class GameSelector(ActionListener):
""" generated source for class GameSelector """
theGameList = JComboBox()
theRepositoryList = JComboBox()
theSelectedRepository = GameRepository()
theCachedRepositories = Map()
class NamedItem(object):
""" generated source for class NamedItem """
theKey = str()
theName = str()
def __init__(self, theKey, theName):
""" generated source for method __init__ """
self.theKey = theKey
self.theName = theName
def __str__(self):
""" generated source for method toString """
return self.theName
def __init__(self):
""" generated source for method __init__ """
super(GameSelector, self).__init__()
self.theGameList = JComboBox()
self.theGameList.addActionListener(self)
self.theRepositoryList = JComboBox()
self.theRepositoryList.addActionListener(self)
self.theCachedRepositories = HashMap()
self.theRepositoryList.addItem("games.ggp.org/base")
self.theRepositoryList.addItem("games.ggp.org/dresden")
self.theRepositoryList.addItem("games.ggp.org/stanford")
self.theRepositoryList.addItem("Local Game Repository")
def actionPerformed(self, e):
""" generated source for method actionPerformed """
if e.getSource() == self.theRepositoryList:
if self.theCachedRepositories.containsKey(theRepositoryName):
self.theSelectedRepository = self.theCachedRepositories.get(theRepositoryName)
else:
if theRepositoryName == "Local Game Repository":
self.theSelectedRepository = LocalGameRepository()
else:
self.theSelectedRepository = CloudGameRepository(theRepositoryName)
self.theCachedRepositories.put(theRepositoryName, self.theSelectedRepository)
repopulateGameList()
def getSelectedGameRepository(self):
""" generated source for method getSelectedGameRepository """
return self.theSelectedRepository
def repopulateGameList(self):
""" generated source for method repopulateGameList """
theRepository = self.getSelectedGameRepository()
theKeyList = ArrayList(theRepository.getGameKeys())
Collections.sort(theKeyList)
self.theGameList.removeAllItems()
for theKey in theKeyList:
if theGame == None:
continue
if theName == None:
theName = theKey
if 24 > len(theName):
theName = theName.substring(0, 24) + "..."
self.theGameList.addItem(self.NamedItem(theKey, theName))
def getRepositoryList(self):
""" generated source for method getRepositoryList """
return self.theRepositoryList
def getGameList(self):
""" generated source for method getGameList """
return self.theGameList
def getSelectedGame(self):
""" generated source for method getSelectedGame """
try:
return self.getSelectedGameRepository().getGame((self.theGameList.getSelectedItem()).theKey)
except Exception as e:
return None
class BurpExtender(IBurpExtender, ITab, IExtensionStateListener):
# Define the global variables for the burp plugin
EXTENSION_NAME = "UPnP BHunter"
ipv4_selected = True
services_dict = {}
ip_service_dict = {}
STOP_THREAD = False
#Some SSDP m-search parameters are based upon "UPnP Device Architecture v2.0"
SSDP_MULTICAST_IPv4 = ["239.255.255.250"]
SSDP_MULTICAST_IPv6 = ["FF02::C", "FF05::C"]
SSDP_MULTICAST_PORT = 1900
ST_ALL = "ssdp:all"
ST_ROOTDEV = "upnp:rootdevice"
PLACEHOLDER = "FUZZ_HERE"
SSDP_TIMEOUT = 2
def registerExtenderCallbacks(self, callbacks):
# Get a reference to callbacks object
self.callbacks = callbacks
# Get the useful extension helpers object
self.helpers = callbacks.getHelpers()
# Set the extension name
self.callbacks.setExtensionName(self.EXTENSION_NAME)
self.callbacks.registerExtensionStateListener(self)
# Draw plugin user interface
self.drawPluginUI()
self.callbacks.addSuiteTab(self)
# Plugin loading message
print("[+] Burp plugin UPnP BHunter loaded successfully")
return
def drawPluginUI(self):
# Create the plugin user interface
self.pluginTab = JPanel()
self.uiTitle = JLabel('UPnP BHunter Load, Aim and Fire Console')
self.uiTitle.setFont(Font('Tahoma', Font.BOLD, 14))
self.uiTitle.setForeground(Color(250, 100, 0))
