def testCSVPipe(self):
		"""testing the CSV pipe"""
		from java.io import PrintWriter, FileWriter
		from com.ziclix.python.sql.pipe import Pipe
		from com.ziclix.python.sql.pipe.db import DBSource
		from com.ziclix.python.sql.pipe.csv import CSVSink

		try:
			src = self.connect()
			fn = tempfile.mktemp(suffix="csv")
			writer = PrintWriter(FileWriter(fn))
			csvSink = CSVSink(writer)

			c = self.cursor()
			try:
				c.execute("insert into zxtesting (id, name, state) values (?, ?, ?)", [(1000, 'this,has,a,comma', 'and a " quote')])
				c.execute("insert into zxtesting (id, name, state) values (?, ?, ?)", [(1001, 'this,has,a,comma and a "', 'and a " quote')])
				# ORACLE has a problem calling stmt.setObject(index, null)
				c.execute("insert into zxtesting (id, name, state) values (?, ?, ?)", [(1010, '"this,has,a,comma"', None)], {2:zxJDBC.VARCHAR})
				self.db.commit()
			finally:
				self.db.rollback()
				c.close()

			dbSource = DBSource(src, c.datahandler.__class__, "zxtesting", None, None, None)

			cnt = Pipe().pipe(dbSource, csvSink) - 1 # ignore the header row

		finally:
			writer.close()
			src.close()
			os.remove(fn)
Пример #2
0
class BurpExtender(IBurpExtender, IScannerListener, IExtensionStateListener):

    # init module settings and variables
    # hoping to make this a GUI option (not sure how yet)


    
    #
    # implement IBurpExtender
    #


    def registerExtenderCallbacks(self, callbacks):
        
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        
        # set our extension name
        callbacks.setExtensionName("Scanner Streamer [c22]")
        
        # obtain our output stream
        self._stdout = PrintWriter(callbacks.getStdout(), True)

        # register ourselves as a Scanner listener
        callbacks.registerScannerListener(self)
        
        # register ourselves as an extension state listener
        callbacks.registerExtensionStateListener(self)
        
        # call initExtension routine
        initExtension()

        return


    #
    # implement IScannerListener
    #

    def newScanIssue(self, issue):
        
        if domainInScope(self, issue):
            # check if finding already displayed for this hostname
            if newFinding(issue):
                outputFinding(self, issue)
            else:
                # already displayed
                if verbose:
                    self._stdout.println("[-] Finding already displayed (%s)" % issue.getIssueName())

        return

    #
    # implement IExtensionStateListener
    #

    def extensionUnloaded(self):

        self._stdout.println("\n[!] Scanner_Streamer.py extension was unloaded")
        return
Пример #3
0
    def register_script(self):
        """
        Registers a pig scripts with its variables substituted.
        raises: IOException If a temp file containing the pig script could not be created.
        raises: ParseException The pig script could not have all its variables substituted.

        todo: Refactor this processes that result in calling this method.  This method gets
        called twice for a single assert as every method that needs the data assumes no one
        else has called it (even methods that call other methods that call it (assertOutput()
        calls get_alias() which both call this method).  
        """
        pigIStream = BufferedReader(StringReader(self.orig_pig_code))
        pigOStream =  StringWriter()

        ps = ParameterSubstitutionPreprocessor(50) # Where does 50 come from?
        ps.genSubstitutedFile(pigIStream, pigOStream, self.args, self.arg_files)

        substitutedPig = pigOStream.toString()
        f = File.createTempFile("tmp", "pigunit")
        pw = PrintWriter(f)
        pw.println(substitutedPig)
        pw.close()

        pigSubstitutedFile = f.getCanonicalPath()
        self._temp_pig_script = pigSubstitutedFile

        self.pig.registerScript(pigSubstitutedFile, self.alias_overrides)        
Пример #4
0
def dm_dump_dot(dmuid,filename):

  dmm = project.getDUM()

  uid = DMUID.parse(dmuid)

  dm = dmm.getDM(uid)

  if dm == None:
    printf('DM %s not found', dmuid)
  else:
    printf('Dumping %s...', dm)

    dot = AST2DOT(dm, project.getZDB())

    dot.blacklistField("fParent")
#    dot.blacklistField("fSource")
#    dot.blacklistField("fStartCol")
#    dot.blacklistField("fStartLine")
    dot.blacklistField("fEndCol")
    dot.blacklistField("fEndLine")
    dot.blacklistField("fDeclarationMap")

    out = PrintWriter(BufferedWriter(FileWriter(filename)));

    dot.convert(out);
    out.close()

    printf("python: wrote dot file to %s", filename)
Пример #5
0
def ig_dump_dot(dmuid,filename):

  igm = project.getIGM()

  uid = DMUID.parse(dmuid)

  module = igm.findModule(Toplevel(uid, None))

  if module == None:
    printf('DM %s not found', dmuid)
  else:
    printf('Dumping %s...', module)

    dot = IG2DOT(module);

    dot.blacklistField("fImportedLibs");
    dot.blacklistField("fImportedPackages");
    dot.blacklistField("fZPrjID");
    dot.blacklistField("fSFDBID");
    dot.blacklistField("fLine");
    dot.blacklistField("fCol");
    dot.blacklistField("fScore");
    dot.blacklistField("fFailed");
    dot.blacklistField("fReject");
    dot.blacklistField("fInertial");
    dot.blacklistField("fDelay");

    out = PrintWriter(BufferedWriter(FileWriter(filename)));

    dot.convert(out);
    out.close()

    printf("python: wrote dot file to %s", filename)
Пример #6
0
def rtl_dump_svg(dmuid,filename):

  rtlmanager = project.getRTLM()

  uid = DMUID.parse(dmuid)

  rtlm = rtlmanager.findModule(Toplevel(uid, None))

  if rtlm == None:
    printf('RTLM %s not found', dmuid)
  else:
    printf('Dumping %s...', rtlm)

    out = PrintWriter(BufferedWriter(FileWriter(filename)))

    gc = VGGCSVG(out)

    contentProvider = RTLVisualGraphContentProvider(rtlm)

    labelProvider = RTLVisualGraphLabelProvider(rtlm)

    selectionProvider = RTLVisualGraphSelectionProvider()

    layout = VGLayout(contentProvider, labelProvider, gc)

    layout.paint(selectionProvider);

    out.close()

    printf("python: wrote svg file to %s", filename)
Пример #7
0
 def createInputFile(self, fs, fileName, input_data):
     if(fs.exists(Path(fileName))):
         raise IOException("File " + fileName + " already exists on the minicluster")
     stream = fs.create(Path(fileName))
     pw = PrintWriter(OutputStreamWriter(stream, "UTF-8"))
     for i in xrange(len(input_data)):
         pw.println(input_data[i])
     pw.close();
Пример #8
0
	def registerExtenderCallbacks(self, callbacks):
		
		callbacks.setExtensionName("Seccasts Tutorial - Jython")
		
		stdout = PrintWriter(callbacks.getStdout(), True)
		
		stdout.println("Hello from Seccasts!")
		
