def writeAsClientGET(cls, socket, hostField, data, playerName): """ generated source for method writeAsClientGET """ pw = PrintWriter(socket.getOutputStream()) pw.print_("GET /" + URLEncoder.encode(data, "UTF-8") + " HTTP/1.0\r\n") pw.print_("Accept: text/delim\r\n") pw.print_("Host: " + hostField + "\r\n") pw.print_("Sender: GAMESERVER\r\n") pw.print_("Receiver: " + playerName + "\r\n") pw.print_("\r\n") pw.print_("\r\n") pw.flush()
def writeClientGetHTTP(self, writeOutTo, headers, data): """ generated source for method writeClientGetHTTP """ bw = BufferedWriter(OutputStreamWriter(writeOutTo.getOutputStream())) pw = PrintWriter(bw) pw.println("GET /" + URLEncoder.encode(data, "UTF-8") + " HTTP/1.0") if 0 > len(headers): pw.println(headers) pw.println("Content-length: 0") pw.println() pw.println() pw.flush()
def writeClientPostHTTP(self, writeOutTo, headers, data): """ generated source for method writeClientPostHTTP """ bw = BufferedWriter(OutputStreamWriter(writeOutTo.getOutputStream())) pw = PrintWriter(bw) pw.println("POST / HTTP/1.0") if 0 > len(headers): pw.println(headers) pw.println("Content-length: " + len(data)) pw.println() pw.println(data) pw.flush()
def writeAsServer(cls, socket, data): """ generated source for method writeAsServer """ pw = PrintWriter(socket.getOutputStream()) pw.print_("HTTP/1.0 200 OK\r\n") pw.print_("Content-type: text/acl\r\n") pw.print_("Content-length: " + len(data) + "\r\n") pw.print_("Access-Control-Allow-Origin: *\r\n") pw.print_("Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n") pw.print_("Access-Control-Allow-Headers: Content-Type\r\n") pw.print_("Access-Control-Allow-Age: 86400\r\n") pw.print_("\r\n") pw.print_(data) pw.flush()
def writeAsClient(cls, socket, hostField, data, playerName): """ generated source for method writeAsClient """ pw = PrintWriter(socket.getOutputStream()) pw.print_("POST / HTTP/1.0\r\n") pw.print_("Accept: text/delim\r\n") pw.print_("Host: " + hostField + "\r\n") pw.print_("Sender: GAMESERVER\r\n") pw.print_("Receiver: " + playerName + "\r\n") pw.print_("Content-Type: text/acl\r\n") pw.print_("Content-Length: " + len(data) + "\r\n") pw.print_("\r\n") pw.print_(data) pw.flush()
class BurpExtender(IBurpExtender, IScannerListener, IProxyListener, IHttpListener): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._scanlist = [] # Holds scan items (Burp data structures) self._scantarget = [] # Holds list of URLs added to scan # set our extension name callbacks.setExtensionName("Headless Scanner Driver") # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # register ourselves as listeners callbacks.registerScannerListener(self) callbacks.registerProxyListener(self) self._stdout.println(json.dumps({"running": 1})) # Indicate we're up self._stdout.flush() return def processProxyMessage(self, messageIsRequest, message): # This method is called for every externally triggered request. callbacks = self._callbacks # As stored in registerExtenderCallbacks message.setInterceptAction( IInterceptedProxyMessage.ACTION_DONT_INTERCEPT) # Inform Burp not to intercept the message. if messageIsRequest == 1: # Booleans are integers # Obtain message target & content requestresponse = message.getMessageInfo() request = requestresponse.getRequest() # returns array.array target = requestresponse.getHttpService() host = target.getHost() port = target.getPort() protocol = target.getProtocol() # Interpret in-band signaling from the test driver # (any request to ports 1111, 1112 will get intercepted as # an instruction to this extension) if port == 1111: # Show scan status message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP) # Was a control message, do not process further statuses = [] for scaninstance in self._scanlist: statuses.append(scaninstance.getStatus()) # This output may block due to output buffers being filled. # When running this extension, something should be reading # stdout. self._stdout.println(json.dumps(statuses)) self._stdout.flush() return if port == 1112: # Dump results and quit message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP) # Was a control message, do not process further scanissues = self.get_issues() # This output may block due to output buffers being filled. # When running this extension, something should be reading # stdout. self._stdout.println(json.dumps(scanissues, encoding="utf-8")) self._stdout.flush() callbacks.exitSuite(0) # Exit cleanly return if port == 1113: # Dump results but don't quit message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP) # Was a control message, do not process further scanissues = self.get_issues() #clear the scanlist to avoid getting previous issues in future scans self._scanlist = [] # This output may block due to output buffers being filled. # When running this extension, something should be reading # stdout. self._stdout.println(json.dumps(scanissues, encoding="utf-8")) self._stdout.flush() return # Duplicate scan rejection urlpath = re.search('^\w+ (.