def registerExtenderCallbacks(self, callbacks):
self.__logger.debug('registerExtenderCallbacks. START')
try:
#callbacks.registerMenuItem("Dis/Enable burpstrike...", BurpStrikeMenuItem())
#callbacks.registerMenuItem("De/Activate all plugins...", BurpStrikeMenuItem())
# for m in Facade().get_plugins().names():
# callbacks.registerMenuItem("Send to %s" % m, BurpStrikeMenuItem())
self.__logger.info('* setting burp callbacks in facade')
Facade().mCallBacks = callbacks
self.__logger.debug('* initializating controller')
Facade().controller = Controller()
self.__logger.debug('* initializating jobman')
Facade().jman = JobMan()
Facade().jman.start()
self.__logger.debug('* initializating ui')
cw = ConsoleWorker()
cw.start()
except Exception, e:
traceback.print_exc(file=sys.stdout)
Facade().formatExceptionInfo("registerExtenderCallbacks")
def on_enable_plugin(self, name, state):
if name == "All" and state:
Facade().issue_alert("Enabled all plugins")
Facade().get_plugins().enable_all()
elif name == "All" and not state:
Facade().issue_alert("Disabled all plugins")
Facade().get_plugins().disable_all()
def run(self):
try:
Console().cmdloop()
except KeyboardInterrupt:
print "Exiting...."
Facade().exit()
except Exception, e:
Facade().formatExceptionInfo("ConsoleWorker")
def on_enable_tool(self, value):
if value:
Facade().issue_alert("Enabled burpstrike")
else:
Facade().issue_alert("Disabled burpstrike")
Settings().set(Settings.SEC_PLUGIN_INTEGRATION, Settings.ACTIVE,
str(value))
def put_results(self, msg, item):
r = Result()
r.source = self.name()
r.issue = self.issue()
r.detail = item
r.msg = msg
Facade().issue_alert("New issue %s from %s" % (r.issue, r.source))
Facade().get_results().add_result(r)
class BurpRequest(BaseRequest, IRequest):
def __init__(self):
BaseRequest.__init__(self)
self.__mCallBacks = Facade().mCallBacks
def setAuth(self, method, string):
pass
def getAuth(self):
pass
def setProxy(self, prox):
pass
def setConnTimeout(self, time):
pass
def setTotalTimeout(self, time):
pass
def setFollowLocation(self, value):
pass
def parse_response(self, msg):
self.response = Response()
self.response.parseResponse(msg)
def perform(self):
if self.getHost().find(":") > 0:
host, p = self.getHost().split(':')
port = int(p)
else:
host = self.getHost()
port = 80
if self.schema == "http":
useHttps = False
elif self.schema == "https":
useHttps = True
else:
raise Exception("Unknown HTTP schema")
#self.__mCallBacks.sendToRepeater(host,port,useHttps,[ord(x) for x in self.getAll()], "test")
#print "performeando:"
#print self.getAll()
#aa = [ord(x) for x in self.getAll()]
#print "to string...................."
#print aa
#print ''.join([chr(x) for x in aa])
#print "fiinnnto string...................."
msg = self.__mCallBacks.makeHttpRequest(
host, port, useHttps, [ord(x) for x in self.getAll()])
#print "resultado"
#print msg
self.parse_response(msg.tostring())
def run(self):
try:
while 1:
self.__logger.debug('Run. waiting for messages......................................')
# http://bugs.python.org/issue1360
msg = Facade().get_msg_queue().get(True, 365 * 24 * 60 * 60)
self.__processed += 1
excluded_req_tools = Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.EXCLUDED_REQ_TOOLS).split(',')
excluded_resp_tools = Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.EXCLUDED_RESP_TOOLS).split(',')
for name, plugin in Facade().get_plugins().items():
if plugin.enabled is not True:
self.__logger.debug('Run. Plugin %s not enabled.' % name)
continue
# exclusions
if plugin.get_type() == BPlugin.PROCESS_REQUEST and msg.source in excluded_req_tools:
self.__logger.debug('Run. Request in excluded sources. url=%s, type=%d, source=%s, excluded=%s' % (msg.get_url(), msg.mtype, msg.source, excluded_req_tools))
continue
elif plugin.get_type() == BPlugin.PROCESS_RESPONSE and msg.source in excluded_resp_tools:
self.__logger.debug('Run. Response in excluded sources. url=%s, type=%d, source=%s, excluded=%s' % (msg.get_url(), msg.mtype, msg.source, excluded_resp_tools))
continue
elif plugin.get_type() == BPlugin.PROCESS_REQUEST and not msg.mtype == MyHTTPMsg.BURP_TOOL:
self.__logger.debug('Run. Request type %d not processed. url=%s' % (msg.mtype, msg.get_url()))
continue
elif plugin.get_type() == BPlugin.PROCESS_RESPONSE and not (msg.mtype == MyHTTPMsg.BURP_TOOL or msg.mtype == MyHTTPMsg.BSTRIKE):
self.__logger.debug('Run. Response not processed. type=%d, source=%s, excluded=%s' % (msg.mtype, msg.source, excluded_resp_tools))
