def __init__(self): """ generated source for method __init__ """ super(HumanDetailPanel, self).__init__(GridBagLayout()) model = DefaultTableModel() model.addColumn("Legal Moves") self.moveTable = JZebraTable(model) self.selectButton = JButton(selectButtonMethod()) self.moveTextField = JTextField() self.timerBar = JTimerBar() self.selection = None self.moveTable.setShowHorizontalLines(True) self.moveTable.setShowVerticalLines(True) self.moveTextField.setEditable(False) self.add(JScrollPane(self.moveTable, ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS, ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED), GridBagConstraints(0, 0, 2, 1, 1.0, 1.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH, Insets(5, 5, 5, 5), 5, 5)) self.add(self.selectButton, GridBagConstraints(0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.HORIZONTAL, Insets(5, 5, 5, 5), 0, 0)) self.add(self.moveTextField, GridBagConstraints(1, 1, 1, 1, 1.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH, Insets(5, 5, 5, 5), 5, 5)) self.add(self.timerBar, GridBagConstraints(0, 2, 2, 1, 1.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH, Insets(5, 5, 5, 5), 5, 5))
def lstPreviewForms_change(self, event): if event.getValueIsAdjusting(): return form = self.lstPreviewForms.getSelectedValue() if form == None or form.isEmpty(): self.tableSetVisible(self.tblPreviewForm, False) return model = DefaultTableModel() model.addColumn("") for item in form: row = jarray.array((item, ), Object) model.addRow(row) self.tblPreviewForm.setModel(model) renderer = FormItemPreviewCellRenderer() renderer.setForm(form) editor = FormItemPreviewCellEditor() editor.setForm(form) model = DefaultTableColumnModel() model.addColumn(TableColumn(0, 100, renderer, editor)) self.tblPreviewForm.setColumnModel(model) self.tblPreviewForm.getTableHeader().setUI(None) self.tableSetVisible(self.tblPreviewForm, True) self.cboForms.setSelectedItem(form)
def __init__(self): """ generated source for method __init__ """ super(ConfigurableDetailPanel, self).__init__(GridBagLayout()) model = DefaultTableModel() model.addColumn("Step") model.addColumn("My Move") model.addColumn("Time spent") model.addColumn("Out of time?") self.moveTable = JZebraTable(model) self.moveTable.setShowHorizontalLines(True) self.moveTable.setShowVerticalLines(True) sidePanel = JPanel() self.memUsage = TimeSeries("Used Memory") self.memTotal = TimeSeries("Total Memory") self.memUsage.setMaximumItemCount(36000) self.memTotal.setMaximumItemCount(36000) memory = TimeSeriesCollection() memory.addSeries(self.memUsage) memory.addSeries(self.memTotal) memChart = ChartFactory.createTimeSeriesChart(None, None, "Megabytes", memory, True, True, False) memChart.setBackgroundPaint(getBackground()) memChartPanel = ChartPanel(memChart) memChartPanel.setPreferredSize(Dimension(500, 175)) sidePanel.add(memChartPanel) self.counters = HashSet() self.countersCollection = TimeSeriesCollection() counterChart = ChartFactory.createTimeSeriesChart(None, None, None, self.countersCollection, True, True, False) counterChart.getXYPlot().setRangeAxis(LogarithmicAxis("Count per 100ms")) counterChart.getXYPlot().getRangeAxis().setAutoRangeMinimumSize(1.0) counterChart.setBackgroundPaint(getBackground()) counterChartPanel = ChartPanel(counterChart) counterChartPanel.setPreferredSize(Dimension(500, 175)) sidePanel.add(counterChartPanel) self.scoreCountersCollection = TimeSeriesCollection() scoreCounterChart = ChartFactory.createTimeSeriesChart(None, None, "Score", self.scoreCountersCollection, True, True, False) scoreCounterChart.getXYPlot().getRangeAxis().setRange(0, 100) scoreCounterChart.setBackgroundPaint(getBackground()) scoreCounterChartPanel = ChartPanel(scoreCounterChart) scoreCounterChartPanel.setPreferredSize(Dimension(500, 175)) sidePanel.add(scoreCounterChartPanel) self.add(JScrollPane(self.moveTable, ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED, ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED), GridBagConstraints(0, 0, 1, 2, 1.0, 1.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH, Insets(0, 0, 0, 0), 0, 0)) self.add(sidePanel, GridBagConstraints(1, 0, 1, 1, 1.0, 1.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH, Insets(0, 0, 0, 0), 0, 0)) self.add(JButton(resetButtonMethod()), GridBagConstraints(1, 1, 1, 1, 0.0, 0.0, GridBagConstraints.SOUTHEAST, GridBagConstraints.NONE, Insets(0, 0, 0, 0), 0, 0))
