def getControlPanel():
global controlPanel
controlPanel = JPanel()
controlPanel.setLayout(BoxLayout(controlPanel, BoxLayout.Y_AXIS))
for row in keyLayout:
rowPanel = JPanel()
rowPanel.setLayout(BoxLayout(rowPanel, BoxLayout.X_AXIS))
controlPanel.add(rowPanel)
for key in row:
button = JButton(key[0], actionPerformed=handleKeyButton)
button.setActionCommand(key[1])
rowPanel.add(button)
global terminalResult
terminalResult = JTextArea()
scroller = JScrollPane(terminalResult)
terminalResult.setLineWrap(True)
scroller.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS)
scroller.setHorizontalScrollBarPolicy(ScrollPaneConstants.HORIZONTAL_SCROLLBAR_NEVER)
controlPanel.add(scroller)
global terminalInput
termInputPanel = JPanel()
termInputPanel.setLayout(BoxLayout(termInputPanel, BoxLayout.X_AXIS))
termInputLabel = JLabel("Command")
termInputPanel.add(termInputLabel)
terminalInput = JTextField(actionPerformed=handleTerminalInput)
minimumSize = terminalInput.getMinimumSize()
maximumSize = terminalInput.getMaximumSize()
terminalInput.setMaximumSize(Dimension(maximumSize.width, minimumSize.height))
termInputPanel.add(terminalInput)
controlPanel.add(termInputPanel)
return controlPanel
class ConversationWindow(Conversation):
"""A GUI window of a conversation with a specific person"""
def __init__(self, person, chatui):
"""ConversationWindow(basesupport.AbstractPerson:person)"""
Conversation.__init__(self, person, chatui)
self.mainframe = JFrame("Conversation with "+person.name)
self.display = JTextArea(columns=100,
rows=15,
editable=0,
lineWrap=1)
self.typepad = JTextField()
self.buildpane()
self.lentext = 0
def buildpane(self):
buttons = JPanel(doublebuffered)
buttons.add(JButton("Send", actionPerformed=self.send))
buttons.add(JButton("Hide", actionPerformed=self.hidewindow))
mainpane = self.mainframe.getContentPane()
mainpane.setLayout(BoxLayout(mainpane, BoxLayout.Y_AXIS))
mainpane.add(JScrollPane(self.display))
self.typepad.actionPerformed = self.send
mainpane.add(self.typepad)
mainpane.add(buttons)
def show(self):
self.mainframe.pack()
self.mainframe.show()
def hide(self):
self.mainframe.hide()
def sendText(self, text):
self.displayText("\n"+self.person.client.name+": "+text)
Conversation.sendText(self, text)
def showMessage(self, text, metadata=None):
self.displayText("\n"+self.person.name+": "+text)
def contactChangedNick(self, person, newnick):
Conversation.contactChangedNick(self, person, newnick)
self.mainframe.setTitle("Conversation with "+newnick)
#GUI code
def displayText(self, text):
self.lentext = self.lentext + len(text)
self.display.append(text)
self.display.setCaretPosition(self.lentext)
#actionlisteners
def hidewindow(self, ae):
self.hide()
def send(self, ae):
text = self.typepad.getText()
self.typepad.setText("")
if text != "" and text != None:
self.sendText(text)
def run_fn(event):
log_window = JFrame('Galahad Log')
log_text_area = JTextArea()
log_text_area.editable = False
log_window.setSize(400, 500)
log_window.add(log_text_area)
log_window.show()
log_text_area.append('sdfsdfsdfsdfsd %d' % 3)
def getListCellRendererComponent(self, lst, value, index, isSelected, cellHasFocus):
text = value["text"]
renderer = JTextArea(text=text)
renderer.foreground = self.colormap[value["type"]]
renderer.font = self.font
if isSelected:
renderer.background = Color.YELLOW
return renderer
def __init__(self, controller):
'''
Creates default empty console-looking panel.
It should be separated from the rest of the GUI so that users can choose
to show or hide the console. Or should it be a split panel?
This panel will display log and validation/lemmatization messages.
It might need its own toolbar for searching, etc.
It will also accept commands in later stages of development, if need be.
'''
#Give reference to controller to delegate action response
self.controller = controller
#Make text area occupy all available space and resize with parent window
self.setLayout(BorderLayout())
#Create console-looking area
self.editArea = JTextArea()
self.editArea.border = BorderFactory.createEmptyBorder(4,4,4,4)
self.editArea.font = Font("Courier New", Font.BOLD, 14)
self.editArea.background = Color.BLACK
self.editArea.foreground = Color.WHITE
self.editArea.text = "Console started. Nammu's log will appear here.\n\n"
#Will need scrolling controls
scrollingText = JScrollPane(self.editArea)
scrollingText.setPreferredSize(Dimension(1,150))
#Make text area auto scroll down to last printed line
caret = self.editArea.getCaret();
caret.setUpdatePolicy(DefaultCaret.ALWAYS_UPDATE);
#Add to parent panel
self.add(scrollingText, BorderLayout.CENTER)
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
#self.setLayout(GridLayout(0,1))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.panel1 = JPanel()
self.panel1.setLayout(BoxLayout(self.panel1, BoxLayout.Y_AXIS))
self.panel1.setAlignmentY(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("All Logs", actionPerformed=self.checkBoxEvent)
self.checkbox1 = JCheckBox("Application.Evtx", actionPerformed=self.checkBoxEvent)
self.checkbox2 = JCheckBox("Security.EVTX", actionPerformed=self.checkBoxEvent)
self.checkbox3 = JCheckBox("System.EVTX", actionPerformed=self.checkBoxEvent)
self.checkbox4 = JCheckBox("Other - Input in text area below then check this box", actionPerformed=self.checkBoxEvent)
self.panel1.add(self.checkbox)
self.panel1.add(self.checkbox1)
self.panel1.add(self.checkbox2)
self.panel1.add(self.checkbox3)
self.panel1.add(self.checkbox4)
self.add(self.panel1)
self.area = JTextArea(5,25)
#self.area.addKeyListener(self)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
#self.pane.addKeyListener(self)
#self.add(self.area)
self.add(self.pane)
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
#self.setLayout(GridLayout(0,1))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.panel1 = JPanel()
self.panel1.setLayout(BoxLayout(self.panel1, BoxLayout.Y_AXIS))
self.panel1.setAlignmentY(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("Check to activate/deactivate TextArea", actionPerformed=self.checkBoxEvent)
self.label0 = JLabel(" ")
self.label1 = JLabel("Input in SQLite DB's in area below,")
self.label2 = JLabel("seperate values by commas.")
self.label3 = JLabel("then check the box above.")
self.label4 = JLabel(" ")
self.panel1.add(self.checkbox)
self.panel1.add(self.label0)
self.panel1.add(self.label1)
self.panel1.add(self.label2)
self.panel1.add(self.label3)
self.panel1.add(self.label4)
self.add(self.panel1)
self.area = JTextArea(5,25)
#self.area.getDocument().addDocumentListener(self.area)
#self.area.addKeyListener(listener)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
#self.pane.addKeyListener(self.area)
#self.add(self.area)
self.add(self.pane)
def __init__(self):
self.frame = JFrame("Python Window")
self.historyList = JList(DefaultListModel())
self.historyList.cellRenderer = MyListCellRenderer()
#self.historyPanel.layout = BoxLayout(
# self.historyPanel,
# BoxLayout.Y_AXIS
#)
scrollpane = JScrollPane()
# JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,
# JScrollPane.HORIZONTAL_SCROLLBAR_NEVER
#)
# scrollpane.preferredSize = 400, 800
inputPanel = JPanel()
inputPanel.layout = GridLayout(1, 1)
self.input = JTextArea("")
self.input.border = BorderFactory.createEmptyBorder(5, 5, 5, 5)
self.input.tabSize = 4
self.input.font = Font("Monospaced", Font.PLAIN, 12)
#self.input.preferredSize = 500, 200
self.input.addKeyListener(self)
#self.button = JButton('Run', actionPerformed=self.run)
inputPanel.add(self.input)
#inputPanel.add(self.button)
scrollpane.viewport.view = self.historyList
self.frame.add(scrollpane, BorderLayout.CENTER)
self.frame.add(inputPanel, BorderLayout.PAGE_END)
self.frame.size = 500, 600
self.frame.visible = False
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
#self.setLayout(GridLayout(0,1))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.panel1 = JPanel()
self.panel1.setLayout(BoxLayout(self.panel1, BoxLayout.Y_AXIS))
self.panel1.setAlignmentY(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("Create Content View of Unique Event Id's", actionPerformed=self.checkBoxEvent)
self.checkbox4 = JCheckBox("Other - Input in text area below then check this box", actionPerformed=self.checkBoxEvent)
self.text1 = JLabel("*** Only run this once otherwise it adds it to the data again.")
self.text2 = JLabel(" ")
self.text3 = JLabel("*** Format is a comma delimited text ie: 8001, 8002")
self.panel1.add(self.checkbox)
self.panel1.add(self.text1)
self.panel1.add(self.text2)
self.panel1.add(self.checkbox4)
self.panel1.add(self.text3)
self.add(self.panel1)
self.area = JTextArea(5,25)
#self.area.addKeyListener(self)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
#self.pane.addKeyListener(self)
#self.add(self.area)
self.add(self.pane)
class LowHangingFruitUISettingsPanel(IngestModuleIngestJobSettingsPanel):
def __init__(self, settings):
self.local_settings = settings
self.initComponents()
def initComponents(self):
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
toolbar = JToolBar()
openb = JButton("Select", actionPerformed=self.onClick)
toolbar.add(openb)
self.area = JTextArea()
self.area.setBorder(BorderFactory.createEmptyBorder(10, 100, 10, 100))
pane = JScrollPane()
pane.getViewport().add(self.area)
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
self.panel.add(pane)
self.add(self.panel)
self.add(toolbar)
def onClick(self, e):
chooseFile = JFileChooser()
filter = FileNameExtensionFilter("SQLite", ["sqlite"])
chooseFile.addChoosableFileFilter(filter)
ret = chooseFile.showDialog(self.panel, "Select SQLite")
if ret == JFileChooser.APPROVE_OPTION:
file = chooseFile.getSelectedFile()
text = self.readPath(file)
self.area.setText(text)
def readPath(self, file):
global filename
filename = file.getCanonicalPath()
return filename
def getSettings(self):
return self.local_settings
def __init__(self, frame):
JWindow.__init__(self, frame)
self.textarea = JTextArea()
# TODO put this color with all the other colors
self.textarea.setBackground(Color(225,255,255))
self.textarea.setEditable(0)
self.jscrollpane = JScrollPane(self.textarea)
self.getContentPane().add(self.jscrollpane)
def __init__(self, group, chatui):
GroupConversation.__init__(self, group, chatui)
self.mainframe = JFrame(self.group.name)
self.headers = ["Member"]
self.memberdata = UneditableTableModel([], self.headers)
self.display = JTextArea(columns=100, rows=15, editable=0, lineWrap=1)
self.typepad = JTextField()
self.buildpane()
self.lentext = 0
def loadPanel(self):
panel = JPanel()
panel.setLayout(BoxLayout(panel, BoxLayout.Y_AXIS))
bottomButtonBarPanel = JPanel()
bottomButtonBarPanel.setLayout(BoxLayout(bottomButtonBarPanel, BoxLayout.X_AXIS))
bottomButtonBarPanel.setAlignmentX(1.0)
self.runButton = JButton("Run", actionPerformed=self.start)
self.cancelButton = JButton("Close", actionPerformed=self.cancel)
bottomButtonBarPanel.add(Box.createHorizontalGlue());
bottomButtonBarPanel.add(self.runButton)
bottomButtonBarPanel.add(self.cancelButton)
# Dimension(width,height)
bottom = JPanel()
bottom.setLayout(BoxLayout(bottom, BoxLayout.X_AXIS))
bottom.setAlignmentX(1.0)
self.progressBar = JProgressBar()
self.progressBar.setIndeterminate(False)
self.progressBar.setMaximum(100)
self.progressBar.setValue(0)
bottom.add(self.progressBar)
self.statusTextArea = JTextArea()
self.statusTextArea.setEditable(False)
scrollPane = JScrollPane(self.statusTextArea)
scrollPanel = JPanel()
scrollPanel.setLayout(BoxLayout(scrollPanel, BoxLayout.X_AXIS))
scrollPanel.setAlignmentX(1.0)
scrollPanel.add(scrollPane)
panel.add(scrollPanel)
panel.add(bottomButtonBarPanel)
panel.add(bottom)
self.add(panel)
self.setTitle("Determine Session Cookie(s)")
self.setSize(450, 300)
self.setLocationRelativeTo(None)
self.setVisible(True)
original_request_bytes = self.selected_message.getRequest()
http_service = self.selected_message.getHttpService()
helpers = self.callbacks.getHelpers()
request_info = helpers.analyzeRequest(http_service, original_request_bytes)
parameters = request_info.getParameters();
cookie_parameters = [parameter for parameter in parameters if parameter.getType() == IParameter.PARAM_COOKIE]
num_requests_needed = len(cookie_parameters) + 2
self.statusTextArea.append("This may require up to " + str(num_requests_needed) + " requests to be made. Hit 'Run' to begin.\n")
def __init__(self, person, chatui):
"""ConversationWindow(basesupport.AbstractPerson:person)"""
Conversation.__init__(self, person, chatui)
self.mainframe = JFrame("Conversation with "+person.name)
self.display = JTextArea(columns=100,
rows=15,
editable=0,
lineWrap=1)
self.typepad = JTextField()
self.buildpane()
self.lentext = 0
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
#self.autoScroll.setBounds(290, 45, 140, 30)
self.autoScroll.setBounds(160, 40, 140, 30)
self.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self.doUnauthorizedRequest.setBounds(290, 45, 300, 30)
self.doUnauthorizedRequest.setSelected(True)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;", 5, 30)
self.replaceString.setWrapStyleWord(True);
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Detector Unauthenticated", self.EDPnlUnauth)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.doUnauthorizedRequest)
self.pnl.add(self.filtersTabs)
def registerExtenderCallbacks(self, callbacks):
# properties
self._title = "Generate Python Template"
self._templatePath = '###### ----> PUT HERE THE ABSOLUTE PATH TO template.py <--- ####'
# set our extension name
callbacks.setExtensionName(self._title)
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# obtain std streams
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
# main pane (top/bottom)
self._mainpane = JPanel()
self._mainpane.setLayout( GridLayout(2,1) )
# configure bottom pane for buttons
self._botPane = JPanel()
flowLayout = FlowLayout()
self._botPane.setLayout( flowLayout )
self._botPane.add( JButton("Generate", actionPerformed=self.regeneratePy) )
self._botPane.add( JButton("Export", actionPerformed=self.exportPy) )
# Configure pyViewer (JTextArea) for python output --> top pane
self._pyViewer = JTextArea(5, 20);
scrollPane = JScrollPane(self._pyViewer);
self._pyViewer.setEditable(True);
self._pyViewer.setText( "Waiting request ..." );
### Assign top / bottom components
self._mainpane.add(scrollPane)
self._mainpane.add(self._botPane)
# customize our UI components
callbacks.customizeUiComponent(self._mainpane)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as a ContextMenuFactory
callbacks.registerContextMenuFactory(self)
return
def __init__(self):
#Class variable declarations
self.mainPanel = JPanel(GridLayout(1,2))
self.subPanel1 = JPanel(BorderLayout())
self.subPanel2 = JPanel(GridLayout(5,1))
self.userText = JTextArea(' ')
self.emoticonFeedback = JTextArea('This will consider your emoticon usage.')
self.curseFeedback = JTextArea('This will consider your use of profanity.')
self.styleFeedback = JTextArea('This will consider your general tone.')
self.overallFeedback = JTextArea('This will be your overall score.')
self.button = JButton("Score my email!",
actionPerformed=self.updateScores)
self.initGUI()
self.add(self.mainPanel)
self.setSize(800, 500)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setVisible(True)
class Tip(JWindow):
"""
Window which provides the user with information about the method.
For Python, this shows arguments, and the documention
For Java, this shows the signature(s) and return type
"""
MAX_HEIGHT = 300
MAX_WIDTH = 400
def __init__(self, frame):
JWindow.__init__(self, frame)
self.textarea = JTextArea()
# TODO put this color with all the other colors
self.textarea.setBackground(Color(225,255,255))
self.textarea.setEditable(0)
self.jscrollpane = JScrollPane(self.textarea)
self.getContentPane().add(self.jscrollpane)
def setText(self, tip):
self.textarea.setText(tip)
self.textarea.setCaretPosition(0)
#print >> sys.stderr, self.textarea.getPreferredScrollableViewportSize()
self.setSize(self.getPreferredSize())
def getPreferredSize(self):
# need to add a magic amount to the size to avoid scrollbars
# I'm sure there's a better way to do this
MAGIC = 20
size = self.textarea.getPreferredScrollableViewportSize()
height = size.height + MAGIC
width = size.width + MAGIC
if height > Tip.MAX_HEIGHT:
height = Tip.MAX_HEIGHT
if width > Tip.MAX_WIDTH:
width = Tip.MAX_WIDTH
return Dimension(width, height)
def showTip(self, tip, displayPoint):
self.setLocation(displayPoint)
self.setText(tip)
self.show()
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
# These two variable appears to be unused...
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel();
self.EDList = JList(self.EDModel);
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter",actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter",actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None);
self.EDPnl.setBounds(0, 0, 1000, 1000);
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def __init__(self):
""" generated source for method __init__ """
super(ConsolePanel, self).__init__(BorderLayout())
# Create an output console.
outputConsole = JTextArea()
outputConsole.setEditable(False)
outputConsole.setForeground(Color(125, 0, 0))
outputConsole.setText("(Console output will be displayed here.)\n\n")
outputConsolePane = JScrollPane(outputConsole)
setBorder(TitledBorder("Java Console:"))
add(outputConsolePane, BorderLayout.CENTER)
validate()
# Send the standard out and standard error streams
# to this panel, instead.
out = OutputStream()
System.setOut(PrintStream(out, True))
System.setErr(PrintStream(out, True))
def initUI(self):
global outputTextField
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
toolbar = JToolBar()
openb = JButton("Choose input file", actionPerformed=self.onClick)
outputLabel = JLabel(" Enter output file name: ")
outputTextField = JTextField("hl7OutputReport.txt", 5)
print outputTextField.getText()
toolbar.add(openb)
toolbar.add(outputLabel)
toolbar.add(outputTextField)
self.area = JTextArea()
self.area.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
self.area.setText("Select your HL7 ORU messages text file to be converted to tab-delimited flat \nfile with select HL7 fields.\n")
self.area.append("You can enter the path + file name for your output file or it will default to the current \nfile name in the text field above in your current working directory.")
pane = JScrollPane()
pane.getViewport().add(self.area)
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
self.panel.add(pane)
self.add(self.panel)
self.add(toolbar, BorderLayout.NORTH)
self.setTitle("HL7 ORU Results Reporter")
self.setSize(600, 300)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
return outputTextField.getText()
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = ["Scope items only: (Content is not required)","URL Contains (simple string): ","URL Contains (regex): ","URL Not Contains (simple string): ","URL Not Contains (regex): "]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel();
self.IFList = JList(self.IFModel);
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter",actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter",actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None);
self.filtersPnl.setBounds(0, 0, 1000, 1000);
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initComponents(self):
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
toolbar = JToolBar()
openb = JButton("Select", actionPerformed=self.onClick)
toolbar.add(openb)
self.area = JTextArea()
self.area.setBorder(BorderFactory.createEmptyBorder(10, 100, 10, 100))
pane = JScrollPane()
pane.getViewport().add(self.area)
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
self.panel.add(pane)
self.add(self.panel)
self.add(toolbar)
def __init__(self):
self.frame = JFrame("Python Window")
#self.historyList = JList(DefaultListModel())
#self.historyList.cellRenderer = MyListCellRenderer()
scrollpane = JScrollPane()
inputPanel = JPanel()
inputPanel.layout = GridLayout(1, 1)
self.input = JTextArea("")
self.input.border = BorderFactory.createEmptyBorder(5, 5, 5, 5)
self.input.tabSize = 4
self.input.font = Font("Monospaced", Font.PLAIN, 12)
self.input.addKeyListener(self)
inputPanel.add(self.input)
self.outputpane = OutputPane()
scrollpane.viewport.view = self.outputpane.textpane #self.historyList
self.frame.add(scrollpane, BorderLayout.CENTER)
self.frame.add(inputPanel, BorderLayout.PAGE_END)
self.frame.size = 500, 600
self.frame.visible = False
self.component = None
class tag(ITab):
def __init__(self, callbacks, name):
self._callbacks = callbacks
self.name = name
def getTabCaption(self):
return self.name
def getUiComponent(self):
return self.tabs
def setFontItalic(self, label):
label.setFont(
Font(label.getFont().getName(), Font.ITALIC,
label.getFont().getSize()))
def setFontBold(self, label):
label.setFont(Font('Serif', Font.BOLD, label.getFont().getSize()))
# 配置界面添加
def tagLoad(self):
# 创建窗口 开始
self.tabs = JTabbedPane()
self.settings = JPanel(GridBagLayout())
self.forward_requests_settings = JPanel(GridBagLayout())
self.white_list_domain_settings = JPanel(GridBagLayout())
self.white_list_http_method_settings = JPanel(GridBagLayout())
c = GridBagConstraints()
# 界面选项卡1-标签加载
self.tag_1_1(c)
self.tag_1_2(c)
# 界面选项卡2-标签加载
self.tag_2_1(c)
self.tag_2_2(c)
self.tag_2_3(c)
# 界面选项卡3-标签加载
self.tag_3_1(c)
# 界面选项卡4-标签加载
self.tag_4_1(c)
self.tag_4_2(c)
self.tag_4_3(c)
self.tag_4_4(c)
self.tag_4_5(c)
self.tag_4_6(c)
self.tag_4_7(c)
self.tag_4_8(c)
self.tag_4_9(c)
self.tag_4_10(c)
self.tag_4_11(c)
self.tag_4_12(c)
self.tag_4_13(c)
self.tag_4_14(c)
self.tag_4_15(c)
# 添加选项卡
self.tabs.addTab(u'基本设置', self.settings)
self.tabs.addTab(u'http请求转发设置', self.forward_requests_settings)
self.tabs.addTab(u'白名单域名设置', self.white_list_domain_settings)
self.tabs.addTab(u'白名单http方法设置', self.white_list_http_method_settings)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.addSuiteTab(self)
# 选项卡1-标签1-ui
def tag_1_1(self, c):
# 创建 检查框
self.is_start_box = JCheckBox(u'是否启动插件',
ForwardRequestsConfig.IS_START)
self.setFontBold(self.is_start_box)
self.is_start_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 1
self.settings.add(self.is_start_box, c)
# 在窗口添加一句话
is_start_box_lbl = JLabel(u'打勾-启动, 不打勾-关闭')
self.setFontItalic(is_start_box_lbl)
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 2
self.settings.add(is_start_box_lbl, c)
# 选项卡1-标签1-值
def isStartBox(self):
return self.is_start_box.isSelected()
# 选项卡1-标签2-ui
def tag_1_2(self, c):
# 创建 检查框
self.url_repeated_box = JCheckBox(
u'是否启动url重复验证', ForwardRequestsConfig.URL_REPEATED_VERIFY)
self.setFontBold(self.url_repeated_box)
self.url_repeated_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 3
self.settings.add(self.url_repeated_box, c)
# 在窗口添加一句话
url_repeated_box_lbl = JLabel(u'打勾-开启验证, 不打勾-关闭验证')
self.setFontItalic(url_repeated_box_lbl)
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 4
self.settings.add(url_repeated_box_lbl, c)
# 选项卡1-标签2-值
def urlRepeatedBox(self):
return self.url_repeated_box.isSelected()
# 选项卡2-标签1-ui
def tag_2_1(self, c):
# 创建 检查框
self.is_proxy_forward_requests_box = JCheckBox(
u'是否启动Proxy模块请求转发(推荐打勾)',
ForwardRequestsConfig.IS_START_PROXY_FORWARD_REQUESTS)
self.setFontBold(self.is_proxy_forward_requests_box)
self.is_proxy_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 1
self.forward_requests_settings.add(self.is_proxy_forward_requests_box,
c)
# 在窗口添加一句话
is_proxy_forward_requests_box_lbl = JLabel(u'打勾-启动, 不打勾-关闭')
self.setFontItalic(is_proxy_forward_requests_box_lbl)
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 2
self.forward_requests_settings.add(is_proxy_forward_requests_box_lbl,
c)
# 选项卡2-标签2-ui
def tag_2_2(self, c):
# 创建 检查框
self.is_repeater_forward_requests_box = JCheckBox(
u'是否启动Repeater模块请求转发',
ForwardRequestsConfig.IS_START_REPEATER_FORWARD_REQUESTS)
self.setFontBold(self.is_repeater_forward_requests_box)
self.is_repeater_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 3
self.forward_requests_settings.add(
