class Tablas_Caracteres_Especiales(JFrame):
def __init__(self):
super(Tablas_Caracteres_Especiales, self).__init__()
self.window()
def window(self):
self.setTitle("Tablas Caracteres")
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLayout(None)
self.setLocationRelativeTo(None)
self.setVisible(True)
def config():
self.barra = JScrollPane()
self.Tab_Caracteres_Especiales = JTable()
nombre = ["nombre", "apeM", "apeP"]
datos = ["victor", "esau", "cholo"]
self.Tab_Caracteres_Especiales = JTable(datos, nombre)
self.Tab_Caracteres_Especiales.addRow(datos)
# self.Tab_Caracteres_Especiales.setFont(Font("Tahoma", 0, 14)); # NOI18N
self.barra.setViewportView(self.Tab_Caracteres_Especiales)
#TODO: imcompleto se nesita una array y python maneja listas :(
self.getContentPane().add(self.barra)
self.barra.setBounds(0, 0, 929, 574)
self.setBounds(0, 0, 939, 604)
def getTextArea(self):
"""
Creates a scrollable textarea
"""
textarea = JTextArea()
textarea.setBounds(180, 50, 800, 240)
scrollPane = JScrollPane(textarea)
scrollPane.setBounds(180, 50, 800, 240)
return scrollPane
def buildReplacementRules(self, state, callbacks):
"""
Builds the replacement rules section in the configuration page
"""
rules = JPanel()
rules.setLayout(None)
rules.setMaximumSize(Dimension(self.CONFIG_PAGE_WIDTH, 300))
title = self.getTitle("Replacement Rules", 20, 10)
add = self.getButton("Add", 20, 50)
add.addActionListener(self.callbacks.addButtonClicked)
edit = self.getButton("Edit", 20, 90)
edit.addActionListener(self.callbacks.editButtonClicked)
delete = self.getButton("Delete", 20, 130)
delete.addActionListener(self.callbacks.deleteButtonClicked)
table = Table(state.replacementRuleTableModel)
tableView = JScrollPane(table)
tableView.setBounds(180, 50, 800, 240)
rules.add(title)
rules.add(add)
rules.add(edit)
rules.add(delete)
rules.add(tableView)
try:
storedReplacementRules = callbacks.loadExtensionSetting(
"replacementRules")
if storedReplacementRules:
state.replacementRuleTableModel.importJsonRules(
storedReplacementRules)
else:
log("No replacement rules stored.")
except (ValueError, KeyError):
log("Invalid replacement rules stored. Ignoring.")
pass
return rules
def configTab(self):
Config = JLabel("Config")
self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop)
self.startButton.setBounds(40, 30, 200, 30)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(40, 80, 200, 30)
self.xsscheck = JCheckBox("Detect XSS")
self.xsscheck.setSelected(True)
self.xsscheck.setBounds(40, 110, 200, 30)
self.sqlicheck = JCheckBox("Detect SQLi")
self.sqlicheck.setSelected(True)
self.sqlicheck.setBounds(40, 140, 200, 30)
self.ssticheck = JCheckBox("Detect SSTI")
self.ssticheck.setSelected(True)
self.ssticheck.setBounds(40, 170, 200, 30)
self.blindxss = JCheckBox("Blind XSS")
self.blindxss.setBounds(40, 200, 200, 30)
self.BlindXSSText = JTextArea("", 5, 30)
scrollbxssText = JScrollPane(self.BlindXSSText)
scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollbxssText.setBounds(40, 250, 400, 110)
self.configtab = JPanel()
self.configtab.setLayout(None)
self.configtab.setBounds(0, 0, 300, 300)
self.configtab.add(Config)
self.configtab.add(self.startButton)
self.configtab.add(self.autoScroll)
self.configtab.add(self.xsscheck)
self.configtab.add(self.sqlicheck)
self.configtab.add(self.ssticheck)
self.configtab.add(self.blindxss)
self.configtab.add(scrollbxssText)
class GUI(Helpers):
def gui(self):
x = 10 # panel padding
y = 5 # panel padding
self.panel = Panel()
self.panel.setLayout(None)
self.scn_lbl = JLabel("Enable scanning")
self.scn_lbl.setBounds(x, y, 100, 20)
self.panel.add(self.scn_lbl)
self.enable = JCheckBox()
self.enable.setBounds(x + 120, y, 50, 20)
self.panel.add(self.enable)
self.rand_lbl = JLabel("Randomize payloads")
self.rand_lbl.setBounds(x, y + 15, 100, 20)
self.panel.add(self.rand_lbl)
self.randomize = JCheckBox()
self.randomize.setBounds(x + 120, y + 15, 50, 20)
self.panel.add(self.randomize)
self.pyld_lbl = JLabel("Payloads List (Line separated)")
self.pyld_lbl.setBounds(x, y + 30, 180, 20)
self.panel.add(self.pyld_lbl)
self.payloads_list = JTextArea()
self.pyld_scrl = JScrollPane(self.payloads_list)
self.pyld_scrl.setBounds(x, y + 50, 600, 200)
self.panel.add(self.pyld_scrl)
self.save_btn = JButton("Save", actionPerformed=self.save_settings)
self.save_btn.setBounds(x, y + 250, 100, 30)
self.panel.add(self.save_btn)
# Settings loader from [utils/Helpers/load_settings]
self.load_settings()
return self
def output(self, value):
eingabe = value.getString()
if eingabe == "Lexikon":
