def defineCheckBox(self, caption, selected=True, enabled=True): checkBox = JCheckBox(caption) checkBox.setSelected(selected) checkBox.setEnabled(enabled) return checkBox
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): # smart xss feature (print conclusion and observation) # mark resulsts # add automatic check pages in the same domain self.tagPayloads = [ "<b>test", "<b onmouseover=test()>test", "<img src=err onerror=test()>", "<script>test</script>" "", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>", "<scri<script>pt>test;</scr</script>ipt>", "<SCRI<script>PT>test;</SCR</script>IPT>", "<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>", "<IMG \"\"\"><SCRIPT>test</SCRIPT>\">", "<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>", "<IFRAME SRC='f' onerror=\"test\"></IFRAME>", "<IFRAME SRC='f' onerror='test'></IFRAME>", "<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">", "<img src='1' onerror='test'", "<STYLE TYPE=\"text/javascript\">test;</STYLE>", "<<SCRIPT>test//<</SCRIPT>" ] self.attributePayloads = [ "\"\"\"><SCRIPT>test", "'''><SCRIPT>test'", "\"><script>test</script>", "\"><script>test</script><\"", "'><script>test</script>", "'><script>test</script><'", "\";test;\"", "';test;'", ";test;", "\";test;//", "\"onmouseover=test ", "onerror=\"test\"", "onerror='test'", "onload=\"test\"", "onload='test'" ] self.xssKey = 'xssme' # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("XSSor") self.affectedResponses = ArrayList() self._log = ArrayList() self._lock = Lock() # main split pane self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) # table of log entries logTable = Table(self) scrollPane = JScrollPane(logTable) self._splitpane.setLeftComponent(scrollPane) # tabs with request/response viewers tabs = JTabbedPane() self._requestViewer = callbacks.createMessageEditor(self, False) self._responseViewer = callbacks.createMessageEditor(self, False) tabs.addTab("Request", self._requestViewer.getComponent()) tabs.addTab("Response", self._responseViewer.getComponent()) clearAPListBtn = JButton("Clear List", actionPerformed=self.clearAPList) clearAPListBtn.setBounds(10, 85, 120, 30) apListLabel = JLabel('Affected Pages List:') apListLabel.setBounds(10, 10, 140, 30) self.affectedModel = DefaultListModel() self.affectedList = JList(self.affectedModel) self.affectedList.addListSelectionListener(listSelectedChange(self)) scrollAList = JScrollPane(self.affectedList) scrollAList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollAList.setBounds(150, 10, 550, 200) scrollAList.setBorder(LineBorder(Color.BLACK)) APtabs = JTabbedPane() self._requestAPViewer = callbacks.createMessageEditor(self, False) self._responseAPViewer = callbacks.createMessageEditor(self, False) APtabs.addTab("Request", self._requestAPViewer.getComponent()) APtabs.addTab("Affeced Page Response", self._responseAPViewer.getComponent()) APtabs.setBounds(0, 250, 700, 350) APtabs.setSelectedIndex(1) self.APpnl = JPanel() self.APpnl.setBounds(0, 0, 1000, 1000) self.APpnl.setLayout(None) self.APpnl.add(scrollAList) self.APpnl.add(clearAPListBtn) self.APpnl.add(APtabs) self.APpnl.add(apListLabel) tabs.addTab("Affected Pages", self.APpnl) self.intercept = 0 ## init conf panel startLabel = JLabel("Plugin status:") startLabel.setBounds(10, 10, 140, 30) payloadLabel = JLabel("Basic Payload:") payloadLabel.setBounds(10, 50, 140, 30) self.basicPayload = "<script>alert(1)</script>" self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30) self.basicPayloadTxt.setBounds(120, 50, 305, 30) self.bruteForceMode = JCheckBox("Brute Force Mode") self.bruteForceMode.setBounds(120, 80, 300, 30) self.bruteForceMode.addItemListener(handleBFModeChange(self)) self.tagPayloadsCheck = JCheckBox("Tag paylods") self.tagPayloadsCheck.setBounds(120, 100, 300, 30) self.tagPayloadsCheck.setSelected(True) self.tagPayloadsCheck.setEnabled(False) self.tagPayloadsCheck.addItemListener(handleBFModeList(self)) self.attributePayloadsCheck = JCheckBox("Attribute payloads") self.attributePayloadsCheck.setBounds(260, 100, 300, 30) self.attributePayloadsCheck.setSelected(True) self.attributePayloadsCheck.setEnabled(False) self.attributePayloadsCheck.addItemListener(handleBFModeList(self)) payloadListLabel = JLabel("Payloads list (for BF mode):") payloadListLabel.setBounds(10, 130, 140, 30) self.payloadsModel = DefaultListModel() self.payloadsList = JList(self.payloadsModel) scrollPayloadsList = JScrollPane(self.payloadsList) scrollPayloadsList.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollPayloadsList.setBounds(120, 170, 300, 200) scrollPayloadsList.setBorder(LineBorder( Color.BLACK)) # add buttons to remove payloads and add for payload in self.tagPayloads: self.payloadsModel.addElement(payload) for payload in self.attributePayloads: self.payloadsModel.addElement(payload) self.startButton = JButton("XSSor is off", actionPerformed=self.startOrStop) self.startButton.setBounds(120, 10, 120, 30) self.startButton.setBackground(Color(255, 100, 91, 255)) consoleTab = JTabbedPane() self.consoleLog = JTextArea("", 5, 30) scrollLog = JScrollPane(self.consoleLog) scrollLog.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED) scrollLog.setBounds(120, 170, 550, 200) scrollLog.setBorder(LineBorder(Color.BLACK)) scrollLog.getVerticalScrollBar().addAdjustmentListener( autoScrollListener(self)) consoleTab.addTab("Console", scrollLog) consoleTab.setBounds(0, 400, 500, 200) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000) self.pnl.setLayout(None) self.pnl.add(self.startButton) self.pnl.add(startLabel) self.pnl.add(payloadLabel) self.pnl.add(self.basicPayloadTxt) self.pnl.add(self.bruteForceMode) self.pnl.add(payloadListLabel) self.pnl.add(scrollPayloadsList) self.pnl.add(self.attributePayloadsCheck) self.pnl.add(self.tagPayloadsCheck) self.pnl.add(consoleTab) tabs.addTab("Configuration", self.pnl) tabs.setSelectedIndex(3) self._splitpane.setRightComponent(tabs) # customize our UI components callbacks.customizeUiComponent(self._splitpane) callbacks.customizeUiComponent(logTable) callbacks.customizeUiComponent(scrollPane) callbacks.customizeUiComponent(tabs) # add the custom tab to Burp's UI callbacks.addSuiteTab(self) # register ourselves as an HTTP listener callbacks.registerHttpListener(self) self._callbacks.registerContextMenuFactory(self) print "Thank you for installing XSSor v0.1 extension" print "Created by Barak Tawily" print "\nGithub:\nhttps://github.com/Quitten/XSSor" return # # implement ITab # def getTabCaption(self): return "XSSor" def getUiComponent(self): return self._splitpane # # implement IHttpListener # def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if self.intercept == 1: if toolFlag == 4: # only process requests if not messageIsRequest: self.checkForKey(messageInfo) return def printLog(self, message): self.consoleLog.setText(self.consoleLog.getText() + '\r\n' + message) def checkXSS(self, messageInfo, urlStr, requestBody, currentPayload): self.printLog('trying exploit with the payload: ' + currentPayload) requestURL = URL(urlStr.replace(self.xssKey, currentPayload)) requestBody = requestBody.replace(self.xssKey, urllib.pathname2url(currentPayload)) httpService = self._helpers.buildHttpService( str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https") response = self._callbacks.makeHttpRequest(httpService, requestBody) responseInfo = self._helpers.analyzeResponse(response.getResponse()) analyzedResponse = self._helpers.bytesToString(response.getResponse( )) # change body offeset + make ui for affeccted pages responseBody = analyzedResponse.encode('utf-8') vulnOrNot = 'no' if currentPayload in responseBody: self.printLog('payload: ' + currentPayload + ' found to be vulnarble') vulnOrNot = 'yes' # mark the payload if not len(self.affectedResponses) == 0: for request in self.affectedResponses: # bug in case of no response in messageinfo self.printLog('checking affeccted page' + str(request.getUrl())) requestURL = request.getUrl() httpService = self._helpers.buildHttpService( str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https") affectedPageResponse = self._callbacks.makeHttpRequest( httpService, request.getRequest()) analyzedResponse = self._helpers.bytesToString( affectedPageResponse.getResponse()) responseBody = analyzedResponse.encode('utf-8') if currentPayload in responseBody: vulnOrNot = 'yes, affected page' self.printLog('affeccted page has been found as vulnerable') self._lock.acquire() row = self._log.size() self._log.add( LogEntry( self._helpers.analyzeRequest(response).getUrl(), self._callbacks.saveBuffersToTempFiles(response), currentPayload, vulnOrNot)) self.fireTableRowsInserted(row, row) self._lock.release() def checkForKey(self, messageInfo): currentPayload = self.tagPayloads[0] requestInfo = self._helpers.analyzeRequest(messageInfo) requestHeaders = list(requestInfo.getHeaders()) requestURL = requestInfo.getUrl() urlStr = str(requestURL) self.printLog('checking for xss key in URL: ' + urlStr) requestBody = self._helpers.bytesToString(messageInfo.getRequest()) requestBody = re.sub( 'Referer:.*\n', '', requestBody, flags=re.MULTILINE, count=1) # workaround avoid xsskey in the referer newHeaders if self.xssKey in urlStr or self.xssKey in requestBody: self.printLog('xss key has been found') if self.bruteForceMode.isSelected(): for i in range(0, self.payloadsModel.getSize()): payload = self.payloadsModel.getElementAt(i) self.checkXSS(messageInfo, urlStr, requestBody, payload) else: self.checkXSS(messageInfo, urlStr, requestBody, self.basicPayloadTxt.getText()) # # extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 3 def getColumnName(self, columnIndex): if columnIndex == 0: return "URL" if columnIndex == 1: return "Payload" if columnIndex == 2: return "Vulnerable?" return "" def getValueAt(self, rowIndex, columnIndex): logEntry = self._log.get(rowIndex) if columnIndex == 0: # return self._callbacks.getToolName(logEntry._tool) return logEntry._url.toString() if columnIndex == 1: return logEntry._payload if columnIndex == 2: return logEntry._vulnOrNot return "" # # implement IMessageEditorController # this allows our request/response viewers to obtain details about the messages being displayed # def getHttpService(self): return self._currentlyDisplayedItem.getHttpService() def getRequest(self): return self._currentlyDisplayedItem.getRequest() def getResponse(self): return self._currentlyDisplayedItem.getResponse() def startOrStop(self, event): if self.startButton.getText() == "XSSor is off": self.startButton.setText("XSSor is on") self.startButton.setBackground(Color.GREEN) self.printLog('on, waiting for key word to be found (' + self.xssKey + ')') self.intercept = 1 else: self.startButton.setText("XSSor is off") self.startButton.setBackground(Color(255, 100, 91, 255)) self.intercept = 0 def clearAPList(self, event): self.affectedModel.clear() self.affectedResponses = ArrayList() # # implement IContextMenuFactory # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages() if responses > 0: ret = LinkedList() affectedMenuItem = JMenuItem("XSSor: Add affected page") affectedMenuItem.addActionListener( handleMenuItems(self, responses[0], "affected")) ret.add(affectedMenuItem) return (ret) return null def addAfectedPage(self, messageInfo): self.affectedModel.addElement( str(self._helpers.analyzeRequest(messageInfo).getUrl())) self.affectedResponses.add(messageInfo)
