class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory, IExtensionStateListener):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Burp Scope Monitor Experimental")
self.GLOBAL_HANDLER_ANALYZED = False
self.GLOBAL_HANDLER = False
self.STATUS = False
self.AUTOSAVE_REQUESTS = 10
self.AUTOSAVE_TIMEOUT = 600 # 10 minutes should be fine
self.CONFIG_INSCOPE = True
self.BAD_EXTENSIONS_DEFAULT = [
'.gif', '.png', '.js', '.woff', '.woff2', '.jpeg', '.jpg', '.css',
'.ico', '.m3u8', '.ts', '.svg'
]
self.BAD_MIMES_DEFAULT = [
'gif', 'script', 'jpeg', 'jpg', 'png', 'video', 'mp2t'
]
self.BAD_EXTENSIONS = self.BAD_EXTENSIONS_DEFAULT
self.BAD_MIMES = self.BAD_MIMES_DEFAULT
# create the log and a lock on which to synchronize when adding log entries
self._currentlyDisplayedItem = None
self.SELECTED_MODEL_ROW = 0
self.SELECTED_VIEW_ROW = 0
self._log = ArrayList()
self._fullLog = ArrayList()
self._lock = Lock()
self._lockFile = Lock()
# main split pane
self._parentPane = JTabbedPane()
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
##### config pane
self._config = JTabbedPane()
config = JPanel()
iexport = JPanel()
#config.setLayout(BorderLayout())
config.setLayout(None)
iexport.setLayout(None)
# config radio button
X_BASE = 40
Y_OFFSET = 5
Y_OPTION = 200
Y_OPTION_SPACING = 20
Y_CHECKMARK_SPACING = 20
self.showAllButton = JRadioButton(SHOW_ALL_BUTTON_LABEL, True)
self.showNewButton = JRadioButton(SHOW_NEW_BUTTON_LABEL, False)
self.showTestedButton = JRadioButton(SHOW_TEST_BUTTON_LABEL, False)
self.showAllButton.setBounds(40, 60 + Y_OFFSET, 400, 30)
self.showNewButton.setBounds(40, 80 + Y_OFFSET, 400, 30)
self.showTestedButton.setBounds(40, 100 + Y_OFFSET, 400, 30)
#self.showNewButton = JRadioButton(SHOW_NEW_BUTTON_LABEL, False)
#self.showTestedButton = JRadioButton(SHOW_TEST_BUTTON_LABEL, False)
self.showAllButton.addActionListener(self.handleRadioConfig)
self.showNewButton.addActionListener(self.handleRadioConfig)
self.showTestedButton.addActionListener(self.handleRadioConfig)
self.clearButton = JButton("Clear")
self.clearButton.addActionListener(self.handleClearButton)
self.clearButton.setBounds(40, 20, 100, 30)
self.startButton = JButton(MONITOR_ON_LABEL)
self.startButton.addActionListener(self.handleStartButton)
self.startButton.setBounds(150, 20, 200, 30)
self.badExtensionsLabel = JLabel("Ignore extensions:")
self.badExtensionsLabel.setBounds(X_BASE, 150, 200, 30)
self.badExtensionsText = JTextArea("")
self.loadBadExtensions()
self.badExtensionsText.setBounds(X_BASE, 175, 310, 30)
self.badExtensionsButton = JButton("Save")
self.badExtensionsButton.addActionListener(
self.handleBadExtensionsButton)
self.badExtensionsButton.setBounds(355, 175, 70, 30)
self.badExtensionsDefaultButton = JButton("Load Defaults")
self.badExtensionsDefaultButton.addActionListener(
self.handleBadExtensionsDefaultButton)
self.badExtensionsDefaultButton.setBounds(430, 175, 120, 30)
self.badMimesLabel = JLabel("Ignore mime types:")
self.badMimesLabel.setBounds(X_BASE, 220, 200, 30)
self.badMimesText = JTextArea("")
self.loadBadMimes()
self.badMimesText.setBounds(X_BASE, 245, 310, 30)
self.badMimesButton = JButton("Save")
self.badMimesButton.addActionListener(self.handleBadMimesButton)
self.badMimesButton.setBounds(355, 245, 70, 30)
self.badMimesDefaultButton = JButton("Load Defaults")
self.badMimesDefaultButton.addActionListener(
self.handleBadMimesDefaultButton)
self.badMimesDefaultButton.setBounds(430, 245, 120, 30)
self.otherLabel = JLabel("Other:")
self.otherLabel.setBounds(40, 300, 120, 30)
self.otherLabel2 = JLabel("Other:")
self.otherLabel2.setBounds(X_BASE, Y_OPTION, 120, 30)
self.autoSaveOption = JCheckBox("Auto save periodically")
self.autoSaveOption.setSelected(True)
self.autoSaveOption.addActionListener(self.handleAutoSaveOption)
self.autoSaveOption.setBounds(X_BASE, Y_OPTION + Y_CHECKMARK_SPACING,
420, 30)
self.repeaterOptionButton = JCheckBox(
"Repeater request automatically marks as analyzed")
self.repeaterOptionButton.setSelected(True)
self.repeaterOptionButton.addActionListener(
self.handleRepeaterOptionButton)
self.repeaterOptionButton.setBounds(50, 330, 420, 30)
self.scopeOptionButton = JCheckBox("Follow Burp Target In Scope rules")
self.scopeOptionButton.setSelected(True)
self.scopeOptionButton.addActionListener(self.handleScopeOptionButton)
self.scopeOptionButton.setBounds(50, 350, 420, 30)
self.startOptionButton = JCheckBox("Autostart Scope Monitor")
self.startOptionButton.setSelected(True)
self.startOptionButton.addActionListener(self.handleStartOption)
self.startOptionButton.setBounds(50, 350 + Y_OPTION_SPACING, 420, 30)
self.markTestedRequestsProxy = JCheckBox(
"Color request in Proxy tab if analyzed")
self.markTestedRequestsProxy.setSelected(True)
self.markTestedRequestsProxy.addActionListener(
self.handleTestedRequestsProxy)
self.markTestedRequestsProxy.setBounds(50, 350 + Y_OPTION_SPACING * 2,
420, 30)
self.markNotTestedRequestsProxy = JCheckBox(
"Color request in Proxy tab if NOT analyzed")
self.markNotTestedRequestsProxy.setSelected(True)
self.markNotTestedRequestsProxy.addActionListener(
self.handleNotTestedRequestsProxy)
self.markNotTestedRequestsProxy.setBounds(50,
350 + Y_OPTION_SPACING * 3,
420, 30)
self.saveButton = JButton("Save now")
self.saveButton.addActionListener(self.handleSaveButton)
self.saveButton.setBounds(X_BASE + 320, 95, 90, 30)
self.loadButton = JButton("Load now")
self.loadButton.addActionListener(self.handleLoadButton)
self.loadButton.setBounds(X_BASE + 420, 95, 90, 30)
self.selectPath = JButton("Select path")
self.selectPath.addActionListener(self.selectExportFile)
self.selectPath.setBounds(X_BASE + 530, 60, 120, 30)
self.selectPathText = JTextArea("")
self.selectPathText.setBounds(X_BASE, 60, 510, 30)
self.selectPathLabel = JLabel("State file:")
self.selectPathLabel.setBounds(X_BASE, 30, 200, 30)
bGroup = ButtonGroup()
bGroup.add(self.showAllButton)
bGroup.add(self.showNewButton)
bGroup.add(self.showTestedButton)
config.add(self.clearButton)
config.add(self.startButton)
config.add(self.startOptionButton)
config.add(self.showAllButton)
config.add(self.showNewButton)
config.add(self.showTestedButton)
config.add(self.badExtensionsButton)
config.add(self.badExtensionsText)
config.add(self.badExtensionsLabel)
config.add(self.badMimesButton)
config.add(self.badMimesText)
config.add(self.badMimesLabel)
config.add(self.badExtensionsDefaultButton)
config.add(self.badMimesDefaultButton)
config.add(self.otherLabel)
config.add(self.repeaterOptionButton)
config.add(self.scopeOptionButton)
config.add(self.markTestedRequestsProxy)
config.add(self.markNotTestedRequestsProxy)
iexport.add(self.saveButton)
iexport.add(self.loadButton)
iexport.add(self.selectPath)
iexport.add(self.selectPathText)
iexport.add(self.selectPathLabel)
iexport.add(self.otherLabel2)
iexport.add(self.autoSaveOption)
self._config.addTab("General", config)
self._config.addTab("Import/Export", iexport)
##### end config pane
self._parentPane.addTab("Monitor", self._splitpane)
self._parentPane.addTab("Config", self._config)
# table of log entries
self.logTable = Table(self)
#self.logTable.setDefaultRenderer(self.logTable.getColumnClass(0), ColoredTableCellRenderer(self))
self.logTable.setAutoCreateRowSorter(True)
self.logTable.setRowSelectionAllowed(True)
renderer = ColoredTableCellRenderer(self)
#column = TableColumn(0, 190, renderer, None)
print 'Initiating... '
# this could be improved by fetching initial dimensions
self.logTable.getColumn("URL").setPreferredWidth(720) # noscope
self.logTable.getColumn("URL").setResizable(True)
self.logTable.getColumn("Checked").setCellRenderer(renderer)
self.logTable.getColumn("Checked").setPreferredWidth(80)
self.logTable.getColumn("Checked").setMaxWidth(80)
self.logTable.getColumn("Method").setPreferredWidth(120)
#self.logTable.getColumn("Method").setMaxWidth(120)
self.logTable.getColumn("Method").setResizable(True)
self.logTable.getColumn("Time").setPreferredWidth(120) # noscope
self.logTable.getColumn("Time").setResizable(True)
scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
## Row sorter shit
#self._tableRowSorterAutoProxyAutoAction = CustomTableRowSorter(self.logTable.getModel())
#self.logTable.setRowSorter(self._tableRowSorterAutoProxyAutoAction)
markAnalyzedButton = JMenuItem("Mark Requests as Analyzed")
markAnalyzedButton.addActionListener(markRequestsHandler(self, True))
markNotAnalyzedButton = JMenuItem("Mark Requests as NOT Analyzed")
markNotAnalyzedButton.addActionListener(
markRequestsHandler(self, False))
sendRequestMenu = JMenuItem("Send Request to Repeater")
sendRequestMenu.addActionListener(sendRequestRepeater(self))
deleteRequestMenu = JMenuItem("Delete request")
deleteRequestMenu.addActionListener(deleteRequestHandler(self))
self.menu = JPopupMenu("Popup")
self.menu.add(markAnalyzedButton)
self.menu.add(markNotAnalyzedButton)
self.menu.add(sendRequestMenu)
self.menu.add(deleteRequestMenu)
# customize our UI components
callbacks.customizeUiComponent(self._parentPane)
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(self._config)
callbacks.customizeUiComponent(config)
callbacks.customizeUiComponent(self.logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
callbacks.registerContextMenuFactory(self)
callbacks.registerExtensionStateListener(self)
callbacks.registerScannerCheck(passiveScanner(self))
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self.loadConfigs()
print "Loaded!"