def updateTable(self): model = DefaultTableModel() #self.tblMunicipalities.getModel() manager = DALLocator.getDataManager() model.addColumn("CODMUN") model.addColumn("MUN") model.addColumn("FECHA") storeParameters = manager.createStoreParameters("H2Spatial") database_file = gvsig.getResource(__file__, "data", "municipalities.mv.db") storeParameters.setDynValue("database_file", database_file) storeParameters.setDynValue("Table", "Muni") storeH2 = manager.openStore("H2Spatial", storeParameters) muns = {} for f in storeH2: if not f.get("CODMUN") in muns.keys(): muns[f.get("CODMUN")] = [f.get("MUN"), f.get("CODMUN"), ''] for k in muns.keys(): model.addRow(muns[k]) storeH2.dispose() self.tblMunicipalities.setModel(model)
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuInvocation): name = "Blind XSS_" _jTabbedPane = JTabbedPane() _jPanel = JPanel() _jAboutPanel = JPanel() _jPanelConstraints = GridBagConstraints() _jLabelParameters = None _jTextFieldParameters = None _jLabelTechniques = None _jTextFieldURL = None _jLabelFuzzFactor = None _jTextFieldFuzzFactor = None _jLabelAdditionalCmdLine = None _jTextFieldAdditionalCmdLine = None _jButtonSetCommandLine = None _jLabelAbout = None # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name self._callbacks.setExtensionName(self.name) # lists of hosts with querys self._dictPayloads = {} self._dictPayloads_headers = {} self._dictPayloads_params = {} self._dictHeaders = {} self._dictParams = {} self.status_flag = False self.table_flag = 0 self.start_button_text = 'Run proxy' self._layout = GridBagLayout() self._jPanel.setLayout(self._layout) self._jPanel.setBounds(0, 0, 1000, 1000) self._jLabelTechniques = JLabel("Your URL (my.burpcollaborator.net):") self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 1 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self._jLabelTechniques, self._jPanelConstraints) self._jTextFieldURL = JTextField("", 30) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 1 self._jPanelConstraints.gridwidth = 4 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self._jTextFieldURL, self._jPanelConstraints) self._jLabelTechniques = JLabel("Press to start:") self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.anchor = GridBagConstraints.WEST self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 0 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self._jLabelTechniques, self._jPanelConstraints) self.submitSearchButton = swing.JButton( self.start_button_text, actionPerformed=self.active_flag) self.submitSearchButton.setBackground(Color.WHITE) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 0 self._jPanelConstraints.gridwidth = 4 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 10, 0) self._jPanel.add(self.submitSearchButton, self._jPanelConstraints) self._tableModelPayloads = DefaultTableModel() self._tableModelPayloads.addColumn("Payload") self._tableModelPayloads.addColumn("Using") self._tableModelHeaders = DefaultTableModel() self._tableModelHeaders.addColumn("Header") self._tableModelHeaders.addColumn("Using") self._tableModelParams = DefaultTableModel() self._tableModelParams.addColumn("Parameter") self._tableModelParams.addColumn("Using") self._table = JTable(self._tableModelPayloads) self._table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) self._table.getModel().addTableModelListener( MyTableModelListener(self._table, self, 1)) self._scrolltable = JScrollPane(self._table) self._scrolltable.setMinimumSize(Dimension(300, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 2 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 0, 10) self._jPanel.add(self._scrolltable, self._jPanelConstraints) self._table = JTable(self._tableModelHeaders) self._table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) self._table.getModel().addTableModelListener( MyTableModelListener(self._table, self, 2)) self._scrolltable = JScrollPane(self._table) self._scrolltable.setMinimumSize(Dimension(300, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 