# Falls "Lexikon" an den Clienten übergeben wird, wird die GUI geöffnet,
# in der man deutsche Wörter eingeben kann, die einem dann auf Englisch
# vorgelesen werden.
def change_text(event):
text = feld.getText()
x = suche(text)
self.send(x)
frame.visible = False
frame = JFrame(
'Woerterbuch',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(380, 350),
)
frame.setLayout(None)
frame.visible = True
hintergrund = ImageIcon("Hintergrund.jpg")
hintergrundlabel = JLabel(hintergrund)
frame.setContentPane(hintergrundlabel)
uebersetzerlabel = JLabel()
uebersetzerlabel.setForeground(Color(025, 025, 112))
uebersetzerlabel.setText(
"<html><font size=+1>Welches Wort soll ich uebersetzen?</font></html>"
)
uebersetzerlabel.setBounds(10, 20, 500, 50)
frame.add(uebersetzerlabel)
feld = JTextField()
feld.setText("")
feld.setBounds(20, 80, 300, 25)
frame.add(feld)
button = JButton('Uebersetzen',
actionPerformed=change_text,
size=(10, 20))
button.setBounds(20, 110, 300, 30)
frame.add(button)
if eingabe == "neue Lektion":
# Falls dem Clienten "neue Lektion" übergeben wird, öffnet er er die
# GUI für das Verwalten der Lektionen
frame = JFrame('Lektion erstellen',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(1000, 1000))
frame.setLayout(None)
def auflisten_in(ort):
font = Font("Verdana", Font.BOLD, 15)
liste_mit_Lektionen = []
with open(pfad, "r") as f:
for line in f:
liste_mit_Lektionen.append(line.strip())
liste_mit_Lektionen.sort()
text = ""
for lektion in liste_mit_Lektionen:
text += lektion
text += "\n"
ort.setText(text)
ort.setFont(font)
frame.setLayout(None)
uebersichtLabel = JLabel()
def uebersetzen(event):
frage = feld_frage.getText()
x = suche(frage)
feld_frage.setText(x)
liste = []
with open(pfad, "r") as lektionen:
for lektion in lektionen:
if "nachgeschlagen" in lektion:
liste.append(lektion)
if liste:
name = liste[-1]
words = []
sql = "SELECT deutsch, englisch, symbol FROM " + name
zeile = stmt.executeQuery(sql)
while zeile.next():
d = zeile.getString("deutsch")
e = zeile.getString("englisch")
symb = zeile.getString("symbol")
words.append((d, e, symb))
if len(words) < 50:
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, frage)
pstmt.setString(2, x)
pstmt.setString(3, "X")
pstmt.executeUpdate()
else:
namensteile = name.split("_")
nummer = int(namensteile[1].strip()) + 1
name = "nachgeschlagen_" + str(nummer)
test = ""
with open(pfad, "r") as f:
for line in f:
test += line
if not name in test:
with open(pfad, "a") as f:
f.write(name + "\n")
sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);"
stmt.execute(sql)
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, frage)
pstmt.setString(2, x)
pstmt.setString(3, "X")
pstmt.executeUpdate()
else:
name = "nachgeschlagen_1"
test = ""
with open(pfad, "r") as f:
for line in f:
test += line
if not name in test:
with open(pfad, "a") as f:
f.write(name + "\n")
sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);"
stmt.execute(sql)
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, frage)
pstmt.setString(2, x)
pstmt.setString(3, "X")
pstmt.executeUpdate()
auflisten_in(uebersicht)
def delete(event):
name = feld.getText()
print name
print self.geladen
if name == self.geladen:
count = 0
while tabelle.getValueAt(count, 0) != None:
tabelle.setValueAt(None, count, 0)
tabelle.setValueAt(None, count, 1)
count += 1
stmt.execute("DROP TABLE " + name + ";")
lektionen = []
with open(pfad, "r") as f:
for line in f:
lektion = line.strip()
if not name == lektion:
lektionen.append(lektion)
with open(pfad, "w") as f:
for lektion in lektionen:
f.write(lektion + "\n")
auflisten_in(uebersicht)
def laden(event):
name = feld.getText()
self.geladen = name
sql = "SELECT deutsch, englisch FROM " + name
results = stmt.executeQuery(sql)
count = 0
while results.next():
d = results.getString("deutsch")
e = results.getString("englisch")
tabelle.setValueAt(d, count, 0)
tabelle.setValueAt(e, count, 1)
count += 1
while tabelle.getValueAt(count, 0) != None:
tabelle.setValueAt(None, count, 0)
tabelle.setValueAt(None, count, 1)
count += 1
def erstelle_Lektionstabelle(event):
reihen = []
for i in range(0, 50):
deutsch = tabelle.getValueAt(i, 0)
englisch = tabelle.getValueAt(i, 1)
if deutsch != None:
symbol = "X"
reihen.append([deutsch, englisch, symbol])
else:
break
z = 0
name = feld.getText()
sql = "CREATE TABLE " + name + " (deutsch text, englisch text, symbol text);"
try:
stmt.execute(sql)
except SQLError:
stmt.execute("DROP TABLE " + name + ";")
stmt.execute(sql)
for reihe in reihen:
print(reihe)
deutsch = reihe[0]
englisch = reihe[1]
symbol = reihe[2]
sql = "INSERT INTO " + name + " (deutsch, englisch, symbol) VALUES(?,?,?);"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, deutsch)
pstmt.setString(2, englisch)
pstmt.setString(3, symbol)
pstmt.executeUpdate()
test = ""
with open(pfad, "r") as f:
for line in f:
test += line
if not name in test:
with open(pfad, "a") as f:
f.write(name + "\n")
self.send(name)
frame.setVisible(False)
frame = JFrame('Vokabel Listen',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(1000, 1000))
frame.setLayout(None)
label_enter = JLabel()
label_enter.setText(
"<html><font size=+0.5 color = 000000>Bitte vor dem Speichern<br>die Entertaste bedienen</font></html>"
)
label_enter.setBounds(20, 720, 250, 50)
uebersichtLabel = JLabel()
uebersichtLabel.setText(
"<html><font size=+1 color=#191970>Bereits vorhandene Lektionen:</font></html>"
)
uebersichtLabel.setBounds(450, 230, 250, 50)
uebersicht = JTextArea()
uebersicht.editable = False
uebersicht_scroll = JScrollPane(uebersicht)
uebersicht_scroll.viewport.view = uebersicht
uebersicht_scroll.setBounds(450, 300, 250, 380)
auflisten_in(uebersicht)
button = JButton('Lektion speichern/Lektion reseten',
actionPerformed=erstelle_Lektionstabelle,
size=(10, 20))
button.setBounds(20, 700, 300, 30)
button_laden = JButton('vorhandene Lektion laden',
actionPerformed=laden,
size=(10, 20))
button_laden.setBounds(20, 110, 210, 30)
button_delete = JButton("Lektion entfernen",
actionPerformed=delete)
button_delete.setBounds(20, 140, 210, 30)
hintergrund = ImageIcon("Hintergrund.jpg")
pnl = JPanel()
hintergrundlabel = JLabel(hintergrund)
frame.setContentPane(hintergrundlabel)
lektionsnamensLabel = JLabel()
lektionsnamensLabel.setForeground(Color(025, 025, 112))
lektionsnamensLabel.setText(
"<html><font size=+1>Hier bitte Namen der Lektion eingeben<br>(Nur ein Wort lang)</font></html>"
)
lektionsnamensLabel.setBounds(10, 20, 500, 50)
frame.add(lektionsnamensLabel)
feld = JTextField()
feld.setText("")
feld.setBounds(20, 80, 210, 25)
frame.add(feld)
column_names = [
"<html><font size=+1 color=#191970><b>Deutsch</b></font></html>",
"<html><font size=+1 color=#191970><b>Englisch</b></font></html>"
]
table_model = DefaultTableModel(column_names, 50)
tabelle = JTable(table_model)
lektionsnamensLabel.setForeground(Color(025, 025, 112))
scrollbar = JScrollPane(tabelle)
scrollbar.viewport.view = tabelle
scrollbar.setVerticalScrollBarPolicy(
scrollbar.VERTICAL_SCROLLBAR_ALWAYS)
scrollbar.setVisible(True)
tabelle.setVisible(True)
scrollbar.setBounds(20, 190, 300, 490)
feld_frage = JTextField()
feld_frage.setText("")
feld_frage.setBounds(450, 30, 300, 50)
uebersetzerlabel = JLabel()
uebersetzerlabel.setForeground(Color(025, 025, 112))
uebersetzerlabel.setText(
"<html><font size=+1>Hier kannst Du ein deutsches Wort eintragen,<br>dass ich fuer Dich nachschlage</font></html>"
)
uebersetzerlabel.setBounds(450, 80, 500, 50)
button_uebersetzen = JButton('Uebersetzen',
actionPerformed=uebersetzen,
size=(10, 20))
button_uebersetzen.setBounds(450, 130, 300, 30)
frame.add(button_uebersetzen)
frame.add(uebersetzerlabel)
frame.add(feld_frage)
frame.add(feld)
frame.add(scrollbar)
frame.add(button)
frame.add(button_laden)
frame.setVisible(True)
frame.add(uebersicht_scroll)
frame.add(uebersichtLabel)
frame.add(button_delete)
frame.add(label_enter)
elif eingabe == "alle Lektionen auflisten":
