Пример #1
0
 def writeAsClientGET(cls, socket, hostField, data, playerName):
     """ generated source for method writeAsClientGET """
     pw = PrintWriter(socket.getOutputStream())
     pw.print_("GET /" + URLEncoder.encode(data, "UTF-8") + " HTTP/1.0\r\n")
     pw.print_("Accept: text/delim\r\n")
     pw.print_("Host: " + hostField + "\r\n")
     pw.print_("Sender: GAMESERVER\r\n")
     pw.print_("Receiver: " + playerName + "\r\n")
     pw.print_("\r\n")
     pw.print_("\r\n")
     pw.flush()
Пример #2
0
 def writeClientGetHTTP(self, writeOutTo, headers, data):
     """ generated source for method writeClientGetHTTP """
     bw = BufferedWriter(OutputStreamWriter(writeOutTo.getOutputStream()))
     pw = PrintWriter(bw)
     pw.println("GET /" + URLEncoder.encode(data, "UTF-8") + " HTTP/1.0")
     if 0 > len(headers):
         pw.println(headers)
     pw.println("Content-length: 0")
     pw.println()
     pw.println()
     pw.flush()
Пример #3
0
 def writeClientPostHTTP(self, writeOutTo, headers, data):
     """ generated source for method writeClientPostHTTP """
     bw = BufferedWriter(OutputStreamWriter(writeOutTo.getOutputStream()))
     pw = PrintWriter(bw)
     pw.println("POST / HTTP/1.0")
     if 0 > len(headers):
         pw.println(headers)
     pw.println("Content-length: " + len(data))
     pw.println()
     pw.println(data)
     pw.flush()
Пример #4
0
 def writeAsServer(cls, socket, data):
     """ generated source for method writeAsServer """
     pw = PrintWriter(socket.getOutputStream())
     pw.print_("HTTP/1.0 200 OK\r\n")
     pw.print_("Content-type: text/acl\r\n")
     pw.print_("Content-length: " + len(data) + "\r\n")
     pw.print_("Access-Control-Allow-Origin: *\r\n")
     pw.print_("Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n")
     pw.print_("Access-Control-Allow-Headers: Content-Type\r\n")
     pw.print_("Access-Control-Allow-Age: 86400\r\n")
     pw.print_("\r\n")
     pw.print_(data)
     pw.flush()
Пример #5
0
 def writeAsClient(cls, socket, hostField, data, playerName):
     """ generated source for method writeAsClient """
     pw = PrintWriter(socket.getOutputStream())
     pw.print_("POST / HTTP/1.0\r\n")
     pw.print_("Accept: text/delim\r\n")
     pw.print_("Host: " + hostField + "\r\n")
     pw.print_("Sender: GAMESERVER\r\n")
     pw.print_("Receiver: " + playerName + "\r\n")
     pw.print_("Content-Type: text/acl\r\n")
     pw.print_("Content-Length: " + len(data) + "\r\n")
     pw.print_("\r\n")
     pw.print_(data)
     pw.flush()
class BurpExtender(IBurpExtender, IScannerListener, IProxyListener, IHttpListener):
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        self._scanlist = []  # Holds scan items (Burp data structures)
        self._scantarget = []  # Holds list of URLs added to scan
        # set our extension name
        callbacks.setExtensionName("Headless Scanner Driver")
        # obtain our output stream
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)
        # register ourselves as listeners
        callbacks.registerScannerListener(self)
        callbacks.registerProxyListener(self)
        self._stdout.println(json.dumps({"running": 1}))  # Indicate we're up
        self._stdout.flush()
        return

    def processProxyMessage(self, messageIsRequest, message):
        # This method is called for every externally triggered request.
        callbacks = self._callbacks  # As stored in registerExtenderCallbacks
        message.setInterceptAction(
            IInterceptedProxyMessage.ACTION_DONT_INTERCEPT)  # Inform Burp not to intercept the message.

        if messageIsRequest == 1:  # Booleans are integers

            # Obtain message target & content
            requestresponse = message.getMessageInfo()
            request = requestresponse.getRequest()  # returns array.array
            target = requestresponse.getHttpService()
            host = target.getHost()
            port = target.getPort()
            protocol = target.getProtocol()