print "Experimental import state.. "
self.importState("")
self.SC = sched.scheduler(time.time, time.sleep)
self.SCC = self.SC.enter(10, 1, self.autoSave, (self.SC, ))
self.SC.run()
return
##### CUSTOM CODE #####
def loadConfigs(self):
if self._callbacks.loadExtensionSetting("CONFIG_AUTOSTART") == "False":
self.startOptionButton.setSelected(False)
self.startOrStop(None, False)
else:
self.startOptionButton.setSelected(True)
self.startOrStop(None, True)
if self._callbacks.loadExtensionSetting("exportFile") != "":
self.selectPathText.setText(
self._callbacks.loadExtensionSetting("exportFile"))
if self._callbacks.loadExtensionSetting("CONFIG_REPEATER") == "True":
self.repeaterOptionButton.setSelected(True)
else:
self.repeaterOptionButton.setSelected(False)
if self._callbacks.loadExtensionSetting("CONFIG_INSCOPE") == "True":
self.scopeOptionButton.setSelected(True)
else:
self.scopeOptionButton.setSelected(False)
if self._callbacks.loadExtensionSetting("CONFIG_AUTOSAVE") == "True":
self.autoSaveOption.setSelected(True)
else:
self.autoSaveOption.setSelected(False)
if self._callbacks.loadExtensionSetting(
"CONFIG_HIGHLIGHT_TESTED") == "True":
self.markTestedRequestsProxy.setSelected(True)
else:
self.markTestedRequestsProxy.setSelected(False)
if self._callbacks.loadExtensionSetting(
"CONFIG_HIGHLIGHT_NOT_TESTED") == "True":
self.markNotTestedRequestsProxy.setSelected(True)
else:
self.markNotTestedRequestsProxy.setSelected(False)
return
def selectExportFile(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setDialogTitle("Specify file to save state")
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY)
userSelection = fileChooser.showOpenDialog(parentFrame)
if (userSelection == JFileChooser.APPROVE_OPTION):
fileLoad = fileChooser.getSelectedFile()
filename = fileLoad.getAbsolutePath()
self.selectPathText.setText(filename)
print 'Filename selected:' + filename
self._callbacks.saveExtensionSetting("exportFile", filename)
return
def extensionUnloaded(self):
print 'extension unloading.. '
print 'canceling scheduler.. '
map(self.SC.cancel, self.SC.queue)
return
def loadBadExtensions(self):
bad = self._callbacks.loadExtensionSetting("badExtensions")
if bad:
self.badExtensionsText.setText(bad)
# transform text to array
bad = bad.replace(" ", "")
self.BAD_EXTENSIONS = bad.split(",")
else:
print 'no bad extension saved, reverting'
self.badExtensionsText.setText(", ".join(self.BAD_EXTENSIONS))
def loadBadMimes(self):
bad = self._callbacks.loadExtensionSetting("badMimes")
if bad:
self.badMimesText.setText(bad)
bad = bad.replace(" ", "")
self.BAD_MIMES = bad.split(",")
else:
print 'no bad mimes saved, reverting'
self.badMimesText.setText(", ".join(self.BAD_MIMES))
## GLOBAL CONTEXT CODE ##
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
analyzedMenuItem = JMenuItem("Mark as analyzed")
notAnalyzedMenuItem = JMenuItem("Mark as NOT analyzed")
for response in responses:
analyzedMenuItem.addActionListener(
handleMenuItems(self, response, "analyzed"))
notAnalyzedMenuItem.addActionListener(
handleMenuItems(self, response, "not"))
ret.add(analyzedMenuItem)
ret.add(notAnalyzedMenuItem)
return ret
def getEndpoint(self, requestResponse):
url_ = str(self._helpers.analyzeRequest(requestResponse).getUrl())
o = urlparse(url_)
url = o.scheme + "://" + o.netloc + o.path
#print "Url3: " + url
return url
def getMethod(self, requestResponse):
return self._helpers.analyzeRequest(requestResponse).getMethod()
##### CUSTOM CODE #####
def handleTestedRequestsProxy(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_HIGHLIGHT_TESTED",
str(self.markTestedRequestsProxy.isSelected()))
return
def handleNotTestedRequestsProxy(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_HIGHLIGHT_NOT_TESTED",
str(self.markNotTestedRequestsProxy.isSelected()))
return
def handleStartOption(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_AUTOSTART", str(self.startOptionButton.isSelected()))
#print 'saving autostart: ' + str(self.startOptionButton.isSelected())
return
def startOrStop(self, event, autoStart):
if (self.startButton.getText() == MONITOR_OFF_LABEL) or autoStart:
self.startButton.setText(MONITOR_ON_LABEL)
self.startButton.setBackground(GREEN_COLOR)
self.STATUS = True
else:
self.startButton.setText(MONITOR_OFF_LABEL)
self.startButton.setBackground(RED_COLOR)
self.STATUS = False
def handleStartButton(self, event):
self.startOrStop(event, False)
def handleAutoSaveOption(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_AUTOSAVE", str(self.autoSaveOption.isSelected()))
return
def handleSaveButton(self, event):
self.exportState("")
def handleLoadButton(self, event):
self.importState("")
def handleRepeaterOptionButton(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_REPEATER", str(self.repeaterOptionButton.isSelected()))
return
def handleScopeOptionButton(self, event):
self.CONFIG_INSCOPE = self.scopeOptionButton.isSelected()
self._callbacks.saveExtensionSetting("CONFIG_INSCOPE",
str(self.CONFIG_INSCOPE))
return
def handleBadExtensionsButton(self, event):
#print "before BAD array: "
print self.BAD_EXTENSIONS
extensions = self.badExtensionsText.getText()
self._callbacks.saveExtensionSetting("badExtensions", extensions)
print 'New extensions blocked: ' + extensions
bad = extensions.replace(" ", "")
self.BAD_EXTENSIONS = bad.split(",")
#print "BAD array: "
#print self.BAD_EXTENSIONS
def handleBadExtensionsDefaultButton(self, event):
self.BAD_EXTENSIONS = self.BAD_EXTENSIONS_DEFAULT
self.badExtensionsText.setText(", ".join(self.BAD_EXTENSIONS))
self._callbacks.saveExtensionSetting("badExtensions",
", ".join(self.BAD_EXTENSIONS))
return
def handleBadMimesDefaultButton(self, event):
self.BAD_MIMES = self.BAD_MIMES_DEFAULT
self.badMimesText.setText(", ".join(self.BAD_MIMES))
self._callbacks.saveExtensionSetting("badExtensions",
", ".join(self.BAD_MIMES))
return
def handleBadMimesButton(self, event):
mimes = self.badMimesText.getText()
self._callbacks.saveExtensionSetting("badMimes", mimes)
print 'New mimes blocked: ' + mimes
bad = mimes.replace(" ", "")
self.BAD_MIMES = bad.split(",")
def handleClearButton(self, event):
print 'Clearing table'
self._lock.acquire()
self._log = ArrayList()
self._fullLog = ArrayList()
self._lock.release()
return
def handleRadioConfig(self, event):
#print ' radio button clicked '
#print event.getActionCommand()
self._lock.acquire()
if event.getActionCommand() == SHOW_ALL_BUTTON_LABEL:
print "Showing all"
self._log = self._fullLog
elif event.getActionCommand() == SHOW_NEW_BUTTON_LABEL:
print "Showing new scope only"
tmpLog = ArrayList()
for item in self._fullLog:
if not (item._analyzed):
tmpLog.add(item)
self._log = tmpLog
elif event.getActionCommand() == SHOW_TEST_BUTTON_LABEL:
print "Showing tested scope only"
tmpLog = ArrayList()
for item in self._fullLog:
if item._analyzed:
tmpLog.add(item)
self._log = tmpLog
else:
print "unrecognized radio label"
self.fireTableDataChanged()
#self._tableRowSorterAutoProxyAutoAction.toggleSortOrder(1)
#self.toggleSortOrder(2)
#self.logTable.toggleSortOrder(2)
# refresh table?
self._lock.release()
#
# implement ITab
#
def getTabCaption(self):
return "Scope Monitor"
def getUiComponent(self):
return self._parentPane
#
# implement IHttpListener
#
def markAnalyzed(self, messageIsRequest, state):
#print "markAnalyzed..."
self._lock.acquire()
url = self.getEndpoint(messageIsRequest)
for item in self._log:
if url == item._url:
item._analyzed = state
self._lock.release()
return
self._lock.release()
return
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# only process requests
#print "processing httpMessage.."
#print messageIsRequest
print "processHttpMessage toolFlag: " + str(toolFlag)
#print " -- " + str(self._callbacks.getToolName(toolFlag)) + " -- "
if not (self.STATUS):
return
#print "global handler status: (true): " + str(self.GLOBAL_HANDLER)
#print "(processHTTP) messageIsRequest"
#print messageIsRequest
isFromPassiveScan = False
if toolFlag == 1234:
print "1 processHttpMessage: processing passiveScan item"
isFromPassiveScan = True
if toolFlag != 1234:
if messageIsRequest and not (self.GLOBAL_HANDLER):
print "1.5 processHttpMessage droping message"
return
if self.scopeOptionButton.isSelected():
url = self._helpers.analyzeRequest(messageInfo).getUrl()
if not self._callbacks.isInScope(url):
#print 'Url not in scope, skipping.. '
return
#print "still processing httpMessage.., request came from: " + self._callbacks.getToolName(toolFlag)
if toolFlag == 1234:
print "2 processHttpMessage: processing passiveScan item; setting toolFlag to proxy (4)"
toolFlag = 4
#toolFlag = 4
if ((self._callbacks.getToolName(toolFlag) != "Repeater")
and (self._callbacks.getToolName(toolFlag) != "Proxy")
and (self._callbacks.getToolName(toolFlag) != "Target")):
#print 'Aborting processHTTP, request came from: ' + str(self._callbacks.getToolName(toolFlag))
print "Droping request from " + str(
self._callbacks.getToolName(toolFlag))
return
#print "---> still processing from tool: " + str(self._callbacks.getToolName(toolFlag))
url = self.getEndpoint(messageInfo)
method = self.getMethod(messageInfo)
#print "(processHTTP) before extensions check: " + url
for extension in self.BAD_EXTENSIONS:
if url.endswith(extension):
return
if messageInfo.getResponse():
mime = self._helpers.analyzeResponse(
messageInfo.getResponse()).getStatedMimeType()
#print 'Declared mime:' + mime
mime = mime.lower()
if mime in self.BAD_MIMES:
#print 'Bad mime:' + mime
return
#print "[httpMessage] before lock"
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
for item in self._log:
if url == item._url:
if method == self._helpers.analyzeRequest(
item._requestResponse).getMethod():
#print 'duplicate URL+method, skipping.. '
self._lock.release()