		return
Пример #9
0
 def registerExtenderCallbacks(self, _callbacks):
     global helpers, callbacks, derr, dout
     callbacks = _callbacks
     helpers = callbacks.getHelpers()
     callbacks.setExtensionName("Parametreci v0.1")
     dout = PrintWriter(callbacks.getStdout(), True)
     derr = PrintWriter(callbacks.getStderr(), True)
     dout.println("Parametreci | twitter.com/0x94")
     callbacks.registerScannerCheck(ParametreScn())
     callbacks.registerScannerCheck(Upload())
Пример #10
0
 def registerExtenderCallbacks(self, callbacks):
     self.menuitems = dict()
     self._callbacks = callbacks
     self._helpers = callbacks.getHelpers()
     callbacks.setExtensionName(EXTENSION_NAME)
     callbacks.registerContextMenuFactory(self)
     self._contextMenuData = None
     self._stdout = PrintWriter(callbacks.getStdout(), True)
     self.generate_menu_items()
     return
Пример #11
0
 def registerExtenderCallbacks(self, callbacks):
     self._callbacks = callbacks
     self._helpers = callbacks.getHelpers()
     self._callbacks.setExtensionName(self.NAME) 
     self._callbacks.registerSessionHandlingAction(self)    
     self.stdout = PrintWriter(self._callbacks.getStdout(), True)
     self.stdout.println(self.NAME + "\n")
     self.stdout.println('Registered: {:%Y-%m-%d %H:%M:%S}'.format(datetime.datetime.now()))
     self.stdout.println("-----------------------------------------------------------------\n\n")
     return
Пример #12
0
class BurpExtender(IBurpExtender, IHttpRequestResponse, IHttpService, ITab):

  def registerExtenderCallbacks(self, callbacks):
    self.callbacks = callbacks
    self.helpers = callbacks.getHelpers()
    self.stdout = PrintWriter(callbacks.getStdout(), True)
    self.stderr = PrintWriter(callbacks.getStderr(), True)

    callbacks.setExtensionName('Save URL List')
    self.panel = JPanel()
    self.myLabel = JLabel('Save URL List as a Text File', JLabel.CENTER)
    self.buttonFile = Button('Select File', actionPerformed=self.selectFile)
    self.buttonSaveProxy = Button('Save All Proxy History', actionPerformed=self.saveProxy)
    self.buttonSaveSiteTree = Button('Save All Target SiteTree ', actionPerformed=self.saveSiteTree)
    self.buttonSaveProxyScope = Button('Save In-Scope Proxy History', actionPerformed=self.saveProxyScope)
    self.buttonSaveSiteTreeScope = Button('Save In-Scope Target SiteTree', actionPerformed=self.saveSiteTreeScope)
    self.panel.add(self.myLabel)
    self.panel.add(self.buttonFile)
    self.panel.add(self.buttonSaveProxy)
    self.panel.add(self.buttonSaveSiteTree)
    self.panel.add(self.buttonSaveProxyScope)
    self.panel.add(self.buttonSaveSiteTreeScope)
    callbacks.customizeUiComponent(self.panel)
    callbacks.addSuiteTab(self)

  def getTabCaption(self):
    return 'URL List'

  def getUiComponent(self):
    return self.panel

  def selectFile(self, event):
    chooser = JFileChooser()
    retVal = chooser.showSaveDialog(None)
    self.saveFile = chooser.selectedFile.path

  def saveProxy(self, event):
    self.stdout.println('Writing Entire Proxy History URL List to File: ' + self.saveFile)
    writer = open(self.saveFile, 'w')
    proxyHistory = self.callbacks.getProxyHistory()

    if proxyHistory:
      for item in proxyHistory:
        try:
          request = item.getRequest()
          if request:
            service = item.getHttpService()
            myURL = self.helpers.analyzeRequest(service, request).getUrl().toString()
            writer.write(myURL + '\n')

        except Exception, e:
          self.stderr.println('Error Writing URL.')
          continue

    else:
Пример #13
0
    def registerExtenderCallbacks(self, callbacks):
        self.callbacks = callbacks
        self.helpers = callbacks.helpers

        callbacks.setExtensionName("Burp Scripter Plus")

        stdout = PrintWriter(callbacks.getStdout(), True)
        stdout.println(
            """Successfully loaded Burp Scripter Plus v"""
            + VERSION
            + """\n
Repository @ https://github.com/Acceis/BurpScripterPlus
Send feedback or bug reports on twitter @G4N4P4T1"""
        )

        self.scriptpane = JTextPane()
        self.scriptpane.setFont(
            Font("Monospaced", Font.PLAIN, 12)
        )

        self.scrollpane = JScrollPane()
        self.scrollpane.setViewportView(self.scriptpane)

        self._code = compile("", "<string>", "exec")
        self._script = ""

        script = callbacks.loadExtensionSetting("script")

        if script:
            script = base64.b64decode(script)

            self.scriptpane.document.insertString(
                self.scriptpane.document.length,
                script,
                SimpleAttributeSet(),
            )

            self._script = script
            try:
                self._code = compile(
                    script, "<string>", "exec"
                )
            except Exception as e:
                traceback.print_exc(
                    file=self.callbacks.getStderr()
                )

        callbacks.registerExtensionStateListener(self)
        callbacks.registerHttpListener(self)
        callbacks.customizeUiComponent(
            self.getUiComponent()
        )
        callbacks.addSuiteTab(self)

        self.scriptpane.requestFocus()
Пример #14
0
    def registerExtenderCallbacks(self, callbacks):
        # main entry point for the extension

        # set our extension name
        callbacks.setExtensionName('BlockerLite')

        # register ourselves as extension state listener (IExtensionStateListener)
        callbacks.registerExtensionStateListener(self)

        # register ourselves as proxy listener (IProxyListener)
        callbacks.registerProxyListener(self)

        # keep a reference to our callbacks object
        self._callbacks = callbacks

        # get output streams in auto-flush mode
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)

        # create and populate the blacklist
        self._blacklist = set()
        self._blacklist.add('http://ciscobinary.openh264.org')
        self._blacklist.add('http://detectportal.firefox.com')
        self._blacklist.add('https://location.services.mozilla.com')
        self._blacklist.add(
            'https://activity-stream-icons.services.mozilla.com')
        self._blacklist.add('https://shavar.services.mozilla.com')
        self._blacklist.add('https://versioncheck-bg.addons.mozilla.org')
        self._blacklist.add('https://snippets.cdn.mozilla.net')
        self._blacklist.add('https://getpocket.com')
        self._blacklist.add('https://safebrowsing.googleapis.com')
        self._blacklist.add('https://tiles.services.mozilla.com')
        self._blacklist.add('https://incoming.telemetry.mozilla.org')
        self._blacklist.add('https://services.addons.mozilla.org')
        self._blacklist.add('https://aus5.mozilla.org')
        self._blacklist.add('https://normandy.cdn.mozilla.net')
        self._blacklist.add('https://blocklists.settings.services.mozilla.com')
        self._blacklist.add('https://firefox.settings.services.mozilla.com')
        self._blacklist.add('https://redirector.gvt1.com')
        self._blacklist.add('https://push.services.mozilla.com')
        self._blacklist.add('https://content-signature-2.cdn.mozilla.net')
        self._blacklist.add('https://content-autofill.googleapis.com')
        self._blacklist.add('http://www.gstatic.com')
        self._blacklist.add('https://www.gstatic.com')
        self._blacklist.add('http://update.googleapis.com')
        self._blacklist.add('https://update.googleapis.com')
        self._blacklist.add('https://accounts.google.com')
        self._blacklist.add('https://www.google.com')
        self._blacklist.add('https://translate.googleapis.com')
        self._blacklist.add('https://www.google-analytics.com')