# Hier erstellt der Client eine dynamische Grammatik
# mit den vorhandenen Lektionen, die man sich abfragen lassen kann
# und gibt diese wieder an DialogOS zurück.
# Außerdem wird der Feedback Frame geöffnet.
def auflisten_in2(ort):
font = Font("Verdana", Font.BOLD, 15)
liste_mit_Lektionen = []
with open(pfad, "r") as f:
for line in f:
liste_mit_Lektionen.append(line.strip())
liste_mit_Lektionen.sort()
text = ""
for lektion in liste_mit_Lektionen:
text += lektion
text += "\n"
ort.setText(text)
ort.setFont(font)
frame_feedback.setVisible(True)
auflisten_in2(uebersicht2)
grammatik = ""
grammatik = "root $NamevonLektion;\n"
grammatik += "$NamevonLektion = "
with open(pfad, "r") as f:
z = 0
for line in f:
if z == 0:
if not "_" in line:
grammatik += line
else:
zeile = line.split("_")
grammatik += zeile[0] + " "
grammatik += zeile[1].strip()
else:
if not "_" in line:
grammatik += "|" + line
else:
zeile = line.split("_")
grammatik += "|" + zeile[0] + " "
grammatik += zeile[1].strip()
if line != "\n":
z += 1
grammatik += ";"
self.send(grammatik)
elif "sende" in eingabe:
# DialogOS sagt dem Clienten, welche Lektion der User abgefragt
# werden möchte. Der Client ließt dann die entsprechende Lektion
# aus der Datenbank aus und gibt eine Liste mit 2 Listen zurück.
# In der ersten Liste befinden sich die deutschen Bedeutungen, der
# noch nicht gewussten Wörter, in der 2. Liste die englsichen Bedeutungen.
# Falls alle Wörter bereits gekonnt wurden, wird stattdessen eine entsprechende
# Anmerkung an DialogOS geschickt und DialogOS informiert den User darüber.
z = 0
if "nachgeschlagen" in eingabe:
bestandteile = eingabe.split()
name = bestandteile[1] + "_" + bestandteile[2]
else:
name = eingabe.split()[1]
sql = "SELECT deutsch, englisch, symbol FROM " + name
vokabelliste = stmt.executeQuery(sql)
deutsch = []
englisch = []
symbol = []
while (vokabelliste.next()):
deutsch.append(vokabelliste.getString("deutsch"))
englisch.append(vokabelliste.getString("englisch"))
symbol.append(vokabelliste.getString("symbol"))
indices = range(0, len(deutsch))
random.shuffle(indices)
vokabeln = [[], []]
for index in indices:
d = deutsch[index]
e = englisch[index]
s = symbol[index]
if s == "X":
vokabeln[0].append(d)
vokabeln[1].append(e)
if vokabeln[0]:
self.send(vokabeln)
else:
self.send([
"Du kannst diese Lektion schon komplett. Wenn Du sie wieder abgefragt werden willst, resete sie bitte unter Wokabeln verwalten."
])
else:
# Dieser Teil des Codes wird während der Abfrage ausgeführt.
# Nach jeder neuen Vokabel wird dann in ein Feld im Feedback
# Frame die deutsche, die englische Vokabel und ein Symbol angezeigt,
# welches einen darüber informiert, ob man die Vokabel wusste, oder nicht.
# (O für gewusst und X für nicht gewusst)
nametext = eingabe.split(":")
name = nametext[0]
text = nametext[1]
feld_feedback.setText(text)
zeilen = text.split("\n")
symb = zeilen[-2].split("\t")[-1]
d = zeilen[-2].split("\t")[-3]
print d
sql = "UPDATE " + name + " SET symbol = ? WHERE deutsch = ?"
pstmt = conn.prepareStatement(sql)
pstmt.setString(1, symb)
pstmt.setString(2, d)
pstmt.executeUpdate()
frame_feedback.setVisible(False)
frame_feedback = JFrame('Abfrage',
defaultCloseOperation=JFrame.EXIT_ON_CLOSE,
size=(1000, 1000))
frame_feedback.setLayout(None)
uebersichtLabel2 = JLabel()
uebersichtLabel2.setText(
"<html><font size=+1 color=#191970>vorhandene Lektionen:</font></html>")
uebersichtLabel2.setBounds(450, 200, 250, 50)
uebersicht2 = JTextArea()
uebersicht2.editable = False
uebersicht_scroll2 = JScrollPane(uebersicht2)
uebersicht_scroll2.viewport.view = uebersicht2
uebersicht_scroll2.setBounds(450, 250, 250, 410)
feld_feedback = JTextArea()
feld_feedback.editable = False
feld_feedback.setBounds(50, 50, 300, 600)
button_close = JButton('close window', actionPerformed=close2)
button_close.setBounds(50, 650, 300, 30)
hintergrund2 = ImageIcon("Hintergrund.jpg")
pnl2 = JPanel()
hintergrundlabel2 = JLabel(hintergrund2)
frame_feedback.setContentPane(hintergrundlabel2)
frame_feedback.add(button_close)
frame_feedback.add(uebersicht_scroll2)
frame_feedback.add(uebersichtLabel2)
frame_feedback.add(feld_feedback)
frame_feedback.setVisible(False)
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Otter")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane for log entries and request/response viewing
self._settingPanel = JPanel()
self._logPane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# setup settings pane ui
self._settingPanel.setBounds(0,0,1000,1000)
self._settingPanel.setLayout(None)
self._isRegexp = JCheckBox("Use regexp for matching.")