self.uiPanelA = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self.uiPanelA.setMaximumSize(Dimension(2500, 1000))
self.uiPanelA.setDividerSize(2)
self.uiPanelB = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self.uiPanelB.setDividerSize(2)
self.uiPanelA.setBottomComponent(self.uiPanelB)
self.uiPanelA.setBorder(BorderFactory.createLineBorder(Color.gray))
# Create and configure labels and text fields
self.labeltitle_step1 = JLabel("[1st STEP] Discover UPnP Locations")
self.labeltitle_step1.setFont(Font('Tahoma', Font.BOLD, 14))
self.labeltitle_step2 = JLabel(
"[2nd STEP] Select a UPnP Service and Action")
self.labeltitle_step2.setFont(Font('Tahoma', Font.BOLD, 14))
self.labeltitle_step3 = JLabel("[3rd STEP] Time to Attack it")
self.labeltitle_step3.setFont(Font('Tahoma', Font.BOLD, 14))
self.labelsubtitle_step1 = JLabel(
"Specify the IP version address in scope and start UPnP discovery")
self.labelsubtitle_step2 = JLabel(
"Select which of the found UPnP services will be probed")
self.labelsubtitle_step3 = JLabel(
"Review and modify the request, then send it to one of the attack tools"
)
self.label_step1 = JLabel("Target IP")
self.label_step2 = JLabel("Found UPnp Services")
self.labelstatus = JLabel(" Status")
self.labelempty_step1 = JLabel(" ")
self.labelempty_step2 = JLabel(" ")
self.labelupnp = JLabel("UPnP list")
self.labelip = JLabel("IP list")
self.labelactions = JLabel("Actions")
self.labelNoneServiceFound = JLabel(" ")
self.labelNoneServiceFound.setFont(Font('Tahoma', Font.BOLD, 12))
self.labelNoneServiceFound.setForeground(Color.red)
# Create combobox for IP version selection
self.ip_versions = ["IPv4", "IPv6"]
self.combo_ipversion = JComboBox(self.ip_versions)
self.combo_ipversion.setSelectedIndex(0)
self.combo_ipversion.setEnabled(True)
# Create and configure progress bar
self.progressbar = JProgressBar(0, 100)
self.progressbar.setString("Ready")
self.progressbar.setStringPainted(True)
# Create and configure buttons
self.startbutton = JButton("Start Discovery",
actionPerformed=self.startHunting)
self.clearbutton = JButton("Clear All", actionPerformed=self.clearAll)
self.intruderbutton = JButton("Send to Intruder",
actionPerformed=self.sendToIntruder)
self.repeaterbutton = JButton("Send to Repeater",
actionPerformed=self.sendToRepeater)
#self.WANrepeaterbutton = JButton("to Repeater", actionPerformed=self.sendWANUPnPToRepeater)
self.textarea_request = JTextArea(18, 90)
self.intruderbutton.setEnabled(False)
self.repeaterbutton.setEnabled(False)
# Class neeeded to handle the target combobox in second step panel
class TargetComboboxListener(ActionListener):
def __init__(self, upnpcombo_targets, upnpcombo_services,
ip_service_dict):
self.upnpcombo_targets = upnpcombo_targets
self.upnpcombo_services = upnpcombo_services
self.ip_service_dict = ip_service_dict
def actionPerformed(self, event):
try:
# Update the location url combobox depending on the IP combobox
selected_target = self.upnpcombo_targets.getSelectedItem()
if self.ip_service_dict and selected_target:
self.upnpcombo_services.removeAllItems()
for service_url in self.ip_service_dict[
selected_target]:
self.upnpcombo_services.addItem(service_url)
self.upnpcombo_services.setSelectedIndex(0)
except BaseException as e:
print("[!] Exception selecting service: \"%s\" ") % e
# Class neeeded to handle the service combobox in second step panel
class ServiceComboboxListener(ActionListener):
def __init__(self, upnpcombo_services, upnpcombo_actions,
services_dict):
self.upnpcombo_services = upnpcombo_services
self.upnpcombo_actions = upnpcombo_actions
self.services = services_dict
def actionPerformed(self, event):
try:
# Update the location url combobox depending on the IP combobox
selected_service = self.upnpcombo_services.getSelectedItem(
)
if self.services and selected_service:
self.upnpcombo_actions.removeAllItems()
actions = self.services[selected_service]
for action in actions:
self.upnpcombo_actions.addItem(action)
self.upnpcombo_actions.setSelectedIndex(0)