        self._stdout.println('Extension was loaded')
        self._stdout.println('Running under version ' + sys.version)

        return
Пример #15
0
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName(self.EXTENSION_NAME)

        callbacks.issueAlert("AutoRecon is enabled")

        # add the custom tab to Burp's UI
        self.initUI()
        # self._newpanel.setLayout(FlowLayout())
        # callbacks.customizeUiComponent(self._newpanel)
        callbacks.addSuiteTab(self)

        self.callable = [
            # self.sublister,
            # self.shodan_search,
            self.certsh_search,
            # self.anubis,
            # self.googleDig,
            # self.censys,
            # self.certspotter,
            # self.bufferover_run,
            # self.urlscan,
            # self.otx_alienvault,
            # self.threatminer,
            # self.netcraft,
            # self.threatcrowd,
            # self.dnsdumpster,
            # self.virustotal,
            # self.ptrarchive,
        ]
        # self.callable = [self.censys]

        # define stdout writer
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)
        self._stdout.println(self.EXTENSION_NAME + " by @bourne")
        self._stdout.println(
            "================================================")
        self._stdout.println(
            'TIP: Right click on any domain and add it to scope in "autoRecon"'
        )
        self._stdout.println("")
        self.outputTxtArea.setText(
            self.EXTENSION_NAME + " by @bourne" + "\n" +
            "================================================" + "\n" +
            'TIP: Right click on any domain and add it to scope in "autoRecon"\n'
        )

        self.context = None

        callbacks.registerContextMenuFactory(self)

        return
Пример #16
0
    def	registerExtenderCallbacks(self, callbacks):
        
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        self._callbacks.setExtensionName("Json-to-Urlencoded")
        self.echo("[*] @author Abdulla Ismayilov - [email protected]")
        self._callbacks.registerContextMenuFactory(self)
Пример #17
0
class BurpExtender(IBurpExtender, IHttpListener, IProxyListener):
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        self.all_params = dict()
        # obtain our output stream
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        # set our extension name
        callbacks.setExtensionName("Burp Plugin For HTTP Analysis")
        # register ourselves as an HTTP listener
        callbacks.registerHttpListener(self)
        # register ourselves as a Proxy listener
        callbacks.registerProxyListener(self)
        return

    def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
        return

    def processProxyMessage(self, messageIsRequest, message):
        if not messageIsRequest:
            # self._stdout.println("Proxy response from " + message.getMessageInfo().getHttpService().toString())
            # self._stdout.println(message.getMessageInfo().getRequest().tostring())
            self.extractParameter(message.getMessageInfo())
            self.checkReflectedXSS(message.getMessageInfo())
        return

    def extensionUnloaded(self):
        self._stdout.println("Extension was unloaded")
        return

    def checkMutiPart(self, headers):
        for i in headers:
            if (i.lower()[:12] == "content-type"):
                if (i.lower()[12:].find("multipart/form-data") > 0):
                    return True, i
                else:
                    return False, None
                break
        return False, None

    def parseMutiPart(self, request_headers, content_type_line):
        body = request_headers.split("\r\n\r\n")[1:]
        body = ("\r\n\r\n".join(body))
        parsed = cgi.FieldStorage(IO(body),
                                  headers={content_type_line},
                                  environ={'REQUEST_METHOD': 'POST'})
        # Stuck here, wait
    def checkJsonString(self, check_str):
        try:
            json_object = json.loads(check_str)
        except ValueError, e:
            return False  # invalid json
        else:
Пример #18
0
    def registerExtenderCallbacks(self, callbacks):

        self._callbacks = callbacks

        callbacks.setExtensionName("my http listener")

        self._stdout = PrintWriter(callbacks.getStdout(), True)

        callbacks.registerHttpListener(self)

        self._helpers = callbacks.getHelpers()
Пример #19
0
    def registerExtenderCallbacks(self, callbacks):
        self.callbacks = callbacks
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)
        self.helpers = callbacks.getHelpers()

        callbacks.setExtensionName("Intruder WCF")
        callbacks.registerHttpListener(WCFIntruderListener(self))
        callbacks.registerContextMenuFactory(WCFIntruderCtxMenu(self))

        return
    def	registerExtenderCallbacks(self, callbacks):
        # set our extension name
        callbacks.setExtensionName("G2 Determine Session Cookie")
        callbacks.registerContextMenuFactory(DetermineCookieMenuItem(callbacks))

        # obtain our output and error streams
        stdout = PrintWriter(callbacks.getStdout(), True)
        stderr = PrintWriter(callbacks.getStderr(), True)
        
        # write a message to our output stream
        stdout.println("G2 Determine Session Cookie - Successful Initialization")
Пример #21
0
class BurpExtender(IBurpExtender, IHttpListener):
    def registerExtenderCallbacks(self, callbacks):

        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("Cookie Via XSS")
        callbacks.registerHttpListener(self)
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)
        callbacks.issueAlert("Loaded Successfull.")

    def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
        if messageIsRequest:

            requestInfo = self._helpers.analyzeRequest(currentRequest)

            self.headers = list(requestInfo.getHeaders())
            # self.setHeader('Cookie',"Cookie_HelloMe")
            cookie_text = ""
            hook_host = requestInfo.getUrl().getHost()

            if os.path.exists(file_path):
                with open(file_path, 'r') as rf:
                    cooki_domain = rf.readline().replace("\n","").split("=")[1]

                    if str(cooki_domain) in str(hook_host):
                        for line in rf.readlines():
                            cookie_text += line.replace("\n","")
            else:
                pass

            if len(cookie_text) > 10:
                self.stdout.println("[+]-------Hack Inject Cookie-------[+]")

                self.stdout.println(cookie_text)
                self.setHeader('Cookie',cookie_text)

            bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
            self.body = self._helpers.bytesToString(bodyBytes)

            newMessage = self._helpers.buildHttpMessage(self.headers, self.body)
            currentRequest.setRequest(newMessage)