2 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 0, 10) self._jPanel.add(self._scrolltable, self._jPanelConstraints) self._table = JTable(self._tableModelParams) self._table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) self._table.getModel().addTableModelListener( MyTableModelListener(self._table, self, 3)) self._scrolltable = JScrollPane(self._table) self._scrolltable.setMinimumSize(Dimension(300, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 4 self._jPanelConstraints.gridy = 2 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(0, 0, 0, 0) self._jPanel.add(self._scrolltable, self._jPanelConstraints) addPayloadButton = swing.JButton('Add', actionPerformed=self.addToPayload) addPayloadButton.setBackground(Color.WHITE) addPayloadButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 1 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 10) self._jPanel.add(addPayloadButton, self._jPanelConstraints) deletePayloadButton = swing.JButton( 'Delete', actionPerformed=self.deleteToPayload) deletePayloadButton.setBackground(Color.WHITE) deletePayloadButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(deletePayloadButton, self._jPanelConstraints) addHeaderButton = swing.JButton('Add', actionPerformed=self.addToHeader) addHeaderButton.setBackground(Color.WHITE) addHeaderButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 3 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 10) self._jPanel.add(addHeaderButton, self._jPanelConstraints) deleteHeaderButton = swing.JButton('Delete', actionPerformed=self.deleteToHeader) deleteHeaderButton.setBackground(Color.WHITE) deleteHeaderButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(deleteHeaderButton, self._jPanelConstraints) addParamsButton = swing.JButton('Add', actionPerformed=self.addToParams) addParamsButton.setBackground(Color.WHITE) addParamsButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 5 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(addParamsButton, self._jPanelConstraints) deleteParamsButton = swing.JButton('Delete', actionPerformed=self.deleteToParams) deleteParamsButton.setBackground(Color.WHITE) deleteParamsButton.setPreferredSize(Dimension(150, 40)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 4 self._jPanelConstraints.gridy = 3 self._jPanelConstraints.gridwidth = 1 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(deleteParamsButton, self._jPanelConstraints) self._resultsTextArea = swing.JTextArea() resultsOutput = swing.JScrollPane(self._resultsTextArea) resultsOutput.setMinimumSize(Dimension(800, 200)) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = 0 self._jPanelConstraints.gridy = 4 self._jPanelConstraints.gridwidth = 6 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(10, 0, 0, 0) self._jPanel.add(resultsOutput, self._jPanelConstraints) self.clearSearchButton = swing.JButton( 'Clear Search Output', actionPerformed=self.clearOutput) self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL # self._jPanelConstraints.anchor = GridBagConstraints.CENTER self._jPanelConstraints.gridx = 2 self._jPanelConstraints.gridy = 5 self._jPanelConstraints.gridwidth = 2 self._jPanelConstraints.gridheight = 1 self._jPanelConstraints.insets = Insets(3, 0, 0, 0) self._jPanel.add(self.clearSearchButton, self._jPanelConstraints) self._callbacks.customizeUiComponent(self._jPanel) self._callbacks.addSuiteTab(self) # register ourselves as an HTTP listener self._callbacks.registerHttpListener(self) return # def onCheck(self, event): # if self._checkBoxPayload.isSelected() and self.table_flag != 0: # self.table_flag = 0 # self._checkBoxHeader.setSelected(False) # self._checkBoxParam.setSelected(False) # if self._checkBoxHeader.isSelected() and self.table_flag != 1: # self.table_flag = 1 # self._checkBoxParam.setSelected(False) # self._checkBoxPayload.setSelected(False) # if self._checkBoxParam.isSelected() and self.table_flag != 2: # self.table_flag = 2 # self._checkBoxHeader.setSelected(False) # self._checkBoxPayload.setSelected(False) # run Query for Add to Queue Button def addToPayload(self, button): self._tableModelPayloads.insertRow( self._tableModelPayloads.getRowCount(), ['', '']) # self.appendToResults(str(self._tableModelPayloads.getDataVector())) def