Exemplo n.º 1
0
class BurpExtender(IBurpExtender, IHttpListener, IScannerCheck, IScannerListener, IScanIssue, ITab, IMessageEditorTab):

    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        self._callbacks.setExtensionName("Suggester")
        callbacks.registerHttpListener(self)
        callbacks.registerScannerListener(self)
        callbacks.registerScannerCheck(self)
        callbacks.setProxyInterceptionEnabled(False)

        ############################
        # add the custom tab and button to Burp's UI
        self._newpanel = Panel()
        self._newpanel.setLayout(FlowLayout())
        callbacks.customizeUiComponent(self._newpanel)
        callbacks.addSuiteTab(self)

        return


    ### IScannerCheck ###
    def doPassiveScan(self, baseRequestResponse):
#        print "\n"
        analyzedResponse = self.helpers.analyzeResponse(baseRequestResponse.getResponse()) # Returns IResponseInfo
        analyzedRequest = self.helpers.analyzeRequest(baseRequestResponse)
        urlList = analyzedRequest.getUrl()
        paramList = analyzedRequest.getParameters()
        contenttypeList = analyzedRequest.getContentType()

        issues = []

    #    print "\nURL:"
    #    print urlList

        if self._callbacks.isInScope(urlList):
            for param in paramList:
                vulnparam=param.getName()
                vulncheck(urlList, vulnparam)


    #    print "\nCT:"
    #    print contenttypeList

    #    print "-----------------------------------------------"
        return


    def getTabCaption(self):
      '''Name of our tab'''
      return "Suggester"

    def getUiComponent(self):
      '''return our panel'''
      return self._newpanel
Exemplo n.º 2
0
class GUI(Helpers):
    def gui(self):

        x = 10  # panel padding
        y = 5  # panel padding

        self.panel = Panel()
        self.panel.setLayout(None)
        self.scn_lbl = JLabel("Enable scanning")
        self.scn_lbl.setBounds(x, y, 100, 20)
        self.panel.add(self.scn_lbl)
        self.enable = JCheckBox()
        self.enable.setBounds(x + 120, y, 50, 20)
        self.panel.add(self.enable)

        self.rand_lbl = JLabel("Randomize payloads")
        self.rand_lbl.setBounds(x, y + 15, 100, 20)
        self.panel.add(self.rand_lbl)
        self.randomize = JCheckBox()
        self.randomize.setBounds(x + 120, y + 15, 50, 20)
        self.panel.add(self.randomize)

        self.pyld_lbl = JLabel("Payloads List (Line separated)")
        self.pyld_lbl.setBounds(x, y + 30, 180, 20)
        self.panel.add(self.pyld_lbl)

        self.payloads_list = JTextArea()
        self.pyld_scrl = JScrollPane(self.payloads_list)
        self.pyld_scrl.setBounds(x, y + 50, 600, 200)
        self.panel.add(self.pyld_scrl)

        self.save_btn = JButton("Save", actionPerformed=self.save_settings)
        self.save_btn.setBounds(x, y + 250, 100, 30)
        self.panel.add(self.save_btn)

        # Settings loader from [utils/Helpers/load_settings]
        self.load_settings()
        return self
class BurpExtender(IBurpExtender, ITab, IScannerCheck, IScannerInsertionPoint):

    # definitions
    EXTENSION_NAME="CustomScanner"

    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        
        # obtain an extension helpers object
        self._helpers = callbacks.getHelpers()
       
        # define stdout writer
        self._stdout = PrintWriter(callbacks.getStdout(), True) 
        self._stdout.println(self.EXTENSION_NAME + ' by @luxcupitor')
        self._stdout.println('================================')
        self._stdout.println('')
        self._stdout.println('TIP: Go to "Custom Scanner" tab and click "Execute on Proxy History"')
        self._stdout.println('to run the scanner checks on recently imported session files.')
        self._stdout.println('')
        # set our extension name
        callbacks.setExtensionName(self.EXTENSION_NAME)
        callbacks.registerScannerCheck(self)
        