+) HTTP', request.tostring()) if urlpath is not None: url = protocol + "://" + host + urlpath.group(1) if self._scantarget.count(url) == 0: # Not already scanned? self._scantarget.append(url) # Start an active scan on the message https = 0 if protocol == "https": https = 1 scaninstance = callbacks.doActiveScan(host, port, https, request) self._scanlist.append(scaninstance) return def get_issues(self): scanissues = [] # Collect issues. We have a list of scans that contain # scan findings. Extract these and dump in a JSON. for scaninstance in self._scanlist: for scanissue in scaninstance.getIssues(): issue = {} issue['url'] = scanissue.getUrl().toString() issue['severity'] = scanissue.getSeverity() issue['issuetype'] = scanissue.getIssueType() issue['issuename'] = scanissue.getIssueName() issue['issuedetail'] = scanissue.getIssueDetail() issue['confidence'] = scanissue.getConfidence() issue['host'] = scanissue.getHttpService().getHost() issue['port'] = scanissue.getHttpService().getPort() issue['protocol'] = scanissue.getHttpService().getProtocol() messages = [] for httpmessage in scanissue.getHttpMessages(): request = httpmessage.getRequest().tostring() request = request.encode('utf-8') response = httpmessage.getResponse().tostring() response = response.encode('utf-8') messages.append((request, response)) issue['messages'] = messages scanissues.append(copy.copy(issue)) return scanissues
class BurpExtender(IBurpExtender, IScannerListener, IProxyListener, IHttpListener): def registerExtenderCallbacks(self, callbacks): try: self._callbacks = callbacks self._scanlist = [] self._scantarget = [] self.all_requests = [] self.helpers = callbacks.getHelpers() callbacks.setExtensionName("RoboBurp") self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) callbacks.registerScannerListener(self) callbacks.registerProxyListener(self) self._stdout.println(json.dumps({"running": 1})) self._stdout.flush() self.ignore_ext = [ '.woff', '.woff2', '.ttf', '.jpg', '.js', '.jpeg', '.gif', '.png', '.xml', '.json', '.css', '.swf', 'svg', 'ico', '.cur', '.pdf' ] self.ignore_domain = [ 'mozilla', 'api.keen.io', '*.google.com', '*.googleapis.com', '*.gstatic.com' ] self.scan_status_url = 'http://localhost:1111' self.proxyDict = { "http": 'http://localhost:{0}'.format(os.environ.get('port', 8080)) } return except BaseException as e: exc_type, exc_value, exc_traceback = sys.exc_info() status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno) self._stdout.println(status) def processProxyMessage(self, messageIsRequest, message): try: callbacks = self._callbacks message.setInterceptAction( IInterceptedProxyMessage.ACTION_DONT_INTERCEPT) if messageIsRequest == 1: requestresponse = message.getMessageInfo() request = requestresponse.getRequest() target = requestresponse.getHttpService() host = target.getHost() port = target.getPort() protocol = target.getProtocol() if port == 1110: # Initiate Scan if self.all_requests: for req in self.all_requests: scaninstance = callbacks.doActiveScan( req.get('host'), req.get('port'), req.get('https'), req.get('request')) self._scanlist.append(scaninstance) elif port == 1111: # Gets Status message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP) statuses = [] for scaninstance in self._scanlist: statuses.append(scaninstance.getStatus()) self._stdout.println(json.dumps(statuses)) if statuses: for index, item in enumerate(statuses): if 'abandoned' in item: statuses[index] = 'finished' if not all(stat == 'finished' for stat in statuses): try: for index, item in enumerate(statuses): if "finished" in item or "aborted" in item or "cancelled" in item: statuses[index] = 100 elif "complete" in item: statuses[index] = int( item.split('%')[0]) else: statuses[index] = 0 percentage = (sum(statuses) / len(statuses)) home = expanduser("~") with open('{0}/.status'.format(home), 'w') as f: f.write(str(percentage)) status = { 'status': 'Running', 'progress': '{0}'.format(percentage), 'scanner': 'Burp' } self._stdout.println(json.dumps(status)) except BaseException as e: exc_type, exc_value, exc_traceback = sys.exc_info( ) status = 'Failed - {0} {1}'.format( e, exc_traceback.tb_lineno) self._stdout.println(status) if all(stat == 'finished' for stat in statuses): percentage = 100 home = expanduser("~") with open('{0}.status'.format(home), 'w') as f: f.write(str(percentage)) self.get_issues() else: status = 'Failed - No scan status.' self._stdout.println(status) self._stdout.flush() return elif port == 1112: # Get XML Report self.get_issues() elif port == 1113: # Kill Burp self._callbacks.exitSuite(False) urlpath = re.search('^\w+ (.