except BaseException as e:
print("[!] Exception selecting service: \"%s\" ") % e
# Class neeeded to handle the action combobox in second step panel
class ActionComboboxListener(ActionListener):
def __init__(self, upnpcombo_services, upnpcombo_actions,
textarea_request, services_dict):
self.upnpcombo_services = upnpcombo_services
self.upnpcombo_actions = upnpcombo_actions
self.textarea_request = textarea_request
self.services = services_dict
def actionPerformed(self, event):
try:
# Update the location url combobox depending on the IP combobox
selected_action = self.upnpcombo_actions.getSelectedItem()
selected_service = self.upnpcombo_services.getSelectedItem(
)
if self.services and selected_action:
self.textarea_request.setText(
self.services[selected_service][selected_action])
except BaseException as e:
print("[!] Exception selecting action: \"%s\" ") % e
self.upnpactions = [" "]
self.upnpcombo_actions = JComboBox(self.upnpactions)
self.upnpcombo_actions.setSelectedIndex(0)
self.upnpcombo_actions.setEnabled(False)
# Create the combo box, select item at index 0 (first item in list)
self.upnpservices = [" "]
self.upnpcombo_services = JComboBox(self.upnpservices)
self.upnpcombo_services.setSelectedIndex(0)
self.upnpcombo_services.setEnabled(False)
# Create the combo box, select item at index 0 (first item in list)
self.upnptargets = [" "]
self.upnpcombo_targets = JComboBox(self.upnptargets)
self.upnpcombo_targets.setSelectedIndex(0)
self.upnpcombo_targets.setEnabled(False)
# Set the action listeners for all the comboboxes
self.upnpcombo_targets.addActionListener(
TargetComboboxListener(self.upnpcombo_targets,
self.upnpcombo_services,
self.ip_service_dict))
self.upnpcombo_services.addActionListener(
ServiceComboboxListener(self.upnpcombo_services,
self.upnpcombo_actions,
self.services_dict))
self.upnpcombo_actions.addActionListener(
ActionComboboxListener(self.upnpcombo_services,
self.upnpcombo_actions,
self.textarea_request, self.services_dict))
# Configuring first step panel
self.panel_step1 = JPanel()
self.panel_step1.setPreferredSize(Dimension(2250, 100))
self.panel_step1.setBorder(EmptyBorder(10, 10, 10, 10))
self.panel_step1.setLayout(BorderLayout(15, 15))
self.titlepanel_step1 = JPanel()
self.titlepanel_step1.setLayout(BorderLayout())
self.titlepanel_step1.add(self.labeltitle_step1, BorderLayout.NORTH)
self.titlepanel_step1.add(self.labelsubtitle_step1)
self.targetpanel_step1 = JPanel()
self.targetpanel_step1.add(self.label_step1)
self.targetpanel_step1.add(self.combo_ipversion)
self.targetpanel_step1.add(self.startbutton)
self.targetpanel_step1.add(self.clearbutton)
self.targetpanel_step1.add(self.labelstatus)
self.targetpanel_step1.add(self.progressbar)
self.emptypanel_step1 = JPanel()
self.emptypanel_step1.setLayout(BorderLayout())
self.emptypanel_step1.add(self.labelempty_step1, BorderLayout.WEST)
# Assembling first step panel components
self.panel_step1.add(self.titlepanel_step1, BorderLayout.NORTH)
self.panel_step1.add(self.targetpanel_step1, BorderLayout.WEST)
self.panel_step1.add(self.emptypanel_step1, BorderLayout.SOUTH)
self.uiPanelA.setTopComponent(self.panel_step1)
# Configure second step panel
self.panel_step2 = JPanel()
self.panel_step2.setPreferredSize(Dimension(2250, 100))
self.panel_step2.setBorder(EmptyBorder(10, 10, 10, 10))
self.panel_step2.setLayout(BorderLayout(15, 15))
self.titlepanel_step2 = JPanel()
self.titlepanel_step2.setLayout(BorderLayout())
self.titlepanel_step2.add(self.labeltitle_step2, BorderLayout.NORTH)
self.titlepanel_step2.add(self.labelsubtitle_step2)
self.selectpanel_step2 = JPanel()
self.selectpanel_step2.add(self.labelip)
self.selectpanel_step2.add(self.upnpcombo_targets)
self.selectpanel_step2.add(self.labelupnp)
self.selectpanel_step2.add(self.upnpcombo_services)
self.selectpanel_step2.add(self.labelactions)
self.selectpanel_step2.add(self.upnpcombo_actions)
self.emptypanel_step2 = JPanel()
