def registerExtenderCallbacks(self, callbacks): self.__logger.debug('registerExtenderCallbacks. START') try: #callbacks.registerMenuItem("Dis/Enable burpstrike...", BurpStrikeMenuItem()) #callbacks.registerMenuItem("De/Activate all plugins...", BurpStrikeMenuItem()) # for m in Facade().get_plugins().names(): # callbacks.registerMenuItem("Send to %s" % m, BurpStrikeMenuItem()) self.__logger.info('* setting burp callbacks in facade') Facade().mCallBacks = callbacks self.__logger.debug('* initializating controller') Facade().controller = Controller() self.__logger.debug('* initializating jobman') Facade().jman = JobMan() Facade().jman.start() self.__logger.debug('* initializating ui') cw = ConsoleWorker() cw.start() except Exception, e: traceback.print_exc(file=sys.stdout) Facade().formatExceptionInfo("registerExtenderCallbacks")
def on_enable_plugin(self, name, state): if name == "All" and state: Facade().issue_alert("Enabled all plugins") Facade().get_plugins().enable_all() elif name == "All" and not state: Facade().issue_alert("Disabled all plugins") Facade().get_plugins().disable_all()
def run(self): try: Console().cmdloop() except KeyboardInterrupt: print "Exiting...." Facade().exit() except Exception, e: Facade().formatExceptionInfo("ConsoleWorker")
def on_enable_tool(self, value): if value: Facade().issue_alert("Enabled burpstrike") else: Facade().issue_alert("Disabled burpstrike") Settings().set(Settings.SEC_PLUGIN_INTEGRATION, Settings.ACTIVE, str(value))
def put_results(self, msg, item): r = Result() r.source = self.name() r.issue = self.issue() r.detail = item r.msg = msg Facade().issue_alert("New issue %s from %s" % (r.issue, r.source)) Facade().get_results().add_result(r)
class BurpRequest(BaseRequest, IRequest): def __init__(self): BaseRequest.__init__(self) self.__mCallBacks = Facade().mCallBacks def setAuth(self, method, string): pass def getAuth(self): pass def setProxy(self, prox): pass def setConnTimeout(self, time): pass def setTotalTimeout(self, time): pass def setFollowLocation(self, value): pass def parse_response(self, msg): self.response = Response() self.response.parseResponse(msg) def perform(self): if self.getHost().find(":") > 0: host, p = self.getHost().split(':') port = int(p) else: host = self.getHost() port = 80 if self.schema == "http": useHttps = False elif self.schema == "https": useHttps = True else: raise Exception("Unknown HTTP schema") #self.__mCallBacks.sendToRepeater(host,port,useHttps,[ord(x) for x in self.getAll()], "test") #print "performeando:" #print self.getAll() #aa = [ord(x) for x in self.getAll()] #print "to string...................." #print aa #print ''.join([chr(x) for x in aa]) #print "fiinnnto string...................." msg = self.__mCallBacks.makeHttpRequest( host, port, useHttps, [ord(x) for x in self.getAll()]) #print "resultado" #print msg self.parse_response(msg.tostring())
def run(self): try: while 1: self.__logger.debug('Run. waiting for messages......................................') # http://bugs.python.org/issue1360 msg = Facade().get_msg_queue().get(True, 365 * 24 * 60 * 60) self.__processed += 1 excluded_req_tools = Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.EXCLUDED_REQ_TOOLS).split(',') excluded_resp_tools = Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.EXCLUDED_RESP_TOOLS).split(',') for name, plugin in Facade().get_plugins().items(): if plugin.enabled is not True: self.__logger.debug('Run. Plugin %s not enabled.' % name) continue # exclusions if plugin.get_type() == BPlugin.PROCESS_REQUEST and msg.source in excluded_req_tools: self.__logger.debug('Run. Request in excluded sources. url=%s, type=%d, source=%s, excluded=%s' % (msg.get_url(), msg.mtype, msg.source, excluded_req_tools)) continue elif plugin.get_type() == BPlugin.PROCESS_RESPONSE and msg.source in excluded_resp_tools: self.__logger.debug('Run. Response in excluded sources. url=%s, type=%d, source=%s, excluded=%s' % (msg.get_url(), msg.mtype, msg.source, excluded_resp_tools)) continue elif plugin.get_type() == BPlugin.PROCESS_REQUEST and not msg.mtype == MyHTTPMsg.BURP_TOOL: self.