def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self._lock = Lock()
# set our extension name
callbacks.setExtensionName('Demo HTTP Verb')
# obtain our output stream
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
# register ourselves as a Proxy listener
callbacks.registerProxyListener(self) # Done for now
#callbacks.registerScannerListener(self)
# AUTO ADD TO SCOPE ------- TESTING PURPOSE ONLY
#callbacks.includeInScope(URL("https://202.176.197.54"))
#callbacks.includeInScope(URL("https://stg-home.singpass.gov.sg"))
callbacks.includeInScope(URL("http://192.168.119.131"))
#self.getScanIssues()
self._stdout.println('Loaded Extension.')
self._httpVerbList = [
'POST', 'PUT', 'DELETE', 'TRACE', 'TRACK', 'CONNECT', 'PROFIND',
'PROPATCH', 'MKCOL', 'COPY', 'MOVE', 'LOCK', 'UNLOCK',
'VERSION-CONTROL', 'REPORT', 'CHECKOUT', 'CHECKIN', 'UNCHECKOUT',
'MKWORKSPACE', 'UPDATE', 'LABEL', 'MERGE', 'BASELINE-CONTROL',
'MKACTIVITY', 'ORDERPATCH', 'ACL', 'PATCH', 'SEARCH', 'ARBITARY'
]
self._httpVerbFlag = False
def registerExtenderCallbacks(self, callbacks):
"""
Pass to extensions a set of callback methods that can be used by extensions
to perform various actions within Burp.
"""
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName(TITLE)
callbacks.registerProxyListener(self)
input_file = CONFIG_FILE
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
try:
if os.path.isfile(input_file) and os.stat(input_file).st_size:
self.stdout.println('[*] reading ' + input_file)
with open(input_file, 'r') as read_file:
for config_line in read_file.read().splitlines():
try:
self.regexps.append(re.compile(config_line))
self.stdout.println(
'[*] adding {0} to blackhole list'.format(
config_line))
except:
self.stdout.println(
'[-] invalid regular expression: {0}'.format(
config_line))
else:
self.stderr.println('[-] could not read {0} from {1}'.format(
input_file, os.getcwd()))
except IOError as exception:
self.stderr.println('[-] could not read {0} ({1}'.format(
input_file, exception))
self.stdout.println('[+] {0} - version {1} loaded'.format(
TITLE, VERSION))
return
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Hello Burp")
self.panel = JPanel()
self.label = JLabel("Hello Burp")
self.buttonOutput = Button("Print to Output",
actionPerformed=self.printToOutput)
self.buttonErrors = Button("Print to Errors",
actionPerformed=self.printToErrors)
self.buttonAlerts = Button("Print to Alerts",
actionPerformed=self.printToAlerts)
self.panel.add(self.label)
self.panel.add(self.buttonOutput)
self.panel.add(self.buttonErrors)
self.panel.add(self.buttonAlerts)
callbacks.customizeUiComponent(self.panel)
callbacks.addSuiteTab(self)
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
burpInfo = callbacks.getBurpVersion()
self.stdout.println("Hello " + burpInfo[0] + " v" + burpInfo[1] + "." +
burpInfo[2] + "!")
def registerExtenderCallbacks(self, callbacks):
print "[+] #####################################"
print "[+] fakeIp for burp V1.0"
print "[+] anthor: CoolCat"
print "[+] email: [email protected]"
print "[+] gayhub:https://github.com/TheKingOfDuck"
print "[+] #####################################"
print "\n[-]fakeIp loading..."
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("fakeIp")
callbacks.registerHttpListener(self)
callbacks.registerContextMenuFactory(self)
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.issueAlert("Loaded Successfull.")
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# register ourselves as an Intruder payload generator
callbacks.registerIntruderPayloadGeneratorFactory(self)
print "[*]Successfull..."
def registerExtenderCallbacks(self, callbacks):
print "[+] #####################################"
print "[+] fakeIp for burp V1.0"
print "[+] anthor: Ae0lu5"
print "[+] email: [email protected]"
print "[+] gayhub:https://github.com/AeolusTF"
print "[+] #####################################"
print "\n[-]fakeIp loading..."
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("fakeIp")
callbacks.registerHttpListener(self)
callbacks.registerContextMenuFactory(self)
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.issueAlert("Loaded Successfull.")