self.emptypanel_step2.setLayout(BorderLayout())
self.emptypanel_step2.add(self.labelempty_step2, BorderLayout.WEST)
self.emptypanel_step2.add(self.labelNoneServiceFound)
# Assembling second step panel components
self.panel_step2.add(self.titlepanel_step2, BorderLayout.NORTH)
self.panel_step2.add(self.selectpanel_step2, BorderLayout.WEST)
self.panel_step2.add(self.emptypanel_step2, BorderLayout.SOUTH)
self.uiPanelB.setTopComponent(self.panel_step2)
# Configuring third step panel
self.panel_step3 = JPanel()
self.panel_step3.setPreferredSize(Dimension(2250, 100))
self.panel_step3.setBorder(EmptyBorder(10, 10, 10, 10))
self.panel_step3.setLayout(BorderLayout(15, 15))
self.titlepanel_step3 = JPanel()
self.titlepanel_step3.setLayout(BorderLayout())
self.titlepanel_step3.add(self.labeltitle_step3, BorderLayout.NORTH)
self.titlepanel_step3.add(self.labelsubtitle_step3)
self.underpanel_step3 = JPanel()
self.underpanel_step3.setLayout(BorderLayout())
self.underpanel_step3.add((JScrollPane(self.textarea_request)),
BorderLayout.NORTH)
self.actionpanel_step3 = JPanel()
self.actionpanel_step3.add(self.intruderbutton)
self.actionpanel_step3.add(self.repeaterbutton)
self.extrapanel_step3 = JPanel()
self.extrapanel_step3.setLayout(BorderLayout())
self.extrapanel_step3.add(self.actionpanel_step3, BorderLayout.WEST)
# Assembling thirdd step panel components
self.panel_step3.add(self.titlepanel_step3, BorderLayout.NORTH)
self.panel_step3.add(self.underpanel_step3, BorderLayout.WEST)
self.panel_step3.add(self.extrapanel_step3, BorderLayout.SOUTH)
self.uiPanelB.setBottomComponent(self.panel_step3)
# Assembling the group of all panels
layout = GroupLayout(self.pluginTab)
self.pluginTab.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
layout.createSequentialGroup().addGap(10, 10, 10).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.uiTitle).addGap(15, 15, 15).addComponent(
self.uiPanelA)).addContainerGap(
26, Short.MAX_VALUE)))
layout.setVerticalGroup(
layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
layout.createSequentialGroup().addGap(15, 15, 15).addComponent(
self.uiTitle).addGap(15, 15, 15).addComponent(
self.uiPanelA).addGap(20, 20, 20).addGap(20, 20, 20)))
def extensionUnloaded(self):
# Unload the plugin, and if running stop the background thread
if self.upnpcombo_services.isEnabled():
if self.th.isAlive():
print("[+] Stopping thread %s") % self.th.getName()
self.STOP_THREAD = True
self.th.join()
else:
print("Thread %s already dead") % self.th.getName()
print("[+] Burp plugin UPnP BHunter successfully unloaded")
return
def getTabCaption(self):
return self.EXTENSION_NAME
def getUiComponent(self):
return self.pluginTab
def clearAll(self, e=None):
# Reset all data of the plugin
self.services_dict.clear()
self.progressbar.setString("Ready")
self.progressbar.setValue(0)
self.upnpcombo_targets.removeAllItems()
self.upnpcombo_targets.setEnabled(False)
self.upnpcombo_services.removeAllItems()
self.upnpcombo_services.setEnabled(False)
self.upnpcombo_actions.removeAllItems()
self.upnpcombo_actions.setEnabled(False)
self.intruderbutton.setEnabled(False)
self.repeaterbutton.setEnabled(False)
self.labelNoneServiceFound.setText(" ")
self.textarea_request.setText(" ")
print("[+] Clearing all data")
return
def startHunting(self, e=None):
# Starting the UPnP hunt
def startHunting_run():
# Initialize the internal parameters every time the start-discovery button is clicked
self.services_dict.clear()
found_loc = []
discovery_files = []
self.labelNoneServiceFound.setText(" ")
self.intruderbutton.setEnabled(False)
self.repeaterbutton.setEnabled(False)
# Then determine if targerting IPv4 or IPv6 adresses
if self.combo_ipversion.getSelectedItem() == "IPv4":
self.ipv4_selected = True
print("[+] Selected IPv4 address scope")
else:
self.ipv4_selected = False
print("[+] Selected IPv6 address scope")
# And here finally the hunt could start
self.progressbar.setString("Running...")