        # Process responses
        else:
            pass

    def setHeader(self, header, value):
        new_headers = []
        for h in self.headers:
         if header in h:
          h = header + ': ' + value
         new_headers.append(h)
        self.headers = new_headers
    def registerExtenderCallbacks(self, callbacks):
        self.callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        callbacks.setExtensionName("DetectSRI")

        callbacks.issueAlert("DetectSRI Passive Scanner check enabled")

        stdout = PrintWriter(callbacks.getStdout(), True)
        stderr = PrintWriter(callbacks.getStderr(), True)

        callbacks.registerScannerCheck(self)
Пример #23
0
    def makeRequest(self,host,port,protoChoice,request):
        stdout = PrintWriter(self._callbacks.getStdout(), True)
        try:
            self.resp = self._callbacks.makeHttpRequest(
                host,
                port,
                protoChoice,
                request
            )

        except Exception as ex:
            stdout.println(ex)
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()

        # Register methods for error reporting
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        self.stdout.println("Module loaded successfully!")
        callbacks.setExtensionName('Add Luhn check digit')
        callbacks.registerIntruderPayloadProcessor(self)
        return
Пример #25
0
    def fuzzParams(self, host, port, protoChoice, headers, body, method,
                   urlpath, content_type, baseline):
        stdout = PrintWriter(self.callbacks.getStdout(), True)
        stdout.println("[!] FUZZING " + str(len(body)) + " PARAMETERS")
        issueList.clear()
        payloadSet = {
            "5": '     00',
            "10": '          00',
            "15": '               00',
            "20": '                    00',
            "30": '                              00',
            "40": '                                        00'
        }
        #Let's loop through each parameter
        for param in body:
            stdout.println("    [-] FUZZING: " + str(param))
            fuzzParameter = str(param)
            for payLSD in payloadSet:
                stdout.println("    [-] PAYLOAD: " + payLSD)
                payload = payloadSet[payLSD]
                bodd = body
                bodd[fuzzParameter] = bodd[fuzzParameter] + payload
                if "json" not in content_type.lower():
                    new_body = ""
                    new_body += '&'.join("%s=%s" % (key, str(val))
                                         for (key, val) in bodd.iteritems())
                    #print("    " + new_body)
                if method == "GET":
                    url1 = urlpath.split("?")[0]
                    url2 = "?" + str(new_body)
                    headers[0] = "GET " + str(url1) + str(url2) + " HTTP/1.1"
                    self.getRequest(headers, [host, port, protoChoice])
                else:
                    self.postRequest(headers, new_body,
                                     [host, port, protoChoice])
                #Here we take the lengh and status code of the body returned as a baseline
                reqFuzzResponse = self.helpers.analyzeResponse(self.resp)
                reqFuzzReq = self.helpers.analyzeRequest(self.resp)
                reqFuzzRespTxt = self.resp.tostring()
                respFuzzStatusCode = reqFuzzResponse.getStatusCode()
                resFuzzbodyOffset = reqFuzzResponse.getBodyOffset()
                respFuzzbodyLen = len(reqFuzzRespTxt[resFuzzbodyOffset:])
                fuzzResponseData = str(respFuzzStatusCode) + str(
                    respFuzzbodyLen)
                print("    " + fuzzResponseData)
                if fuzzResponseData != baseline:
                    stdout.println("    [+] POSSIBLE INJECTION DETECTED")
                    issue = ScanIssue(self.reqres[0], reqFuzzReq,
                                      "SQL Truncation Scanner",
                                      fuzzParameter + " | " + payLSD, "High")
                    self.callbacks.addScanIssue(issue)

        return
Пример #26
0
    def registerExtenderCallbacks(self, callbacks):
        # set our extension name
        callbacks.setExtensionName("JS Link Finder")

        # obtain our output stream
        self.stdout = PrintWriter(callbacks.getStdout(), True)

        # obtain an extension helpers object
        self.helpers = callbacks.getHelpers()

        # register ourselves as an HTTP listener
        callbacks.registerHttpListener(self)
Пример #27
0
    def registerExtenderCallbacks(self, callbacks):
        # set our extension name
        self.callbacks = callbacks
        self.callbacks.setExtensionName("OgaSazSave")

        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        saveSazhandler = RightClickHandler(self.callbacks)
        callbacks.registerContextMenuFactory(saveSazhandler)

        self.stdout.println("OgaSazSave v0.9.2 Load OK!!")
Пример #28
0
    def registerExtenderCallbacks(self, callbacks):

        self.callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)
        callbacks.setExtensionName('CSRF Handling (' + self.SETUP_NAME + ')')
        callbacks.registerHttpListener(self)
        self.CSRF_Values = dict()
        for i in self.CSRF_Tokens.keys():
            self.CSRF_Values[i] = None
        if self.DEBUG:
            self.stdout.println('[*] Debug enabled')
class Connection(object):
    def __init__(self, addr, port):
        self.socket = Socket(addr, port)
        self.in = BufferedReader(InputStreamReader(self.socket.getInputStream()))
        self.out = PrintWriter(self.socket.getOutputStream(), True)

    def sendMessage(self, msg):
        self.out.println(str(msg))
        response = self.in.readLine()
        if response is None: # abort abort abort
            exit(1)
        decoded = Message.decode(response)
        return decoded.msgData # empty string or hash
    def registerExtenderCallbacks(self, callbacks):
        # set our extension name
        callbacks.setExtensionName("G2 Determine Session Cookie")
        callbacks.registerContextMenuFactory(
            DetermineCookieMenuItem(callbacks))

        # obtain our output and error streams
        stdout = PrintWriter(callbacks.getStdout(), True)
        stderr = PrintWriter(callbacks.getStderr(), True)

        # write a message to our output stream
        stdout.println(
            "G2 Determine Session Cookie - Successful Initialization")
Пример #31
0
    def registerExtenderCallbacks(self, callbacks):

        # properties
        self._title = "Generate Python Template"
        self._templatePath = '###### ----> PUT HERE THE ABSOLUTE PATH TO template.py <--- ####'

        # set our extension name
        callbacks.setExtensionName(self._title)

        # keep a reference to our callbacks object
        self._callbacks = callbacks

        # obtain an extension helpers object
        self._helpers = callbacks.getHelpers()

        # obtain std streams
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)

        # main pane (top/bottom)
        self._mainpane = JPanel()
        self._mainpane.setLayout(GridLayout(2, 1))

        # configure bottom pane for buttons
        self._botPane = JPanel()
        flowLayout = FlowLayout()
        self._botPane.setLayout(flowLayout)
        self._botPane.add(
            JButton("Generate", actionPerformed=self.regeneratePy))
        self._botPane.add(JButton("Export", actionPerformed=self.exportPy))

        # Configure pyViewer (JTextArea) for python output --> top pane
        self._pyViewer = JTextArea(5, 20)
        scrollPane = JScrollPane(self._pyViewer)
        self._pyViewer.setEditable(True)
        self._pyViewer.setText("Waiting request ...")