self._isRegexp.setBounds(10, 10, 220, 20)
matchLabel = JLabel("String to Match:")
matchLabel.setBounds(10, 40, 200, 20)
self._matchString = JTextArea("User 1 Session Information")
self._matchString.setWrapStyleWord(True)
self._matchString.setLineWrap(True)
matchString = JScrollPane(self._matchString)
matchString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
matchString.setBounds(10, 60, 400, 200)
replaceLabel = JLabel("String to Replace:")
replaceLabel.setBounds(10, 270, 200, 20)
self._replaceString = JTextArea("User 2 Session Information")
self._replaceString.setWrapStyleWord(True)
self._replaceString.setLineWrap(True)
replaceString = JScrollPane(self._replaceString)
replaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
replaceString.setBounds(10, 290, 400, 200)
self._settingPanel.add(self._isRegexp)
self._settingPanel.add(matchLabel)
self._settingPanel.add(matchString)
self._settingPanel.add(replaceLabel)
self._settingPanel.add(replaceString)
# table of log entries
logTable = Table(self)
logTable.getColumnModel().getColumn(0).setPreferredWidth(700)
logTable.getColumnModel().getColumn(1).setPreferredWidth(150)
logTable.getColumnModel().getColumn(2).setPreferredWidth(100)
logTable.getColumnModel().getColumn(3).setPreferredWidth(130)
logTable.getColumnModel().getColumn(4).setPreferredWidth(100)
logTable.getColumnModel().getColumn(5).setPreferredWidth(130)
scrollPane = JScrollPane(logTable)
self._logPane.setLeftComponent(scrollPane)
# tabs with request/response viewers
logTabs = JTabbedPane()
self._origRequestViewer = callbacks.createMessageEditor(self, False)
self._origResponseViewer = callbacks.createMessageEditor(self, False)
self._modRequestViewer = callbacks.createMessageEditor(self, False)
self._modResponseViewer = callbacks.createMessageEditor(self, False)
logTabs.addTab("Original Request", self._origRequestViewer.getComponent())
logTabs.addTab("Original Response", self._origResponseViewer.getComponent())
logTabs.addTab("Modified Request", self._modRequestViewer.getComponent())
logTabs.addTab("Modified Response", self._modResponseViewer.getComponent())
self._logPane.setRightComponent(logTabs)
# top most tab interface that seperates log entries from settings
maintabs = JTabbedPane()
maintabs.addTab("Log Entries", self._logPane)
maintabs.addTab("Settings", self._settingPanel)
self._maintabs = maintabs
# customize the UI components
callbacks.customizeUiComponent(maintabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
def draw(self):
""" init the match/replace tab
"""
#todo add an option to ignore large requests
padding = 5
labelWidth = 140
labelHeight = 30
editHeight = 110
editWidth = 300
buttonWidth = 120
buttonHeight = 30
column1X = 10
column2X = column1X + labelWidth + padding
column3X = column2X + editWidth + padding
MRStrings = [
"Headers (simple string):", "Headers (regex):",
"Body (simple string):", "Body (regex):"
]
row1Y = 10
row2Y = row1Y + labelHeight + padding
row3Y = row2Y + editHeight + padding
row4Y = row3Y + editHeight + padding
row5Y = row4Y + labelHeight + padding
row6Y = row5Y + buttonHeight + padding
MRTypeLabel = JLabel("Type:")
MRTypeLabel.setBounds(column1X, row1Y, labelWidth, labelHeight)
MContent = JLabel("Match:")
MContent.setBounds(column1X, row2Y, labelWidth, labelHeight)
RContent = JLabel("Replace:")
RContent.setBounds(column1X, row3Y, labelWidth, labelHeight)
MRLabelList = JLabel("Filter List:")
MRLabelList.setBounds(column1X, row5Y, labelWidth, labelHeight)
self._extender.MRType = JComboBox(MRStrings)
self._extender.MRType.setBounds(column2X, row1Y, editWidth,
labelHeight)
self._extender.MText = JTextArea("", 5, 30)
scrollMText = JScrollPane(self._extender.MText)
scrollMText.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollMText.setBounds(column2X, row2Y, editWidth, editHeight)
self._extender.RText = JTextArea("", 5, 30)
scrollRText = JScrollPane(self._extender.RText)
scrollRText.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollRText.setBounds(column2X, row3Y, editWidth, editHeight)
# i couldn't figure out how to have a model that contained anythin other than a string
# so i'll use 2 models, one with the data and one for the JList
self._extender.badProgrammerMRModel = {}
self._extender.MRModel = DefaultListModel()
self._extender.MRList = JList(self._extender.MRModel)
scrollMRList = JScrollPane(self._extender.MRList)
scrollMRList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollMRList.setBounds(column2X, row5Y, editWidth, editHeight)
scrollMRList.setBorder(LineBorder(Color.BLACK))
self._extender.MRAdd = JButton("Add filter",
actionPerformed=self.addMRFilter)
self._extender.MRAdd.setBounds(column2X, row4Y, buttonWidth,
buttonHeight)
self._extender.MRDel = JButton("Remove filter",
actionPerformed=self.delMRFilter)
self._extender.MRDel.setBounds(column3X, row5Y, buttonWidth,
buttonHeight)
self._extender.MRMod = JButton("Modify filter",
actionPerformed=self.modMRFilter)
self._extender.MRMod.setBounds(column3X,
row5Y + buttonHeight + padding,
buttonWidth, buttonHeight)
self._extender.MRFeedback = JLabel("")
self._extender.MRFeedback.setBounds(column1X, row6Y,
column3X + buttonWidth,
labelHeight)
self._extender.MRPnl = JPanel()
self._extender.MRPnl.setLayout(None)
self._extender.MRPnl.setBounds(0, 0, 1000, 1000)
self._extender.MRPnl.add(MRTypeLabel)
self._extender.MRPnl.add(self._extender.MRType)
self._extender.MRPnl.add(MContent)
self._extender.MRPnl.add(scrollMText)
self._extender.MRPnl.add(RContent)
self._extender.MRPnl.add(scrollRText)
self._extender.MRPnl.add(self._extender.MRAdd)
self._extender.MRPnl.add(MRLabelList)
self._extender.MRPnl.add(scrollMRList)
self._extender.MRPnl.add(self._extender.MRDel)
self._extender.MRPnl.add(self._extender.MRMod)
self._extender.MRPnl.add(self._extender.MRFeedback)
def initProjSettingsTab(self):
# init project settings
projNameLabel = JLabel("Name:")
projNameLabel.setBounds(10, 50, 140, 30)
self.projName = JTextField("")
self.projName.setBounds(140, 50, 320, 30)
self.projName.getDocument().addDocumentListener(projTextChanged(self))
detailsLabel = JLabel("Details:")
detailsLabel.setBounds(10, 120, 140, 30)
reportLabel = JLabel("Generate Report:")
reportLabel.setBounds(10, 375, 140, 30)
types = ["DOCX","HTML","XLSX"]
self.reportType = JComboBox(types)
self.reportType.setBounds(10, 400, 140, 30)
generateReportButton = JButton("Generate", actionPerformed=self.generateReport)
