def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._lock = Lock() # set our extension name callbacks.setExtensionName('Demo HTTP Verb') # obtain our output stream self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # register ourselves as a Proxy listener callbacks.registerProxyListener(self) # Done for now #callbacks.registerScannerListener(self) # AUTO ADD TO SCOPE ------- TESTING PURPOSE ONLY #callbacks.includeInScope(URL("https://202.176.197.54")) #callbacks.includeInScope(URL("https://stg-home.singpass.gov.sg")) callbacks.includeInScope(URL("http://192.168.119.131")) #self.getScanIssues() self._stdout.println('Loaded Extension.') self._httpVerbList = [ 'POST', 'PUT', 'DELETE', 'TRACE', 'TRACK', 'CONNECT', 'PROFIND', 'PROPATCH', 'MKCOL', 'COPY', 'MOVE', 'LOCK', 'UNLOCK', 'VERSION-CONTROL', 'REPORT', 'CHECKOUT', 'CHECKIN', 'UNCHECKOUT', 'MKWORKSPACE', 'UPDATE', 'LABEL', 'MERGE', 'BASELINE-CONTROL', 'MKACTIVITY', 'ORDERPATCH', 'ACL', 'PATCH', 'SEARCH', 'ARBITARY' ] self._httpVerbFlag = False
def registerExtenderCallbacks(self, callbacks): """ Pass to extensions a set of callback methods that can be used by extensions to perform various actions within Burp. """ self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName(TITLE) callbacks.registerProxyListener(self) input_file = CONFIG_FILE self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) try: if os.path.isfile(input_file) and os.stat(input_file).st_size: self.stdout.println('[*] reading ' + input_file) with open(input_file, 'r') as read_file: for config_line in read_file.read().splitlines(): try: self.regexps.append(re.compile(config_line)) self.stdout.println( '[*] adding {0} to blackhole list'.format( config_line)) except: self.stdout.println( '[-] invalid regular expression: {0}'.format( config_line)) else: self.stderr.println('[-] could not read {0} from {1}'.format( input_file, os.getcwd())) except IOError as exception: self.stderr.println('[-] could not read {0} ({1}'.format( input_file, exception)) self.stdout.println('[+] {0} - version {1} loaded'.format( TITLE, VERSION)) return
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() callbacks.setExtensionName("Hello Burp") self.panel = JPanel() self.label = JLabel("Hello Burp") self.buttonOutput = Button("Print to Output", actionPerformed=self.printToOutput) self.buttonErrors = Button("Print to Errors", actionPerformed=self.printToErrors) self.buttonAlerts = Button("Print to Alerts", actionPerformed=self.printToAlerts) self.panel.add(self.label) self.panel.add(self.buttonOutput) self.panel.add(self.buttonErrors) self.panel.add(self.buttonAlerts) callbacks.customizeUiComponent(self.panel) callbacks.addSuiteTab(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) burpInfo = callbacks.getBurpVersion() self.stdout.println("Hello " + burpInfo[0] + " v" + burpInfo[1] + "." + burpInfo[2] + "!")
def registerExtenderCallbacks(self, callbacks): print "[+] #####################################" print "[+] fakeIp for burp V1.0" print "[+] anthor: CoolCat" print "[+] email: [email protected]" print "[+] gayhub:https://github.com/TheKingOfDuck" print "[+] #####################################" print "\n[-]fakeIp loading..." self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("fakeIp") callbacks.registerHttpListener(self) callbacks.registerContextMenuFactory(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.issueAlert("Loaded Successfull.") # obtain an extension helpers object self._helpers = callbacks.getHelpers() # register ourselves as an Intruder payload generator callbacks.registerIntruderPayloadGeneratorFactory(self) print "[*]Successfull..."
def registerExtenderCallbacks(self, callbacks): print "[+] #####################################" print "[+] fakeIp for burp V1.0" print "[+] anthor: Ae0lu5" print "[+] email: [email protected]" print "[+] gayhub:https://github.com/AeolusTF" print "[+] #####################################" print "\n[-]fakeIp loading..." self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("fakeIp") callbacks.registerHttpListener(self) callbacks.registerContextMenuFactory(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.issueAlert("Loaded Successfull.") # obtain an extension helpers object self._helpers = callbacks.getHelpers() # # set our extension name # callbacks.setExtensionName("Custom intruder payloads") # register ourselves as an Intruder payload generator callbacks.registerIntruderPayloadGeneratorFactory(self) print "[*]Successfull..."