class SourceCellRenderer(TreeCellRenderer): def __init__(self,tree,mapContext): self.tree = tree self.mapContext = mapContext ## Group self.lblFolder = JLabel() self.lblFolder.setBackground(Color(222,227,233)) #.BLUE.brighter()) self.lblFolder.setOpaque(True) self.lblFolder.setText("plddddddddddddddddddddddddddddddddddddddddddddddddddddddd") ### Folder self.pnlFolder = JPanel() self.pnlFolder.setOpaque(False) self.pnlFolder.setLayout(FlowLayout(FlowLayout.LEFT)) self.lblGroup = JLabel() #self.lblGroup.setBackground(Color(222,227,233)) #.BLUE.brighter()) #self.lblGroup.setOpaque(True) self.lblGroup.setText("plddddddddddddddddddddddddddddddddddddddddddddddddddddddd") self.lblGroupPreferredSize = self.lblGroup.getPreferredSize() self.lblGroupIcon = JLabel() self.pnlFolder.add(self.lblGroupIcon) self.pnlFolder.add(self.lblGroup) #self.lblGroup.setBorder( # BorderFactory.createLineBorder(Color(222,227,233).darker(),1) #) #self.lblGroupPreferredSize.setSize(30,200)#self.lblGroupPreferredSize.getHeight()+4, self.lblGroupPreferredSize.getWidth()) ### LAYER self.pnlLayer = JPanel() self.pnlLayer.setOpaque(False) #self.pnlLayer.setBorder(EmptyBorder(2,2,2,2)) self.pnlLayer.setLayout(FlowLayout(FlowLayout.LEFT)) self.chkLayerVisibility = JCheckBox() self.chkLayerVisibility.setOpaque(False) self.pnlLayer.add(self.chkLayerVisibility) self.lblLayerIcon = JLabel() self.lblLayerName = JLabel() self.pnlLayer.add(self.lblLayerIcon) self.pnlLayer.add(self.lblLayerName) #self.tree.setRowHeight(int(self.pnlLayer.getPreferredSize().getHeight())) #+2 self.tree.setRowHeight(int(self.pnlFolder.getPreferredSize().getHeight())) self.lblUnknown = JLabel() def getTreeCellRendererComponent(self, tree, value, selected, expanded, leaf, row, hasFocus): uo = value.getUserObject() if isinstance(uo, DataFolder): #self.lblFolder.setText(uo.getName()) text = "[" + str(value.getChildCount()) +"] " + uo.getName() self.lblFolder.setText(text) self.lblFolder.setPreferredSize(self.lblGroupPreferredSize) if uo.getIcon()!=None: self.lblGroupIcon.setIcon(uo.getIcon()) else: self.lblGroupIcon.setIcon(getIconByName("librarybrowser-folder")) #icon-folder-open")) return self.lblFolder if isinstance(uo, DataGroup): self.lblGroup.setText(uo.getName()) self.lblGroup.setPreferredSize(self.lblGroupPreferredSize) if uo.getIcon()!=None: self.lblGroupIcon.setIcon(uo.getIcon()) else: #import pdb #pdb.set_trace() self.lblGroupIcon.setIcon(getIconByName("librarybrowser-folder")) #icon-folder-open")) return self.pnlFolder if isinstance(uo, DataLayer): layer = uo.getLayer() self.lblLayerName.setText(layer.getName()) self.lblLayerIcon.setIcon(getIconFromLayer(layer)) self.chkLayerVisibility.setSelected(layer.isVisible()) if layer.isWithinScale(self.mapContext.getScaleView()): # and layer.isVisible(): self.chkLayerVisibility.setEnabled(True) else: self.chkLayerVisibility.setEnabled(False) self.lblLayerName.setForeground(Color.BLACK) font = self.lblLayerName.getFont() self.lblLayerName.setForeground(Color.BLACK) if layer.isEditing(): self.lblLayerName.setForeground(Color.RED) if layer.isActive() and font.isBold(): pass elif layer.isActive() and not font.isBold(): newfont = font.deriveFont(Font.BOLD) self.lblLayerName.setFont(newfont) else: newfont = font.deriveFont(Font.PLAIN) self.lblLayerName.setFont(newfont) #self.pnlLayer.repaint() return self.pnlLayer self.lblUnknown.setText("") self.lblUnknown.setPreferredSize(Dimension(0,0)) return self.lblUnknown
def _initializeGui(self, callbacks): tab = JPanel() jLabel1 = JLabel("Original Hash:") jLabel2 = JLabel("Original message:") jLabel3 = JLabel("Message to append:") jLabel5 = JLabel("Max key length:") jTextField1 = JTextField("") jTextField2 = JTextField("") jTextField3 = JTextField("") jTextField4 = JTextField("128") jLabel4 = JLabel("Hashing functions") jCheckBox1 = JCheckBox("MD4") jCheckBox2 = JCheckBox("MD5") jCheckBox3 = JCheckBox("SHA1") jCheckBox4 = JCheckBox("SHA256") jCheckBox5 = JCheckBox("SHA512") jCheckBox1.setEnabled(False) jCheckBox2.setEnabled(False) jCheckBox3.setEnabled(False) jCheckBox4.setEnabled(False) jCheckBox5.setEnabled(False) jScrollPane1 = JScrollPane() jTable1 = JTable() jButton1 = JButton("Generate", actionPerformed=self.generate_attack) jButton1.setEnabled(False) jButton2 = JButton("Copy messages", actionPerformed=self.copy_messages) jButton3 = JButton("Copy hashes", actionPerformed=self.copy_hashes) self._tab = tab self._textfields = { "original_hash": jTextField1, "original_msg": jTextField2, "append_msg": jTextField3, "max_key_len": jTextField4, } self._checkboxes = { md4: jCheckBox1, md5: jCheckBox2, sha1: jCheckBox3, sha256: jCheckBox4, sha512: jCheckBox5, } self._table = jTable1 self._extensions = {} self._hashes, self._messages = [], [] # Hash field change event jTextField1.getDocument().addDocumentListener(HashChangeListener(self._checkboxes, self._textfields['original_hash'], jButton1)) # Table columns jTable1.setModel(DefaultTableModel([],["#", "Type","New Message", "Hash"])) jScrollPane1.setViewportView(jTable1) # Table column width jTable1.getColumnModel().getColumn(0).setMaxWidth(50) jTable1.getColumnModel().getColumn(1).setMaxWidth(60) layout = GroupLayout(tab) tab.setLayout(layout) layout.setHorizontalGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() .addGap(24, 24, 24) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.TRAILING) .addComponent(jLabel5) .addComponent(jLabel1) .addComponent(jLabel2) .addComponent(jLabel3)) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING) .addComponent(jTextField3, GroupLayout.DEFAULT_SIZE, 425, 32767) .addComponent(jTextField2) .addComponent(jTextField1) .addGroup(layout.createSequentialGroup() .addComponent(jTextField4, GroupLayout.PREFERRED_SIZE, 88, GroupLayout.PREFERRED_SIZE) .addGap(0, 0, 32767))) .addGap(30, 30, 30) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() .addComponent(jCheckBox1) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(jCheckBox2) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(jCheckBox3) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(jCheckBox4) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(jCheckBox5)) .addComponent(jLabel4) .addGroup(layout.createSequentialGroup() .addComponent(jButton1) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(jButton3) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addComponent(jButton2))) .addGap(167, 167, 167)) .addComponent(jScrollPane1) ) layout.setVerticalGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() .addGap(26, 26, 26) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(jLabel1) .addComponent(jTextField1, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) .addComponent(jLabel4)) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(jTextField2, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) .addComponent(jLabel2) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(jCheckBox2) .addComponent(jCheckBox3) .addComponent(jCheckBox1) .addComponent(jCheckBox4) .addComponent(jCheckBox5))) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(jTextField3, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) .addComponent(jLabel3)) .addPreferredGap(LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE) .addComponent(jLabel5) .addComponent(jTextField4, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE) .addComponent(jButton2) .addComponent(jButton3) .addComponent(jButton1)) .addGap(13, 13, 13) .addComponent(jScrollPane1, GroupLayout.DEFAULT_SIZE, 971, 32767)) ) callbacks.customizeUiComponent(tab) callbacks.addSuiteTab(self)
class BurpExtender(IBurpExtender, ISessionHandlingAction, IExtensionStateListener, IHttpListener, ITab): def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.helpers self.checkboxEnable = JCheckBox('Enabled') self.checkboxEnable.setSelected(False) self.checkboxEnable.setEnabled(True) self.scriptpane = JTextPane() self.scriptpane.setFont(Font('Monospaced', Font.PLAIN, 11)) self.scrollpane = JScrollPane() self.scrollpane.setViewportView(self.scriptpane) self.tab = JPanel() layout = GroupLayout(self.tab) self.tab.setLayout(layout) layout.setAutoCreateGaps(True) layout.setAutoCreateContainerGaps(True) layout.setHorizontalGroup(layout.createParallelGroup().addComponent( self.checkboxEnable).addComponent(self.scrollpane)) layout.setVerticalGroup(layout.createSequentialGroup().addComponent( self.checkboxEnable).addComponent(self.scrollpane)) self._code = compile('', '<string>', 'exec') self._script = '' script = callbacks.loadExtensionSetting('script') if script: script = base64.b64decode(script) self.scriptpane.document.insertString( self.scriptpane.document.length, script, SimpleAttributeSet()) self._script = script try: self._code = compile(script, '<string>', 'exec') except Exception as e: traceback.print_exc(file=self.callbacks.getStderr()) callbacks.setExtensionName("Python Scripter (modified)") callbacks.registerSessionHandlingAction(self) callbacks.registerExtensionStateListener(self) callbacks.registerHttpListener(self) callbacks.customizeUiComponent(self.getUiComponent()) callbacks.addSuiteTab(self) self.scriptpane.requestFocus() return def getActionName(self): return 'Send to Python Scripter' def extensionUnloaded(self): try: self.callbacks.saveExtensionSetting('script', base64.b64encode(self._script)) except Exception: traceback.print_exc(file=self.callbacks.getStderr()) return def performAction(self, currentRequest, macroItems): self.processHttpMessage(self.callbacks.TOOL_MACRO, 1, currentRequest, macroItems) return def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo, macroItems=[]): if not self.checkboxEnable.isSelected(): return try: globals_ = {} locals_ = { 'extender': self, 'callbacks': self.callbacks, 'helpers': self.helpers, 'toolFlag': toolFlag, 'messageIsRequest': messageIsRequest, 'messageInfo': messageInfo, 'macroItems': macroItems } exec(self.script, globals_, locals_) except Exception: traceback.print_exc(file=self.callbacks.getStderr()) return def getTabCaption(self): return 'Script' def getUiComponent(self): return self.tab @property def script(self): end = self.scriptpane.document.length _script = self.scriptpane.document.getText(0, end) if _script == self._script: return self._code self._script = _script self._code = compile(_script, '<string>', 'exec') return self._code