# has it been analyzed?
analyzed = False
if self._callbacks.getToolName(toolFlag) == "Repeater":
if self.repeaterOptionButton.isSelected():
analyzed = True
#print "[httpMessage] setting analyzed as true"
if self.GLOBAL_HANDLER_ANALYZED:
analyzed = True
item._analyzed = analyzed
self.paintItems(messageInfo, item)
return
#print "[httpMessage] before setComment"
if not (isFromPassiveScan):
messageInfo.setComment(SCOPE_MONITOR_COMMENT)
# reached here, must be new entry
analyzed = False
if self._callbacks.getToolName(toolFlag) == "Repeater":
if self.repeaterOptionButton.isSelected():
analyzed = True
#print "[httpMessage] setting analyzed as true"
if self.GLOBAL_HANDLER_ANALYZED:
analyzed = True
#print "[httpMessage] after comment"
#print 'in httpmessage, response:'
#print self._helpers.analyzeResponse(messageInfo.getResponse())
date = datetime.datetime.fromtimestamp(
time.time()).strftime('%H:%M:%S %d %b %Y')
entry = LogEntry(toolFlag,
self._callbacks.saveBuffersToTempFiles(messageInfo),
url, analyzed, date, method)
#print "toolFlag: " + str(toolFlag)
#print "(processHTTP) Adding URL: " + url
self._log.add(entry)
self._fullLog.add(entry)
self.fireTableRowsInserted(row, row)
self.paintItems(messageInfo, entry)
self._lock.release()
#print "columnCoun:" + str(self.logTable.getColumnCount())
#
# extend AbstractTableModel
#
def paintItems(self, messageInfo, item):
'''
print "in paint Items"
print "mark color is: (true)" + str(self.markTestedRequestsProxy.isSelected())
print "global handler analyzed: :" + str(self.GLOBAL_HANDLER_ANALYZED)
print "item analyzed should be the same ^^:" + str(item._analyzed)
'''
if (self.markTestedRequestsProxy.isSelected()) and (
item._analyzed and self.GLOBAL_HANDLER_ANALYZED):
messageInfo.setHighlight("green")
return
if self.markNotTestedRequestsProxy.isSelected() and not (
item._analyzed):
messageInfo.setHighlight("red")
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Checked"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Method"
if columnIndex == 3:
return "Time"
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
#self.setBackground(Color.GREEN)
return self.returnEntry(rowIndex, columnIndex, logEntry)
if self.showNewButton.isSelected() and not (logEntry._analyzed):
return self.returnEntry(rowIndex, columnIndex, logEntry)
elif self.showTestedButton.isSelected() and logEntry._analyzed:
return self.returnEntry(rowIndex, columnIndex, logEntry)
elif self.showAllButton.isSelected():
return self.returnEntry(rowIndex, columnIndex, logEntry)
def returnEntry(self, rowIndex, columnIndex, entry):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
if logEntry._analyzed:
return "True"
else:
return "False"
if columnIndex == 1:
return self._helpers.urlDecode(logEntry._url)
if columnIndex == 2:
return logEntry._method
if columnIndex == 3:
return logEntry._date
# return date
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
#print 'getRequest called'
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
#print 'getResponse called: '
print self._currentlyDisplayedItem.getResponse()
return self._currentlyDisplayedItem.getResponse()
def exportRequest(self, entity, filename):
line = str(entity._analyzed) + ","
line = line + self._helpers.urlEncode(entity._url).replace(
",", "%2c") + "," # URL is encoded so we should be good
line = line + entity._method + ","
line = line + entity._date
line = line + '\n'
#print 'Exporting: "' + line + '"'
return line
def exportUrlEncode(self, url):
return self._helpers.urlEncode(url).replace(",", "%2c")
def exportState(self, filename):
filename = self.selectPathText.getText()
if filename == "":
filename = self._callbacks.loadExtensionSetting("exportFile")
print 'Empty filename, skipping export'
return
else:
self._callbacks.saveExtensionSetting("exportFile", filename)
print 'saving state to: ' + filename
savedUrls = []
self._lockFile.acquire()
try:
with open(filename, 'r') as fr:
savedEntries = fr.read().splitlines()
savedUrls = []
for savedEntry in savedEntries:
savedUrls.append(savedEntry.split(",")[1])
#print "savedUrls len: " + str(len(savedUrls))
#print "savedUrls:"
#print savedUrls
fr.close()
except IOError:
print "Autosaving skipped as file doesn't exist yet"
with open(filename, 'a+') as f:
for item in self._log:
if self.exportUrlEncode(item._url) not in savedUrls:
line = self.exportRequest(item, "xx")
f.write(line)
f.close()
self._lockFile.release()
return
def importState(self, filename):
filename = self.selectPathText.getText()
if filename == "":
filename = self._callbacks.loadExtensionSetting("exportFile")
print 'Empty filename, skipping import'
return
else:
self._callbacks.saveExtensionSetting("exportFile", filename)
print 'loading state from: ' + filename
self.STATUS = False
self._lockFile.acquire()
with open(filename, 'r') as f:
proxy = self._callbacks.getProxyHistory()
proxyItems = []
for item in proxy:
if item.getComment():
if SCOPE_MONITOR_COMMENT in item.getComment():
proxyItems.append(item)
print 'proxyItems has: ' + str(len(proxyItems))
# TODO - if no proxy items, sraight to import
lines = f.read().splitlines()
for line in lines:
data = line.split(",")
url = data[1]
url = self._helpers.urlDecode(url)
#print 'Saving: ' + url
if not self._callbacks.isInScope(URL(url)):
print '-- imported url not in scope, skipping.. '
continue
analyzed = False
if data[0] == "True":
analyzed = True
#print '.. simulating url search.. '
requestResponse = None
for request in proxyItems:
if url == self.getEndpoint(request):
#print 'Match found when importing for url: ' + url
requestResponse = request
break
self._log.add(
LogEntry("", requestResponse, url, analyzed, data[3],
data[2]))
self._lockFile.release()
print 'finished loading.. '
#print 'size: ' + str(self._log.size())
self.fireTableDataChanged()
if self.startButton.getText() == MONITOR_ON_LABEL:
self.STATUS = True
return
def autoSave(self, sc):
#print 'autosaving.. lol what'
if self.autoSaveOption.isSelected():
print "[" + self.getTime(
) + "] autosaving to " + self._callbacks.loadExtensionSetting(
"exportFile")
self.exportState("")
self.SC.enter(self.AUTOSAVE_TIMEOUT, 1, self.autoSave, (self.SC, ))
return
def getTime(self):
date = datetime.datetime.fromtimestamp(
time.time()).strftime('%H:%M:%S')
return date
class BurpExtender(IBurpExtender, IHttpListener, IMessageEditorTabFactory,
ITab):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
global EXTENSION_NAME
sys.stdout = callbacks.getStdout()
sys.stderr = callbacks.getStderr()
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName(EXTENSION_NAME)
# register ourselves as a Http Listener
callbacks.registerHttpListener(self)
# register ourselves as a message editor tab factory
callbacks.registerMessageEditorTabFactory(self)
# setup the UI
self.initGui()
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
return
#
# create the Gui
#
def initGui(self):
#~ if DEBUG:
#~ import pdb;
#~ pdb.set_trace()
tabPane = JTabbedPane(JTabbedPane.TOP)
CreditsText = "<html># Burp Custom Deserializer<br/># Copyright (c) 2016, Marco Tinari<br/>#<br/># This program is free software: you can redistribute it and/or modify<br/># it under the terms of the GNU General Public License as published by<br/># the Free Software Foundation, either version 3 of the License, or<br/># (at your option) any later version.<br/>#<br/># This program is distributed in the hope that it will be useful,<br/># but WITHOUT ANY WARRANTY; without even the implied warranty of<br/># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br/># GNU General Public License for more details.<br/>#<br/># You should have received a copy of the GNU General Public License<br/># along with this program. If not, see <http://www.gnu.org/licenses/>.)<br/></html>"
label1 = JLabel(
"<html>Usage:<br>1 - Select the desired encoding functions<br>2 - Enter the name of the parameter in the input field below and press the Apply button!</html>"
)
label2 = JLabel(CreditsText)
panel1 = JPanel()
#set layout
panel1.setLayout(GridLayout(11, 1))
panel2 = JPanel()
panel1.add(label1)
panel2.add(label2)
tabPane.addTab("Configuration", panel1)
tabPane.addTab("Credits", panel2)
applyButton = JButton('Apply', actionPerformed=self.reloadConf)
panel1.add(applyButton, BorderLayout.SOUTH)
#define GET/POST/COOKIE radio button
self.GETparameterTypeRadioButton = JRadioButton('GET parameter')
self.POSTparameterTypeRadioButton = JRadioButton('POST parameter')
self.COOKIEparameterTypeRadioButton = JRadioButton('COOKIE parameter')
self.POSTparameterTypeRadioButton.setSelected(True)
group = ButtonGroup()
group.add(self.GETparameterTypeRadioButton)
group.add(self.POSTparameterTypeRadioButton)
group.add(self.COOKIEparameterTypeRadioButton)
self.base64Enabled = JCheckBox("Base64 encode")
self.URLEnabled = JCheckBox("URL encode")
self.ASCII2HexEnabled = JCheckBox("ASCII to Hex")
self.ScannerEnabled = JCheckBox(
"<html>Enable serialization in Burp Scanner<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.rightclick->Actively scan defined insertion points)</html>"
)
self.IntruderEnabled = JCheckBox(
"<html>Enable serialization in Burp Intruder<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.Start the attack</html>"
)
self.parameterName = JTextField("Parameter name goes here...", 60)
#set the tooltips
self.parameterName.setToolTipText(
"Fill in the parameter name and apply")
self.base64Enabled.setToolTipText("Enable base64 encoding/decoding")
self.ASCII2HexEnabled.setToolTipText(
"Enable ASCII 2 Hex encoding/decoding")
self.URLEnabled.setToolTipText("Enable URL encoding/decoding")
self.IntruderEnabled.setToolTipText(
"Check this if You want the extension to intercept and modify every request made by the Burp Intruder containing the selected paramter"
)
self.ScannerEnabled.setToolTipText(
"Check this if You want the extension to intercept and modify every request made by the Burp Scanner containing the selected paramter"
)
#add checkboxes to the panel
panel1.add(self.parameterName)
panel1.add(self.POSTparameterTypeRadioButton)
panel1.add(self.GETparameterTypeRadioButton)
panel1.add(self.COOKIEparameterTypeRadioButton)
panel1.add(self.base64Enabled)
panel1.add(self.URLEnabled)
panel1.add(self.ASCII2HexEnabled)
panel1.add(self.IntruderEnabled)
panel1.add(self.ScannerEnabled)
#assign tabPane
self.tab = tabPane
def reloadConf(self, event):
#~ if DEBUG:
#~ import pdb; pdb.set_trace()
source = event.getSource()
print 'APPLY button clicked. New configuration loaded.'