self.is_repeater_forward_requests_box, c)
# 在窗口添加一句话
is_repeater_forward_requests_box_lbl = JLabel(u'打勾-启动, 不打勾-关闭')
self.setFontItalic(is_repeater_forward_requests_box_lbl)
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 4
self.forward_requests_settings.add(
is_repeater_forward_requests_box_lbl, c)
def tag_2_3(self, c):
self.url_forward_xray = JCheckBox(
u'是否将请求转发到xray', ForwardRequestsConfig.URL_FORWARD_XRAY)
self.setFontBold(self.url_forward_xray)
self.url_forward_xray.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 5
self.forward_requests_settings.add(self.url_forward_xray, c)
self.xray_listen_text_field = JTextField(u"127.0.0.1:7777")
c.fill = GridBagConstraints.BOTH
c.gridx = 0
c.gridy = 6
self.forward_requests_settings.add(self.xray_listen_text_field, c)
def xrayAddress(self):
return self.xray_listen_text_field.getText()
def xrayIsSelect(self):
return self.url_forward_xray.isSelected()
# 获取允许转发的burp模块列表
def getWhiteListModule(self):
white_list_module = []
if self.is_proxy_forward_requests_box.isSelected():
white_list_module.append(4)
if self.is_repeater_forward_requests_box.isSelected():
white_list_module.append(64)
return white_list_module
# 选项卡3-标签1-ui
def tag_3_1(self, c):
# 输入框-标题
lblParams = JLabel(u'请填写域名:')
self.setFontBold(lblParams)
lblParams.setForeground(Color(0, 0, 153))
c.gridx = 0
c.gridy = 0
c.insets = Insets(5, 5, 5, 5)
c.fill = GridBagConstraints.NONE
c.anchor = GridBagConstraints.FIRST_LINE_END
self.white_list_domain_settings.add(lblParams, c)
# 输入框
self.white_list_text_field = JTextField()
c.fill = GridBagConstraints.BOTH
c.gridx = 1
c.gridy = 0
self.white_list_domain_settings.add(self.white_list_text_field, c)
lblParamsNote = JLabel(u"白名单域名列表")
self.setFontItalic(lblParamsNote)
c.fill = GridBagConstraints.NONE
c.gridx = 0
c.gridy = 1
self.white_list_domain_settings.add(lblParamsNote, c)
# 添加 文本框
self.white_list_text_area = JTextArea()
self.white_list_text_area.setColumns(20)
self.white_list_text_area.setRows(10)
self.white_list_text_area.setEditable(False)
c.fill = GridBagConstraints.BOTH
self.white_list_mouse_listener = TextAreaMouseListener(
self.white_list_text_area)
self.white_list_text_area.addMouseListener(
self.white_list_mouse_listener)
# 向文本框添加数据
for name in white_list_names:
self.white_list_text_area.append(name + linesep())
c.gridx = 1
c.gridy = 1
sp = JScrollPane(self.white_list_text_area)
self.white_list_domain_settings.add(sp, c)
# 添加 删除 重置
buttonsPanel = JPanel(GridBagLayout())
_c = GridBagConstraints()
_c.insets = Insets(3, 3, 3, 3)
_c.gridx = 0
_c.fill = GridBagConstraints.BOTH
_c.weightx = 1
_c.gridwidth = 1
handlers = ButtonHandlers(self.white_list_text_field,
self.white_list_text_area,
self.white_list_mouse_listener,
white_list_names)
# 添加按钮
self.white_list_add_button = JButton(
u'添加', actionPerformed=handlers.handler_add)
_c.gridy = 1
buttonsPanel.add(self.white_list_add_button, _c)
# 删除按钮
self.white_list_rm_button = JButton(
u'删除', actionPerformed=handlers.handler_rm)
_c.gridy = 2
buttonsPanel.add(self.white_list_rm_button, _c)
# 重置按钮
self.white_list_restore_button = JButton(
u'重置', actionPerformed=handlers.handler_restore)
_c.gridy = 3
buttonsPanel.add(self.white_list_restore_button, _c)
c.gridx = 2
c.gridy = 1
c.fill = GridBagConstraints.NONE
self.white_list_domain_settings.add(buttonsPanel, c)
# 获取白名单域名列表
def getWhiteList(self):
return self.text_area_to_list(self.white_list_text_area)
# 获取指定text数据
def text_area_to_list(self, text_area):
l = []
text_list = text_area.getText().strip().split('\n')
for data in text_list:
if data == '':
continue
data = data.replace("\n", '')
data = data.replace("\r", '')
data = data.replace(" ", '')
data = data.strip(' ')
l.append(data)
return l
# 选项卡4-标签1-ui
def tag_4_1(self, c):
# 创建 检查框
self.is_get_forward_requests_box = JCheckBox(
u'转发GET请求', ForwardRequestsConfig.IS_GET_FORWARD_REQUESTS)
self.setFontBold(self.is_get_forward_requests_box)
self.is_get_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 1
self.white_list_http_method_settings.add(
self.is_get_forward_requests_box, c)
# 选项卡4-标签2-ui
def tag_4_2(self, c):
# 创建 检查框
self.is_post_forward_requests_box = JCheckBox(
u'转发POST请求', ForwardRequestsConfig.IS_POST_FORWARD_REQUESTS)
self.setFontBold(self.is_post_forward_requests_box)
self.is_post_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 2
self.white_list_http_method_settings.add(
self.is_post_forward_requests_box, c)
# 选项卡4-标签3-ui
def tag_4_3(self, c):
# 创建 检查框
self.is_put_forward_requests_box = JCheckBox(
u'转发PUT请求', ForwardRequestsConfig.IS_PUT_FORWARD_REQUESTS)
self.setFontBold(self.is_put_forward_requests_box)
self.is_put_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 3
self.white_list_http_method_settings.add(
self.is_put_forward_requests_box, c)
# 选项卡4-标签4-ui
def tag_4_4(self, c):
# 创建 检查框
self.is_patch_forward_requests_box = JCheckBox(
u'转发PATCH请求', ForwardRequestsConfig.IS_PATCH_FORWARD_REQUESTS)
self.setFontBold(self.is_patch_forward_requests_box)
self.is_patch_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 4
self.white_list_http_method_settings.add(
self.is_patch_forward_requests_box, c)
# 选项卡4-标签5-ui
def tag_4_5(self, c):
# 创建 检查框
self.is_delete_forward_requests_box = JCheckBox(
u'转发DELETE请求', ForwardRequestsConfig.IS_DELETE_FORWARD_REQUESTS)
self.setFontBold(self.is_delete_forward_requests_box)
self.is_delete_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 5
self.white_list_http_method_settings.add(
self.is_delete_forward_requests_box, c)
# 选项卡4-标签6-ui
def tag_4_6(self, c):
# 创建 检查框
self.is_copy_forward_requests_box = JCheckBox(
u'转发COPY请求', ForwardRequestsConfig.IS_COPY_FORWARD_REQUESTS)
self.setFontBold(self.is_copy_forward_requests_box)
self.is_copy_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 6
self.white_list_http_method_settings.add(
self.is_copy_forward_requests_box, c)
# 选项卡4-标签7-ui
def tag_4_7(self, c):
# 创建 检查框
self.is_head_forward_requests_box = JCheckBox(
u'转发HEAD请求', ForwardRequestsConfig.IS_HEAD_FORWARD_REQUESTS)
self.setFontBold(self.is_head_forward_requests_box)
self.is_head_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 7
self.white_list_http_method_settings.add(
self.is_head_forward_requests_box, c)
# 选项卡4-标签8-ui
def tag_4_8(self, c):
# 创建 检查框
self.is_options_forward_requests_box = JCheckBox(
u'转发OPTIONS请求', ForwardRequestsConfig.IS_OPTIONS_FORWARD_REQUESTS)
self.setFontBold(self.is_options_forward_requests_box)
self.is_options_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 8
self.white_list_http_method_settings.add(
self.is_options_forward_requests_box, c)
# 选项卡4-标签9-ui
def tag_4_9(self, c):
# 创建 检查框
self.is_link_forward_requests_box = JCheckBox(
u'转发LINK请求', ForwardRequestsConfig.IS_LINK_FORWARD_REQUESTS)
self.setFontBold(self.is_link_forward_requests_box)
self.is_link_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 9
self.white_list_http_method_settings.add(
self.is_link_forward_requests_box, c)
# 选项卡4-标签10-ui
def tag_4_10(self, c):
# 创建 检查框
self.is_unlink_forward_requests_box = JCheckBox(
u'转发UNLINK请求', ForwardRequestsConfig.IS_UNLINK_FORWARD_REQUESTS)
self.setFontBold(self.is_unlink_forward_requests_box)
self.is_unlink_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 10
self.white_list_http_method_settings.add(
self.is_unlink_forward_requests_box, c)
# 选项卡4-标签11-ui
def tag_4_11(self, c):
# 创建 检查框
self.is_purge_forward_requests_box = JCheckBox(
u'转发PURGE请求', ForwardRequestsConfig.IS_PURGE_FORWARD_REQUESTS)
self.setFontBold(self.is_purge_forward_requests_box)
self.is_purge_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 11
self.white_list_http_method_settings.add(
self.is_purge_forward_requests_box, c)
# 选项卡4-标签12-ui
def tag_4_12(self, c):
# 创建 检查框
self.is_lock_forward_requests_box = JCheckBox(
u'转发LOCK请求', ForwardRequestsConfig.IS_LOCK_FORWARD_REQUESTS)
self.setFontBold(self.is_lock_forward_requests_box)
self.is_lock_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 12
self.white_list_http_method_settings.add(
self.is_lock_forward_requests_box, c)
# 选项卡4-标签13-ui
def tag_4_13(self, c):
# 创建 检查框
self.is_unlock_forward_requests_box = JCheckBox(
u'转发UNLOCK请求', ForwardRequestsConfig.IS_UNLOCK_FORWARD_REQUESTS)
self.setFontBold(self.is_unlock_forward_requests_box)
self.is_unlock_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 13
self.white_list_http_method_settings.add(
self.is_unlock_forward_requests_box, c)
# 选项卡4-标签14-ui
def tag_4_14(self, c):
# 创建 检查框
self.is_propfind_forward_requests_box = JCheckBox(
u'转发PROPFIND请求',
ForwardRequestsConfig.IS_PROPFIND_FORWARD_REQUESTS)
self.setFontBold(self.is_propfind_forward_requests_box)
self.is_propfind_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 14
self.white_list_http_method_settings.add(
self.is_propfind_forward_requests_box, c)
# 选项卡4-标签15-ui
def tag_4_15(self, c):
# 创建 检查框
self.is_view_forward_requests_box = JCheckBox(
u'转发VIEW请求', ForwardRequestsConfig.IS_VIEW_FORWARD_REQUESTS)
self.setFontBold(self.is_view_forward_requests_box)
self.is_view_forward_requests_box.setForeground(Color(0, 0, 153))
c.insets = Insets(5, 5, 5, 5)
c.gridx = 0
c.gridy = 15
self.white_list_http_method_settings.add(
self.is_view_forward_requests_box, c)
# 获取白名单http方法
def getWhiteListHttpMethod(self):
l = []
if self.is_get_forward_requests_box.isSelected():
l.append('GET')
if self.is_post_forward_requests_box.isSelected():
l.append('POST')
if self.is_put_forward_requests_box.isSelected():
l.append('PUT')
if self.is_patch_forward_requests_box.isSelected():
l.append('PATCH')
if self.is_delete_forward_requests_box.isSelected():
l.append('DELETE')
if self.is_copy_forward_requests_box.isSelected():
l.append('COPY')
if self.is_head_forward_requests_box.isSelected():
l.append('HEAD')
if self.is_options_forward_requests_box.isSelected():
l.append('OPTIONS')
if self.is_link_forward_requests_box.isSelected():
l.append('LINK')
if self.is_unlink_forward_requests_box.isSelected():
l.append('UNLINK')
if self.is_purge_forward_requests_box.isSelected():
l.append('PURGE')
if self.is_lock_forward_requests_box.isSelected():
l.append('LOCK')
if self.is_unlock_forward_requests_box.isSelected():
l.append('UNLOCK')
if self.is_propfind_forward_requests_box.isSelected():
l.append('PROPFIND')
if self.is_view_forward_requests_box.isSelected():
l.append('VIEW')
return l
def __init__(self, callbacks, issue=defaultIssue, title="", modality=""):
"""Constructor, populates the dialog."""
# set the title
self.setTitle(title)
# store the issue
self.issue = issue
from javax.swing import JFrame
self.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE)
if modality is not "":
from java.awt.Dialog import ModalityType
modality = modality.lower()
# application blocks us from clicking anything else in Burp
if modality == "application":
self.setModalityType(ModalityType.APPLICATION_MODAL)
if modality == "document":
self.setModalityType(ModalityType.DOCUMENT_MODAL)
if modality == "modeless":
self.setModalityType(ModalityType.DOCUMENT_MODAL)
if modality == "toolkit":
self.setModalityType(ModalityType.DOCUMENT_MODAL)
# assert isinstance(callbacks, IBurpExtenderCallbacks)
# starting converted code from NetBeans
self.labelPath = JLabel("Path")
self.labelSeverity = JLabel("Severity")
self.tabIssue = JTabbedPane()
self.textAreaDescription = JTextArea()
self.textAreaRemediation = JTextArea()
# JScrollPanes to hold the two jTextAreas
# put the textareas in JScrollPanes
self.jsPaneDescription = JScrollPane(self.textAreaDescription)
self.jsPaneRemediation = JScrollPane(self.textAreaRemediation)
self.panelRequest = callbacks.createMessageEditor(None, True)
self.panelResponse = callbacks.createMessageEditor(None, True)
self.textName = JTextField()
self.textHost = JTextField()
self.textPath = JTextField()
self.labelHost = JLabel("Host")
self.labelName = JLabel("Name")
# buttons
self.buttonSave = JButton("Save",
actionPerformed=self.saveButtonAction)
self.buttonCancel = JButton("Cancel",
actionPerformed=self.cancelButtonAction)
self.buttonReset = JButton("Reset",
actionPerformed=self.resetButtonAction)
# description and remediation textareas
from java.awt import Dimension
self.textAreaDescription.setPreferredSize(Dimension(400, 500))
self.textAreaDescription.setLineWrap(True)
self.textAreaDescription.setWrapStyleWord(True)
self.textAreaRemediation.setLineWrap(True)
self.textAreaRemediation.setWrapStyleWord(True)
self.tabIssue.addTab("Description", self.jsPaneDescription)
self.tabIssue.addTab("Remediation", self.jsPaneRemediation)
# request and response tabs
# request tab
self.panelRequest.setMessage("", True)
self.tabIssue.addTab("Request", self.panelRequest.getComponent())
# response tab
self.panelResponse.setMessage("", False)
self.tabIssue.addTab("Response", self.panelResponse.getComponent())
# template
self.labelTemplate = JLabel("Template")
self.comboTemplate = JComboBox()
# TODO: Populate this from outside using a config file from the
# constructor? or perhaps the extension config
self.comboSeverity = JComboBox(
["Critical", "High", "Medium", "Low", "Info"])
self.comboSeverity.setSelectedIndex(-1)
# add componentlistener
dlgListener = DialogListener(self)
self.addComponentListener(dlgListener)
if issue is None:
issue = self.defaultIssue
# load the issue into the edit dialog.
self.loadPanel(issue)
# "here be dragons" GUI code
layout = GroupLayout(self.getContentPane())
self.getContentPane().setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(GroupLayout.Alignment.CENTER).addGroup(
layout.createSequentialGroup().addGroup(
layout.createParallelGroup(GroupLayout.Alignment.CENTER).
addGroup(layout.createSequentialGroup().addContainerGap(
).addGroup(layout.createParallelGroup().addGroup(
layout.createSequentialGroup().addGroup(
layout.createParallelGroup().addComponent(
self.labelTemplate).addComponent(
self.labelHost).
addComponent(self.labelName)).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addGroup(layout.createParallelGroup().addGroup(
layout.createSequentialGroup().addComponent(
self.comboTemplate)
).addGroup(layout.createSequentialGroup().addComponent(
self.textHost, GroupLayout.PREFERRED_SIZE, 212,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(self.labelPath).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(
self.textPath, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE, 800
)).addGroup(
GroupLayout.Alignment.TRAILING,
layout.createSequentialGroup().
addComponent(self.textName).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(
self.labelSeverity).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(
self.comboSeverity,
GroupLayout.PREFERRED_SIZE, 182,
GroupLayout.PREFERRED_SIZE)))
).addComponent(self.tabIssue))).addGroup(
layout.createSequentialGroup().addComponent(
self.buttonSave, GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.buttonReset, GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.buttonCancel,
GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE, GroupLayout.
PREFERRED_SIZE))).addContainerGap()))
# link size of buttons together
from javax.swing import SwingConstants
layout.linkSize(SwingConstants.HORIZONTAL,
[self.buttonCancel, self.buttonSave, self.buttonReset])
layout.setVerticalGroup(layout.createParallelGroup().addGroup(
GroupLayout.Alignment.TRAILING,
layout.createSequentialGroup().addContainerGap().addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.labelName).addComponent(
self.textName, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelSeverity).addComponent(
self.comboSeverity,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)).
addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textHost, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelPath).addComponent(self.textPath).
addComponent(self.labelHost)).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.comboTemplate, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelTemplate)).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(self.tabIssue).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup().addComponent(
self.buttonSave).addComponent(
self.buttonReset).addComponent(
self.buttonCancel)).addContainerGap()))
# end of converted code from NetBeans
# set the template label and combobox to invisible
self.labelTemplate.setVisible(False)
self.comboTemplate.setVisible(False)
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("All Logs",
actionPerformed=self.checkBoxEvent)
self.checkbox1 = JCheckBox("Application.Evtx",
actionPerformed=self.checkBoxEvent)
self.checkbox2 = JCheckBox("Security.EVTX",
actionPerformed=self.checkBoxEvent)
self.checkbox3 = JCheckBox("System.EVTX",
actionPerformed=self.checkBoxEvent)
self.checkbox4 = JCheckBox(
"Other - Input in text area below then check this box",
actionPerformed=self.checkBoxEvent)
# Scrollable text area for additional log names
self.area = JTextArea(3, 10)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.area.setEnabled(False)
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
self.add(self.checkbox)
self.add(self.checkbox1)
self.add(self.checkbox2)
self.add(self.checkbox3)
self.add(self.checkbox4)
self.add(self.pane)
self.add(JSeparator())
self.add(JSeparator())
self.filterCheckbox = JCheckBox("Filter",
actionPerformed=self.checkBoxEvent)
self.filterCheckbox.setLayout(
BoxLayout(self.filterCheckbox, BoxLayout.X_AXIS))
self.add(self.filterCheckbox)
self.filterPanel = JPanel()
self.filterPanel.setLayout(
BoxLayout(self.filterPanel, BoxLayout.X_AXIS))
self.filterField = JComboBox([
"Computer Name", "Event Identifier", "Event Level", "Source Name",
"Event Detail"
])
self.filterField.setEnabled(False)
self.filterField.setMaximumSize(self.filterField.getPreferredSize())
self.filterSelector = JComboBox(
["equals", "not equals", "contains", "starts with", "ends with"])
self.filterSelector.setEnabled(False)
self.filterSelector.setMaximumSize(
self.filterSelector.getPreferredSize())
self.filterInput = JTextField()
self.filterInput.setEnabled(False)
self.filterInput.setMaximumSize(
Dimension(512,
self.filterInput.getPreferredSize().height))
self.filterPanel.add(self.filterField)
self.filterPanel.add(self.filterSelector)
self.filterPanel.add(self.filterInput)
self.add(self.filterPanel)
self.sortCheckbox = JCheckBox("Sort Event Counts Descending",
actionPerformed=self.checkBoxEvent)
self.add(self.sortCheckbox)
class DetermineCookieFrame(JFrame):
""" This is the GUI for for the user to control the actions when
determining which cookie is the session cookie.
"""
def __init__(self, callbacks, selected_message):
super(DetermineCookieFrame, self).__init__()
self.callbacks = callbacks
self.selected_message = selected_message
self.windowClosing = self.close
def loadPanel(self):
panel = JPanel()
panel.setLayout(BoxLayout(panel, BoxLayout.Y_AXIS))
bottomButtonBarPanel = JPanel()
bottomButtonBarPanel.setLayout(BoxLayout(bottomButtonBarPanel, BoxLayout.X_AXIS))
bottomButtonBarPanel.setAlignmentX(1.0)
self.runButton = JButton("Run", actionPerformed=self.start)
self.cancelButton = JButton("Close", actionPerformed=self.cancel)
bottomButtonBarPanel.add(Box.createHorizontalGlue());
bottomButtonBarPanel.add(self.runButton)
bottomButtonBarPanel.add(self.cancelButton)
# Dimension(width,height)
bottom = JPanel()
bottom.setLayout(BoxLayout(bottom, BoxLayout.X_AXIS))
bottom.setAlignmentX(1.0)
self.progressBar = JProgressBar()
self.progressBar.setIndeterminate(False)
self.progressBar.setMaximum(100)
self.progressBar.setValue(0)
bottom.add(self.progressBar)
self.statusTextArea = JTextArea()
self.statusTextArea.setEditable(False)
scrollPane = JScrollPane(self.statusTextArea)
scrollPanel = JPanel()
scrollPanel.setLayout(BoxLayout(scrollPanel, BoxLayout.X_AXIS))
scrollPanel.setAlignmentX(1.0)
scrollPanel.add(scrollPane)
panel.add(scrollPanel)
panel.add(bottomButtonBarPanel)
panel.add(bottom)
self.add(panel)
self.setTitle("Determine Session Cookie(s)")
self.setSize(450, 300)
self.setLocationRelativeTo(None)
self.setVisible(True)
original_request_bytes = self.selected_message.getRequest()
http_service = self.selected_message.getHttpService()
helpers = self.callbacks.getHelpers()
request_info = helpers.analyzeRequest(http_service, original_request_bytes)
parameters = request_info.getParameters();
cookie_parameters = [parameter for parameter in parameters if parameter.getType() == IParameter.PARAM_COOKIE]
num_requests_needed = len(cookie_parameters) + 2
self.statusTextArea.append("This may require up to " + str(num_requests_needed) + " requests to be made. Hit 'Run' to begin.\n")
def start(self, event):
global cancelThread
cancelThread = False
self.runButton.setEnabled(False)
self.cancelButton.setText("Cancel")
thread = ThreadDetermineCookie(self.callbacks, self.selected_message, self.statusTextArea, self.progressBar)
thread.start()
def cancel(self, event):
self.setVisible(False);
self.dispose();
def close(self, event):
global cancelThread
cancelThread = True
def main():
binNaviProxy = StandAlone.getPluginInterface()
binNaviProxy.databaseManager.addDatabase("","com.mysql.jdbc.Driver","localhost","BINNAVI1","binnavi","binnavi",False,False)
db=binNaviProxy.databaseManager.databases[0]
db.connect()
db.load()
mods=db.getModules()
### initiate dialogBox to setect the module that should be used.
######################################################
frame = JFrame('BinNavi Module Selector',layout=BorderLayout(),
defaultCloseOperation = JFrame.EXIT_ON_CLOSE,
size = (1500, 800)
)
frame2 = JFrame('Function Selector',layout=BorderLayout(),
defaultCloseOperation = JFrame.EXIT_ON_CLOSE,
size = (30, 30)
)
frame2.setFocusableWindowState(False)
frame2.setFocusable(False)
frame2.setAlwaysOnTop(False)
#convert the module list into the string to be used in the TextBox.
textTemp = map((lambda x,y:"[%d]%s"%(x,y)),range(len(mods)),mods)
textStr=''.join(textTemp)
tx=JTextArea(textStr)
tx.setLineWrap(True);
tx.setWrapStyleWord(True);
frame.add(tx,BorderLayout.PAGE_START)
frame.visible = True
modInd = JOptionPane.showInputDialog(frame2, "Enter the index of the chosen module",
"Module selector");
#Open the module returned by the index
bfname=mods[int(modInd)] # this modules correxponds to the chosen module
bfname.load()
funcViews=bfname.views
#textTemp2 = ["[%d]%s"%(i,j) for i in range(len(funcViews)) for j in funcViews]
textTemp2=map((lambda x,y:"[%d]%s"%(x,y.toString()[5:18])),range(len(funcViews)),funcViews)
textStr1=''.join(textTemp2)
## remove the older text from the frame view
frame.remove(tx)
frame.update(frame.getGraphics())
frame.visible = False
## create a new textArea with the string made from all the functions' name
txStr=JTextArea(textStr1)
#tx.setsrcollOffset(20)
txStr.setLineWrap(True);
txStr.setWrapStyleWord(True);
frame.add(txStr,BorderLayout.PAGE_START)
frame.update(frame.getGraphics())
frame.visible = True
funcInd = JOptionPane.showInputDialog(frame2, "Enter the index of the function",
"Function selector");
######################################################
bffunc=bfname.views[int(funcInd)] #this is the view of the buildfname function
bffunc.load()
frame2.setVisible(False)
dispose(frame2)
bfReil=bffunc.getReilCode() # this is the REIL code of the function
bfReilGraph=bfReil.getGraph()
instGraph = InstructionGraph.create(bfReilGraph)
time.clock()
results=doAnalysis(instGraph)
totalTime=time.clock()
#print "resultsLen", len([r for r in results])
print "**** printing results *******\n"
print "Total time:", totalTime, '\n'
numNode=0
for n in instGraph:
numNode+=numNode
nIn=list(results.getState(n).inVal)
nIn.sort(key=itemgetter(0))
nOut=list(results.getState(n).out)
nOut.sort(key=itemgetter(0))
print '@@ ',n.getInstruction(),'\n'
print '\t In', nIn, '\n'
print '\t OUT', nOut, '\n'
print '\t memory: ',results.getState(n).memoryWritten, '\n'
print "++++ Total instructions: %d +++++\n"%numNode
#finally close the view of the function
bffunc.close()
#print bffunc.isLoaded()
#junky=raw_input("function closed. enter any charater")
print "Done! Closing the module selector window"
frame.setVisible(False)
dispose(frame)
class Process_EVTX1WithUISettingsPanel(IngestModuleIngestJobSettingsPanel):