self.progressbar.setValue(20)
found_loc = self.discoverUpnpLocations()
self.progressbar.setValue(40)
discovery_files = self.downloadXMLfiles(found_loc)
self.progressbar.setValue(60)
self.buildSOAPs(discovery_files)
self.progressbar.setValue(80)
self.progressbar.setString("Done")
self.progressbar.setValue(100)
self.updateComboboxList(self.services_dict)
# Update the comboboxes list with the discovered UPnPs
if (self.services_dict):
self.upnpcombo_targets.setEnabled(True)
self.upnpcombo_services.setEnabled(True)
self.upnpcombo_actions.setEnabled(True)
self.intruderbutton.setEnabled(True)
self.repeaterbutton.setEnabled(True)
if self.STOP_THREAD:
return
# Start a background thread to run the above nested function in order to prevent the blocking of plugin UI
self.th = threading.Thread(target=startHunting_run)
#self.th.daemon = True # This does not seem to be useful
self.th.setName("th-BHunter")
self.th.start()
def ssdpReqBuilder(self, ssdp_timeout, st_type, ssdp_ip, ssdp_port):
# Builder of the two ssdp msearch request types
msearch_req = "M-SEARCH * HTTP/1.1\r\n" \
"HOST: {0}:{1}\r\n" \
"MAN: \"ssdp:discover\"\r\n" \
"MX: {2}\r\n" \
"ST: {3}\r\n" \
"\r\n" \
.format(ssdp_ip, ssdp_port, ssdp_timeout, st_type)
return msearch_req
def sendMsearch(self, ssdp_req, ssdp_ip, ssdp_port):
# Send the ssdp request and retrieve response
buf_resp = set()
if self.ipv4_selected:
print("[+] Creating IPv4 SSDP multicast request")
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
else:
print("[+] Creating IPv6 SSDP multicast request")
sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
sock.setblocking(0)
# Sending ssdp requests
while len(ssdp_req):
# Blocking socket client until the request is completely sent
try:
sent = sock.sendto(ssdp_req.encode("ASCII"),
(ssdp_ip, ssdp_port))
ssdp_req = ssdp_req[sent:]
except socket.error, exc:
if exc.errno != errno.EAGAIN:
print("[E] Got error %s with socket when sending") % exc
sock.close()
raise exc
print("[!] Blocking socket until ", len(ssdp_req), " is sent.")
select.select([], [sock], [])
continue
# Retrieving ssdp responses
num_resp = 0
while sock:
# Blocking socket until there are ssdp responses to be read or timeout is reached
readable, __, __ = select.select([sock], [], [], self.SSDP_TIMEOUT)
if not readable:
# Timeout reached without receiving any ssdp response
if num_resp == 0:
print(
"[!] Got timeout without receiving any ssdp response.")