global MAGIC_PARAMETER
global PARAMETERISPOST
global PARAMETERISGET
global PARAMETERISCOOKIE
global BASE64ENCODINGENABLED
global ASCII2HEXENCODINGENABLED
global URLENCODINGENABLED
global INTRUDERENABLED
global SCANNERENABLED
MAGIC_PARAMETER = self.parameterName.getText()
print 'Base64 checkbox is: ' + str(self.base64Enabled.isSelected())
if self.base64Enabled.isSelected():
BASE64ENCODINGENABLED = True
else:
BASE64ENCODINGENABLED = False
print 'ASCII2Hex checkbox is: ' + str(
self.ASCII2HexEnabled.isSelected())
if self.ASCII2HexEnabled.isSelected():
ASCII2HEXENCODINGENABLED = True
else:
ASCII2HEXENCODINGENABLED = False
print 'URL checkbox is: ' + str(self.URLEnabled.isSelected())
if self.URLEnabled.isSelected():
URLENCODINGENABLED = True
else:
URLENCODINGENABLED = False
print 'New Magic parameter is: ' + str(MAGIC_PARAMETER)
if self.POSTparameterTypeRadioButton.isSelected(): #BODYPARAM
PARAMETERISPOST = True
print "parameterispost has been set to: " + str(PARAMETERISPOST)
else:
PARAMETERISPOST = False
print "parameterispost has been set to: " + str(PARAMETERISPOST)
if self.GETparameterTypeRadioButton.isSelected(): #GETPARAM
PARAMETERISGET = True
print "parameterisget has been set to: " + str(PARAMETERISGET)
else:
PARAMETERISGET = False
print "parameterisget has been set to: " + str(PARAMETERISGET)
if self.COOKIEparameterTypeRadioButton.isSelected(): #COOKIEPARAM
PARAMETERISCOOKIE = True
print "parameteriscookie has been set to: " + str(
PARAMETERISCOOKIE)
else:
PARAMETERISCOOKIE = False
print "parameteriscookie has been set to: " + str(
PARAMETERISCOOKIE)
if self.ScannerEnabled.isSelected():
SCANNERENABLED = True
print "Scanner Enabled"
else:
SCANNERENABLED = False
if self.IntruderEnabled.isSelected():
INTRUDERENABLED = True
print "Intruder Enabled"
else:
INTRUDERENABLED = False
#
# implement IHTTPListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
global PARAMETERISPOST
global PARAMETERISGET
global PARAMETERISCOOKIE
global URLENCODINGENABLED
global BASE64ENCODINGENABLED
global ASCII2HEXENCODINGENABLED
global INTRUDERENABLED
global SCANNERENABLED
#only process requests
if not messageIsRequest:
return
#only process messages from Intruder and Scanner, otherwise exit
#if (not self._callbacks.TOOL_INTRUDER == toolFlag):
if ((not (
(self._callbacks.TOOL_INTRUDER == toolFlag) and INTRUDERENABLED))
and (not ((self._callbacks.TOOL_SCANNER == toolFlag)
and SCANNERENABLED))):
#print "exiting- toolflag:"+str(toolFlag)+' INTRUDERENABLED='+str(INTRUDERENABLED)+' SCANNERENABLED='+str(SCANNERENABLED)
return
#if ((not self._callbacks.TOOL_INTRUDER == toolFlag)) and ((not self._callbacks.TOOL_SCANNER == toolFlag)):#remove the comment to always enable
if DEBUG:
print "IHTTPListener Enabled in: " + str(toolFlag)
requestInfo = self._helpers.analyzeRequest(currentRequest)
timestamp = datetime.now()
if DEBUG:
print "Intercepting message at: ", timestamp.isoformat()
#parameters = requestInfo.getParameters()
dataParameter = self._helpers.getRequestParameter(
currentRequest.getRequest(), MAGIC_PARAMETER)
#FIXME: add exception handling for multiple parameters with the same name and/or in a different position!!!
if DEBUG:
print 'dataparameter:' + str(dataParameter)
if (dataParameter == None):
if DEBUG:
print 'Parameter does not exist'
return
serializedValue = dataParameter.getValue()
#FIXME: substitute '[AND]' placeholder with '&' charachter - we should do something more elegant here :/
serializedValue = re.sub(r'\[AND\]', '&', serializedValue)
print "unserialized parameter value: ", str(serializedValue)
if BASE64ENCODINGENABLED: #if base64Encode is selected
serializedValue = self._helpers.base64Encode(serializedValue)
if DEBUG:
print "base64 encoded parameter value: ", str(serializedValue)
if URLENCODINGENABLED: #if URLEncode is selected
serializedValue = self._helpers.urlEncode(serializedValue)
if DEBUG:
print "URL ecoded parameter value: ", str(serializedValue)
if ASCII2HEXENCODINGENABLED: #if ASCII2HexEncode is selected
serializedValue = convert_ascii2hex(serializedValue)
if DEBUG:
print "ASCII2Hex ecoded parameter value: ", str(
serializedValue)
print "serialized parameter value: ", serializedValue
if PARAMETERISPOST:
if DEBUG:
print "parameter is BODY"
currentRequest.setRequest(
self._helpers.updateParameter(
currentRequest.getRequest(),
self._helpers.buildParameter(MAGIC_PARAMETER,
serializedValue,
IParameter.PARAM_BODY)))
elif PARAMETERISGET:
if DEBUG:
print "parameter is in URL"
currentRequest.setRequest(
self._helpers.updateParameter(
currentRequest.getRequest(),
self._helpers.buildParameter(MAGIC_PARAMETER,
serializedValue,
IParameter.PARAM_URL)))
elif PARAMETERISCOOKIE:
if DEBUG:
print "parameter is a COOKIE"
currentRequest.setRequest(
self._helpers.updateParameter(
currentRequest.getRequest(),
self._helpers.buildParameter(MAGIC_PARAMETER,
serializedValue,
IParameter.PARAM_COOKIE)))
return
#
# implement ITab
#
def getTabCaption(self):
global EXTENSION_TABCAPTION
return (EXTENSION_TABCAPTION)
def getUiComponent(self):
#~ return self._splitpane
return self.tab
#
# implement IMessageEditorTabFactory
#
def createNewInstance(self, controller, editable):
# create a new instance of our custom editor tab
return CustomInputTab(self, controller, editable)
class BurpExtender(IBurpExtender, IContextMenuFactory):
# Implement IBurpExtender
def registerExtenderCallbacks(self, callbacks):
self.printHeader()
# Set extension name
callbacks.setExtensionName("Directory Listing Parser for Burp Suite")
# Callbacks object
self._callbacks = callbacks
# Helpers object
self._helpers = callbacks.getHelpers()
# Register a factory for custom context menu items
callbacks.registerContextMenuFactory(self)
return
# Create a menu item if the appropriate section of the UI is selected
def createMenuItems(self, invocation):
menu = []
# Which part of the interface the user selects
ctx = invocation.getInvocationContext()
# Message Viewer Req/Res, Site Map Table, and Proxy History will show menu item if selected by the user
if ctx == 2 or ctx == 3 or ctx == 4 or ctx == 5 or ctx == 6:
menu.append(JMenuItem("Import Directory Listing", None, actionPerformed=lambda x, inv=invocation: self.openGUI(inv)))
return menu if menu else None
# Create and place GUI components on JFrame
def openGUI(self, invocation):
try:
# Get values from request or response the extension is invoked from and prepopulate GUI values
invMessage = invocation.getSelectedMessages()
message = invMessage[0]
originalHttpService = message.getHttpService()
self.originalMsgProtocol = originalHttpService.getProtocol()
self.originalMsgHost = originalHttpService.getHost()
self.originalMsgPort = originalHttpService.getPort()
except:
self.originalMsgProtocol = ''
self.originalMsgHost = ''
self.originalMsgPort = ''
try:
self.cookies = self._callbacks.getCookieJarContents()
self.cookie = ''
except:
pass
self.SSL = 'http://'
self.listType = ''
self.parsedList = []
# Set up main window (JFrame)
self.window = JFrame("Directory Listing Parser for Burp Suite", preferredSize=(600, 475), windowClosing=self.closeUI)
self.window.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE)
emptyBorder = BorderFactory.createEmptyBorder(10, 10, 10, 10)
self.window.contentPane.setBorder(emptyBorder)
self.window.contentPane.layout = BorderLayout()
# Main window title placed at the top of the main window with an invisible bottom border
titlePanel = JPanel()
titleBorder = BorderFactory.createEmptyBorder(0, 0, 10, 0)
title = JLabel("Directory Listing Parser for Burp Suite", JLabel.CENTER)
title.setBorder(titleBorder)
title.setFont(Font("Default", Font.PLAIN, 18))
titlePanel.add(title)
self.window.contentPane.add("North", titlePanel)
# Left panel for user input, consisting of hostname, directory prefix, ssl, port, type of listing, and file
self.leftPanel = JPanel()
self.leftPanel.layout = GridLayout(14, 1, 3, 3)
hostnameLabel = JLabel("Hostname:")
if self.originalMsgHost:
self.hostnameTextField = JTextField(self.originalMsgHost.rstrip())
else:
self.hostnameTextField = JTextField('Hostname')
dirPrefixLabel = JLabel("Full Directory Prefix (Windows):")
self.dirPrefixField = JTextField('C:\\var\www\\')
sslLabel = JLabel("SSL:")
self.radioBtnSslEnabled = JRadioButton('Enabled (https)', actionPerformed=self.radioSsl)
self.radioBtnSslDisabled = JRadioButton('Disabled (http)', actionPerformed=self.radioSsl)
sslButtonGroup = ButtonGroup()
sslButtonGroup.add(self.radioBtnSslEnabled)
sslButtonGroup.add(self.radioBtnSslDisabled)
if self.originalMsgProtocol == "https":
self.radioBtnSslEnabled.setSelected(True)
else:
self.radioBtnSslDisabled.setSelected(True)
portLabel = JLabel("Port:")
if self.originalMsgPort:
self.portTextField = JTextField(str(self.originalMsgPort).rstrip())
else:
self.portTextField = JTextField('80')
osLabel = JLabel("Type of File Listing:")
self.types = ('Windows \'dir /s\'', 'Linux \'ls -lR\'', 'Linux \'ls -R\'')
self.comboListingType = JComboBox(self.types)
uploadLabel = JLabel("Directory Listing File:")
self.uploadTextField = JTextField('')
uploadButton = JButton('Choose File', actionPerformed=self.chooseFile)
self.leftPanel.add(hostnameLabel)
self.leftPanel.add(self.hostnameTextField)
self.leftPanel.add(dirPrefixLabel)
self.leftPanel.add(self.dirPrefixField)
self.leftPanel.add(sslLabel)
self.leftPanel.add(self.radioBtnSslEnabled)
self.leftPanel.add(self.radioBtnSslDisabled)
self.leftPanel.add(portLabel)
self.leftPanel.add(self.portTextField)
self.leftPanel.add(osLabel)
self.leftPanel.add(self.comboListingType)
self.leftPanel.add(uploadLabel)
self.leftPanel.add(self.uploadTextField)
self.leftPanel.add(uploadButton)
# Right panel consisting of a text area for the URL list
self.UrlPanelLabel = JLabel("URL List:")
self.textArea = JTextArea()
self.textArea.setEditable(True)
self.textArea.setFont(Font("Default", Font.PLAIN, 14))
if self.cookies:
self.textArea.append('Cookies Found:\n')
for cookie in self.cookies:
if cookie.getDomain() in self.originalMsgHost:
self.cookie += cookie.getName() + '=' + cookie.getValue() + '; '
self.textArea.append(cookie.getName() + '=' + cookie.getValue() + '\n')
scrollArea = JScrollPane(self.textArea)
scrollArea.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
scrollArea.setPreferredSize(Dimension(400, 200))
self.rightPanel = JPanel()
self.rightPanel.setLayout(BorderLayout(3, 3))
self.rightPanel.add(self.UrlPanelLabel, BorderLayout.NORTH)
self.rightPanel.add(scrollArea, BorderLayout.CENTER)
# Panel for the generate URL list and import URL list buttons
generatePanel = JPanel()
generatePanel.layout = BorderLayout(3, 3)
generateButton = JButton('Generate URL List', actionPerformed=self.generateUrlList)
importButton = JButton('Import URL List to Burp Site Map', actionPerformed=self.confirmImport)
generatePanel.add("North", generateButton)
generatePanel.add("South", importButton)
self.rightPanel.add("South", generatePanel)
# Add the two main panels to the left and right sides
self.window.contentPane.add("East", self.rightPanel)
self.window.contentPane.add("West", self.leftPanel)
# Create a panel to be used for the file chooser window
self.uploadPanel = JPanel()
self.window.pack()
self.window.show()
# JFileChooser and showDialog for the user to specify their directory listing input file
def chooseFile(self, event):
chooseFile = JFileChooser()
filter = FileNameExtensionFilter("c files", ["c"])
chooseFile.addChoosableFileFilter(filter)
chooseFile.showDialog(self.uploadPanel, "Choose File")
chosenFile = chooseFile.getSelectedFile()
self.uploadTextField.text = str(chosenFile)
# Set whether https is enabled. Default is disabled (http)
def radioSsl(self, event):
if self.radioBtnSslEnabled.isSelected():
self.SSL = 'https://'
else:
self.SSL = 'http://'
# Create a parser object and pass the user's specified options. Retrieve the results and print them to a text area
def generateUrlList(self, event):
fileListingType = self.comboListingType.selectedIndex
self.listType = self.types[fileListingType]
urlsMade = 0
if os.path.isfile(self.uploadTextField.text):
parser = ListingParser()
parser.parse(self.hostnameTextField.getText(), self.dirPrefixField.getText().rstrip(), self.SSL, self.portTextField.getText(), self.listType, self.uploadTextField.getText())
self.parsedList = parser.returnList()
self.textArea.setText('')
for item in self.parsedList:
self.textArea.append(item + '\n')
urlsMade = str(len(self.parsedList))
if self.parsedList and urlsMade:
self.textArea.append('\n' + 'Total Directories Found: ' + str(parser.directoryCount))
self.textArea.append('\n' + 'Total URLs Created: ' + urlsMade)
else:
self.textArea.append('Error occurred during parsing.\n')
self.textArea.append('Please make sure the directory listing is a valid format and all input is correct.\n')
self.textArea.append('E-mail [email protected] with errors or for further help.')