        ### Assign top / bottom components
        self._mainpane.add(scrollPane)
        self._mainpane.add(self._botPane)

        # customize our UI components
        callbacks.customizeUiComponent(self._mainpane)

        # add the custom tab to Burp's UI
        callbacks.addSuiteTab(self)

        # register ourselves as a ContextMenuFactory
        callbacks.registerContextMenuFactory(self)

        return
Пример #32
0
 def registerExtenderCallbacks(self, callbacks):
     # keep a reference to our callbacks object
     self._callbacks = callbacks
     self._helpers = callbacks.getHelpers()
     self.all_params = dict()
     # obtain our output stream
     self._stdout = PrintWriter(callbacks.getStdout(), True)
     # set our extension name
     callbacks.setExtensionName("Burp Plugin For HTTP Analysis")
     # register ourselves as an HTTP listener
     callbacks.registerHttpListener(self)
     # register ourselves as a Proxy listener
     callbacks.registerProxyListener(self)
     return
Пример #33
0
class BurpExtender(IBurpExtender, IIntruderPayloadProcessor):
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()

        # Register methods for error reporting
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        self.stdout.println("Module loaded successfully!")
        callbacks.setExtensionName('Simple Burp Intruder Payload Processor')
        callbacks.registerIntruderPayloadProcessor(self)
        return

        def getProcessorName():
            return "Capitalize Payload Process"

        def processPayload(currentPayload, originalPayload, baseValue):
            try:
                # Data will be outputted to Burp UI by default
                self.stdout.println("currentPayload: %s" % currentPayload)
                newPayload = capitalize(currentPayload)
                self.stdout.println("newPayload: %s" % newPayload)
            except:
                print "Unexpected error:", sys.exc_info()[0]

            return newPayload

        def capitalize(data):
            # A simple function that will capitalize strings
            self.stdout.println("data: %s" % data)
            return data.upper()
Пример #34
0
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks

        # obtain an extension helpers object
        self._helpers = callbacks.getHelpers()

        # set our extension name
        callbacks.setExtensionName("403 Directory Bypasser")
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        # register ourselves as a custom scanner check
        callbacks.registerScannerCheck(self)
Пример #35
0
    def performAction(self, currentRequest, macroItems):
        #Update the secret key for HMAC
        Secret = "THIS-IS-A-SeCRet"

        stdout = PrintWriter(self._callbacks.getStdout(), True)
        requestInfo = self._helpers.analyzeRequest(currentRequest)

        #Get Response
        #responseByte = currentRequest.getResponse()
        #responseInfo = self._helpers.analyzeRespons(macroItems[0].getResponse())
        #macro_msg = macroItems[0].getResponse()
        #resp_body = macro_msg[responseInfo.getBodyOffset():]
        #macro_body_string = self._helpers.bytesToString(resp_body)

        #Get body response
        #ResponseBodyBytes = responseByte[responseInfo.getBodyOffset():]
        #ResponseBodyStr = self._helpers.bytesToString(ResponseBodyBytes)

        #ResponseHeaders = responseInfo.getHeaders()

        #Get URL path (the bit after the FQDN)
        urlpath = self._helpers.analyzeRequest(
            currentRequest).getUrl().getPath()
        urlpath = self._helpers.urlEncode(urlpath)

        #Get body
        BodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
        BodyStr = self._helpers.bytesToString(BodyBytes)

        #Get time
        timestamp = datetime.now()
        timestamp = timestamp.isoformat()

        #Compute HMAC
        content = urlpath + BodyStr + timestamp
        stdout.println(content)
        #_hmac = base64.b64encode(hmac.new(Secret, content, digestmod=hashlib.sha256).hexdigest())
        #stdout.println(_hmac)

        #Add to headers array
        headers = requestInfo.getHeaders()
        #hmacheader = "Authentication Bearer: "+_hmac+":"+timestamp
        #headers.add(hmacheader)

        # Build new HTTP message with the new HMAC header
        message = self._helpers.buildHttpMessage(headers, BodyStr)

        # Update request with the new header and send it on its way
        currentRequest.setRequest(message)
        return
Пример #36
0
    def registerExtenderCallbacks(self, callbacks):
        self._actionName = "PoC generator"
        self._helers = callbacks.getHelpers()
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("PoC generator")
        callbacks.registerContextMenuFactory(self)

        # obtain our output and error streams
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)

        # write a message to the Burp alerts tab
        callbacks.issueAlert("Installed PoC generator")
Пример #37
0
def write_ordered_variables(program_name,
                            variable_map,
                            file_path,
                            append=False):
    """
    Write variables to file while preserving order of the variables.
    :param program_name: name of the calling program
    :param variable_map: map or variable properties to write to file
    :param file_path: the file to which to write the properties
    :param append: defaults to False. Append properties to the end of file
    :raises VariableException if an error occurs while storing the variables in the file
    """
    _method_name = 'write_ordered_variables'
    _logger.entering(program_name,
                     file_path,
                     append,
                     class_name=_class_name,
                     method_name=_method_name)
    pw = None
    try:
        pw = PrintWriter(FileOutputStream(File(file_path), Boolean(append)),
                         Boolean('true'))
        for key, value in variable_map.iteritems():
            formatted = '%s=%s' % (key, value)
            pw.println(formatted)
        pw.close()
    except IOException, ioe:
        _logger.fine('WLSDPLY-20007', file_path, ioe.getLocalizedMessage())
        ex = exception_helper.create_variable_exception(
            'WLSDPLY-20007', file_path, ioe.getLocalizedMessage(), error=ioe)
        _logger.throwing(ex, class_name=_class_name, method_name=_method_name)
        if pw is not None:
            pw.close()
        raise ex
class BurpExtender(IBurpExtender, IIntruderPayloadProcessor):
  def registerExtenderCallbacks(self, callbacks):
    self._callbacks = callbacks
    self._helpers = callbacks.getHelpers()

    # Register methods for error reporting
    self.stdout = PrintWriter(callbacks.getStdout(), True)
    self.stderr = PrintWriter(callbacks.getStderr(), True)

    self.stdout.println("Module loaded successfully!")
    callbacks.setExtensionName('Simple Burp Intruder Payload Processor')
    callbacks.registerIntruderPayloadProcessor(self)
    return

    def getProcessorName():
        return "Capitalize Payload Process"

    def processPayload(currentPayload, originalPayload, baseValue):
        try:
            # Data will be outputted to Burp UI by default
            self.stdout.println("currentPayload: %s" % currentPayload)
            newPayload = capitalize(currentPayload)
            self.stdout.println("newPayload: %s" % newPayload)
        except:
            print "Unexpected error:", sys.exc_info()[0]

        return newPayload

    def capitalize(data):
        # A simple function that will capitalize strings
        self.stdout.println("data: %s" % data)
        return data.upper()
Пример #39
0
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks

        self._helpers = callbacks.getHelpers()