break
else:
num_resp = num_resp + 1
# Almost an ssdp response was received
if readable[0]:
try:
data = sock.recv(1024)
if data:
buf_resp.add(data.decode('ASCII'))
except socket.error, exc:
print("[E] Got error %s with socket when receiving"
) % exc
sock.close()
raise exc
class BurpExtender(IBurpExtender, IScannerListener, ITab):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self.helpers = callbacks.helpers
callbacks.setExtensionName("Orchy-Webhook")
self.frame = JPanel()
self.frame.setSize(1024, 786)
self.frame.setLayout(None)
self.plugin_path = os.getcwd()
self.db_file_path = os.path.join(os.getcwd(), 'burp_db.json')
self.cwe_dict = json.load(open(self.db_file_path, 'r'))
self.results = {}
self.severity_dict = {
'Low': 1,
'Medium': 2,
'High': 3,
'Information': 0,
'Info': 0,
}
self.urls = []
self.confidence_dict = {'Certain': 3, 'Firm': 2, 'Tentative': 1}
callbacks.registerScannerListener(self)
button1 = JButton(ImageIcon(
((ImageIcon(self.plugin_path +
"/refresh.jpg")).getImage()).getScaledInstance(
13, 13, SCALE_SMOOTH)),
actionPerformed=self.refresh)
button1.setBounds(30, 50, 22, 22)
lbl0 = JLabel("Orchestron Webhook:")
lbl0.setFont(Font("", Font.BOLD, 12))
lbl0.setForeground(Color(0xFF7F50))
lbl0.setBounds(60, 20, 200, 20)
lbl1 = JLabel('Host')
lbl1.setBounds(60, 50, 100, 20)
self.txt1 = JComboBox()
self.txt1.setBounds(200, 50, 220, 24)
lbl2 = JLabel("Webhook Url")
lbl2.setBounds(60, 80, 100, 20)
self.txt2 = JTextField('', 300)
self.txt2.setBounds(200, 80, 220, 24)
lbl3 = JLabel("Authorization Token")
lbl3.setBounds(60, 110, 200, 20)
self.txt3 = JTextField('', 60)
self.txt3.setBounds(200, 110, 220, 24)
lbl4 = JLabel("Engagement-ID")
lbl4.setBounds(60, 140, 200, 20)
self.txt4 = JTextField('', 40)
self.txt4.setBounds(200, 140, 220, 24)
button2 = JButton('Push Results', actionPerformed=self.push)
button2.setBounds(200, 170, 120, 24)
self.message = JLabel('')
self.message.setBounds(330, 170, 180, 24)
self.frame.add(button1)
self.frame.add(lbl0)
self.frame.add(lbl1)
self.frame.add(self.txt1)
self.frame.add(lbl2)
self.frame.add(self.txt2)
self.frame.add(lbl3)
self.frame.add(self.txt3)
self.frame.add(lbl4)
self.frame.add(self.txt4)
self.frame.add(button2)
self.frame.add(self.message)
callbacks.customizeUiComponent(self.frame)
callbacks.addSuiteTab(self)
def refresh(self, event):
self.txt1.removeAllItems()
for host in self.results.keys():
self.txt1.addItem(host)
self.message.text = ''
def newScanIssue(self, issue):
callbacks = self._callbacks
# print "New Issue Identified:"+issue.getUrl().toString()
if callbacks.isInScope(issue.getUrl()) == 1:
self.tmp = issue.getUrl()
self.scheme = self.tmp.protocol
self.port = self.tmp.port
self.fqdn = self.tmp.host
if self.port == -1:
if self.scheme == 'https':
self.port = 443
elif self.scheme == 'http':
self.port = 80
else:
self.scheme = 'http'
self.port = 80
self.host = str(self.scheme + '://' + self.fqdn + ':' +
str(self.port))
if not self.results:
self.results[self.host] = {'scan_dict': {}}
for host in self.results.keys():
if host == self.host:
if str(issue.getIssueType()) in self.cwe_dict.keys():
name = self.cwe_dict.get(str(issue.getIssueType()),
'')[1]
cwe_id = self.cwe_dict.get(str(issue.getIssueType()),
'')[0]
else:
name = 'Burp IssueType - {0}'.format(
str(issue.getIssueType()))
cwe_id = 0
if name in self.results[host]['scan_dict'].keys():
old_evidance = self.results[host]['scan_dict'][
name].get('evidences')
for httpmessage in issue.getHttpMessages():
request = (httpmessage.getRequest().tostring()
if httpmessage.getRequest() else None)
request = b64encode(request.encode('utf-8'))
response = (httpmessage.getResponse().tostring()
if httpmessage.getResponse() else None)
response = b64encode(response.encode('utf-8'))
info_dict = {
'url': issue.getUrl().toString(),
