class GameSelector(ActionListener): """ generated source for class GameSelector """ theGameList = JComboBox() theRepositoryList = JComboBox() theSelectedRepository = GameRepository() theCachedRepositories = Map() class NamedItem(object): """ generated source for class NamedItem """ theKey = str() theName = str() def __init__(self, theKey, theName): """ generated source for method __init__ """ self.theKey = theKey self.theName = theName def __str__(self): """ generated source for method toString """ return self.theName def __init__(self): """ generated source for method __init__ """ super(GameSelector, self).__init__() self.theGameList = JComboBox() self.theGameList.addActionListener(self) self.theRepositoryList = JComboBox() self.theRepositoryList.addActionListener(self) self.theCachedRepositories = HashMap() self.theRepositoryList.addItem("games.ggp.org/base") self.theRepositoryList.addItem("games.ggp.org/dresden") self.theRepositoryList.addItem("games.ggp.org/stanford") self.theRepositoryList.addItem("Local Game Repository") def actionPerformed(self, e): """ generated source for method actionPerformed """ if e.getSource() == self.theRepositoryList: if self.theCachedRepositories.containsKey(theRepositoryName): self.theSelectedRepository = self.theCachedRepositories.get(theRepositoryName) else: if theRepositoryName == "Local Game Repository": self.theSelectedRepository = LocalGameRepository() else: self.theSelectedRepository = CloudGameRepository(theRepositoryName) self.theCachedRepositories.put(theRepositoryName, self.theSelectedRepository) repopulateGameList() def getSelectedGameRepository(self): """ generated source for method getSelectedGameRepository """ return self.theSelectedRepository def repopulateGameList(self): """ generated source for method repopulateGameList """ theRepository = self.getSelectedGameRepository() theKeyList = ArrayList(theRepository.getGameKeys()) Collections.sort(theKeyList) self.theGameList.removeAllItems() for theKey in theKeyList: if theGame == None: continue if theName == None: theName = theKey if 24 > len(theName): theName = theName.substring(0, 24) + "..." self.theGameList.addItem(self.NamedItem(theKey, theName)) def getRepositoryList(self): """ generated source for method getRepositoryList """ return self.theRepositoryList def getGameList(self): """ generated source for method getGameList """ return self.theGameList def getSelectedGame(self): """ generated source for method getSelectedGame """ try: return self.getSelectedGameRepository().getGame((self.theGameList.getSelectedItem()).theKey) except Exception as e: return None
class BurpExtender(IBurpExtender, ITab, IExtensionStateListener): # Define the global variables for the burp plugin EXTENSION_NAME = "UPnP BHunter" ipv4_selected = True services_dict = {} ip_service_dict = {} STOP_THREAD = False #Some SSDP m-search parameters are based upon "UPnP Device Architecture v2.0" SSDP_MULTICAST_IPv4 = ["239.255.255.250"] SSDP_MULTICAST_IPv6 = ["FF02::C", "FF05::C"] SSDP_MULTICAST_PORT = 1900 ST_ALL = "ssdp:all" ST_ROOTDEV = "upnp:rootdevice" PLACEHOLDER = "FUZZ_HERE" SSDP_TIMEOUT = 2 def registerExtenderCallbacks(self, callbacks): # Get a reference to callbacks object self.callbacks = callbacks # Get the useful extension helpers object self.helpers = callbacks.getHelpers() # Set the extension name self.callbacks.setExtensionName(self.EXTENSION_NAME) self.callbacks.registerExtensionStateListener(self) # Draw plugin user interface self.drawPluginUI() self.callbacks.addSuiteTab(self) # Plugin loading message print("[+] Burp plugin UPnP BHunter loaded successfully") return def drawPluginUI(self): # Create the plugin user interface self.pluginTab = JPanel() self.uiTitle = JLabel('UPnP BHunter Load, Aim and Fire Console') self.uiTitle.setFont(Font('Tahoma', Font.BOLD, 14)) self.uiTitle.setForeground(Color(250, 100, 0)) self.uiPanelA = JSplitPane(JSplitPane.VERTICAL_SPLIT) self.uiPanelA.setMaximumSize(Dimension(2500, 1000)) self.uiPanelA.setDividerSize(2) self.uiPanelB = JSplitPane(JSplitPane.VERTICAL_SPLIT) self.uiPanelB.setDividerSize(2) self.uiPanelA.setBottomComponent(self.uiPanelB) self.uiPanelA.setBorder(BorderFactory.createLineBorder(Color.gray)) # Create and configure labels and text fields self.labeltitle_step1 = JLabel("[1st STEP] Discover UPnP Locations") self.labeltitle_step1.setFont(Font('Tahoma', Font.BOLD, 14)) self.labeltitle_step2 = JLabel( "[2nd STEP] Select a UPnP Service and Action") self.labeltitle_step2.setFont(Font('Tahoma', Font.BOLD, 14)) self.labeltitle_step3 = JLabel("[3rd STEP] Time to Attack it") self.labeltitle_step3.setFont(Font('Tahoma', Font.BOLD, 14)) self.labelsubtitle_step1 = JLabel( "Specify the IP version address in scope and start UPnP discovery") self.labelsubtitle_step2 = JLabel( "Select which of the found UPnP services will be probed") self.labelsubtitle_step3 = JLabel( "Review and modify the request, then send it to one of the attack tools" ) self.label_step1 = JLabel("Target IP") self.label_step2 = JLabel("Found UPnp Services") self.labelstatus = JLabel(" Status") self.labelempty_step1 = JLabel(" ") self.labelempty_step2 = JLabel(" ") self.labelupnp = JLabel("UPnP list") self.labelip = JLabel("IP list") self.labelactions = JLabel("Actions") self.labelNoneServiceFound = JLabel(" ") self.labelNoneServiceFound.setFont(Font('Tahoma', Font.BOLD, 12)) self.labelNoneServiceFound.setForeground(Color.red) # Create combobox for IP version selection self.ip_versions = ["IPv4", "IPv6"] self.combo_ipversion = JComboBox(self.ip_versions) self.combo_ipversion.setSelectedIndex(0) self.combo_ipversion.setEnabled(True) # Create and configure progress bar self.progressbar = JProgressBar(0, 100) self.progressbar.setString("Ready") self.progressbar.setStringPainted(True) # Create and configure buttons self.startbutton = JButton("Start Discovery", actionPerformed=self.startHunting) self.clearbutton = JButton("Clear All", actionPerformed=self.clearAll) self.intruderbutton = JButton("Send to Intruder", actionPerformed=self.sendToIntruder) self.repeaterbutton = JButton("Send to Repeater", actionPerformed=self.sendToRepeater) #self.WANrepeaterbutton = JButton("to Repeater", actionPerformed=self.sendWANUPnPToRepeater) self.textarea_request = JTextArea(18, 90) self.intruderbutton.setEnabled(False) self.repeaterbutton.setEnabled(False) # Class neeeded to handle the target combobox in second step panel class TargetComboboxListener(ActionListener): def __init__(self, upnpcombo_targets, upnpcombo_services, ip_service_dict): self.upnpcombo_targets = upnpcombo_targets self.upnpcombo_services = upnpcombo_services self.ip_service_dict = ip_service_dict def actionPerformed(self, event): try: # Update the location url combobox depending on the IP combobox selected_target = self.upnpcombo_targets.getSelectedItem() if self.ip_service_dict and selected_target: self.upnpcombo_services.removeAllItems() for service_url in self.ip_service_dict[ selected_target]: self.upnpcombo_services.addItem(service_url) self.upnpcombo_services.setSelectedIndex(0) except BaseException as e: print("[!] Exception selecting service: \"%s\" ") % e # Class neeeded to handle the service combobox in second step panel class ServiceComboboxListener(ActionListener): def __init__(self, upnpcombo_services, upnpcombo_actions, services_dict): self.upnpcombo_services = upnpcombo_services self.upnpcombo_actions = upnpcombo_actions self.services = services_dict def actionPerformed(self, event): try: # Update the location url combobox depending on the IP combobox selected_service = self.upnpcombo_services.getSelectedItem( ) if self.services and selected_service: self.upnpcombo_actions.removeAllItems() actions = self.services[selected_service] for action in actions: self.upnpcombo_actions.addItem(action) self.upnpcombo_actions.setSelectedIndex(0) except BaseException as e: print("[!] Exception selecting service: \"%s\" ") % e # Class neeeded to handle the action combobox in second step panel class ActionComboboxListener(ActionListener): def __init__(self, upnpcombo_services, upnpcombo_actions, textarea_request, services_dict): self.upnpcombo_services = upnpcombo_services self.upnpcombo_actions = upnpcombo_actions self.textarea_request = textarea_request self.services = services_dict def actionPerformed(self, event): try: # Update the location url combobox depending on the IP combobox selected_action = self.upnpcombo_actions.getSelectedItem() selected_service = self.upnpcombo_services.getSelectedItem( ) if self.services and selected_action: self.textarea_request.setText( self.services[selected_service][selected_action]) except BaseException as e: print("[!] Exception selecting action: \"%s\" ") % e self.upnpactions = [" "] self.upnpcombo_actions = JComboBox(self.upnpactions) self.upnpcombo_actions.setSelectedIndex(0) self.upnpcombo_actions.setEnabled(False) # Create the combo box, select item at index 0 (first item in list) self.upnpservices = [" "] self.upnpcombo_services = JComboBox(self.upnpservices) self.upnpcombo_services.setSelectedIndex(0) self.upnpcombo_services.setEnabled(False) # Create the combo box, select item at index 0 (first item in list) self.upnptargets = [" "] self.upnpcombo_targets = JComboBox(self.upnptargets) self.upnpcombo_targets.setSelectedIndex(0) self.upnpcombo_targets.setEnabled(False) # Set the action listeners for all the comboboxes self.upnpcombo_targets.addActionListener( TargetComboboxListener(self.upnpcombo_targets, self.upnpcombo_services, self.ip_service_dict)) self.upnpcombo_services.addActionListener( ServiceComboboxListener(self.upnpcombo_services, self.upnpcombo_actions, self.services_dict)) self.upnpcombo_actions.addActionListener( ActionComboboxListener(self.upnpcombo_services, self.upnpcombo_actions, self.textarea_request, self.services_dict)) # Configuring first step panel self.panel_step1 = JPanel() self.panel_step1.setPreferredSize(Dimension(2250, 100)) self.panel_step1.setBorder(EmptyBorder(10, 10, 10, 10)) self.panel_step1.setLayout(BorderLayout(15, 15)) self.titlepanel_step1 = JPanel() self.titlepanel_step1.setLayout(BorderLayout()) self.titlepanel_step1.add(self.labeltitle_step1, BorderLayout.NORTH) self.titlepanel_step1.add(self.labelsubtitle_step1) self.targetpanel_step1 = JPanel() self.targetpanel_step1.add(self.label_step1) self.targetpanel_step1.add(self.combo_ipversion) self.targetpanel_step1.add(self.startbutton) self.targetpanel_step1.add(self.clearbutton) self.targetpanel_step1.add(self.labelstatus) self.targetpanel_step1.add(self.progressbar) self.emptypanel_step1 = JPanel() self.emptypanel_step1.setLayout(BorderLayout()) self.emptypanel_step1.add(self.labelempty_step1, BorderLayout.WEST) # Assembling first step panel components self.panel_step1.add(self.titlepanel_step1, BorderLayout.NORTH) self.panel_step1.add(self.targetpanel_step1, BorderLayout.WEST) self.panel_step1.add(self.emptypanel_step1, BorderLayout.SOUTH) self.uiPanelA.setTopComponent(self.panel_step1) # Configure second step panel self.panel_step2 = JPanel() self.panel_step2.setPreferredSize(Dimension(2250, 