        # set our extension name
        callbacks.setExtensionName("sql time delay check")

        # obtain our output stream
        self._stdout = PrintWriter(callbacks.getStdout(), True)

        # register ourselves as a Proxy listener
        callbacks.registerProxyListener(self)
Пример #40
0
 def registerExtenderCallbacks(self, callbacks):
     try:
         self._callbacks = callbacks
         self._helpers = callbacks.getHelpers()
         self._callbacks.setExtensionName(self.extension_name)
         self._stdout = PrintWriter(self._callbacks.getStdout(), True)
         self._stderr = PrintWriter(self._callbacks.getStderr(), True)
         callbacks.registerScannerCheck(self)
         self._stdout.println("Extension Successfully Installed")
         return
     except Exception as e:
         self._stderr.println("Installation Problem ?")
         self._stderr.println(str(e))
         return
Пример #41
0
	def registerExtenderCallbacks(self, callbacks):
		self._callbacks = callbacks
		self._helpers = callbacks.getHelpers()
		self._stdout = PrintWriter(callbacks.getStdout(), True)

		callbacks.setExtensionName("Argument Injection Hammer")	
		self._create_brute_payloads()

		self._stdout.println('==================================')	
		self._stdout.println("        ,")
		self._stdout.println("       /(  ___________")
		self._stdout.println("      |  >:===========`")
		self._stdout.println("       )(")
		self._stdout.println('== AIH "" Hammer Smash Party =====')
		self._stdout.println('== Neil Bergman - NCC Group  =====')
		self._stdout.println('==================================')

		self._checkbox_brute = self._define_check_box("Brute-force Short Argument Flags", False)
		self._button_save = JButton("Save Configuration", actionPerformed=self._save_config)

		self.tab = JPanel()
		layout = GroupLayout(self.tab)
		self.tab.setLayout(layout)
		layout.setAutoCreateGaps(True)
		layout.setAutoCreateContainerGaps(True)
		layout.setHorizontalGroup(
			layout.createSequentialGroup().addGroup(
				layout.createParallelGroup()
				.addComponent(self._checkbox_brute)
				
			).addGroup(
				layout.createParallelGroup()
				.addComponent(self._button_save)
			)
		)
		layout.setVerticalGroup(
			layout.createSequentialGroup().addGroup(
				layout.createParallelGroup()
				.addComponent(self._checkbox_brute)
			).addGroup(
				layout.createParallelGroup()
				.addComponent(self._button_save)
			)
		)
		callbacks.addSuiteTab(self)
		self._restore_config()

		callbacks.registerScannerCheck(self)
		return
Пример #42
0
    def registerExtenderCallbacks(self, callbacks):

        global burp_callbacks
        burp_callbacks = callbacks
        global burp_helpers
        burp_helpers = burp_callbacks.getHelpers()
        burp_callbacks.setExtensionName("BugBountyPlugin")

        self.stdout = PrintWriter(burp_callbacks.getStdout(), True)

        self.println("SQL/XSS custom plugin (c) @httpsonly")

        burp_callbacks.registerScannerCheck(self)
        burp_callbacks.registerProxyListener(self)
        return
Пример #43
0
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        
        # obtain an extension helpers object
        self._helpers = callbacks.getHelpers()
       
        # define stdout writer
        self._stdout = PrintWriter(callbacks.getStdout(), True) 
        self._stdout.println(self.EXTENSION_NAME + ' by @luxcupitor')
        self._stdout.println('================================')
        self._stdout.println('')
        self._stdout.println('TIP: Go to "Custom Scanner" tab and click "Execute on Proxy History"')
        self._stdout.println('to run the scanner checks on recently imported session files.')
        self._stdout.println('')
        # set our extension name
        callbacks.setExtensionName(self.EXTENSION_NAME)
        callbacks.registerScannerCheck(self)
        
        # add the custom tab and button to Burp's UI
        self._newpanel = Panel()
        self._newpanel.setLayout(FlowLayout())
        self._button = JButton("Execute on Proxy History", actionPerformed=self.checkProxyHistory)
        self._newpanel.add(self._button)
        callbacks.customizeUiComponent(self._newpanel)
        callbacks.addSuiteTab(self)

        return
    def	registerExtenderCallbacks(self, callbacks):
        
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        
        # set our extension name
        callbacks.setExtensionName("WicketRequestHandler")

        callbacks.registerSessionHandlingAction(self)
        
        # obtain our output stream
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)

        self._helper = callbacks.getHelpers()

        return
 def registerExtenderCallbacks(self, callbacks):
     self.menuitems = dict()
     self._callbacks = callbacks
     self._helpers = callbacks.getHelpers()
     callbacks.setExtensionName(EXTENSION_NAME)
     callbacks.registerContextMenuFactory(self)
     self._contextMenuData = None
     self._stdout = PrintWriter(callbacks.getStdout(), True)
     self.generate_menu_items()
     return
Пример #46
0
	def registerExtenderCallbacks(self, callbacks):
		# Keep a reference to our callbacks object
		self.callbacks = callbacks

		# Obtain an extension helpers object
		self.helpers = callbacks.getHelpers()

		# Exclude Requests
		self.excludext = re.compile('\.(gif|jpg|jpeg|bmp|js|tif|tiff|docx|doc|pdf|png|jif|jfif|svg|swf|ico|css)\s')
		
		# Writing streams
		self.stdout = PrintWriter(callbacks.getStdout(), True)
		self.stderr = PrintWriter(callbacks.getStderr(), True)
		
		# Set our extension name
		callbacks.setExtensionName("logme")

		# Main panel
		self.panel = JPanel()
		#self.panel = JPanel(GridLayout(1,3))

		# Create Labels
		self.labelProxy = JLabel("Proxy", JLabel.CENTER)
		self.labelScanner = JLabel("Scanner", JLabel.CENTER)

		# Create buttons
		self.buttonFile = Button("File", actionPerformed=self.selectFile)
		self.buttonSave = Button("Save", actionPerformed=self.save)

		# Add labels and buttons to pane.
		# Order matters for GridLayout
		self.panel.add(self.labelProxy)
		self.panel.add(self.buttonFile)
		self.panel.add(self.buttonSave)
		#self.panel.add(self.labelScanner)
		