            # Interpret in-band signaling from the test driver
            # (any request to ports 1111, 1112 will get intercepted as
            # an instruction to this extension)
            if port == 1111:  # Show scan status
                message.setInterceptAction(
                    IInterceptedProxyMessage.ACTION_DROP)  # Was a control message, do not process further
                statuses = []
                for scaninstance in self._scanlist:
                    statuses.append(scaninstance.getStatus())
                # This output may block due to output buffers being filled.
                # When running this extension, something should be reading
                # stdout.
                self._stdout.println(json.dumps(statuses))
                self._stdout.flush()
                return

            if port == 1112:  # Dump results and quit
                message.setInterceptAction(
                    IInterceptedProxyMessage.ACTION_DROP)  # Was a control message, do not process further
                scanissues = self.get_issues()
                # This output may block due to output buffers being filled.
                # When running this extension, something should be reading
                # stdout.
                self._stdout.println(json.dumps(scanissues, encoding="utf-8"))
                self._stdout.flush()
                callbacks.exitSuite(0)  # Exit cleanly
                return

            if port == 1113:  # Dump results but don't quit
                message.setInterceptAction(
                    IInterceptedProxyMessage.ACTION_DROP)  # Was a control message, do not process further
                scanissues = self.get_issues()
                #clear the scanlist to avoid getting previous issues in future scans
                self._scanlist = []
                # This output may block due to output buffers being filled.
                # When running this extension, something should be reading
                # stdout.
                self._stdout.println(json.dumps(scanissues, encoding="utf-8"))
                self._stdout.flush()
                return
            # Duplicate scan rejection

            urlpath = re.search('^\w+ (.+) HTTP', request.tostring())
            if urlpath is not None:
                url = protocol + "://" + host + urlpath.group(1)
                if self._scantarget.count(url) == 0:  # Not already scanned?
                    self._scantarget.append(url)
                    # Start an active scan on the message
                    https = 0
                    if protocol == "https":
                        https = 1
                    scaninstance = callbacks.doActiveScan(host,
                                                          port,
                                                          https,
                                                          request)
                    self._scanlist.append(scaninstance)
        return

    def get_issues(self):
        scanissues = []
        # Collect issues. We have a list of scans that contain
        # scan findings. Extract these and dump in a JSON.
        for scaninstance in self._scanlist:
            for scanissue in scaninstance.getIssues():
                issue = {}
                issue['url'] = scanissue.getUrl().toString()
                issue['severity'] = scanissue.getSeverity()
                issue['issuetype'] = scanissue.getIssueType()
                issue['issuename'] = scanissue.getIssueName()
                issue['issuedetail'] = scanissue.getIssueDetail()
                issue['confidence'] = scanissue.getConfidence()
                issue['host'] = scanissue.getHttpService().getHost()
                issue['port'] = scanissue.getHttpService().getPort()
                issue['protocol'] = scanissue.getHttpService().getProtocol()
                messages = []
                for httpmessage in scanissue.getHttpMessages():
                    request = httpmessage.getRequest().tostring()
                    request = request.encode('utf-8')
                    response = httpmessage.getResponse().tostring()
                    response = response.encode('utf-8')
                    messages.append((request,
                                        response))
                issue['messages'] = messages
                scanissues.append(copy.copy(issue))
        return scanissues
Пример #7
0
class BurpExtender(IBurpExtender, IScannerListener, IProxyListener,
                   IHttpListener):
    def registerExtenderCallbacks(self, callbacks):
        try:
            self._callbacks = callbacks
            self._scanlist = []
            self._scantarget = []
            self.all_requests = []
            self.helpers = callbacks.getHelpers()
            callbacks.setExtensionName("RoboBurp")
            self._stdout = PrintWriter(callbacks.getStdout(), True)
            self._stderr = PrintWriter(callbacks.getStderr(), True)
            callbacks.registerScannerListener(self)
            callbacks.registerProxyListener(self)
            self._stdout.println(json.dumps({"running": 1}))
            self._stdout.flush()
            self.ignore_ext = [
                '.woff', '.woff2', '.ttf', '.jpg', '.js', '.jpeg', '.gif',
                '.png', '.xml', '.json', '.css', '.swf', 'svg', 'ico', '.cur',
                '.pdf'
            ]
            self.ignore_domain = [
                'mozilla', 'api.keen.io', '*.google.com', '*.googleapis.com',
                '*.gstatic.com'
            ]
            self.scan_status_url = 'http://localhost:1111'
            self.proxyDict = {
                "http":
                'http://localhost:{0}'.format(os.environ.get('port', 8080))
            }
            return
        except BaseException as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno)
            self._stdout.println(status)