# Note, we can't use a self.settings instance variable.
# Rather, self.local_settings is used.
# https://wiki.python.org/jython/UserGuide#javabean-properties
# Jython Introspector generates a property - 'settings' on the basis
# of getSettings() defined in this class. Since only getter function
# is present, it creates a read-only 'settings' property. This auto-
# generated read-only property overshadows the instance-variable -
# 'settings'
# We get passed in a previous version of the settings so that we can
# prepopulate the UI
# TODO: Update this for your UI
def __init__(self, settings):
self.local_settings = settings
self.initComponents()
self.customizeComponents()
# TODO: Update this for your UI
def checkBoxEvent(self, event):
if self.checkbox.isSelected():
self.local_settings.setSetting('All', 'true')
else:
self.local_settings.setSetting('All', 'false')
if self.checkbox1.isSelected():
self.local_settings.setSetting('Application', 'true')
else:
self.local_settings.setSetting('Application', 'false')
if self.checkbox2.isSelected():
self.local_settings.setSetting('Security', 'true')
else:
self.local_settings.setSetting('Security', 'false')
if self.checkbox3.isSelected():
self.local_settings.setSetting('System', 'true')
else:
self.local_settings.setSetting('System', 'false')
if self.checkbox4.isSelected():
self.local_settings.setSetting('Other', 'true')
self.area.setEnabled(True)
else:
self.local_settings.setSetting('Other', 'false')
self.area.setEnabled(False)
if self.filterCheckbox.isSelected():
self.local_settings.setSetting('Filter', 'true')
self.filterField.setEnabled(True)
self.filterSelector.setEnabled(True)
self.filterInput.setEnabled(True)
else:
self.local_settings.setSetting('Filter', 'false')
self.filterField.setEnabled(False)
self.filterSelector.setEnabled(False)
self.filterInput.setEnabled(False)
if self.sortCheckbox.isSelected():
self.local_settings.setSetting('SortDesc', 'true')
else:
self.local_settings.setSetting('SortDesc', 'false')
def keyPressed(self, event):
self.local_settings.setSetting('EventLogs', self.area.getText())
# TODO: Update this for your UI
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("All Logs",
actionPerformed=self.checkBoxEvent)
self.checkbox1 = JCheckBox("Application.Evtx",
actionPerformed=self.checkBoxEvent)
self.checkbox2 = JCheckBox("Security.EVTX",
actionPerformed=self.checkBoxEvent)
self.checkbox3 = JCheckBox("System.EVTX",
actionPerformed=self.checkBoxEvent)
self.checkbox4 = JCheckBox(
"Other - Input in text area below then check this box",
actionPerformed=self.checkBoxEvent)
# Scrollable text area for additional log names
self.area = JTextArea(3, 10)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.area.setEnabled(False)
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
self.add(self.checkbox)
self.add(self.checkbox1)
self.add(self.checkbox2)
self.add(self.checkbox3)
self.add(self.checkbox4)
self.add(self.pane)
self.add(JSeparator())
self.add(JSeparator())
self.filterCheckbox = JCheckBox("Filter",
actionPerformed=self.checkBoxEvent)
self.filterCheckbox.setLayout(
BoxLayout(self.filterCheckbox, BoxLayout.X_AXIS))
self.add(self.filterCheckbox)
self.filterPanel = JPanel()
self.filterPanel.setLayout(
BoxLayout(self.filterPanel, BoxLayout.X_AXIS))
self.filterField = JComboBox([
"Computer Name", "Event Identifier", "Event Level", "Source Name",
"Event Detail"
])
self.filterField.setEnabled(False)
self.filterField.setMaximumSize(self.filterField.getPreferredSize())
self.filterSelector = JComboBox(
["equals", "not equals", "contains", "starts with", "ends with"])
self.filterSelector.setEnabled(False)
self.filterSelector.setMaximumSize(
self.filterSelector.getPreferredSize())
self.filterInput = JTextField()
self.filterInput.setEnabled(False)
self.filterInput.setMaximumSize(
Dimension(512,
self.filterInput.getPreferredSize().height))
self.filterPanel.add(self.filterField)
self.filterPanel.add(self.filterSelector)
self.filterPanel.add(self.filterInput)
self.add(self.filterPanel)
self.sortCheckbox = JCheckBox("Sort Event Counts Descending",
actionPerformed=self.checkBoxEvent)
self.add(self.sortCheckbox)
# TODO: Update this for your UI
def customizeComponents(self):
self.checkbox.setSelected(
self.local_settings.getSetting('All') == 'true')
self.checkbox1.setSelected(
self.local_settings.getSetting('Application') == 'true')
self.checkbox2.setSelected(
self.local_settings.getSetting('Security') == 'true')
self.checkbox3.setSelected(
self.local_settings.getSetting('System') == 'true')
self.checkbox4.setSelected(
self.local_settings.getSetting('Other') == 'true')
self.area.setText(self.local_settings.getSetting('EventLogs'))
# Return the settings used
def getSettings(self):
self.local_settings.setSetting('EventLogs', self.area.getText())
self.local_settings.setSetting('FilterField',
self.filterField.getSelectedItem())
self.local_settings.setSetting('FilterMode',
self.filterSelector.getSelectedItem())
self.local_settings.setSetting('FilterInput',
self.filterInput.getText())
return self.local_settings
class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, FocusListener):
"""custom reporting extension implementation"""
def registerExtenderCallbacks(self, callbacks):
"""extension startup"""
# commons
self.EXTENSION_NAME = 'Report2text'
self.COLOR_RED = Color(0xff6633)
self.COLOR_BLACK = Color(0x0)
self._callbacks = callbacks
self._helpers = self._callbacks.getHelpers()
self._callbacks.setExtensionName(self.EXTENSION_NAME)
# menu
self._callbacks.registerContextMenuFactory(self)
# output tab
self._mainTextArea = JTextArea('initial text')
self._mainTextArea.editable = False
self._mainTextArea.setLineWrap(True)
self._mainTextArea.setWrapStyleWord(True)
self._mainTextArea.addFocusListener(self)
self._tab = JPanel(BorderLayout())
self._tab.add(JScrollPane(self._mainTextArea))
self._callbacks.addSuiteTab(self)
return
def createMenuItems(self, invocation):
"""iface IContextMenuFactory; context menu handler"""
menuItems = ArrayList()
if invocation.getInvocationContext() == invocation.CONTEXT_SCANNER_RESULTS:
menuItem = JMenuItem('Report2text')
menuItem.addActionListener(GenerateReportListener(self, invocation))
menuItems.add(menuItem)
return menuItems
def getTabCaption(self):
"""iface ITab; Return the text to be displayed on the tab"""
return self.EXTENSION_NAME
def getUiComponent(self):
"""iface ITab; Passes the UI to burp"""
return self._tab
def focusGained(self, event):
"""iface FocusListener; reset color on tab focus"""
self._setTabBackground(self.COLOR_BLACK)
def focusLost(self, event):
"""iface FocusListener;"""
def setReportText(self, text):
"""set report text"""
self._setTabBackground(self.COLOR_RED)
self._mainTextArea.text = text
def _setTabBackground(self, color):
"""set tab caption background"""
tabbedPane = self.getUiComponent().getParent()
for idx in range(tabbedPane.getTabCount()):
if tabbedPane.getTitleAt(idx) == self.EXTENSION_NAME:
tabbedPane.setBackgroundAt(idx, color);
class Process_EVTX1WithUISettingsPanel(IngestModuleIngestJobSettingsPanel):
# Note, we can't use a self.settings instance variable.
# Rather, self.local_settings is used.
# https://wiki.python.org/jython/UserGuide#javabean-properties
# Jython Introspector generates a property - 'settings' on the basis
# of getSettings() defined in this class. Since only getter function
# is present, it creates a read-only 'settings' property. This auto-
# generated read-only property overshadows the instance-variable -
# 'settings'
# We get passed in a previous version of the settings so that we can
# prepopulate the UI
# TODO: Update this for your UI
def __init__(self, settings):
self.local_settings = settings
self.initComponents()
self.customizeComponents()
# TODO: Update this for your UI
def checkBoxEvent(self, event):
if self.checkbox.isSelected():
self.local_settings.setFlag(True)
else:
self.local_settings.setFlag(False)
if self.checkbox1.isSelected():
self.local_settings.setFlag1(True)
else:
self.local_settings.setFlag1(False)
if self.checkbox2.isSelected():
self.local_settings.setFlag2(True)
else:
self.local_settings.setFlag2(False)
if self.checkbox3.isSelected():
self.local_settings.setFlag3(True)
else:
self.local_settings.setFlag3(False)
if self.checkbox4.isSelected():
self.local_settings.setFlag4(True)
self.local_settings.setArea(self.area.getText())
else:
self.local_settings.setFlag4(False)
def keyPressed(self, event):
self.local_settings.setArea(self.area.getText())
# TODO: Update this for your UI
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
#self.setLayout(GridLayout(0,1))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.panel1 = JPanel()
self.panel1.setLayout(BoxLayout(self.panel1, BoxLayout.Y_AXIS))
self.panel1.setAlignmentY(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("All Logs",
actionPerformed=self.checkBoxEvent)
self.checkbox1 = JCheckBox("Application.Evtx",
actionPerformed=self.checkBoxEvent)
self.checkbox2 = JCheckBox("Security.EVTX",
actionPerformed=self.checkBoxEvent)
self.checkbox3 = JCheckBox("System.EVTX",
actionPerformed=self.checkBoxEvent)
self.checkbox4 = JCheckBox(
"Other - Input in text area below then check this box",
actionPerformed=self.checkBoxEvent)
self.panel1.add(self.checkbox)
self.panel1.add(self.checkbox1)
self.panel1.add(self.checkbox2)
self.panel1.add(self.checkbox3)
self.panel1.add(self.checkbox4)
self.add(self.panel1)
self.area = JTextArea(5, 25)
#self.area.addKeyListener(self)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
#self.pane.addKeyListener(self)
#self.add(self.area)
self.add(self.pane)
# TODO: Update this for your UI
def customizeComponents(self):
self.checkbox.setSelected(self.local_settings.getFlag())
self.checkbox1.setSelected(self.local_settings.getFlag1())
self.checkbox2.setSelected(self.local_settings.getFlag2())
self.checkbox3.setSelected(self.local_settings.getFlag3())
self.checkbox4.setSelected(self.local_settings.getFlag4())
# Return the settings used
def getSettings(self):
return self.local_settings
def tag_3_1(self, c):
# 输入框-标题
lblParams = JLabel(u'请填写域名:')
self.setFontBold(lblParams)
lblParams.setForeground(Color(0, 0, 153))
c.gridx = 0
c.gridy = 0
c.insets = Insets(5, 5, 5, 5)
c.fill = GridBagConstraints.NONE
c.anchor = GridBagConstraints.FIRST_LINE_END
self.white_list_domain_settings.add(lblParams, c)
# 输入框
self.white_list_text_field = JTextField()
c.fill = GridBagConstraints.BOTH
c.gridx = 1
c.gridy = 0
self.white_list_domain_settings.add(self.white_list_text_field, c)
lblParamsNote = JLabel(u"白名单域名列表")
self.setFontItalic(lblParamsNote)
c.fill = GridBagConstraints.NONE
c.gridx = 0
c.gridy = 1
self.white_list_domain_settings.add(lblParamsNote, c)
# 添加 文本框
self.white_list_text_area = JTextArea()
self.white_list_text_area.setColumns(20)
self.white_list_text_area.setRows(10)
self.white_list_text_area.setEditable(False)
c.fill = GridBagConstraints.BOTH
self.white_list_mouse_listener = TextAreaMouseListener(
self.white_list_text_area)
self.white_list_text_area.addMouseListener(
self.white_list_mouse_listener)
# 向文本框添加数据
for name in white_list_names:
self.white_list_text_area.append(name + linesep())
c.gridx = 1
c.gridy = 1
sp = JScrollPane(self.white_list_text_area)
self.white_list_domain_settings.add(sp, c)
# 添加 删除 重置
buttonsPanel = JPanel(GridBagLayout())
_c = GridBagConstraints()
_c.insets = Insets(3, 3, 3, 3)
_c.gridx = 0
_c.fill = GridBagConstraints.BOTH
_c.weightx = 1
_c.gridwidth = 1
handlers = ButtonHandlers(self.white_list_text_field,
self.white_list_text_area,
self.white_list_mouse_listener,
white_list_names)
# 添加按钮
self.white_list_add_button = JButton(
u'添加', actionPerformed=handlers.handler_add)
_c.gridy = 1
buttonsPanel.add(self.white_list_add_button, _c)
# 删除按钮
self.white_list_rm_button = JButton(
u'删除', actionPerformed=handlers.handler_rm)
_c.gridy = 2
buttonsPanel.add(self.white_list_rm_button, _c)
# 重置按钮
self.white_list_restore_button = JButton(
u'重置', actionPerformed=handlers.handler_restore)
_c.gridy = 3
buttonsPanel.add(self.white_list_restore_button, _c)
c.gridx = 2
c.gridy = 1
c.fill = GridBagConstraints.NONE
self.white_list_domain_settings.add(buttonsPanel, c)
class Interfaz(JFrame):
def __init__(self):
super(Interfaz, self).__init__()
self.filename = ''
self.initUI()
def initUI(self):
self.panel = JPanel()
self.panel.setLayout(GridLayout(6, 3))
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
labelVacio1 = JLabel(' ')
labelVacio2 = JLabel(' ')
labelVacio3 = JLabel(' ')
labelVacio4 = JLabel(' ')
labelVacio5 = JLabel(' ')
labelVacio6 = JLabel(' ')
labelVacio7 = JLabel(' ')
labelVacio8 = JLabel(' ')
labelVacio9 = JLabel(' ')
labelVacio10 = JLabel(' ')
labelVacio11 = JLabel(' ')
labelVacio12 = JLabel(' ')
labelVacio13 = JLabel(' ')
labelVacio14 = JLabel(' ')
labelVacio15 = JLabel(' ')
labelVacio16 = JLabel(' ')
labelURL = JLabel(' Introduzca las URL que desee analizar:')
chkboxSync = JCheckBox('Sincronizacion de cookies')
self.textfieldURL = JTextField(15)
chkboxResp = JCheckBox('Restauracion de cookies')
labelFichero = JLabel(' O seleccione un fichero que las contenga:')
self.area = JTextArea()
pane = JScrollPane()
pane.getViewport().add(self.area)
panelFichero = JPanel()
panelFichero.setLayout(None)
buttonFichero = JButton("Seleccionar fichero",
actionPerformed=self.open)
buttonFichero.setBounds(10, 0, 200, 25)
panelFichero.add(buttonFichero)
buttonEjecutar = JButton("Ejecutar", actionPerformed=self.ejecutar)
buttonEjecutar.setFont(Font("Tahoma", Font.BOLD, 24))
self.panel.add(labelURL)
self.panel.add(labelVacio4)
self.panel.add(chkboxSync)
self.panel.add(self.textfieldURL)
self.panel.add(labelVacio6)
self.panel.add(chkboxResp)
self.panel.add(labelFichero)
self.panel.add(labelVacio9)
self.panel.add(labelVacio10)
self.panel.add(pane)
self.panel.add(panelFichero)
#self.panel.add(buttonFichero)
self.panel.add(labelVacio11)
self.panel.add(labelVacio12)
self.panel.add(labelVacio13)
self.panel.add(labelVacio14)
self.panel.add(labelVacio15)
self.panel.add(buttonEjecutar)
self.panel.add(labelVacio16)
self.add(self.panel)
self.setTitle(
"HERRAMIENTA PARA LA DETECCION DE TECNICAS DE SEGUIMIENTO DE USUARIOS EN LA WEB"
)
self.setSize(1000, 450)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
def open(self, e):
filechooser = JFileChooser()
filter = FileNameExtensionFilter("c files", ["c"])
filechooser.addChoosableFileFilter(filter)
ret = filechooser.showDialog(self.panel, "Elegir fichero")
if ret == JFileChooser.APPROVE_OPTION:
file = filechooser.getSelectedFile()
text = self.readFile(file)
self.area.setText(text)
def readFile(self, file):
filename = file.getCanonicalPath()
self.filename = filename
f = open(filename, "r")
text = f.read()
return text
def ejecutar(self, e):
JOptionPane.showMessageDialog(self.panel,
"Ejecutando...\n Espere unos minutos.",
"Info", JOptionPane.INFORMATION_MESSAGE)
print("Ejecutando...")
url = self.textfieldURL.getText()
fichero = self.area.getText()
urls_finales = ''
if url == '' and fichero == '':
self.error()
return
elif url != '' and fichero != '':
print("Hay url y fichero")
urls_finales = url + "\n" + fichero
#self.writeFile(urls,1)
elif fichero != '':
print("Hay fichero")
urls_finales = fichero
#self.writeFile(fichero,1)
elif url != '':
print("Hay url")
self.filename = "url"
urls_finales = url
#self.writeFile(url,1)
else:
print("Ha habido un error")
self.writeFile(urls_finales, 1)
f = open("bbdd.txt", "w")
f.write(self.filename + "1\n")
f.close()
subprocess.call("python demo.py", shell=True)
self.writeFile(urls_finales, 2)
f = open("bbdd.txt", "a")
f.write(self.filename + "2")
f.close()
subprocess.call("python demo.py", shell=True)
subprocess.call("python rastreo_analisis.py", shell=True)
self.initResultados()
def initResultados(self):
diag = JFrame()
self.lineas = list()
self.areaResultados = JTextArea()
numLineas = self.readResultados()
panelResultados = JPanel()
#panelResultados.setAutoscrolls(True)
panelResultados.setBorder(BorderFactory.createEtchedBorder())
panelResultados.setLayout(GridLayout(0, 1))
pane = JScrollPane(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,
JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED)
pane.viewport.view = self.areaResultados
#pane.getViewport().add(panelResultados)
# labels = list()
# for i in range(0,numLineas-1):
# labels.append(JLabel(''))
# labels[i].setText(self.lineas[i])
# area.setText(self.lineas[i])
#panelResultados.add(labels[i])
#panelResultados.add(JLabel('Holaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'))
diag.setTitle("RESULTADOS OBTENIDOS")
diag.setSize(1000, 450)
diag.setLayout(BorderLayout())
diag.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
diag.setLocationRelativeTo(None)
diag.setVisible(True)
panelResultados.add(pane)
diag.add(panelResultados, BorderLayout.CENTER)
def readResultados(self):
count = 0
f = open("resultados.txt", "r")
resultados = f.read()
self.areaResultados.setText(resultados)
for linea in f:
self.lineas.append(linea)
count += 1
return count
def writeFile(self, urls, crawl):
self.filename = self.filename.replace(".txt", '')
f = open("URLs.txt", "w")
f.write(self.filename + str(crawl) + ".txt" + '\n')
f.write(urls)
f.close()
#subprocess.call("python rastreo_analisis.py", shell= True)
def error(self):
JOptionPane.showMessageDialog(self.panel,
"Debes introducir una URL o un fichero",
"Error", JOptionPane.ERROR_MESSAGE)
class PluginUI():
def __init__(self, extender):
self.extender = extender
self.initComponents()
def showMessage(self, msg):
JOptionPane.showMessageDialog(self.mainPanel, msg)
def getProcessorTechName(self):
return self.comboProcessorTech.getSelectedItem()
def getGeneratorTechsName(self):
techList = []
if self.chkGeneral.isSelected(): techList.append('General')
if self.chkMAXDB.isSelected(): techList.append('SAP_MaxDB')
if self.chkMSSQL.isSelected(): techList.append('MSSQL')
if self.chkMSAccess.isSelected(): techList.append('MSAccess')
if self.chkPostgres.isSelected(): techList.append('PostgreSQL')
if self.chkOracle.isSelected(): techList.append('Oracle')
if self.chkSqlite.isSelected(): techList.append('SQLite')
if self.chkMysql.isSelected(): techList.append('MySQL')
return techList
def pastePayloadButtonAction(self, event):
clpbrd = Toolkit.getDefaultToolkit().getSystemClipboard()
content = clpbrd.getContents(None)
if content and content.isDataFlavorSupported(DataFlavor.stringFlavor):
items = content.getTransferData(DataFlavor.stringFlavor)
items = items.splitlines()
for item in items:
self.extender.PayloadList.append(item)
self.listPayloads.setListData(self.extender.PayloadList)
def removePayloadButtonAction(self, event):
for item in self.listPayloads.getSelectedValuesList():
self.extender.PayloadList.remove(item)
self.listPayloads.setListData(self.extender.PayloadList)
def clearPayloadButtonAction(self, event):
self.extender.PayloadList[:] = []
self.listPayloads.setListData(self.extender.PayloadList)
def addPayloadButtonAction(self, event):
if str(self.textNewPayload.text).strip():
self.extender.PayloadList.append(self.textNewPayload.text)
self.textNewPayload.text = ''
self.listPayloads.setListData(self.extender.PayloadList)
def toClipboardButtonAction(self, event):
self.extender.generatePayloads()
result = '\n'.join(self.extender.tamperedPayloads)
result = StringSelection(result)
clpbrd = Toolkit.getDefaultToolkit().getSystemClipboard()
clpbrd.setContents(result, None)
self.showMessage('{} url encoded payload copied to clipboard'.format(
len(self.extender.tamperedPayloads)))
def toFileButtonAction(self, event):
fileChooser = JFileChooser()
fileChooser.dialogTitle = 'Save Payloads'
fileChooser.fileSelectionMode = JFileChooser.FILES_ONLY
if (fileChooser.showSaveDialog(
self.mainPanel) == JFileChooser.APPROVE_OPTION):
file = fileChooser.getSelectedFile()
self.extender.generatePayloads()
result = '\n'
result = result.join(self.extender.tamperedPayloads)
with open(file.getAbsolutePath(), 'w') as writer:
writer.writelines(result)
self.showMessage('{} url encoded payload written to file'.format(
len(self.extender.tamperedPayloads)))
def tamperPayloadButtonAction(self, event):
tamperedPayloads = []
tamperFunction = self.comboProcessorTech.getSelectedItem()
payloads = self.textPlainPayload.text
payloads = payloads.splitlines()
for payload in payloads:
tamperedPayloads.append(
self.extender.tamperSinglePayload(tamperFunction, payload))
result = '\n'.join(tamperedPayloads)
self.textTamperedPayload.text = result
def initComponents(self):
TabbedPane1 = JTabbedPane()
GeneratorScrollPane = JScrollPane()
GeneratorPanel = JPanel()
jlbl1 = JLabel()
jlbl2 = JLabel()
spanePayloadList = JScrollPane()
self.listPayloads = JList()
pastePayloadButton = JButton(
actionPerformed=self.pastePayloadButtonAction)
removePayloadButton = JButton(
actionPerformed=self.removePayloadButtonAction)
clearPayloadButton = JButton(
actionPerformed=self.clearPayloadButtonAction)
self.textNewPayload = JTextField()
addPayloadButton = JButton(actionPerformed=self.addPayloadButtonAction)
jSeparator1 = JSeparator()
jlbl3 = JLabel()
jlbl4 = JLabel()
self.chkGeneral = JCheckBox()
self.chkMAXDB = JCheckBox()
self.chkMSSQL = JCheckBox()
self.chkMSAccess = JCheckBox()
self.chkPostgres = JCheckBox()
self.chkOracle = JCheckBox()
self.chkSqlite = JCheckBox()
self.chkMysql = JCheckBox()
jlbl5 = JLabel()
toClipboardButton = JButton(
actionPerformed=self.toClipboardButtonAction)
toFileButton = JButton(actionPerformed=self.toFileButtonAction)
ProcessorScrollPane = JScrollPane()
ProcessorPanel = JPanel()
jLabel1 = JLabel()
self.comboProcessorTech = JComboBox()
jSeparator2 = JSeparator()
jLabel2 = JLabel()
jLabel3 = JLabel()
jScrollPane1 = JScrollPane()
self.textPlainPayload = JTextArea()
jLabel4 = JLabel()
jScrollPane2 = JScrollPane()
self.textTamperedPayload = JTextArea()
tamperPayloadButton = JButton(
actionPerformed=self.tamperPayloadButtonAction)
jlbl1.setForeground(Color(255, 102, 51))
jlbl1.setFont(Font(jlbl1.getFont().toString(), 1, 14))
jlbl1.setText("User-Defiend Payloads")
jlbl2.setText(
"This payload type lets you configure a simple list of strings that are used as payloads."
)
spanePayloadList.setViewportView(self.listPayloads)
self.extender.PayloadList = [
"%", "'", "\"\"", "''", "'", "'--", "; waitfor delay '0:30:0'--",
"1;waitfor delay '0:30:0'--", "(\",)')(,(("
]
self.listPayloads.setListData(self.extender.PayloadList)
pastePayloadButton.setText("Paste")
pastePayloadButton.setActionCommand("pastePayloadButton")
# pastePayloadButton.addActionListener()
removePayloadButton.setText("Remove")
clearPayloadButton.setText("Clear")
self.textNewPayload.setToolTipText("")
addPayloadButton.setText("Add")
jlbl3.setForeground(Color(255, 102, 51))
jlbl3.setFont(Font(jlbl3.getFont().toString(), 1, 14))
jlbl3.setText("Tamper Techniques")
jlbl4.setText(
"You can select the techniques that you want to perform processing tasks on each user-defined payload"
)
self.chkGeneral.setText("General")
self.chkGeneral.setSelected(True)
self.chkMAXDB.setText("SAP MAX DB")
self.chkMSSQL.setText("MS SQL Server")
self.chkMSAccess.setText("MS Access")
self.chkPostgres.setText("Postgres SQL")
self.chkOracle.setText("Oracle")
self.chkSqlite.setText("Sqlite")
self.chkMysql.setText("MySql")
jlbl5.setText("[?] Save the Generated/Tampered Payloads to :")
toClipboardButton.setText("Clipboard")
toFileButton.setText("File")
GeneratorPanelLayout = GroupLayout(GeneratorPanel)
GeneratorPanel.setLayout(GeneratorPanelLayout)
GeneratorPanelLayout.setHorizontalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.TRAILING).addComponent(
jlbl2, GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jlbl4, GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE, GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jSeparator1, GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup().addGap(
6, 6, 6).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING,
False).addComponent(
removePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
clearPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).
addComponent(pastePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
addPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE)).
addGap(21, 21, 21).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addComponent(
self.textNewPayload).addComponent(
spanePayloadList))).addComponent(
jlbl1).addComponent(jlbl3).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkGeneral).addComponent(
self.chkMSSQL)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkPostgres).addComponent(
self.chkMAXDB)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkMSAccess).addComponent(
self.chkOracle)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkSqlite).addComponent(self.chkMysql)
)).addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(jlbl5).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(toClipboardButton).addGap(
18, 18,
18).addComponent(toFileButton,
GroupLayout.PREFERRED_SIZE,
97, GroupLayout.PREFERRED_SIZE
))))).addContainerGap()))
GeneratorPanelLayout.setVerticalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addComponent(jlbl1).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
jlbl2, GroupLayout.PREFERRED_SIZE, 21,
GroupLayout.PREFERRED_SIZE).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
spanePayloadList, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(pastePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(removePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(clearPayloadButton))).
addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textNewPayload,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addComponent(addPayloadButton)).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jSeparator1, GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(jlbl3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(jlbl4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkGeneral).addComponent(
self.chkMAXDB).addComponent(
self.chkOracle).addComponent(
self.chkSqlite)).
addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkMSSQL).addComponent(
self.chkPostgres).addComponent(
self.chkMSAccess).addComponent(
self.chkMysql)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jlbl5).addComponent(toClipboardButton).
addComponent(toFileButton)).addGap(20, 20, 20)))
GeneratorScrollPane.setViewportView(GeneratorPanel)
TabbedPane1.addTab("Generator", GeneratorScrollPane)
for item in self.extender.getTamperFuncsName():
self.comboProcessorTech.addItem(item)
self.comboProcessorTech.setSelectedIndex(0)
jLabel1.setText("Processor Technique :")
jLabel2.setText(
"Modify Plain Payloads based on the selected Processor Technique. Write one payload per line."