__logger.debug('Run. Request type %d not processed. url=%s' % (msg.mtype, msg.get_url())) continue elif plugin.get_type() == BPlugin.PROCESS_RESPONSE and not (msg.mtype == MyHTTPMsg.BURP_TOOL or msg.mtype == MyHTTPMsg.BSTRIKE): self.__logger.debug('Run. Response not processed. type=%d, source=%s, excluded=%s' % (msg.mtype, msg.source, excluded_resp_tools)) continue # current cache only valid for req? => processing all responses!! elif plugin.get_type() == BPlugin.PROCESS_REQUEST and self.msg_in_cache(msg, name): self.__logger.debug('Run. Request already processed by %s.' % name) continue else: self.__logger.debug('processing message. plugin: %s ...' % name) th = Thread(target = plugin.process, kwargs={"msg": msg, "q": self.__walking_threads}) self.__logger.debug('putting task. plugin: %s ...' % name) self.__walking_threads.put(th) self.__logger.debug('starting thread. plugin: %s ...' % name) th.start() except Exception, e: Facade().formatExceptionInfo("JobMan")
class BurpRequest(BaseRequest, IRequest): def __init__(self): BaseRequest.__init__(self) self.__mCallBacks = Facade().mCallBacks def setAuth (self,method,string): pass def getAuth (self): pass def setProxy (self,prox): pass def setConnTimeout (self,time): pass def setTotalTimeout (self,time): pass def setFollowLocation(self,value): pass def parse_response(self, msg): self.response = Response() self.response.parseResponse(msg) def perform(self): if self.getHost().find(":") > 0: host, p = self.getHost().split(':') port = int(p) else: host = self.getHost() port = 80 if self.schema == "http": useHttps = False elif self.schema == "https": useHttps = True else: raise Exception("Unknown HTTP schema") #self.__mCallBacks.sendToRepeater(host,port,useHttps,[ord(x) for x in self.getAll()], "test") #print "performeando:" #print self.getAll() #aa = [ord(x) for x in self.getAll()] #print "to string...................." #print aa #print ''.join([chr(x) for x in aa]) #print "fiinnnto string...................." msg = self.__mCallBacks.makeHttpRequest(host, port, useHttps, [ord(x) for x in self.getAll()]) #print "resultado" #print msg self.parse_response(msg.tostring())
def processHttpMessage(self, toolName, messageIsRequest, messageInfo): self.__logger.debug('processHttpMessage. START, toolName=%s' % toolName) try: # request messages are commonly uncompleted until response arrives (also containing the request) # even burp complains with java.lang.Exception: java.lang.Exception: request has not yet been issued if not messageIsRequest: http_msg = MyHTTPMsg.from_processHttpMessage(toolName, messageIsRequest, messageInfo) http_msg.mtype = MyHTTPMsg.BURP_TOOL self.__add_to_queue(http_msg) else: self.__logger.debug('processHttpMessage. ignored request msg') except Exception, e: Facade().formatExceptionInfo("processHttpMessage")
def __add_to_queue(self, msg): self.__logger.debug('__add_to_queue. START') if Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.ACTIVE) != 'True': self.__logger.debug('__add_to_queue. Url not enqueued, plugins not active') return uurl = msg.get_java_url() if Settings().get(Settings.SEC_PLUGIN_INTEGRATION, Settings.ONLY_SCOPE) == 'True' and not Facade().mCallBacks.isInScope(uurl): self.__logger.debug('__add_to_queue. Url not enqueued, not in scope: %s.' % uurl) return else: self.__logger.debug('__add_to_queue. url queued: %s.' % uurl) Facade().get_msg_queue().put(msg) self.__logger.debug('__add_to_queue. END')
def menuItemClicked(self, menuItemCaption, messageInfo): self.__logger.debug('menuItemClicked. START, %s' % menuItemCaption) plname = "" if menuItemCaption == "Send to gazpacho": plname = "gazpacho" elif menuItemCaption.startswith("Send to sqpyfia"): plname = "sqpyfia-0.9-py2.6" elif menuItemCaption == "Dis/Enable burpstrike...": self.tool_state = not self.tool_state Facade().get_controller().on_enable_tool(self.tool_state) elif menuItemCaption == "De/Activate all plugins...": self.plugin_state = not self.plugin_state Facade().get_controller().on_enable_plugin("All", self.plugin_state) if plname: for m in messageInfo: msg = MyHTTPMsg.from_IHttpRequestResponse(m) plugin = Facade().get_plugins().get(plname) plugin.process(msg, None) self.__logger.debug('menuItemClicked. END.')