		# Add panel to Burps UI
		callbacks.customizeUiComponent(self.panel)
		
		# Add tab to Burp
		callbacks.addSuiteTab(self)
Пример #47
0
def _parse_and_rewrite_svg_file(svg_input_path, svg_output_path):
    write_str = ""
    file_reader = FileReader(svg_input_path)
    buffered_reader = BufferedReader(file_reader)
    read_line = ""

    check = False
    while True:
        read_line = buffered_reader.readLine()

        if read_line is None:
            break
        if "viewBox" in read_line:
            view_box_content = _get_viewbox_content(read_line)
            view_box_values = _get_viewbox_values(view_box_content)
            if view_box_values[0] != 0:
                view_box_values[2] = abs(view_box_values[2]) + abs(view_box_values[0])
                view_box_values[0] = 0
            if view_box_values[1] != 0:
                view_box_values[3] = abs(view_box_values[3]) + abs(view_box_values[1])
                view_box_values[1] = 0

            read_line = re.sub(r"viewBox=\"[\-|0-9| ]+\"", "", read_line, 1)
            read_line = re.sub(r"width=\"[0-9]+\"", "width=\""+ str(view_box_values[2]) + "\"",
                               read_line, 1)
            read_line = re.sub(r"height=\"[0-9]+\"", "height=\""+ str(view_box_values[3]) + "\"",
                               read_line, 1)
            check = True

        if "g id=\"ID" in read_line and not check:
            if "transform=" in read_line:
                _log.info(read_line)
                read_line = read_line[0:read_line.find("transform")] + ">"
                check = True
        write_str += read_line + "\n"

    buffered_reader.close()
    file_reader.close()
    file_writer = PrintWriter(svg_output_path)
    file_writer.print(write_str)
    file_writer.close()
Пример #48
0
	def _testXMLPipe(self):
		"""testing the XML pipe"""
		from java.io import PrintWriter, FileWriter
		from com.ziclix.python.sql.pipe import Pipe
		from com.ziclix.python.sql.pipe.db import DBSource
		from com.ziclix.python.sql.pipe.xml import XMLSink

		try:
			src = self.connect()
			fn = tempfile.mktemp(suffix="csv")
			writer = PrintWriter(FileWriter(fn))
			xmlSink = XMLSink(writer)

			dbSource = DBSource(src, self.datahandler, "zxtesting", None, None, None)

			cnt = Pipe().pipe(dbSource, xmlSink) - 1 # ignore the header row

		finally:
			writer.close()
			src.close()
			os.remove(fn)
class BurpExtender(IBurpExtender, IIntruderPayloadProcessor):
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        

        # Register methods for error reporting
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        self.stdout.println("Module loaded successfully!")
        callbacks.setExtensionName('Add Luhn check digit')
        callbacks.registerIntruderPayloadProcessor(self)
        return

    def getProcessorName(self):
        return "Add Luhn check digit to the number"

    def processPayload(self,currentPayload, originalPayload, baseValue):
        payload = self._helpers.bytesToString(currentPayload)
        if not payload.isdigit():
            print "You need to pass a digit"
            return currentPayload
        try:
            # Data will be outputted to Burp UI by default
            self.stdout.println("currentPayload: %s" % payload)
            payload = addluhn(payload)
            self.stdout.println("newPayload: %s" % payload)
        except:
            print "Unexpected error:", sys.exc_info()[0]
        newPayload = self._helpers.stringToBytes(payload)
        return newPayload
Пример #50
0
def _parse_and_rewrite_svg_file(svg_input_path, svg_output_path):
    write_str = ""
    file_reader = FileReader(svg_input_path)
    buffered_reader = BufferedReader(file_reader)
    read_line = ""

    while True:
        read_line = buffered_reader.readLine()

        if read_line is None:
            break

        if "viewBox" in read_line:
            view_box_content = _get_viewbox_content(read_line)
            view_box_values = _get_viewbox_values(view_box_content)
            if view_box_values[0] != 0:
                view_box_values[2] += view_box_values[0]
                view_box_values[0] = 0

            if view_box_values[1] != 0:
                view_box_values[3] += view_box_values[1]
                view_box_values[1] = 0

            new_view_box = str(view_box_values[0]) + " " + str(view_box_values[1]) + " " + \
                           str(view_box_values[2]) + " " + str(view_box_values[3])
            read_line = re.sub(r"viewBox=\"[\-|0-9| ]+\"", "viewBox=\""
                               + new_view_box + "\"", read_line, 1)
            read_line = re.sub(r"width=\"[0-9]+\"", "width=\""+ str(view_box_values[2]) + "\"",
                               read_line, 1)
            read_line = re.sub(r"height=\"[0-9]+\"", "height=\""+ str(view_box_values[3]) + "\"",
                               read_line, 1)

        write_str += read_line + "\n"

    buffered_reader.close()
    file_reader.close()
    file_writer = PrintWriter(svg_output_path)
    file_writer.print(write_str)
    file_writer.close()
Пример #51
0
    def	registerExtenderCallbacks(self, callbacks):

        self.callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)
        callbacks.setExtensionName('CSRF Handling ('+self.SETUP_NAME+')')
        callbacks.registerHttpListener(self)
        self.CSRF_Values = dict()
        for i in self.CSRF_Tokens.keys():
            self.CSRF_Values[i] = None
        if self.DEBUG:
            self.stdout.println('[*] Debug enabled')
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        

        # Register methods for error reporting
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)

        self.stdout.println("Module loaded successfully!")
        callbacks.setExtensionName('Add Luhn check digit')
        callbacks.registerIntruderPayloadProcessor(self)
        return
Пример #53
0
  def registerExtenderCallbacks(self, callbacks):
    self.callbacks = callbacks
    self.helpers = callbacks.getHelpers()
    callbacks.setExtensionName("Hello Burp")

    self.panel = JPanel()
    self.label = JLabel("Hello Burp")
    self.buttonOutput = Button("Print to Output", actionPerformed=self.printToOutput)
    self.buttonErrors = Button("Print to Errors", actionPerformed=self.printToErrors)
    self.buttonAlerts = Button("Print to Alerts", actionPerformed=self.printToAlerts)
    self.panel.add(self.label)
    self.panel.add(self.buttonOutput)
    self.panel.add(self.buttonErrors)
    self.panel.add(self.buttonAlerts)

    callbacks.customizeUiComponent(self.panel)
    callbacks.addSuiteTab(self)

    self.stdout = PrintWriter(callbacks.getStdout(), True)
    self.stderr = PrintWriter(callbacks.getStderr(), True)
    burpInfo = callbacks.getBurpVersion()
    self.stdout.println("Hello " + burpInfo[0] + " v" + burpInfo[1] + "." + burpInfo[2] +"!")
Пример #54
0
  def registerExtenderCallbacks(self, callbacks):
    self.callbacks = callbacks
    self.helpers = callbacks.getHelpers()
    self.stdout = PrintWriter(callbacks.getStdout(), True)
    self.stderr = PrintWriter(callbacks.getStderr(), True)

    callbacks.setExtensionName('Save URL List')
    self.panel = JPanel()
    self.myLabel = JLabel('Save URL List as a Text File', JLabel.CENTER)
    self.buttonFile = Button('Select File', actionPerformed=self.selectFile)
    self.buttonSaveProxy = Button('Save All Proxy History', actionPerformed=self.saveProxy)
    self.buttonSaveSiteTree = Button('Save All Target SiteTree ', actionPerformed=self.saveSiteTree)
    self.buttonSaveProxyScope = Button('Save In-Scope Proxy History', actionPerformed=self.saveProxyScope)
    self.buttonSaveSiteTreeScope = Button('Save In-Scope Target SiteTree', actionPerformed=self.saveSiteTreeScope)
    self.panel.add(self.myLabel)
    self.panel.add(self.buttonFile)
    self.panel.add(self.buttonSaveProxy)
    self.panel.add(self.buttonSaveSiteTree)
    self.panel.add(self.buttonSaveProxyScope)
    self.panel.add(self.buttonSaveSiteTreeScope)
    callbacks.customizeUiComponent(self.panel)
    callbacks.addSuiteTab(self)
Пример #55
0
 def registerExtenderCallbacks(self, callbacks):
     
