectedItem= self.config.get_method() self.cbalgorithm.selectedItem= self.config.get_algorithm() self.cbinitialize.selectedItem= self.config.get_initialization() # self.cboutformat.selectedItem= self.config.get_outputformat() self.bSimulation.enabled= 1
class BurpExtender(IBurpExtender, IContextMenuFactory, IHttpListener, ISessionHandlingAction, ITab): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("JC-AntiToken") callbacks.registerContextMenuFactory(self) # callbacks.registerHttpListener(self) callbacks.registerSessionHandlingAction(self) self.drawUI() def printcn(self, msg): print(msg.decode('utf-8').encode(sys_encoding)) def drawUI(self): # 最外层:垂直盒子,内放一个水平盒子+一个胶水 out_vBox_main = Box.createVerticalBox() # 次外层:水平盒子,使用说明 usage = u''' JC-AntiToken(简单防重放绕过) 适用场景:防重放的方式为,提前向一个页面发送请求取得token,替换到下一个页面中。 适用说明: 1. 请求头中Headers和Data的值必须是JSON字符串,如:{"var":"value"} 2. 左边tokenRegex的格式为: a. .*开头,.*结尾,用()括住要取出的token b. 如:.*,"token":"(.*?)".* 3. 右边tokenRegex的格式为: a. 需要三个(),第二个()括住要替换的token b. 如:(.*,"token":")(.*?)(".*) 详见:https://github.com/chroblert/JC-AntiToken ''' hBox_usage = Box.createHorizontalBox() jpanel_test = JPanel() jTextarea_usage = JTextArea() jTextarea_usage.setText(usage) jTextarea_usage.setRows(13) jTextarea_usage.setEditable(False) # jpanel_test.add(jTextarea_usage) hBox_usage.add(JScrollPane(jTextarea_usage)) # 次外层:水平盒子,内放两个垂直盒子 hBox_main = Box.createHorizontalBox() # 左垂直盒子 vBox_left = Box.createVerticalBox() # 右垂直盒子 vBox_right = Box.createVerticalBox() # 左垂直盒子内部:发送请求包拿token # URL标签 jlabel_url = JLabel(" URL: ") self.jtext_url = JTextField(generWidth) self.jtext_url.setMaximumSize(self.jtext_url.getPreferredSize()) hbox_url = Box.createHorizontalBox() hbox_url.add(jlabel_url) hbox_url.add(self.jtext_url) hglue_url = Box.createHorizontalGlue() hbox_url.add(hglue_url) # 请求方法标签 jlabel_reqMeth = JLabel("ReqMeth: ") self.jcombobox_reqMeth = JComboBox() self.jcombobox_reqMeth.addItem("GET") self.jcombobox_reqMeth.addItem("POST") hbox_reqMeth = Box.createHorizontalBox() hbox_reqMeth.add(jlabel_reqMeth) hbox_reqMeth.add(self.jcombobox_reqMeth) self.jcombobox_reqMeth.setMaximumSize( self.jcombobox_reqMeth.getPreferredSize()) hglue_reqMeth = Box.createHorizontalGlue() hbox_reqMeth.add(hglue_reqMeth) # ContentType标签 jlabel_contentType = JLabel("ConType: ") self.jcombobox_contentType = JComboBox() self.jcombobox_contentType.addItem("application/json") self.jcombobox_contentType.addItem("application/x-www-form-urlencoded") hbox_contentType = Box.createHorizontalBox() hbox_contentType.add(jlabel_contentType) hbox_contentType.add(self.jcombobox_contentType) self.jcombobox_contentType.setMaximumSize( self.jcombobox_contentType.getPreferredSize()) hglue_contentType = Box.createHorizontalGlue() hbox_contentType.add(hglue_contentType) # Charset标签 jlabel_charset = JLabel("CharSet: ") self.jcombobox_charset = JComboBox() self.jcombobox_charset.addItem("UTF-8") self.jcombobox_charset.addItem("GBK") hbox_charset = Box.createHorizontalBox() hbox_charset.add(jlabel_charset) hbox_charset.add(self.jcombobox_charset) self.jcombobox_charset.setMaximumSize( self.jcombobox_charset.getPreferredSize()) hglue_charset = Box.createHorizontalGlue() hbox_charset.add(hglue_charset) # 请求头标签 jlabel_headers = JLabel("Headers: ") self.jtext_headers = JTextField(generWidth) self.jtext_headers.setMaximumSize( self.jtext_headers.getPreferredSize()) hbox_headers = Box.createHorizontalBox() hbox_headers.add(jlabel_headers) hbox_headers.add(self.jtext_headers) hglue_headers = Box.createHorizontalGlue() hbox_headers.add(hglue_headers) # 请求参数标签 jlabel_data = JLabel(" Data: ") self.jtext_data = JTextField(generWidth) self.jtext_data.setPreferredSize(Dimension(20, 40)) self.jtext_data.setMaximumSize(self.jtext_data.getPreferredSize()) hbox_data = Box.createHorizontalBox() hbox_data.add(jlabel_data) hbox_data.add(self.jtext_data) hglue_data = Box.createHorizontalGlue() hbox_data.add(hglue_data) # token标志位置标签 hbox_radiobtn = Box.createHorizontalBox() jlabel_tokenPosition = JLabel("Token Position: ") self.radioBtn01 = JRadioButton("Header") self.radioBtn02 = JRadioButton("Body") btnGroup = ButtonGroup() btnGroup.add(self.radioBtn01) btnGroup.add(self.radioBtn02) self.radioBtn01.setSelected(True) hbox_radiobtn.add(jlabel_tokenPosition) hbox_radiobtn.add(self.radioBtn01) hbox_radiobtn.add(self.radioBtn02) # token正则表达式标签 hbox_token = Box.createHorizontalBox() hbox_token_header = Box.createHorizontalBox() hbox_token_body = Box.createHorizontalBox() # token正则表达式标签:header中 jlabel_tokenName = JLabel("tokenName: ") self.jtext_tokenName = JTextField(tokenWidth) self.jtext_tokenName.setMaximumSize( self.jtext_tokenName.getPreferredSize()) hbox_token_header.add(jlabel_tokenName) hbox_token_header.add(self.jtext_tokenName) hglue_token_header = Box.createHorizontalGlue() hbox_token_header.add(hglue_token_header) # token正则表达式标签:body中 jlabel_tokenRegex = JLabel("tokenRegex: ") self.jtext_tokenRegex = JTextField(tokenWidth) self.jtext_tokenRegex.setMaximumSize( self.jtext_tokenRegex.getPreferredSize()) hbox_token_body.add(jlabel_tokenRegex) hbox_token_body.add(self.jtext_tokenRegex) hglue_token_body = Box.createHorizontalGlue() hbox_token_body.add(hglue_token_body) # token正则表达式标签 hbox_token.add(hbox_token_header) hbox_token.add(hbox_token_body) # test测试按钮 hbox_test = Box.createHorizontalBox() jbtn_test = JButton("TEST", actionPerformed=self.btnTest) self.jlabel_test = JLabel("Result: ") hbox_test.add(jbtn_test) hbox_test.add(self.jlabel_test) # 水平胶水填充 hGlue_test = Box.createHorizontalGlue() hbox_test.add(hGlue_test) hbox_test.setBorder(BorderFactory.createLineBorder(Color.green, 2)) # 响应数据输出 hbox_resp = Box.createHorizontalBox() self.jtextarea_resp = JTextArea() jsp = JScrollPane(self.jtextarea_resp) hbox_resp.add(self.jtextarea_resp) # 左垂直盒子:添加各种水平盒子 vBox_left.add(hbox_url) vBox_left.add(hbox_reqMeth) vBox_left.add(hbox_contentType) vBox_left.add(hbox_charset) vBox_left.add(hbox_headers) vBox_left.add(hbox_data) vBox_left.add(hbox_radiobtn) vBox_left.add(hbox_token) vBox_left.add(hbox_test) vBox_left.add(hbox_resp) # 左垂直盒子:垂直胶水填充 vGlue_test = Box.createGlue() vBox_left.add(vGlue_test) # 右垂直盒子内部:指定token在请求包中的位置 # token标志位置单选按钮 hbox_radiobtn_r = Box.createHorizontalBox() jlabel_tokenPosition_r = JLabel("Token Position: ") self.radioBtn01_r = JRadioButton("Header") self.radioBtn02_r = JRadioButton("Body") btnGroup_r = ButtonGroup() btnGroup_r.add(self.radioBtn01_r) btnGroup_r.add(self.radioBtn02_r) self.radioBtn01_r.setSelected(True) hbox_radiobtn_r.add(jlabel_tokenPosition_r) hbox_radiobtn_r.add(self.radioBtn01_r) hbox_radiobtn_r.add(self.radioBtn02_r) # token正则表达式 hbox_token_r = Box.createHorizontalBox() hbox_token_header_r = Box.createHorizontalBox() hbox_token_body_r = Box.createHorizontalBox() # token正则表达式:在header中 jlabel_tokenName_r = JLabel("tokenName: ") self.jtext_tokenName_r = JTextField(tokenWidth) self.jtext_tokenName_r.setMaximumSize( self.jtext_tokenName_r.getPreferredSize()) hbox_token_header_r.add(jlabel_tokenName_r) hbox_token_header_r.add(self.jtext_tokenName_r) hglue_token_header_r = Box.createHorizontalGlue() hbox_token_header_r.add(hglue_token_header_r) # token正则表达式:在Body中 jlabel_tokenRegex_r = JLabel("tokenRegex: ") self.jtext_tokenRegex_r = JTextField(tokenWidth) self.jtext_tokenRegex_r.setMaximumSize( self.jtext_tokenRegex_r.getPreferredSize()) hbox_token_body_r.add(jlabel_tokenRegex_r) hbox_token_body_r.add(self.jtext_tokenRegex_r) hglue_token_body_r = Box.createHorizontalGlue() hbox_token_body_r.add(hglue_token_body_r) # token正则表达式 hbox_token_r.add(hbox_token_header_r) hbox_token_r.add(hbox_token_body_r) # 测试按钮 hbox_test_r = Box.createHorizontalBox() jbtn_test_r = JButton("SET", actionPerformed=self.btnTest_r) self.jlabel_test_r = JLabel("Result: ") hbox_test_r.add(jbtn_test_r) hbox_test_r.add(self.jlabel_test_r) # 水平胶水填充 hGlue02 = Box.createHorizontalGlue() hbox_test_r.add(hGlue02) hbox_test_r.setBorder(BorderFactory.createLineBorder(Color.green, 2)) # 右垂直盒子:添加各种水平盒子 vBox_right.add(hbox_radiobtn_r) vBox_right.add(hbox_token_r) vBox_right.add(hbox_test_r) vGlue = Box.createVerticalGlue() vBox_right.add(vGlue) vBox_left.setBorder(BorderFactory.createLineBorder(Color.black, 3)) vBox_right.setBorder(BorderFactory.createLineBorder(Color.black, 3)) # 次外层水平盒子:添加左右两个垂直盒子 hBox_main.add(vBox_left) hBox_main.add(vBox_right) # 最外层垂直盒子:添加次外层水平盒子,垂直胶水 out_vBox_main.add(hBox_usage) out_vBox_main.add(hBox_main) self.mainPanel = out_vBox_main self._callbacks.customizeUiComponent(self.mainPanel) self._callbacks.addSuiteTab(self) def getTabCaption(self): return "JC-AntiToken" def getUiComponent(self): return self.mainPanel def testBtn_onClick(self, event): print("click button") def createMenuItems(self, invocation): menu = [] if invocation.getToolFlag() == IBurpExtenderCallbacks.TOOL_REPEATER: menu.append( JMenuItem("Test menu", None, actionPerformed=self.testmenu)) return menu def testmenu(self, event): print(event) print("JCTest test menu") def processHttpMessage(self, toolflag, messageIsRequest, messageInfo): service = messageInfo.getHttpService() if messageIsRequest: pass print("Host: " + str(service.getHost())) print("Port: " + str(service.getPort())) print("Protocol: " + str(service.getProtocol())) print("-----------------------------------") def getActionName(self): return "JC-AntiToken" def performAction(self, currentRequest, macroItems): # url url = self._helpers.analyzeRequest(currentRequest).getUrl() print(url) reqInfo = self._helpers.analyzeRequest(currentRequest) # request headers headers = reqInfo.getHeaders() print("ReqHeaders: " + headers) # get cookie from request header cookie = self.getCookieFromReq(headers) print(cookie) print(type(cookie)) # offset to req body reqBodyOffset = reqInfo.getBodyOffset() reqBody = str(bytearray(currentRequest.getRequest()[reqBodyOffset:])) print("ReqBody: " + reqBody) # modify Request Body newToken = self.getNewToken(cookie) if newToken != None: # tokenInReqHeader res = False if self.tokenInHeader_r: # pass # 普通header中 for header in headers: if ":" in header: if header.split(":")[0] == self.tokenName_r: headers = [ self.tokenName_r + ": " + newToken if i.split(":")[0] == self.tokenName_r else i for i in headers ] res = True break # cookie中 if not res and cookie != None and self.tokenName_r + "=" in cookie: # pass for i in range(len(headers)): if headers[i].startwith("Cookie:"): cookies2 = headers[i] cookies3 = cookies2.split(":")[1] if ";" not in cookies3: headers[ i] = "Cookie: " + self.tokenName_r + "=" + newToken res = True break else: cookies4 = cookies3.split(";") for cookie_idx in range(len(cookies4)): if self.tokenName_r + "+" in cookies4[ cookie_idx]: cookies4[ cookie_idx] = self.tokenName_r + "=" + newToken res = True break headers[i] = "Cookie: " + ";".join(cookies4) break # query string中 if not res: meth = headers[0].split(" ")[0] url = headers[0].split(" ")[1] ver = headers[0].split(" ")[2] if self.tokenName_r + "=" not in url: pass else: if "&" not in url: url = url.split("?")[ 0] + "?" + self.tokenName_r + "=" + newToken headers[0] = meth + " " + url + " " + ver else: params = url.split("?")[1].split("&") for i in range(len(params)): if self.tokenName_r + "=" in params[i]: params[ i] = self.tokenName_r + "=" + newToken break url = url.split("?")[0] + "?" + "&".join(params) headers[0] = meth + " " + url + " " + ver # tokenInReqBody else: if re.match(self.tokenRegex_r, reqBody): try: reqBody = re.sub(self.tokenRegex_r, r'\g<1>' + newToken + r'\g<3>', reqBody, 0, re.M | re.I) except Exception as e: print(e) # print(reqBody) # reqBody = re.sub(self.tokenRegex_r,r'\g<1>'+newToken+r'\g<3>',reqBody,0,re.M|re.I) # if re.match(r'(.*?"_tokenName":")([a-zA-Z0-9]{6,})(")',reqBody): # reqBody = re.sub(r'(.*?"_tokenName":")([a-zA-Z0-9]{6,})(")',r'\1'+newToken+r'\3',reqBody,0,re.M|re.I) # rebuild request reqMessage = self._helpers.buildHttpMessage(headers, bytes(reqBody)) # forward currentRequest.setRequest(reqMessage) print("++++++++++++++++++++++++") def getCookieFromReq(self, headers): for header in headers: if re.match(r'^Cookie:', header, re.I): return re.match(r'^Cookie: (.*)', header, re.I).group(1) # get new token def getNewToken(self, cookie): print(cookie) print("getNewToken") # url = "http://myip.ipip.net" headers_cookie = { 'Cookie': cookie, } if cookie != '': self.headers.update(**headers_cookie) if self.reqMeth == "GET": resp = self.sendGetHttp(self.url, self.headers, self.data, self.contentType) else: resp = self.sendPostHttp(self.url, self.headers, self.data, self.contentType) respBody = resp.read() respInfo = resp.info() if self.tokenInHeader: if respInfo.getheader(self.tokenName) != None: newToken = respInfo.getheader(self.tokenName) print(newToken) return newToken else: regexPattern = '.*' + self.tokenName + '=(.*?);' if respInfo.getheader("set-cookie") != None: cookies = respInfo.getheader("set-cookie") if re.match(regexPattern, cookies, re.M | re.I): newToken = re.match(regexPattern, cookies, re.M | re.I).group(1) print("newToken: ", newToken) return newToken else: return None else: return None else: regexPattern = self.tokenRegex if re.match(regexPattern, respBody, re.M | re.I): newToken = re.match(regexPattern, respBody, re.M | re.I).group(1) print("newToken: ", newToken) return newToken else: return None def sendGetHttp(self, url, headers, data, contentType): context = ssl._create_unverified_context() headers_contentType = {'Content-Type': contentType} if not headers.has_key("Content-Type"): headers.update(**headers_contentType) headers_userAgent = { 'User-Agent': 'Mozilla/6.