)
jLabel3.setText("Plain Payloads:")
self.textPlainPayload.setColumns(20)
self.textPlainPayload.setRows(5)
jScrollPane1.setViewportView(self.textPlainPayload)
jLabel4.setText("Tampered Payloads:")
self.textTamperedPayload.setColumns(20)
self.textTamperedPayload.setRows(5)
jScrollPane2.setViewportView(self.textTamperedPayload)
tamperPayloadButton.setText("Tamper Payload")
ProcessorPanelLayout = GroupLayout(ProcessorPanel)
ProcessorPanel.setLayout(ProcessorPanelLayout)
ProcessorPanelLayout.setHorizontalGroup(
ProcessorPanelLayout.
createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
GroupLayout.Alignment.TRAILING,
ProcessorPanelLayout.createSequentialGroup().addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE).addComponent(
tamperPayloadButton).addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
).addGroup(ProcessorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(jSeparator2).
addComponent(jScrollPane1).addComponent(jScrollPane2).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jLabel3).addComponent(jLabel4).addGroup(
ProcessorPanelLayout.createSequentialGroup(
).addComponent(jLabel1).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE, 286,
GroupLayout.PREFERRED_SIZE)).
addComponent(jLabel2)).addGap(
0, 78, Short.MAX_VALUE))).addContainerGap()))
ProcessorPanelLayout.setVerticalGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGap(
33, 33, 33).addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).
addComponent(jLabel1).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)).addGap(
18, 18, 18).addComponent(
jSeparator2,
GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addGap(
12, 12,
12).addComponent(jLabel2).addGap(
18, 18, 18).
addComponent(jLabel3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane1, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jLabel4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane2, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(tamperPayloadButton).addGap(36, 36, 36)))
ProcessorScrollPane.setViewportView(ProcessorPanel)
TabbedPane1.addTab("Processor", ProcessorScrollPane)
self.mainPanel = JPanel()
layout = GroupLayout(self.mainPanel)
self.mainPanel.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
TabbedPane1, GroupLayout.DEFAULT_SIZE, 701,
Short.MAX_VALUE))
layout.setVerticalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(TabbedPane1))
TabbedPane1.getAccessibleContext().setAccessibleName("Generator")
def initUI(self):
self.panel = JPanel()
self.panel.setLayout(GridLayout(6, 3))
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
labelVacio1 = JLabel(' ')
labelVacio2 = JLabel(' ')
labelVacio3 = JLabel(' ')
labelVacio4 = JLabel(' ')
labelVacio5 = JLabel(' ')
labelVacio6 = JLabel(' ')
labelVacio7 = JLabel(' ')
labelVacio8 = JLabel(' ')
labelVacio9 = JLabel(' ')
labelVacio10 = JLabel(' ')
labelVacio11 = JLabel(' ')
labelVacio12 = JLabel(' ')
labelVacio13 = JLabel(' ')
labelVacio14 = JLabel(' ')
labelVacio15 = JLabel(' ')
labelVacio16 = JLabel(' ')
labelURL = JLabel(' Introduzca las URL que desee analizar:')
chkboxSync = JCheckBox('Sincronizacion de cookies')
self.textfieldURL = JTextField(15)
chkboxResp = JCheckBox('Restauracion de cookies')
labelFichero = JLabel(' O seleccione un fichero que las contenga:')
self.area = JTextArea()
pane = JScrollPane()
pane.getViewport().add(self.area)
panelFichero = JPanel()
panelFichero.setLayout(None)
buttonFichero = JButton("Seleccionar fichero",
actionPerformed=self.open)
buttonFichero.setBounds(10, 0, 200, 25)
panelFichero.add(buttonFichero)
buttonEjecutar = JButton("Ejecutar", actionPerformed=self.ejecutar)
buttonEjecutar.setFont(Font("Tahoma", Font.BOLD, 24))
self.panel.add(labelURL)
self.panel.add(labelVacio4)
self.panel.add(chkboxSync)
self.panel.add(self.textfieldURL)
self.panel.add(labelVacio6)
self.panel.add(chkboxResp)
self.panel.add(labelFichero)
self.panel.add(labelVacio9)
self.panel.add(labelVacio10)
self.panel.add(pane)
self.panel.add(panelFichero)
#self.panel.add(buttonFichero)
self.panel.add(labelVacio11)
self.panel.add(labelVacio12)
self.panel.add(labelVacio13)
self.panel.add(labelVacio14)
self.panel.add(labelVacio15)
self.panel.add(buttonEjecutar)
self.panel.add(labelVacio16)
self.add(self.panel)
self.setTitle(
"HERRAMIENTA PARA LA DETECCION DE TECNICAS DE SEGUIMIENTO DE USUARIOS EN LA WEB"
)
self.setSize(1000, 450)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
self.setVisible(True)
class BurpExtender(IBurpExtender, ITab, IContextMenuFactory):
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# properties
self._title = "Generate Python Template"
self._templatePath = '###### ----> PUT HERE THE ABSOLUTE PATH TO template.py <--- ####'
# set our extension name
callbacks.setExtensionName(self._title)
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# obtain std streams
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
# main pane (top/bottom)
self._mainpane = JPanel()
self._mainpane.setLayout(GridLayout(2, 1))
# configure bottom pane for buttons
self._botPane = JPanel()
flowLayout = FlowLayout()
self._botPane.setLayout(flowLayout)
self._botPane.add(
JButton("Generate", actionPerformed=self.regeneratePy))
self._botPane.add(JButton("Export", actionPerformed=self.exportPy))
# Configure pyViewer (JTextArea) for python output --> top pane
self._pyViewer = JTextArea(5, 20)
scrollPane = JScrollPane(self._pyViewer)
self._pyViewer.setEditable(True)
self._pyViewer.setText("Waiting request ...")
### Assign top / bottom components
self._mainpane.add(scrollPane)
self._mainpane.add(self._botPane)
# customize our UI components
callbacks.customizeUiComponent(self._mainpane)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as a ContextMenuFactory
callbacks.registerContextMenuFactory(self)
return
def regeneratePy(self, event):
pass
def exportPy(self, event):
chooseFile = JFileChooser()
ret = chooseFile.showDialog(self._mainpane, "Choose file")
filename = chooseFile.getSelectedFile().getCanonicalPath()
self._stdout.println("Export to : " + filename)
open(filename, 'w', 0).write(self._pyViewer.getText())
#
# implement ITab
#
def getTabCaption(self):
return "PyTemplate"
def getUiComponent(self):
return self._mainpane
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
# add a new item executing our action
item = JMenuItem(
self._title,
actionPerformed=lambda x, inv=invocation: self.loadRequest(inv))
return [item]
def loadRequest(self, invocation):
pyCode = self.pythonHeader()
selectedMessages = invocation.getSelectedMessages()
self._numbMessages = len(selectedMessages)
self._currentMessageNumber = 1
for message in selectedMessages:
self._currentlyDisplayedItem = message
pyCode += self.generateRequest()
self._currentMessageNumber += 1
pyCode += '\n' + self.generateMain()
self._pyViewer.setText(pyCode)
def pythonHeader(self):
pyCode = "# -*- coding: utf-8 -*-\n\n"
pyCode += "import requests\n"
pyCode += "import time\n\n"
return pyCode
def formatHeaders(self, httpReqInfos):
headers = httpReqInfos.getHeaders()[
1:] #First header is method+path : GET/POST ..
formatHeaders = ""
name, content = headers[0].split(':', 1)
formatHeaders += 'headers["' + self.sanitizeStr(
name) + '"] = ' + '"' + self.sanitizeStr(content) + '"\n'
for header in headers[1:]:
name, content = header.split(':', 1)
if "Content-Length" not in name:
if "Cookie" in name and self._numbMessages > 1 and self._currentMessageNumber != 1:
continue
else:
formatHeaders += ' headers["' + self.sanitizeStr(
name) + '"] = ' + '"' + self.sanitizeStr(
content) + '"\n'
return formatHeaders
def sanitizeStr(self, strToValid):
valid = str(strToValid)
valid = valid.replace('"', '\\"')
return valid.strip()
def generateRequest(self):
httpInfos = self._currentlyDisplayedItem.getHttpService()
httpReq = self._currentlyDisplayedItem.getRequest()
requestInfos = self._helpers.analyzeRequest(httpInfos, httpReq)
pyTemplate = open(self._templatePath, 'r').read()
pyCode = pyTemplate.replace('$$NUM$$', str(self._currentMessageNumber))
pyCode = pyCode.replace('$$URL$$',
self.sanitizeStr(requestInfos.getUrl()))
pyCode = pyCode.replace('$$HEADERS$$',
self.formatHeaders(requestInfos))
pyCode = pyCode.replace('$$METHOD$$', requestInfos.getMethod())
if requestInfos.getMethod() == "GET":
trigger = "req = session.get(url, headers=headers, verify=False, allow_redirects=True)"
pyCode = pyCode.replace('$$TRIGGER$$', trigger)
pyCode = pyCode.replace('$$POST_DATA$$', '')
if requestInfos.getMethod() == "POST":
trigger = "req = session.post(url, headers=headers, data=post_data, verify=False, allow_redirects=True)"
pyCode = pyCode.replace('$$TRIGGER$$', trigger)
rawData = httpReq[requestInfos.getBodyOffset():].tostring()
dataPyCode = '## POST DATA\n'
dataPyCode += ' post_data = "' + self.sanitizeStr(
rawData) + '"\n'
pyCode = pyCode.replace('$$POST_DATA$$', dataPyCode)
return pyCode + '\n'
def generateMain(self):
pyCode = 'if __name__ == "__main__":\n'
pyCode += ' session = requests.Session()\n'
for i in xrange(1, self._numbMessages + 1):
pyCode += ' code_' + str(i) + ', time_' + str(
i) + ', response_' + str(i) + ' = performRequest_' + str(
i) + '(session)\n'
return pyCode
def get_setting_textarea():
textarea = JTextArea(100, 10)
#textarea.setMinimumSize(Dimension(400, 100))
return textarea
def main():
'''
Main function that implements main algorithm
'''
# a file where some log will be created which says how many functions are discovered etc.
logFile=raw_input("Enter the name of log file")
# this is provided as an extra file which is a pickled file comtains a list of functions
# that are found to be BOP. Its main purpose is: if you want to use these functions for some
# other analysis, just load this file and viola!!!
fileBOP=raw_input("Enter the file name (full path) to store (Pickled) BOP function's name: ")
interestingFuncs={} # dictionary of interesting functions
interestingFuncsLOC={} # dictionary of LOC in interesting functions
binNaviProxy = StandAlone.getPluginInterface()
################## place to set database connectivity parameter #########
binNaviProxy.databaseManager.addDatabase("","org.postgresql.Driver","localhost","DataBase_name","user","password",False,False)
########################################################################
db=binNaviProxy.databaseManager.databases[0]
db.connect()
db.load()
mods=db.getModules()
### initiate dialogBox to setect the module that should be used.
######################################################
frame = JFrame('BinNavi Module Selector',layout=BorderLayout(),
defaultCloseOperation = JFrame.EXIT_ON_CLOSE,
size = (500, 500)
)
frame2 = JFrame('Function Selector',layout=BorderLayout(),
defaultCloseOperation = JFrame.EXIT_ON_CLOSE,
size = (30, 30)
)
#convert the module list into the string to be used in the TextBox.
## This gives a very ugly box to select the required function (yes, I am bit lazy to learn Java Swing!!).
textTemp = map((lambda x,y:"[%d]%s"%(x,y)),range(len(mods)),mods)
textStr=''.join(textTemp)
tx=JTextArea(textStr)
tx.setLineWrap(True);
tx.setWrapStyleWord(True);
frame.add(tx,BorderLayout.PAGE_START)
frame.visible = True
modInd = JOptionPane.showInputDialog(frame2, "Enter the index of the chosen module",
"Module selector");
#Open the module returned by the index
bfname=mods[int(modInd)] # this modules correxponds to the chosen module
bfname.load()
funcViews=bfname.views
frame2.setVisible(False)
dispose(frame2)
######################################################
analyzedFunctions = 0
totalDiscoveredLoops=0
totalInterestingLoops=0
time.clock()
for funcInd in range(1,len(funcViews)):
BBnum=funcViews[funcInd].getNodeCount()
if BBnum <4:
print "skipped"
continue #do not analyse function if num of BB less than 4
print 'analyzing %s'%funcViews[funcInd].getName()
dominatingSets={}#dictionary to keep dominating nodes of a node
bffunc=bfname.views[int(funcInd)] #this is the view of the buildfname function
bffunc.load()
try:
bfReil=bffunc.getReilCode() # this is the REIL code of the function
except:
print "error in getReilCode()"
bffunc.close()
gc.collect()
continue
bfReilGraph=bfReil.getGraph()
try:
#dominatorTree = GraphAlgorithms.getDominatorTree(bfReilGraph, findRoot(bfReilGraph.getNodes())) #only for BinNavi v 3.0
dominatorTree = GraphAlgorithms.getDominatorTree(bfReilGraph, findRoot(bfReilGraph.getNodes()),None)
except:
print "dominator tree problem.. continue with the next function"
bffunc.close()
gc.collect()
continue
fillDominatingSets(dominatorTree.getRootNode(), dominatingSets, None)
# let us find loops in this function
finalLoops=findLoops(bfReilGraph,dominatingSets)
if finalLoops ==None:
bffunc.close()
gc.collect()
continue
analyzedFunctions = analyzedFunctions +1
totalDiscoveredLoops = totalDiscoveredLoops + len(finalLoops)
# check if the loops are potential candidates for being interesting.
# this is done by checking if there are atleast 2 STM statements in each loop.
#print "privious length", len(finalLoops)
if len(finalLoops)== 0:
bffunc.close()
gc.collect()
continue
for lp in finalLoops.keys():
countSTM=0
for lpn in finalLoops[lp]:
inst=lpn.getInstructions()
for i in inst:
if i.getMnemonic() == 'stm':
countSTM=countSTM+1
if countSTM >0:
break
if countSTM <= 0:
del finalLoops[lp]
#print "latest length", len(finalLoops)
if len(finalLoops)== 0:
bffunc.close()
gc.collect()
continue
instGraph = InstructionGraph.create(bfReilGraph)
interestingFuncs[funcViews[funcInd].getName()]=[]
for k in finalLoops.keys():
print 'analysing loop at %s-%s'%(k[0],k[1])
if k[0] == k[1]:
print "skipping this loop as src= dest"
continue
#check to skip very big loops i.e. loops having 100 BB
if len(finalLoops[k]) > 100:
print "very big loop, skipping!"
continue
if isInteresting(finalLoops[k],instGraph) ==True:
totalInterestingLoops = totalInterestingLoops + 1
interestingFuncs[funcViews[funcInd].getName()].append(k)
interestingFuncsLOC[str(funcViews[funcInd].getName())]=sum([len(x.getInstructions()) for x in (getCodeNodes(bffunc.getGraph()))])
print 'loop at %s IS interesting.'%k[0]
else:
print 'loop at %s is NOT interesting.'%k[0]
#finally close the view of the function
bffunc.close()
gc.collect()
#print bffunc.isLoaded()
#junky=raw_input("function closed. enter any charater")
totalTime=time.clock()
# remove the function entries that do not have any interesting loops
for ky in interestingFuncs.keys():
if len(interestingFuncs[ky]) == 0:
del interestingFuncs[ky]
# write the results in a file
#
outFile=open(logFile,'w')
outFile.write('########## Global Results ###########\n')
outFile.write('Total Functions in the module: ')
outFile.write(str(len(funcViews)))
outFile.write('\nTotal Analyzed Functions in the module: ')
outFile.write(str(analyzedFunctions))
outFile.write('\nTotal Interesting Functions in the module: ')
outFile.write(str(len(interestingFuncs)))
outFile.write('\nTotal loops discovered in the module: ')
outFile.write(str(totalDiscoveredLoops))
outFile.write('\nTotal INTERESTING loops discovered in the module: ')
outFile.write(str(totalInterestingLoops))
outFile.write('\nTotal Time: ')
outFile.write(str(totalTime))
outFile.write('\n')
outFile.write('########## Global Results ###########\n')
for k in interestingFuncs.keys():
outFile.write("%s: %s: %d"%(str(k), "LOC", interestingFuncsLOC[k]))
outFile.write('\n')
for l in interestingFuncs[k]:
outFile.write('\t')
outFile.write(str(l))
outFile.write('\n')
outFile.close()
# before we save these BOPS, we include few widely known BOPs which are given int eh following list
knownBOPs = ['strcpy', 'strncpy', 'memcpy','wcscpy']
for fn in knownBOPs:
interestingFuncs[fn] = []
# save the function name as pickled objects
fileBOPFd=open(fileBOP+'.pkl', 'w')
pickle.dump(interestingFuncs.keys(), fileBOPFd)
fileBOPFd.close()
print "[*] Pickled in the file %s"%fileBOP+'.pkl'
print "Done! Closing the module selector window"
frame.setVisible(False)
dispose(frame)
class BurpExtender(IBurpExtender, IContextMenuFactory, JFrame):
def registerExtenderCallbacks(self, callbacks):
print '------------------------------Welcome to the Burp Suite Wordlist Creator----------------------------------'
print 'Right click HTML or JSON responses in the Target tab to gather all unique words gathered from the response'
# print '##########################################################################################################'
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self.context = None
self.hosts = set()
#Define extension properties
callbacks.setExtensionName("Custom Wordlist")
callbacks.registerContextMenuFactory(self)
#wordlist file
self.wordlist = []
#Setup space for save dialogue to sit in.
self.panel = JPanel()
self.panel.setLayout(BorderLayout())
self.area = JTextArea()
self.area.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
pane = JScrollPane()
pane.getViewport().add(self.area)
self.panel.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10))
self.panel.add(pane)
self.add(self.panel)
self.setTitle("File chooser")
self.setSize(300, 250)
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLocationRelativeTo(None)
#this is just providing a place where the save box can sit in, no need for it to be visible on start
self.setVisible(False)
return
def createMenuItems(self, context_menu):
self.context = context_menu
menu_list = ArrayList()
#gather the information that is right-clicked
menu_list.add(
JMenuItem("Custom Wordlist", actionPerformed=self.wordlistCreate))
return menu_list
def wordlistCreate(self, event):
#gathers information from the context menu, can be perused through with getResponse()
http_traffic = self.context.getSelectedMessages()
self.wordlist = []
words = []
host = ''
#thanks BHP
for traffic in http_traffic:
http_service = traffic.getHttpService()
host = http_service.getHost()
print "Host is " + host + "\n"
# when called from the Site Map (they only way I want to use it)
# getSelectedMessages() returns nothing
# we need go get all selected messages from the host the scope by calling getSiteMap() instead
if self.context.getInvocationContext(
) == self.context.CONTEXT_TARGET_SITE_MAP_TREE or self.context.getInvocationContext(
) == self.context.CONTEXT_TARGET_SITE_MAP_TABLE:
print "Called from the Site Map, which means we are about to process ALL the messages from it. It might take a while!\n"
http_sitemap_traffic = self._callbacks.getSiteMap(
http_service.getProtocol() + "://" +
http_service.getHost())
i = 0
for straffic in http_sitemap_traffic:
http_response = straffic.getResponse()
if http_response != None:
words = self.handleTraffic(http_response)
i = i + 1
self.wordlist.extend(words)
print "Processed " + str(i) + " requests"
else:
http_response = traffic.getResponse()
if http_response:
words = self.handleTraffic(http_response)
#add a list to the wordlist
self.wordlist.extend(words)
#after all words have been added, write to file
self.filewrite(host)
def handleTraffic(self, http_response):
print '#######################################Creating Wordlist...###############################################'
headers, body = http_response.tostring().split('\r\n\r\n', 1)
soup = BeautifulSoup(body, "html.parser")
w_list = []
#To look for more headers, add content-type
#if the content is not JSON
if headers.lower().find("content-type: application/json") == -1:
w_list = self.workwithhtml(soup)
elif headers.lower().find("content-type: application/json"):
w_list = self.workwithjson(body)
return w_list
def workwithhtml(self, soup):
#values to be added to the wordlsit
w_list = []
#list of numbers found larger than 4 characters
numbers = []
#strip tags from content (only gather text)
[
s.extract() for s in soup(
['style', 'script', '[document]', 'head', 'title', 'nav'])
]
#soup output has to be encoded
words = soup.get_text().encode('utf-8')
#encode wordlist with ascii, replacing unknown chars with '?' which will be stripped later on. Solves issues with the ' character as a result of a failed encoding
words = words.encode('ascii', 'replace')
#sub all special chars with blank space
bad_chars = re.escape(string.punctuation)
bad_chars = bad_chars.replace("\'", "")
#split on whitespace
for w in words.split(" "):
#strip new lines
w = w.strip('\n')
#replace all new lines
w = w.replace("\n", "")
numbers = self.numspresent(w, numbers)
w_list = self.addtolist(w, w_list, bad_chars)
#if there are no numbers greater than 4 chars
if not numbers:
print 'No interesting numbers found.'
else:
print 'Potentially interesting number for mangling:'
#print all interesting numbers found
for i in numbers:
print i
return w_list
def workwithjson(self, body):
#values to be added to the wordlist
jList = []
#list of numbers found larger than 4 characters
numbers = []
json_data = json.loads(body)
#sub special chars with blank space
bad_chars = re.escape(string.punctuation)
bad_chars = bad_chars.replace("\'", "")
for key, w in json_data.items():
#check for numbers
numbers = self.numspresent(key, numbers)
numbers = self.numspresent(w, numbers)
#handle the key and value for Json Data
jList = self.addtolist(key, jList, bad_chars)
jList = self.addtolist(w, jList, bad_chars)
if not numbers:
print 'No interesting numbers found.'
else:
print 'Potentially interesting number for mangling:'
#print all interesting numbers found
for i in numbers:
print i
return jList
#check if there are numbers present in the value, if there are, add to list to be printed later.
def numspresent(self, value, numbers):
if len(value) >= 4 and value.isdigit():
if value in numbers:
pass
else:
numbers.append(value)
w = ''
return numbers
def addtolist(self, value, wList, bad_chars):
# bad_chars instantiated further up, essentially a list of special chars apart from '
stripchars = re.sub(r'[' + bad_chars + ']', '', value)
#strip numbers from value, nums already found.
value = re.sub('[0-9]', '', stripchars)
#grab strings that are of a reasonable length
if len(value) >= 3 and len(value) < 12:
value = self.checkforcontraction(value)
wList.append(value.strip().lower())
return wList
def checkforcontraction(self, value):
if "'" in value:
if "'s" in value:
pass
elif "n't" in value:
pass
elif "'v" in value:
pass
elif "'r" in value:
pass
elif "'l" in value:
pass
elif "s'" in value:
pass
else:
value = value.replace("'", "")
return value
def filewrite(self, hosts):
print 'Preparing wordlist for the host: ' + hosts
print '##########################################################################################################'
wlist = list(set(self.wordlist))
self.promptuser(wlist)
def promptuser(self, wlist):
fileChooser = JFileChooser()
filter = FileNameExtensionFilter("Text Files", ["txt"])
#shows only text files in the save menu prompt
fileChooser.setFileFilter(filter)
ret = fileChooser.showSaveDialog(self.panel)
#if they have selected the save option
if ret == JFileChooser.APPROVE_OPTION:
file = fileChooser.getSelectedFile()
#get the path that the user selected
filepath = str(file.getCanonicalPath())
with open(filepath, 'a+') as f:
for word in sorted(wlist):
if word == '':
pass
else:
f.write(word + '\n')
print 'Wordlist created at: ' + filepath
print '##########################################################################################################\n'
class PythonWindow(KeyListener):
def __init__(self):
self.frame = JFrame("Python Window")
self.historyList = JList(DefaultListModel())
self.historyList.cellRenderer = MyListCellRenderer()
#self.historyPanel.layout = BoxLayout(
# self.historyPanel,
# BoxLayout.Y_AXIS
#)
scrollpane = JScrollPane()
# JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,
# JScrollPane.HORIZONTAL_SCROLLBAR_NEVER
#)
# scrollpane.preferredSize = 400, 800
inputPanel = JPanel()
inputPanel.layout = GridLayout(1, 1)
self.input = JTextArea("")
self.input.border = BorderFactory.createEmptyBorder(5, 5, 5, 5)
self.input.tabSize = 4
self.input.font = Font("Monospaced", Font.PLAIN, 12)
#self.input.preferredSize = 500, 200
self.input.addKeyListener(self)
#self.button = JButton('Run', actionPerformed=self.run)
inputPanel.add(self.input)
#inputPanel.add(self.button)
scrollpane.viewport.view = self.historyList
self.frame.add(scrollpane, BorderLayout.CENTER)
self.frame.add(inputPanel, BorderLayout.PAGE_END)
self.frame.size = 500, 600
self.frame.visible = False
def toggle_visibility(self):
self.frame.visible = not self.frame.visible
def add(self, text, type="input"):
self.historyList.model.addElement({"text": text, "type": type})
self.historyList.validate()
self.frame.validate()
last = self.historyList.model.getSize() - 1
self.historyList.ensureIndexIsVisible(last)
def write(self, text):
self.add(text, "output")
def run(self, evt):
source = self.input.text
if not source.strip():
self.input.text = ""
return
processed_source = source.replace("$", "geo.")
code = interface.compileinteractive(processed_source)
if code in ("continue", "error"):
code = interface.compilemodule(processed_source)
if code == "error":
return
self.add(source.strip())
result = interface.run(code)
if result == "OK":
self.input.text = ""
def keyPressed(self, evt):
pass
def keyReleased(self, evt):
pass
def keyTyped(self, evt):
if evt.keyChar == '\n':
# Only try to run compound statements when they end with
# two \n
source = self.input.text
lines = source.split("\n")
if lines[0].rstrip().endswith(":") and not source.endswith("\n\n"):
for i, c in enumerate(lines[-2]):
if c not in ' \t': break
else:
self.run(evt)
return
prefix = lines[-2][:i]
if lines[-2].endswith(":"):
prefix += '\t'
self.input.text = source + prefix
else:
self.run(evt)
class Process_EVTX1WithUISettingsPanel(IngestModuleIngestJobSettingsPanel):
# Note, we can't use a self.settings instance variable.
# Rather, self.local_settings is used.
# https://wiki.python.org/jython/UserGuide#javabean-properties
# Jython Introspector generates a property - 'settings' on the basis
# of getSettings() defined in this class. Since only getter function
# is present, it creates a read-only 'settings' property. This auto-
# generated read-only property overshadows the instance-variable -
# 'settings'
# We get passed in a previous version of the settings so that we can
# prepopulate the UI
# TODO: Update this for your UI
def __init__(self, settings):
self.local_settings = settings
self.initComponents()
self.customizeComponents()
# TODO: Update this for your UI
def checkBoxEvent(self, event):
if self.checkbox.isSelected():
self.local_settings.setSetting('All', 'true')
else:
self.local_settings.setSetting('All', 'false')
if self.checkbox4.isSelected():
self.local_settings.setSetting('Other', 'true')
self.local_settings.setSetting('Eventids', self.area.getText());
# self.local_settings.setFlag(False)
# self.checkbox.setSelected(self.local_settings.getFlag())
else:
self.local_settings.setSetting('Other', 'false')
def keyPressed(self, event):
self.local_settings.setArea('Eventids', self.area.getText())
# TODO: Update this for your UI
def initComponents(self):
self.setLayout(BoxLayout(self, BoxLayout.Y_AXIS))
#self.setLayout(GridLayout(0,1))
self.setAlignmentX(JComponent.LEFT_ALIGNMENT)
self.panel1 = JPanel()
self.panel1.setLayout(BoxLayout(self.panel1, BoxLayout.Y_AXIS))
self.panel1.setAlignmentY(JComponent.LEFT_ALIGNMENT)
self.checkbox = JCheckBox("Create Content View of Unique Event Id's", actionPerformed=self.checkBoxEvent)
self.checkbox4 = JCheckBox("Other - Input in text area below then check this box", actionPerformed=self.checkBoxEvent)
self.text1 = JLabel("*** Only run this once otherwise it adds it to the data again.")
self.text2 = JLabel(" ")
self.text3 = JLabel("*** Format is a comma delimited text ie: 8001, 8002")
self.panel1.add(self.checkbox)
self.panel1.add(self.text1)
self.panel1.add(self.text2)
self.panel1.add(self.checkbox4)
self.panel1.add(self.text3)
self.add(self.panel1)
self.area = JTextArea(5,25)
#self.area.addKeyListener(self)
self.area.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0))
self.pane = JScrollPane()
self.pane.getViewport().add(self.area)
#self.pane.addKeyListener(self)
#self.add(self.area)
self.add(self.pane)
# TODO: Update this for your UI
def customizeComponents(self):
self.checkbox.setSelected(self.local_settings.getSetting('All') == 'true')
self.checkbox4.setSelected(self.local_settings.getSetting('Other') == 'true')
self.area.setText(self.local_settings.getSetting('Eventids'))
# Return the settings used
def getSettings(self):
return self.local_settings
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Autorize")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self._enfocementStatuses = ["Authorization bypass!","Authorization enforced??? (please configure enforcement detector)","Authorization enforced!"]