generateReportButton.setBounds(160, 400, 90, 30)
self.projDetails = JTextArea("", 5, 30)
self.projDetails.setWrapStyleWord(True);
self.projDetails.setLineWrap(True)
projDetailsScroll = JScrollPane(self.projDetails)
projDetailsScroll.setBounds(10, 150, 450, 175)
projDetailsScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
projPathLabel = JLabel("Path:")
projPathLabel.setBounds(10, 90, 140, 30)
self.projPath = JTextField("")
self.projPath.setBounds(140, 90, 320, 30)
chooseProjPathButton = JButton("Browse...",actionPerformed=self.chooseProjPath)
chooseProjPathButton.setBounds(470, 90, 100, 30)
importProjButton = JButton("Import",actionPerformed=self.importProj)
importProjButton.setBounds(470, 10, 100, 30)
exportProjButton = JButton("Export",actionPerformed=self.exportProj)
exportProjButton.setBounds(575, 10, 100, 30)
openProjButton = JButton("Open Directory",actionPerformed=self.openProj)
openProjButton.setBounds(680, 10, 130, 30)
currentProjectLabel = JLabel("Current:")
currentProjectLabel.setBounds(10, 10, 140, 30)
projects = self.config.options('projects')
self.currentProject = JComboBox(projects)
self.currentProject.addActionListener(projectChangeHandler(self))
self.currentProject.setBounds(140, 10, 140, 30)
self.autoSave = JCheckBox("Auto Save Mode")
self.autoSave.setEnabled(False) # implement this feature
self.autoSave.setBounds(300, 10, 140, 30)
self.autoSave.setToolTipText("Will save any changed value while focus is out")
addProjButton = JButton("Add / Update",actionPerformed=self.addProj)
addProjButton.setBounds(10, 330, 150, 30)
removeProjButton = JButton("Remove Current",actionPerformed=self.rmProj)
removeProjButton.setBounds(315, 330, 146, 30)
generalOptions = self.config.options('general')
if 'default project' in generalOptions:
defaultProj = self.config.get('general','default project')
self.currentProject.getModel().setSelectedItem(defaultProj)
self.projPath.setText(self.config.get('projects',self.currentProject.getSelectedItem()))
self.clearProjTab = True
self.projectSettings = JPanel()
self.projectSettings.setBounds(0, 0, 1000, 1000)
self.projectSettings.setLayout(None)
self.projectSettings.add(reportLabel)
self.projectSettings.add(detailsLabel)
self.projectSettings.add(projPathLabel)
self.projectSettings.add(addProjButton)
self.projectSettings.add(openProjButton)
self.projectSettings.add(projNameLabel)
self.projectSettings.add(projDetailsScroll)
self.projectSettings.add(importProjButton)
self.projectSettings.add(exportProjButton)
self.projectSettings.add(removeProjButton)
self.projectSettings.add(generateReportButton)
self.projectSettings.add(chooseProjPathButton)
self.projectSettings.add(currentProjectLabel)
self.projectSettings.add(self.projPath)
self.projectSettings.add(self.autoSave)
self.projectSettings.add(self.projName)
self.projectSettings.add(self.reportType)
self.projectSettings.add(self.currentProject)
class main(JFrame):
def __init__(self):
super(main,self).__init__()
self.Config()
self.windows()
self.ruta=""
def windows(self):
self.setTitle("IDE Meta Compilador")
self.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)
self.setLayout(None)
self.setLocationRelativeTo(None)
self.setVisible(True)
def Config(self):
self.panel = JScrollPane()
self.txtArea_Principal =JTextArea()
self.jScrollPane1 =JScrollPane()
self.txtTerminal =JTextArea()
self.Menu =JMenuBar()
self.menu_Archivo =JMenu()
self.menu_Nuevo =JMenuItem()
self.menuabrir =JMenuItem()
self.menucerrar =JMenuItem()
self.menuguardar =JMenuItem()
self.menuguardarcomo =JMenuItem()
self.menusalir =JMenuItem()
self.menu_Edicion =JMenu()
self.menu_cortar =JMenuItem()
self.menu_copiar =JMenuItem()
self.menu_pegar =JMenuItem()
self.menu_Tablas =JMenu()
self.menu_TablasEstaticas =JMenu()
self.submenu_palabrasReservadas =JMenuItem()
self.submenu_CaracteresEspeciales =JMenuItem()
self.submenu_operadores =JMenu()
self.ta_di_conu_enteros =JMenuItem()
self.ta_di_conu_reales =JMenuItem()
self.ta_di_conu_cientificos =JMenuItem()
self.menu_TablaasDinamicas =JMenu()
self.submenu_simbolos =JMenuItem()
self.submenu_identificadores =JMenuItem()
self.submenu_errores =JMenuItem()
self.submenu_constantesNumericas =JMenu()
self.ta_es_op_aritmeticos =JMenuItem()
self.ta_es_op_relacionales =JMenuItem()
self.ta_es_op_logicos =JMenuItem()
self.submenu_Constantes_No_Numericas =JMenu()
self.tab_caracteres =JMenuItem()
self.tab_cadenas =JMenuItem()
self.menu_Analisis =JMenu()
self.ana_lexico =JMenuItem()
self.ana_sintactico =JMenuItem()
self.ana_semantico =JMenuItem()
self.menu_Acerca_de =JMenu()
self.btn_integrantes =JMenuItem()
#########################
self.jf = JFileChooser()
#########################
self.txtArea_Principal.setColumns(20)
self.txtArea_Principal.setRows(5)
self.txtArea_Principal.setAutoscrolls(False)
self.txtArea_Principal.setEnabled(False)
self.panel.setViewportView(self.txtArea_Principal)
self.getContentPane().add(self.panel)
self.panel.setBounds(0, 0, 1080, 450)
self.txtTerminal.setColumns(20)
self.txtTerminal.setRows(5)
self.txtTerminal.setAutoscrolls(False)
self.txtTerminal.setFocusable(False)
self.jScrollPane1.setViewportView(self.txtTerminal)
self.getContentPane().add(self.jScrollPane1)
self.jScrollPane1.setBounds(0, 460, 1080, 150)
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU ARCHIVOS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
self.menu_Archivo.setText("Archivo")
self.menu_Nuevo.addActionListener(lambda event : self.nuevo(event))
self.menu_Nuevo.setText("Nuevo")
self.menu_Archivo.add(self.menu_Nuevo)
self.menuabrir.setText("Abrir")
self.menuabrir.addActionListener(lambda event : self.abrir(event))
self.menu_Archivo.add(self.menuabrir)
self.menucerrar.setText("Cerrar")
self.menucerrar.addActionListener(lambda event : self.cerrar(event))
self.menu_Archivo.add(self.menucerrar)
self.menuguardar.setText("Guardar")
self.menuguardar.addActionListener(lambda event : self.guardar(event))
self.menu_Archivo.add(self.menuguardar)
self.menuguardarcomo.setText("Guardar como")
self.menuguardarcomo.addActionListener(lambda event : self.guardarcomo(event))
self.menu_Archivo.add(self.menuguardarcomo)
self.menusalir.setText("Salir")
self.menusalir.addActionListener(lambda event : self.salir(event))
self.menu_Archivo.add(self.menusalir)
self.Menu.add(self.menu_Archivo)
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU EDICION<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