continue
# current cache only valid for req? => processing all responses!!
elif plugin.get_type() == BPlugin.PROCESS_REQUEST and self.msg_in_cache(msg, name):
self.__logger.debug('Run. Request already processed by %s.' % name)
continue
else:
self.__logger.debug('processing message. plugin: %s ...' % name)
th = Thread(target = plugin.process, kwargs={"msg": msg, "q": self.__walking_threads})
self.__logger.debug('putting task. plugin: %s ...' % name)
self.__walking_threads.put(th)
self.__logger.debug('starting thread. plugin: %s ...' % name)
th.start()
except Exception, e:
Facade().formatExceptionInfo("JobMan")
class BurpRequest(BaseRequest, IRequest):
def __init__(self):
BaseRequest.__init__(self)
self.__mCallBacks = Facade().mCallBacks
def setAuth (self,method,string):
pass
def getAuth (self):
pass
def setProxy (self,prox):
pass
def setConnTimeout (self,time):
pass
def setTotalTimeout (self,time):
pass
def setFollowLocation(self,value):
pass
def parse_response(self, msg):
self.response = Response()
self.response.parseResponse(msg)
def perform(self):
if self.getHost().find(":") > 0:
host, p = self.getHost().split(':')
port = int(p)
else:
host = self.getHost()
port = 80
if self.schema == "http":
useHttps = False
elif self.schema == "https":
useHttps = True
else:
raise Exception("Unknown HTTP schema")
#self.__mCallBacks.sendToRepeater(host,port,useHttps,[ord(x) for x in self.getAll()], "test")
#print "performeando:"
#print self.getAll()
#aa = [ord(x) for x in self.getAll()]
#print "to string...................."
#print aa
#print ''.join([chr(x) for x in aa])
#print "fiinnnto string...................."
msg = self.__mCallBacks.makeHttpRequest(host, port, useHttps, [ord(x) for x in self.getAll()])
#print "resultado"
#print msg
self.parse_response(msg.tostring())
def processHttpMessage(self, toolName, messageIsRequest, messageInfo):
self.__logger.debug('processHttpMessage. START, toolName=%s' % toolName)
try:
# request messages are commonly uncompleted until response arrives (also containing the request)
# even burp complains with java.lang.Exception: java.lang.Exception: request has not yet been issued
if not messageIsRequest:
http_msg = MyHTTPMsg.from_processHttpMessage(toolName, messageIsRequest, messageInfo)
http_msg.mtype = MyHTTPMsg.BURP_TOOL
self.__add_to_queue(http_msg)
else:
self.__logger.debug('processHttpMessage. ignored request msg')
except Exception, e:
Facade().formatExceptionInfo("processHttpMessage")
def __add_to_queue(self, msg):
self.__logger.debug('__add_to_queue. START')
if Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.ACTIVE) != 'True':
self.__logger.debug('__add_to_queue. Url not enqueued, plugins not active')
return
uurl = msg.get_java_url()
if Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.ONLY_SCOPE) == 'True' and not Facade().mCallBacks.isInScope(uurl):
self.__logger.debug('__add_to_queue. Url not enqueued, not in scope: %s.' % uurl)
return
else:
self.__logger.debug('__add_to_queue. url queued: %s.' % uurl)
Facade().get_msg_queue().put(msg)
self.__logger.debug('__add_to_queue. END')
def menuItemClicked(self, menuItemCaption, messageInfo):
self.__logger.debug('menuItemClicked. START, %s' % menuItemCaption)
plname = ""
if menuItemCaption == "Send to gazpacho":
plname = "gazpacho"
elif menuItemCaption.startswith("Send to sqpyfia"):
plname = "sqpyfia-0.9-py2.6"
elif menuItemCaption == "Dis/Enable burpstrike...":
self.tool_state = not self.tool_state
Facade().get_controller().on_enable_tool(self.tool_state)
elif menuItemCaption == "De/Activate all plugins...":
self.plugin_state = not self.plugin_state
Facade().get_controller().on_enable_plugin("All", self.plugin_state)
if plname:
for m in messageInfo:
msg = MyHTTPMsg.from_IHttpRequestResponse(m)
plugin = Facade().get_plugins().get(plname)
plugin.process(msg, None)
self.__logger.debug('menuItemClicked. END.')