self.intercept = 0
self.initInterceptionFilters()
self.initEnforcementDetector()
self.initEnforcementDetectorUnauthorized()
self.initExport()
self.initConfigurationTab()
self.initTabs()
self.initCallbacks()
self.currentRequestNumber = 1
print "Thank you for installing Autorize v0.12 extension"
print "Created by Barak Tawily"
print "Contributors: Barak Tawily, Federico Dotta"
print "\nGithub:\nhttps://github.com/Quitten/Autorize"
return
def initExport(self):
#
## init enforcement detector tab
#
exportLType = JLabel("File Type:")
exportLType.setBounds(10, 10, 100, 30)
exportLES = JLabel("Enforcement Statuses:")
exportLES.setBounds(10, 50, 160, 30)
exportFileTypes = ["HTML","CSV"]
self.exportType = JComboBox(exportFileTypes)
self.exportType.setBounds(100, 10, 200, 30)
exportES = ["All Statuses", self._enfocementStatuses[0], self._enfocementStatuses[1], self._enfocementStatuses[2]]
self.exportES = JComboBox(exportES)
self.exportES.setBounds(100, 50, 200, 30)
exportLES = JLabel("Statuses:")
exportLES.setBounds(10, 50, 100, 30)
self.exportButton = JButton("Export",actionPerformed=self.export)
self.exportButton.setBounds(390, 25, 100, 30)
self.exportPnl = JPanel()
self.exportPnl.setLayout(None);
self.exportPnl.setBounds(0, 0, 1000, 1000);
self.exportPnl.add(exportLType)
self.exportPnl.add(self.exportType)
self.exportPnl.add(exportLES)
self.exportPnl.add(self.exportES)
self.exportPnl.add(self.exportButton)
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
# These two variable appears to be unused...
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel();
self.EDList = JList(self.EDModel);
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter",actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter",actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None);
self.EDPnl.setBounds(0, 0, 1000, 1000);
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def initEnforcementDetectorUnauthorized(self):
#
## init enforcement detector tab
#
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = ["Headers (simple string): (enforced message headers contains)", "Headers (regex): (enforced messege headers contains)", "Body (simple string): (enforced messege body contains)", "Body (regex): (enforced messege body contains)", "Full request (simple string): (enforced messege contains)", "Full request (regex): (enforced messege contains)", "Content-Length: (constant Content-Length number of enforced response)"]
self.EDTypeUnauth = JComboBox(EDStrings)
self.EDTypeUnauth.setBounds(80, 10, 430, 30)
self.EDTextUnauth = JTextArea("", 5, 30)
self.EDTextUnauth.setBounds(80, 50, 300, 110)
self.EDModelUnauth = DefaultListModel();
self.EDListUnauth = JList(self.EDModelUnauth);
self.EDListUnauth.setBounds(80, 175, 300, 110)
self.EDListUnauth.setBorder(LineBorder(Color.BLACK))
self.EDAddUnauth = JButton("Add filter",actionPerformed=self.addEDFilterUnauth)
self.EDAddUnauth.setBounds(390, 85, 120, 30)
self.EDDelUnauth = JButton("Remove filter",actionPerformed=self.delEDFilterUnauth)
self.EDDelUnauth.setBounds(390, 210, 120, 30)
self.EDPnlUnauth = JPanel()
self.EDPnlUnauth.setLayout(None);
self.EDPnlUnauth.setBounds(0, 0, 1000, 1000);
self.EDPnlUnauth.add(EDLType)
self.EDPnlUnauth.add(self.EDTypeUnauth)
self.EDPnlUnauth.add(EDLContent)
self.EDPnlUnauth.add(self.EDTextUnauth)
self.EDPnlUnauth.add(self.EDAddUnauth)
self.EDPnlUnauth.add(self.EDDelUnauth)
self.EDPnlUnauth.add(EDLabelList)
self.EDPnlUnauth.add(self.EDListUnauth)
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = ["Scope items only: (Content is not required)","URL Contains (simple string): ","URL Contains (regex): ","URL Not Contains (simple string): ","URL Not Contains (regex): "]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel();
self.IFList = JList(self.IFModel);
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter",actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter",actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None);
self.filtersPnl.setBounds(0, 0, 1000, 1000);
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
#self.autoScroll.setBounds(290, 45, 140, 30)
self.autoScroll.setBounds(160, 40, 140, 30)
self.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self.doUnauthorizedRequest.setBounds(290, 45, 300, 30)
self.doUnauthorizedRequest.setSelected(True)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;", 5, 30)
self.replaceString.setWrapStyleWord(True);
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Detector Unauthenticated", self.EDPnlUnauth)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.doUnauthorizedRequest)
self.pnl.add(self.filtersTabs)
def initTabs(self):
#
## init autorize tabs
#
self.logTable = Table(self)
self.logTable.setAutoCreateRowSorter(True)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("ID").setPreferredWidth(Math.round(tableWidth / 50 * 2))
self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 24))
self.logTable.getColumn("Orig. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Modif. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Unauth. Length").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Authorization Enforcement Status").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Authorization Unauth. Status").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self))
self.menuES0 = JCheckBoxMenuItem(self._enfocementStatuses[0],True)
self.menuES1 = JCheckBoxMenuItem(self._enfocementStatuses[1],True)
self.menuES2 = JCheckBoxMenuItem(self._enfocementStatuses[2],True)
self.menuES0.addItemListener(menuTableFilter(self))
self.menuES1.addItemListener(menuTableFilter(self))
self.menuES2.addItemListener(menuTableFilter(self))
copyURLitem = JMenuItem("Copy URL");
copyURLitem.addActionListener(copySelectedURL(self))
self.menu = JPopupMenu("Popup")
self.menu.add(copyURLitem)
self.menu.add(self.menuES0)
self.menu.add(self.menuES1)
self.menu.add(self.menuES2)
self.tabs = JTabbedPane()
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._originalrequestViewer = self._callbacks.createMessageEditor(self, False)
self._originalresponseViewer = self._callbacks.createMessageEditor(self, False)
self._unauthorizedrequestViewer = self._callbacks.createMessageEditor(self, False)
self._unauthorizedresponseViewer = self._callbacks.createMessageEditor(self, False)
self.tabs.addTab("Modified Request", self._requestViewer.getComponent())
self.tabs.addTab("Modified Response", self._responseViewer.getComponent())
self.tabs.addTab("Original Request", self._originalrequestViewer.getComponent())
self.tabs.addTab("Original Response", self._originalresponseViewer.getComponent())
self.tabs.addTab("Unauthenticated Request", self._unauthorizedrequestViewer.getComponent())
self.tabs.addTab("Unauthenticated Response", self._unauthorizedresponseViewer.getComponent())
self.tabs.addTab("Configuration", self.pnl)
self.tabs.setSelectedIndex(6)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.customizeUiComponent(self.filtersTabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
#
## Events functions
#
def startOrStop(self, event):
if self.startButton.getText() == "Autorize is off":
self.startButton.setText("Autorize is on")
self.startButton.setBackground(Color.GREEN)
self.intercept = 1
self._callbacks.registerHttpListener(self)
else:
self.startButton.setText("Autorize is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
self._callbacks.removeHttpListener(self)
def addEDFilter(self, event):
typeName = self.EDType.getSelectedItem().split(":")[0]
self.EDModel.addElement(typeName + ": " + self.EDText.getText())
def delEDFilter(self, event):
index = self.EDList.getSelectedIndex();
if not index == -1:
self.EDModel.remove(index);
def addEDFilterUnauth(self, event):
typeName = self.EDTypeUnauth.getSelectedItem().split(":")[0]
self.EDModelUnauth.addElement(typeName + ": " + self.EDTextUnauth.getText())
def delEDFilterUnauth(self, event):
index = self.EDListUnauth.getSelectedIndex();
if not index == -1:
self.EDModelUnauth.remove(index);
def addIFFilter(self, event):
typeName = self.IFType.getSelectedItem().split(":")[0]
self.IFModel.addElement(typeName + ": " + self.IFText.getText())
def delIFFilter(self, event):
index = self.IFList.getSelectedIndex();
if not index == -1:
self.IFModel.remove(index);
def clearList(self, event):
self._lock.acquire()
oldSize = self._log.size()
self._log.clear()
self.fireTableRowsDeleted(0, oldSize - 1)
self._lock.release()
def export(self, event):
if self.exportType.getSelectedItem() == "HTML":
self.exportToHTML()
else:
self.exportToCSV()
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.csv"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0,self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (self._log.get(i)._id,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, self._log.get(i)._enfocementStatus, self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
def exportToHTML(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"));
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th width=\"3%\">ID</th><th width=\"48%\">URL</th><th width=\"9%\">Original length</th><th width=\"9%\">Modified length</th><th width=\"9%\">Unauthorized length</th><th width=\"11%\">Authorization Enforcement Status</th><th width=\"11%\">Authorization Unauthenticated Status</th></tr></thead>
<tbody>"""
for i in range(0,self._log.size()):
color_modified = ""
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[0]:
color_modified = "red"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[1]:
color_modified = "yellow"
if self._log.get(i)._enfocementStatus == self._enfocementStatuses[2]:
color_modified = "LawnGreen"
color_unauthorized = ""
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[0]:
color_unauthorized = "red"
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[1]:
color_unauthorized = "yellow"
if self._log.get(i)._enfocementStatusUnauthorized == self._enfocementStatuses[2]:
color_unauthorized = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter == self._log.get(i)._enfocementStatus) or (enforcementStatusFilter == self._log.get(i)._enfocementStatusUnauthorized):
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (self._log.get(i)._id,self._log.get(i)._url,self._log.get(i)._url, len(self._log.get(i)._originalrequestResponse.getResponse()) if self._log.get(i)._originalrequestResponse != None else 0, len(self._log.get(i)._requestResponse.getResponse()) if self._log.get(i)._requestResponse != None else 0, len(self._log.get(i)._unauthorizedRequestResponse.getResponse()) if self._log.get(i)._unauthorizedRequestResponse != None else 0, color_modified, self._log.get(i)._enfocementStatus, color_unauthorized, self._log.get(i)._enfocementStatusUnauthorized)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages();
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Autorize");
cookieMenuItem = JMenuItem("Send cookie to Autorize");
requestMenuItem.addActionListener(handleMenuItems(self,responses[0], "request"))
cookieMenuItem.addActionListener(handleMenuItems(self, responses[0], "cookie"))
ret.add(requestMenuItem);
ret.add(cookieMenuItem);
return(ret);
return null;
#
# implement ITab
#
def getTabCaption(self):
return "Autorize"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 7
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "ID"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Orig. Length"
if columnIndex == 3:
return "Modif. Length"
if columnIndex == 4:
return "Unauth. Length"
if columnIndex == 5:
return "Authorization Enforcement Status"
if columnIndex == 6:
return "Authorization Unauth. Status"
return ""
def getColumnClass(self, columnIndex):
if columnIndex == 0:
return Integer
if columnIndex == 1:
return String
if columnIndex == 2:
return Integer
if columnIndex == 3:
return Integer
if columnIndex == 4:
return Integer
if columnIndex == 5:
return String
if columnIndex == 6:
return String
return String
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._id
if columnIndex == 1:
return logEntry._url.toString()
if columnIndex == 2:
return len(logEntry._originalrequestResponse.getResponse())
if columnIndex == 3:
return len(logEntry._requestResponse.getResponse())
if columnIndex == 4:
if logEntry._unauthorizedRequestResponse != None:
return len(logEntry._unauthorizedRequestResponse.getResponse())
else:
#return "-"
return 0
if columnIndex == 5:
return logEntry._enfocementStatus
if columnIndex == 6:
return logEntry._enfocementStatusUnauthorized
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
#if (self.intercept == 1) and (toolFlag != self._callbacks.TOOL_EXTENDER):
if (self.intercept == 1) and (toolFlag == self._callbacks.TOOL_PROXY):
if self.prevent304.isSelected():
if messageIsRequest:
requestHeaders = list(self._helpers.analyzeRequest(messageInfo).getHeaders())
newHeaders = list()
found = 0
for header in requestHeaders:
if not "If-None-Match:" in header and not "If-Modified-Since:" in header:
newHeaders.append(header)
found = 1
if found == 1:
requestInfo = self._helpers.analyzeRequest(messageInfo)
bodyBytes = messageInfo.getRequest()[requestInfo.getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
messageInfo.setRequest(self._helpers.buildHttpMessage(newHeaders, bodyStr))
if not messageIsRequest:
if not self.replaceString.getText() in self._helpers.analyzeRequest(messageInfo).getHeaders():
if self.ignore304.isSelected():
firstHeader = self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders()[0]
if "304" in firstHeader or "204" in firstHeader:
return
if self.IFList.getModel().getSize() == 0:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
else:
urlString = str(self._helpers.analyzeRequest(messageInfo).getUrl())
do_the_check = 1
for i in range(0,self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(":")[0] == "Scope items only":
currentURL = URL(urlString)
if not self._callbacks.isInScope(currentURL):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (simple string)":
if self.IFList.getModel().getElementAt(i)[30:] not in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (regex)":
regex_string = self.IFList.getModel().getElementAt(i)[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(urlString):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (simple string)":
if self.IFList.getModel().getElementAt(i)[34:] in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (regex)":
regex_string = self.IFList.getModel().getElementAt(i)[26:]
p = re.compile(regex_string, re.IGNORECASE)
if p.search(urlString):
do_the_check = 0
if do_the_check:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
return
def sendRequestToAutorizeWork(self,messageInfo):
if messageInfo.getResponse() == None:
message = self.makeMessage(messageInfo,False,False)
requestResponse = self.makeRequest(messageInfo, message)
self.checkAuthorization(requestResponse,self._helpers.analyzeResponse(requestResponse.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
else:
self.checkAuthorization(messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
def makeRequest(self, messageInfo, message):
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message)
def makeMessage(self, messageInfo, removeOrNot, authorizeOrNot):
requestInfo = self._helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
if removeOrNot:
headers = list(headers)
removeHeaders = ArrayList()
removeHeaders.add(self.replaceString.getText()[0:self.replaceString.getText().index(":")])
for header in headers[:]:
for removeHeader in removeHeaders:
if removeHeader in header:
headers.remove(header)
if authorizeOrNot:
headers.append(self.replaceString.getText())
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
return self._helpers.buildHttpMessage(headers, msgBody)
def checkBypass(self,oldStatusCode,newStatusCode,oldContentLen,newContentLen,filters,requestResponse):
analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse())
impression = ""
if oldStatusCode == newStatusCode:
if oldContentLen == newContentLen:
impression = self._enfocementStatuses[0]
else:
auth_enforced = 1
for filter in filters:
if str(filter).startswith("Headers (simple string): "):
if not(filter[25:] in self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Headers (regex): "):
regex_string = filter[17:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Body (simple string): "):
if not(filter[22:] in self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Body (regex): "):
regex_string = filter[14:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Full request (simple string): "):
if not(filter[30:] in self._helpers.bytesToString(requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Full request (regex): "):
regex_string = filter[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(self._helpers.bytesToString(requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Content-Length: "):
if newContentLen != filter:
auth_enforced = 0
if auth_enforced:
impression = self._enfocementStatuses[2]
else:
impression = self._enfocementStatuses[1]
else:
impression = self._enfocementStatuses[2]
return impression
def checkAuthorization(self, messageInfo, originalHeaders, checkUnauthorized):
message = self.makeMessage(messageInfo,True,True)
requestResponse = self.makeRequest(messageInfo, message)
analyzedResponse = self._helpers.analyzeResponse(requestResponse.getResponse())
oldStatusCode = originalHeaders[0]
newStatusCode = analyzedResponse.getHeaders()[0]
oldContentLen = self.getContentLength(originalHeaders)
newContentLen = self.getContentLength(analyzedResponse.getHeaders())
# Check unauthorized request
if checkUnauthorized:
messageUnauthorized = self.makeMessage(messageInfo,True,False)
requestResponseUnauthorized = self.makeRequest(messageInfo, messageUnauthorized)
analyzedResponseUnauthorized = self._helpers.analyzeResponse(requestResponseUnauthorized.getResponse())
statusCodeUnauthorized = analyzedResponseUnauthorized.getHeaders()[0]
contentLenUnauthorized = self.getContentLength(analyzedResponseUnauthorized.getHeaders())
EDFilters = self.EDModel.toArray()
impression = self.checkBypass(oldStatusCode,newStatusCode,oldContentLen,newContentLen,EDFilters,requestResponse)
if checkUnauthorized:
EDFiltersUnauth = self.EDModelUnauth.toArray()
impressionUnauthorized = self.checkBypass(oldStatusCode,statusCodeUnauthorized,oldContentLen,contentLenUnauthorized,EDFiltersUnauth,requestResponseUnauthorized)
self._lock.acquire()
row = self._log.size()
if checkUnauthorized:
self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,self._callbacks.saveBuffersToTempFiles(requestResponseUnauthorized),impressionUnauthorized)) # same requests not include again.
else:
self._log.add(LogEntry(self.currentRequestNumber,self._callbacks.saveBuffersToTempFiles(requestResponse), self._helpers.analyzeRequest(requestResponse).getUrl(),messageInfo,impression,None,"Disabled")) # same requests not include again.
self.fireTableRowsInserted(row, row)
self.currentRequestNumber = self.currentRequestNumber + 1
self._lock.release()
def getContentLength(self, analyzedResponseHeaders):
for header in analyzedResponseHeaders:
if "Content-Length:" in header:
return header;
return "null"
def getCookieFromMessage(self, messageInfo):
headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders())
for header in headers:
if "Cookie:" in header:
return header
return None
class BurpExtender(IBurpExtender, ITab):
socket_time_out = 3
def registerExtenderCallbacks(self, callbacks):
self.out = callbacks.getStdout()
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("WhatsApp Decoder")
self.banner = JLabel("WHATSAPP DECRYPTION AND ENCRYPTION EXTENSION BY DIKLA BARDA, ROMAN ZAIKIN", SwingConstants.CENTER)
self.banner.setFont(Font("Serif", Font.PLAIN, 17))
self.banner.setBorder(BorderFactory.createLineBorder(Color.BLACK))
self.statusConn = JLabel("CONNECTION STATUS: ")
self.statusConnField = JLabel("NOT CONNECTED")
self.statusAct = JLabel("ACTION STATUS: ")
self.statusActField = JLabel("OK")
self.ref = JLabel("Ref object: ")
self.refField = JTextField("", 80)
self.refField.setToolTipText("Copy the Ref from burpsuit WebSocket, make sure that the parameter 'secret' is there and you copy only the 'ref' without the connection and other data, if not logout from your whatsapp web and login again.")
self.privateKey = JLabel("Private Key:")
self.privateKeyField = JTextField("", 80)
self.privateKeyField.setToolTipText("Copy the private key list from your whatsapp web according to our blog post.")
self.publicKey = JLabel("Public Key: ")
self.publicKeyField = JTextField("", 80)
self.publicKeyField.setToolTipText("Copy the public key list from your whatsapp web according to our blog post.")
self.statusPanel1 = JPanel()
self.statusPanel1.add(self.statusConn)
self.statusPanel1.add(self.statusConnField)
self.statusPanel2 = JPanel()
self.statusPanel2.add(self.statusAct)
self.statusPanel2.add(self.statusActField)
self.privateKeyPanel = JPanel()
self.privateKeyPanel.add(self.privateKey)
self.privateKeyPanel.add(self.privateKeyField)
self.publicKeyPanel = JPanel()
self.publicKeyPanel.add(self.publicKey)
self.publicKeyPanel.add(self.publicKeyField)
self.refPanel = JPanel()
self.refPanel.add(self.ref)
self.refPanel.add(self.refField)
self.messageField = JTextArea('["action", {"add": "relay"}, [{"message": {"conversation": "WhatsApp Protocol Decryption!"}, "participant": "*****@*****.**", "messageTimestamp": "1565193325", "key": {"fromMe": false, "remoteJid": "*****@*****.**", "id": "78CECC5019E81B84B64ED2F6A57217AK"}, "status": "ERROR"}]]', 5, 90)
self.messageField.setLineWrap(True)
self.messageField.setToolTipText("Incoming traffic is from burp suite websocket, The outgoing traffic is the list from aesCbcEncrypt")
self.messageTag = JLabel("Message Tag:")
self.messageTagField = JTextField("", 80)
self.messageTagField.setToolTipText("Copy the message tag from WebSocket it's the text until first ',' ")
self.messageTagFieldButton = JButton("Update Tag", actionPerformed=self.performUpdateTag)
self.whatsAppMessagesPanel = JPanel()
self.whatsAppMessagesPanel.add(self.messageField)
self.messageTagPanel = JPanel()
self.messageTagPanel.add(self.messageTag)
self.messageTagPanel.add(self.messageTagField)
self.messageTagPanel.add(self.messageTagFieldButton)
self.btnSave = JButton("Connect", actionPerformed=self.saveConfig)
self.btnRestore = JButton("Clear", actionPerformed=self.clearConfig)
self.grpConfig = JPanel()
self.grpConfig.add(self.btnSave)
self.grpConfig.add(self.btnRestore)
self.btnIncoming = JButton("Incoming", actionPerformed=self.performAction)
self.btnOutgoing = JButton("Outgoing", actionPerformed=self.performAction)
self.btnEncrypt = JButton("Encrypt", actionPerformed=self.performAction)
self.btnEncrypt.setEnabled(False) # Can't send data without a direction
self.btnDecrypt = JButton("Decrypt", actionPerformed=self.performAction)
self.btnDecrypt.setEnabled(False) # Can't send data without a direction
self.btnCrypt = JPanel()
self.btnCrypt.add(self.btnIncoming)
self.btnCrypt.add(self.btnEncrypt)
self.btnCrypt.add(self.btnDecrypt)
self.btnCrypt.add(self.btnOutgoing)
self.tab = JPanel()
layout = GridBagLayout()
self.tab.setLayout(layout)
c = GridBagConstraints()
c.ipadx = 0
c.ipady = 0
c.fill = GridBagConstraints.BOTH
#c.weightx = 0 # gap between the x items
#c.weighty = 0 # gap between the y items
c.anchor = GridBagConstraints.NORTHWEST
c.gridx = 0
c.gridy = 0
self.tab.add(self.banner, c)
c.gridx = 0
c.gridy = 1
self.tab.add(self.refPanel, c)
c.gridx = 0
c.gridy = 2
self.tab.add(self.privateKeyPanel, c)
c.gridx = 0
c.gridy = 3
self.tab.add(self.publicKeyPanel, c)
c.gridx = 0
c.gridy = 4
c.anchor = GridBagConstraints.CENTER
self.tab.add(self.grpConfig, c)
c.gridx = 0
c.gridy = 5
self.tab.add(self.whatsAppMessagesPanel, c)
c.gridx = 0
c.gridy = 6
self.tab.add(self.messageTagPanel, c)
c.gridx = 0
c.gridy = 7
self.tab.add(self.btnCrypt, c)
c.gridx = 0
c.gridy = 8
self.tab.add(self.statusPanel1, c)
c.gridx = 0
c.gridy = 9
self.tab.add(self.statusPanel2, c)
# restore config
self.restoreConfig()
callbacks.addSuiteTab(self)
def performUpdateTag(self, e=None):
self.client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.client.settimeout(self.socket_time_out)
clientData = json.dumps({"action": "tagUpdate",
"data": {
"msg_tag": self.messageTagField.getText()
}
})
self.client.sendto(clientData, ("127.0.0.1", 2912))
self.client.close()
def performAction(self, e=None):
self.client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.client.settimeout(self.socket_time_out)
self.data = self.messageField.getText()
eventSource = e.getSource()
eventSource.setEnabled(False)
# Incoming data
if eventSource == self.btnIncoming:
self.direction = "in"
self.btnOutgoing.setEnabled(True)
self.btnEncrypt.setEnabled(True)
self.btnDecrypt.setEnabled(True)
# Outgoing data
elif eventSource == self.btnOutgoing:
self.direction = "out"
self.btnIncoming.setEnabled(True)
self.btnEncrypt.setEnabled(True)
self.btnDecrypt.setEnabled(True)
# Send
elif eventSource == self.btnDecrypt:
self.btnDecrypt.setEnabled(True)
clientData = json.dumps({"action": "decrypt",
"data": {
"direction": self.direction,
"msg": self.messageField.getText()
}
})
self.client.sendto(clientData, ("127.0.0.1",2912))
try:
serverData, addr = self.client.recvfrom(2048)
serverData = json.loads(serverData)
if serverData["status"] == 0:
print serverData
self.messageField.setText(json.dumps(serverData["data"]))
self.statusActField.setForeground(Color.GREEN)
self.statusActField.setText("OK")
else:
self.statusActField.setForeground(Color.RED)
self.statusActField.setText("Error: {}".format(json.dumps(serverData["data"])))
except socket.timeout:
pass
elif eventSource == self.btnEncrypt:
self.btnEncrypt.setEnabled(True)
clientData = json.dumps({"action": "encrypt",
"data": {
"direction": self.direction,
"msg": self.messageField.getText()
}
})
self.client.sendto(clientData, ("127.0.0.1", 2912))
try:
serverData, addr = self.client.recvfrom(2048)
serverData = json.loads(serverData)
if serverData["status"] == 0:
if isinstance(serverData["data"], list):
self.messageField.setText(json.dumps(serverData["data"]))
else:
self.messageField.setText(serverData["data"])
self.statusActField.setForeground(Color.GREEN)
self.statusActField.setText("OK")
else:
self.statusActField.setForeground(Color.RED)
self.statusActField.setText("Error: {}".format(json.dumps(serverData["data"])))
except socket.timeout:
pass
self.client.close()
def saveConfig(self, e=None):
self.client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.client.settimeout(self.socket_time_out)
config = {
'ref': self.refField.getText(),
'private': self.privateKeyField.getText(),
'public': self.publicKeyField.getText(),
}
self.callbacks.saveExtensionSetting("config", pickle.dumps(config))
try:
clientData = json.dumps({"action":"init",
"data":{
"ref":json.loads(self.refField.getText()),
"private":self.privateKeyField.getText(),
"public":self.publicKeyField.getText()
}
})
self.client.sendto(clientData, ("127.0.0.1", 2912))
serverData, addr = self.client.recvfrom(2048)
print (serverData)
self.statusConnField.setText("CONNECTED")
self.statusActField.setForeground(Color.GREEN)
self.statusActField.setText("OK")
except socket.timeout:
self.statusActField.setForeground(Color.RED)
self.statusActField.setText("Error: Can't connect to the local server make sure parser.py is running!")
pass
except Exception as e:
self.statusActField.setForeground(Color.RED)
self.statusActField.setText("Error: make Sure the ref is a correct json!")
self.client.close()
def clearConfig(self, e=None):
self.refField.setText("")
self.privateKeyField.setText("")
self.publicKeyField.setText("")
self.statusConnField.setText("NOT CONNECTED")
self.statusActField.setText("OK")
self.messageField.setText("")
def restoreConfig(self, e=None):
storedConfig = self.callbacks.loadExtensionSetting("config")
if storedConfig != None:
config = pickle.loads(storedConfig)
self.refField.setText(config["ref"])
self.privateKeyField.setText(config["private"])
self.publicKeyField.setText(config["public"])
def getTabCaption(self):
return ("WhatsApp Decoder")
def getUiComponent(self):
return self.tab
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel,
IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Autorize")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
self._enfocementStatuses = [
"Authorization bypass!",
"Authorization enforced??? (please configure enforcement detector)",
"Authorization enforced!"