self.menu_Edicion.setText("Edicion")
self.menu_cortar.setText("Cortar")
self.menu_cortar.addActionListener(lambda event : self.cortar(event))
self.menu_Edicion.add(self.menu_cortar)
self.menu_copiar.setText("Copiar")
self.menu_copiar.addActionListener(lambda event : self.copiar(event))
self.menu_Edicion.add(self.menu_copiar)
self.menu_pegar.setText("Pegar")
self.menu_pegar.addActionListener(lambda event : self.pegar(event))
self.menu_Edicion.add(self.menu_pegar)
self.Menu.add(self.menu_Edicion)
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU TABLAS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
self.menu_Tablas.setText("Tablas")
self.menu_TablasEstaticas.setText("Tablas Estaticas")
self.submenu_palabrasReservadas.setText("Tabla de palabras reservadas")
self.menu_TablasEstaticas.add(self.submenu_palabrasReservadas)
self.submenu_CaracteresEspeciales.setText("Tabla de caracteres especiales")
self.menu_TablasEstaticas.add(self.submenu_CaracteresEspeciales)
self.submenu_operadores.setText("Tabla de operadores")
self.ta_es_op_aritmeticos.setText("Aritmeticos")
self.submenu_operadores.add(self.ta_es_op_aritmeticos)
self.ta_es_op_relacionales.setText("Relacionales")
self.submenu_operadores.add(self.ta_es_op_relacionales)
self.ta_es_op_logicos.setText("Logicos")
self.submenu_operadores.add(self.ta_es_op_logicos)
self.menu_TablasEstaticas.add(self.submenu_operadores)
self.menu_Tablas.add(self.menu_TablasEstaticas)
self.menu_TablaasDinamicas.setText("Tablas Dinamicas")
self.submenu_simbolos.setText("Tabla de simbolos")
self.menu_TablaasDinamicas.add(self.submenu_simbolos)
self.submenu_identificadores.setText("Tabla de identificadores")
self.menu_TablaasDinamicas.add(self.submenu_identificadores)
self.submenu_errores.setText("Tabla de errores")
self.menu_TablaasDinamicas.add(self.submenu_errores)
self.submenu_constantesNumericas.setText("Tabla de constantes numericas")
self.ta_di_conu_enteros.setText("Enteros")
self.ta_di_conu_enteros.addActionListener(lambda event : self.numeroenteros(event))
self.submenu_constantesNumericas.add(self.ta_di_conu_enteros)
self.ta_di_conu_reales.setText("Reales")
self.ta_di_conu_reales.addActionListener(lambda event : self.numeroreales(event))
self.submenu_constantesNumericas.add(self.ta_di_conu_reales)
self.ta_di_conu_cientificos.setText("Cientificos")
self.submenu_constantesNumericas.add(self.ta_di_conu_cientificos)
self.menu_TablaasDinamicas.add(self.submenu_constantesNumericas)
self.submenu_Constantes_No_Numericas.setText("Tabla de constantes no numericas")
self.tab_caracteres.setText("Caracteres")
self.submenu_Constantes_No_Numericas.add(self.tab_caracteres)
self.tab_cadenas.setText("Cadenas")
self.submenu_Constantes_No_Numericas.add(self.tab_cadenas)
self.menu_TablaasDinamicas.add(self.submenu_Constantes_No_Numericas)
self.menu_Tablas.add(self.menu_TablaasDinamicas)
self.Menu.add(self.menu_Tablas)
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU ANALISIS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
self.menu_Analisis.setText("Analisis")
self.ana_lexico.setText("Lexico")
self.ana_lexico.addActionListener(lambda event : self.lexico(event))
self.menu_Analisis.add(self.ana_lexico)
self.ana_sintactico.setText("Sintactico")
self.ana_sintactico.addActionListener(lambda event : self.sintactico(event))
self.menu_Analisis.add(self.ana_sintactico)
self.ana_semantico.setText("Semantico")
self.menu_Analisis.add(self.ana_semantico)
self.Menu.add(self.menu_Analisis)
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MENU ACERCA DE<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
self.menu_Acerca_de.setText("Acerca de")
self.btn_integrantes.setText("Integrante del proyecto")
self.btn_integrantes.addActionListener(lambda event : self.integrantes(event))
self.menu_Acerca_de.add(self.btn_integrantes)
self.Menu.add(self.menu_Acerca_de)
self.setJMenuBar(self.Menu)
self.setBounds(0, 0, 1095, 670)
######################################
def integrantes(self,event):
informacion()
def cortar(self,event):
self.txtArea_Principal.cut()
def copiar(self,event):
self.txtArea_Principal.copy()
def pegar(self,event):
self.txtArea_Principal.paste()
def salir(self,event):
self.dispose()
######################################
def guardarcomo(self,event): pass
def guardar(self,event):
if self.ruta == "":
self.txtTerminal.setText("no hay un directorio abierto")
else:
agregar(self.ruta,str(self.txtArea_Principal.getText()))
def cerrar(self,event):
self.txtArea_Principal.setText("")
self.txtArea_Principal.setEnabled(False)
self.ruta=""
def abrir(self,event):
self.jf.showOpenDialog(self)
self.ruta = self.jf.getSelectedFile()
self.txtArea_Principal.setEnabled(True)
self.txtArea_Principal.setText(abrir(self.ruta))
def nuevo(self,event):
if self.ruta == "":
print("no pasa nada")
else:
print("hay un archivo existente")
self.ruta =""
self.txtArea_Principal.setEnabled(True)
self.txtArea_Principal.setText("")
######################################
def lexico(self,event):
self.txtTerminal.setText("")
archivo = open("{}".format(self.ruta),"r")
texto = ""
for a in prueba(self.txtArea_Principal.getText()):
texto += a+"\n"
self.txtTerminal.setText(texto)
def sintactico(self,event):
self.txtTerminal.setText("")
texto=""
for a in prueba_sintactica(self.txtArea_Principal.getText()):
texto +=a+"\n"
self.txtTerminal.setText(texto)
def draw(self):
""" init interception filters tab
"""
self._extender.savedHeaders = [{"title": "Temporary headers", "headers": "Cookie: Insert=injected; cookie=or;\nHeader: here"}]
# IFStrings has to contains : character
IFStrings = ["Scope items only: (Content is not required)",
"URL Contains (simple string): ",
"URL Contains (regex): ",
"URL Not Contains (simple string): ",
"URL Not Contains (regex): ",
"Only HTTP methods (newline separated): ",
"Ignore HTTP methods (newline separated): ",
"Ignore spider requests: (Content is not required)",
"Ignore proxy requests: (Content is not required)",
"Ignore target requests: (Content is not required)"]
self._extender.IFType = JComboBox(IFStrings)
self._extender.IFType.setBounds(80, 10, 430, 30)
self._extender.IFModel = DefaultListModel()
self._extender.IFList = JList(self._extender.IFModel)
scrollIFList = JScrollPane(self._extender.IFList)
scrollIFList.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollIFList.setBounds(80, 175, 300, 110)
scrollIFList.setBorder(LineBorder(Color.BLACK))