        # add the custom tab and button to Burp's UI
        self._newpanel = Panel()
        self._newpanel.setLayout(FlowLayout())
        self._button = JButton("Execute on Proxy History", actionPerformed=self.checkProxyHistory)
        self._newpanel.add(self._button)
        callbacks.customizeUiComponent(self._newpanel)
        callbacks.addSuiteTab(self)

        return
    
    def getTabCaption(self):
      '''Name of our tab'''
      return self.EXTENSION_NAME

    def getUiComponent(self):
      '''return our panel and button we setup'''
      return self._newpanel

    def checkProxyHistory(self,msg):
      '''This is what gets executed when the button in our panel is clicked'''
      for proxyitem in self._callbacks.getProxyHistory():
        self.logScanIssue(proxyitem)

      return


    def getMatches(self, response, match):
      '''This finds our pattern match in the request/response and returns an int array'''
      start = 0
      count = 0
      matches = [array('i')]
      while start < len(response):
        start=self._helpers.indexOf(response, match, True, start, len(response))
        if start == -1:
          break
        try:
          matches[count]
        except:
          matches.append(array('i'))
        matches[count].append(start)
        matches[count].append(start+len(match))
        start += len(match)
        count += 1

      return matches


    def doPassiveScan(self, baseRequestResponse):
      '''This sets up our custom check and returns the issue a list array'''
      PATTERN="secretdata"
      ISSUE_NAME="Pattern found in HTTP Response"
      ISSUE_DETAIL="HTTP Response contains this pattern: " + PATTERN
      ISSUE_BACKGROUND="The web site has exposed sensitive information"
      REMEDIATION_BACKGROUND="Sensitive information"
      REMEDIATION_DETAIL="Ensure sensitive information is only shown to authorized users"
      SEVERITY="Information"
      CONFIDENCE="Certain"
      
      issue = list()
      match = self.getMatches(baseRequestResponse.getResponse(), PATTERN)
      if len(match) > 0:
        httpmsgs = [self._callbacks.applyMarkers(baseRequestResponse,None,match)]
        issue.append(ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs, ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, REMEDIATION_DETAIL, ISSUE_BACKGROUND, REMEDIATION_BACKGROUND))
      return issue


    def logScanIssue(self, baseRequestResponse):
      '''This is redundant (mostly) of the doPassiveScan function'''
      PATTERN="BEEFSESSION"
      ISSUE_NAME="Pattern found in Cookie header"
      ISSUE_DETAIL="HTTP Request contains this pattern: " + PATTERN
      ISSUE_BACKGROUND="The web browser might be hooked with BeEF"
      REMEDIATION_BACKGROUND="Potential XSS Zombie"
      REMEDIATION_DETAIL="Ensure this was from you"
      SEVERITY="High"
      CONFIDENCE="Tentative"
      for header in self._helpers.analyzeRequest(baseRequestResponse).getHeaders():
          if "Cookie:" in header and PATTERN in header:
            match = self.getMatches(baseRequestResponse.getRequest(), PATTERN)
            httpmsgs = [self._callbacks.applyMarkers(baseRequestResponse,match,None)]
            issue=ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs, ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, REMEDIATION_DETAIL, ISSUE_BACKGROUND, REMEDIATION_BACKGROUND)
            self._callbacks.addScanIssue(issue)
      return

    def doActiveScan(self, baseRequestResponse, insertionPoint):
      INJECTION="id"
      PATTERN="uid="
      ISSUE_NAME="Command Injection"
      ISSUE_DETAIL="Vulnerable to command injection"
      ISSUE_BACKGROUND="The web site has responded to command injection attempt"
      REMEDIATION_BACKGROUND="Sanitize all inputs"
      REMEDIATION_DETAIL="Assume all client supplied inputs are bad."
      SEVERITY="High"
      CONFIDENCE="Certain"
      issue = list()
      checkRequest = insertionPoint.buildRequest(INJECTION)
      checkRequestResponse = self._callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), checkRequest)
      match = self.getMatches(checkRequestResponse.getResponse(), PATTERN)
      if len(match) > 0:
        requestHighlights = [insertionPoint.getPayloadOffsets(INJECTION)]
        httpmsgs = [self._callbacks.applyMarkers(checkRequestResponse, requestHighlights, match)]
        issue.append(ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs,ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, REMEDIATION_DETAIL, ISSUE_BACKGROUND, REMEDIATION_BACKGROUND))
      
      return issue