100)) self.panel_step2.setBorder(EmptyBorder(10, 10, 10, 10)) self.panel_step2.setLayout(BorderLayout(15, 15)) self.titlepanel_step2 = JPanel() self.titlepanel_step2.setLayout(BorderLayout()) self.titlepanel_step2.add(self.labeltitle_step2, BorderLayout.NORTH) self.titlepanel_step2.add(self.labelsubtitle_step2) self.selectpanel_step2 = JPanel() self.selectpanel_step2.add(self.labelip) self.selectpanel_step2.add(self.upnpcombo_targets) self.selectpanel_step2.add(self.labelupnp) self.selectpanel_step2.add(self.upnpcombo_services) self.selectpanel_step2.add(self.labelactions) self.selectpanel_step2.add(self.upnpcombo_actions) self.emptypanel_step2 = JPanel() self.emptypanel_step2.setLayout(BorderLayout()) self.emptypanel_step2.add(self.labelempty_step2, BorderLayout.WEST) self.emptypanel_step2.add(self.labelNoneServiceFound) # Assembling second step panel components self.panel_step2.add(self.titlepanel_step2, BorderLayout.NORTH) self.panel_step2.add(self.selectpanel_step2, BorderLayout.WEST) self.panel_step2.add(self.emptypanel_step2, BorderLayout.SOUTH) self.uiPanelB.setTopComponent(self.panel_step2) # Configuring third step panel self.panel_step3 = JPanel() self.panel_step3.setPreferredSize(Dimension(2250, 100)) self.panel_step3.setBorder(EmptyBorder(10, 10, 10, 10)) self.panel_step3.setLayout(BorderLayout(15, 15)) self.titlepanel_step3 = JPanel() self.titlepanel_step3.setLayout(BorderLayout()) self.titlepanel_step3.add(self.labeltitle_step3, BorderLayout.NORTH) self.titlepanel_step3.add(self.labelsubtitle_step3) self.underpanel_step3 = JPanel() self.underpanel_step3.setLayout(BorderLayout()) self.underpanel_step3.add((JScrollPane(self.textarea_request)), BorderLayout.NORTH) self.actionpanel_step3 = JPanel() self.actionpanel_step3.add(self.intruderbutton) self.actionpanel_step3.add(self.repeaterbutton) self.extrapanel_step3 = JPanel() self.extrapanel_step3.setLayout(BorderLayout()) self.extrapanel_step3.add(self.actionpanel_step3, BorderLayout.WEST) # Assembling thirdd step panel components self.panel_step3.add(self.titlepanel_step3, BorderLayout.NORTH) self.panel_step3.add(self.underpanel_step3, BorderLayout.WEST) self.panel_step3.add(self.extrapanel_step3, BorderLayout.SOUTH) self.uiPanelB.setBottomComponent(self.panel_step3) # Assembling the group of all panels layout = GroupLayout(self.pluginTab) self.pluginTab.setLayout(layout) layout.setHorizontalGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup( layout.createSequentialGroup().addGap(10, 10, 10).addGroup( layout.createParallelGroup( GroupLayout.Alignment.LEADING).addComponent( self.uiTitle).addGap(15, 15, 15).addComponent( self.uiPanelA)).addContainerGap( 26, Short.MAX_VALUE))) layout.setVerticalGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup( layout.createSequentialGroup().addGap(15, 15, 15).addComponent( self.uiTitle).addGap(15, 15, 15).addComponent( self.uiPanelA).addGap(20, 20, 20).addGap(20, 20, 20))) def extensionUnloaded(self): # Unload the plugin, and if running stop the background thread if self.upnpcombo_services.isEnabled(): if self.th.isAlive(): print("[+] Stopping thread %s") % self.th.getName() self.STOP_THREAD = True self.th.join() else: print("Thread %s already dead") % self.th.getName() print("[+] Burp plugin UPnP BHunter successfully unloaded") return def getTabCaption(self): return self.EXTENSION_NAME def getUiComponent(self): return self.pluginTab def clearAll(self, e=None): # Reset all data of the plugin