    def processProxyMessage(self, messageIsRequest, message):
        try:
            callbacks = self._callbacks
            message.setInterceptAction(
                IInterceptedProxyMessage.ACTION_DONT_INTERCEPT)
            if messageIsRequest == 1:
                requestresponse = message.getMessageInfo()
                request = requestresponse.getRequest()
                target = requestresponse.getHttpService()
                host = target.getHost()
                port = target.getPort()
                protocol = target.getProtocol()

                if port == 1110:  # Initiate Scan
                    if self.all_requests:
                        for req in self.all_requests:
                            scaninstance = callbacks.doActiveScan(
                                req.get('host'), req.get('port'),
                                req.get('https'), req.get('request'))
                            self._scanlist.append(scaninstance)

                elif port == 1111:  # Gets Status
                    message.setInterceptAction(
                        IInterceptedProxyMessage.ACTION_DROP)
                    statuses = []
                    for scaninstance in self._scanlist:
                        statuses.append(scaninstance.getStatus())
                    self._stdout.println(json.dumps(statuses))
                    if statuses:
                        for index, item in enumerate(statuses):
                            if 'abandoned' in item:
                                statuses[index] = 'finished'
                        if not all(stat == 'finished' for stat in statuses):
                            try:
                                for index, item in enumerate(statuses):
                                    if "finished" in item or "aborted" in item or "cancelled" in item:
                                        statuses[index] = 100
                                    elif "complete" in item:
                                        statuses[index] = int(
                                            item.split('%')[0])
                                    else:
                                        statuses[index] = 0
                                percentage = (sum(statuses) / len(statuses))
                                home = expanduser("~")
                                with open('{0}/.status'.format(home),
                                          'w') as f:
                                    f.write(str(percentage))
                                status = {
                                    'status': 'Running',
                                    'progress': '{0}'.format(percentage),
                                    'scanner': 'Burp'
                                }
                                self._stdout.println(json.dumps(status))
                            except BaseException as e:
                                exc_type, exc_value, exc_traceback = sys.exc_info(
                                )
                                status = 'Failed - {0} {1}'.format(
                                    e, exc_traceback.tb_lineno)
                                self._stdout.println(status)
                        if all(stat == 'finished' for stat in statuses):
                            percentage = 100
                            home = expanduser("~")
                            with open('{0}.status'.format(home), 'w') as f:
                                f.write(str(percentage))
                            self.get_issues()
                    else:
                        status = 'Failed - No scan status.'
                        self._stdout.println(status)
                    self._stdout.flush()
                    return

                elif port == 1112:  # Get XML Report
                    self.get_issues()

                elif port == 1113:  # Kill Burp
                    self._callbacks.exitSuite(False)

                urlpath = re.search('^\w+ (.+) HTTP', request.tostring())
                if urlpath is not None:
                    url = protocol + "://" + host + urlpath.group(1)
                    unwanted_extension = any(ext for ext in self.ignore_ext
                                             if url.endswith(ext))
                    unwanted_domain = any(st for st in self.ignore_domain
                                          if st in url)
                    if unwanted_extension or unwanted_domain:
                        pass
                    else:
                        if self._scantarget.count(url) == 0:
                            self._scantarget.append(url)
                            https = 0
                            if protocol == "https":
                                https = 1
                            self.all_requests.append({
                                'host': host,
                                'port': port,
                                'https': https,
                                'request': request
                            })
                        # scaninstance = callbacks.doActiveScan(host, port, https, request)
                        # self._scanlist.append(scaninstance)
            return
        except BaseException as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno)
            self._stdout.println(status)

    def get_issues(self):
        file_name = 'BurpResults.xml'
        all_issues = []
        try:
            for scaninstance in self._scanlist:
                for scanissue in scaninstance.getIssues():
                    all_issues.append(scanissue)
            self._callbacks.generateScanReport('XML', all_issues,
                                               File(file_name))
        except BaseException as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno)
            self._stdout.println(status)