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# # set our extension name
# callbacks.setExtensionName("Custom intruder payloads")
# register ourselves as an Intruder payload generator
callbacks.registerIntruderPayloadGeneratorFactory(self)
print "[*]Successfull..."
def registerExtenderCallbacks(self, callbacks):
try:
self._callbacks = callbacks
self._scanlist = []
self._scantarget = []
self.all_requests = []
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("RoboBurp")
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.registerScannerListener(self)
callbacks.registerProxyListener(self)
self._stdout.println(json.dumps({"running": 1}))
self._stdout.flush()
self.ignore_ext = [
'.woff', '.woff2', '.ttf', '.jpg', '.js', '.jpeg', '.gif',
'.png', '.xml', '.json', '.css', '.swf', 'svg', 'ico', '.cur',
'.pdf'
]
self.ignore_domain = [
'mozilla', 'api.keen.io', '*.google.com', '*.googleapis.com',
'*.gstatic.com'
]
self.scan_status_url = 'http://localhost:1111'
self.proxyDict = {
"http":
'http://localhost:{0}'.format(os.environ.get('port', 8080))
}
return
except BaseException as e:
exc_type, exc_value, exc_traceback = sys.exc_info()
status = 'Failed - {0} {1}'.format(e, exc_traceback.tb_lineno)
self._stdout.println(status)
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Register methods for error reporting
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self.stdout.println("Module loaded successfully!")
callbacks.setExtensionName('Simple Burp Intruder Payload Processor')
callbacks.registerIntruderPayloadProcessor(self)
return
def getProcessorName():
return "Capitalize Payload Process"
def processPayload(currentPayload, originalPayload, baseValue):
try:
# Data will be outputted to Burp UI by default
self.stdout.println("currentPayload: %s" % currentPayload)
newPayload = capitalize(currentPayload)
self.stdout.println("newPayload: %s" % newPayload)
except:
print "Unexpected error:", sys.exc_info()[0]
return newPayload
def capitalize(data):
# A simple function that will capitalize strings
self.stdout.println("data: %s" % data)
return data.upper()
def doActiveScan(self, baseRequestResponse, insertionPoint):
# This implements the scan, including making a request/s, receiving the responses,
# creating scan issues for relevant issues and returning them or None
# is called for each active scan, for each insertion point - filter for
stderr = PrintWriter(self.callbacks.getStderr(), True)
stdout = PrintWriter(self.callbacks.getStdout(), True)
out = None
# filter for the insertion poitns we care about
if insertionPoint.getInsertionPointName(
) == INSERTION_POINT_NAME or insertionPoint.getInsertionPointType(
) in [33, 37]:
#stderr.println('Enabled insertion point {}'.format(insertionPoint.getInsertionPointName()))
http_service = baseRequestResponse.getHttpService()
host = http_service.getHost()
port = http_service.getPort()
useHttps = http_service.getProtocol() == 'https'
parser = Parser(self.config)
payloads = parser.get_parser_output(insertionPoint.getBaseValue())
for payload in payloads:
request = insertionPoint.buildRequest(
self.helpers.stringToBytes(payload))
requestResponse = self.callbacks.makeHttpRequest(
http_service, request)
response = requestResponse.getResponse()
analysed_response = self.helpers.analyzeResponse(response)
if analysed_response.getStatusCode() == 200:
scanIssue = ScanIssue(self.callbacks, self.config,
requestResponse, payload)
if not out:
out = []
out.append(scanIssue)
#stderr.println('Finished for: {}'.format(payload))
return out
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.setExtensionName('Save URL List')
self.panel = JPanel()
self.myLabel = JLabel('Save URL List as a Text File', JLabel.CENTER)
self.buttonFile = Button('Select File',
actionPerformed=self.selectFile)
self.buttonSaveProxy = Button('Save All Proxy History',
actionPerformed=self.saveProxy)
self.buttonSaveSiteTree = Button('Save All Target SiteTree ',
actionPerformed=self.saveSiteTree)
self.buttonSaveProxyScope = Button('Save In-Scope Proxy History',
actionPerformed=self.saveProxyScope)
self.buttonSaveSiteTreeScope = Button(
'Save In-Scope Target SiteTree',
actionPerformed=self.saveSiteTreeScope)
self.panel.add(self.myLabel)
self.panel.add(self.buttonFile)
self.panel.add(self.buttonSaveProxy)
self.panel.add(self.buttonSaveSiteTree)
self.panel.add(self.buttonSaveProxyScope)
self.panel.add(self.buttonSaveSiteTreeScope)
callbacks.customizeUiComponent(self.panel)
callbacks.addSuiteTab(self)