class CustomCellRenderer(DefaultTreeCellRenderer): """Renders the various tree controls (checkbox, tristate checkbox, string values etc.)""" def __init__(self): DefaultTreeCellRenderer.__init__(self) flowLayout = FlowLayout(FlowLayout.LEFT, 0, 0) self.cbPanel = JPanel(flowLayout) self.cb = JCheckBox() self.cb.setBackground(None) self.cbPanel.add(self.cb) self.cbLabel = JLabel() self.cbPanel.add(self.cbLabel) self.tcbPanel = JPanel(flowLayout) self.tcb = TristateCheckBox() self.tcb.setBackground(None) self.tcbPanel.add(self.tcb) self.tcbLabel = JLabel() self.tcbPanel.add(self.tcbLabel) self.rbPanel = JPanel(flowLayout) self.rb = JRadioButton() self.rb.setBackground(None) self.rbPanel.add(self.rb) self.rbLabel = JLabel() self.rbPanel.add(self.rbLabel) def getTreeCellRendererComponent(self, tree, value, selected, expanded, leaf, row, hasFocus): """Return a swing control appropriate for the node type of the supplied value""" if isinstance(value, DefaultMutableTreeNode): nodeData = value.getUserObject() if isinstance(nodeData, TreeNodeData): t = nodeData.getNodeType() isEnabled = nodeData.getVisible() > 0 # Boolean checkbox if t.isType([NodeType._bool]): self.cbLabel.setText(nodeData.getText()) self.cb.setEnabled(isEnabled) self.cbLabel.setEnabled(isEnabled) if nodeData.getTriValue() == 0: self.cb.setSelected(False) else: self.cb.setSelected(True) control = self.cbPanel # Tristate chekcbox elif t.isType([NodeType._tri]): control = self.tcbPanel self.tcbLabel.setText(nodeData.getText()) self.tcb.setEnabled(isEnabled) self.tcbLabel.setEnabled(isEnabled) self.tcb.setTriState(nodeData.getTriValue()) # Radio button elif t.isType([NodeType._radio]): self.rbLabel.setText(nodeData.getText()) self.rb.setEnabled(isEnabled) self.rbLabel.setEnabled(isEnabled) if nodeData.getTriValue() == 0: self.rb.setSelected(False) else: self.rb.setSelected(True) control = self.rbPanel # Text field elif t.isType([NodeType._text]): control = DefaultTreeCellRenderer.getTreeCellRendererComponent( self, tree, value, selected, expanded, leaf, row, hasFocus) control.setText(nodeData.getText() + ": " + str(nodeData.getValue())) # Default tree cell (a node with an icon and a label) else: control = DefaultTreeCellRenderer.getTreeCellRendererComponent( self, tree, value, selected, expanded, leaf, row, hasFocus) control.setText(nodeData.getText()) self.setColors(control, nodeData, selected) # Background color for the tree item # log.info("getTreeCellRendererComponent", t.getType(), isEnabled, "'" + nodeData.getText() + "'") control.setEnabled(isEnabled) return control # log.info("Warning: getTreeCellRendererComponent() fallthrough", nodeData) return DefaultTreeCellRenderer.getTreeCellRendererComponent( self, tree, value, selected, expanded, leaf, row, hasFocus) def setColors(self, control, data, selected): """Set background color fot the tree item.""" if selected: control.setForeground(self.getTextSelectionColor()) control.setBackground(self.getBackgroundSelectionColor()) else: control.setForeground(self.getTextNonSelectionColor()) control.setBackground(self.getBackgroundNonSelectionColor())
class FEA_ConfigPanel(JPanel): numThreads = 8 generateXLS = True generateCSV = True doNSLookup = True doWBLookup = True cbNSLookup = None cbGenerateExcel = None cbGenerateCSV = None cbWayback = None def __init__(self): self.initComponents() # get previous settings selected by the user if (ModuleSettings.getConfigSetting("FEA", "doNSLookup") != None) and ( ModuleSettings.getConfigSetting("FEA", "doNSLookup") != ""): if ModuleSettings.getConfigSetting("FEA", "doNSLookup"): self.cbNSLookup.setSelected(True) self.doNSLookup = True else: self.cbNSLookup.setSelected(False) self.doNSLookup = False if (ModuleSettings.getConfigSetting("FEA", "generateCSV") != None) and (ModuleSettings.getConfigSetting( "FEA", "generateCSV") != ""): if ModuleSettings.getConfigSetting("FEA", "generateCSV"): self.cbGenerateCSV.setSelected(True) self.generateCSV = True else: self.cbGenerateCSV.setSelected(False) self.generateCSV = False if (ModuleSettings.getConfigSetting("FEA", "generateXLS") != None) and (ModuleSettings.getConfigSetting( "FEA", "generateXLS") != ""): if ModuleSettings.getConfigSetting("FEA", "generateXLS"): self.cbGenerateExcel.setSelected(True) self.generateXLS = True else: self.cbGenerateExcel.setSelected(False) self.generateXLS = False if (ModuleSettings.getConfigSetting("FEA", "numThreads") != None) and ( ModuleSettings.getConfigSetting("FEA", "numThreads") != ""): self.numThreads = ModuleSettings.getConfigSetting( "FEA", "numThreads") self.numberThreadsSlider.setValue(self.numThreads) else: self.numThreads = self.numberThreadsSlider.getValue() def addStatusLabel(self, msg): gbc = GridBagConstraints() gbc.anchor = GridBagConstraints.NORTHWEST gbc.gridx = 0 gbc.gridy = 7 lab = JLabel(msg) self.add(lab, gbc) def getDoNSLookup(self): return self.doNSLookup def getGenerateCSV(self): return self.generateCSV def getGenerateXLS(self): return self.generateXLS def getDoWBLookup(self): return self.doWBLookup def getNumThreads(self): return self.numThreads def initComponents(self): self.setLayout(GridBagLayout()) gbc = GridBagConstraints() gbc.anchor = GridBagConstraints.NORTHWEST gbc.gridx = 0 gbc.gridy = 0 descriptionLabel = JLabel("FEA - Forensics Email Analysis") self.add(descriptionLabel, gbc) gbc.gridy = 1 self.cbNSLookup = JCheckBox( "Perform DNS Lookup on email domains", actionPerformed=self.cbNSLookupActionPerformed) self.cbNSLookup.setSelected(True) self.add(self.cbNSLookup, gbc) # TODO: include option to browse for text file with list of emails to exclude from analysis numberThreadsLabel = JLabel( "Maximum number of threads for DNS Lookup task: ") gbc.gridy = 2 self.add(numberThreadsLabel, gbc) self.numberThreadsSlider = JSlider( JSlider.HORIZONTAL, 1, 16, 8, stateChanged=self.sliderActionPerformed) self.numberThreadsSlider.setMajorTickSpacing(1) self.numberThreadsSlider.setPaintLabels(True) self.numberThreadsSlider.setPaintTicks(True) self.numberThreadsSlider.setSnapToTicks(True) self.numberThreadsSlider.setToolTipText( "set maximum number of concurrent threads when performing DNS lookup on email domains" ) gbc.gridy = 5 gbc.gridwidth = 15 gbc.gridheight = 1 gbc.fill = GridBagConstraints.BOTH gbc.weightx = 0 gbc.weighty = 0 gbc.anchor = GridBagConstraints.NORTHWEST gbc.gridy = 3 self.add(self.numberThreadsSlider, gbc) self.cbGenerateExcel = JCheckBox( "Generate Excel format report (more detailed)", actionPerformed=self.cbGenerateExcelActionPerformed) self.cbGenerateExcel.setSelected(True) gbc.gridy = 4 self.add(self.cbGenerateExcel, gbc) self.cbGenerateCSV = JCheckBox( "Generate CSV format report (plaintext)", actionPerformed=self.cbGenerateCSVActionPerformed) self.cbGenerateCSV.setSelected(True) gbc.gridy = 5 self.add(self.cbGenerateCSV, gbc) gbc.gridy = 6 self.cbWayback = JCheckBox( "Perform Wayback Machine Lookup on email domains (WARNING: can be a slow process!)", actionPerformed=self.cbWaybackActionPerformed) self.cbWayback.setSelected(True) self.add(self.cbWayback, gbc) def cbWaybackActionPerformed(self, event): source = event.getSource() if (source.isSelected()): ModuleSettings.setConfigSetting("FEA", "doWBLookup", "true") self.doWBLookup = True else: ModuleSettings.setConfigSetting("FEA", "doNSLookup", "false") self.doWBLookup = False def cbNSLookupActionPerformed(self, event): source = event.getSource() if (source.isSelected()): ModuleSettings.setConfigSetting("FEA", "doNSLookup", "true") self.doNSLookup = True self.cbWayback.setEnabled(True) else: ModuleSettings.setConfigSetting("FEA", "doNSLookup", "false") self.doNSLookup = False self.cbWayback.setSelected(False) self.cbWayback.setEnabled(False) self.doWBLookup = False def cbGenerateExcelActionPerformed(self, event): source = event.getSource() if (source.isSelected()): ModuleSettings.setConfigSetting("FEA", "generateXLS", "true") self.generateXLS = True else: ModuleSettings.setConfigSetting("FEA", "generateXLS", "false") self.generateXLS = False def cbGenerateCSVActionPerformed(self, event): source = event.getSource() if (source.isSelected()): ModuleSettings.setConfigSetting("FEA", "generateCSV", "true") self.generateCSV = True else: ModuleSettings.setConfigSetting("FEA", "generateCSV", "false") self.generateCSV = False def sliderActionPerformed(self, event): source = event.getSource() self.numThreads = source.getValue() ModuleSettings.setConfigSetting("FEA", "numThreads", self.numThreads) self.addStatusLabel("number of threads set: " + str(self.numThreads))
class BurpExtender(IBurpExtender, ITab): def registerExtenderCallbacks(self, callbacks): print "Loading..." self._callbacks = callbacks self._callbacks.setExtensionName('Burp SSL Scanner') # self._callbacks.registerScannerCheck(self) # self._callbacks.registerExtensionStateListener(self) self._helpers = callbacks.getHelpers() # initialize the main scanning event and thread self.scanningEvent = Event() self.scannerThread = None self.targetURL = None # main split pane self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) self._splitpane.setBorder(EmptyBorder(20, 20, 20, 20)) # sub split pane (top) self._topPanel = JPanel(BorderLayout(10, 10)) self._topPanel.setBorder(EmptyBorder(0, 0, 10, 0)) # Setup Panel : [Target: ] [______________________] [START BUTTON] self.setupPanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10)) self.setupPanel.add( JLabel("Target:", SwingConstants.LEFT), BorderLayout.LINE_START) self.hostField = JTextField('', 50) self.setupPanel.add(self.hostField) self.toggleButton = JButton( 'Start scanning', actionPerformed=self.startScan) self.setupPanel.add(self.toggleButton) if 'Professional' in callbacks.getBurpVersion()[0] : self.addToSitemapCheckbox = JCheckBox('Add to sitemap', True) else : self.addToSitemapCheckbox = JCheckBox('Add to sitemap (requires Professional version)', False) self.addToSitemapCheckbox.setEnabled(False) self.setupPanel.add(self.addToSitemapCheckbox) self.scanSiteMapHostCheckbox = JCheckBox('Scan sitemap hosts', True) self.setupPanel.add(self.scanSiteMapHostCheckbox) self._topPanel.add(self.setupPanel, BorderLayout.PAGE_START) # Status bar self.scanStatusPanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10)) self.scanStatusPanel.add(JLabel("Status: ", SwingConstants.LEFT)) self.scanStatusLabel = JLabel("Ready to scan", SwingConstants.LEFT) self.scanStatusPanel.add(self.scanStatusLabel) self._topPanel.add(self.scanStatusPanel, BorderLayout.LINE_START) self._splitpane.setTopComponent(self._topPanel) # bottom panel self._bottomPanel = JPanel(BorderLayout(10, 10)) self._bottomPanel.setBorder(EmptyBorder(10, 0, 0, 0)) self.initialText = ('<h1 style="color: red;">Burp SSL Scanner<br />' 'Please note that TLS1.3 is still not supported by this extension.</h1>') self.currentText = self.initialText self.textPane = JTextPane() self.textScrollPane = JScrollPane(self.textPane) self.textPane.setContentType("text/html") self.textPane.setText(self.currentText) self.textPane.setEditable(False) self._bottomPanel.add(self.textScrollPane, BorderLayout.CENTER) self.savePanel = JPanel(FlowLayout(FlowLayout.LEADING, 10, 10)) self.saveButton = JButton('Save to file', actionPerformed=self.saveToFile) self.saveButton.setEnabled(False) self.savePanel.add(self.saveButton) self.clearScannedHostButton = JButton('Clear scanned host', actionPerformed=self.clearScannedHost) self.savePanel.add(self.clearScannedHostButton) self.savePanel.add(JLabel("Clear hosts that were scanned by active scan to enable rescanning", SwingConstants.LEFT)) self._bottomPanel.add(self.savePanel, BorderLayout.PAGE_END) self._splitpane.setBottomComponent(self._bottomPanel) callbacks.customizeUiComponent(self._splitpane) callbacks.addSuiteTab(self) print "SSL Scanner tab loaded" self.scannerMenu = ScannerMenu(self) callbacks.registerContextMenuFactory(self.scannerMenu) print "SSL Scanner custom menu loaded" self.scannerCheck = ScannerCheck(self, self.scanSiteMapHostCheckbox.isSelected) callbacks.registerScannerCheck(self.scannerCheck) print "SSL Scanner check registered" projectConfig = json.loads(self._callbacks.saveConfigAsJson()) scanAccuracy = projectConfig['scanner']['active_scanning_optimization']['scan_accuracy'] scanSpeed = projectConfig['scanner']['active_scanning_optimization']['scan_speed'] print(scanAccuracy, scanSpeed) self.scannedHost = [] print 'SSL Scanner loaded' def startScan(self, ev) : host = self.hostField.text self.scanningEvent.set() if(len(host) == 0): return if host.find("://") == -1: host = "https://" + host try: self.targetURL = URL(host) if(self.targetURL.getPort() == -1): self.targetURL = URL("https", self.targetURL.getHost(), 443, "/") self.hostField.setEnabled(False) self.toggleButton.setEnabled(False) self.saveButton.setEnabled(False) self.addToSitemapCheckbox.setEnabled(False) self.currentText = self.initialText self.textPane.setText(self.currentText) self.updateText("<h2>Scanning %s:%d</h2>" % (self.targetURL.getHost(), self.targetURL.getPort())) print("Scanning %s:%d" % (self.targetURL.getHost(), self.targetURL.getPort())) self.scannerThread = Thread(target=self.scan, args=(self.targetURL, )) self.scannerThread.start() except BaseException as e: self.saveButton.setEnabled(False) print(e) return def scan(self, url, usingBurpScanner=False): def setScanStatusLabel(text) : if not usingBurpScanner : SwingUtilities.invokeLater( ScannerRunnable(self.scanStatusLabel.setText, (text,))) def updateResultText(text) : if not usingBurpScanner : SwingUtilities.invokeLater( ScannerRunnable(self.updateText, (text, ))) if usingBurpScanner : res = result.Result(url, self._callbacks, self._helpers, False) else : res = result.Result(url, self._callbacks, self._helpers, self.addToSitemapCheckbox.isSelected()) host, port = url.getHost(), url.getPort() ### Get project configuration projectConfig = json.loads(self._callbacks.saveConfigAsJson()) if 'scanner' in projectConfig: # scanAccuracy: minimise_false_negatives, normal, minimise_false_positives scanAccuracy = projectConfig['scanner']['active_scanning_optimization']['scan_accuracy'] # scanSpeed: fast, normal, thorough scanSpeed = projectConfig['scanner']['active_scanning_optimization']['scan_speed'] else: scanAccuracy = 'normal' scanSpeed = 'normal' updateResultText('<h2>Scanning speed: %s</h2> %s' % (scanSpeed, test_details.SCANNING_SPEED_INFO[scanSpeed])) updateResultText('<h2>Scanning accuracy: %s</h2> %s' % (scanAccuracy, test_details.SCANNING_ACCURACY_INFO[scanAccuracy])) try : setScanStatusLabel("Checking for supported SSL/TLS versions") con = connection_test.ConnectionTest(res, host, port, scanSpeed, scanAccuracy) con.start() conResultText = '<hr /><br /><h3>' + res.printResult('connectable') + '</h3>' + \ '<ul><li>' + res.printResult('offer_ssl2') + '</li>' + \ '<li>' + res.printResult('offer_ssl3') + '</li>' + \ '<li>' + res.printResult('offer_tls10') + '</li>' + \ '<li>' + res.printResult('offer_tls11') + '</li>' + \ '<li>' + res.printResult('offer_tls12') + '</li></ul>' updateResultText(conResultText) if not res.getResult('connectable') : updateResultText("<h2>Scan terminated (Connection failed)</h2>") raise BaseException('Connection failed') setScanStatusLabel("Checking for supported cipher suites (This can take a long time)") supportedCipher = supportedCipher_test.SupportedCipherTest(res, host, port, scanSpeed, scanAccuracy) supportedCipher.start() setScanStatusLabel("Checking for Cipherlist") cipher = cipher_test.CipherTest(res, host, port, scanSpeed, scanAccuracy) cipher.start() cipherResultText = '<h3>Available ciphers:</h3>' + \ '<ul><li>' + res.printResult('cipher_NULL') + '</li>' + \ '<li>' + res.printResult('cipher_ANON') + '</li>' + \ '<li>' + res.printResult('cipher_EXP') + '</li>' + \ '<li>' + res.printResult('cipher_LOW') + '</li>' + \ '<li>' + res.printResult('cipher_WEAK') + '</li>' + \ '<li>' + res.printResult('cipher_3DES') + '</li>' + \ '<li>' + res.printResult('cipher_HIGH') + '</li>' + \ '<li>' + res.printResult('cipher_STRONG') + '</li></ul>' updateResultText(cipherResultText) setScanStatusLabel("Checking for Heartbleed") heartbleed = heartbleed_test.HeartbleedTest(res, host, port, scanSpeed, scanAccuracy) heartbleed.start() heartbleedResultText = res.printResult('heartbleed') updateResultText(heartbleedResultText) setScanStatusLabel("Checking for CCS Injection") ccs = ccs_test.CCSTest(res, host, port, scanSpeed, scanAccuracy) ccs.start() ccsResultText = res.printResult('ccs_injection') updateResultText(ccsResultText) setScanStatusLabel("Checking for TLS_FALLBACK_SCSV") fallback = fallback_test.FallbackTest(res, host, port, scanSpeed, scanAccuracy) fallback.start() fallbackResultText = res.printResult('fallback_support') updateResultText(fallbackResultText) setScanStatusLabel("Checking for POODLE (SSLv3)") poodle = poodle_test.PoodleTest(res, host, port, scanSpeed, scanAccuracy) poodle.start() poodleResultText = res.printResult('poodle_ssl3') updateResultText(poodleResultText) setScanStatusLabel("Checking for SWEET32") sweet32 = sweet32_test.Sweet32Test(res, host, port, scanSpeed, scanAccuracy) sweet32.start() sweet32ResultText = res.printResult('sweet32') updateResultText(sweet32ResultText) setScanStatusLabel("Checking for DROWN") drown = drown_test.DrownTest(res, host, port, scanSpeed, scanAccuracy) drown.start() drownResultText = res.printResult('drown') updateResultText(drownResultText) setScanStatusLabel("Checking for FREAK") freak = freak_test.FreakTest(res, host, port, scanSpeed, scanAccuracy) freak.start() freakResultText = res.printResult('freak') updateResultText(freakResultText) setScanStatusLabel("Checking for LUCKY13") lucky13 = lucky13_test.Lucky13Test(res, host, port, scanSpeed, scanAccuracy) lucky13.start() lucky13ResultText = res.printResult('lucky13') updateResultText(lucky13ResultText) setScanStatusLabel("Checking for CRIME") crime = crime_test.CrimeTest(res, host, port, scanSpeed, scanAccuracy) crime.start() crimeResultText = res.printResult('crime_tls') updateResultText(crimeResultText) setScanStatusLabel("Checking for BREACH") breach = breach_test.BreachTest(res, host, port, scanSpeed, scanAccuracy) breach.start(self._callbacks, self._helpers) breachResultText = res.printResult('breach') updateResultText(breachResultText) setScanStatusLabel("Checking for BEAST") beast = beast_test.BeastTest(res, host, port, scanSpeed, scanAccuracy) beast.start() beastResultText = res.printResult('beast') updateResultText(beastResultText) setScanStatusLabel("Checking for LOGJAM") logjam = logjam_test.LogjamTest(res, host, port, scanSpeed, scanAccuracy) logjam.start() logjamResultText = res.printResult('logjam_export') + '<br />' + res.printResult('logjam_common') updateResultText(logjamResultText) updateResultText('<h2>Finished scanning</h2><br /><hr /><br /><h2>Summary</h2>') updateResultText('<h2>Supported ciphers (by Protocol)</h2>') updateResultText(res.printCipherList()) updateResultText('<h2>Supported ciphers (by Vulnerability)</h2>') updateResultText(res.printCipherListByVulns()) updateResultText('<h2>Issues found</h2>') updateResultText(res.printAllIssue()) except BaseException as e : print(e) setScanStatusLabel("An error occurred. Please refer to the output/errors tab for more information.") time.sleep(2) if usingBurpScanner : return res.getAllIssue() else : self.scanningEvent.clear() SwingUtilities.invokeLater( ScannerRunnable(self.toggleButton.setEnabled, (True, )) ) SwingUtilities.invokeLater( ScannerRunnable(self.hostField.setEnabled, (True, )) ) SwingUtilities.invokeLater( ScannerRunnable(self.saveButton.setEnabled, (True, )) ) if 'Professional' in self._callbacks.getBurpVersion()[0] : SwingUtilities.invokeLater( ScannerRunnable(self.addToSitemapCheckbox.setEnabled, (True, )) ) setScanStatusLabel("Ready to scan") print("Finished scanning") def updateText(self, stringToAppend): self.currentText += ('<br />' + stringToAppend) self.textPane.setText(self.currentText) def saveToFile(self, event): fileChooser = JFileChooser() if not (self.targetURL is None): fileChooser.setSelectedFile(File("Burp_SSL_Scanner_Result_%s.html" \ % (self.targetURL.getHost()))) else: fileChooser.setSelectedFile(File("Burp_SSL_Scanner_Result.html")) if (fileChooser.showSaveDialog(self.getUiComponent()) == JFileChooser.APPROVE_OPTION): fw = FileWriter(fileChooser.getSelectedFile()) fw.write(self.textPane.getText()) fw.flush() fw.close() print "Saved results to disk" def clearScannedHost(self, event) : self.scannedHost = [] def addHostToScannedList(self, host, port) : self.scannedHost.append([host, port]) def getTabCaption(self): return "SSL Scanner" def getUiComponent(self): return self._splitpane
def show_detectable_objects_dialog(self, e): parentComponent = SwingUtilities.windowForComponent(self.panel0) self.detectable_obejcts_dialog = JDialog( parentComponent, "List of Objects to Detect", ModalityType.APPLICATION_MODAL) panel = JPanel() self.detectable_obejcts_dialog.add(panel) gbPanel = GridBagLayout() gbcPanel = GridBagConstraints() panel.setLayout(gbPanel) y = 0 x = 0 for line in self.local_settings.getClassesOfInterest(): if y > 15: y = 0 x = x + 1 class_check_box = JCheckBox(line['name']) self.classes_of_interest_checkboxes.append(class_check_box) class_check_box.setEnabled(True) class_check_box.setSelected(line['enabled']) class_check_box.addItemListener(self.on_class_checkbox_clicked) gbcPanel.gridx = x gbcPanel.gridy = y gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 1 gbcPanel.weighty = 1 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(class_check_box, gbcPanel) panel.add(class_check_box) y = y + 1 blank_1_L = JLabel(" ") blank_1_L.setEnabled(True) gbcPanel.gridx = 0 gbcPanel.gridy = y + 1 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 1 gbcPanel.weighty = 0 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(blank_1_L, gbcPanel) panel.add(blank_1_L) deselect_all_button = JButton("Deselect all") deselect_all_button.setEnabled(True) deselect_all_button.addActionListener(self.on_deselect_all_clicked) gbcPanel.gridx = 1 gbcPanel.gridy = y + 2 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 2 gbcPanel.weighty = 1 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(deselect_all_button, gbcPanel) panel.add(deselect_all_button) select_all_button = JButton("Select all") select_all_button.setEnabled(True) select_all_button.addActionListener(self.on_select_all_clicked) gbcPanel.gridx = 3 gbcPanel.gridy = y + 2 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 2 gbcPanel.weighty = 1 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(select_all_button, gbcPanel) panel.add(select_all_button) blank_2_L = JLabel(" ") blank_2_L.setEnabled(True) gbcPanel.gridx = 0 gbcPanel.gridy = y + 3 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 1 gbcPanel.weighty = 0 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(blank_2_L, gbcPanel) panel.add(blank_2_L) cancel_button = JButton("Cancel") cancel_button.setEnabled(True) cancel_button.addActionListener( self.on_cancel_classes_of_interest_click) gbcPanel.gridx = 1 gbcPanel.gridy = y + 4 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 2 gbcPanel.weighty = 1 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(cancel_button, gbcPanel) panel.add(cancel_button) save_button = JButton("Save") save_button.setEnabled(True) save_button.addActionListener(self.on_save_classes_of_interest_click) gbcPanel.gridx = 3 gbcPanel.gridy = y + 4 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 2 gbcPanel.weighty = 1 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(save_button, gbcPanel) panel.add(save_button) blank_3_L = JLabel(" ") blank_3_L.setEnabled(True) gbcPanel.gridx = 0 gbcPanel.gridy = y + 5 gbcPanel.gridwidth = 1 gbcPanel.gridheight = 1 gbcPanel.fill = GridBagConstraints.BOTH gbcPanel.weightx = 1 gbcPanel.weighty = 0 gbcPanel.anchor = GridBagConstraints.NORTH gbPanel.setConstraints(blank_3_L, gbcPanel) panel.add(blank_3_L) self.detectable_obejcts_dialog.pack() screenSize = Toolkit.getDefaultToolkit().getScreenSize() self.detectable_obejcts_dialog.setLocation( int((screenSize.getWidth() / 2) - (self.detectable_obejcts_dialog.getWidth() / 2)), int((screenSize.getHeight() / 2) - (self.detectable_obejcts_dialog.getHeight() / 2))) self.detectable_obejcts_dialog.setVisible(True)