+) HTTP', request.tostring()) if urlpath is not None: url = protocol + "://" + host + urlpath.group(1) unwanted_extension = any(ext for ext in self.ignore_ext if url.endswith(ext)) unwanted_domain = any(st for st in self.ignore_domain if st in url) if unwanted_extension or unwanted_domain: pass else: if self._scantarget.count(url) == 0: self._scantarget.append(url) https = 0 if protocol == "https": https = 1 self.all_requests.append({ 'host': host, 'port': port, 'https': https, 'request': request }) # scaninstance = callbacks.doActiveScan(host, port, https, request) # self._scanlist.append(scaninstance) return except BaseException as e: exc_type, exc_value, exc_traceback = sys.exc_info() status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno) self._stdout.println(status) def get_issues(self): file_name = 'BurpResults.xml' all_issues = [] try: for scaninstance in self._scanlist: for scanissue in scaninstance.getIssues(): all_issues.append(scanissue) self._callbacks.generateScanReport('XML', all_issues, File(file_name)) except BaseException as e: exc_type, exc_value, exc_traceback = sys.exc_info() status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno) self._stdout.println(status) def newScanIssue(self, issue): return
class BurpExtender(IBurpExtender, IScannerListener, IProxyListener, IHttpListener): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._scanlist = [] # Holds scan items (Burp data structures) self._scantarget = [] # Holds list of URLs added to scan # set our extension name callbacks.setExtensionName("Headless Scanner Driver") # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # register ourselves as listeners callbacks.registerScannerListener(self) callbacks.registerProxyListener(self) self._stdout.println(json.dumps({"running": 1})) # Indicate we're up self._stdout.flush() return def processProxyMessage(self, messageIsRequest, message): # This method is called for every externally triggered request. callbacks = self._callbacks # As stored in registerExtenderCallbacks message.setInterceptAction( IInterceptedProxyMessage.ACTION_DONT_INTERCEPT ) # Inform Burp not to intercept the message. if messageIsRequest == 1: # Booleans are integers # Obtain message target & content requestresponse = message.getMessageInfo() request = requestresponse.getRequest() # returns array.array target = requestresponse.getHttpService() host = target.getHost() port = target.getPort() protocol = target.getProtocol() # Interpret in-band signaling from the test driver # (any request to ports 1111, 1112 will get intercepted as # an instruction to this extension) if port == 1111: # Show scan status message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP ) # Was a control message, do not process further statuses = [] for scaninstance in self._scanlist: statuses.append(scaninstance.getStatus()) # This output may block due to output buffers being filled. # When running this extension, something should be reading # stdout. self._stdout.println(json.dumps(statuses)) self._stdout.flush() return if port == 1112: # Dump results and quit message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP ) # Was a control message, do not process further scanissues = self.get_issues() # This output may block due to output buffers being filled. # When running this extension, something should be reading # stdout. self._stdout.println(json.dumps(scanissues, encoding="utf-8")) self._stdout.flush() callbacks.exitSuite(0) # Exit cleanly return if port == 1113: # Dump results but don't quit message.setInterceptAction( IInterceptedProxyMessage.ACTION_DROP ) # Was a control message, do not process further scanissues = self.get_issues() #clear the scanlist to avoid getting previous issues in future scans self._scanlist = [] # This output may block due to output buffers being filled. # When running this extension, something should be reading # stdout. self._stdout.println(json.dumps(scanissues, encoding="utf-8")) self._stdout.flush() return # Duplicate scan rejection urlpath = re.search('^\w+ (.+) HTTP', request.tostring()) if urlpath is not None: url = protocol + "://" + host + urlpath.group(1) if self._scantarget.count(url) == 0: # Not already scanned? self._scantarget.append(url) # Start an active scan on the message https = 0 if protocol == "https": https = 1 scaninstance = callbacks.doActiveScan( host, port, https, request) self._scanlist.append(scaninstance) return def get_issues(self): scanissues = [] # Collect issues. We have a list of scans that contain # scan findings. Extract these and dump in a JSON. for scaninstance in self._scanlist: for scanissue in scaninstance.getIssues(): issue = {} issue['url'] = scanissue.getUrl().toString() issue['severity'] = scanissue.getSeverity() issue['issuetype'] = scanissue.getIssueType() issue['issuename'] = scanissue.getIssueName() issue['issuedetail'] = scanissue.getIssueDetail() issue['confidence'] = scanissue.getConfidence() issue['host'] = scanissue.getHttpService().getHost() issue['port'] = scanissue.getHttpService().getPort() issue['protocol'] = scanissue.getHttpService().getProtocol() messages = [] for httpmessage in scanissue.getHttpMessages(): request = httpmessage.getRequest().tostring() request = request.encode('utf-8') response = httpmessage.getResponse().tostring() response = response.encode('utf-8') messages.append((request, response)) issue['messages'] = messages scanissues.append(copy.copy(issue)) return scanissues