else:
JOptionPane.showMessageDialog(None, 'ERROR: File is not valid file or not found!')
def closeUI(self, event):
self.window.setVisible(False)
self.window.dispose()
# This is initiated by the user selecting the 'import to burp' button. Checks each generated URL for a valid response and adds it to the site map
def importList(self):
if self.parsedList:
urlsAdded = 0
# Loop through each URL and check the response. If the response code is less than 404, add to site map
for item in self.parsedList:
# Pass exception if urlopen returns an http error if the URL is not reachable
try:
code = urlopen(item).code
if code < 404:
javaURL = URL(item)
newRequest = self._helpers.buildHttpRequest(javaURL)
stringNewRequest = self._helpers.bytesToString(newRequest).rstrip()
if self.cookie:
stringNewRequest += '\nCookie: ' + self.cookie.rstrip('; ') + '\r\n\r\n'
requestResponse = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(javaURL.getHost()), int(javaURL.getPort()), javaURL.getProtocol() == "https"), stringNewRequest)
else:
requestResponse = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(javaURL.getHost()), int(javaURL.getPort()), javaURL.getProtocol() == "https"), newRequest)
self._callbacks.addToSiteMap(requestResponse)
urlsAdded += 1
except Exception, e:
print e
pass
JOptionPane.showMessageDialog(None, str(urlsAdded) + " URL(s) added to Burp site map.")
else:
class BurpExtender(IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
global EXTENSION_NAME
sys.stdout = callbacks.getStdout()
sys.stderr = callbacks.getStderr()
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName(EXTENSION_NAME)
# register ourselves as a Http Listener
callbacks.registerHttpListener(self)
# register ourselves as a message editor tab factory
callbacks.registerMessageEditorTabFactory(self)
# setup the UI
self.initGui()
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
return
#
# create the Gui
#
def initGui(self):
#~ if DEBUG:
#~ import pdb;
#~ pdb.set_trace()
tabPane = JTabbedPane(JTabbedPane.TOP)
CreditsText = "<html># Burp Custom Deserializer<br/># Copyright (c) 2016, Marco Tinari<br/>#<br/># This program is free software: you can redistribute it and/or modify<br/># it under the terms of the GNU General Public License as published by<br/># the Free Software Foundation, either version 3 of the License, or<br/># (at your option) any later version.<br/>#<br/># This program is distributed in the hope that it will be useful,<br/># but WITHOUT ANY WARRANTY; without even the implied warranty of<br/># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br/># GNU General Public License for more details.<br/>#<br/># You should have received a copy of the GNU General Public License<br/># along with this program. If not, see <http://www.gnu.org/licenses/>.)<br/></html>"
label1 = JLabel("<html>Usage:<br>1 - Select the desired encoding functions<br>2 - Enter the name of the parameter in the input field below and press the Apply button!</html>")
label2 = JLabel(CreditsText)
panel1 = JPanel()
#set layout
panel1.setLayout(GridLayout(11,1))
panel2 = JPanel()
panel1.add(label1)
panel2.add(label2)
tabPane.addTab("Configuration", panel1)
tabPane.addTab("Credits", panel2)
applyButton = JButton('Apply',actionPerformed=self.reloadConf)
panel1.add(applyButton, BorderLayout.SOUTH)
#define GET/POST/COOKIE radio button
self.GETparameterTypeRadioButton = JRadioButton('GET parameter')
self.POSTparameterTypeRadioButton = JRadioButton('POST parameter')
self.COOKIEparameterTypeRadioButton = JRadioButton('COOKIE parameter')
self.POSTparameterTypeRadioButton.setSelected(True)
group = ButtonGroup()
group.add(self.GETparameterTypeRadioButton)
group.add(self.POSTparameterTypeRadioButton)
group.add(self.COOKIEparameterTypeRadioButton)
self.base64Enabled = JCheckBox("Base64 encode")
self.URLEnabled = JCheckBox("URL encode")
self.ASCII2HexEnabled = JCheckBox("ASCII to Hex")
self.ScannerEnabled = JCheckBox("<html>Enable serialization in Burp Scanner<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.rightclick->Actively scan defined insertion points)</html>")
self.IntruderEnabled = JCheckBox("<html>Enable serialization in Burp Intruder<br>Usage:<br>1.Place unencoded values inside intruder request and define the placeholder positions<br>2.Start the attack</html>")
self.parameterName = JTextField("Parameter name goes here...",60)
#set the tooltips
self.parameterName.setToolTipText("Fill in the parameter name and apply")
self.base64Enabled.setToolTipText("Enable base64 encoding/decoding")
self.ASCII2HexEnabled.setToolTipText("Enable ASCII 2 Hex encoding/decoding")
self.URLEnabled.setToolTipText("Enable URL encoding/decoding")
self.IntruderEnabled.setToolTipText("Check this if You want the extension to intercept and modify every request made by the Burp Intruder containing the selected paramter")
self.ScannerEnabled.setToolTipText("Check this if You want the extension to intercept and modify every request made by the Burp Scanner containing the selected paramter")
#add checkboxes to the panel
panel1.add(self.parameterName)
panel1.add(self.POSTparameterTypeRadioButton)
panel1.add(self.GETparameterTypeRadioButton)
panel1.add(self.COOKIEparameterTypeRadioButton)
panel1.add(self.base64Enabled)
panel1.add(self.URLEnabled)
panel1.add(self.ASCII2HexEnabled)
panel1.add(self.IntruderEnabled)
panel1.add(self.ScannerEnabled)
#assign tabPane
self.tab = tabPane
def reloadConf(self,event):
#~ if DEBUG:
#~ import pdb; pdb.set_trace()
source = event.getSource()
print 'APPLY button clicked. New configuration loaded.'
global MAGIC_PARAMETER
global PARAMETERISPOST
global PARAMETERISGET
global PARAMETERISCOOKIE
global BASE64ENCODINGENABLED
global ASCII2HEXENCODINGENABLED
global URLENCODINGENABLED
global INTRUDERENABLED
global SCANNERENABLED
MAGIC_PARAMETER=self.parameterName.getText()
print 'Base64 checkbox is: '+str(self.base64Enabled.isSelected())
if self.base64Enabled.isSelected():
BASE64ENCODINGENABLED=True
else:
BASE64ENCODINGENABLED=False
print 'ASCII2Hex checkbox is: '+str(self.ASCII2HexEnabled.isSelected())
if self.ASCII2HexEnabled.isSelected():
ASCII2HEXENCODINGENABLED=True
else:
ASCII2HEXENCODINGENABLED=False
print 'URL checkbox is: '+str(self.URLEnabled.isSelected())
if self.URLEnabled.isSelected():
URLENCODINGENABLED=True
else:
URLENCODINGENABLED=False
print 'New Magic parameter is: '+str(MAGIC_PARAMETER)
if self.POSTparameterTypeRadioButton.isSelected(): #BODYPARAM
PARAMETERISPOST=True
print "parameterispost has been set to: " + str(PARAMETERISPOST)
else:
PARAMETERISPOST=False
print "parameterispost has been set to: " + str(PARAMETERISPOST)
if self.GETparameterTypeRadioButton.isSelected(): #GETPARAM
PARAMETERISGET=True
print "parameterisget has been set to: " + str(PARAMETERISGET)
else:
PARAMETERISGET=False
print "parameterisget has been set to: " + str(PARAMETERISGET)
if self.COOKIEparameterTypeRadioButton.isSelected(): #COOKIEPARAM
PARAMETERISCOOKIE=True
print "parameteriscookie has been set to: " + str(PARAMETERISCOOKIE)
else:
PARAMETERISCOOKIE=False
print "parameteriscookie has been set to: " + str(PARAMETERISCOOKIE)
if self.ScannerEnabled.isSelected():
SCANNERENABLED=True
print "Scanner Enabled"
else:
SCANNERENABLED=False
if self.IntruderEnabled.isSelected():
INTRUDERENABLED=True
print "Intruder Enabled"
else:
INTRUDERENABLED=False
#
# implement IHTTPListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
global PARAMETERISPOST
global PARAMETERISGET
global PARAMETERISCOOKIE
global URLENCODINGENABLED
global BASE64ENCODINGENABLED
global ASCII2HEXENCODINGENABLED
global INTRUDERENABLED
global SCANNERENABLED
#only process requests
if not messageIsRequest:
return
#only process messages from Intruder and Scanner, otherwise exit
#if (not self._callbacks.TOOL_INTRUDER == toolFlag):
if ((not ((self._callbacks.TOOL_INTRUDER == toolFlag) and INTRUDERENABLED)) and (not ((self._callbacks.TOOL_SCANNER == toolFlag) and SCANNERENABLED))):
#print "exiting- toolflag:"+str(toolFlag)+' INTRUDERENABLED='+str(INTRUDERENABLED)+' SCANNERENABLED='+str(SCANNERENABLED)
return
#if ((not self._callbacks.TOOL_INTRUDER == toolFlag)) and ((not self._callbacks.TOOL_SCANNER == toolFlag)):#remove the comment to always enable
if DEBUG:
print "IHTTPListener Enabled in: " + str(toolFlag)
requestInfo = self._helpers.analyzeRequest(currentRequest)
timestamp = datetime.now()
if DEBUG:
print "Intercepting message at: ", timestamp.isoformat()
#parameters = requestInfo.getParameters()
dataParameter = self._helpers.getRequestParameter(currentRequest.getRequest(), MAGIC_PARAMETER)
#FIXME: add exception handling for multiple parameters with the same name and/or in a different position!!!