addToHeader(self, button): self._tableModelHeaders.insertRow( self._tableModelHeaders.getRowCount(), ['', '']) def addToParams(self, button): self._tableModelParams.insertRow(self._tableModelParams.getRowCount(), ['', '']) def deleteToPayload(self, button): self._tableModelPayloads.removeRow( self._tableModelPayloads.getRowCount() - 1) # self.appendToResults(str(self._tableModelPayloads.getDataVector())) def deleteToHeader(self, button): self._tableModelHeaders.removeRow( self._tableModelHeaders.getRowCount() - 1) # self.appendToResults(str(self._tableModelHeaders.getDataVector())) def deleteToParams(self, button): self._tableModelParams.removeRow(self._tableModelParams.getRowCount() - 1) # self.appendToResults(str(self._tableModelParams.getDataVector())) # Clear Queue Function def clearQueue(self, button): table_number = self.table_flag if table_number == 0: data = self._tableModelPayloads.getDataVector() try: self._dictPayloads.pop(data[-1][0]) except Exception: pass self._tableModelPayloads.removeRow( self._tableModelPayloads.getRowCount() - 1) elif table_number == 1: data = self._tableModelHeaders.getDataVector() try: self._dictHeaders.pop(data[-1][0]) except Exception: pass self._tableModelHeaders.removeRow( self._tableModelHeaders.getRowCount() - 1) elif table_number == 2: data = self._tableModelParams.getDataVector() try: self._dictParams.pop(data[-1][0]) except Exception: pass self._tableModelParams.removeRow( self._tableModelParams.getRowCount() - 1) def updateTables(self, button): self._dictPayloads = { x[0]: x[1] for x in self._tableModelPayloads.getDataVector() } self._dictHeaders = { x[0]: x[1] for x in self._tableModelHeaders.getDataVector() } self._dictParams = { x[0]: x[1] for x in self._tableModelParams.getDataVector() } # Clear GUI Output Function def clearOutput(self, button): self._resultsTextArea.setText("") def active_flag(self, button): if not self.status_flag: for idx, key in enumerate(self._dictHeaders): if self._dictHeaders[key] == '1': self._dictPayloads_headers[key] = self._dictHeaders[key] for idx, key in enumerate(self._dictParams): if self._dictParams[key] == '1': self._dictPayloads_params[key] = self._dictParams[key] self.status_flag = True self.submitSearchButton.setBackground(Color.GRAY) self.appendToResults("Proxy start...") elif self.status_flag: self.status_flag = False self.submitSearchButton.setBackground(Color.WHITE) self.appendToResults("Proxy stop...") def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): try: if not self.status_flag: return # only process requests if not messageIsRequest: return requestString = messageInfo.getRequest().tostring() listHeader = re.findall('([\w-]+):\s?(.*)', requestString) dictRealHeaders = {x[0].lower(): x[1] for x in listHeader} # self.appendToResults(str(self._dictHeaders)) for index, key in enumerate(self._dictPayloads_headers): if key.lower() in dictRealHeaders.keys(): if len(self._dictPayloads.keys()) == 0: pass else: payload = random.choice(self._dictPayloads.keys()) # payload = payload.replace("$HEADER$", self._jTextFieldURL.text, 1) payload = payload.replace("$URL$", self._jTextFieldURL.text, 1) requestString = requestString.replace( dictRealHeaders.get(key.lower()), payload, 1) else: pass listParam = re.findall('[\?|\&]([^=]+)\=([^& ])+', requestString) dictRealParams = {x[0].lower(): x[1] for x in listParam} url = requestString.split(" HTTP/1.") for index, key in enumerate(self._dictPayloads_params): if key.lower() in dictRealParams.keys(): if len(self._dictPayloads.keys()) == 0: pass else: payload = random.choice(self._dictPayloads.keys()) # payload = payload.replace("$PARAM$", self._jTextFieldURL.text, 1) payload = payload.replace("$URL$", self._jTextFieldURL.text, 1) url[0] = url[0].replace( dictRealParams.get(key.lower()), payload, 1) else: pass requestString = "{} HTTP/1.{}".format(url[0], url[1]) self.appendToResults(requestString.encode()) messageInfo.setRequest(requestString.encode()) except Exception as msg: self.appendToResults(msg) # Fnction to provide output to GUI def appendToResults(self, s): """Appends results to the resultsTextArea in a thread safe mannor. Results will be appended in the order that this function is called. """ def appendToResults_run(s): self._resultsTextArea.append(s) self._resultsTextArea.append('\n') swing.SwingUtilities.invokeLater(PyRunnable(appendToResults_run, s)) def getTabCaption(self): return self.name def getUiComponent(self): return self._jPanel
