class Evidence(object): def __init__(self, *literals): self.vector = Vector() self.addAll(*literals) def add(self, *strings): ''' adds a single piece of evidence. You may pass * a list of strings that directly use the probcog evidence format, i.e. a list (function, arg1, arg2, value) * a single string with an MLN-style literal definition, e.g. "function(arg1,arg2,value)" or "!pred(arg1)" * a single string with a single BLOG-style assignment, e.g. "function(arg1,arg2)=value" ''' if len(strings) == 1: strings = parseLiteral(strings[0].strip()) jarr = jarray.array(strings, String) self.vector.add(jarr) def addAll(self, *literals): for lit in literals: self.add(lit) def getData(self): return self.vector def clear(self): self.vector.clear()
def configure_model_view_single(self, atfText): ''' At present the model view can only cope with files which represent a single fragment. This method has been moved out of init so we only call it if a single fragment file is loaded. ''' # Add a new tab in the view per object in the text objectID = "&" + atfText.code + " = " + atfText.description self.view.addObject(objectID) # TODO: ATF protocols are not saved in the model yet, but need to be # passed here: # self.view.objectTab[objectID].addMetadata(objectID, atfText.project, # atfText.language, # atfText.protocols) self.view.addMetadata(objectID, atfText.project, atfText.language) for item in atfText.children: itemType = "@" + item.objecttype for side in item.children: # TODO Display side type and make panel as convenient to show # all sides if not(isinstance(side, Translation)): sideType = side.objecttype # self.view.addText(objectID, itemType, sideType) for line in side.children: # TODO Display label and words and lemmas in dropdown # boxes content = Vector() # TODO use polimorfism - see # http://stackoverflow.com/questions/5579309/switch-instanceof if (isinstance(line, Line)): label = line.label words = " ".join(line.words) lemmas = ", ".join(line.lemmas) content.clear() content.add(words) content.add(lemmas) # content.add(translations) self.view.addLine(objectID, label, content) if (isinstance(line, Ruling)): label = "$ ruling" if line.type == "single": ruling = "-------------" content.clear() content.add(ruling) self.view.addLine(objectID, label, content) if (isinstance(line, Comment)): label = "# Comment" comment = line.content content.clear() content.add(comment) self.view.addLine(objectID, label, content) # Display model view self.view.display()
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, IContextMenuFactory, ActionListener, AbstractTableModel, Runnable): # # Implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # Initialize the global stdout stream global stdout # Keep a reference to our callbacks object self._callbacks = callbacks # Obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Burpsuite Yara Scanner") # Create the log and a lock on which to synchronize when adding log entries self._log = ArrayList() self._lock = Lock() # main split pane splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) # table of log entries logTable = Table(self) scrollPane = JScrollPane(logTable) splitpane.setLeftComponent(scrollPane) # Options panel optionsPanel = JPanel() optionsPanel.setLayout(GridBagLayout()) constraints = GridBagConstraints() yara_exe_label = JLabel("Yara Executable Location:") constraints.fill = GridBagConstraints.HORIZONTAL constraints.gridx = 0 constraints.gridy = 0 optionsPanel.add(yara_exe_label, constraints) self._yara_exe_txtField = JTextField(25) constraints.fill = GridBagConstraints.HORIZONTAL constraints.gridx = 1 constraints.gridy = 0 optionsPanel.add(self._yara_exe_txtField, constraints) yara_rules_label = JLabel("Yara Rules File:") constraints.fill = GridBagConstraints.HORIZONTAL constraints.gridx = 0 constraints.gridy = 1 optionsPanel.add(yara_rules_label, constraints) self._yara_rules_files = Vector() self._yara_rules_files.add("< None >") self._yara_rules_fileList = JList(self._yara_rules_files) constraints.fill = GridBagConstraints.HORIZONTAL constraints.gridx = 1 constraints.gridy = 1 optionsPanel.add(self._yara_rules_fileList, constraints) self._yara_rules_select_files_button = JButton("Select Files") self._yara_rules_select_files_button.addActionListener(self) constraints.fill = GridBagConstraints.HORIZONTAL constraints.gridx = 1 constraints.gridy = 2 optionsPanel.add(self._yara_rules_select_files_button, constraints) self._yara_clear_button = JButton("Clear Yara Results Table") self._yara_clear_button.addActionListener(self) constraints.fill = GridBagConstraints.HORIZONTAL constraints.gridx = 1 constraints.gridy = 3 optionsPanel.add(self._yara_clear_button, constraints) # Tabs with request/response viewers viewerTabs = JTabbedPane() self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) viewerTabs.addTab("Request", self._requestViewer.getComponent()) viewerTabs.addTab("Response", self._responseViewer.getComponent()) splitpane.setRightComponent(viewerTabs) # Tabs for the Yara output and the Options self._mainTabs = JTabbedPane() self._mainTabs.addTab("Yara Output", splitpane) self._mainTabs.addTab("Options", optionsPanel) # customize our UI components callbacks.customizeUiComponent(splitpane) callbacks.customizeUiComponent(logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(viewerTabs) callbacks.customizeUiComponent(self._mainTabs) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # add ourselves as a context menu factory callbacks.registerContextMenuFactory(self) # Custom Menu Item self.menuItem = JMenuItem("Scan with Yara") self.menuItem.addActionListener(self) # obtain our output stream stdout = PrintWriter(callbacks.getStdout(), True) # Print a startup notification stdout.println("Burpsuite Yara scanner initialized.") # # Implement ITab # def getTabCaption(self): return "Yara" def getUiComponent(self): return self._mainTabs # # Implement IContextMenuFactory # def createMenuItems(self, invocation): if invocation.getInvocationContext() == invocation.CONTEXT_TARGET_SITE_MAP_TREE: self.requestResponses = invocation.getSelectedMessages() return [self.menuItem] else: self.requestResponses = None return None # # Implement Action # def actionPerformed(self, actionEvent): global yara_rules global yara_path if actionEvent.getSource() is self.menuItem: yara_path = self._yara_exe_txtField.getText() yara_rules = self._yara_rules_files t = Thread(self) t.start() elif actionEvent.getSource() is self._yara_clear_button: # Delete the LogEntry objects from the log row = self._log.size() self._lock.acquire() self._log.clear() # Update the Table self.fireTableRowsDeleted(0, row) # Clear data regarding any selected LogEntry objects from the request / response viewers self._requestViewer.setMessage([], True) self._responseViewer.setMessage([], False) self._currentlyDisplayedItem = None self._lock.release() elif actionEvent.getSource() is self._yara_rules_select_files_button: fileChooser = JFileChooser() yarFilter = FileNameExtensionFilter("Yara Rules", ["yar"]) fileChooser.addChoosableFileFilter(yarFilter) fileChooser.setFileFilter(yarFilter) fileChooser.setMultiSelectionEnabled(True) fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY) ret = fileChooser.showOpenDialog(None) if ret == JFileChooser.APPROVE_OPTION: self._yara_rules_files.clear() for file in fileChooser.getSelectedFiles(): self._yara_rules_files.add(file.getPath()) self._yara_rules_fileList.setListData(self._yara_rules_files) else: stdout.println("Unknown Event Received.") # # Implement Runnable # def run(self): self.yaraScan() # # Extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 2 def getColumnName(self, columnIndex): if columnIndex == 0: return "Rule Name" if columnIndex == 1: return "URL" return "" def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) if columnIndex == 0: return logEntry._ruleName if columnIndex == 1: return logEntry._url.toString() return "" # # Implement IMessageEditorController # this allows our request/response viewers to obtain details about the messages being displayed # def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): return self._currentlyDisplayedItem.getRequest() def getResponse(self): return self._currentlyDisplayedItem.getResponse() # # Implement the Yara scanning logic # def yaraScan(self): # If stdout has not yet been initialized, punt. if stdout is None: return # If the location of the yara executable and rules files are NULL, punt. if yara_rules is None or yara_path is None or yara_rules.size() == 0 or yara_rules.contains("< None >") or len(yara_path) == 0: JOptionPane.showMessageDialog(None, "Error: Please specify the path to the yara executable and rules file in " "the options tab.") return # If iRequestResponses is None, punt. if self.requestResponses is None: JOptionPane.showMessageDialog(None, "Error: No Request/Responses were selected.") return else: stdout.println("Processing %d item(s)." % len(self.requestResponses)) # Get the OS temp folder os_name = System.getProperty("os.name").lower() temp_folder = None if "linux" in os_name: temp_folder = "/tmp" elif "windows" in os_name: temp_folder = os.environ.get("TEMP") if temp_folder is None: temp_folder = os.environ.get("TMP") if temp_folder is None: stdout.println("Error: Could not determine TEMP folder location.") return # Keep track of the number of matches. matchCount = 0 # Process the site map selected messages for idx, iRequestResponse in enumerate(self.requestResponses): # Process the request request = iRequestResponse.getRequest() if request is not None: if len(request) > 0: try: # Yara does not support scanning from stdin so we will need to create a temp file and scan it req_filename = os.path.join(temp_folder, "req_" + str(idx) + ".tmp") req_file = open(req_filename, "wb") req_file.write(request) req_file.close() for rules in yara_rules: yara_req_output = subprocess.check_output([yara_path, rules, req_filename]) if yara_req_output is not None and len(yara_req_output) > 0: ruleName = (yara_req_output.split())[0] self._lock.acquire() row = self._log.size() # TODO: Don't add duplicate items to the table self._log.add(LogEntry(ruleName, iRequestResponse, self._helpers.analyzeRequest(iRequestResponse).getUrl())) self.fireTableRowsInserted(row, row) self._lock.release() matchCount += 1 except Exception as e: JOptionPane.showMessageDialog(None, "Error running Yara. Please check your configuration and rules.") return finally: # Remove the temp file if req_file is not None: req_file.close() os.remove(req_filename) # Process the response response = iRequestResponse.getResponse() if response is not None: if len(response) > 0: try: # Yara does not support scanning from stdin so we will need to create a temp file and scan