'name': issue.getIssueName(),
'request': request,
'response': response
}
old_evidance.append(info_dict)
else:
severity = self.severity_dict.get(
issue.getSeverity(), '')
confidence = self.confidence_dict.get(
issue.getConfidence(), '')
evidences = []
for httpmessage in issue.getHttpMessages():
request = (httpmessage.getRequest().tostring()
if httpmessage.getRequest() else None)
request = b64encode(request.encode('utf-8'))
response = (httpmessage.getResponse().tostring()
if httpmessage.getResponse() else None)
response = b64encode(response.encode('utf-8'))
info_dict = {
'url': issue.getUrl().toString(),
'name': issue.getIssueName(),
'request': request,
'response': response
}
evidences.append(info_dict)
self.results[host]['scan_dict'][name] = {
'description': issue.getIssueDetail(),
'remediation': '',
'severity': severity,
'cwe': cwe_id,
'evidences': evidences
}
else:
self.results[self.host] = {'scan_dict': {}}
if str(issue.getIssueType()) in self.cwe_dict.keys():
name = self.cwe_dict.get(str(issue.getIssueType()),
'')[1]
cwe_id = self.cwe_dict.get(str(issue.getIssueType()),
'')[0]
else:
name = 'Burp IssueType - {0}'.format(
str(issue.getIssueType()))
cwe_id = 0
severity = self.severity_dict.get(issue.getSeverity(), '')
confidence = self.confidence_dict.get(
issue.getConfidence(), '')
evidences = []
for httpmessage in issue.getHttpMessages():
request = (httpmessage.getRequest().tostring()
if httpmessage.getRequest() else None)
request = b64encode(request.encode('utf-8'))
response = (httpmessage.getResponse().tostring()
if httpmessage.getResponse() else None)
response = b64encode(response.encode('utf-8'))
info_dict = {
'url': issue.getUrl().toString(),
'name': issue.getIssueName(),
'request': request,
'response': response
}
evidences.append(info_dict)
self.results[host]['scan_dict'][name] = {
'description': issue.getIssueDetail(),
'remediation': '',
'severity': severity,
'cwe': cwe_id,
'evidences': evidences
}
def push(self, event):
if self.txt1.getSelectedItem():
vulns = {}
vulns['tool'] = 'Burp'
vulns['vulnerabilities'] = []
for k, v in self.results[
self.txt1.getSelectedItem()]['scan_dict'].items():
vulnerability = {
'name': str(k),
'description': v.get('description', ''),
'remediation': '',
'severity': v.get('severity', None),
'cwe': v.get('cwe', 0),
'evidences': v.get('evidences', None)
}
vulns['vulnerabilities'].append(vulnerability)
if self.txt2.text and self.txt3.text:
webhook_url = self.txt2.text
auth_token = self.txt3.text
engagement_id = ''
if self.txt4.text:
engagement_id = self.txt4.text
req_headers = {
'Authorization': 'Token ' + auth_token,
'X-Engagement-ID': engagement_id
}
req = requests.post(webhook_url,
headers=req_headers,
json={'vuls': vulns})
if req.status_code == 200:
self.message.text = "Result pushed successfully"
with open('./orchy_log.txt', 'a') as orchy_log:
orchy_log.write(req.content + '\n')
orchy_log.close()
else:
with open('./orchy_log.txt', 'a') as orchy_log:
orchy_log.write(req.content + '\n')
orchy_log.close()
self.message.text = "Failed"
def getTabCaption(self):
return 'Orchy-Webhook'
def getUiComponent(self):
return self.frame
class EventsPane(WindowPane, ActionListener, DocumentListener):
def __init__(self, window, api):
self.api = api
self.component = JPanel(BorderLayout())
# Create editor pane
scrollpane = JScrollPane()
self.script_area = InputPane(window)
self.script_area.undo = UndoManager()
line_numbers = LineNumbering(self.script_area.component)
scrollpane.viewport.view = self.script_area.component
scrollpane.rowHeaderView = line_numbers.component
self.component.add(scrollpane, BorderLayout.CENTER)
# Create Selection pane
select_pane = JPanel()
self.objects_box = JComboBox([], actionCommand="object")
select_pane.add(self.objects_box)
self.events_box = JComboBox(
["update", "click"],
actionCommand="event"