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IScannerCheck): name = "Femida XSS" conf_path = "./config.py" _jTabbedPane = JTabbedPane() _jPanel = JPanel() _jAboutPanel = JPanel() _jPanelConstraints = GridBagConstraints() _jLabelParameters = None _jTextFieldParameters = None _jLabelTechniques = None _jTextFieldURL = None _jLabelFuzzFactor = None _jTextFieldFuzzFactor = None _jLabelAdditionalCmdLine = None _jTextFieldAdditionalCmdLine = None _jButtonSetCommandLine = None _jLabelAbout = None _overwriteHeader = False _overwriteParam = False _forkRequestParam = False def doActiveScan(self, baseRequestResponse, insertionPoint): scan_issues = [] try: requestString = str(baseRequestResponse.getRequest().tostring()) newRequestString = self.prepareRequest(requestString) vulnerable, verifyingRequestResponse = self.quickCheckScan( newRequestString, baseRequestResponse) except Exception as msg: print(msg) return [] def quickCheckScan(self, preparedRequest, requestResponse): check = self._callbacks.makeHttpRequest( requestResponse.getHttpService(), self._helpers.stringToBytes(preparedRequest)) vulner = self._helpers.analyzeResponse( check.getResponse()).getStatusCode() == 200 return vulner, check # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self._callbacks.setExtensionName(self.name) self._callbacks.registerScannerCheck(self) self._dictPayloads = {} self._dictHeaders = {} self._dictParams = {} self.status_flag = False self.jfc = JFileChooser("./") self.jfc.setDialogTitle("Upload Payloads") self.jfc.setFileFilter(FileNameExtensionFilter("TXT file", ["txt"])) self._layout = GridBagLayout() self._jPanel.setLayout(self._layout) self._jLabelTechniques = JLabel("Press to start:") self.createAnyView(self._jLabelTechniques, 0, 0, 3, 1, Insets(0, 0, 10, 0)) self.submitSearchButton = swing.JButton( 'Run proxy', actionPerformed=self.active_flag) self.submitSearchButton.setBackground(Color.WHITE) self.createAnyView(self.submitSearchButton, 3, 0, 6, 1, Insets(0, 0, 10, 0)) self._jPanel.setBounds(0, 0, 1000, 1000) self._jLabelTechniques = JLabel("Your URL (my.burpcollaborator.net):") self.createAnyView(self._jLabelTechniques, 0, 1, 3, 1, Insets(0, 0, 10, 0)) self._jTextFieldURL = JTextField("", 30) self._jTextFieldURL.addActionListener(self.setCallbackUrl) self.createAnyView(self._jTextFieldURL, 3, 1, 5, 1, Insets(0, 0, 10, 0)) self._forkRequestButton = swing.JButton( 'Parallel Request', actionPerformed=self.forkRequest) self._forkRequestButton.setBackground(Color.WHITE) self.createAnyView(self._forkRequestButton, 8, 1, 1, 1, Insets(0, 0, 10, 0)) self._tableModelPayloads = DefaultTableModel() self._tableModelPayloads.addColumn("Payload") self._tableModelPayloads.addColumn("Active") self._tableModelHeaders = DefaultTableModel() self._tableModelHeaders.addColumn("Header") self._tableModelHeaders.addColumn("Active") self._tableModelParams = DefaultTableModel() self._tableModelParams.addColumn("Parameter") self._tableModelParams.addColumn("Active") self._payloadTable = self.createAnyTable(self._tableModelPayloads, 1, Dimension(300, 200)) self.createAnyView(self._payloadTable, 0, 2, 3, 1, Insets(0, 0, 0, 10)) self._headerTable = self.createAnyTable(self._tableModelHeaders, 2, Dimension(300, 200)) self.createAnyView(self._headerTable, 3, 2, 3, 1, Insets(0, 0, 0, 10)) self._paramTable = self.createAnyTable(self._tableModelParams, 3, Dimension(300, 200)) self.createAnyView(self._paramTable, 6, 2, 3, 1, Insets(0, 0, 0, 0)) deletePayloadButton = swing.JButton( 'Delete', actionPerformed=self.deleteToPayload) deletePayloadButton.setBackground(Color.WHITE) self.createAnyView(deletePayloadButton, 0, 3, 1, 1, Insets(3, 0, 0, 0)) deletePayloadButton = swing.JButton( 'Upload', actionPerformed=self.uploadToPayload) deletePayloadButton.setBackground(Color.WHITE) self.createAnyView(deletePayloadButton, 1, 3, 1, 1, Insets(3, 0, 0, 0)) addPayloadButton = swing.JButton('Add', actionPerformed=self.addToPayload) addPayloadButton.setBackground(Color.WHITE) self.createAnyView(addPayloadButton, 2, 3, 1, 1, Insets(3, 0, 0, 10)) deleteHeaderButton = swing.JButton('Delete', actionPerformed=self.deleteToHeader) deleteHeaderButton.setBackground(Color.WHITE) self.createAnyView(deleteHeaderButton, 3, 3, 1, 1, Insets(3, 0, 0, 0)) self._overwriteHeaderButton = swing.JButton( 'Overwrite', actionPerformed=self.overwriteHeader) self._overwriteHeaderButton.setBackground(Color.WHITE) self.createAnyView(self._overwriteHeaderButton, 4, 3, 1, 1, Insets(3, 0, 0, 0)) addHeaderButton = swing.JButton('Add', actionPerformed=self.addToHeader) addHeaderButton.setBackground(Color.WHITE) self.createAnyView(addHeaderButton, 5, 3, 1, 1, Insets(3, 0, 0, 10)) deleteParamsButton = swing.JButton('Delete', actionPerformed=self.deleteToParams) deleteParamsButton.setBackground(Color.WHITE) self.createAnyView(deleteParamsButton, 6, 3, 1, 1, Insets(3, 0, 0, 0)) self._overwriteParamButton = swing.JButton( 'Overwrite', actionPerformed=self.overwriteParam) self._overwriteParamButton.setBackground(Color.WHITE) self.createAnyView(self._overwriteParamButton, 7, 3, 1, 1, Insets(3, 0, 0, 0)) addParamsButton = swing.JButton('Add', actionPerformed=self.addToParams) addParamsButton.setBackground(Color.WHITE) self.createAnyView(addParamsButton, 8, 3, 1, 1, Insets(3, 0, 0, 0)) self._resultsTextArea = swing.JTextArea() resultsOutput = swing.JScrollPane(self._resultsTextArea) resultsOutput.setMinimumSize(Dimension(800, 200)) self.createAnyView(resultsOutput, 0, 4, 9, 1, Insets(10, 0, 0, 0)) self.clearSearchButton = swing.JButton( 'Clear Search Output', actionPerformed=self.clearOutput) self.createAnyView(self.clearSearchButton, 3, 6, 3, 1, Insets(3, 0, 0, 0)) self._callbacks.customizeUiComponent(self._jPanel) self._callbacks.addSuiteTab(self) self.starterPack() self._callbacks.registerHttpListener(self) self._callbacks.registerContextMenuFactory(self) return def createAnyTable(self, table_model, table_number, min_size): _table = JTable(table_model) _table.setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS) for i in range(2): column = _table.getColumnModel().getColumn(i) if i == 0: column.setPreferredWidth(250) else: column.setPreferredWidth(50) _scrolltable = JScrollPane(_table) _scrolltable.setMinimumSize(min_size) return _scrolltable def insertAnyTable(self, table, data): def detectTable(table): name = table.getColumnName(0) if name == 'Payloads': return 0 elif name == 'Headers': return 1 elif name == 'Parameters': return 2 tableNum = detectTable(table) new_data = [str(x) for x in data] table.insertRow(table.getRowCount(), new_data) return table.getRowCount() def replaceLine(self, file_path, new_line): from tempfile import mkstemp from shutil import move from os import fdopen, remove #Create temp file fh, abs_path = mkstemp() with fdopen(fh, 'w') as new_file: with open(file_path) as old_file: for line in old_file: a = re.findall('^Callback_url[ =]+(.+)$', line) if a: for k in a: temp = k.replace("\'", "").replace("\"", "") new_file.write(line.replace(temp, new_line)) else: new_file.write(line) #Remove original file remove(file_path) #Move new file move(abs_path, file_path) def createAnyView(self, _component, gridx, gridy, gridwidth, gridheight, insets): self._jPanelConstraints.fill = GridBagConstraints.HORIZONTAL self._jPanelConstraints.gridx = gridx self._jPanelConstraints.gridy = gridy self._jPanelConstraints.gridwidth = gridwidth self._jPanelConstraints.gridheight = gridheight self._jPanelConstraints.insets = insets self._jPanel.add(_component, self._jPanelConstraints) def createMenuItems(self, contextMenuInvocation): context = contextMenuInvocation.getInvocationContext() filterMenu = JMenu("Femida XSS") self._contextMenuData = contextMenuInvocation if (context == 0 or context == 1 or context == 2 or context == 3 or context == 8 or context == 9): filterMenu.add( JMenuItem("Add to Headers", actionPerformed=self.addToHeadersItem)) filterMenu.add( JMenuItem("Add to Parameters", actionPerformed=self.addToParametersItem)) return Arrays.asList(filterMenu) return Arrays.asList([]) def addToHeadersItem(self, event): start, end = self._contextMenuData.getSelectionBounds() message = self._contextMenuData.getSelectedMessages()[0] ctx = self._contextMenuData.getInvocationContext() if ctx == 0 or ctx == 2: message = message.getRequest() elif ctx == 1 or ctx == 3: message = message.getResponse() else: print(ctx) return try: selected_text = self._helpers.bytesToString(message)[start:end] self.insertAnyTable(self._tableModelHeaders, [str(selected_text), '1']) except Exception: pass def addToParametersItem(self, event): start, end = self._contextMenuData.getSelectionBounds() message = self._contextMenuData.getSelectedMessages()[0] ctx = self._contextMenuData.getInvocationContext() if ctx == 0 or ctx == 2: message = message.getRequest() elif ctx == 1 or ctx == 3: message = message.getResponse() else: print(ctx) return try: selected_text = self._helpers.bytesToString(message)[start:end] self.insertAnyTable(self._tableModelParams, [str(selected_text), '1']) except Exception: pass def starterPack(self): self.addFromFileAsync(config.Payloads, self._tableModelPayloads) self.addFromFileAsync(config.Headers, self._tableModelHeaders) self.addFromFileAsync(config.Parameters, self._tableModelParams) self._jTextFieldURL.setText(config.Callback_url) self._tableModelPayloads.addTableModelListener( MyTableModelListener(self._tableModelPayloads, self, self._dictPayloads, config.Payloads)) self._tableModelHeaders.addTableModelListener( MyTableModelListener(self._tableModelHeaders, self, self._dictHeaders, config.Headers)) self._tableModelParams.addTableModelListener( MyTableModelListener(self._tableModelParams, self, self._dictParams, config.Parameters)) def setCallbackUrl(self, event): self.replaceLine(self.conf_path, self._jTextFieldURL.getText()) self.appendToResults('New url={} saved.'.format( self._jTextFieldURL.getText())) def addToPayload(self, button): self.insertAnyTable(self._tableModelPayloads, ['', '1']) def addToHeader(self, button): self.insertAnyTable(self._tableModelHeaders, ['', '1']) def addToParams(self, button): self.insertAnyTable(self._tableModelParams, ['', '1']) def uploadToPayload(self, button): self._returnFileChooser = self.jfc.showDialog(None, "Open") if (self._returnFileChooser == JFileChooser.APPROVE_OPTION): selectedFile = self.jfc.getSelectedFile() self.fileUpload(selectedFile, self._tableModelPayloads) def deleteToPayload(self, button): try: val = self._tableModelPayloads.getValueAt( self._tableModelPayloads.getRowCount() - 1, 0) self._tableModelPayloads.removeRow( self._tableModelPayloads.getRowCount() - 1) self._dictPayloads.pop(val) self.saveToFileAsync(config.Payloads, self._dictPayloads) except Exception as msg: # print(msg) pass def deleteToHeader(self, button): try: val = self._tableModelHeaders.getValueAt( self._tableModelHeaders.getRowCount() - 1, 0) self._tableModelHeaders.removeRow( self._tableModelHeaders.getRowCount() - 1) self._dictHeaders.pop(val) self.saveToFileAsync(config.Headers, self._dictHeaders) except Exception as msg: # print(msg) pass def deleteToParams(self, button): try: val = self._tableModelParams.getValueAt( self._tableModelParams.getRowCount() - 1, 0) self._tableModelParams.removeRow( self._tableModelParams.getRowCount() - 1) self._dictParams.pop(val) self.saveToFileAsync(config.Parameters, self._dictParams) except Exception as msg: # print(msg) pass def clearOutput(self, button): self._resultsTextArea.setText("") def fileUpload(self, path, table): with open(str(path), "r") as f: for line in f: self.insertAnyTable(table, [str(line), '1']) def active_flag(self, button): if not self.status_flag: self.status_flag = True self.submitSearchButton.setBackground(Color.GRAY) self.appendToResults("Proxy start...\n") else: self.status_flag = False self.submitSearchButton.setBackground(Color.WHITE) self.appendToResults("Proxy stop...