self.services_dict.clear() self.progressbar.setString("Ready") self.progressbar.setValue(0) self.upnpcombo_targets.removeAllItems() self.upnpcombo_targets.setEnabled(False) self.upnpcombo_services.removeAllItems() self.upnpcombo_services.setEnabled(False) self.upnpcombo_actions.removeAllItems() self.upnpcombo_actions.setEnabled(False) self.intruderbutton.setEnabled(False) self.repeaterbutton.setEnabled(False) self.labelNoneServiceFound.setText(" ") self.textarea_request.setText(" ") print("[+] Clearing all data") return def startHunting(self, e=None): # Starting the UPnP hunt def startHunting_run(): # Initialize the internal parameters every time the start-discovery button is clicked self.services_dict.clear() found_loc = [] discovery_files = [] self.labelNoneServiceFound.setText(" ") self.intruderbutton.setEnabled(False) self.repeaterbutton.setEnabled(False) # Then determine if targerting IPv4 or IPv6 adresses if self.combo_ipversion.getSelectedItem() == "IPv4": self.ipv4_selected = True print("[+] Selected IPv4 address scope") else: self.ipv4_selected = False print("[+] Selected IPv6 address scope") # And here finally the hunt could start self.progressbar.setString("Running...") self.progressbar.setValue(20) found_loc = self.discoverUpnpLocations() self.progressbar.setValue(40) discovery_files = self.downloadXMLfiles(found_loc) self.progressbar.setValue(60) self.buildSOAPs(discovery_files) self.progressbar.setValue(80) self.progressbar.setString("Done") self.progressbar.setValue(100) self.updateComboboxList(self.services_dict) # Update the comboboxes list with the discovered UPnPs if (self.services_dict): self.upnpcombo_targets.setEnabled(True) self.upnpcombo_services.setEnabled(True) self.upnpcombo_actions.setEnabled(True) self.intruderbutton.setEnabled(True) self.repeaterbutton.setEnabled(True) if self.STOP_THREAD: return # Start a background thread to run the above nested function in order to prevent the blocking of plugin UI self.th = threading.Thread(target=startHunting_run) #self.th.daemon = True # This does not seem to be useful self.th.setName("th-BHunter") self.th.start() def ssdpReqBuilder(self, ssdp_timeout, st_type, ssdp_ip, ssdp_port): # Builder of the two ssdp msearch request types msearch_req = "M-SEARCH * HTTP/1.1\r\n" \ "HOST: {0}:{1}\r\n" \ "MAN: \"ssdp:discover\"\r\n" \ "MX: {2}\r\n" \ "ST: {3}\r\n" \ "\r\n" \ .format(ssdp_ip, ssdp_port, ssdp_timeout, st_type) return msearch_req def sendMsearch(self, ssdp_req, ssdp_ip, ssdp_port): # Send the ssdp request and retrieve response buf_resp = set() if self.ipv4_selected: print("[+] Creating IPv4 SSDP multicast request") sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) else: print("[+] Creating IPv6 SSDP multicast request") sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) sock.setblocking(0) # Sending ssdp requests while len(ssdp_req): # Blocking socket client until the request is completely sent try: sent = sock.sendto(ssdp_req.encode("ASCII"), (ssdp_ip, ssdp_port)) ssdp_req = ssdp_req[sent:] except socket.error, exc: if exc.errno != errno.EAGAIN: print("[E] Got error %s with socket when sending") % exc sock.close() raise exc print("[!] Blocking socket until ", len(ssdp_req), " is sent.") select.select([], [sock], []) continue # Retrieving ssdp responses num_resp = 0 while sock: # Blocking socket until there are ssdp responses to be read or timeout is reached readable, __, __ = select.select([sock], [], [], self.SSDP_TIMEOUT) if not readable: # Timeout reached without receiving any ssdp response if num_resp == 0: print( "[!] Got timeout without receiving any ssdp response.") break else: num_resp = num_resp + 1 # Almost an ssdp response was received if readable[0]: try: data = sock.recv(1024) if data: buf_resp.add(data.decode('ASCII')) except socket.error, exc: print("[E] Got error %s with socket when receiving" ) % exc sock.close() raise exc
