class BurpExtender(IBurpExtender, IHttpListener, IScannerCheck, IScannerListener, IScanIssue, ITab, IMessageEditorTab): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self.helpers = callbacks.getHelpers() self._callbacks.setExtensionName("Suggester") callbacks.registerHttpListener(self) callbacks.registerScannerListener(self) callbacks.registerScannerCheck(self) callbacks.setProxyInterceptionEnabled(False) ############################ # add the custom tab and button to Burp's UI self._newpanel = Panel() self._newpanel.setLayout(FlowLayout()) callbacks.customizeUiComponent(self._newpanel) callbacks.addSuiteTab(self) return ### IScannerCheck ### def doPassiveScan(self, baseRequestResponse): # print "\n" analyzedResponse = self.helpers.analyzeResponse(baseRequestResponse.getResponse()) # Returns IResponseInfo analyzedRequest = self.helpers.analyzeRequest(baseRequestResponse) urlList = analyzedRequest.getUrl() paramList = analyzedRequest.getParameters() contenttypeList = analyzedRequest.getContentType() issues = [] # print "\nURL:" # print urlList if self._callbacks.isInScope(urlList): for param in paramList: vulnparam=param.getName() vulncheck(urlList, vulnparam) # print "\nCT:" # print contenttypeList # print "-----------------------------------------------" return def getTabCaption(self): '''Name of our tab''' return "Suggester" def getUiComponent(self): '''return our panel''' return self._newpanel
class GUI(Helpers): def gui(self): x = 10 # panel padding y = 5 # panel padding self.panel = Panel() self.panel.setLayout(None) self.scn_lbl = JLabel("Enable scanning") self.scn_lbl.setBounds(x, y, 100, 20) self.panel.add(self.scn_lbl) self.enable = JCheckBox() self.enable.setBounds(x + 120, y, 50, 20) self.panel.add(self.enable) self.rand_lbl = JLabel("Randomize payloads") self.rand_lbl.setBounds(x, y + 15, 100, 20) self.panel.add(self.rand_lbl) self.randomize = JCheckBox() self.randomize.setBounds(x + 120, y + 15, 50, 20) self.panel.add(self.randomize) self.pyld_lbl = JLabel("Payloads List (Line separated)") self.pyld_lbl.setBounds(x, y + 30, 180, 20) self.panel.add(self.pyld_lbl) self.payloads_list = JTextArea() self.pyld_scrl = JScrollPane(self.payloads_list) self.pyld_scrl.setBounds(x, y + 50, 600, 200) self.panel.add(self.pyld_scrl) self.save_btn = JButton("Save", actionPerformed=self.save_settings) self.save_btn.setBounds(x, y + 250, 100, 30) self.panel.add(self.save_btn) # Settings loader from [utils/Helpers/load_settings] self.load_settings() return self
class BurpExtender(IBurpExtender, ITab, IScannerCheck, IScannerInsertionPoint): # definitions EXTENSION_NAME="CustomScanner" def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # define stdout writer self._stdout = PrintWriter(callbacks.getStdout(), True) self._stdout.println(self.EXTENSION_NAME + ' by @luxcupitor') self._stdout.println('================================') self._stdout.println('') self._stdout.println('TIP: Go to "Custom Scanner" tab and click "Execute on Proxy History"') self._stdout.println('to run the scanner checks on recently imported session files.') self._stdout.println('') # set our extension name callbacks.setExtensionName(self.EXTENSION_NAME) callbacks.registerScannerCheck(self) # add the custom tab and button to Burp's UI self._newpanel = Panel() self._newpanel.setLayout(FlowLayout()) self._button = JButton("Execute on Proxy History", actionPerformed=self.checkProxyHistory) self._newpanel.add(self._button) callbacks.customizeUiComponent(self._newpanel) callbacks.addSuiteTab(self) return def getTabCaption(self): '''Name of our tab''' return self.EXTENSION_NAME def getUiComponent(self): '''return our panel and button we setup''' return self._newpanel def checkProxyHistory(self,msg): '''This is what gets executed when the button in our panel is clicked''' for proxyitem in self._callbacks.getProxyHistory(): self.logScanIssue(proxyitem) return def getMatches(self, response, match): '''This finds our pattern match in the request/response and returns an int array''' start = 0 count = 0 matches = [array('i')] while start < len(response): start=self._helpers.indexOf(response, match, True, start, len(response)) if start == -1: break try: matches[count] except: matches.append(array('i')) matches[count].append(start) matches[count].append(start+len(match)) start += len(match) count += 1 return matches def doPassiveScan(self, baseRequestResponse): '''This sets up our custom check and returns the issue a list array''' PATTERN="secretdata" ISSUE_NAME="Pattern found in HTTP Response" ISSUE_DETAIL="HTTP Response contains this pattern: " + PATTERN ISSUE_BACKGROUND="The web site has exposed sensitive information" REMEDIATION_BACKGROUND="Sensitive information" REMEDIATION_DETAIL="Ensure sensitive information is only shown to authorized users" SEVERITY="Information" CONFIDENCE="Certain" issue = list() match = self.getMatches(baseRequestResponse.getResponse(), PATTERN) if len(match) > 0: httpmsgs = [self._callbacks.applyMarkers(baseRequestResponse,None,match)] issue.append(ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs, ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, REMEDIATION_DETAIL, ISSUE_BACKGROUND, REMEDIATION_BACKGROUND)) return issue def logScanIssue(self, baseRequestResponse): '''This is redundant (mostly) of the doPassiveScan function''' PATTERN="BEEFSESSION" ISSUE_NAME="Pattern found in Cookie header" ISSUE_DETAIL="HTTP Request contains this pattern: " + PATTERN ISSUE_BACKGROUND="The web browser might be hooked with BeEF" REMEDIATION_BACKGROUND="Potential XSS Zombie" REMEDIATION_DETAIL="Ensure this was from you" SEVERITY="High" CONFIDENCE="Tentative" for header in self._helpers.analyzeRequest(baseRequestResponse).getHeaders(): if "Cookie:" in header and PATTERN in header: match = self.getMatches(baseRequestResponse.getRequest(), PATTERN) httpmsgs = [self._callbacks.applyMarkers(baseRequestResponse,match,None)] issue=ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs, ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, REMEDIATION_DETAIL, ISSUE_BACKGROUND, REMEDIATION_BACKGROUND) self._callbacks.addScanIssue(issue) return def doActiveScan(self, baseRequestResponse, insertionPoint): INJECTION="id" PATTERN="uid=" ISSUE_NAME="Command Injection" ISSUE_DETAIL="Vulnerable to command injection" ISSUE_BACKGROUND="The web site has responded to command injection attempt" REMEDIATION_BACKGROUND="Sanitize all inputs" REMEDIATION_DETAIL="Assume all client supplied inputs are bad." SEVERITY="High" CONFIDENCE="Certain" issue = list() checkRequest = insertionPoint.buildRequest(INJECTION) checkRequestResponse = self._callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), checkRequest) match = self.getMatches(checkRequestResponse.getResponse(), PATTERN) if len(match) > 0: requestHighlights = [insertionPoint.getPayloadOffsets(INJECTION)] httpmsgs = [self._callbacks.applyMarkers(checkRequestResponse, requestHighlights, match)] issue.append(ScanIssue(baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), httpmsgs,ISSUE_NAME, ISSUE_DETAIL, SEVERITY, CONFIDENCE, REMEDIATION_DETAIL, ISSUE_BACKGROUND, REMEDIATION_BACKGROUND)) return issue