\n") def overwriteHeader(self, button): if not self._overwriteHeader: self._overwriteHeader = True self._overwriteHeaderButton.setBackground(Color.GRAY) else: self._overwriteHeader = False self._overwriteHeaderButton.setBackground(Color.WHITE) def overwriteParam(self, button): if not self._overwriteParam: self._overwriteParam = True self._overwriteParamButton.setBackground(Color.GRAY) else: self._overwriteParam = False self._overwriteParamButton.setBackground(Color.WHITE) def forkRequest(self, button): if not self._forkRequestParam: self._forkRequestParam = True self._forkRequestButton.setBackground(Color.GRAY) else: self._forkRequestParam = False self._forkRequestButton.setBackground(Color.WHITE) def prepareRequest(self, requestString, messageInfo=None): requestString = str(requestString) listHeader = re.findall('([\w-]+):\s?(.*)', requestString) dictRealHeaders = {x[0].lower(): x[1] for x in listHeader} selectedPayloads = {} for ind, k in enumerate(self._dictPayloads): if self._dictPayloads[k] == '1': selectedPayloads[k] = '1' else: continue for index, key in enumerate(self._dictHeaders): if key.lower() in dictRealHeaders.keys( ) and self._dictHeaders[key] == '1': if len(self._dictPayloads.keys()) == 0: pass elif self._overwriteHeader: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) requestString = requestString.replace( dictRealHeaders.get(key.lower()), payload, 1) elif not self._overwriteHeader: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) payload = dictRealHeaders.get(key.lower()) + payload requestString = requestString.replace( dictRealHeaders.get(key.lower()), payload, 1) else: pass for index, key in enumerate(self._dictParams): analyzed = self._helpers.analyzeRequest(requestString.encode()) param = analyzed.getParameters() dictRealParams = { x.getName().lower(): [x.getValue(), x.getValueStart(), x.getValueEnd()] for x in param } if key.lower() in dictRealParams.keys( ) and self._dictParams[key] == '1': if len(self._dictPayloads.keys()) == 0: pass elif self._overwriteParam: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) start_word = dictRealParams[key.lower()][1] end_word = dictRealParams[key.lower()][2] requestString = requestString[: start_word] + payload + requestString[ end_word:] elif not self._overwriteParam: payload = random.choice(selectedPayloads.keys()) payload = payload.replace(r"{URL}", self._jTextFieldURL.getText(), 1) payload = dictRealParams[key.lower()][0] + payload start_word = dictRealParams[key.lower()][1] end_word = dictRealParams[key.lower()][2] requestString = requestString[: start_word] + payload + requestString[ end_word:] else: pass return requestString def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if not self.status_flag: return # only process requests if not messageIsRequest: return if self._forkRequestParam: requestString = messageInfo.getRequest().tostring() # SOOOO HARD FIX! It should be better if requestString[0] == '@': messageInfo.setRequest( self._helpers.stringToBytes(requestString[1:])) else: newRequestString = self.prepareRequest(requestString, messageInfo) self.appendToResults('Parallel Request:') self.appendToResults(newRequestString.encode()) newRequestString = '@' + newRequestString func = self._callbacks.makeHttpRequest thread = Thread( target=func, args=(messageInfo.getHttpService(), self._helpers.stringToBytes(newRequestString))) thread.start() else: requestString = messageInfo.getRequest().tostring() newRequestString = self.prepareRequest(requestString, messageInfo) self.appendToResults(newRequestString.encode()) messageInfo.setRequest( self._helpers.stringToBytes(newRequestString)) # Fnction to provide output to GUI def appendToResults(self, s): def appendToResults_run(s): self._resultsTextArea.append(s) self._resultsTextArea.append('\n') swing.SwingUtilities.invokeLater( PyRunnable(appendToResults_run, str(s))) def addFromFileAsync(self, file, table): def addFromFile_run(file, table): if os.path.exists(file): with open(file, 'r') as f: for row in f.readlines(): if row != '': temp = row[:-1] if row[-1] == '\n' else row self.insertAnyTable(table, [str(temp), '1']) swing.SwingUtilities.invokeLater( PyRunnable(addFromFile_run, file, table)) def saveToFileAsync(self, file, data, isAppend=False): def saveToFile_run(file, data, isAppend): isAppend = 'w' with open(file, isAppend) as f: for i, k in enumerate(data): f.write("{}\n".format(k)) f.seek(-1, os.SEEK_END) f.truncate() swing.SwingUtilities.invokeLater( PyRunnable(saveToFile_run, file, data, isAppend)) def getTabCaption(self): return self.name def getUiComponent(self): return self._jPanel