class BurpExtender(IBurpExtender, IScannerListener, ITab): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self.helpers = callbacks.helpers callbacks.setExtensionName("Orchy-Webhook") self.frame = JPanel() self.frame.setSize(1024, 786) self.frame.setLayout(None) self.plugin_path = os.getcwd() self.db_file_path = os.path.join(os.getcwd(), 'burp_db.json') self.cwe_dict = json.load(open(self.db_file_path, 'r')) self.results = {} self.severity_dict = { 'Low': 1, 'Medium': 2, 'High': 3, 'Information': 0, 'Info': 0, } self.urls = [] self.confidence_dict = {'Certain': 3, 'Firm': 2, 'Tentative': 1} callbacks.registerScannerListener(self) button1 = JButton(ImageIcon( ((ImageIcon(self.plugin_path + "/refresh.jpg")).getImage()).getScaledInstance( 13, 13, SCALE_SMOOTH)), actionPerformed=self.refresh) button1.setBounds(30, 50, 22, 22) lbl0 = JLabel("Orchestron Webhook:") lbl0.setFont(Font("", Font.BOLD, 12)) lbl0.setForeground(Color(0xFF7F50)) lbl0.setBounds(60, 20, 200, 20) lbl1 = JLabel('Host') lbl1.setBounds(60, 50, 100, 20) self.txt1 = JComboBox() self.txt1.setBounds(200, 50, 220, 24) lbl2 = JLabel("Webhook Url") lbl2.setBounds(60, 80, 100, 20) self.txt2 = JTextField('', 300) self.txt2.setBounds(200, 80, 220, 24) lbl3 = JLabel("Authorization Token") lbl3.setBounds(60, 110, 200, 20) self.txt3 = JTextField('', 60) self.txt3.setBounds(200, 110, 220, 24) lbl4 = JLabel("Engagement-ID") lbl4.setBounds(60, 140, 200, 20) self.txt4 = JTextField('', 40) self.txt4.setBounds(200, 140, 220, 24) button2 = JButton('Push Results', actionPerformed=self.push) button2.setBounds(200, 170, 120, 24) self.message = JLabel('') self.message.setBounds(330, 170, 180, 24) self.frame.add(button1) self.frame.add(lbl0) self.frame.add(lbl1) self.frame.add(self.txt1) self.frame.add(lbl2) self.frame.add(self.txt2) self.frame.add(lbl3) self.frame.add(self.txt3) self.frame.add(lbl4) self.frame.add(self.txt4) self.frame.add(button2) self.frame.add(self.message) callbacks.customizeUiComponent(self.frame) callbacks.addSuiteTab(self) def refresh(self, event): self.txt1.removeAllItems() for host in self.results.keys(): self.txt1.addItem(host) self.message.text = '' def newScanIssue(self, issue): callbacks = self._callbacks # print "New Issue Identified:"+issue.getUrl().toString() if callbacks.isInScope(issue.getUrl()) == 1: self.tmp = issue.getUrl() self.scheme = self.tmp.protocol self.port = self.tmp.port self.fqdn = self.tmp.host if self.port == -1: if self.scheme == 'https': self.port = 443 elif self.scheme == 'http': self.port = 80 else: self.scheme = 'http' self.port = 80 self.host = str(self.scheme + '://' + self.fqdn + ':' + str(self.port)) if not self.results: self.results[self.host] = {'scan_dict': {}} for host in self.results.keys(): if host == self.host: if str(issue.getIssueType()) in self.cwe_dict.keys(): name = self.cwe_dict.get(str(issue.getIssueType()), '')[1] cwe_id = self.cwe_dict.get(str(issue.getIssueType()), '')[0] else: name = 'Burp IssueType - {0}'.format( str(issue.getIssueType())) cwe_id = 0 if name in self.results[host]['scan_dict'].keys(): old_evidance = self.results[host]['scan_dict'][ name].get('evidences') for httpmessage in issue.getHttpMessages(): request = (httpmessage.getRequest().tostring() if httpmessage.getRequest() else None) request = b64encode(request.encode('utf-8')) response = (httpmessage.getResponse().tostring() if httpmessage.getResponse() else None) response = b64encode(response.encode('utf-8')) info_dict = { 'url': issue.getUrl().toString(), 'name': issue.getIssueName(), 'request': request, 'response': response } old_evidance.append(info_dict) else: severity = self.severity_dict.get( issue.getSeverity(), '') confidence = self.confidence_dict.get( issue.getConfidence(), '') evidences = [] for httpmessage in issue.getHttpMessages(): request = (httpmessage.getRequest().tostring() if httpmessage.getRequest() else None) request = b64encode(request.encode('utf-8')) response = (httpmessage.getResponse().tostring() if httpmessage.getResponse() else None) response = b64encode(response.encode('utf-8')) info_dict = { 'url': issue.getUrl().toString(), 'name': issue.getIssueName(), 'request': request, 'response': response } evidences.append(info_dict) self.results[host]['scan_dict'][name] = { 'description': issue.getIssueDetail(), 'remediation': '', 'severity': severity, 'cwe': cwe_id, 'evidences': evidences } else: self.results[self.host] = {'scan_dict': {}} if str(issue.getIssueType()) in self.cwe_dict.keys(): name = self.cwe_dict.get(str(issue.getIssueType()), '')[1] cwe_id = self.cwe_dict.get(str(issue.getIssueType()), '')[0] else: name = 'Burp IssueType - {0}'.format( str(issue.getIssueType())) cwe_id = 0 severity = self.severity_dict.get(issue.getSeverity(), '') confidence = self.confidence_dict.get( issue.getConfidence(), '') evidences = [] for httpmessage in issue.getHttpMessages(): request = (httpmessage.getRequest().tostring() if httpmessage.getRequest() else None) request = b64encode(request.encode('utf-8')) response = (httpmessage.getResponse().tostring() if httpmessage.getResponse() else None) response = b64encode(response.encode('utf-8')) info_dict = { 'url': issue.getUrl().toString(), 'name': issue.getIssueName(), 'request': request, 'response': response } evidences.append(info_dict) self.results[host]['scan_dict'][name] = { 'description': issue.getIssueDetail(), 'remediation': '', 'severity': severity, 'cwe': cwe_id, 'evidences': evidences } def push(self, event): if self.txt1.getSelectedItem(): vulns = {} vulns['tool'] = 'Burp' vulns['vulnerabilities'] = [] for k, v in self.results[ self.txt1.getSelectedItem()]['scan_dict'].items(): vulnerability = { 'name': str(k), 'description': v.get('description', ''), 'remediation': '', 'severity': v.get('severity', None), 'cwe': v.get('cwe', 0), 'evidences': v.get('evidences', None) } vulns['vulnerabilities'].append(vulnerability) if self.txt2.text and self.txt3.text: webhook_url = self.txt2.text auth_token = self.txt3.text engagement_id = '' if self.txt4.text: engagement_id = self.txt4.text req_headers = { 'Authorization': 'Token ' + auth_token, 'X-Engagement-ID': engagement_id } req = requests.post(webhook_url, headers=req_headers, json={'vuls': vulns}) if req.status_code == 200: self.message.text = "Result pushed successfully" with open('./orchy_log.txt', 'a') as orchy_log: orchy_log.write(req.content + '\n') orchy_log.close() else: with open('./orchy_log.txt', 'a') as orchy_log: orchy_log.write(req.content + '\n') orchy_log.close() self.message.text = "Failed" def getTabCaption(self): return 'Orchy-Webhook' def getUiComponent(self): return self.frame
class EventsPane(WindowPane, ActionListener, DocumentListener): def __init__(self, window, api): self.api = api self.component = JPanel(BorderLayout()) # Create editor pane scrollpane = JScrollPane() self.script_area = InputPane(window) self.script_area.undo = UndoManager() line_numbers = LineNumbering(self.script_area.component) scrollpane.viewport.view = self.script_area.component scrollpane.rowHeaderView = line_numbers.component self.component.add(scrollpane, BorderLayout.CENTER) # Create Selection pane select_pane = JPanel() self.objects_box = JComboBox([], actionCommand="object") select_pane.add(self.objects_box) self.events_box = JComboBox( ["update", "click"], actionCommand="event" ) self.event_types = [EventType.UPDATE, EventType.CLICK] select_pane.add(self.events_box) self.languages = list(ScriptType.values()) self.language_box = JComboBox( [l.getName() for l in self.languages], actionCommand="language" ) select_pane.add(self.language_box) self.save_btn = JButton("Save") select_pane.add(self.save_btn) self.component.add(select_pane, BorderLayout.PAGE_START) self.events_box.addActionListener(self) self.objects_box.addActionListener(self) self.language_box.addActionListener(self) self.save_btn.addActionListener(self) self.current = None self.update_geos() interface.addEventListener("add", self.event_listener) interface.addEventListener("remove", self.event_listener) interface.addEventListener("rename", self.event_listener) # Listen to script_area changes in order to know when the save # button can be activated self.script_area.doc.addDocumentListener(self) # Hack to be able to change the objects_box self.building_objects_box = False self.active = False def activate(self): self.active = True if self.must_update_geos: self.update_geos() def deactivate(self): self.active = False def indent_selection(self): return self.script_area.indent_selection() def dedent_selection(self): return self.script_area.dedent_selection() def update_geos(self): self.must_update_geos = False try: self.building_objects_box = True self.objects_box.removeAllItems() self.geos = self.api.getAllGeos() for geo in self.geos: tp = API.Geo.getTypeString(geo) label = API.Geo.getLabel(geo) self.objects_box.addItem(tp + " " + label) finally: self.building_objects_box = False if not self.geos: self.current = None self.objects_box.enabled = False self.events_box.enabled = False self.language_box.enabled = False self.script_area.input = "" self.script_area.component.enabled = False else: changed = False if self.current is None: index, event = 0, 1 changed = True else: geo, event = self.current try: index = self.geos.index(geo) except ValueError: index, event = 0, 1 changed = True self.events_box.selectedIndex = event self.objects_box.selectedIndex = index self.events_box.enabled = True self.objects_box.enabled = True self.language_box.enabled = True self.script_area.component.enabled = True if changed: self.update_script_area() self.objects_box.repaint() self.events_box.repaint() def event_listener(self, evt, target): if self.active: self.update_geos() else: self.must_update_geos = True def current_script_changed(self): self.save_btn.enabled = True def set_save_btn(self, state): self.save_btn.enabled = state def save_current_script(self): if self.current is not None: geo, evt = self.current lang = self.language_box.selectedIndex evt, lang = self.event_types[evt], self.languages[lang] script = self.script_area.input self.api.setScript(geo, script, evt, lang) def update_script_area(self): self.save_current_script() geo_index = self.objects_box.selectedIndex if geo_index == -1: self.current = None else: geo = self.geos[geo_index] evt = self.events_box.selectedIndex self.current = geo, evt script = API.Geo.getScript(geo, self.event_types[evt]) if script is None: self.script_area.input = "" else: self.script_area.input = API.getScriptText(script) self.language_box.selectedIndex = API.getScriptType(script).ordinal() self.script_area.reset_undo() later(self.set_save_btn, False) def reset(self): self.current = None self.update_geos() # Implementation of ActionListener def actionPerformed(self, evt): if self.building_objects_box: return if evt.actionCommand == "language": self.save_btn.enabled = True else: self.update_script_area() # Implementation of DocumentListener def changedUpdate(self, evt): self.current_script_changed() def removeUpdate(self, evt): self.current_script_changed() def insertUpdate(self, evt): self.current_script_changed()