it resp_filename = os.path.join(temp_folder, "resp_" + str(idx) + ".tmp") resp_file = open(resp_filename, "wb") resp_file.write(response) resp_file.close() for rules in yara_rules: yara_resp_output = subprocess.check_output([yara_path, rules, resp_filename]) if yara_resp_output is not None and len(yara_resp_output) > 0: ruleName = (yara_resp_output.split())[0] self._lock.acquire() row = self._log.size() # TODO: Don't add duplicate items to the table self._log.add(LogEntry(ruleName, iRequestResponse, self._helpers.analyzeRequest(iRequestResponse).getUrl())) self.fireTableRowsInserted(row, row) self._lock.release() matchCount += 1 except Exception as e: JOptionPane.showMessageDialog(None, "Error running Yara. Please check your configuration and rules.") return finally: # Remove the temp file if resp_file is not None: resp_file.close() os.remove(resp_filename) # Print a completion notification JOptionPane.showMessageDialog(None, "Yara scanning complete. %d rule(s) matched." % matchCount)
def __init__(self, mainControler, parsedAtf): """ 1. Parse text area content 2. Change atfArea mode to model view from parent controller? 3. Process parsed data and serialize in separate JPanel 4. Think about whether the other user options should remain visible or should this just be shown in a separate window? """ #Create view with a reference to its controller to handle events self.view = ModelView(self) #Will also need delegating to parent presenter self.controller = mainControler #Get ATF object parsed from text displated in text area self.atf = parsedAtf #Go through parsed ATF object, serialize and pass elements to view atfText = parsedAtf.text #Add a new tab in the view per object in the text objectID = "&" + atfText.code + " = " + atfText.description self.view.addObject(objectID) #TODO: ATF protocols are not saved in the model yet, but need to be passed here: #self.view.objectTab[objectID].addMetadata(objectID, atfText.project, \ # atfText.language, \ # atfText.protocols) self.view.addMetadata(objectID, atfText.project, \ atfText.language) for item in atfText.children: itemType = "@" + item.objecttype for side in item.children: #TODO Display side type and make panel as convenient to show all sides if not(isinstance(side, Translation)): sideType = side.objecttype #self.view.addText(objectID, itemType, sideType) for line in side.children: #TODO Display label and words and lemmas in dropdown boxes content = Vector() #TODO use polimorfism - see http://stackoverflow.com/questions/5579309/switch-instanceof if (isinstance(line, Line)): label = line.label words = " ".join(line.words) lemmas = ", ".join(line.lemmas) content.clear() content.add(words) content.add(lemmas) #content.add(translations) self.view.addLine(objectID, label, content) if (isinstance(line, Ruling)): label = "$ ruling" if line.type == "single": ruling = "-------------" content.clear() content.add(ruling) self.view.addLine(objectID, label, content) if (isinstance(line, Comment)): label = "# Comment" comment = line.content content.clear() content.add(comment) self.view.addLine(objectID, label, content) #Display model view self.view.display()
def __init__(self, mainControler, parsedAtf): """ 1. Parse text area content 2. Change atfArea mode to model view from parent controller? 3. Process parsed data and serialize in separate JPanel 4. Think about whether the other user options should remain visible or should this just be shown in a separate window? """ # Will also need delegating to parent presenter self.controller = mainControler # Load settings config: self.config = self.controller.config # Create view with a reference to its controller to handle events self.view = ModelView(self) # Get ATF object parsed from text displated in text area self.atf = parsedAtf # Go through parsed ATF object, serialize and pass elements to view atfText = parsedAtf.text # Add a new tab in the view per object in the text objectID = "&" + atfText.code + " = " + atfText.description self.view.addObject(objectID) # TODO: ATF protocols are not saved in the model yet, but need to be # passed here: # self.view.objectTab[objectID].addMetadata(objectID, atfText.project, # atfText.language, # atfText.protocols) self.view.addMetadata(objectID, atfText.project, atfText.language) for item in atfText.children: itemType = "@" + item.objecttype for side in item.children: # TODO Display side type and make panel as convenient to show # all sides if not (isinstance(side, Translation)): sideType = side.objecttype # self.view.addText(objectID, itemType, sideType) for line in side.children: # TODO Display label and words and lemmas in dropdown # boxes content = Vector() # TODO use polimorfism - see # http://stackoverflow.com/questions/5579309/switch-instanceof if (isinstance(line, Line)): label = line.label words = " ".join(line.words) lemmas = ", ".join(line.lemmas) content.clear() content.add(words) content.add(lemmas) # content.add(translations) self.view.addLine(objectID, label, content) if (isinstance(line, Ruling)): label = "$ ruling" if line.type == "single": ruling = "-------------" content.clear() content.add(ruling) self.view.addLine(objectID, label, content) if (isinstance(line, Comment)): label = "# Comment" comment = line.content content.clear() content.add(comment) self.view.addLine(objectID, label, content) # Display model view self.view.display()