def __init__(self, instructionsURI=''): self.instructionsURI = instructionsURI self.logger = logging.getLogger('sasi_runner_gui') self.logger.addHandler(logging.StreamHandler()) def log_fn(msg): self.log_msg(msg) self.logger.addHandler(FnLogHandler(log_fn)) self.logger.setLevel(logging.DEBUG) self.selected_input_file = None self.selected_output_file = None self.frame = JFrame( "SASI Runner", defaultCloseOperation = WindowConstants.EXIT_ON_CLOSE, ) self.frame.size = (650, 600,) self.main_panel = JPanel() self.main_panel.layout = BoxLayout(self.main_panel, BoxLayout.Y_AXIS) self.frame.add(self.main_panel) self.top_panel = JPanel(SpringLayout()) self.top_panel.alignmentX = Component.CENTER_ALIGNMENT self.main_panel.add(self.top_panel) self.stageCounter = 1 def getStageLabel(txt): label = JLabel("%s. %s" % (self.stageCounter, txt)) self.stageCounter += 1 return label # Instructions link. self.top_panel.add(getStageLabel("Read the instructions:")) instructionsButton = JButton( ('<HTML><FONT color="#000099">' '<U>open instructions</U></FONT><HTML>'), actionPerformed=self.browseInstructions) instructionsButton.setHorizontalAlignment(SwingConstants.LEFT); instructionsButton.setBorderPainted(False); instructionsButton.setOpaque(False); instructionsButton.setBackground(Color.WHITE); instructionsButton.setToolTipText(self.instructionsURI); self.top_panel.add(instructionsButton) # 'Select input' elements. self.top_panel.add(getStageLabel( "Select a SASI .zip file or data folder:")) self.top_panel.add( JButton("Select input...", actionPerformed=self.openInputChooser)) # 'Select output' elements. self.top_panel.add(getStageLabel("Specify an output file:")) self.top_panel.add( JButton("Specify output...", actionPerformed=self.openOutputChooser)) # 'Set result fields' elements. result_fields = [ {'id': 'gear_id', 'label': 'Gear', 'selected': True, 'enabled': False}, {'id': 'substrate_id', 'label': 'Substrate', 'selected': True}, {'id': 'energy_id', 'label': 'Energy', 'selected': False}, {'id': 'feature_id', 'label': 'Feature', 'selected': False}, {'id': 'feature_category_id', 'label': 'Feature Category', 'selected': False} ] self.selected_result_fields = {} resolutionLabelPanel = JPanel(GridLayout(0,1)) resolutionLabelPanel.add(getStageLabel("Set result resolution:")) resolutionLabelPanel.add( JLabel(("<html><i>This sets the specificity with which<br>" "results will be grouped. Note that enabling<br>" "more fields can *greatly* increase resulting<br>" "output sizes and run times.</i>"))) #self.top_panel.add(getStageLabel("Set result resolution:")) self.top_panel.add(resolutionLabelPanel) checkPanel = JPanel(GridLayout(0, 1)) self.top_panel.add(checkPanel) self.resultFieldCheckBoxes = {} for result_field in result_fields: self.selected_result_fields.setdefault( result_field['id'], result_field['selected']) checkBox = JCheckBox( result_field['label'], result_field['selected']) checkBox.setEnabled(result_field.get('enabled', True)) checkBox.addItemListener(self) checkPanel.add(checkBox) self.resultFieldCheckBoxes[checkBox] = result_field # 'Run' elements. self.top_panel.add(getStageLabel("Run SASI: (this might take a while)")) self.run_button = JButton("Run...", actionPerformed=self.runSASI) self.top_panel.add(self.run_button) SpringUtilities.makeCompactGrid( self.top_panel, self.stageCounter - 1, 2, 6, 6, 6, 6) # Progress bar. self.progressBar = JProgressBar(0, 100) self.main_panel.add(self.progressBar) # Log panel. self.log_panel = JPanel() self.log_panel.alignmentX = Component.CENTER_ALIGNMENT self.log_panel.setBorder(EmptyBorder(10,10,10,10)) self.main_panel.add(self.log_panel) self.log_panel.setLayout(BorderLayout()) self.log = JTextArea() self.log.editable = False self.logScrollPane = JScrollPane(self.log) self.logScrollPane.setVerticalScrollBarPolicy( JScrollPane.VERTICAL_SCROLLBAR_ALWAYS) self.logScrollBar = self.logScrollPane.getVerticalScrollBar() self.log_panel.add(self.logScrollPane, BorderLayout.CENTER) # File selectors self.inputChooser = JFileChooser() self.inputChooser.fileSelectionMode = JFileChooser.FILES_AND_DIRECTORIES self.outputChooser = JFileChooser() defaultOutputFile = os.path.join(System.getProperty("user.home"), "sasi_project.zip") self.outputChooser.setSelectedFile(File(defaultOutputFile)); self.outputChooser.fileSelectionMode = JFileChooser.FILES_ONLY self.frame.setLocationRelativeTo(None) self.frame.visible = True
class SelectionCellRenderer(TreeCellRenderer): def __init__(self, tree, mapContext): self.tree = tree self.mapContext = mapContext self.lblGroup = JLabel() self.lblGroup.setBackground(Color(222, 227, 233)) #.BLUE.brighter()) self.lblGroup.setOpaque(True) self.lblGroup.setText( "plddddddddddddddddddddddddddddddddddddddddddddddddddddddd") self.lblGroupPreferredSize = self.lblGroup.getPreferredSize() #h = self.lblGroupPreferredSize.getHeight() #w = self.lblGroupPreferredSize.getWidth() #self.lblGroupPreferredSize.setSize(h, w) self.pnlLayer = JPanel() self.pnlLayer.setOpaque(False) self.pnlLayer.setLayout(FlowLayout(FlowLayout.LEFT)) self.lblClean = JLabel() self.chkLayerVisibility = JCheckBox() self.chkLayerVisibility.setOpaque(False) self.lblLayerName = JLabel() self.lblLayerIcon = JLabel() self.lblFeatureSelecteds = JLabel() self.pnlLayer.add(self.chkLayerVisibility) self.pnlLayer.add(self.lblClean) self.pnlLayer.add(self.lblFeatureSelecteds) self.pnlLayer.add(self.lblLayerIcon) self.pnlLayer.add(self.lblLayerName) self.tree.setRowHeight( int(self.pnlLayer.getPreferredSize().getHeight()) - 3) self.lblUnknown = JLabel() ## Feature self.lblFeatureIcon = JLabel() self.lblFeatureName = JLabel() i18n = ToolsLocator.getI18nManager() self.lblFeatureName.setText(i18n.getTranslation("_Feature")) self.pnlFeature = JPanel() self.pnlFeature.setOpaque(False) self.pnlFeature.setLayout(FlowLayout(FlowLayout.LEFT)) self.pnlFeature.add(self.lblFeatureIcon) self.pnlFeature.add(self.lblFeatureName) def getTreeCellRendererComponent(self, tree, value, selected, expanded, leaf, row, hasFocus): uo = value.getUserObject() if isinstance(uo, DataGroup): text = "[" + str(value.getChildCount()) + "] " + uo.getName() self.lblGroup.setText(text) self.lblGroup.setPreferredSize(self.lblGroupPreferredSize) return self.lblGroup if isinstance(uo, DataLayer): layer = uo.getLayer() self.lblLayerName.setText(uo.getName()) self.lblLayerIcon.setIcon(getIconFromLayer(layer)) if layer.isVisible(): self.lblLayerName.setEnabled(True) else: self.lblLayerName.setEnabled(False) self.lblClean.setIcon(getIconByName("edit-clear")) self.chkLayerVisibility.setSelected(layer.isVisible()) if layer.isWithinScale( self.mapContext.getScaleView()): # and layer.isVisible(): self.chkLayerVisibility.setEnabled(True) else: self.chkLayerVisibility.setEnabled(False) if layer.getDataStore() != None and layer.getDataStore( ).getSelection() != None and layer.getDataStore().getSelection( ).getSize() != 0: # and layer.isVisible(): self.lblClean.setEnabled(True) self.lblFeatureSelecteds.setText( str(layer.getDataStore().getSelection().getSize())) self.lblFeatureSelecteds.setEnabled(True) else: self.lblClean.setEnabled(False) self.lblFeatureSelecteds.setText("0") self.lblFeatureSelecteds.setEnabled(False) font = self.lblLayerName.getFont() self.lblLayerName.setForeground(Color.BLACK) if layer.isEditing(): self.lblLayerName.setForeground(Color.RED) #if layer.isActive(): if layer.isActive(): # and not font.isBold(): newfont = font.deriveFont(Font.BOLD) self.lblLayerName.setFont(newfont) else: newfont = font.deriveFont(Font.PLAIN) self.lblLayerName.setFont(newfont) return self.pnlLayer if isinstance(uo, FeatureDataLayerNode): self.lblFeatureName.setText(uo.getFeature().toString()) self.lblFeatureIcon.setIcon(getIconByName("edit-clear")) return self.pnlFeature self.lblUnknown.setText("") self.lblUnknown.setPreferredSize(Dimension(0, 0)) return self.lblUnknown
class FEA_CC_ConfigPanel(JPanel): generateXLS = True generateCSV = True removeFalsePositives = True cbRemoveFalsePositives = None cbGenerateExcel = None cbGenerateCSV = None def __init__(self): self.initComponents() # get previous settings selected by the user if (ModuleSettings.getConfigSetting("FEA", "removeFalsePositives") != None) and (ModuleSettings.getConfigSetting("FEA","removeFalsePositives") != ""): if ModuleSettings.getConfigSetting("FEA","removeFalsePositives"): self.cbRemoveFalsePositives.setSelected(True) self.removeFalsePositives = True else: self.cbRemoveFalsePositives.setSelected(False) self.removeFalsePositives = False if (ModuleSettings.getConfigSetting("FEA", "generateCSV") != None) and (ModuleSettings.getConfigSetting("FEA","generateCSV") != ""): if ModuleSettings.getConfigSetting("FEA","generateCSV"): self.cbGenerateCSV.setSelected(True) self.generateCSV = True else: self.cbGenerateCSV.setSelected(False) self.generateCSV = False if (ModuleSettings.getConfigSetting("FEA", "generateXLS") != None) and (ModuleSettings.getConfigSetting("FEA","generateXLS") != ""): if ModuleSettings.getConfigSetting("FEA","generateXLS"): self.cbGenerateExcel.setSelected(True) self.generateXLS = True else: self.cbGenerateExcel.setSelected(False) self.generateXLS = False def addStatusLabel(self, msg): gbc = GridBagConstraints() gbc.anchor = GridBagConstraints.NORTHWEST gbc.gridx = 0 gbc.gridy = 7 lab = JLabel(msg) self.add(lab, gbc) def getGenerateCSV(self): return self.generateCSV def getGenerateXLS(self): return self.generateXLS def getRemoveFalsePositives(self): return self.removeFalsePositives def initComponents(self): self.setLayout(GridBagLayout()) gbc = GridBagConstraints() gbc.anchor = GridBagConstraints.NORTHWEST gbc.gridx = 0 gbc.gridy = 0 descriptionLabel = JLabel("FEA - Credit Card module") self.add(descriptionLabel, gbc) self.cbGenerateExcel = JCheckBox("Generate Excel format report (more detailed)", actionPerformed=self.cbGenerateExcelActionPerformed) self.cbGenerateExcel.setSelected(True) gbc.gridy = 2 self.add(self.cbGenerateExcel, gbc) self.cbGenerateCSV = JCheckBox("Generate CSV format report (plaintext)", actionPerformed=self.cbGenerateCSVActionPerformed) self.cbGenerateCSV.setSelected(True) gbc.gridy = 3 self.add(self.cbGenerateCSV, gbc) self.cbRemoveFalsePositives = JCheckBox("Remove False Positives from Autopsy", actionPerformed=self.cbRemoveFalsePositivesActionPerformed) self.cbRemoveFalsePositives.setSelected(True) gbc.gridy = 4 self.cbRemoveFalsePositives.setEnabled(False) self.add(self.cbRemoveFalsePositives, gbc) def cbGenerateExcelActionPerformed(self, event): source = event.getSource() if(source.isSelected()): ModuleSettings.setConfigSetting("FEA","generateXLS","true") self.generateXLS = True else: ModuleSettings.setConfigSetting("FEA","generateXLS","false") self.generateXLS = False def cbGenerateCSVActionPerformed(self, event): source = event.getSource() if(source.isSelected()): ModuleSettings.setConfigSetting("FEA","generateCSV","true") self.generateCSV = True else: ModuleSettings.setConfigSetting("FEA","generateCSV","false") self.generateCSV = False def cbRemoveFalsePositivesActionPerformed(self, event): source = event.getSource() if(source.isSelected()): ModuleSettings.setConfigSetting("FEA","removeFalsePositives","true") self.removeFalsePositives = True else: ModuleSettings.setConfigSetting("FEA","removeFalsePositives","false") self.removeFalsePositives = False