)
self.event_types = [EventType.UPDATE, EventType.CLICK]
select_pane.add(self.events_box)
self.languages = list(ScriptType.values())
self.language_box = JComboBox(
[l.getName() for l in self.languages],
actionCommand="language"
)
select_pane.add(self.language_box)
self.save_btn = JButton("Save")
select_pane.add(self.save_btn)
self.component.add(select_pane, BorderLayout.PAGE_START)
self.events_box.addActionListener(self)
self.objects_box.addActionListener(self)
self.language_box.addActionListener(self)
self.save_btn.addActionListener(self)
self.current = None
self.update_geos()
interface.addEventListener("add", self.event_listener)
interface.addEventListener("remove", self.event_listener)
interface.addEventListener("rename", self.event_listener)
# Listen to script_area changes in order to know when the save
# button can be activated
self.script_area.doc.addDocumentListener(self)
# Hack to be able to change the objects_box
self.building_objects_box = False
self.active = False
def activate(self):
self.active = True
if self.must_update_geos:
self.update_geos()
def deactivate(self):
self.active = False
def indent_selection(self):
return self.script_area.indent_selection()
def dedent_selection(self):
return self.script_area.dedent_selection()
def update_geos(self):
self.must_update_geos = False
try:
self.building_objects_box = True
self.objects_box.removeAllItems()
self.geos = self.api.getAllGeos()
for geo in self.geos:
tp = API.Geo.getTypeString(geo)
label = API.Geo.getLabel(geo)
self.objects_box.addItem(tp + " " + label)
finally:
self.building_objects_box = False
if not self.geos:
self.current = None
self.objects_box.enabled = False
self.events_box.enabled = False
self.language_box.enabled = False
self.script_area.input = ""
self.script_area.component.enabled = False
else:
changed = False
if self.current is None:
index, event = 0, 1
changed = True
else:
geo, event = self.current
try:
index = self.geos.index(geo)
except ValueError:
index, event = 0, 1
changed = True
self.events_box.selectedIndex = event
self.objects_box.selectedIndex = index
self.events_box.enabled = True
self.objects_box.enabled = True
self.language_box.enabled = True
self.script_area.component.enabled = True
if changed:
self.update_script_area()
self.objects_box.repaint()
self.events_box.repaint()
def event_listener(self, evt, target):
if self.active:
self.update_geos()
else:
self.must_update_geos = True
def current_script_changed(self):
self.save_btn.enabled = True
def set_save_btn(self, state):
self.save_btn.enabled = state
def save_current_script(self):
if self.current is not None:
geo, evt = self.current
lang = self.language_box.selectedIndex
evt, lang = self.event_types[evt], self.languages[lang]
script = self.script_area.input
self.api.setScript(geo, script, evt, lang)
def update_script_area(self):
self.save_current_script()
geo_index = self.objects_box.selectedIndex
if geo_index == -1:
self.current = None
else:
geo = self.geos[geo_index]
evt = self.events_box.selectedIndex
self.current = geo, evt
script = API.Geo.getScript(geo, self.event_types[evt])
if script is None:
self.script_area.input = ""
else:
self.script_area.input = API.getScriptText(script)
self.language_box.selectedIndex = API.getScriptType(script).ordinal()
self.script_area.reset_undo()
later(self.set_save_btn, False)
def reset(self):
self.current = None
self.update_geos()
# Implementation of ActionListener
def actionPerformed(self, evt):
if self.building_objects_box:
return
if evt.actionCommand == "language":
self.save_btn.enabled = True
else:
self.update_script_area()
# Implementation of DocumentListener
def changedUpdate(self, evt):
self.current_script_changed()
def removeUpdate(self, evt):
self.current_script_changed()
def insertUpdate(self, evt):
self.current_script_changed()