if DEBUG:
print 'dataparameter:'+str(dataParameter)
if (dataParameter == None):
if DEBUG:
print 'Parameter does not exist'
return
serializedValue = dataParameter.getValue()
#FIXME: substitute '[AND]' placeholder with '&' charachter - we should do something more elegant here :/
serializedValue = re.sub(r'\[AND\]', '&', serializedValue)
print "unserialized parameter value: ", str(serializedValue)
if BASE64ENCODINGENABLED: #if base64Encode is selected
serializedValue = self._helpers.base64Encode(serializedValue)
if DEBUG:
print "base64 encoded parameter value: ", str(serializedValue)
if URLENCODINGENABLED: #if URLEncode is selected
serializedValue = self._helpers.urlEncode(serializedValue)
if DEBUG:
print "URL ecoded parameter value: ", str(serializedValue)
if ASCII2HEXENCODINGENABLED: #if ASCII2HexEncode is selected
serializedValue = convert_ascii2hex(serializedValue)
if DEBUG:
print "ASCII2Hex ecoded parameter value: ", str(serializedValue)
print "serialized parameter value: ", serializedValue
if PARAMETERISPOST:
if DEBUG:
print "parameter is BODY"
currentRequest.setRequest(self._helpers.updateParameter(currentRequest.getRequest(),self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue,IParameter.PARAM_BODY)))
elif PARAMETERISGET:
if DEBUG:
print "parameter is in URL"
currentRequest.setRequest(self._helpers.updateParameter(currentRequest.getRequest(),self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue,IParameter.PARAM_URL)))
elif PARAMETERISCOOKIE:
if DEBUG:
print "parameter is a COOKIE"
currentRequest.setRequest(self._helpers.updateParameter(currentRequest.getRequest(),self._helpers.buildParameter(MAGIC_PARAMETER, serializedValue,IParameter.PARAM_COOKIE)))
return
#
# implement ITab
#
def getTabCaption(self):
global EXTENSION_TABCAPTION
return(EXTENSION_TABCAPTION)
def getUiComponent(self):
#~ return self._splitpane
return self.tab
#
# implement IMessageEditorTabFactory
#
def createNewInstance(self, controller, editable):
# create a new instance of our custom editor tab
return CustomInputTab(self, controller, editable)
class ConfigurationPanel(JPanel, PropertyChangeListener):
def __init__(self):
''' Configuration Panel '''
# pconfig = JPanel(GridBagLayout())
# pconfig.setSize(Dimension(500,300))
self.setLayout(GridBagLayout())
# super(self,GridBagLayout())
self.setSize(Dimension(500,300))
''' fila 1 '''
label = JLabel('Configuration panel')
c1 = GridBagConstraints()
c1.fill = GridBagConstraints.HORIZONTAL
c1.weightx = 0.5
c1.gridwidth = 4
c1.gridx = 0
c1.gridy = 0
self.add(label, c1)
''' fila 2 '''
self.radioBtnOMC = JRadioButton('OpenModelica')
c2 = GridBagConstraints()
c2.fill = GridBagConstraints.HORIZONTAL
c2.weightx = 0.5
c2.gridx = 0
c2.gridy = 1
self.add(self.radioBtnOMC, c2)
self.radioBtnJM = JRadioButton('JModelica')
c3 = GridBagConstraints()
c3.fill = GridBagConstraints.HORIZONTAL
c3.weightx = 0.5
c3.gridx = 1
c3.gridy = 1
self.add(self.radioBtnJM, c3)
self.radioBtnDY = JRadioButton('Dymola')
c4 = GridBagConstraints()
c4.fill = GridBagConstraints.HORIZONTAL
c4.weightx = 0.5
c4.gridx = 2
c4.gridy = 1
self.add(self.radioBtnDY, c4)
rbBtnGroup = ButtonGroup()
rbBtnGroup.add(self.radioBtnOMC)
rbBtnGroup.add(self.radioBtnJM)
rbBtnGroup.add(self.radioBtnDY)
''' fila 2 '''
label = JLabel('Start time')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 0
c.gridy = 2
self.add(label, c)
self.txtstart= JTextField('0')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 1
c.gridy = 2
self.add(self.txtstart, c)
label = JLabel('Stop time')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 2
c.gridy = 2
self.add(label, c)
self.txtstop= JTextField('0')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 3
c.gridy = 2
self.add(self.txtstop, c)
''' fila 3 '''
label = JLabel('Solver')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 0
c.gridy = 3
self.add(label, c)
self.cbsolver= JComboBox(['dassl','rkfix2'])
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 1
c.gridy = 3
self.add(self.cbsolver, c)
label = JLabel('Algorithm (JM)')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 2
c.gridy = 3
self.add(label, c)
self.cbalgorithm= JComboBox(['AssimuloAlg'])
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 3
c.gridy = 3
self.add(self.cbalgorithm, c)
''' fila 4 '''
label = JLabel('Interval')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 0
c.gridy = 4
self.add(label, c)
self.txtinterval= JTextField('0')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 1
c.gridy = 4
self.add(self.txtinterval, c)
''' fila 5 '''
label = JLabel('Tolerance')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 0
c.gridy = 5
self.add(label, c)
self.txttolerance= JTextField('0')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 1
c.gridy = 5
self.add(self.txttolerance, c)
''' fila 6 '''
label = JLabel('Output format')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 0
c.gridy = 6
self.add(label, c)
self.cboutformat= JComboBox(['.mat','.h5','.csv'])
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 1
c.gridy = 6
self.add(self.cboutformat, c)
label = JLabel('Initialize (JM)')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 2
c.gridy = 6
self.add(label, c)
self.cbinitialize= JComboBox(['True','False'])
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridx = 3
c.gridy = 6
self.add(self.cbinitialize, c)
''' fila 7 '''
bSaveCfg= JButton('Save Configuration', actionPerformed= self.saveConfiguration)
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridwidth = 2
c.gridx = 0
c.gridy = 7
self.add(bSaveCfg, c)
self.bSimulation= JButton('Load Configuration', actionPerformed= self.loadConfiguration)
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 0.5
c.gridwidth = 2
c.gridx = 2
c.gridy = 7
self.add(self.bSimulation, c)
''' fila 8 '''
self.bSimulation= JButton('Simulate', actionPerformed= self.startSimlation)
self.bSimulation.enabled= 0
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 1
c.gridwidth = 4
c.gridx = 0
c.gridy = 8
self.add(self.bSimulation, c)
''' file 9 '''
simProgress= JProgressBar(0, self.getWidth(), value=0, stringPainted=True)
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 1
c.gridwidth = 4
c.gridx = 0
c.gridy = 9
self.add(simProgress, c)
''' fila 10 '''
self.lblResult= JLabel('Simulation information')
c = GridBagConstraints()
c.fill = GridBagConstraints.HORIZONTAL
c.weightx = 1
c.gridwidth = 4
c.gridx = 0
c.gridy = 10
self.add(self.lblResult, c)
def startSimlation(self, event):
"Invoked when the user presses the start button"
self.bSimulation.enabled = False
#Instances of javax.swing.SwingWorker are not reusable, so
#we create new instances as needed.