def _initializeGui(self, callbacks): tab = JPanel() jLabel1 = JLabel("Original Hash:") jLabel2 = JLabel("Original message:") jLabel3 = JLabel("Message to append:") jLabel5 = JLabel("Max key length:") jTextField1 = JTextField("") jTextField2 = JTextField("") jTextField3 = JTextField("") jTextField4 = JTextField("128") jLabel4 = JLabel("Hashing functions") jCheckBox1 = JCheckBox("MD4") jCheckBox2 = JCheckBox("MD5") jCheckBox3 = JCheckBox("SHA1") jCheckBox4 = JCheckBox("SHA256") jCheckBox5 = JCheckBox("SHA512") jCheckBox1.setEnabled(False) jCheckBox2.setEnabled(False) jCheckBox3.setEnabled(False) jCheckBox4.setEnabled(False) jCheckBox5.setEnabled(False) jScrollPane1 = JScrollPane() jTable1 = JTable() jButton1 = JButton("Generate", actionPerformed=self.generate_attack) jButton1.setEnabled(False) jButton2 = JButton("Copy messages", actionPerformed=self.copy_messages) jButton3 = JButton("Copy hashes", actionPerformed=self.copy_hashes) self._tab = tab self._textfields = { "original_hash": jTextField1, "original_msg": jTextField2, "append_msg": jTextField3, "max_key_len": jTextField4, } self._checkboxes = { md4: jCheckBox1, md5: jCheckBox2, sha1: jCheckBox3, sha256: jCheckBox4, sha512: jCheckBox5, } self._table = jTable1 self._extensions = {} self._hashes, self._messages = [], [] # Hash field change event jTextField1.getDocument().addDocumentListener( HashChangeListener(self._checkboxes, self._textfields['original_hash'], jButton1)) # Table columns jTable1.setModel( DefaultTableModel([], ["#", "Type", "New Message", "Hash"])) jScrollPane1.setViewportView(jTable1) # Table column width jTable1.getColumnModel().getColumn(0).setMaxWidth(50) jTable1.getColumnModel().getColumn(1).setMaxWidth(60) layout = GroupLayout(tab) tab.setLayout(layout) layout.setHorizontalGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup( layout.createSequentialGroup().addGap(24, 24, 24).addGroup( layout.createParallelGroup( GroupLayout.Alignment.TRAILING).addComponent(jLabel5). addComponent(jLabel1).addComponent(jLabel2). addComponent(jLabel3)).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED).addGroup( layout.createParallelGroup( GroupLayout.Alignment.LEADING).addComponent( jTextField3, GroupLayout.DEFAULT_SIZE, 425, 32767).addComponent(jTextField2). addComponent(jTextField1).addGroup( layout.createSequentialGroup().addComponent( jTextField4, GroupLayout.PREFERRED_SIZE, 88, GroupLayout.PREFERRED_SIZE).addGap( 0, 0, 32767))).addGap(30, 30, 30). addGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING). addGroup(layout.createSequentialGroup( ).addComponent(jCheckBox1).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED ).addComponent(jCheckBox2).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED ).addComponent(jCheckBox3).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED ).addComponent(jCheckBox4).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED).addComponent( jCheckBox5)).addComponent(jLabel4).addGroup( layout.createSequentialGroup().addComponent( jButton1).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED ).addComponent(jButton3).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED ).addComponent(jButton2))).addGap( 167, 167, 167)).addComponent(jScrollPane1)) layout.setVerticalGroup( layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup( layout.createSequentialGroup().addGap(26, 26, 26).addGroup( layout.createParallelGroup(GroupLayout.Alignment.BASELINE). addComponent(jLabel1).addComponent( jTextField1, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE).addComponent(jLabel4)). addPreferredGap( LayoutStyle.ComponentPlacement.RELATED).addGroup( layout.createParallelGroup( GroupLayout.Alignment.BASELINE).addComponent( jTextField2, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE). addComponent(jLabel2).addGroup( layout.createParallelGroup( GroupLayout.Alignment.BASELINE).addComponent( jCheckBox2).addComponent(jCheckBox3). addComponent(jCheckBox1).addComponent(jCheckBox4). addComponent(jCheckBox5))).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED). addGroup( layout.createParallelGroup( GroupLayout.Alignment.BASELINE).addComponent( jTextField3, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE).addComponent(jLabel3) ).addPreferredGap( LayoutStyle.ComponentPlacement.RELATED).addGroup( layout.createParallelGroup( GroupLayout.Alignment.BASELINE). addComponent(jLabel5).addComponent( jTextField4, GroupLayout.PREFERRED_SIZE, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE).addComponent(jButton2). addComponent(jButton3).addComponent(jButton1)).addGap( 13, 13, 13).addComponent(jScrollPane1, GroupLayout.DEFAULT_SIZE, 971, 32767))) callbacks.customizeUiComponent(tab) callbacks.addSuiteTab(self)
class BurpExtender(IBurpExtender, ITab, IMessageEditorController, AbstractTableModel, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("PT Vulnerabilities Manager") self.config = SafeConfigParser() self.createSection('projects') self.createSection('general') self.config.read('config.ini') self.chooser = JFileChooser() # create the log and a lock on which to synchronize when adding log entries self._log = ArrayList() self._lock = Lock() self.logTable = Table(self) self.logTable.getColumnModel().getColumn(0).setMaxWidth(35) self.logTable.getColumnModel().getColumn(1).setMinWidth(100) self._requestViewer = self._callbacks.createMessageEditor(self, False) self._responseViewer = self._callbacks.createMessageEditor(self, False) self.initVulnerabilityTab() self.initProjSettingsTab() self.initTabs() self.initCallbacks() if self.projPath.getText() != None: self.loadVulnerabilities(self.projPath.getText()) print "Thank you for installing PT Vulnerabilities Manager v1.0 extension" print "by Barak Tawily\n\n\n" print "Disclaimer:\nThis extension might create folders and files in your hardisk which might be declared as sensitive information, make sure you are creating projects under encrypted partition" return def initVulnerabilityTab(self): # ## init vulnerability tab # nameLabel = JLabel("Vulnerability Name:") nameLabel.setBounds(10, 10, 140, 30) self.addButton = JButton("Add",actionPerformed=self.addVuln) self.addButton.setBounds(10, 500, 100, 30) rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln) rmVulnButton.setBounds(465, 500, 100, 30) mitigationLabel = JLabel("Mitigation:") mitigationLabel.setBounds(10, 290, 150, 30) addSSBtn = JButton("Add SS",actionPerformed=self.addSS) addSSBtn.setBounds(750, 40, 110, 30) deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS) deleteSSBtn.setBounds(750, 75, 110, 30) piclistLabel = JLabel("Images list:") piclistLabel.setBounds(580, 10, 140, 30) self.screenshotsList = DefaultListModel() self.ssList = JList(self.screenshotsList) self.ssList.setBounds(580, 40, 150, 250) self.ssList.addListSelectionListener(ssChangedHandler(self)) self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY)) previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)") previewPicLabel.setBounds(580, 290, 500, 30) copyImgMenu = JMenuItem("Copy") copyImgMenu.addActionListener(copyImg(self)) self.imgMenu = JPopupMenu("Popup") self.imgMenu.add(copyImgMenu) self.firstPic = JLabel() self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY)) self.firstPic.setBounds(580, 320, 550, 400) self.firstPic.addMouseListener(imageClicked(self)) self.vulnName = JTextField("") self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self)) self.vulnName.setBounds(140, 10, 422, 30) sevirities = ["Unclassified", "Critical","High","Medium","Low"] self.threatLevel = JComboBox(sevirities); self.threatLevel.setBounds(140, 45, 140, 30) colors = ["Color:", "Green", "Red"] self.colorCombo = JComboBox(colors); self.colorCombo.setBounds(465, 45, 100, 30) self.colorCombo severityLabel = JLabel("Threat Level:") severityLabel.setBounds(10, 45, 100, 30) descriptionLabel = JLabel("Description:") descriptionLabel.setBounds(10, 80, 100, 30) self.descriptionString = JTextArea("", 5, 30) self.descriptionString.setWrapStyleWord(True); self.descriptionString.setLineWrap(True) self.descriptionString.setBounds(10, 110, 555, 175) descriptionStringScroll = JScrollPane(self.descriptionString) descriptionStringScroll.setBounds(10, 110, 555, 175) descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.mitigationStr = JTextArea("", 5, 30) self.mitigationStr.setWrapStyleWord(True); self.mitigationStr.setLineWrap(True) self.mitigationStr.setBounds(10, 320, 555, 175) mitigationStrScroll = JScrollPane(self.mitigationStr) mitigationStrScroll.setBounds(10, 320, 555, 175) mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) self.pnl = JPanel() self.pnl.setBounds(0, 0, 1000, 1000); self.pnl.setLayout(None); self.pnl.add(addSSBtn) self.pnl.add(piclistLabel) self.pnl.add(nameLabel) self.pnl.add(deleteSSBtn) self.pnl.add(rmVulnButton) self.pnl.add(severityLabel) self.pnl.add(mitigationLabel) self.pnl.add(descriptionLabel) self.pnl.add(previewPicLabel) self.pnl.add(mitigationStrScroll) self.pnl.add(descriptionStringScroll) self.pnl.add(self.ssList) self.pnl.add(self.firstPic) self.pnl.add(self.addButton) self.pnl.add(self.vulnName) self.pnl.add(self.threatLevel) self.pnl.add(self.colorCombo) def initProjSettingsTab(self): # init project settings projNameLabel = JLabel("Name:") projNameLabel.setBounds(10, 50, 140, 30) self.projName = JTextField("") self.projName.setBounds(140, 50, 320, 30) self.projName.getDocument().addDocumentListener(projTextChanged(self)) detailsLabel = JLabel("Details:") detailsLabel.setBounds(10, 120, 140, 30) reportLabel = JLabel("Generate Report:") reportLabel.setBounds(10, 375, 140, 30) types = ["DOCX","HTML","XLSX"] self.reportType = JComboBox(types) self.reportType.setBounds(10, 400, 140, 30) generateReportButton = JButton("Generate", actionPerformed=self.generateReport) generateReportButton.setBounds(160, 400, 90, 30) self.projDetails = JTextArea("", 5, 30) self.projDetails.setWrapStyleWord(True); self.projDetails.setLineWrap(True) projDetailsScroll = JScrollPane(self.projDetails) projDetailsScroll.setBounds(10, 150, 450, 175) projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED) projPathLabel = JLabel("Path:") projPathLabel.setBounds(10, 90, 140, 30) self.projPath = JTextField("") self.projPath.setBounds(140, 90, 320, 30) chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath) chooseProjPathButton.setBounds(470, 90, 100, 30) importProjButton = JButton("Import",actionPerformed=self.importProj) importProjButton.setBounds(470, 10, 100, 30) exportProjButton = JButton("Export",actionPerformed=self.exportProj) exportProjButton.setBounds(575, 10, 100, 30) openProjButton = JButton("Open Directory",actionPerformed=self.openProj) openProjButton.setBounds(680, 10, 130, 30) currentProjectLabel = JLabel("Current:") currentProjectLabel.setBounds(10, 10, 140, 30) projects = self.config.options('projects') self.currentProject = JComboBox(projects) self.currentProject.addActionListener(projectChangeHandler(self)) self.currentProject.setBounds(140, 10, 140, 30) self.autoSave = JCheckBox("Auto Save Mode") self.autoSave.setEnabled(False) # implement this feature self.autoSave.setBounds(300, 10, 140, 30) self.autoSave.setToolTipText("Will save any changed value while focus is out") addProjButton = JButton("Add / Update",actionPerformed=self.addProj) addProjButton.setBounds(10, 330, 150, 30) removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj) removeProjButton.setBounds(315, 330, 146, 30) generalOptions = self.config.options('general') if 'default project' in generalOptions: defaultProj = self.config.get('general','default project') self.currentProject.getModel().setSelectedItem(defaultProj) self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem())) self.clearProjTab = True self.projectSettings = JPanel() self.projectSettings.setBounds(0, 0, 1000, 1000) self.projectSettings.setLayout(None) self.projectSettings.add(reportLabel) self.projectSettings.add(detailsLabel) self.projectSettings.add(projPathLabel) self.projectSettings.add(addProjButton) self.projectSettings.add(openProjButton) self.projectSettings.add(projNameLabel) self.projectSettings.add(projDetailsScroll) self.projectSettings.add(importProjButton) self.projectSettings.add(exportProjButton) self.projectSettings.add(removeProjButton) self.projectSettings.add(generateReportButton) self.projectSettings.add(chooseProjPathButton) self.projectSettings.add(currentProjectLabel) self.projectSettings.add(self.projPath) self.projectSettings.add(self.autoSave) self.projectSettings.add(self.projName) self.projectSettings.add(self.reportType) self.projectSettings.add(self.currentProject) def initTabs(self): # ## init autorize tabs # self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self.scrollPane = JScrollPane(self.logTable) self._splitpane.setLeftComponent(self.scrollPane) colorsMenu = JMenu("Paint") redMenu = JMenuItem("Red") noneMenu = JMenuItem("None") greenMenu = JMenuItem("Green") redMenu.addActionListener(paintChange(self, "Red")) noneMenu.addActionListener(paintChange(self, None)) greenMenu.addActionListener(paintChange(self, "Green")) colorsMenu.add(redMenu) colorsMenu.add(noneMenu) colorsMenu.add(greenMenu) self.menu = JPopupMenu("Popup") self.menu.add(colorsMenu) self.tabs = JTabbedPane() self.tabs.addTab("Request", self._requestViewer.getComponent()) self.tabs.addTab("Response", self._responseViewer.getComponent()) self.tabs.addTab("Vulnerability", self.pnl) self.tabs.addTab("Project Settings", self.projectSettings) self.tabs.setSelectedIndex(2) self._splitpane.setRightComponent(self.tabs) def initCallbacks(self): # ## init callbacks # # customize our UI components self._callbacks.customizeUiComponent(self._splitpane) self._callbacks.customizeUiComponent(self.logTable) self._callbacks.customizeUiComponent(self.scrollPane) self._callbacks.customizeUiComponent(self.tabs) self._callbacks.registerContextMenuFactory(self) # add the custom tab to Burp's UI self._callbacks.addSuiteTab(self) def loadVulnerabilities(self, projPath): self.clearList(None) selected = False for root, dirs, files in os.walk(projPath): # make it go only for dirs for dirName in dirs: xmlPath = projPath+"/"+dirName+"/vulnerability.xml" # xmlPath = xmlPath.replace("/","//") document = self.getXMLDoc(xmlPath) nodeList = document.getDocumentElement().getChildNodes() vulnName = nodeList.item(0).getTextContent() severity = nodeList.item(1).getTextContent() description = nodeList.item(2).getTextContent() mitigation = nodeList.item(3).getTextContent() color = nodeList.item(4).getTextContent() test = vulnerability(vulnName,severity,description,mitigation,color) self._lock.acquire() row = self._log.size() self._log.add(test) self.fireTableRowsInserted(row, row) self._lock.release() if vulnName == self.vulnName.getText(): self.logTable.setRowSelectionInterval(row,row) selected = True if selected == False and self._log.size() > 0: self.logTable.setRowSelectionInterval(0, 0) self.loadVulnerability(self._log.get(0)) def createSection(self, sectioName): self.config.read('config.ini') if not (sectioName in self.config.sections()): self.config.add_section(sectioName) cfgfile = open("config.ini",'w') self.config.write(cfgfile) cfgfile.close() def saveCfg(self): f = open('config.ini', 'w') self.config.write(f) f.close() def getXMLDoc(self, xmlPath): try: document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlPath) return document except: self._extender.popup("XML file not found") return def saveXMLDoc(self, doc, xmlPath): transformerFactory = TransformerFactory.newInstance() transformer = transformerFactory.newTransformer() source = DOMSource(doc) result = StreamResult(File(xmlPath)) transformer.transform(source, result) def generateReport(self,event): if self.reportType.getSelectedItem() == "HTML": path = self.reportToHTML() if self.reportType.getSelectedItem() == "XLSX": path = self.reportToXLS() if self.reportType.getSelectedItem() == "DOCX": path = self.generateReportFromDocxTemplate('template.docx',"newfile.docx", 'word/document.xml') n = JOptionPane.showConfirmDialog(None, "Report generated successfuly:\n%s\nWould you like to open it?" % (path), "PT Manager", JOptionPane.YES_NO_OPTION) if n == JOptionPane.YES_OPTION: os.system('"' + path + '"') # Bug! stucking burp until the file get closed def exportProj(self,event): self.chooser.setDialogTitle("Save project") Ffilter = FileNameExtensionFilter("Zip files", ["zip"]) self.chooser.setFileFilter(Ffilter) returnVal = self.chooser.showSaveDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: dst = str(self.chooser.getSelectedFile()) shutil.make_archive(dst,"zip",self.getCurrentProjPath()) self.popup("Project export successfuly") def importProj(self,event): self.chooser.setDialogTitle("Select project zip to directory") Ffilter = FileNameExtensionFilter("Zip files", ["zip"]) self.chooser.setFileFilter(Ffilter) returnVal = self.chooser.showOpenDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: zipPath = str(self.chooser.getSelectedFile()) self.chooser.setDialogTitle("Select project directory") self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) returnVal = self.chooser.showOpenDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: projPath = str(self.chooser.getSelectedFile()) + "/PTManager" with zipfile.ZipFile(zipPath, "r") as z: z.extractall(projPath) xmlPath = projPath + "/project.xml" document = self.getXMLDoc(xmlPath) nodeList = document.getDocumentElement().getChildNodes() projName = nodeList.item(0).getTextContent() nodeList.item(1).setTextContent(projPath) self.saveXMLDoc(document, xmlPath) self.config.set('projects', projName, projPath) self.saveCfg() self.reloadProjects() self.currentProject.getModel().setSelectedItem(projName) self.clearVulnerabilityTab() def reportToXLS(self): if not xlsxwriterImported: self.popup("xlsxwriter library is not imported") return workbook = xlsxwriter.Workbook(self.getCurrentProjPath() + '/PT Manager Report.xlsx') worksheet = workbook.add_worksheet() bold = workbook.add_format({'bold': True}) worksheet.write(0, 0, "Vulnerability Name", bold) worksheet.write(0, 1, "Threat Level", bold) worksheet.write(0, 2, "Description", bold) worksheet.write(0, 3, "Mitigation", bold) row = 1 for i in range(0,self._log.size()): worksheet.write(row, 0, self._log.get(i).getName()) worksheet.write(row, 1, self._log.get(i).getSeverity()) worksheet.write(row, 2, self._log.get(i).getDescription()) worksheet.write(row, 3, self._log.get(i).getMitigation()) row = row + 1 # add requests and images as well workbook.close() return self.getCurrentProjPath() + '/PT Manager Report.xlsx' def reportToHTML(self): htmlContent = """<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="he" dir="ltr"> <head> <title>PT Manager Report</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style> body { background-repeat: no-repeat; background-attachment: fixed; font-family: Arial,Tahoma,sens-serif; font-size: 13px; margin: auto; } #warpcenter { width: 900px; margin: 0px auto; } table { border: 2px dashed #000000; } td { border-top: 2px dashed #000000; padding: 10px; } img { border: 0px; } </style> <script language="javascript"> function divHideShow(divToHideOrShow) { var div = document.getElementById(divToHideOrShow); if (div.style.display == "block") { div.style.display = "none"; } else { div.style.display = "block"; } } </script> </head> <body> <div id="warpcenter"> <h1> PT Manager Report </h1> <h2> Project: %s</h1> """ % (self.projName.getText()) for i in range(0,self._log.size()): name = self._log.get(i).getName() request = "None" response = "None" path = self.getVulnReqResPath("request",name) if os.path.exists(path): request = self.newlineToBR(self.getFileContent(path)) path = self.getVulnReqResPath("response",name) if os.path.exists(path): response = self.newlineToBR(self.getFileContent(path)) images = "" for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(name)): if fileName.endswith(".jpg"): images += "%s<br><img src=\"%s\"><br><br>" % (fileName, self.projPath.getText()+"/"+self.clearStr(name) + "/" + fileName) description = self.newlineToBR(self._log.get(i).getDescription()) mitigation = self.newlineToBR(self._log.get(i).getMitigation()) htmlContent += self.convertVulntoTable(i,name,self._log.get(i).getSeverity(), description,mitigation, request, response, images) htmlContent += "</div></body></html>" f = open(self.getCurrentProjPath() + '/PT Manager Report.html', 'w') f.writelines(htmlContent) f.close() return self.getCurrentProjPath() + '/PT Manager Report.html' def newlineToBR(self,string): return "<br />".join(string.split("\n")) def getFileContent(self,path): f = open(path, "rb") content = f.read() f.close() return content def convertVulntoTable(self, number, name, severity, description, mitigation, request = "None", response = "None", images = "None"): return """<div style="width: 100%%;height: 30px;text-align: center;background-color:#E0E0E0;font-size: 17px;font-weight: bold;color: #000;padding-top: 10px;">%s <a href="javascript:divHideShow('Table_%s');" style="color:#191970">(OPEN / CLOSE)</a></div> <div id="Table_%s" style="display: none;"> <table width="100%%" cellspacing="0" cellpadding="0" style="margin: 0px auto;text-align: left;border-top: 0px;"> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Threat Level: </span> <span style="color:#8b8989">%s</span> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Description</span> <a href="javascript:divHideShow('Table_%s_Command_03');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_03" style="display: none;margin-top: 25px;"> %s </div> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Mitigration</span> <a href="javascript:divHideShow('Table_%s_Command_04');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_04" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Request</span> <a href="javascript:divHideShow('Table_%s_Command_05');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_05" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Response</span> <a href="javascript:divHideShow('Table_%s_Command_06');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_06" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> <tr> <td> <div style="font-size: 16px;font-weight: bold;"> <span style="color:#000000">Images</span> <a href="javascript:divHideShow('Table_%s_Command_07');" style="color:#191970">OPEN / CLOSE >>></a> </div> <div id="Table_%s_Command_07" style="display: none;margin-top: 25px;"> %s <b> </td> </tr> </table> </div><br><br>""" % (name,number,number,severity,number,number,description,number,number,mitigation,number,number,request,number,number,response,number,number,images) def clearVulnerabilityTab(self, rmVuln=True): if rmVuln: self.vulnName.setText("") self.descriptionString.setText("") self.mitigationStr.setText("") self.colorCombo.setSelectedIndex(0) self.threatLevel.setSelectedIndex(0) self.screenshotsList.clear() self.addButton.setText("Add") self.firstPic.setIcon(None) def saveRequestResponse(self, type, requestResponse, vulnName): path = self.getVulnReqResPath(type,vulnName) f = open(path, 'wb') f.write(requestResponse) f.close() def openProj(self, event): os.system('explorer ' + self.projPath.getText()) def getVulnReqResPath(self, requestOrResponse, vulnName): return self.getCurrentProjPath() + "/" + self.clearStr(vulnName) + "/"+requestOrResponse+"_" + self.clearStr(vulnName) def htmlEscape(self,data): return data.