# Adding some default interception filters
# self.IFModel.addElement("Scope items only: (Content is not required)") # commented for better first impression.
self._extender.IFModel.addElement("URL Not Contains (regex): \\.js|\\.css|\\.png|\\.jpg|\\.svg|\\.jpeg|\\.gif|\\.woff|\\.map|\\.bmp|\\.ico$")
self._extender.IFModel.addElement("Ignore spider requests: ")
self._extender.IFText = JTextArea("", 5, 30)
scrollIFText = JScrollPane(self._extender.IFText)
scrollIFText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollIFText.setBounds(80, 50, 300, 110)
IFLType = JLabel("Type:")
IFLType.setBounds(10, 10, 140, 30)
IFLContent = JLabel("Content:")
IFLContent.setBounds(10, 50, 140, 30)
IFLabelList = JLabel("Filter List:")
IFLabelList.setBounds(10, 165, 140, 30)
self._extender.IFAdd = JButton("Add filter", actionPerformed=self.addIFFilter)
self._extender.IFAdd.setBounds(390, 85, 120, 30)
self._extender.IFDel = JButton("Remove filter", actionPerformed=self.delIFFilter)
self._extender.IFDel.setBounds(390, 210, 120, 30)
self._extender.IFMod = JButton("Modify filter", actionPerformed=self.modIFFilter)
self._extender.IFMod.setBounds(390, 250, 120, 30)
self._extender.filtersPnl = JPanel()
self._extender.filtersPnl.setLayout(None)
self._extender.filtersPnl.setBounds(0, 0, 1000, 1000)
self._extender.filtersPnl.add(IFLType)
self._extender.filtersPnl.add(self._extender.IFType)
self._extender.filtersPnl.add(IFLContent)
self._extender.filtersPnl.add(scrollIFText)
self._extender.filtersPnl.add(self._extender.IFAdd)
self._extender.filtersPnl.add(self._extender.IFDel)
self._extender.filtersPnl.add(self._extender.IFMod)
self._extender.filtersPnl.add(IFLabelList)
self._extender.filtersPnl.add(scrollIFList)
class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IProxyListener):
"""
BurpSuite插件类
"""
def __init__(self):
self.plugin_name = u'orz Plugin'
self.panel = None
self.callbacks = None
self.DEBUG = True
self.context = None
self.helpers = None
self.log_box_width = 1000
self.log_box_height = 400
self.tools = Tools()
self.now_version = VERSION
def registerExtenderCallbacks(self, callbacks):
# 注册插件
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
self.callbacks.setExtensionName(self.plugin_name)
# 绘制标签页UI
self.tab_ui()
self.callbacks.customizeUiComponent(self.panel)
self.callbacks.addSuiteTab(self)
self.callbacks.registerProxyListener(self)
self.callbacks.registerContextMenuFactory(self)
print('Plugin load successfully!')
self.tools.log('INFO', '插件加载成功 - 当前版本: {}'.format(VERSION))
self.tools.log('INFO', '当前debug模式: {}'.format(self.DEBUG))
# 窗口大小检查线程
log_box_thread = threading.Thread(target=self.reset_log_box_size)
log_box_thread.setDaemon(True)
log_box_thread.start()
return
def createMenuItems(self, invocation):
# 创建菜单右键菜单选项
self.context = invocation
menu_list = JMenu('orz Plugin')
if self.context.getToolFlag() == 0x40:
menu_list.add(
JMenuItem(u'添加IP伪造请求头',
actionPerformed=self.update_client_src_ip))
menu_list.add(
JMenuItem(u'生成DNSLog Payload',
actionPerformed=self.dnslog_payload))
# DEBUG 按钮
menu_list.add(
JMenuItem('orz - DEBUG', actionPerformed=self.debug_fun))
return [menu_list]
def tab_ui(self):
self.panel = JPanel()
self.panel.setLayout(None)
self.ui_client_dnslog_label_1 = JLabel('-' * 10 +
u' IP伪造请求头 & DNSLog 配置 ' +
'-' * 155)
self.ui_client_dnslog_label_1.setBounds(20, 10, 1000, 28)
self.ui_client_ip_label_1 = JLabel(u'伪造IP: ')
self.ui_client_ip_label_1.setBounds(20, 40, 70, 30)
self.ui_client_ip = JTextField('127.0.0.1')
self.ui_client_ip.setBounds(80, 40, 200, 28)
self.ui_client_url_label_1 = JLabel(u'dnslog url: ')
self.ui_client_url_label_1.setBounds(10, 80, 70, 30)
self.ui_client_url = JTextField('http://examlpe.com')
self.ui_client_url.setBounds(80, 80, 200, 28)
self.ui_button_label = JLabel('-' * 210)
self.ui_button_label.setBounds(20, 110, 1000, 28)
#self.ui_web_test_button = JButton(u'登录测试', actionPerformed=self.login_test)
#self.ui_web_test_button.setBounds(20, 140, 100, 28)
self.ui_save_button = JButton(u'保存配置',
actionPerformed=self.save_configuration)
self.ui_save_button.setBounds(20, 140, 100, 28)
self.ui_debug_button = JButton('Debug', actionPerformed=self.debug_fun)
self.ui_debug_button.setBounds(135, 140, 100, 28)
self.panel.add(self.ui_debug_button)
self.ui_log_box = JTextArea('')
self.ui_log_box.setLineWrap(True)
self.ui_log_box.setEditable(False)
self.ui_log_scroll_pane = JScrollPane(self.ui_log_box)
self.ui_log_scroll_pane.setBounds(20, 190, self.log_box_width,
self.log_box_height)
self.panel.add(self.ui_client_dnslog_label_1)
self.panel.add(self.ui_client_ip_label_1)
self.panel.add(self.ui_client_ip)
self.panel.add(self.ui_client_url_label_1)
self.panel.add(self.ui_client_url)
self.panel.add(self.ui_button_label)
#self.panel.add(self.ui_web_test_button)
self.panel.add(self.ui_save_button)
self.panel.add(self.ui_log_scroll_pane)