    def newScanIssue(self, issue):
        return
class BurpExtender(IBurpExtender, IScannerListener, IProxyListener,
                   IHttpListener):
    def registerExtenderCallbacks(self, callbacks):
        # keep a reference to our callbacks object
        self._callbacks = callbacks
        self._scanlist = []  # Holds scan items (Burp data structures)
        self._scantarget = []  # Holds list of URLs added to scan
        # set our extension name
        callbacks.setExtensionName("Headless Scanner Driver")
        # obtain our output stream
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        self._stderr = PrintWriter(callbacks.getStderr(), True)
        # register ourselves as listeners
        callbacks.registerScannerListener(self)
        callbacks.registerProxyListener(self)
        self._stdout.println(json.dumps({"running": 1}))  # Indicate we're up
        self._stdout.flush()
        return

    def processProxyMessage(self, messageIsRequest, message):
        # This method is called for every externally triggered request.
        callbacks = self._callbacks  # As stored in registerExtenderCallbacks
        message.setInterceptAction(
            IInterceptedProxyMessage.ACTION_DONT_INTERCEPT
        )  # Inform Burp not to intercept the message.

        if messageIsRequest == 1:  # Booleans are integers

            # Obtain message target & content
            requestresponse = message.getMessageInfo()
            request = requestresponse.getRequest()  # returns array.array
            target = requestresponse.getHttpService()
            host = target.getHost()
            port = target.getPort()
            protocol = target.getProtocol()

            # Interpret in-band signaling from the test driver
            # (any request to ports 1111, 1112 will get intercepted as
            # an instruction to this extension)
            if port == 1111:  # Show scan status
                message.setInterceptAction(
                    IInterceptedProxyMessage.ACTION_DROP
                )  # Was a control message, do not process further
                statuses = []
                for scaninstance in self._scanlist:
                    statuses.append(scaninstance.getStatus())
                # This output may block due to output buffers being filled.
                # When running this extension, something should be reading
                # stdout.
                self._stdout.println(json.dumps(statuses))
                self._stdout.flush()
                return

            if port == 1112:  # Dump results and quit
                message.setInterceptAction(
                    IInterceptedProxyMessage.ACTION_DROP
                )  # Was a control message, do not process further
                scanissues = self.get_issues()
                # This output may block due to output buffers being filled.
                # When running this extension, something should be reading
                # stdout.
                self._stdout.println(json.dumps(scanissues, encoding="utf-8"))
                self._stdout.flush()
                callbacks.exitSuite(0)  # Exit cleanly
                return

            if port == 1113:  # Dump results but don't quit
                message.setInterceptAction(
                    IInterceptedProxyMessage.ACTION_DROP
                )  # Was a control message, do not process further
                scanissues = self.get_issues()
                #clear the scanlist to avoid getting previous issues in future scans
                self._scanlist = []
                # This output may block due to output buffers being filled.
                # When running this extension, something should be reading
                # stdout.
                self._stdout.println(json.dumps(scanissues, encoding="utf-8"))
                self._stdout.flush()
                return
            # Duplicate scan rejection

            urlpath = re.search('^\w+ (.+) HTTP', request.tostring())
            if urlpath is not None:
                url = protocol + "://" + host + urlpath.group(1)
                if self._scantarget.count(url) == 0:  # Not already scanned?
                    self._scantarget.append(url)
                    # Start an active scan on the message
                    https = 0
                    if protocol == "https":
                        https = 1
                    scaninstance = callbacks.doActiveScan(
                        host, port, https, request)
                    self._scanlist.append(scaninstance)
        return

    def get_issues(self):
        scanissues = []
        # Collect issues. We have a list of scans that contain
        # scan findings. Extract these and dump in a JSON.
        for scaninstance in self._scanlist:
            for scanissue in scaninstance.getIssues():
                issue = {}
                issue['url'] = scanissue.getUrl().toString()
                issue['severity'] = scanissue.getSeverity()
                issue['issuetype'] = scanissue.getIssueType()
                issue['issuename'] = scanissue.getIssueName()
                issue['issuedetail'] = scanissue.getIssueDetail()
                issue['confidence'] = scanissue.getConfidence()
                issue['host'] = scanissue.getHttpService().getHost()
                issue['port'] = scanissue.getHttpService().getPort()
                issue['protocol'] = scanissue.getHttpService().getProtocol()
                messages = []
                for httpmessage in scanissue.getHttpMessages():
                    request = httpmessage.getRequest().tostring()
                    request = request.encode('utf-8')
                    response = httpmessage.getResponse().tostring()
                    response = response.encode('utf-8')
                    messages.append((request, response))
                issue['messages'] = messages
                scanissues.append(copy.copy(issue))
        return scanissues