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''') def generateReportFromDocxTemplate(self, zipname, newZipName, filename): newZipName = self.getCurrentProjPath() + "/" + newZipName with zipfile.ZipFile(zipname, 'r') as zin: with zipfile.ZipFile(newZipName, 'w') as zout: zout.comment = zin.comment for item in zin.infolist(): if item.filename != filename: zout.writestr(item, zin.read(item.filename)) else: xml_content = zin.read(item.filename) result = re.findall("(.*)<w:body>(?:.*)<\/w:body>(.*)",xml_content)[0] newXML = result[0] templateBody = re.findall("<w:body>(.*)<\/w:body>", xml_content)[0] newBody = "" for i in range(0,self._log.size()): tmp = templateBody tmp = tmp.replace("$vulnerability", self.htmlEscape(self._log.get(i).getName())) tmp = tmp.replace("$severity", self.htmlEscape(self._log.get(i).getSeverity())) tmp = tmp.replace("$description", self.htmlEscape(self._log.get(i).getDescription())) tmp = tmp.replace("$mitigation", self.htmlEscape(self._log.get(i).getMitigation())) newBody = newBody + tmp newXML = newXML + newBody newXML = newXML + result[1] with zipfile.ZipFile(newZipName, mode='a', compression=zipfile.ZIP_DEFLATED) as zf: zf.writestr(filename, newXML) return newZipName def chooseProjPath(self, event): self.chooser.setDialogTitle("Select target directory") self.chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY) returnVal = self.chooser.showOpenDialog(None) if returnVal == JFileChooser.APPROVE_OPTION: projPath = str(self.chooser.getSelectedFile()) + "/PTManager" os.makedirs(projPath) self.projPath.setText(projPath) def reloadProjects(self): self.currentProject.setModel(DefaultComboBoxModel(self.config.options('projects'))) def rmProj(self, event): if self.popUpAreYouSure() == JOptionPane.YES_OPTION: self._requestViewer.setMessage("None", False) self._responseViewer.setMessage("None", False) shutil.rmtree(self.projPath.getText()) self.config.remove_option('projects',self.currentProject.getSelectedItem()) self.reloadProjects() self.currentProject.setSelectedIndex(0) self.loadVulnerabilities(self.projPath.getText()) def popup(self,msg): JOptionPane.showMessageDialog(None,msg) def addProj(self, event): projPath = self.projPath.getText() if projPath == None or projPath == "": self.popup("Please select path") return self.config.set('projects', self.projName.getText(), projPath) self.saveCfg() xml = ET.Element('project') name = ET.SubElement(xml, "name") path = ET.SubElement(xml, "path") details = ET.SubElement(xml, "details") autoSaveMode = ET.SubElement(xml, "autoSaveMode") name.text = self.projName.getText() path.text = projPath details.text = self.projDetails.getText() autoSaveMode.text = str(self.autoSave.isSelected()) tree = ET.ElementTree(xml) try: tree.write(self.getCurrentProjPath()+'/project.xml') except: self.popup("Invalid path") return self.reloadProjects() self.clearVulnerabilityTab() self.clearList(None) self.currentProject.getModel().setSelectedItem(self.projName.getText()) def resize(self, image, width, height): bi = BufferedImage(width, height, BufferedImage.TRANSLUCENT) g2d = bi.createGraphics() g2d.addRenderingHints(RenderingHints(RenderingHints.KEY_RENDERING, RenderingHints.VALUE_RENDER_QUALITY)) g2d.drawImage(image, 0, 0, width, height, None) g2d.dispose() return bi; def clearStr(self, var): return var.replace(" " , "_").replace("\\" , "").replace("/" , "").replace(":" , "").replace("*" , "").replace("?" , "").replace("\"" , "").replace("<" , "").replace(">" , "").replace("|" , "").replace("(" , "").replace(")" , "") def popUpAreYouSure(self): dialogResult = JOptionPane.showConfirmDialog(None,"Are you sure?","Warning",JOptionPane.YES_NO_OPTION) if dialogResult == 0: return 0 return 1 def removeSS(self,event): if self.popUpAreYouSure() == JOptionPane.YES_OPTION: os.remove(self.getCurrentVulnPath() + "/" + self.ssList.getSelectedValue()) self.ssList.getModel().remove(self.ssList.getSelectedIndex()) self.firstPic.setIcon(ImageIcon(None)) # check if there is images and select the first one # bug in linux def addSS(self,event): clipboard = Toolkit.getDefaultToolkit().getSystemClipboard() try: image = clipboard.getData(DataFlavor.imageFlavor) except: self.popup("Clipboard not contains image") return vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText()) if not os.path.exists(vulnPath): os.makedirs(vulnPath) name = self.clearStr(self.vulnName.getText()) + str(random.randint(1, 99999))+".jpg" fileName = self.projPath.getText()+"/"+ self.clearStr(self.vulnName.getText()) + "/" + name file = File(fileName) bufferedImage = BufferedImage(image.getWidth(None), image.getHeight(None), BufferedImage.TYPE_INT_RGB); g = bufferedImage.createGraphics(); g.drawImage(image, 0, 0, bufferedImage.getWidth(), bufferedImage.getHeight(), Color.WHITE, None); ImageIO.write(bufferedImage, "jpg", file) self.addVuln(self) self.ssList.setSelectedValue(name,True) def rmVuln(self, event): if self.popUpAreYouSure() == JOptionPane.YES_OPTION: self._requestViewer.setMessage("None", False) self._responseViewer.setMessage("None", False) shutil.rmtree(self.getCurrentVulnPath()) self.clearVulnerabilityTab() self.loadVulnerabilities(self.getCurrentProjPath()) def addVuln(self, event): if self.colorCombo.getSelectedItem() == "Color:": colorTxt = None else: colorTxt = self.colorCombo.getSelectedItem() self._lock.acquire() row = self._log.size() vulnObject = vulnerability(self.vulnName.getText(),self.threatLevel.getSelectedItem(),self.descriptionString.getText(),self.mitigationStr.getText() ,colorTxt) self._log.add(vulnObject) self.fireTableRowsInserted(row, row) self._lock.release() vulnPath = self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText()) if not os.path.exists(vulnPath): os.makedirs(vulnPath) xml = ET.Element('vulnerability') name = ET.SubElement(xml, "name") severity = ET.SubElement(xml, "severity") description = ET.SubElement(xml, "description") mitigation = ET.SubElement(xml, "mitigation") color = ET.SubElement(xml, "color") name.text = self.vulnName.getText() severity.text = self.threatLevel.getSelectedItem() description.text = self.descriptionString.getText() mitigation.text = self.mitigationStr.getText() color.text = colorTxt tree = ET.ElementTree(xml) tree.write(vulnPath+'/vulnerability.xml') self.loadVulnerabilities(self.getCurrentProjPath()) self.loadVulnerability(vulnObject) def vulnNameChanged(self): if os.path.exists(self.getCurrentVulnPath()) and self.vulnName.getText() != "": self.addButton.setText("Update") elif self.addButton.getText() != "Add": options = ["Create a new vulnerability", "Change current vulnerability name"] n = JOptionPane.showOptionDialog(None, "Would you like to?", "Vulnerability Name", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.QUESTION_MESSAGE, None, options, options[0]); if n == 0: self.clearVulnerabilityTab(False) self.addButton.setText("Add") else: newName = JOptionPane.showInputDialog( None, "Enter new name:", "Vulnerability Name", JOptionPane.PLAIN_MESSAGE, None, None, self.vulnName.getText()) row = self.logTable.getSelectedRow() old = self.logTable.getValueAt(row,1) self.changeVulnName(newName,old) def changeVulnName(self,new,old): newpath = self.getCurrentProjPath() + "/" + new oldpath = self.getCurrentProjPath() + "/" + old os.rename(oldpath,newpath) self.changeCurrentVuln(new,0, newpath + "/vulnerability.xml") def getCurrentVulnPath(self): return self.projPath.getText() + "/" + self.clearStr(self.vulnName.getText()) def getCurrentProjPath(self): return self.projPath.getText() def loadSS(self, imgPath): image = ImageIO.read(File(imgPath)) if image.getWidth() <= 550 and image.getHeight() <= 400: self.firstPic.setIcon(ImageIcon(image)) self.firstPic.setSize(image.getWidth(),image.getHeight()) else: self.firstPic.setIcon(ImageIcon(self.resize(image,550, 400))) self.firstPic.setSize(550,400) def clearProjectTab(self): self.projPath.setText("") self.projDetails.setText("") def clearList(self, event): self._lock.acquire() self._log = ArrayList() row = self._log.size() self.fireTableRowsInserted(row, row) self._lock.release() # # implement IContextMenuFactory # def createMenuItems(self, invocation): responses = invocation.getSelectedMessages(); if responses > 0: ret = LinkedList() requestMenuItem = JMenuItem("Send to PT Manager"); requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request")) ret.add(requestMenuItem); return(ret); return null; # # implement ITab # def getTabCaption(self): return "PT Manager" def getUiComponent(self): return self._splitpane # # extend AbstractTableModel # def getRowCount(self): try: return self._log.size() except: return 0 def getColumnCount(self): return 3 def getColumnName(self, columnIndex): if columnIndex == 0: return "#" if columnIndex == 1: return "Vulnerability Name" if columnIndex == 2: return "Threat Level" return "" def getValueAt(self, rowIndex, columnIndex): vulnObject = self._log.get(rowIndex) if columnIndex == 0: return rowIndex+1 if columnIndex == 1: return vulnObject.getName() if columnIndex == 2: return vulnObject.getSeverity() if columnIndex == 3: return vulnObject.getMitigation() if columnIndex == 4: return vulnObject.getColor() return "" def changeCurrentVuln(self,value,fieldNumber, xmlPath = "def"): if xmlPath == "def": xmlPath = self.getCurrentVulnPath() + "/vulnerability.xml" document = self.getXMLDoc(xmlPath) nodeList = document.getDocumentElement().getChildNodes() nodeList.item(fieldNumber).setTextContent(value) self.saveXMLDoc(document, xmlPath) self.loadVulnerabilities(self.getCurrentProjPath()) def loadVulnerability(self, vulnObject): self.addButton.setText("Update") self.vulnName.setText(vulnObject.getName()) self.threatLevel.setSelectedItem(vulnObject.getSeverity()) self.descriptionString.setText(vulnObject.getDescription()) self.mitigationStr.setText(vulnObject.getMitigation()) if vulnObject.getColor() == "" or vulnObject.getColor() == None: self.colorCombo.setSelectedItem("Color:") else: self.colorCombo.setSelectedItem(vulnObject.getColor()) self.screenshotsList.clear() for fileName in os.listdir(self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())): if fileName.endswith(".jpg"): self.screenshotsList.addElement(fileName) imgPath = self.projPath.getText()+"/"+self.clearStr(vulnObject.getName())+'/'+fileName # imgPath = imgPath.replace("/","//") self.loadSS(imgPath) if (self.screenshotsList.getSize() == 0): self.firstPic.setIcon(None) else: self.ssList.setSelectedIndex(0) path = self.getVulnReqResPath("request",vulnObject.getName()) if os.path.exists(path): f = self.getFileContent(path) self._requestViewer.setMessage(f, False) else: self._requestViewer.setMessage("None", False) path = self.getVulnReqResPath("response",vulnObject.getName()) if os.path.exists(path): f = self.getFileContent(path) self._responseViewer.setMessage(f, False) else: self._responseViewer.setMessage("None", False)