]
self.intercept = 0
self.initInterceptionFilters()
self.initEnforcementDetector()
self.initEnforcementDetectorUnauthorized()
self.initExport()
self.initConfigurationTab()
self.initTabs()
self.initCallbacks()
self.currentRequestNumber = 1
print "Thank you for installing Autorize v0.12 extension"
print "Created by Barak Tawily"
print "Contributors: Barak Tawily, Federico Dotta"
print "\nGithub:\nhttps://github.com/Quitten/Autorize"
return
def initExport(self):
#
## init enforcement detector tab
#
exportLType = JLabel("File Type:")
exportLType.setBounds(10, 10, 100, 30)
exportLES = JLabel("Enforcement Statuses:")
exportLES.setBounds(10, 50, 160, 30)
exportFileTypes = ["HTML", "CSV"]
self.exportType = JComboBox(exportFileTypes)
self.exportType.setBounds(100, 10, 200, 30)
exportES = [
"All Statuses", self._enfocementStatuses[0],
self._enfocementStatuses[1], self._enfocementStatuses[2]
]
self.exportES = JComboBox(exportES)
self.exportES.setBounds(100, 50, 200, 30)
exportLES = JLabel("Statuses:")
exportLES.setBounds(10, 50, 100, 30)
self.exportButton = JButton("Export", actionPerformed=self.export)
self.exportButton.setBounds(390, 25, 100, 30)
self.exportPnl = JPanel()
self.exportPnl.setLayout(None)
self.exportPnl.setBounds(0, 0, 1000, 1000)
self.exportPnl.add(exportLType)
self.exportPnl.add(self.exportType)
self.exportPnl.add(exportLES)
self.exportPnl.add(self.exportES)
self.exportPnl.add(self.exportButton)
def initEnforcementDetector(self):
#
## init enforcement detector tab
#
# These two variable appears to be unused...
self.EDFP = ArrayList()
self.EDCT = ArrayList()
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = [
"Headers (simple string): (enforced message headers contains)",
"Headers (regex): (enforced messege headers contains)",
"Body (simple string): (enforced messege body contains)",
"Body (regex): (enforced messege body contains)",
"Full request (simple string): (enforced messege contains)",
"Full request (regex): (enforced messege contains)",
"Content-Length: (constant Content-Length number of enforced response)"
]
self.EDType = JComboBox(EDStrings)
self.EDType.setBounds(80, 10, 430, 30)
self.EDText = JTextArea("", 5, 30)
self.EDText.setBounds(80, 50, 300, 110)
self.EDModel = DefaultListModel()
self.EDList = JList(self.EDModel)
self.EDList.setBounds(80, 175, 300, 110)
self.EDList.setBorder(LineBorder(Color.BLACK))
self.EDAdd = JButton("Add filter", actionPerformed=self.addEDFilter)
self.EDAdd.setBounds(390, 85, 120, 30)
self.EDDel = JButton("Remove filter", actionPerformed=self.delEDFilter)
self.EDDel.setBounds(390, 210, 120, 30)
self.EDPnl = JPanel()
self.EDPnl.setLayout(None)
self.EDPnl.setBounds(0, 0, 1000, 1000)
self.EDPnl.add(EDLType)
self.EDPnl.add(self.EDType)
self.EDPnl.add(EDLContent)
self.EDPnl.add(self.EDText)
self.EDPnl.add(self.EDAdd)
self.EDPnl.add(self.EDDel)
self.EDPnl.add(EDLabelList)
self.EDPnl.add(self.EDList)
def initEnforcementDetectorUnauthorized(self):
#
## init enforcement detector tab
#
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = [
"Headers (simple string): (enforced message headers contains)",
"Headers (regex): (enforced messege headers contains)",
"Body (simple string): (enforced messege body contains)",
"Body (regex): (enforced messege body contains)",
"Full request (simple string): (enforced messege contains)",
"Full request (regex): (enforced messege contains)",
"Content-Length: (constant Content-Length number of enforced response)"
]
self.EDTypeUnauth = JComboBox(EDStrings)
self.EDTypeUnauth.setBounds(80, 10, 430, 30)
self.EDTextUnauth = JTextArea("", 5, 30)
self.EDTextUnauth.setBounds(80, 50, 300, 110)
self.EDModelUnauth = DefaultListModel()
self.EDListUnauth = JList(self.EDModelUnauth)
self.EDListUnauth.setBounds(80, 175, 300, 110)
self.EDListUnauth.setBorder(LineBorder(Color.BLACK))
self.EDAddUnauth = JButton("Add filter",
actionPerformed=self.addEDFilterUnauth)
self.EDAddUnauth.setBounds(390, 85, 120, 30)
self.EDDelUnauth = JButton("Remove filter",
actionPerformed=self.delEDFilterUnauth)
self.EDDelUnauth.setBounds(390, 210, 120, 30)
self.EDPnlUnauth = JPanel()
self.EDPnlUnauth.setLayout(None)
self.EDPnlUnauth.setBounds(0, 0, 1000, 1000)
self.EDPnlUnauth.add(EDLType)
self.EDPnlUnauth.add(self.EDTypeUnauth)
self.EDPnlUnauth.add(EDLContent)
self.EDPnlUnauth.add(self.EDTextUnauth)
self.EDPnlUnauth.add(self.EDAddUnauth)
self.EDPnlUnauth.add(self.EDDelUnauth)
self.EDPnlUnauth.add(EDLabelList)
self.EDPnlUnauth.add(self.EDListUnauth)
def initInterceptionFilters(self):
#
## init interception filters tab
#
IFStrings = [
"Scope items only: (Content is not required)",
"URL Contains (simple string): ", "URL Contains (regex): ",
"URL Not Contains (simple string): ", "URL Not Contains (regex): "
]
self.IFType = JComboBox(IFStrings)
self.IFType.setBounds(80, 10, 430, 30)
self.IFModel = DefaultListModel()
self.IFList = JList(self.IFModel)
self.IFList.setBounds(80, 175, 300, 110)
self.IFList.setBorder(LineBorder(Color.BLACK))
self.IFText = JTextArea("", 5, 30)
self.IFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self.IFAdd = JButton("Add filter", actionPerformed=self.addIFFilter)
self.IFAdd.setBounds(390, 85, 120, 30)
self.IFDel = JButton("Remove filter", actionPerformed=self.delIFFilter)
self.IFDel.setBounds(390, 210, 120, 30)
self.filtersPnl = JPanel()
self.filtersPnl.setLayout(None)
self.filtersPnl.setBounds(0, 0, 1000, 1000)
self.filtersPnl.add(IFLType)
self.filtersPnl.add(self.IFType)
self.filtersPnl.add(IFLContent)
self.filtersPnl.add(self.IFText)
self.filtersPnl.add(self.IFAdd)
self.filtersPnl.add(self.IFDel)
self.filtersPnl.add(IFLabelList)
self.filtersPnl.add(self.IFList)
def initConfigurationTab(self):
#
## init configuration tab
#
self.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self.prevent304.setBounds(290, 25, 300, 30)
self.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self.ignore304.setBounds(290, 5, 300, 30)
self.ignore304.setSelected(True)
self.autoScroll = JCheckBox("Auto Scroll")
#self.autoScroll.setBounds(290, 45, 140, 30)
self.autoScroll.setBounds(160, 40, 140, 30)
self.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self.doUnauthorizedRequest.setBounds(290, 45, 300, 30)
self.doUnauthorizedRequest.setSelected(True)
startLabel = JLabel("Authorization checks:")
startLabel.setBounds(10, 10, 140, 30)
self.startButton = JButton("Autorize is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(160, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
self.clearButton = JButton("Clear List",
actionPerformed=self.clearList)
self.clearButton.setBounds(10, 40, 100, 30)
self.replaceString = JTextArea("Cookie: Insert=injected; header=here;",
5, 30)
self.replaceString.setWrapStyleWord(True)
self.replaceString.setLineWrap(True)
self.replaceString.setBounds(10, 80, 470, 180)
self.filtersTabs = JTabbedPane()
self.filtersTabs.addTab("Enforcement Detector", self.EDPnl)
self.filtersTabs.addTab("Detector Unauthenticated", self.EDPnlUnauth)
self.filtersTabs.addTab("Interception Filters", self.filtersPnl)
self.filtersTabs.addTab("Export", self.exportPnl)
self.filtersTabs.setBounds(0, 280, 2000, 700)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(self.clearButton)
self.pnl.add(self.replaceString)
self.pnl.add(startLabel)
self.pnl.add(self.autoScroll)
self.pnl.add(self.ignore304)
self.pnl.add(self.prevent304)
self.pnl.add(self.doUnauthorizedRequest)
self.pnl.add(self.filtersTabs)
def initTabs(self):
#
## init autorize tabs
#
self.logTable = Table(self)
self.logTable.setAutoCreateRowSorter(True)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("ID").setPreferredWidth(
Math.round(tableWidth / 50 * 2))
self.logTable.getColumn("URL").setPreferredWidth(
Math.round(tableWidth / 50 * 24))
self.logTable.getColumn("Orig. Length").setPreferredWidth(
Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Modif. Length").setPreferredWidth(
Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Unauth. Length").setPreferredWidth(
Math.round(tableWidth / 50 * 4))
self.logTable.getColumn(
"Authorization Enforcement Status").setPreferredWidth(
Math.round(tableWidth / 50 * 4))
self.logTable.getColumn(
"Authorization Unauth. Status").setPreferredWidth(
Math.round(tableWidth / 50 * 4))
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
self.menuES0 = JCheckBoxMenuItem(self._enfocementStatuses[0], True)
self.menuES1 = JCheckBoxMenuItem(self._enfocementStatuses[1], True)
self.menuES2 = JCheckBoxMenuItem(self._enfocementStatuses[2], True)
self.menuES0.addItemListener(menuTableFilter(self))
self.menuES1.addItemListener(menuTableFilter(self))
self.menuES2.addItemListener(menuTableFilter(self))
copyURLitem = JMenuItem("Copy URL")
copyURLitem.addActionListener(copySelectedURL(self))
self.menu = JPopupMenu("Popup")
self.menu.add(copyURLitem)
self.menu.add(self.menuES0)
self.menu.add(self.menuES1)
self.menu.add(self.menuES2)
self.tabs = JTabbedPane()
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._originalrequestViewer = self._callbacks.createMessageEditor(
self, False)
self._originalresponseViewer = self._callbacks.createMessageEditor(
self, False)
self._unauthorizedrequestViewer = self._callbacks.createMessageEditor(
self, False)
self._unauthorizedresponseViewer = self._callbacks.createMessageEditor(
self, False)
self.tabs.addTab("Modified Request",
self._requestViewer.getComponent())
self.tabs.addTab("Modified Response",
self._responseViewer.getComponent())
self.tabs.addTab("Original Request",
self._originalrequestViewer.getComponent())
self.tabs.addTab("Original Response",
self._originalresponseViewer.getComponent())
self.tabs.addTab("Unauthenticated Request",
self._unauthorizedrequestViewer.getComponent())
self.tabs.addTab("Unauthenticated Response",
self._unauthorizedresponseViewer.getComponent())
self.tabs.addTab("Configuration", self.pnl)
self.tabs.setSelectedIndex(6)
self._splitpane.setRightComponent(self.tabs)
def initCallbacks(self):
#
## init callbacks
#
# customize our UI components
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self.tabs)
self._callbacks.customizeUiComponent(self.filtersTabs)
self._callbacks.registerContextMenuFactory(self)
# add the custom tab to Burp's UI
self._callbacks.addSuiteTab(self)
#
## Events functions
#
def startOrStop(self, event):
if self.startButton.getText() == "Autorize is off":
self.startButton.setText("Autorize is on")
self.startButton.setBackground(Color.GREEN)
self.intercept = 1
self._callbacks.registerHttpListener(self)
else:
self.startButton.setText("Autorize is off")
self.startButton.setBackground(Color(255, 100, 91, 255))
self.intercept = 0
self._callbacks.removeHttpListener(self)
def addEDFilter(self, event):
typeName = self.EDType.getSelectedItem().split(":")[0]
self.EDModel.addElement(typeName + ": " + self.EDText.getText())
def delEDFilter(self, event):
index = self.EDList.getSelectedIndex()
if not index == -1:
self.EDModel.remove(index)
def addEDFilterUnauth(self, event):
typeName = self.EDTypeUnauth.getSelectedItem().split(":")[0]
self.EDModelUnauth.addElement(typeName + ": " +
self.EDTextUnauth.getText())
def delEDFilterUnauth(self, event):
index = self.EDListUnauth.getSelectedIndex()
if not index == -1:
self.EDModelUnauth.remove(index)
def addIFFilter(self, event):
typeName = self.IFType.getSelectedItem().split(":")[0]
self.IFModel.addElement(typeName + ": " + self.IFText.getText())
def delIFFilter(self, event):
index = self.IFList.getSelectedIndex()
if not index == -1:
self.IFModel.remove(index)
def clearList(self, event):
self._lock.acquire()
oldSize = self._log.size()
self._log.clear()
self.fireTableRowsDeleted(0, oldSize - 1)
self._lock.release()
def export(self, event):
if self.exportType.getSelectedItem() == "HTML":
self.exportToHTML()
else:
self.exportToCSV()
def exportToCSV(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.csv"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
csvContent = "id\tURL\tOriginal length\tModified length\tUnauthorized length\tAuthorization Enforcement Status\tAuthorization Unauthenticated Status\n"
for i in range(0, self._log.size()):
if enforcementStatusFilter == "All Statuses":
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (
self._log.get(i)._id, self._log.get(i)._url,
len(
self._log.get(
i)._originalrequestResponse.getResponse()) if
self._log.get(i)._originalrequestResponse != None else 0,
len(self._log.get(i)._requestResponse.getResponse())
if self._log.get(i)._requestResponse != None else 0,
len(
self._log.get(
i)._unauthorizedRequestResponse.getResponse())
if self._log.get(i)._unauthorizedRequestResponse != None
else 0, self._log.get(i)._enfocementStatus,
self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter
== self._log.get(i)._enfocementStatus) or (
enforcementStatusFilter
== self._log.get(i)._enfocementStatusUnauthorized):
csvContent += "%d\t%s\t%d\t%d\t%d\t%s\t%s\n" % (
self._log.get(i)._id, self._log.get(i)._url,
len(
self._log.get(
i)._originalrequestResponse.getResponse())
if self._log.get(i)._originalrequestResponse != None
else 0,
len(self._log.get(i)._requestResponse.getResponse())
if self._log.get(i)._requestResponse != None else 0,
len(
self._log.get(i)._unauthorizedRequestResponse.
getResponse()) if
self._log.get(i)._unauthorizedRequestResponse != None
else 0, self._log.get(i)._enfocementStatus,
self._log.get(i)._enfocementStatusUnauthorized)
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(csvContent)
f.close()
def exportToHTML(self):
parentFrame = JFrame()
fileChooser = JFileChooser()
fileChooser.setSelectedFile(File("AutorizeReprort.html"))
fileChooser.setDialogTitle("Save Autorize Report")
userSelection = fileChooser.showSaveDialog(parentFrame)
if userSelection == JFileChooser.APPROVE_OPTION:
fileToSave = fileChooser.getSelectedFile()
enforcementStatusFilter = self.exportES.getSelectedItem()
htmlContent = """<html><title>Autorize Report by Barak Tawily</title>
<style>
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 10px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th:first-child { border: none; }.datagrid table tbody td { color: #00496B; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }.datagrid table tbody .alt td { background: #E1EEF4; color: #00496B; }.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }.datagrid table tfoot td div { border-top: 1px solid #006699;background: #E1EEF4;} .datagrid table tfoot td { padding: 0; font-size: 12px } .datagrid table tfoot td div{ padding: 2px; }.datagrid table tfoot td ul { margin: 0; padding:0; list-style: none; text-align: right; }.datagrid table tfoot li { display: inline; }.datagrid table tfoot li a { text-decoration: none; display: inline-block; padding: 2px 8px; margin: 1px;color: #FFFFFF;border: 1px solid #006699;-webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; }.datagrid table tfoot ul.active, .datagrid table tfoot ul a:hover { text-decoration: none;border-color: #006699; color: #FFFFFF; background: none; background-color:#00557F;}div.dhtmlx_window_active, div.dhx_modal_cover_dv { position: fixed !important; }
table {
width: 100%;
table-layout: fixed;
}
td {
border: 1px solid #35f;
overflow: hidden;
text-overflow: ellipsis;
}
td.a {
width: 13%;
white-space: nowrap;
}
td.b {
width: 9%;
word-wrap: break-word;
}
</style>
<body>
<h1>Autorize Report<h1>
<div class="datagrid"><table>
<thead><tr><th width=\"3%\">ID</th><th width=\"48%\">URL</th><th width=\"9%\">Original length</th><th width=\"9%\">Modified length</th><th width=\"9%\">Unauthorized length</th><th width=\"11%\">Authorization Enforcement Status</th><th width=\"11%\">Authorization Unauthenticated Status</th></tr></thead>
<tbody>"""
for i in range(0, self._log.size()):
color_modified = ""
if self._log.get(
i)._enfocementStatus == self._enfocementStatuses[0]:
color_modified = "red"
if self._log.get(
i)._enfocementStatus == self._enfocementStatuses[1]:
color_modified = "yellow"
if self._log.get(
i)._enfocementStatus == self._enfocementStatuses[2]:
color_modified = "LawnGreen"
color_unauthorized = ""
if self._log.get(
i
)._enfocementStatusUnauthorized == self._enfocementStatuses[0]:
color_unauthorized = "red"
if self._log.get(
i
)._enfocementStatusUnauthorized == self._enfocementStatuses[1]:
color_unauthorized = "yellow"
if self._log.get(
i
)._enfocementStatusUnauthorized == self._enfocementStatuses[2]:
color_unauthorized = "LawnGreen"
if enforcementStatusFilter == "All Statuses":
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (
self._log.get(i)._id, self._log.get(i)._url,
self._log.get(i)._url,
len(
self._log.get(
i)._originalrequestResponse.getResponse()) if
self._log.get(i)._originalrequestResponse != None else 0,
len(self._log.get(i)._requestResponse.getResponse())
if self._log.get(i)._requestResponse != None else 0,
len(
self._log.get(
i)._unauthorizedRequestResponse.getResponse())
if self._log.get(i)._unauthorizedRequestResponse != None
else 0, color_modified,
self._log.get(i)._enfocementStatus, color_unauthorized,
self._log.get(i)._enfocementStatusUnauthorized)
else:
if (enforcementStatusFilter
== self._log.get(i)._enfocementStatus) or (
enforcementStatusFilter
== self._log.get(i)._enfocementStatusUnauthorized):
htmlContent += "<tr><td>%d</td><td><a href=\"%s\">%s</a></td><td>%d</td><td>%d</td><td>%d</td><td bgcolor=\"%s\">%s</td><td bgcolor=\"%s\">%s</td></tr>" % (
self._log.get(i)._id, self._log.get(i)._url,
self._log.get(i)._url,
len(
self._log.get(
i)._originalrequestResponse.getResponse())
if self._log.get(i)._originalrequestResponse != None
else 0,
len(self._log.get(i)._requestResponse.getResponse())
if self._log.get(i)._requestResponse != None else 0,
len(
self._log.get(i)._unauthorizedRequestResponse.
getResponse()) if
self._log.get(i)._unauthorizedRequestResponse != None
else 0, color_modified,
self._log.get(i)._enfocementStatus, color_unauthorized,
self._log.get(i)._enfocementStatusUnauthorized)
htmlContent += "</tbody></table></div></body></html>"
f = open(fileToSave.getAbsolutePath(), 'w')
f.writelines(htmlContent)
f.close()
#
# implement IContextMenuFactory
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Autorize")
cookieMenuItem = JMenuItem("Send cookie to Autorize")
requestMenuItem.addActionListener(
handleMenuItems(self, responses[0], "request"))
cookieMenuItem.addActionListener(
handleMenuItems(self, responses[0], "cookie"))
ret.add(requestMenuItem)
ret.add(cookieMenuItem)
return (ret)
return null
#
# implement ITab
#
def getTabCaption(self):
return "Autorize"
def getUiComponent(self):
return self._splitpane
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 7
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "ID"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Orig. Length"
if columnIndex == 3:
return "Modif. Length"
if columnIndex == 4:
return "Unauth. Length"
if columnIndex == 5:
return "Authorization Enforcement Status"
if columnIndex == 6:
return "Authorization Unauth. Status"
return ""
def getColumnClass(self, columnIndex):
if columnIndex == 0:
return Integer
if columnIndex == 1:
return String
if columnIndex == 2:
return Integer
if columnIndex == 3:
return Integer
if columnIndex == 4:
return Integer
if columnIndex == 5:
return String
if columnIndex == 6:
return String
return String
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._id
if columnIndex == 1:
return logEntry._url.toString()
if columnIndex == 2:
return len(logEntry._originalrequestResponse.getResponse())
if columnIndex == 3:
return len(logEntry._requestResponse.getResponse())
if columnIndex == 4:
if logEntry._unauthorizedRequestResponse != None:
return len(logEntry._unauthorizedRequestResponse.getResponse())
else:
#return "-"
return 0
if columnIndex == 5:
return logEntry._enfocementStatus
if columnIndex == 6:
return logEntry._enfocementStatusUnauthorized
return ""
#
# implement IMessageEditorController
# this allows our request/response viewers to obtain details about the messages being displayed
#
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
#if (self.intercept == 1) and (toolFlag != self._callbacks.TOOL_EXTENDER):
if (self.intercept == 1) and (toolFlag == self._callbacks.TOOL_PROXY):
if self.prevent304.isSelected():
if messageIsRequest:
requestHeaders = list(
self._helpers.analyzeRequest(messageInfo).getHeaders())
newHeaders = list()
found = 0
for header in requestHeaders:
if not "If-None-Match:" in header and not "If-Modified-Since:" in header:
newHeaders.append(header)
found = 1
if found == 1:
requestInfo = self._helpers.analyzeRequest(messageInfo)
bodyBytes = messageInfo.getRequest()[requestInfo.
getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
messageInfo.setRequest(
self._helpers.buildHttpMessage(
newHeaders, bodyStr))
if not messageIsRequest:
if not self.replaceString.getText(
) in self._helpers.analyzeRequest(messageInfo).getHeaders():
if self.ignore304.isSelected():
firstHeader = self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders()[0]
if "304" in firstHeader or "204" in firstHeader:
return
if self.IFList.getModel().getSize() == 0:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders(),
self.doUnauthorizedRequest.isSelected())
else:
urlString = str(
self._helpers.analyzeRequest(messageInfo).getUrl())
do_the_check = 1
for i in range(0, self.IFList.getModel().getSize()):
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "Scope items only":
currentURL = URL(urlString)
if not self._callbacks.isInScope(currentURL):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "URL Contains (simple string)":
if self.IFList.getModel().getElementAt(
i)[30:] not in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "URL Contains (regex)":
regex_string = self.IFList.getModel(
).getElementAt(i)[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(urlString):
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(
":"
)[0] == "URL Not Contains (simple string)":
if self.IFList.getModel().getElementAt(
i)[34:] in urlString:
do_the_check = 0
if self.IFList.getModel().getElementAt(i).split(
":")[0] == "URL Not Contains (regex)":
regex_string = self.IFList.getModel(
).getElementAt(i)[26:]
p = re.compile(regex_string, re.IGNORECASE)
if p.search(urlString):
do_the_check = 0
if do_the_check:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders(),
self.doUnauthorizedRequest.isSelected())
return
def sendRequestToAutorizeWork(self, messageInfo):
if messageInfo.getResponse() == None:
message = self.makeMessage(messageInfo, False, False)
requestResponse = self.makeRequest(messageInfo, message)
self.checkAuthorization(
requestResponse,
self._helpers.analyzeResponse(
requestResponse.getResponse()).getHeaders(),
self.doUnauthorizedRequest.isSelected())
else:
self.checkAuthorization(
messageInfo,
self._helpers.analyzeResponse(
messageInfo.getResponse()).getHeaders(),
self.doUnauthorizedRequest.isSelected())
def makeRequest(self, messageInfo, message):
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(
self._helpers.buildHttpService(
str(requestURL.getHost()), int(requestURL.getPort()),
requestURL.getProtocol() == "https"), message)
def makeMessage(self, messageInfo, removeOrNot, authorizeOrNot):
requestInfo = self._helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
if removeOrNot:
headers = list(headers)
removeHeaders = ArrayList()
removeHeaders.add(self.replaceString.getText()
[0:self.replaceString.getText().index(":")])
for header in headers[:]:
for removeHeader in removeHeaders:
if removeHeader in header:
headers.remove(header)
if authorizeOrNot:
headers.append(self.replaceString.getText())
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
return self._helpers.buildHttpMessage(headers, msgBody)
def checkBypass(self, oldStatusCode, newStatusCode, oldContentLen,
newContentLen, filters, requestResponse):
analyzedResponse = self._helpers.analyzeResponse(
requestResponse.getResponse())
impression = ""
if oldStatusCode == newStatusCode:
if oldContentLen == newContentLen:
impression = self._enfocementStatuses[0]
else:
auth_enforced = 1
for filter in filters:
if str(filter).startswith("Headers (simple string): "):
if not (filter[25:] in self._helpers.bytesToString(
requestResponse.getResponse()
[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Headers (regex): "):
regex_string = filter[17:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(
self._helpers.bytesToString(
requestResponse.getResponse()
[0:analyzedResponse.getBodyOffset()])):
auth_enforced = 0
if str(filter).startswith("Body (simple string): "):
if not (filter[22:] in self._helpers.bytesToString(
requestResponse.getResponse()
[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith("Body (regex): "):
regex_string = filter[14:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(
self._helpers.bytesToString(
requestResponse.getResponse()
[analyzedResponse.getBodyOffset():])):
auth_enforced = 0
if str(filter).startswith(
"Full request (simple string): "):
if not (filter[30:] in self._helpers.bytesToString(
requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Full request (regex): "):
regex_string = filter[22:]
p = re.compile(regex_string, re.IGNORECASE)
if not p.search(
self._helpers.bytesToString(
requestResponse.getResponse())):
auth_enforced = 0
if str(filter).startswith("Content-Length: "):
if newContentLen != filter:
auth_enforced = 0
if auth_enforced:
impression = self._enfocementStatuses[2]
else:
impression = self._enfocementStatuses[1]
else:
impression = self._enfocementStatuses[2]
return impression
def checkAuthorization(self, messageInfo, originalHeaders,
checkUnauthorized):
message = self.makeMessage(messageInfo, True, True)
requestResponse = self.makeRequest(messageInfo, message)
analyzedResponse = self._helpers.analyzeResponse(
requestResponse.getResponse())
oldStatusCode = originalHeaders[0]
newStatusCode = analyzedResponse.getHeaders()[0]
oldContentLen = self.getContentLength(originalHeaders)
newContentLen = self.getContentLength(analyzedResponse.getHeaders())
# Check unauthorized request
if checkUnauthorized:
messageUnauthorized = self.makeMessage(messageInfo, True, False)
requestResponseUnauthorized = self.makeRequest(
messageInfo, messageUnauthorized)
analyzedResponseUnauthorized = self._helpers.analyzeResponse(
requestResponseUnauthorized.getResponse())
statusCodeUnauthorized = analyzedResponseUnauthorized.getHeaders(
)[0]
contentLenUnauthorized = self.getContentLength(
analyzedResponseUnauthorized.getHeaders())
EDFilters = self.EDModel.toArray()
impression = self.checkBypass(oldStatusCode, newStatusCode,
oldContentLen, newContentLen, EDFilters,
requestResponse)
if checkUnauthorized:
EDFiltersUnauth = self.EDModelUnauth.toArray()
impressionUnauthorized = self.checkBypass(
oldStatusCode, statusCodeUnauthorized, oldContentLen,
contentLenUnauthorized, EDFiltersUnauth,
requestResponseUnauthorized)
self._lock.acquire()
row = self._log.size()
if checkUnauthorized:
self._log.add(
LogEntry(
self.currentRequestNumber,
self._callbacks.saveBuffersToTempFiles(requestResponse),
self._helpers.analyzeRequest(requestResponse).getUrl(),
messageInfo, impression,
self._callbacks.saveBuffersToTempFiles(
requestResponseUnauthorized), impressionUnauthorized)
) # same requests not include again.