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
stdout = PrintWriter(callbacks.getStdout(), True)
stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.setExtensionName("Hmac Sign 2")
callbacks.registerSessionHandlingAction(self)
return
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("WCF viewer")
callbacks.registerMessageEditorTabFactory(self)
return
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.setExtensionName("XxeAttack")
callbacks.registerHttpListener(self)
self._stdout.println("Hello output")
def registerExtenderCallbacks(self, callbacks):
callbacks.setExtensionName("Copy as FFUF command")
stdout = PrintWriter(callbacks.getStdout(), True)
stderr = PrintWriter(callbacks.getStderr(), True)
self.helpers = callbacks.getHelpers()
self.callbacks = callbacks
callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks):
callbacks.setExtensionName("Copy HTTP Request & Response")
stdout = PrintWriter(callbacks.getStdout(), True)
stderr = PrintWriter(callbacks.getStderr(), True)
self.helpers = callbacks.getHelpers()
self.callbacks = callbacks
callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Pulse SSL VPN Arbitrary File Read Scanner")
dout = PrintWriter(callbacks.getStdout(), True)
derr = PrintWriter(callbacks.getStderr(), True)
dout.println(
"Pulse SSL VPN Arbitrary File Read Scanner | by twitter.com/0x94")
callbacks.registerScannerCheck(self)
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Hack JeeCMS Sign")
callbacks.registerHttpListener(self)
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.issueAlert("Loaded Successfull.")
def registerExtenderCallbacks(self, _callbacks):
global helpers, callbacks, derr, dout
callbacks = _callbacks
helpers = callbacks.getHelpers()
callbacks.setExtensionName("Parametreci v0.1")
Tara = ParametreScn()
dout = PrintWriter(callbacks.getStdout(), True)
derr = PrintWriter(callbacks.getStderr(), True)
dout.println("Parametreci | twitter.com/0x94")
callbacks.registerScannerCheck(Tara)
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
#Used to debug plugin
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Base 64 Zip Helper")
#Indicate that this class contains the method to instantiate a new Message Editor Tab
callbacks.registerMessageEditorTabFactory(self)
return
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Xss-Sql-Fuzz")
callbacks.registerHttpListener(self)
callbacks.registerContextMenuFactory(self)
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.issueAlert("Loaded Successfull.")
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
#Used to debug plugin
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
# set our extension name
callbacks.setExtensionName("WCF Binary Scan Insertion Point")
callbacks.registerMessageEditorTabFactory(self)
return
def registerExtenderCallbacks(self, callbacks):
# main entry point for the extension
# set our extension name
callbacks.setExtensionName('BlockerLite')
# register ourselves as extension state listener (IExtensionStateListener)
callbacks.registerExtensionStateListener(self)
# register ourselves as proxy listener (IProxyListener)
callbacks.registerProxyListener(self)
# keep a reference to our callbacks object
self._callbacks = callbacks
# get output streams in auto-flush mode
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
# create and populate the blacklist
self._blacklist = set()
self._blacklist.add('http://ciscobinary.openh264.org')
self._blacklist.add('http://detectportal.firefox.com')
self._blacklist.add('https://location.services.mozilla.com')
self._blacklist.add(
'https://activity-stream-icons.services.mozilla.com')
self._blacklist.add('https://shavar.services.mozilla.com')
self._blacklist.add('https://versioncheck-bg.addons.mozilla.org')
self._blacklist.add('https://snippets.cdn.mozilla.net')
self._blacklist.add('https://getpocket.com')
self._blacklist.add('https://safebrowsing.googleapis.com')
self._blacklist.add('https://tiles.services.mozilla.com')
self._blacklist.add('https://incoming.telemetry.mozilla.org')
self._blacklist.add('https://services.addons.mozilla.org')
self._blacklist.add('https://aus5.mozilla.org')
self._blacklist.add('https://normandy.cdn.mozilla.net')
self._blacklist.add('https://blocklists.settings.services.mozilla.com')
self._blacklist.add('https://firefox.settings.services.mozilla.com')
self._blacklist.add('https://redirector.gvt1.com')
self._blacklist.add('https://push.services.mozilla.com')