def registerExtenderCallbacks(self, callbacks): try: self._callbacks = callbacks self._scanlist = [] self._scantarget = [] self.all_requests = [] self.helpers = callbacks.getHelpers() callbacks.setExtensionName("RoboBurp") self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) callbacks.registerScannerListener(self) callbacks.registerProxyListener(self) self._stdout.println(json.dumps({"running": 1})) self._stdout.flush() self.ignore_ext = [ '.woff', '.woff2', '.ttf', '.jpg', '.js', '.jpeg', '.gif', '.png', '.xml', '.json', '.css', '.swf', 'svg', 'ico', '.cur', '.pdf' ] self.ignore_domain = [ 'mozilla', 'api.keen.io', '*.google.com', '*.googleapis.com', '*.gstatic.com' ] self.scan_status_url = 'http://localhost:1111' self.proxyDict = { "http": 'http://localhost:{0}'.format(os.environ.get('port', 8080)) } return except BaseException as e: exc_type, exc_value, exc_traceback = sys.exc_info() status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno) self._stdout.println(status)
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() # Register methods for error reporting self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.stdout.println("Module loaded successfully!") callbacks.setExtensionName('Simple Burp Intruder Payload Processor') callbacks.registerIntruderPayloadProcessor(self) return def getProcessorName(): return "Capitalize Payload Process" def processPayload(currentPayload, originalPayload, baseValue): try: # Data will be outputted to Burp UI by default self.stdout.println("currentPayload: %s" % currentPayload) newPayload = capitalize(currentPayload) self.stdout.println("newPayload: %s" % newPayload) except: print "Unexpected error:", sys.exc_info()[0] return newPayload def capitalize(data): # A simple function that will capitalize strings self.stdout.println("data: %s" % data) return data.upper()
def doActiveScan(self, baseRequestResponse, insertionPoint): # This implements the scan, including making a request/s, receiving the responses, # creating scan issues for relevant issues and returning them or None # is called for each active scan, for each insertion point - filter for stderr = PrintWriter(self.callbacks.getStderr(), True) stdout = PrintWriter(self.callbacks.getStdout(), True) out = None # filter for the insertion poitns we care about if insertionPoint.getInsertionPointName( ) == INSERTION_POINT_NAME or insertionPoint.getInsertionPointType( ) in [33, 37]: #stderr.println('Enabled insertion point {}'.format(insertionPoint.getInsertionPointName())) http_service = baseRequestResponse.getHttpService() host = http_service.getHost() port = http_service.getPort() useHttps = http_service.getProtocol() == 'https' parser = Parser(self.config) payloads = parser.get_parser_output(insertionPoint.getBaseValue()) for payload in payloads: request = insertionPoint.buildRequest( self.helpers.stringToBytes(payload)) requestResponse = self.callbacks.makeHttpRequest( http_service, request) response = requestResponse.getResponse() analysed_response = self.helpers.analyzeResponse(response) if analysed_response.getStatusCode() == 200: scanIssue = ScanIssue(self.callbacks, self.config, requestResponse, payload) if not out: out = [] out.append(scanIssue) #stderr.println('Finished for: {}'.format(payload)) return out
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName('Save URL List') self.panel = JPanel() self.myLabel = JLabel('Save URL List as a Text File', JLabel.CENTER) self.buttonFile = Button('Select File', actionPerformed=self.selectFile) self.buttonSaveProxy = Button('Save All Proxy History', actionPerformed=self.saveProxy) self.buttonSaveSiteTree = Button('Save All Target SiteTree ', actionPerformed=self.saveSiteTree) self.buttonSaveProxyScope = Button('Save In-Scope Proxy History', actionPerformed=self.saveProxyScope) self.buttonSaveSiteTreeScope = Button( 'Save In-Scope Target SiteTree', actionPerformed=self.saveSiteTreeScope) self.panel.add(self.myLabel) self.panel.add(self.buttonFile) self.panel.add(self.buttonSaveProxy) self.panel.add(self.buttonSaveSiteTree) self.panel.add(self.buttonSaveProxyScope) self.panel.add(self.buttonSaveSiteTreeScope) callbacks.customizeUiComponent(self.panel) callbacks.addSuiteTab(self)
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName("Hmac Sign 2") callbacks.registerSessionHandlingAction(self) return