else:
self._log.add(
LogEntry(
self.currentRequestNumber,
self._callbacks.saveBuffersToTempFiles(requestResponse),
self._helpers.analyzeRequest(requestResponse).getUrl(),
messageInfo, impression, None,
"Disabled")) # same requests not include again.
self.fireTableRowsInserted(row, row)
self.currentRequestNumber = self.currentRequestNumber + 1
self._lock.release()
def getContentLength(self, analyzedResponseHeaders):
for header in analyzedResponseHeaders:
if "Content-Length:" in header:
return header
return "null"
def getCookieFromMessage(self, messageInfo):
headers = list(
self._helpers.analyzeRequest(
messageInfo.getRequest()).getHeaders())
for header in headers:
if "Cookie:" in header:
return header
return None
class PluginUI():
def __init__(self, extender):
self.extender = extender
self.initComponents()
def showMessage(self, msg):
JOptionPane.showMessageDialog(self.mainPanel, msg)
def getProcessorTechName(self):
return self.comboProcessorTech.getSelectedItem()
def getGeneratorTechsName(self):
techList = []
if self.chkGeneral.isSelected(): techList.append('General')
if self.chkMAXDB.isSelected(): techList.append('SAP_MaxDB')
if self.chkMSSQL.isSelected(): techList.append('MSSQL')
if self.chkMSAccess.isSelected(): techList.append('MSAccess')
if self.chkPostgres.isSelected(): techList.append('PostgreSQL')
if self.chkOracle.isSelected(): techList.append('Oracle')
if self.chkSqlite.isSelected(): techList.append('SQLite')
if self.chkMysql.isSelected(): techList.append('MySQL')
return techList
def pastePayloadButtonAction(self, event):
clpbrd = Toolkit.getDefaultToolkit().getSystemClipboard()
content = clpbrd.getContents(None)
if content and content.isDataFlavorSupported(DataFlavor.stringFlavor):
items = content.getTransferData(DataFlavor.stringFlavor)
items = items.splitlines()
for item in items:
self.extender.PayloadList.append(item)
self.listPayloads.setListData(self.extender.PayloadList)
self.writePayloadsListFile()
def loadPayloadButtonAction(self, event):
fileChooser = JFileChooser()
fileChooser.dialogTitle = 'Choose Payload List'
fileChooser.fileSelectionMode = JFileChooser.FILES_ONLY
if (fileChooser.showOpenDialog(
self.mainPanel) == JFileChooser.APPROVE_OPTION):
file = fileChooser.getSelectedFile()
with open(file.getAbsolutePath(), 'r') as reader:
for line in reader.readlines():
self.extender.PayloadList.append(line.strip('\n'))
self.listPayloads.setListData(self.extender.PayloadList)
self.showMessage('{} payloads loaded'.format(
len(self.extender.PayloadList)))
self.writePayloadsListFile()
def removePayloadButtonAction(self, event):
for item in self.listPayloads.getSelectedValuesList():
self.extender.PayloadList.remove(item)
self.listPayloads.setListData(self.extender.PayloadList)
self.writePayloadsListFile()
def clearPayloadButtonAction(self, event):
self.extender.PayloadList[:] = []
self.listPayloads.setListData(self.extender.PayloadList)
self.writePayloadsListFile()
def addPayloadButtonAction(self, event):
if str(self.textNewPayload.text).strip():
self.extender.PayloadList.append(self.textNewPayload.text)
self.textNewPayload.text = ''
self.listPayloads.setListData(self.extender.PayloadList)
self.writePayloadsListFile()
def toClipboardButtonAction(self, event):
self.extender.generatePayloads()
result = '\n'.join(self.extender.tamperedPayloads)
result = StringSelection(result)
clpbrd = Toolkit.getDefaultToolkit().getSystemClipboard()
clpbrd.setContents(result, None)
self.showMessage('{} url encoded payload copied to clipboard'.format(
len(self.extender.tamperedPayloads)))
def toFileButtonAction(self, event):
fileChooser = JFileChooser()
fileChooser.dialogTitle = 'Save Payloads'
fileChooser.fileSelectionMode = JFileChooser.FILES_ONLY
if (fileChooser.showSaveDialog(
self.mainPanel) == JFileChooser.APPROVE_OPTION):
file = fileChooser.getSelectedFile()
self.extender.generatePayloads()
result = '\n'.join(self.extender.tamperedPayloads)
with open(file.getAbsolutePath(), 'w') as writer:
writer.writelines(result.encode('utf-8'))
self.showMessage('{} url encoded payload written to file'.format(
len(self.extender.tamperedPayloads)))
def tamperPayloadButtonAction(self, event):
tamperedPayloads = []
tamperFunction = self.comboProcessorTech.getSelectedItem()
payloads = self.textPlainPayload.text
payloads = payloads.splitlines()
for payload in payloads:
tamperedPayloads.append(
self.extender.tamperSinglePayload(tamperFunction, payload))
result = '\n'.join(tamperedPayloads)
self.textTamperedPayload.text = result
def comboProcessorTechAction(self, event):
varName = 'SQLiQueryTampering_comboProcessorTech'
state = str(self.comboProcessorTech.getSelectedIndex())
self.extender.callbacks.saveExtensionSetting(varName, state)
def OnCheck(self, event):
chk = event.getSource()
varName = 'SQLiQueryTampering_{}'.format(chk.text)
state = str(1 if chk.isSelected() else 0)
self.extender.callbacks.saveExtensionSetting(varName, state)
def writePayloadsListFile(self):
payloads = '\n'.join(self.extender.PayloadList)
payloads = payloads.encode('utf-8')
with open('payloads.lst', 'w') as writer:
writer.write(payloads)
def readPayloadsListFile(self):
result = []
with open('payloads.lst', 'r') as reader:
for line in reader.readlines():
result.append(line.strip('\n'))
return result
def restoreDefaultsButtonAction(self, event):
self.extender.callbacks.saveExtensionSetting(
'SQLiQueryTampering_PayloadsDirectory', None)
self.textPayloadsDir.text = ''
self.textPlainPayload.text = ''
self.textTamperedPayload.text = ''
self.comboProcessorTech.setSelectedIndex(0)
varName = 'SQLiQueryTampering_{}'
self.chkGeneral.setSelected(1)
tmpVarName = varName.format(self.chkGeneral.text)
self.extender.callbacks.saveExtensionSetting(tmpVarName, '1')
for item in (self.chkMAXDB, self.chkMSSQL, self.chkMSAccess,
self.chkPostgres, self.chkOracle, self.chkSqlite,
self.chkMysql):
item.setSelected(0)
tmpVarName = 'SQLiQueryTampering_{}'.format(item.text)
self.extender.callbacks.saveExtensionSetting(tmpVarName, '0')
self.extender.PayloadList = [
"%", "'", "''", "\"\"", "\"", "'\"--",
"'; waitfor delay '0:30:0'--", "1;waitfor delay '0:30:0'--",
"(\",)')(,((", "));waitfor delay '0:0:__TIME__'--"
]
self.listPayloads.setListData(self.extender.PayloadList)
self.writePayloadsListFile()
def readPayloadsFromDir(self, directory):
result = []
for root, subdirs, files in os.walk(directory):
for name in files:
fPath = os.path.join(root, name)
with open(fPath, 'r') as reader:
for line in reader.readlines():
result.append(line.strip('\n'))
return result
def dirBrowseButtonButtonAction(self, event):
fileChooser = JFileChooser()
fileChooser.dialogTitle = 'Choose Directory'
fileChooser.fileSelectionMode = JFileChooser.DIRECTORIES_ONLY
if (fileChooser.showOpenDialog(
self.mainPanel) == JFileChooser.APPROVE_OPTION):
file = fileChooser.getSelectedFile()
varName = 'SQLiQueryTampering_PayloadsDirectory'
path = file.getAbsolutePath()
self.extender.callbacks.saveExtensionSetting(varName, path)
self.textPayloadsDir.text = path
self.extender.PayloadList = self.readPayloadsFromDir(path)
self.listPayloads.setListData(self.extender.PayloadList)
self.showMessage('{} payloads loaded'.format(
len(self.extender.PayloadList)))
def reloadPayloadsButtonAction(self, event):
path = self.textPayloadsDir.text
if path.strip():
self.extender.PayloadList = self.readPayloadsFromDir(path)
self.listPayloads.setListData(self.extender.PayloadList)
self.showMessage('{} payloads loaded'.format(
len(self.extender.PayloadList)))
def initComponents(self):
TabbedPane1 = JTabbedPane()
GeneratorScrollPane = JScrollPane()
GeneratorPanel = JPanel()
jlbl1 = JLabel()
jlbl2 = JLabel()
spanePayloadList = JScrollPane()
self.listPayloads = JList()
OptionsScrollPane = JScrollPane()
self.textPayloadsDir = JTextField()
ProcessorPanel1 = JPanel()
dirBrowseButton = JButton(
actionPerformed=self.dirBrowseButtonButtonAction)
restoreDefaultsButton = JButton(
actionPerformed=self.restoreDefaultsButtonAction)
reloadPayloadsButton = JButton(
actionPerformed=self.reloadPayloadsButtonAction)
OptionsScrollPane = JScrollPane()
OptionsPanel = JPanel()
jlbl6 = JLabel()
jlbl7 = JLabel()
jlbl9 = JLabel()
jlbl10 = JLabel()
jSeparator3 = JSeparator()
pastePayloadButton = JButton(
actionPerformed=self.pastePayloadButtonAction)
loadPayloadButton = JButton(
actionPerformed=self.loadPayloadButtonAction)
removePayloadButton = JButton(
actionPerformed=self.removePayloadButtonAction)
clearPayloadButton = JButton(
actionPerformed=self.clearPayloadButtonAction)
self.textNewPayload = JTextField()
addPayloadButton = JButton(actionPerformed=self.addPayloadButtonAction)
jSeparator1 = JSeparator()
jlbl3 = JLabel()
jlbl4 = JLabel()
self.chkGeneral = JCheckBox(actionPerformed=self.OnCheck)
self.chkMAXDB = JCheckBox(actionPerformed=self.OnCheck)
self.chkMSSQL = JCheckBox(actionPerformed=self.OnCheck)
self.chkMSAccess = JCheckBox(actionPerformed=self.OnCheck)
self.chkPostgres = JCheckBox(actionPerformed=self.OnCheck)
self.chkOracle = JCheckBox(actionPerformed=self.OnCheck)
self.chkSqlite = JCheckBox(actionPerformed=self.OnCheck)
self.chkMysql = JCheckBox(actionPerformed=self.OnCheck)
jlbl5 = JLabel()
toClipboardButton = JButton(
actionPerformed=self.toClipboardButtonAction)
toFileButton = JButton(actionPerformed=self.toFileButtonAction)
ProcessorScrollPane = JScrollPane()
ProcessorPanel = JPanel()
jLabel1 = JLabel()
self.comboProcessorTech = JComboBox(
itemStateChanged=self.comboProcessorTechAction)
jSeparator2 = JSeparator()
jLabel2 = JLabel()
jLabel3 = JLabel()
jScrollPane1 = JScrollPane()
self.textPlainPayload = JTextArea()
jLabel4 = JLabel()
jScrollPane2 = JScrollPane()
self.textTamperedPayload = JTextArea()
tamperPayloadButton = JButton(
actionPerformed=self.tamperPayloadButtonAction)
jlbl1.setForeground(Color(255, 102, 51))
jlbl1.setFont(Font(jlbl1.getFont().toString(), 1, 14))
jlbl1.setText("User-Defined Payloads")
jlbl2.setText(
"This payload type lets you configure a simple list of strings that are used as payloads."
)
spanePayloadList.setViewportView(self.listPayloads)
varName = 'SQLiQueryTampering_PayloadsDirectory'
path = self.extender.callbacks.loadExtensionSetting(varName)
if path:
self.textPayloadsDir.text = path
self.extender.PayloadList = self.readPayloadsFromDir(path)
else:
self.extender.PayloadList = self.readPayloadsListFile()
self.listPayloads.setListData(self.extender.PayloadList)
pastePayloadButton.setText("Paste")
loadPayloadButton.setText("Load")
removePayloadButton.setText("Remove")
clearPayloadButton.setText("Clear")
self.textNewPayload.setToolTipText("")
addPayloadButton.setText("Add")
jlbl3.setForeground(Color(255, 102, 51))
jlbl3.setFont(Font(jlbl3.getFont().toString(), 1, 14))
jlbl3.setText("Tamper Techniques")
jlbl4.setText(
"You can select the techniques that you want to perform processing tasks on each user-defined payload"
)
self.chkGeneral.setText("General")
varName = 'SQLiQueryTampering_{}'.format(self.chkGeneral.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkGeneral.setSelected(int(state))
self.chkMAXDB.setText("SAP MAX DB")
varName = 'SQLiQueryTampering_{}'.format(self.chkMAXDB.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMAXDB.setSelected(int(state))
self.chkMSSQL.setText("MS SQL Server")
varName = 'SQLiQueryTampering_{}'.format(self.chkMSSQL.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMSSQL.setSelected(int(state))
self.chkMSAccess.setText("MS Access")
varName = 'SQLiQueryTampering_{}'.format(self.chkMSAccess.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMSAccess.setSelected(int(state))
self.chkPostgres.setText("Postgres SQL")
varName = 'SQLiQueryTampering_{}'.format(self.chkPostgres.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkPostgres.setSelected(int(state))
self.chkOracle.setText("Oracle")
varName = 'SQLiQueryTampering_{}'.format(self.chkOracle.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkOracle.setSelected(int(state))
self.chkSqlite.setText("Sqlite")
varName = 'SQLiQueryTampering_{}'.format(self.chkSqlite.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkSqlite.setSelected(int(state))
self.chkMysql.setText("MySql")
varName = 'SQLiQueryTampering_{}'.format(self.chkMysql.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMysql.setSelected(int(state))
jlbl5.setText("[?] Save the Generated/Tampered Payloads to :")
toClipboardButton.setText("Clipboard")
toFileButton.setText("File")
GeneratorPanelLayout = GroupLayout(GeneratorPanel)
GeneratorPanel.setLayout(GeneratorPanelLayout)
GeneratorPanelLayout.setHorizontalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.TRAILING).addComponent(
jlbl2, GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jlbl4, GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE, GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jSeparator1, GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup().addGap(
6, 6, 6).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING
).addGroup(GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING,
False).addComponent(
removePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
clearPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
loadPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
pastePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
addPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE)
).addGap(
21, 21, 21).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addComponent(self.textNewPayload).addComponent(
spanePayloadList, GroupLayout.DEFAULT_SIZE,
563, Short.MAX_VALUE))).addComponent(
jlbl1).addComponent(jlbl3).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkGeneral).addComponent(
self.chkMSSQL)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkPostgres).addComponent(
self.chkMAXDB)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkMSAccess).addComponent(
self.chkOracle)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkSqlite).addComponent(self.chkMysql)
)).addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(jlbl5).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(toClipboardButton).addGap(
18, 18,
18).addComponent(toFileButton,
GroupLayout.PREFERRED_SIZE,
97, GroupLayout.PREFERRED_SIZE
))))).addContainerGap()))
GeneratorPanelLayout.setVerticalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addComponent(jlbl1).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
jlbl2, GroupLayout.PREFERRED_SIZE, 21,
GroupLayout.PREFERRED_SIZE).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
spanePayloadList, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(pastePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(loadPayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(removePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(clearPayloadButton))).
addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textNewPayload,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addComponent(addPayloadButton)).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jSeparator1, GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(jlbl3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(jlbl4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkGeneral).addComponent(
self.chkMAXDB).addComponent(
self.chkOracle).addComponent(
self.chkSqlite)).
addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkMSSQL).addComponent(
self.chkPostgres).addComponent(
self.chkMSAccess).addComponent(
self.chkMysql)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jlbl5).addComponent(toClipboardButton).
addComponent(toFileButton)).addGap(20, 20, 20)))
GeneratorScrollPane.setViewportView(GeneratorPanel)
TabbedPane1.addTab("Generator", GeneratorScrollPane)
varName = 'SQLiQueryTampering_comboProcessorTech'
state = self.extender.callbacks.loadExtensionSetting(varName)
for item in self.extender.getTamperFuncsName():
self.comboProcessorTech.addItem(item)
if state: self.comboProcessorTech.setSelectedIndex(int(state))
jLabel1.setText("Processor Technique :")
jLabel2.setText(
"Modify Plain Payloads based on the selected Processor Technique. Write one payload per line."
)
jLabel3.setText("Plain Payloads:")
self.textPlainPayload.setColumns(20)
self.textPlainPayload.setRows(5)
jScrollPane1.setViewportView(self.textPlainPayload)
jLabel4.setText("Tampered Payloads:")
self.textTamperedPayload.setColumns(20)
self.textTamperedPayload.setRows(5)
jScrollPane2.setViewportView(self.textTamperedPayload)
tamperPayloadButton.setText("Tamper Payloads")
ProcessorPanelLayout = GroupLayout(ProcessorPanel)
ProcessorPanel.setLayout(ProcessorPanelLayout)
ProcessorPanelLayout.setHorizontalGroup(
ProcessorPanelLayout.
createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
GroupLayout.Alignment.TRAILING,
ProcessorPanelLayout.createSequentialGroup().addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE).addComponent(
tamperPayloadButton).addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
).addGroup(ProcessorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(jSeparator2).
addComponent(jScrollPane1).addComponent(jScrollPane2).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jLabel3).addComponent(jLabel4).addGroup(
ProcessorPanelLayout.createSequentialGroup(
).addComponent(jLabel1).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE, 286,
GroupLayout.PREFERRED_SIZE)).
addComponent(jLabel2)).addGap(
0, 78, Short.MAX_VALUE))).addContainerGap()))
ProcessorPanelLayout.setVerticalGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGap(
33, 33, 33).addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).
addComponent(jLabel1).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)).addGap(
18, 18, 18).addComponent(
jSeparator2,
GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addGap(
12, 12,
12).addComponent(jLabel2).addGap(
18, 18, 18).
addComponent(jLabel3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane1, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jLabel4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane2, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(tamperPayloadButton).addGap(36, 36, 36)))
ProcessorScrollPane.setViewportView(ProcessorPanel)
TabbedPane1.addTab("Processor", ProcessorScrollPane)
jlbl6.setForeground(Color(255, 102, 51))
jlbl6.setFont(Font(jlbl6.getFont().toString(), 1, 14))
jlbl6.setText("Payloads Directory")
jlbl9.setText("Choose your own directory containing payload files:")
dirBrowseButton.setText("...")
dirBrowseButton.setToolTipText("Browse")
jlbl10.setText(
"If you want to remove any previously applied preferences:")
restoreDefaultsButton.setText("Restore")
reloadPayloadsButton.setText("Reload")
jlbl7.setForeground(Color(255, 102, 51))
jlbl7.setFont(Font(jlbl7.getFont().toString(), 1, 14))
jlbl7.setText("Restore Defaults")
OptionsPanelLayout = GroupLayout(OptionsPanel)
OptionsPanel.setLayout(OptionsPanelLayout)
OptionsPanelLayout.setHorizontalGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
OptionsPanelLayout.createSequentialGroup().addGap(
12, 12, 12).addComponent(jlbl7).addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)).
addGroup(OptionsPanelLayout.createSequentialGroup().addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jSeparator3).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addComponent(self.textPayloadsDir).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
dirBrowseButton, GroupLayout.PREFERRED_SIZE, 29,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(reloadPayloadsButton)).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(jlbl9).
addGroup(
OptionsPanelLayout.createSequentialGroup().addGap(
8, 8, 8).addComponent(jlbl6))).addGap(
0, 0,
Short.MAX_VALUE))).addContainerGap()).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addComponent(jlbl10).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
restoreDefaultsButton).addGap(0, 150,
Short.MAX_VALUE)))))
OptionsPanelLayout.setVerticalGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
OptionsPanelLayout.createSequentialGroup().addContainerGap(
).addComponent(jlbl6).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(jlbl9).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.TRAILING,
False).addComponent(
dirBrowseButton,
GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
reloadPayloadsButton,
GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
self.textPayloadsDir)
).addGap(18, 18, 18).addComponent(
jSeparator3, GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(jlbl7).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jlbl10).addComponent(restoreDefaultsButton)
).addContainerGap(254, Short.MAX_VALUE)))
OptionsScrollPane.setViewportView(OptionsPanel)
TabbedPane1.addTab("Options", OptionsScrollPane)
self.mainPanel = JPanel()
layout = GroupLayout(self.mainPanel)
self.mainPanel.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
TabbedPane1, GroupLayout.DEFAULT_SIZE, 701,
Short.MAX_VALUE))
layout.setVerticalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(TabbedPane1))
TabbedPane1.getAccessibleContext().setAccessibleName("Generator")
def draw_unauthenticated(self):
""" init enforcement detector tab
"""
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = [
"Headers (simple string): (enforced message headers contains)",
"Headers (regex): (enforced message headers contains)",
"Body (simple string): (enforced message body contains)",
"Body (regex): (enforced message body contains)",
"Full response (simple string): (enforced message contains)",
"Full response (regex): (enforced message contains)",
"Full response length: (of enforced response)",
"Status code equals: (numbers only)"
]
self._extender.EDTypeUnauth = JComboBox(EDStrings)
self._extender.EDTypeUnauth.setBounds(80, 10, 430, 30)
self._extender.EDTextUnauth = JTextArea("", 5, 30)
scrollEDTextUnauth = JScrollPane(self._extender.EDTextUnauth)
scrollEDTextUnauth.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollEDTextUnauth.setBounds(80, 50, 300, 110)
self._extender.EDModelUnauth = DefaultListModel()
self._extender.EDListUnauth = JList(self._extender.EDModelUnauth)
scrollEDListUnauth = JScrollPane(self._extender.EDListUnauth)
scrollEDListUnauth.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollEDListUnauth.setBounds(80, 175, 300, 110)
scrollEDListUnauth.setBorder(LineBorder(Color.BLACK))
self._extender.EDAddUnauth = JButton(
"Add filter", actionPerformed=self.addEDFilterUnauth)
self._extender.EDAddUnauth.setBounds(390, 85, 120, 30)
self._extender.EDDelUnauth = JButton(
"Remove filter", actionPerformed=self.delEDFilterUnauth)
self._extender.EDDelUnauth.setBounds(390, 210, 120, 30)
self._extender.EDModUnauth = JButton(
"Modify filter", actionPerformed=self.modEDFilterUnauth)
self._extender.EDModUnauth.setBounds(390, 250, 120, 30)
AndOrStrings = ["And", "Or"]
self._extender.AndOrTypeUnauth = JComboBox(AndOrStrings)
self._extender.AndOrTypeUnauth.setBounds(390, 170, 120, 30)
self._extender.EDPnlUnauth = JPanel()
self._extender.EDPnlUnauth.setLayout(None)
self._extender.EDPnlUnauth.setBounds(0, 0, 1000, 1000)
self._extender.EDPnlUnauth.add(EDLType)
self._extender.EDPnlUnauth.add(self._extender.EDTypeUnauth)
self._extender.EDPnlUnauth.add(EDLContent)
self._extender.EDPnlUnauth.add(scrollEDTextUnauth)
self._extender.EDPnlUnauth.add(self._extender.EDAddUnauth)
self._extender.EDPnlUnauth.add(self._extender.AndOrTypeUnauth)
self._extender.EDPnlUnauth.add(self._extender.EDDelUnauth)
self._extender.EDPnlUnauth.add(self._extender.EDModUnauth)
self._extender.EDPnlUnauth.add(EDLabelList)
self._extender.EDPnlUnauth.add(scrollEDListUnauth)
def set_notes_tab(self):
notes_textarea = JTextArea()
return notes_textarea
def initComponents(self):
TabbedPane1 = JTabbedPane()
GeneratorScrollPane = JScrollPane()
GeneratorPanel = JPanel()
jlbl1 = JLabel()
jlbl2 = JLabel()
spanePayloadList = JScrollPane()
self.listPayloads = JList()
pastePayloadButton = JButton(
actionPerformed=self.pastePayloadButtonAction)
removePayloadButton = JButton(
actionPerformed=self.removePayloadButtonAction)
clearPayloadButton = JButton(
actionPerformed=self.clearPayloadButtonAction)
self.textNewPayload = JTextField()
addPayloadButton = JButton(actionPerformed=self.addPayloadButtonAction)
jSeparator1 = JSeparator()
jlbl3 = JLabel()
jlbl4 = JLabel()
self.chkGeneral = JCheckBox()
self.chkMAXDB = JCheckBox()
self.chkMSSQL = JCheckBox()
self.chkMSAccess = JCheckBox()
self.chkPostgres = JCheckBox()
self.chkOracle = JCheckBox()
self.chkSqlite = JCheckBox()
self.chkMysql = JCheckBox()
jlbl5 = JLabel()
toClipboardButton = JButton(
actionPerformed=self.toClipboardButtonAction)
toFileButton = JButton(actionPerformed=self.toFileButtonAction)
ProcessorScrollPane = JScrollPane()
ProcessorPanel = JPanel()
jLabel1 = JLabel()
self.comboProcessorTech = JComboBox()
jSeparator2 = JSeparator()
jLabel2 = JLabel()
jLabel3 = JLabel()
jScrollPane1 = JScrollPane()
self.textPlainPayload = JTextArea()
jLabel4 = JLabel()
jScrollPane2 = JScrollPane()
self.textTamperedPayload = JTextArea()
tamperPayloadButton = JButton(
actionPerformed=self.tamperPayloadButtonAction)
jlbl1.setForeground(Color(255, 102, 51))
jlbl1.setFont(Font(jlbl1.getFont().toString(), 1, 14))
jlbl1.setText("User-Defiend Payloads")
jlbl2.setText(
"This payload type lets you configure a simple list of strings that are used as payloads."