self._blacklist.add('https://content-signature-2.cdn.mozilla.net')
self._blacklist.add('https://content-autofill.googleapis.com')
self._blacklist.add('http://www.gstatic.com')
self._blacklist.add('https://www.gstatic.com')
self._blacklist.add('http://update.googleapis.com')
self._blacklist.add('https://update.googleapis.com')
self._blacklist.add('https://accounts.google.com')
self._blacklist.add('https://www.google.com')
self._blacklist.add('https://translate.googleapis.com')
self._blacklist.add('https://www.google-analytics.com')
self._stdout.println('Extension was loaded')
self._stdout.println('Running under version ' + sys.version)
return
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName(self.EXTENSION_NAME)
callbacks.issueAlert("AutoRecon is enabled")
# add the custom tab to Burp's UI
self.initUI()
# self._newpanel.setLayout(FlowLayout())
# callbacks.customizeUiComponent(self._newpanel)
callbacks.addSuiteTab(self)
self.callable = [
# self.sublister,
# self.shodan_search,
self.certsh_search,
# self.anubis,
# self.googleDig,
# self.censys,
# self.certspotter,
# self.bufferover_run,
# self.urlscan,
# self.otx_alienvault,
# self.threatminer,
# self.netcraft,
# self.threatcrowd,
# self.dnsdumpster,
# self.virustotal,
# self.ptrarchive,
]
# self.callable = [self.censys]
# define stdout writer
self._stdout = PrintWriter(callbacks.getStdout(), True)
self._stderr = PrintWriter(callbacks.getStderr(), True)
self._stdout.println(self.EXTENSION_NAME + " by @bourne")
self._stdout.println(
"================================================")
self._stdout.println(
'TIP: Right click on any domain and add it to scope in "autoRecon"'
)
self._stdout.println("")
self.outputTxtArea.setText(
self.EXTENSION_NAME + " by @bourne" + "\n" +
"================================================" + "\n" +
'TIP: Right click on any domain and add it to scope in "autoRecon"\n'
)
self.context = None
callbacks.registerContextMenuFactory(self)
return
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Intruder WCF")
callbacks.registerHttpListener(WCFIntruderListener(self))
callbacks.registerContextMenuFactory(WCFIntruderCtxMenu(self))
return
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self._callbacks.setExtensionName("Json-to-Urlencoded")
self.echo("[*] @author Abdulla Ismayilov - [email protected]")
self._callbacks.registerContextMenuFactory(self)
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("DetectSRI")
callbacks.issueAlert("DetectSRI Passive Scanner check enabled")
stdout = PrintWriter(callbacks.getStdout(), True)
stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.registerScannerCheck(self)
def registerExtenderCallbacks(self, callbacks):
callbacks.setExtensionName("hello world extension")
stdout = PrintWriter(callbacks.getStdout(), True)
stderr = PrintWriter(callbacks.getStderr(), True)
stdout.println("hello world")
stderr.println("hello error")
callbacks.issueAlert("hello alert")
raise RuntimeException("hello exception")
def registerExtenderCallbacks(self, callbacks):
# set our extension name
self.callbacks = callbacks
self.callbacks.setExtensionName("OgaSazSave")
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
saveSazhandler = RightClickHandler(self.callbacks)
callbacks.registerContextMenuFactory(saveSazhandler)
self.stdout.println("OgaSazSave v0.9.2 Load OK!!")
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Register methods for error reporting
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
self.stdout.println("Module loaded successfully!")
callbacks.setExtensionName('Add Luhn check digit')
callbacks.registerIntruderPayloadProcessor(self)
return
def registerExtenderCallbacks(self, callbacks):
# set our extension name
callbacks.setExtensionName("G2 Determine Session Cookie")
callbacks.registerContextMenuFactory(
DetermineCookieMenuItem(callbacks))
# obtain our output and error streams
stdout = PrintWriter(callbacks.getStdout(), True)
stderr = PrintWriter(callbacks.getStderr(), True)
# write a message to our output stream
stdout.println(
"G2 Determine Session Cookie - Successful Initialization")
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
self.stdout = PrintWriter(callbacks.getStdout(), True)
self.stderr = PrintWriter(callbacks.getStderr(), True)
callbacks.setExtensionName('CSRF Handling (' + self.SETUP_NAME + ')')
callbacks.registerHttpListener(self)
self.CSRF_Values = dict()
for i in self.CSRF_Tokens.keys():
self.CSRF_Values[i] = None
if self.DEBUG:
self.stdout.println('[*] Debug enabled')