def api_issue_alert(msg): Facade().issue_alert(msg)
def do_issues(self, line): for i in range(len(Facade().get_results())): print str(Facade().get_results().get_result(i))
def do_deativate_plugins(self, line): Facade().get_controller().on_enable_plugin("All", False)
def do_activate_plugins(self, line): Facade().get_controller().on_enable_plugin("All", True)
def do_enable(self, line): Facade().get_controller().on_enable_tool(True)
def do_disable(self, line): Facade().get_controller().on_enable_tool(False)
def __init__(self): BaseRequest.__init__(self) self.__mCallBacks = Facade().mCallBacks
def __watchman(self): while self.__watch: time.sleep(10) print "Queue size: %d" % Facade().get_msg_queue().qsize() print "Walking threads queue: %d" % self.__walking_threads.qsize() print "Processed msgs: %d" % self.__processed
def api_deactivate_plugin(plugin_name): Facade().get_plugins().set_state(plugin_name, False)
def api_process_msg(msg, plugin_name): plugin = Facade().get_plugins().get(plugin_name) plugin.process(msg, None)
def run(self): try: while 1: self.__logger.debug( 'Run. waiting for messages......................................' ) # http://bugs.python.org/issue1360 msg = Facade().get_msg_queue().get(True, 365 * 24 * 60 * 60) self.__processed += 1 excluded_req_tools = Settings().get( Settings.SEC_PLUGIN_INTEGRATION, Settings.EXCLUDED_REQ_TOOLS).split(',') excluded_resp_tools = Settings().get( Settings.SEC_PLUGIN_INTEGRATION, Settings.EXCLUDED_RESP_TOOLS).split(',') for name, plugin in Facade().get_plugins().items(): if plugin.enabled is not True: self.__logger.debug('Run. Plugin %s not enabled.' % name) continue # exclusions if plugin.get_type( ) == BPlugin.PROCESS_REQUEST and msg.source in excluded_req_tools: self.__logger.debug( 'Run. Request in excluded sources. url=%s, type=%d, source=%s, excluded=%s' % (msg.get_url(), msg.mtype, msg.source, excluded_req_tools)) continue elif plugin.get_type( ) == BPlugin.PROCESS_RESPONSE and msg.source in excluded_resp_tools: self.__logger.debug( 'Run. Response in excluded sources. url=%s, type=%d, source=%s, excluded=%s' % (msg.get_url(), msg.mtype, msg.source, excluded_resp_tools)) continue elif plugin.get_type( ) == BPlugin.PROCESS_REQUEST and not msg.mtype == MyHTTPMsg.BURP_TOOL: self.__logger.debug( 'Run. Request type %d not processed. url=%s' % (msg.mtype, msg.get_url())) continue elif plugin.get_type( ) == BPlugin.PROCESS_RESPONSE and not ( msg.mtype == MyHTTPMsg.BURP_TOOL or msg.mtype == MyHTTPMsg.BSTRIKE): self.__logger.debug( 'Run. Response not processed. type=%d, source=%s, excluded=%s' % (msg.mtype, msg.source, excluded_resp_tools)) continue # current cache only valid for req? => processing all responses!! elif plugin.get_type( ) == BPlugin.PROCESS_REQUEST and self.msg_in_cache( msg, name): self.__logger.debug( 'Run. Request already processed by %s.' % name) continue else: self.__logger.debug( 'processing message. plugin: %s ...' % name) th = Thread(target=plugin.process, kwargs={ "msg": msg, "q": self.__walking_threads }) self.__logger.debug('putting task. plugin: %s ...' % name) self.__walking_threads.put(th) self.__logger.debug('starting thread. plugin: %s ...' % name) th.start() except Exception, e: Facade().formatExceptionInfo("JobMan")
def api_getProxyHistory(): return [ MyHTTPMsg.from_IHttpRequestResponse(i) for i in Facade().mCallBacks.getProxyHistory() ]
def api_getSiteMap(urlprefix): return [ MyHTTPMsg.from_IHttpRequestResponse(i) for i in Facade().mCallBacks.getSiteMap(urlprefix) ]
def do_plugins(self, line): for i in Facade().get_plugins().names(): print i
def api_activate_plugin(plugin_name): Facade().get_plugins().set_state(plugin_name, True)
def generate_alert(self, msg): Facade().issue_alert(msg)
def do_flushcache(self, line): Facade().get_jobman().flush_cache()
def process(self, msg, q): try: self._process(msg) except Exception, e: Facade().formatExceptionInfo("BPLugin. process")
def do_reload(self, line): Facade().load_plugins()