)
spanePayloadList.setViewportView(self.listPayloads)
self.extender.PayloadList = [
"%", "'", "\"\"", "''", "'", "'--", "; waitfor delay '0:30:0'--",
"1;waitfor delay '0:30:0'--", "(\",)')(,(("
]
self.listPayloads.setListData(self.extender.PayloadList)
pastePayloadButton.setText("Paste")
pastePayloadButton.setActionCommand("pastePayloadButton")
# pastePayloadButton.addActionListener()
removePayloadButton.setText("Remove")
clearPayloadButton.setText("Clear")
self.textNewPayload.setToolTipText("")
addPayloadButton.setText("Add")
jlbl3.setForeground(Color(255, 102, 51))
jlbl3.setFont(Font(jlbl3.getFont().toString(), 1, 14))
jlbl3.setText("Tamper Techniques")
jlbl4.setText(
"You can select the techniques that you want to perform processing tasks on each user-defined payload"
)
self.chkGeneral.setText("General")
self.chkGeneral.setSelected(True)
self.chkMAXDB.setText("SAP MAX DB")
self.chkMSSQL.setText("MS SQL Server")
self.chkMSAccess.setText("MS Access")
self.chkPostgres.setText("Postgres SQL")
self.chkOracle.setText("Oracle")
self.chkSqlite.setText("Sqlite")
self.chkMysql.setText("MySql")
jlbl5.setText("[?] Save the Generated/Tampered Payloads to :")
toClipboardButton.setText("Clipboard")
toFileButton.setText("File")
GeneratorPanelLayout = GroupLayout(GeneratorPanel)
GeneratorPanel.setLayout(GeneratorPanelLayout)
GeneratorPanelLayout.setHorizontalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.TRAILING).addComponent(
jlbl2, GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jlbl4, GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE, GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jSeparator1, GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup().addGap(
6, 6, 6).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING,
False).addComponent(
removePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
clearPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).
addComponent(pastePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
addPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE)).
addGap(21, 21, 21).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addComponent(
self.textNewPayload).addComponent(
spanePayloadList))).addComponent(
jlbl1).addComponent(jlbl3).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkGeneral).addComponent(
self.chkMSSQL)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkPostgres).addComponent(
self.chkMAXDB)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkMSAccess).addComponent(
self.chkOracle)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkSqlite).addComponent(self.chkMysql)
)).addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(jlbl5).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(toClipboardButton).addGap(
18, 18,
18).addComponent(toFileButton,
GroupLayout.PREFERRED_SIZE,
97, GroupLayout.PREFERRED_SIZE
))))).addContainerGap()))
GeneratorPanelLayout.setVerticalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addComponent(jlbl1).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
jlbl2, GroupLayout.PREFERRED_SIZE, 21,
GroupLayout.PREFERRED_SIZE).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
spanePayloadList, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(pastePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(removePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(clearPayloadButton))).
addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textNewPayload,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addComponent(addPayloadButton)).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jSeparator1, GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(jlbl3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(jlbl4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkGeneral).addComponent(
self.chkMAXDB).addComponent(
self.chkOracle).addComponent(
self.chkSqlite)).
addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkMSSQL).addComponent(
self.chkPostgres).addComponent(
self.chkMSAccess).addComponent(
self.chkMysql)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jlbl5).addComponent(toClipboardButton).
addComponent(toFileButton)).addGap(20, 20, 20)))
GeneratorScrollPane.setViewportView(GeneratorPanel)
TabbedPane1.addTab("Generator", GeneratorScrollPane)
for item in self.extender.getTamperFuncsName():
self.comboProcessorTech.addItem(item)
self.comboProcessorTech.setSelectedIndex(0)
jLabel1.setText("Processor Technique :")
jLabel2.setText(
"Modify Plain Payloads based on the selected Processor Technique. Write one payload per line."
)
jLabel3.setText("Plain Payloads:")
self.textPlainPayload.setColumns(20)
self.textPlainPayload.setRows(5)
jScrollPane1.setViewportView(self.textPlainPayload)
jLabel4.setText("Tampered Payloads:")
self.textTamperedPayload.setColumns(20)
self.textTamperedPayload.setRows(5)
jScrollPane2.setViewportView(self.textTamperedPayload)
tamperPayloadButton.setText("Tamper Payload")
ProcessorPanelLayout = GroupLayout(ProcessorPanel)
ProcessorPanel.setLayout(ProcessorPanelLayout)
ProcessorPanelLayout.setHorizontalGroup(
ProcessorPanelLayout.
createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
GroupLayout.Alignment.TRAILING,
ProcessorPanelLayout.createSequentialGroup().addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE).addComponent(
tamperPayloadButton).addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
).addGroup(ProcessorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(jSeparator2).
addComponent(jScrollPane1).addComponent(jScrollPane2).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jLabel3).addComponent(jLabel4).addGroup(
ProcessorPanelLayout.createSequentialGroup(
).addComponent(jLabel1).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE, 286,
GroupLayout.PREFERRED_SIZE)).
addComponent(jLabel2)).addGap(
0, 78, Short.MAX_VALUE))).addContainerGap()))
ProcessorPanelLayout.setVerticalGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGap(
33, 33, 33).addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).
addComponent(jLabel1).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)).addGap(
18, 18, 18).addComponent(
jSeparator2,
GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addGap(
12, 12,
12).addComponent(jLabel2).addGap(
18, 18, 18).
addComponent(jLabel3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane1, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jLabel4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane2, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(tamperPayloadButton).addGap(36, 36, 36)))
ProcessorScrollPane.setViewportView(ProcessorPanel)
TabbedPane1.addTab("Processor", ProcessorScrollPane)
self.mainPanel = JPanel()
layout = GroupLayout(self.mainPanel)
self.mainPanel.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
TabbedPane1, GroupLayout.DEFAULT_SIZE, 701,
Short.MAX_VALUE))
layout.setVerticalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(TabbedPane1))
TabbedPane1.getAccessibleContext().setAccessibleName("Generator")
def initComponents(self):
TabbedPane1 = JTabbedPane()
GeneratorScrollPane = JScrollPane()
GeneratorPanel = JPanel()
jlbl1 = JLabel()
jlbl2 = JLabel()
spanePayloadList = JScrollPane()
self.listPayloads = JList()
OptionsScrollPane = JScrollPane()
self.textPayloadsDir = JTextField()
ProcessorPanel1 = JPanel()
dirBrowseButton = JButton(
actionPerformed=self.dirBrowseButtonButtonAction)
restoreDefaultsButton = JButton(
actionPerformed=self.restoreDefaultsButtonAction)
reloadPayloadsButton = JButton(
actionPerformed=self.reloadPayloadsButtonAction)
OptionsScrollPane = JScrollPane()
OptionsPanel = JPanel()
jlbl6 = JLabel()
jlbl7 = JLabel()
jlbl9 = JLabel()
jlbl10 = JLabel()
jSeparator3 = JSeparator()
pastePayloadButton = JButton(
actionPerformed=self.pastePayloadButtonAction)
loadPayloadButton = JButton(
actionPerformed=self.loadPayloadButtonAction)
removePayloadButton = JButton(
actionPerformed=self.removePayloadButtonAction)
clearPayloadButton = JButton(
actionPerformed=self.clearPayloadButtonAction)
self.textNewPayload = JTextField()
addPayloadButton = JButton(actionPerformed=self.addPayloadButtonAction)
jSeparator1 = JSeparator()
jlbl3 = JLabel()
jlbl4 = JLabel()
self.chkGeneral = JCheckBox(actionPerformed=self.OnCheck)
self.chkMAXDB = JCheckBox(actionPerformed=self.OnCheck)
self.chkMSSQL = JCheckBox(actionPerformed=self.OnCheck)
self.chkMSAccess = JCheckBox(actionPerformed=self.OnCheck)
self.chkPostgres = JCheckBox(actionPerformed=self.OnCheck)
self.chkOracle = JCheckBox(actionPerformed=self.OnCheck)
self.chkSqlite = JCheckBox(actionPerformed=self.OnCheck)
self.chkMysql = JCheckBox(actionPerformed=self.OnCheck)
jlbl5 = JLabel()
toClipboardButton = JButton(
actionPerformed=self.toClipboardButtonAction)
toFileButton = JButton(actionPerformed=self.toFileButtonAction)
ProcessorScrollPane = JScrollPane()
ProcessorPanel = JPanel()
jLabel1 = JLabel()
self.comboProcessorTech = JComboBox(
itemStateChanged=self.comboProcessorTechAction)
jSeparator2 = JSeparator()
jLabel2 = JLabel()
jLabel3 = JLabel()
jScrollPane1 = JScrollPane()
self.textPlainPayload = JTextArea()
jLabel4 = JLabel()
jScrollPane2 = JScrollPane()
self.textTamperedPayload = JTextArea()
tamperPayloadButton = JButton(
actionPerformed=self.tamperPayloadButtonAction)
jlbl1.setForeground(Color(255, 102, 51))
jlbl1.setFont(Font(jlbl1.getFont().toString(), 1, 14))
jlbl1.setText("User-Defined Payloads")
jlbl2.setText(
"This payload type lets you configure a simple list of strings that are used as payloads."
)
spanePayloadList.setViewportView(self.listPayloads)
varName = 'SQLiQueryTampering_PayloadsDirectory'
path = self.extender.callbacks.loadExtensionSetting(varName)
if path:
self.textPayloadsDir.text = path
self.extender.PayloadList = self.readPayloadsFromDir(path)
else:
self.extender.PayloadList = self.readPayloadsListFile()
self.listPayloads.setListData(self.extender.PayloadList)
pastePayloadButton.setText("Paste")
loadPayloadButton.setText("Load")
removePayloadButton.setText("Remove")
clearPayloadButton.setText("Clear")
self.textNewPayload.setToolTipText("")
addPayloadButton.setText("Add")
jlbl3.setForeground(Color(255, 102, 51))
jlbl3.setFont(Font(jlbl3.getFont().toString(), 1, 14))
jlbl3.setText("Tamper Techniques")
jlbl4.setText(
"You can select the techniques that you want to perform processing tasks on each user-defined payload"
)
self.chkGeneral.setText("General")
varName = 'SQLiQueryTampering_{}'.format(self.chkGeneral.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkGeneral.setSelected(int(state))
self.chkMAXDB.setText("SAP MAX DB")
varName = 'SQLiQueryTampering_{}'.format(self.chkMAXDB.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMAXDB.setSelected(int(state))
self.chkMSSQL.setText("MS SQL Server")
varName = 'SQLiQueryTampering_{}'.format(self.chkMSSQL.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMSSQL.setSelected(int(state))
self.chkMSAccess.setText("MS Access")
varName = 'SQLiQueryTampering_{}'.format(self.chkMSAccess.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMSAccess.setSelected(int(state))
self.chkPostgres.setText("Postgres SQL")
varName = 'SQLiQueryTampering_{}'.format(self.chkPostgres.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkPostgres.setSelected(int(state))
self.chkOracle.setText("Oracle")
varName = 'SQLiQueryTampering_{}'.format(self.chkOracle.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkOracle.setSelected(int(state))
self.chkSqlite.setText("Sqlite")
varName = 'SQLiQueryTampering_{}'.format(self.chkSqlite.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkSqlite.setSelected(int(state))
self.chkMysql.setText("MySql")
varName = 'SQLiQueryTampering_{}'.format(self.chkMysql.text)
state = self.extender.callbacks.loadExtensionSetting(varName)
if state: self.chkMysql.setSelected(int(state))
jlbl5.setText("[?] Save the Generated/Tampered Payloads to :")
toClipboardButton.setText("Clipboard")
toFileButton.setText("File")
GeneratorPanelLayout = GroupLayout(GeneratorPanel)
GeneratorPanel.setLayout(GeneratorPanelLayout)
GeneratorPanelLayout.setHorizontalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.TRAILING).addComponent(
jlbl2, GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jlbl4, GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE, GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
jSeparator1, GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup().addGap(
6, 6, 6).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING
).addGroup(GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING,
False).addComponent(
removePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
clearPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
loadPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
pastePayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
addPayloadButton,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE)
).addGap(
21, 21, 21).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addComponent(self.textNewPayload).addComponent(
spanePayloadList, GroupLayout.DEFAULT_SIZE,
563, Short.MAX_VALUE))).addComponent(
jlbl1).addComponent(jlbl3).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkGeneral).addComponent(
self.chkMSSQL)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkPostgres).addComponent(
self.chkMAXDB)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkMSAccess).addComponent(
self.chkOracle)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
self.chkSqlite).addComponent(self.chkMysql)
)).addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(jlbl5).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(toClipboardButton).addGap(
18, 18,
18).addComponent(toFileButton,
GroupLayout.PREFERRED_SIZE,
97, GroupLayout.PREFERRED_SIZE
))))).addContainerGap()))
GeneratorPanelLayout.setVerticalGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addContainerGap().addComponent(jlbl1).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
jlbl2, GroupLayout.PREFERRED_SIZE, 21,
GroupLayout.PREFERRED_SIZE).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
spanePayloadList, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addGroup(GeneratorPanelLayout.createSequentialGroup(
).addComponent(pastePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(loadPayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(removePayloadButton).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(clearPayloadButton))).
addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textNewPayload,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).
addComponent(addPayloadButton)).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jSeparator1, GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(jlbl3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(jlbl4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkGeneral).addComponent(
self.chkMAXDB).addComponent(
self.chkOracle).addComponent(
self.chkSqlite)).
addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.chkMSSQL).addComponent(
self.chkPostgres).addComponent(
self.chkMSAccess).addComponent(
self.chkMysql)
).addGap(18, 18, 18).addGroup(
GeneratorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jlbl5).addComponent(toClipboardButton).
addComponent(toFileButton)).addGap(20, 20, 20)))
GeneratorScrollPane.setViewportView(GeneratorPanel)
TabbedPane1.addTab("Generator", GeneratorScrollPane)
varName = 'SQLiQueryTampering_comboProcessorTech'
state = self.extender.callbacks.loadExtensionSetting(varName)
for item in self.extender.getTamperFuncsName():
self.comboProcessorTech.addItem(item)
if state: self.comboProcessorTech.setSelectedIndex(int(state))
jLabel1.setText("Processor Technique :")
jLabel2.setText(
"Modify Plain Payloads based on the selected Processor Technique. Write one payload per line."
)
jLabel3.setText("Plain Payloads:")
self.textPlainPayload.setColumns(20)
self.textPlainPayload.setRows(5)
jScrollPane1.setViewportView(self.textPlainPayload)
jLabel4.setText("Tampered Payloads:")
self.textTamperedPayload.setColumns(20)
self.textTamperedPayload.setRows(5)
jScrollPane2.setViewportView(self.textTamperedPayload)
tamperPayloadButton.setText("Tamper Payloads")
ProcessorPanelLayout = GroupLayout(ProcessorPanel)
ProcessorPanel.setLayout(ProcessorPanelLayout)
ProcessorPanelLayout.setHorizontalGroup(
ProcessorPanelLayout.
createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
GroupLayout.Alignment.TRAILING,
ProcessorPanelLayout.createSequentialGroup().addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE).addComponent(
tamperPayloadButton).addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
).addGroup(ProcessorPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(jSeparator2).
addComponent(jScrollPane1).addComponent(jScrollPane2).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jLabel3).addComponent(jLabel4).addGroup(
ProcessorPanelLayout.createSequentialGroup(
).addComponent(jLabel1).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE, 286,
GroupLayout.PREFERRED_SIZE)).
addComponent(jLabel2)).addGap(
0, 78, Short.MAX_VALUE))).addContainerGap()))
ProcessorPanelLayout.setVerticalGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
ProcessorPanelLayout.createSequentialGroup().addGap(
33, 33, 33).addGroup(
ProcessorPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).
addComponent(jLabel1).addComponent(
self.comboProcessorTech,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)).addGap(
18, 18, 18).addComponent(
jSeparator2,
GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addGap(
12, 12,
12).addComponent(jLabel2).addGap(
18, 18, 18).
addComponent(jLabel3).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane1, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(jLabel4).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
jScrollPane2, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(tamperPayloadButton).addGap(36, 36, 36)))
ProcessorScrollPane.setViewportView(ProcessorPanel)
TabbedPane1.addTab("Processor", ProcessorScrollPane)
jlbl6.setForeground(Color(255, 102, 51))
jlbl6.setFont(Font(jlbl6.getFont().toString(), 1, 14))
jlbl6.setText("Payloads Directory")
jlbl9.setText("Choose your own directory containing payload files:")
dirBrowseButton.setText("...")
dirBrowseButton.setToolTipText("Browse")
jlbl10.setText(
"If you want to remove any previously applied preferences:")
restoreDefaultsButton.setText("Restore")
reloadPayloadsButton.setText("Reload")
jlbl7.setForeground(Color(255, 102, 51))
jlbl7.setFont(Font(jlbl7.getFont().toString(), 1, 14))
jlbl7.setText("Restore Defaults")
OptionsPanelLayout = GroupLayout(OptionsPanel)
OptionsPanel.setLayout(OptionsPanelLayout)
OptionsPanelLayout.setHorizontalGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addContainerGap().addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
OptionsPanelLayout.createSequentialGroup().addGap(
12, 12, 12).addComponent(jlbl7).addContainerGap(
GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)).
addGroup(OptionsPanelLayout.createSequentialGroup().addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
jSeparator3).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addComponent(self.textPayloadsDir).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addComponent(
dirBrowseButton, GroupLayout.PREFERRED_SIZE, 29,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(reloadPayloadsButton)).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(jlbl9).
addGroup(
OptionsPanelLayout.createSequentialGroup().addGap(
8, 8, 8).addComponent(jlbl6))).addGap(
0, 0,
Short.MAX_VALUE))).addContainerGap()).
addGroup(OptionsPanelLayout.createSequentialGroup(
).addComponent(jlbl10).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addComponent(
restoreDefaultsButton).addGap(0, 150,
Short.MAX_VALUE)))))
OptionsPanelLayout.setVerticalGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
OptionsPanelLayout.createSequentialGroup().addContainerGap(
).addComponent(jlbl6).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(jlbl9).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.TRAILING,
False).addComponent(
dirBrowseButton,
GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
reloadPayloadsButton,
GroupLayout.Alignment.LEADING,
GroupLayout.DEFAULT_SIZE,
GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE).addComponent(
self.textPayloadsDir)
).addGap(18, 18, 18).addComponent(
jSeparator3, GroupLayout.PREFERRED_SIZE, 10,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(jlbl7).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
OptionsPanelLayout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
jlbl10).addComponent(restoreDefaultsButton)
).addContainerGap(254, Short.MAX_VALUE)))
OptionsScrollPane.setViewportView(OptionsPanel)
TabbedPane1.addTab("Options", OptionsScrollPane)
self.mainPanel = JPanel()
layout = GroupLayout(self.mainPanel)
self.mainPanel.setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(
TabbedPane1, GroupLayout.DEFAULT_SIZE, 701,
Short.MAX_VALUE))
layout.setVerticalGroup(
layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addComponent(TabbedPane1))
TabbedPane1.getAccessibleContext().setAccessibleName("Generator")
def draw(self):
""" init interception filters tab
"""
self._extender.savedHeaders = [{
"title":
"Temporary headers",
"headers":
"Cookie: Insert=injected; cookie=or;\nHeader: here"
}]
# IFStrings has to contains : character
IFStrings = [
"Scope items only: (Content is not required)",
"URL Contains (simple string): ", "URL Contains (regex): ",
"URL Not Contains (simple string): ", "URL Not Contains (regex): ",
"Only HTTP methods (newline separated): ",
"Ignore HTTP methods (newline separated): ",
"Ignore spider requests: (Content is not required)",
"Ignore proxy requests: (Content is not required)",
"Ignore target requests: (Content is not required)"
]
self._extender.IFType = JComboBox(IFStrings)
self._extender.IFType.setBounds(80, 10, 430, 30)
self._extender.IFModel = DefaultListModel()
self._extender.IFList = JList(self._extender.IFModel)
scrollIFList = JScrollPane(self._extender.IFList)
scrollIFList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollIFList.setBounds(80, 175, 300, 110)
scrollIFList.setBorder(LineBorder(Color.BLACK))
# Adding some default interception filters
# self.IFModel.addElement("Scope items only: (Content is not required)") # commented for better first impression.
self._extender.IFModel.addElement(
"URL Not Contains (regex): \\.js|\\.css|\\.png|\\.jpg|\\.svg|\\.jpeg|\\.gif|\\.woff|\\.map|\\.bmp|\\.ico$"
)
self._extender.IFModel.addElement("Ignore spider requests: ")
self._extender.IFText = JTextArea("", 5, 30)
scrollIFText = JScrollPane(self._extender.IFText)
scrollIFText.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollIFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self._extender.IFAdd = JButton("Add filter",
actionPerformed=self.addIFFilter)
self._extender.IFAdd.setBounds(390, 85, 120, 30)
self._extender.IFDel = JButton("Remove filter",
actionPerformed=self.delIFFilter)
self._extender.IFDel.setBounds(390, 210, 120, 30)
self._extender.IFMod = JButton("Modify filter",
actionPerformed=self.modIFFilter)
self._extender.IFMod.setBounds(390, 250, 120, 30)
self._extender.filtersPnl = JPanel()
self._extender.filtersPnl.setLayout(None)
self._extender.filtersPnl.setBounds(0, 0, 1000, 1000)
self._extender.filtersPnl.add(IFLType)
self._extender.filtersPnl.add(self._extender.IFType)
self._extender.filtersPnl.add(IFLContent)
self._extender.filtersPnl.add(scrollIFText)
self._extender.filtersPnl.add(self._extender.IFAdd)
self._extender.filtersPnl.add(self._extender.IFDel)
self._extender.filtersPnl.add(self._extender.IFMod)
self._extender.filtersPnl.add(IFLabelList)
self._extender.filtersPnl.add(scrollIFList)
def registerExtenderCallbacks(self, callbacks):
self.out = callbacks.getStdout()
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("WhatsApp Decoder")
self.banner = JLabel("WHATSAPP DECRYPTION AND ENCRYPTION EXTENSION BY DIKLA BARDA, ROMAN ZAIKIN", SwingConstants.CENTER)
self.banner.setFont(Font("Serif", Font.PLAIN, 17))
self.banner.setBorder(BorderFactory.createLineBorder(Color.BLACK))
self.statusConn = JLabel("CONNECTION STATUS: ")
self.statusConnField = JLabel("NOT CONNECTED")
self.statusAct = JLabel("ACTION STATUS: ")
self.statusActField = JLabel("OK")
self.ref = JLabel("Ref object: ")
self.refField = JTextField("", 80)
self.refField.setToolTipText("Copy the Ref from burpsuit WebSocket, make sure that the parameter 'secret' is there and you copy only the 'ref' without the connection and other data, if not logout from your whatsapp web and login again.")
self.privateKey = JLabel("Private Key:")
self.privateKeyField = JTextField("", 80)
self.privateKeyField.setToolTipText("Copy the private key list from your whatsapp web according to our blog post.")
self.publicKey = JLabel("Public Key: ")
self.publicKeyField = JTextField("", 80)
self.publicKeyField.setToolTipText("Copy the public key list from your whatsapp web according to our blog post.")
self.statusPanel1 = JPanel()
self.statusPanel1.add(self.statusConn)
self.statusPanel1.add(self.statusConnField)
self.statusPanel2 = JPanel()
self.statusPanel2.add(self.statusAct)
self.statusPanel2.add(self.statusActField)
self.privateKeyPanel = JPanel()
self.privateKeyPanel.add(self.privateKey)
self.privateKeyPanel.add(self.privateKeyField)
self.publicKeyPanel = JPanel()
self.publicKeyPanel.add(self.publicKey)
self.publicKeyPanel.add(self.publicKeyField)
self.refPanel = JPanel()
self.refPanel.add(self.ref)
self.refPanel.add(self.refField)
self.messageField = JTextArea('["action", {"add": "relay"}, [{"message": {"conversation": "WhatsApp Protocol Decryption!"}, "participant": "*****@*****.**", "messageTimestamp": "1565193325", "key": {"fromMe": false, "remoteJid": "*****@*****.**", "id": "78CECC5019E81B84B64ED2F6A57217AK"}, "status": "ERROR"}]]', 5, 90)
self.messageField.setLineWrap(True)
self.messageField.setToolTipText("Incoming traffic is from burp suite websocket, The outgoing traffic is the list from aesCbcEncrypt")
self.messageTag = JLabel("Message Tag:")
self.messageTagField = JTextField("", 80)
self.messageTagField.setToolTipText("Copy the message tag from WebSocket it's the text until first ',' ")
self.messageTagFieldButton = JButton("Update Tag", actionPerformed=self.performUpdateTag)
self.whatsAppMessagesPanel = JPanel()
self.whatsAppMessagesPanel.add(self.messageField)
self.messageTagPanel = JPanel()
self.messageTagPanel.add(self.messageTag)
self.messageTagPanel.add(self.messageTagField)
self.messageTagPanel.add(self.messageTagFieldButton)
self.btnSave = JButton("Connect", actionPerformed=self.saveConfig)
self.btnRestore = JButton("Clear", actionPerformed=self.clearConfig)
self.grpConfig = JPanel()
self.grpConfig.add(self.btnSave)
self.grpConfig.add(self.btnRestore)
self.btnIncoming = JButton("Incoming", actionPerformed=self.performAction)
self.btnOutgoing = JButton("Outgoing", actionPerformed=self.performAction)
self.btnEncrypt = JButton("Encrypt", actionPerformed=self.performAction)
self.btnEncrypt.setEnabled(False) # Can't send data without a direction
self.btnDecrypt = JButton("Decrypt", actionPerformed=self.performAction)
self.btnDecrypt.setEnabled(False) # Can't send data without a direction
self.btnCrypt = JPanel()
self.btnCrypt.add(self.btnIncoming)
self.btnCrypt.add(self.btnEncrypt)
self.btnCrypt.add(self.btnDecrypt)
self.btnCrypt.add(self.btnOutgoing)
self.tab = JPanel()
layout = GridBagLayout()
self.tab.setLayout(layout)
c = GridBagConstraints()
c.ipadx = 0
c.ipady = 0
c.fill = GridBagConstraints.BOTH
#c.weightx = 0 # gap between the x items
#c.weighty = 0 # gap between the y items
c.anchor = GridBagConstraints.NORTHWEST
c.gridx = 0
c.gridy = 0
self.tab.add(self.banner, c)
c.gridx = 0
c.gridy = 1
self.tab.add(self.refPanel, c)
c.gridx = 0
c.gridy = 2
self.tab.add(self.privateKeyPanel, c)
c.gridx = 0
c.gridy = 3
self.tab.add(self.publicKeyPanel, c)
c.gridx = 0
c.gridy = 4
c.anchor = GridBagConstraints.CENTER
self.tab.add(self.grpConfig, c)
c.gridx = 0
c.gridy = 5
self.tab.add(self.whatsAppMessagesPanel, c)
c.gridx = 0
c.gridy = 6
self.tab.add(self.messageTagPanel, c)
c.gridx = 0
c.gridy = 7
self.tab.add(self.btnCrypt, c)
c.gridx = 0
c.gridy = 8
self.tab.add(self.statusPanel1, c)
c.gridx = 0
c.gridy = 9
self.tab.add(self.statusPanel2, c)
# restore config
self.restoreConfig()
callbacks.addSuiteTab(self)