def api_issue_alert(msg):
Facade().issue_alert(msg)
def do_issues(self, line):
for i in range(len(Facade().get_results())):
print str(Facade().get_results().get_result(i))
def do_deativate_plugins(self, line):
Facade().get_controller().on_enable_plugin("All", False)
def do_activate_plugins(self, line):
Facade().get_controller().on_enable_plugin("All", True)
def do_enable(self, line):
Facade().get_controller().on_enable_tool(True)
def do_disable(self, line):
Facade().get_controller().on_enable_tool(False)
def __init__(self): BaseRequest.__init__(self) self.__mCallBacks = Facade().mCallBacks
def __watchman(self):
while self.__watch:
time.sleep(10)
print "Queue size: %d" % Facade().get_msg_queue().qsize()
print "Walking threads queue: %d" % self.__walking_threads.qsize()
print "Processed msgs: %d" % self.__processed
def api_deactivate_plugin(plugin_name):
Facade().get_plugins().set_state(plugin_name, False)
def api_process_msg(msg, plugin_name):
plugin = Facade().get_plugins().get(plugin_name)
plugin.process(msg, None)
def run(self):
try:
while 1:
self.__logger.debug(
'Run. waiting for messages......................................'
)
# http://bugs.python.org/issue1360
msg = Facade().get_msg_queue().get(True, 365 * 24 * 60 * 60)
self.__processed += 1
excluded_req_tools = Settings().get(
Settings.SEC_PLUGIN_INTEGRATION,
Settings.EXCLUDED_REQ_TOOLS).split(',')
excluded_resp_tools = Settings().get(
Settings.SEC_PLUGIN_INTEGRATION,
Settings.EXCLUDED_RESP_TOOLS).split(',')
for name, plugin in Facade().get_plugins().items():
if plugin.enabled is not True:
self.__logger.debug('Run. Plugin %s not enabled.' %
name)
continue
# exclusions
if plugin.get_type(
) == BPlugin.PROCESS_REQUEST and msg.source in excluded_req_tools:
self.__logger.debug(
'Run. Request in excluded sources. url=%s, type=%d, source=%s, excluded=%s'
% (msg.get_url(), msg.mtype, msg.source,
excluded_req_tools))
continue
elif plugin.get_type(
) == BPlugin.PROCESS_RESPONSE and msg.source in excluded_resp_tools:
self.__logger.debug(
'Run. Response in excluded sources. url=%s, type=%d, source=%s, excluded=%s'
% (msg.get_url(), msg.mtype, msg.source,
excluded_resp_tools))
continue
elif plugin.get_type(
) == BPlugin.PROCESS_REQUEST and not msg.mtype == MyHTTPMsg.BURP_TOOL:
self.__logger.debug(
'Run. Request type %d not processed. url=%s' %
(msg.mtype, msg.get_url()))
continue
elif plugin.get_type(
) == BPlugin.PROCESS_RESPONSE and not (
msg.mtype == MyHTTPMsg.BURP_TOOL
or msg.mtype == MyHTTPMsg.BSTRIKE):
self.__logger.debug(
'Run. Response not processed. type=%d, source=%s, excluded=%s'
% (msg.mtype, msg.source, excluded_resp_tools))
continue
# current cache only valid for req? => processing all responses!!
elif plugin.get_type(
) == BPlugin.PROCESS_REQUEST and self.msg_in_cache(
msg, name):
self.__logger.debug(
'Run. Request already processed by %s.' % name)
continue
else:
self.__logger.debug(
'processing message. plugin: %s ...' % name)
th = Thread(target=plugin.process,
kwargs={
"msg": msg,
"q": self.__walking_threads
})
self.__logger.debug('putting task. plugin: %s ...' %
name)
self.__walking_threads.put(th)
self.__logger.debug('starting thread. plugin: %s ...' %
name)
th.start()
except Exception, e:
Facade().formatExceptionInfo("JobMan")
def api_process_msg(msg, plugin_name):
plugin = Facade().get_plugins().get(plugin_name)
plugin.process(msg, None)
def api_getProxyHistory():
return [
MyHTTPMsg.from_IHttpRequestResponse(i)
for i in Facade().mCallBacks.getProxyHistory()
]
def api_getSiteMap(urlprefix):
return [
MyHTTPMsg.from_IHttpRequestResponse(i)
for i in Facade().mCallBacks.getSiteMap(urlprefix)
]
def do_plugins(self, line):
for i in Facade().get_plugins().names():
print i
def api_activate_plugin(plugin_name):
Facade().get_plugins().set_state(plugin_name, True)
def __init__(self):
BaseRequest.__init__(self)
self.__mCallBacks = Facade().mCallBacks
def generate_alert(self, msg):
Facade().issue_alert(msg)
def do_flushcache(self, line):
Facade().get_jobman().flush_cache()
def process(self, msg, q):
try:
self._process(msg)
except Exception, e:
Facade().formatExceptionInfo("BPLugin. process")
def do_reload(self, line):
Facade().load_plugins()