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.helpers = callbacks.getHelpers() callbacks.setExtensionName("WCF viewer") callbacks.registerMessageEditorTabFactory(self) return
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName("XxeAttack") callbacks.registerHttpListener(self) self._stdout.println("Hello output")
def registerExtenderCallbacks(self, callbacks): callbacks.setExtensionName("Copy as FFUF command") stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) self.helpers = callbacks.getHelpers() self.callbacks = callbacks callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks): callbacks.setExtensionName("Copy HTTP Request & Response") stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) self.helpers = callbacks.getHelpers() self.callbacks = callbacks callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Pulse SSL VPN Arbitrary File Read Scanner") dout = PrintWriter(callbacks.getStdout(), True) derr = PrintWriter(callbacks.getStderr(), True) dout.println( "Pulse SSL VPN Arbitrary File Read Scanner | by twitter.com/0x94") callbacks.registerScannerCheck(self)
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Hack JeeCMS Sign") callbacks.registerHttpListener(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.issueAlert("Loaded Successfull.")
def registerExtenderCallbacks(self, _callbacks): global helpers, callbacks, derr, dout callbacks = _callbacks helpers = callbacks.getHelpers() callbacks.setExtensionName("Parametreci v0.1") Tara = ParametreScn() dout = PrintWriter(callbacks.getStdout(), True) derr = PrintWriter(callbacks.getStderr(), True) dout.println("Parametreci | twitter.com/0x94") callbacks.registerScannerCheck(Tara)
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks #Used to debug plugin self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.helpers = callbacks.getHelpers() callbacks.setExtensionName("Base 64 Zip Helper") #Indicate that this class contains the method to instantiate a new Message Editor Tab callbacks.registerMessageEditorTabFactory(self) return
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Xss-Sql-Fuzz") callbacks.registerHttpListener(self) callbacks.registerContextMenuFactory(self) self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.issueAlert("Loaded Successfull.")
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() #Used to debug plugin self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) # set our extension name callbacks.setExtensionName("WCF Binary Scan Insertion Point") callbacks.registerMessageEditorTabFactory(self) return
def registerExtenderCallbacks(self, callbacks): # main entry point for the extension # set our extension name callbacks.setExtensionName('BlockerLite') # register ourselves as extension state listener (IExtensionStateListener) callbacks.registerExtensionStateListener(self) # register ourselves as proxy listener (IProxyListener) callbacks.registerProxyListener(self) # keep a reference to our callbacks object self._callbacks = callbacks # get output streams in auto-flush mode self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) # create and populate the blacklist self._blacklist = set() self._blacklist.add('http://ciscobinary.openh264.org') self._blacklist.add('http://detectportal.firefox.com') self._blacklist.add('https://location.services.mozilla.com') self._blacklist.add( 'https://activity-stream-icons.services.mozilla.com') self._blacklist.add('https://shavar.services.mozilla.com') self._blacklist.add('https://versioncheck-bg.addons.mozilla.org') self._blacklist.add('https://snippets.cdn.mozilla.net') self._blacklist.add('https://getpocket.com') self._blacklist.add('https://safebrowsing.googleapis.com') self._blacklist.add('https://tiles.services.mozilla.com') self._blacklist.add('https://incoming.telemetry.mozilla.org') self._blacklist.add('https://services.addons.mozilla.org') self._blacklist.add('https://aus5.mozilla.org') self._blacklist.add('https://normandy.cdn.mozilla.net') self._blacklist.add('https://blocklists.settings.services.mozilla.com') self._blacklist.add('https://firefox.settings.services.mozilla.com') self._blacklist.add('https://redirector.gvt1.com') self._blacklist.add('https://push.services.mozilla.com') self._blacklist.add('https://content-signature-2.cdn.mozilla.net') self._blacklist.add('https://content-autofill.googleapis.com') self._blacklist.add('http://www.gstatic.com') self._blacklist.add('https://www.gstatic.com') self._blacklist.add('http://update.googleapis.com') self._blacklist.add('https://update.googleapis.com') self._blacklist.add('https://accounts.google.com') self._blacklist.add('https://www.google.com') self._blacklist.add('https://translate.googleapis.com') self._blacklist.add('https://www.google-analytics.com') self._stdout.println('Extension was loaded') self._stdout.println('Running under version ' + sys.version) return