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/8.0 Mobile/10A5376e Safari/8536.25' } if not headers.has_key("User-Agent"): headers.update(**headers_userAgent) try: if data != None: # if "urlencode" in contentType: data = urllib.urlencode(data) url = url + "?" + data req = urllib2.Request(url, headers=headers) else: req = urllib2.Request(url, headers=headers) resp = urllib2.urlopen(req, context=context) return resp except urllib2.HTTPError as error: print("ERROR: ", error) return None def sendPostHttp(self, url, headers, data, contentType): context = ssl._create_unverified_context() headers_contentType = {'Content-Type': contentType} if not headers.has_key("Content-Type"): headers.update(**headers_contentType) headers_userAgent = { 'User-Agent': 'Mozilla/6.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/8.0 Mobile/10A5376e Safari/8536.25' } if not headers.has_key("User-Agent"): headers.update(**headers_userAgent) print(headers) resp = "" print("data: ", data) if data != None: if "urlencode" in contentType: data = urllib.urlencode(data) req = urllib2.Request(url, headers=headers, data=data) else: data = json.dumps(data) req = urllib2.Request(url, headers=headers, data=data) else: if "urlencode" in contentType: req = urllib2.Request(url, headers=headers) else: data = json.dumps(data) req = urllib2.Request(url, headers=headers) try: resp = urllib2.urlopen(req, context=context) return resp except urllib2.HTTPError as error: print("ERROR: ", error) return None def btnTest(self, e): self.printcn("中文测试") self.url = self.jtext_url.getText() if self.url == "": self.jlabel_test.setText("please input url") return self.reqMeth = self.jcombobox_reqMeth.getSelectedItem() # 用户设置content-type self.contentType = self.jcombobox_contentType.getSelectedItem( ) + ";charset=" + self.jcombobox_charset.getSelectedItem() # 用户有没有自定义请求头 if self.jtext_headers.getText() != "": self.headers = json.loads(self.jtext_headers.getText()) else: self.headers = {} # 用户有没有自定义请求体 if self.jtext_data.getText() != "": self.data = json.loads(self.jtext_data.getText()) else: self.data = None self.tokenName = self.jtext_tokenName.getText() self.tokenRegex = self.jtext_tokenRegex.getText() resp = '' if self.reqMeth == "GET": resp = self.sendGetHttp(self.url, self.headers, self.data, self.contentType) else: resp = self.sendPostHttp(self.url, self.headers, self.data, self.contentType) if resp == None: self.jlabel_test.setText("error,detail in extender output") return respHeader = resp.info().headers print("resp-headers: ", respHeader) # print(resp.info().getheader("content-type")) self.printcn(resp.info().getheader("set-cookie")) # print(resp.info().getheader("xxx")) respBody = resp.read() print("respBody: ", respBody) self.jtextarea_resp.setText("".join(respHeader) + "\n" + "".join(respBody)) if (self.radioBtn01.isSelected()): self.tokenInHeader = True if self.tokenName == "": self.jlabel_test.setText("please input tokenName") return else: self.tokenInHeader = False if self.tokenRegex == "": self.jlabel_test.setText("please input tokenRegex") return print(self.reqMeth) newToken = self.getNewToken("") if newToken != None: self.jlabel_test.setText("Result: " + str(newToken)) self.jlabel_test.setBackground(Color.cyan) else: self.jlabel_test.setText("Result: None") def btnTest_r(self, e): self.tokenName_r = self.jtext_tokenName_r.getText() self.tokenRegex_r = self.jtext_tokenRegex_r.getText() if (self.radioBtn01_r.isSelected()): self.tokenInHeader_r = True if self.tokenName_r == "": self.jlabel_test_r.setText("please input tokenName") return else: self.tokenInHeader_r = False if self.tokenRegex_r == "": self.jlabel_test_r.setText("please input tokenRegex") return self.jlabel_test_r.setText("SUCCESS")