     # properties
     self._title = "Generate Python Template"
     self._templatePath = '###### ----> PUT HERE THE ABSOLUTE PATH TO template.py <--- ####'
     
     # set our extension name
     callbacks.setExtensionName(self._title)
     
     # keep a reference to our callbacks object
     self._callbacks = callbacks
     
     # obtain an extension helpers object
     self._helpers = callbacks.getHelpers()
     
     # obtain std streams
     self._stdout = PrintWriter(callbacks.getStdout(), True)
     self._stderr = PrintWriter(callbacks.getStderr(), True)
             
     # main pane (top/bottom)
     self._mainpane = JPanel()
     self._mainpane.setLayout( GridLayout(2,1) )
     
     # configure bottom pane for buttons
     self._botPane = JPanel()
     flowLayout = FlowLayout()
     self._botPane.setLayout( flowLayout )
     self._botPane.add( JButton("Generate", actionPerformed=self.regeneratePy) )
     self._botPane.add( JButton("Export", actionPerformed=self.exportPy) )
     
     # Configure pyViewer (JTextArea) for python output --> top pane
     self._pyViewer = JTextArea(5, 20);
     scrollPane = JScrollPane(self._pyViewer); 
     self._pyViewer.setEditable(True);
     self._pyViewer.setText( "Waiting request ..." );
     
     ### Assign top / bottom components
     self._mainpane.add(scrollPane)
     self._mainpane.add(self._botPane)
             
     # customize our UI components
     callbacks.customizeUiComponent(self._mainpane)
     
     # add the custom tab to Burp's UI
     callbacks.addSuiteTab(self)
     
     
     # register ourselves as a ContextMenuFactory
     callbacks.registerContextMenuFactory(self)
     
     return
Пример #56
0
    def	registerExtenderCallbacks(self, callbacks):

        self._cb = callbacks
        self.helpers = callbacks.getHelpers()
    
        # set our extension name
        callbacks.setExtensionName("Cookie Cycler")
        
        # obtain our output and error streams
        self.stdout = PrintWriter(callbacks.getStdout(), True)
        self.stderr = PrintWriter(callbacks.getStderr(), True)
        self.stdout.println(EXTENSION_INFO)
        
        # register ourselves as an HTTP listener
        #callbacks.registerHttpListener(self) # disabled, too much noise
        callbacks.registerContextMenuFactory(self)
 def registerExtenderCallbacks(self, callbacks):
     # keep a reference to our callbacks object
     self._callbacks = callbacks
     self._scanlist = []  # Holds scan items (Burp data structures)
     self._scantarget = []  # Holds list of URLs added to scan
     # set our extension name
     callbacks.setExtensionName("Headless Scanner Driver")
     # obtain our output stream
     self._stdout = PrintWriter(callbacks.getStdout(), True)
     self._stderr = PrintWriter(callbacks.getStderr(), True)
     # register ourselves as listeners
     callbacks.registerScannerListener(self)
     callbacks.registerProxyListener(self)
     self._stdout.println(json.dumps({"running": 1}))  # Indicate we're up
     self._stdout.flush()
     return
    def __init__(self, server, socket, connectionTrack):
        self.server = server
        self.connectionTrack = connectionTrack
        self.kill = False
        self.notes = {}

        self.socket = socket
        self.in = BufferedReader(InputStreamReader(self.socket.getInputStream()))
        self.out = PrintWriter(self.socket.getOutputStream(), True)

        self.handlers = {
            Message.ADD_NOTE: self._addNote,
            Message.ADD_LOOPED_NOTE: self._addLoopedNote,
            Message.DELETE_NOTE: self._deleteNote,
            Message.DELETE_ALL_NOTES: self._deleteAllNotes
        }
Пример #59
0
	def registerExtenderCallbacks(self, callbacks):

		# Writing streams
		self.stdout = PrintWriter(callbacks.getStdout(), True)
		self.stdout.println('Heada extension loaded.')

		# Keep a reference to our callbacks object
		self.callbacks = callbacks

		# Obtain an extension helpers object
		self.helpers = callbacks.getHelpers()

		# Set our extension name
		callbacks.setExtensionName('heada')

		# Register a custom scanner check
		callbacks.registerScannerCheck(self)
Пример #60
0
    def logScanIssue(self, baseRequestResponse):
      '''This is redundant (mostly) of the doPassiveScan function'''
      reqPATTERN=self.reqPattern.text
      resPATTERN=self.resPattern.text
      ISSUE_NAME=self.issueNameField.text
      ISSUE_DETAIL=self.issueDetailField.text
      ISSUE_BACKGROUND=self.issueBackgroundField.text
      REMEDIATION_BACKGROUND=self.remediationBackgroundField.text
      REMEDIATION_DETAIL=self.remediationDetailField.text
      if self.radioBtnSevHigh.isSelected():
        SEVERITY="High"
      elif self.radioBtnSevMedium.isSelected():
        SEVERITY="Medium"
      else:
        SEVERITY="Low"
      CONFIDENCE="Certain"
      self._stdout = PrintWriter(self._callbacks.getStdout(), True)
      self._stdout.println('logScanIssue has been called')
      self._stdout.println('[-] ISSUE_NAME: ' + ISSUE_NAME)
      self._stdout.println('[-] ISSUE_DETAIL: ' + ISSUE_DETAIL)
      self._stdout.println('[-] ISSUE_BACKGROUND: ' + ISSUE_BACKGROUND)
      self._stdout.println('[-] REMEDIATION_DETAIL: ' + REMEDIATION_DETAIL)
      self._stdout.println('[-] REMEDIATION_BACKGROUND: ' + REMEDIATION_BACKGROUND)
      self._stdout.println('[-] SEVERITY: ' + SEVERITY)
      self._stdout.println('[-] CONFIDENCE: ' + CONFIDENCE)
      match = False
      if reqPATTERN == "":
        reqmatch = None
      else:
        reqmatch = self.getMatches(baseRequestResponse.getRequest(), reqPATTERN)
        match = True
      if resPATTERN == "":
        resmatch = None
      else:
        resmatch = self.getMatches(baseRequestResponse.getResponse(), resPATTERN)
        match = True
      if match:
        httpmsgs = [self._callbacks.applyMarkers(baseRequestResponse,reqmatch,resmatch)]
        issue=ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs, ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, ISSUE_BACKGROUND, REMEDIATION_DETAIL, REMEDIATION_BACKGROUND)
        self._callbacks.addScanIssue(issue)
        self.closeUI(None)

      return