self.simtask = SimulationTask(self)
# self.simtask.addPropertyChangeListener(self)
self.simtask.execute()
def saveConfiguration(self,event):
if self.radioBtnOMC.isSelected() or self.radioBtnDY.isSelected():
self.config= SimulationConfigOMCDY()
self.config.set_starttime(self.txtstart.getText())
self.config.set_stoptime(self.txtstop.getText())
self.config.set_tolerance(self.txttolerance.getText())
self.config.set_intervals(self.txtinterval.getText())
self.config.set_method(self.cbsolver.selectedItem)
self.config.set_outputformat(self.cboutformat.selectedItem)
if self.radioBtnOMC.isSelected():
nomfile= './config/simConfigurationOMC.properties'
if self.radioBtnDY.isSelected():
nomfile= './config/simConfigurationDY.properties'
self.config.save_Properties(nomfile, 'Simulation Configuration')
if self.radioBtnJM.isSelected():
self.config= SimulationConfigJM()
self.config.set_starttime(self.txtstart.getText())
self.config.set_stoptime(self.txtstop.getText())
self.config.set_intervals(self.txtinterval.text)
self.config.set_method(self.cbsolver.selectedItem)
self.config.set_algorithm(self.cbalgorithm.selectedItem)
self.config.set_initialization(self.cbinitialize.selectedItem)
self.config.set_outputformat(self.cboutformat.selectedItem)
nomfile= './config/simConfigurationJM.properties'
self.config.save_Properties(nomfile, 'Simulation Configuration')
self.bSimulation.enabled= 1
def loadConfiguration(self, event):
if self.radioBtnOMC.isSelected() or self.radioBtnDY.isSelected():
self.config= SimulationConfigOMCDY()
self.config.load_Properties('./config/simConfigurationOMC.properties')
self.txtstart.setText(self.config.get_starttime())
self.txtstop.setText(self.config.get_stoptime())
self.txttolerance.setText(self.config.get_tolerance())
self.txtinterval.setText(self.config.get_intervals())
self.cbsolver.selectedItem= self.config.get_method()
self.cboutformat.selectedItem= self.config.get_outputformat()
if self.radioBtnJM.isSelected():
self.config= SimulationConfigJM()
self.config.load_Properties('./config/simConfigurationJM.properties')
self.txtstart.setText(self.config.get_starttime())
self.txtstop.setText(self.config.get_stoptime())
self.txtinterval.setText(self.config.get_intervals())
self.cbsolver.selectedItem= self.config.get_method()
self.cbalgorithm.selectedItem= self.config.get_algorithm()
self.cbinitialize.selectedItem= self.config.get_initialization()
# self.cboutformat.selectedItem= self.config.get_outputformat()
self.bSimulation.enabled= 1
class BurpExtender(IBurpExtender, IContextMenuFactory, IHttpListener,
ISessionHandlingAction, ITab):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("JC-AntiToken")
callbacks.registerContextMenuFactory(self)
# callbacks.registerHttpListener(self)
callbacks.registerSessionHandlingAction(self)
self.drawUI()
def printcn(self, msg):
print(msg.decode('utf-8').encode(sys_encoding))
def drawUI(self):
# 最外层:垂直盒子,内放一个水平盒子+一个胶水
out_vBox_main = Box.createVerticalBox()
# 次外层:水平盒子,使用说明
usage = u'''
JC-AntiToken(简单防重放绕过)
适用场景:防重放的方式为,提前向一个页面发送请求取得token,替换到下一个页面中。
适用说明:
1. 请求头中Headers和Data的值必须是JSON字符串,如:{"var":"value"}
2. 左边tokenRegex的格式为:
a. .*开头,.*结尾,用()括住要取出的token
b. 如:.*,"token":"(.*?)".*
3. 右边tokenRegex的格式为:
a. 需要三个(),第二个()括住要替换的token
b. 如:(.*,"token":")(.*?)(".*)
详见:https://github.com/chroblert/JC-AntiToken
'''
hBox_usage = Box.createHorizontalBox()
jpanel_test = JPanel()
jTextarea_usage = JTextArea()
jTextarea_usage.setText(usage)
jTextarea_usage.setRows(13)
jTextarea_usage.setEditable(False)
# jpanel_test.add(jTextarea_usage)
hBox_usage.add(JScrollPane(jTextarea_usage))
# 次外层:水平盒子,内放两个垂直盒子
hBox_main = Box.createHorizontalBox()
# 左垂直盒子
vBox_left = Box.createVerticalBox()
# 右垂直盒子
vBox_right = Box.createVerticalBox()
# 左垂直盒子内部:发送请求包拿token
# URL标签
jlabel_url = JLabel(" URL: ")
self.jtext_url = JTextField(generWidth)
self.jtext_url.setMaximumSize(self.jtext_url.getPreferredSize())
hbox_url = Box.createHorizontalBox()
hbox_url.add(jlabel_url)
hbox_url.add(self.jtext_url)
hglue_url = Box.createHorizontalGlue()
hbox_url.add(hglue_url)
# 请求方法标签
jlabel_reqMeth = JLabel("ReqMeth: ")
self.jcombobox_reqMeth = JComboBox()
self.jcombobox_reqMeth.addItem("GET")
self.jcombobox_reqMeth.addItem("POST")
hbox_reqMeth = Box.createHorizontalBox()
hbox_reqMeth.add(jlabel_reqMeth)
hbox_reqMeth.add(self.jcombobox_reqMeth)
self.jcombobox_reqMeth.setMaximumSize(
self.jcombobox_reqMeth.getPreferredSize())
hglue_reqMeth = Box.createHorizontalGlue()
hbox_reqMeth.add(hglue_reqMeth)
# ContentType标签
jlabel_contentType = JLabel("ConType: ")
self.jcombobox_contentType = JComboBox()
self.jcombobox_contentType.addItem("application/json")
self.jcombobox_contentType.addItem("application/x-www-form-urlencoded")
hbox_contentType = Box.createHorizontalBox()
hbox_contentType.add(jlabel_contentType)
hbox_contentType.add(self.jcombobox_contentType)
self.jcombobox_contentType.setMaximumSize(
self.jcombobox_contentType.getPreferredSize())
hglue_contentType = Box.createHorizontalGlue()
hbox_contentType.add(hglue_contentType)
# Charset标签
jlabel_charset = JLabel("CharSet: ")
self.jcombobox_charset = JComboBox()
self.jcombobox_charset.addItem("UTF-8")
self.jcombobox_charset.addItem("GBK")
hbox_charset = Box.createHorizontalBox()
hbox_charset.add(jlabel_charset)
hbox_charset.add(self.jcombobox_charset)
self.jcombobox_charset.setMaximumSize(
self.jcombobox_charset.getPreferredSize())
hglue_charset = Box.createHorizontalGlue()
hbox_charset.add(hglue_charset)
# 请求头标签
jlabel_headers = JLabel("Headers: ")
self.jtext_headers = JTextField(generWidth)
self.jtext_headers.setMaximumSize(
self.jtext_headers.getPreferredSize())
hbox_headers = Box.createHorizontalBox()
hbox_headers.add(jlabel_headers)
hbox_headers.add(self.jtext_headers)
hglue_headers = Box.createHorizontalGlue()
hbox_headers.add(hglue_headers)
# 请求参数标签
jlabel_data = JLabel(" Data: ")
self.jtext_data = JTextField(generWidth)
self.jtext_data.setPreferredSize(Dimension(20, 40))
self.jtext_data.setMaximumSize(self.jtext_data.getPreferredSize())
hbox_data = Box.createHorizontalBox()
hbox_data.add(jlabel_data)
hbox_data.add(self.jtext_data)
hglue_data = Box.createHorizontalGlue()
hbox_data.add(hglue_data)
# token标志位置标签
hbox_radiobtn = Box.createHorizontalBox()
jlabel_tokenPosition = JLabel("Token Position: ")
self.radioBtn01 = JRadioButton("Header")
self.radioBtn02 = JRadioButton("Body")
btnGroup = ButtonGroup()
btnGroup.add(self.radioBtn01)
btnGroup.add(self.radioBtn02)
self.radioBtn01.setSelected(True)
hbox_radiobtn.add(jlabel_tokenPosition)
hbox_radiobtn.add(self.radioBtn01)
hbox_radiobtn.add(self.radioBtn02)
# token正则表达式标签
hbox_token = Box.createHorizontalBox()
hbox_token_header = Box.createHorizontalBox()
hbox_token_body = Box.createHorizontalBox()
# token正则表达式标签:header中
jlabel_tokenName = JLabel("tokenName: ")
self.jtext_tokenName = JTextField(tokenWidth)
self.jtext_tokenName.setMaximumSize(
self.jtext_tokenName.getPreferredSize())
hbox_token_header.add(jlabel_tokenName)
hbox_token_header.add(self.jtext_tokenName)
hglue_token_header = Box.createHorizontalGlue()
hbox_token_header.add(hglue_token_header)
# token正则表达式标签:body中
jlabel_tokenRegex = JLabel("tokenRegex: ")
self.jtext_tokenRegex = JTextField(tokenWidth)
self.jtext_tokenRegex.setMaximumSize(
self.jtext_tokenRegex.getPreferredSize())
hbox_token_body.add(jlabel_tokenRegex)
hbox_token_body.add(self.jtext_tokenRegex)
hglue_token_body = Box.createHorizontalGlue()
hbox_token_body.add(hglue_token_body)
# token正则表达式标签
hbox_token.add(hbox_token_header)
hbox_token.add(hbox_token_body)
# test测试按钮
hbox_test = Box.createHorizontalBox()
jbtn_test = JButton("TEST", actionPerformed=self.btnTest)
self.jlabel_test = JLabel("Result: ")
hbox_test.add(jbtn_test)
hbox_test.add(self.jlabel_test)
# 水平胶水填充
hGlue_test = Box.createHorizontalGlue()
hbox_test.add(hGlue_test)
hbox_test.setBorder(BorderFactory.createLineBorder(Color.green, 2))
# 响应数据输出
hbox_resp = Box.createHorizontalBox()
self.jtextarea_resp = JTextArea()
jsp = JScrollPane(self.jtextarea_resp)
hbox_resp.add(self.jtextarea_resp)
# 左垂直盒子:添加各种水平盒子
vBox_left.add(hbox_url)
vBox_left.add(hbox_reqMeth)
vBox_left.add(hbox_contentType)
vBox_left.add(hbox_charset)
vBox_left.add(hbox_headers)
vBox_left.add(hbox_data)
vBox_left.add(hbox_radiobtn)
vBox_left.add(hbox_token)
vBox_left.add(hbox_test)
vBox_left.add(hbox_resp)
# 左垂直盒子:垂直胶水填充
vGlue_test = Box.createGlue()
vBox_left.add(vGlue_test)
# 右垂直盒子内部:指定token在请求包中的位置
# token标志位置单选按钮
hbox_radiobtn_r = Box.createHorizontalBox()
jlabel_tokenPosition_r = JLabel("Token Position: ")
self.radioBtn01_r = JRadioButton("Header")
self.radioBtn02_r = JRadioButton("Body")
btnGroup_r = ButtonGroup()
btnGroup_r.add(self.radioBtn01_r)
btnGroup_r.add(self.radioBtn02_r)
self.radioBtn01_r.setSelected(True)
hbox_radiobtn_r.add(jlabel_tokenPosition_r)
hbox_radiobtn_r.add(self.radioBtn01_r)
hbox_radiobtn_r.add(self.radioBtn02_r)
# token正则表达式
hbox_token_r = Box.createHorizontalBox()
hbox_token_header_r = Box.createHorizontalBox()
hbox_token_body_r = Box.createHorizontalBox()
# token正则表达式:在header中
jlabel_tokenName_r = JLabel("tokenName: ")
self.jtext_tokenName_r = JTextField(tokenWidth)
self.jtext_tokenName_r.setMaximumSize(
self.jtext_tokenName_r.getPreferredSize())
hbox_token_header_r.add(jlabel_tokenName_r)
hbox_token_header_r.add(self.jtext_tokenName_r)
hglue_token_header_r = Box.createHorizontalGlue()
hbox_token_header_r.add(hglue_token_header_r)
# token正则表达式:在Body中
jlabel_tokenRegex_r = JLabel("tokenRegex: ")
self.jtext_tokenRegex_r = JTextField(tokenWidth)
self.jtext_tokenRegex_r.setMaximumSize(
self.jtext_tokenRegex_r.getPreferredSize())
hbox_token_body_r.add(jlabel_tokenRegex_r)
hbox_token_body_r.add(self.jtext_tokenRegex_r)
hglue_token_body_r = Box.createHorizontalGlue()
hbox_token_body_r.add(hglue_token_body_r)