def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName(self.EXTENSION_NAME) callbacks.issueAlert("AutoRecon is enabled") # add the custom tab to Burp's UI self.initUI() # self._newpanel.setLayout(FlowLayout()) # callbacks.customizeUiComponent(self._newpanel) callbacks.addSuiteTab(self) self.callable = [ # self.sublister, # self.shodan_search, self.certsh_search, # self.anubis, # self.googleDig, # self.censys, # self.certspotter, # self.bufferover_run, # self.urlscan, # self.otx_alienvault, # self.threatminer, # self.netcraft, # self.threatcrowd, # self.dnsdumpster, # self.virustotal, # self.ptrarchive, ] # self.callable = [self.censys] # define stdout writer self._stdout = PrintWriter(callbacks.getStdout(), True) self._stderr = PrintWriter(callbacks.getStderr(), True) self._stdout.println(self.EXTENSION_NAME + " by @bourne") self._stdout.println( "================================================") self._stdout.println( 'TIP: Right click on any domain and add it to scope in "autoRecon"' ) self._stdout.println("") self.outputTxtArea.setText( self.EXTENSION_NAME + " by @bourne" + "\n" + "================================================" + "\n" + 'TIP: Right click on any domain and add it to scope in "autoRecon"\n' ) self.context = None callbacks.registerContextMenuFactory(self) return
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.helpers = callbacks.getHelpers() callbacks.setExtensionName("Intruder WCF") callbacks.registerHttpListener(WCFIntruderListener(self)) callbacks.registerContextMenuFactory(WCFIntruderCtxMenu(self)) return
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self._callbacks.setExtensionName("Json-to-Urlencoded") self.echo("[*] @author Abdulla Ismayilov - [email protected]") self._callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() callbacks.setExtensionName("DetectSRI") callbacks.issueAlert("DetectSRI Passive Scanner check enabled") stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) callbacks.registerScannerCheck(self)
def registerExtenderCallbacks(self, callbacks): callbacks.setExtensionName("hello world extension") stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) stdout.println("hello world") stderr.println("hello error") callbacks.issueAlert("hello alert") raise RuntimeException("hello exception")
def registerExtenderCallbacks(self, callbacks): # set our extension name self.callbacks = callbacks self.callbacks.setExtensionName("OgaSazSave") self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) saveSazhandler = RightClickHandler(self.callbacks) callbacks.registerContextMenuFactory(saveSazhandler) self.stdout.println("OgaSazSave v0.9.2 Load OK!!")
def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() # Register methods for error reporting self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) self.stdout.println("Module loaded successfully!") callbacks.setExtensionName('Add Luhn check digit') callbacks.registerIntruderPayloadProcessor(self) return
def registerExtenderCallbacks(self, callbacks): # set our extension name callbacks.setExtensionName("G2 Determine Session Cookie") callbacks.registerContextMenuFactory( DetermineCookieMenuItem(callbacks)) # obtain our output and error streams stdout = PrintWriter(callbacks.getStdout(), True) stderr = PrintWriter(callbacks.getStderr(), True) # write a message to our output stream stdout.println( "G2 Determine Session Cookie - Successful Initialization")
def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.stdout = PrintWriter(callbacks.getStdout(), True) self.stderr = PrintWriter(callbacks.getStderr(), True) callbacks.setExtensionName('CSRF Handling (' + self.SETUP_NAME + ')') callbacks.registerHttpListener(self) self.CSRF_Values = dict() for i in self.CSRF_Tokens.keys(): self.CSRF_Values[i] = None if self.DEBUG: self.stdout.println('[*] Debug enabled')