# token正则表达式
hbox_token_r.add(hbox_token_header_r)
hbox_token_r.add(hbox_token_body_r)
# 测试按钮
hbox_test_r = Box.createHorizontalBox()
jbtn_test_r = JButton("SET", actionPerformed=self.btnTest_r)
self.jlabel_test_r = JLabel("Result: ")
hbox_test_r.add(jbtn_test_r)
hbox_test_r.add(self.jlabel_test_r)
# 水平胶水填充
hGlue02 = Box.createHorizontalGlue()
hbox_test_r.add(hGlue02)
hbox_test_r.setBorder(BorderFactory.createLineBorder(Color.green, 2))
# 右垂直盒子:添加各种水平盒子
vBox_right.add(hbox_radiobtn_r)
vBox_right.add(hbox_token_r)
vBox_right.add(hbox_test_r)
vGlue = Box.createVerticalGlue()
vBox_right.add(vGlue)
vBox_left.setBorder(BorderFactory.createLineBorder(Color.black, 3))
vBox_right.setBorder(BorderFactory.createLineBorder(Color.black, 3))
# 次外层水平盒子:添加左右两个垂直盒子
hBox_main.add(vBox_left)
hBox_main.add(vBox_right)
# 最外层垂直盒子:添加次外层水平盒子,垂直胶水
out_vBox_main.add(hBox_usage)
out_vBox_main.add(hBox_main)
self.mainPanel = out_vBox_main
self._callbacks.customizeUiComponent(self.mainPanel)
self._callbacks.addSuiteTab(self)
def getTabCaption(self):
return "JC-AntiToken"
def getUiComponent(self):
return self.mainPanel
def testBtn_onClick(self, event):
print("click button")
def createMenuItems(self, invocation):
menu = []
if invocation.getToolFlag() == IBurpExtenderCallbacks.TOOL_REPEATER:
menu.append(
JMenuItem("Test menu", None, actionPerformed=self.testmenu))
return menu
def testmenu(self, event):
print(event)
print("JCTest test menu")
def processHttpMessage(self, toolflag, messageIsRequest, messageInfo):
service = messageInfo.getHttpService()
if messageIsRequest:
pass
print("Host: " + str(service.getHost()))
print("Port: " + str(service.getPort()))
print("Protocol: " + str(service.getProtocol()))
print("-----------------------------------")
def getActionName(self):
return "JC-AntiToken"
def performAction(self, currentRequest, macroItems):
# url
url = self._helpers.analyzeRequest(currentRequest).getUrl()
print(url)
reqInfo = self._helpers.analyzeRequest(currentRequest)
# request headers
headers = reqInfo.getHeaders()
print("ReqHeaders: " + headers)
# get cookie from request header
cookie = self.getCookieFromReq(headers)
print(cookie)
print(type(cookie))
# offset to req body
reqBodyOffset = reqInfo.getBodyOffset()
reqBody = str(bytearray(currentRequest.getRequest()[reqBodyOffset:]))
print("ReqBody: " + reqBody)
# modify Request Body
newToken = self.getNewToken(cookie)
if newToken != None:
# tokenInReqHeader
res = False
if self.tokenInHeader_r:
# pass
# 普通header中
for header in headers:
if ":" in header:
if header.split(":")[0] == self.tokenName_r:
headers = [
self.tokenName_r + ": " + newToken
if i.split(":")[0] == self.tokenName_r else i
for i in headers
]
res = True
break
# cookie中
if not res and cookie != None and self.tokenName_r + "=" in cookie:
# pass
for i in range(len(headers)):
if headers[i].startwith("Cookie:"):
cookies2 = headers[i]
cookies3 = cookies2.split(":")[1]
if ";" not in cookies3:
headers[
i] = "Cookie: " + self.tokenName_r + "=" + newToken
res = True
break
else:
cookies4 = cookies3.split(";")
for cookie_idx in range(len(cookies4)):
if self.tokenName_r + "+" in cookies4[
cookie_idx]:
cookies4[
cookie_idx] = self.tokenName_r + "=" + newToken
res = True
break
headers[i] = "Cookie: " + ";".join(cookies4)
break
# query string中
if not res:
meth = headers[0].split(" ")[0]
url = headers[0].split(" ")[1]
ver = headers[0].split(" ")[2]
if self.tokenName_r + "=" not in url:
pass
else:
if "&" not in url:
url = url.split("?")[
0] + "?" + self.tokenName_r + "=" + newToken
headers[0] = meth + " " + url + " " + ver
else:
params = url.split("?")[1].split("&")
for i in range(len(params)):
if self.tokenName_r + "=" in params[i]:
params[
i] = self.tokenName_r + "=" + newToken
break
url = url.split("?")[0] + "?" + "&".join(params)
headers[0] = meth + " " + url + " " + ver
# tokenInReqBody
else:
if re.match(self.tokenRegex_r, reqBody):
try:
reqBody = re.sub(self.tokenRegex_r,
r'\g<1>' + newToken + r'\g<3>',
reqBody, 0, re.M | re.I)
except Exception as e:
print(e)
# print(reqBody)
# reqBody = re.sub(self.tokenRegex_r,r'\g<1>'+newToken+r'\g<3>',reqBody,0,re.M|re.I)
# if re.match(r'(.*?"_tokenName":")([a-zA-Z0-9]{6,})(")',reqBody):
# reqBody = re.sub(r'(.*?"_tokenName":")([a-zA-Z0-9]{6,})(")',r'\1'+newToken+r'\3',reqBody,0,re.M|re.I)
# rebuild request
reqMessage = self._helpers.buildHttpMessage(headers, bytes(reqBody))
# forward
currentRequest.setRequest(reqMessage)
print("++++++++++++++++++++++++")
def getCookieFromReq(self, headers):
for header in headers:
if re.match(r'^Cookie:', header, re.I):
return re.match(r'^Cookie: (.*)', header, re.I).group(1)
# get new token
def getNewToken(self, cookie):
print(cookie)
print("getNewToken")
# url = "http://myip.ipip.net"
headers_cookie = {
'Cookie': cookie,
}
if cookie != '':
self.headers.update(**headers_cookie)
if self.reqMeth == "GET":
resp = self.sendGetHttp(self.url, self.headers, self.data,
self.contentType)
else:
resp = self.sendPostHttp(self.url, self.headers, self.data,
self.contentType)
respBody = resp.read()
respInfo = resp.info()
if self.tokenInHeader:
if respInfo.getheader(self.tokenName) != None:
newToken = respInfo.getheader(self.tokenName)
print(newToken)
return newToken
else:
regexPattern = '.*' + self.tokenName + '=(.*?);'
if respInfo.getheader("set-cookie") != None:
cookies = respInfo.getheader("set-cookie")
if re.match(regexPattern, cookies, re.M | re.I):
newToken = re.match(regexPattern, cookies,
re.M | re.I).group(1)
print("newToken: ", newToken)
return newToken
else:
return None
else:
return None
else:
regexPattern = self.tokenRegex
if re.match(regexPattern, respBody, re.M | re.I):
newToken = re.match(regexPattern, respBody,
re.M | re.I).group(1)
print("newToken: ", newToken)
return newToken
else:
return None
def sendGetHttp(self, url, headers, data, contentType):
context = ssl._create_unverified_context()
headers_contentType = {'Content-Type': contentType}
if not headers.has_key("Content-Type"):
headers.update(**headers_contentType)
headers_userAgent = {
'User-Agent':
'Mozilla/6.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/8.0 Mobile/10A5376e Safari/8536.25'
}
if not headers.has_key("User-Agent"):
headers.update(**headers_userAgent)
try:
if data != None:
# if "urlencode" in contentType:
data = urllib.urlencode(data)
url = url + "?" + data
req = urllib2.Request(url, headers=headers)
else:
req = urllib2.Request(url, headers=headers)
resp = urllib2.urlopen(req, context=context)
return resp
except urllib2.HTTPError as error:
print("ERROR: ", error)
return None
def sendPostHttp(self, url, headers, data, contentType):
context = ssl._create_unverified_context()
headers_contentType = {'Content-Type': contentType}
if not headers.has_key("Content-Type"):
headers.update(**headers_contentType)
headers_userAgent = {
'User-Agent':
'Mozilla/6.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/8.0 Mobile/10A5376e Safari/8536.25'
}
if not headers.has_key("User-Agent"):
headers.update(**headers_userAgent)
print(headers)
resp = ""
print("data: ", data)
if data != None:
if "urlencode" in contentType:
data = urllib.urlencode(data)
req = urllib2.Request(url, headers=headers, data=data)
else:
data = json.dumps(data)
req = urllib2.Request(url, headers=headers, data=data)
else:
if "urlencode" in contentType:
req = urllib2.Request(url, headers=headers)
else:
data = json.dumps(data)
req = urllib2.Request(url, headers=headers)
try:
resp = urllib2.urlopen(req, context=context)
return resp
except urllib2.HTTPError as error:
print("ERROR: ", error)
return None
def btnTest(self, e):
self.printcn("中文测试")
self.url = self.jtext_url.getText()
if self.url == "":
self.jlabel_test.setText("please input url")
return
self.reqMeth = self.jcombobox_reqMeth.getSelectedItem()
# 用户设置content-type
self.contentType = self.jcombobox_contentType.getSelectedItem(
) + ";charset=" + self.jcombobox_charset.getSelectedItem()
# 用户有没有自定义请求头
if self.jtext_headers.getText() != "":
self.headers = json.loads(self.jtext_headers.getText())
else:
self.headers = {}
# 用户有没有自定义请求体
if self.jtext_data.getText() != "":
self.data = json.loads(self.jtext_data.getText())
else:
self.data = None
self.tokenName = self.jtext_tokenName.getText()
self.tokenRegex = self.jtext_tokenRegex.getText()
resp = ''
if self.reqMeth == "GET":
resp = self.sendGetHttp(self.url, self.headers, self.data,
self.contentType)
else:
resp = self.sendPostHttp(self.url, self.headers, self.data,
self.contentType)
if resp == None:
self.jlabel_test.setText("error,detail in extender output")
return
respHeader = resp.info().headers
print("resp-headers: ", respHeader)
# print(resp.info().getheader("content-type"))
self.printcn(resp.info().getheader("set-cookie"))
# print(resp.info().getheader("xxx"))
respBody = resp.read()
print("respBody: ", respBody)
self.jtextarea_resp.setText("".join(respHeader) + "\n" +
"".join(respBody))
if (self.radioBtn01.isSelected()):
self.tokenInHeader = True
if self.tokenName == "":
self.jlabel_test.setText("please input tokenName")
return
else:
self.tokenInHeader = False
if self.tokenRegex == "":
self.jlabel_test.setText("please input tokenRegex")
return
print(self.reqMeth)
newToken = self.getNewToken("")
if newToken != None:
self.jlabel_test.setText("Result: " + str(newToken))
self.jlabel_test.setBackground(Color.cyan)
else:
self.jlabel_test.setText("Result: None")
def btnTest_r(self, e):
self.tokenName_r = self.jtext_tokenName_r.getText()
self.tokenRegex_r = self.jtext_tokenRegex_r.getText()
if (self.radioBtn01_r.isSelected()):
self.tokenInHeader_r = True
if self.tokenName_r == "":
self.jlabel_test_r.setText("please input tokenName")
return
else:
self.tokenInHeader_r = False
if self.tokenRegex_r == "":
self.jlabel_test_r.setText("please input tokenRegex")
return
self.jlabel_test_r.setText("SUCCESS")