self.tools.panel = self.panel
self.tools.log_box = self.ui_log_box
self.tools.log_scroll_pane = self.ui_log_scroll_pane
def getTabCaption(self):
# 设置标签页名称
return self.plugin_name
def getUiComponent(self):
# 设置标签页UI
return self.panel
def processProxyMessage(self, message_is_request, message):
"""
处理Proxy请求
url: http://biubiu.com:80/h/p?id=24&a=123
request_methond: POST GET etc
cookie: 顾名思义
content_type: 如 application/json; charset=UTF-8
request_header: 包含coolie的头
request_body: 顾名思义
host: 主机名
port: 端口号
protocol: 协议,如http、https
url_parameters:url中的参数信息, 格式{'id':23,'a':123}
"""
if message_is_request and self.DEBUG:
request = message.getMessageInfo().getRequest()
analyzedRequest = self.helpers.analyzeRequest(
message.getMessageInfo().getHttpService(), request)
request_headers = analyzedRequest.getHeaders()
request_body = request[analyzedRequest.getBodyOffset():].tostring()
url = str(analyzedRequest.getUrl())
host = message.getMessageInfo().getHttpService().getHost()
port = message.getMessageInfo().getHttpService().getPort()
protocol = message.getMessageInfo().getHttpService().getProtocol()
request_methond = str(analyzedRequest.getMethod())
parameters = analyzedRequest.getParameters()
url_parameters = {}
for parameter in parameters:
if parameter.getType() == 0:
url_parameters[str(parameter.getName())] = str(
parameter.getValue())
cookie = ""
content_type = ""
request_header = {}
for header in request_headers[2:]:
header = str(header).strip()
header_temp = header.split(':')
request_header[header_temp[0].strip()] = ':'.join(
header_temp[1:]).strip()
if header.startswith("Cookie:"):
cookie_temp = header.split(':')
cookie = ':'.join(cookie_temp[1:]).strip()
continue
if header.startswith("Content-Type"):
content_type = ':'.join(header.split(':')[1:]).strip()
# self.tools.log('content_type', content_type)
# self.tools.log('request_methond', request_methond)
# self.tools.log('url', url)
#self.tools.log('request_header', request_header)
# self.tools.log('cookie', cookie)
self.tools.http_deal(url, request_methond, cookie, content_type,
request_header, request_body)
# 多线程
# proxy_thread = threading.Thread(target=self.tools.http_deal, args=(
# url, request_methond, cookie, content_type, request_header, request_body))
# proxy_thread.setDaemon(True)
# proxy_thread.start()
# 新增处理线程
def login_test(self, event):
# 生产环境Web方式获取Cookie测试
return
def save_configuration(self, event):
self.tools.client_src_ip = str(self.ui_client_ip.getText()).strip()
self.tools.dnslog_url = str(self.ui_client_url.getText()).strip()
self.tools.log('INFO', '配置保存成功')
def reset_log_box_size(self):
while self.tools.runtime():
time.sleep(1)
new_width = int(self.panel.rootPane.getSize().width) - 40
new_height = int(self.panel.rootPane.getSize().height) - 290
if new_width != self.log_box_width or new_height != self.log_box_height:
self.log_box_width = new_width
self.log_box_height = new_height
self.ui_log_scroll_pane.setBounds(20, 190, self.log_box_width,
self.log_box_height)
self.panel.updateUI()
def debug_fun(self, event):
if self.DEBUG:
self.DEBUG = False
self.tools.log('INFO', 'set debug = False')
else:
self.DEBUG = True
self.tools.log('INFO', 'set debug = True')
def update_web_cookie(self):
http_traffic = self.context.getSelectedMessages()[0]
traffic_analyze = self.helpers.analyzeRequest(http_traffic)
return
def web_cookie_web_prod(self, event):
self.update_web_cookie()
def update_client_src_ip(self, event):
add_header = [
'X-Originating-IP', 'X-Forwarded-For', 'X-Remote-IP',
'X-Remote-Addr', 'X-Client-IP', 'X-Real-IP', 'Proxy-Cllient-IP',
'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR'
]
http_traffic = self.context.getSelectedMessages()[0]
traffic_analyze = self.helpers.analyzeRequest(http_traffic)
new_headers = []
tmp_add_header = map(str.lower, add_header)
for header in traffic_analyze.getHeaders():
tmp_header = header.split(':')[0].strip().lower()
if tmp_header not in tmp_add_header:
new_headers.append(header)
new_headers += map(
lambda x: '{}: {}'.format(x, self.tools.client_src_ip), add_header)
new_request = self.helpers.buildHttpMessage(
new_headers,
http_traffic.getRequest()[traffic_analyze.getBodyOffset():])
http_traffic.setRequest(new_request)
def dnslog_payload(self, event):
self.tools.msg_box('功能暂未实现,待更新')
def initVulnerabilityTab(self):
#
## init vulnerability tab
#
nameLabel = JLabel("Vulnerability Name:")
nameLabel.setBounds(10, 10, 140, 30)
self.addButton = JButton("Add",actionPerformed=self.addVuln)
self.addButton.setBounds(10, 500, 100, 30)
rmVulnButton = JButton("Remove",actionPerformed=self.rmVuln)
rmVulnButton.setBounds(465, 500, 100, 30)
mitigationLabel = JLabel("Mitigation:")
mitigationLabel.setBounds(10, 290, 150, 30)
addSSBtn = JButton("Add SS",actionPerformed=self.addSS)
addSSBtn.setBounds(750, 40, 110, 30)
deleteSSBtn = JButton("Remove SS",actionPerformed=self.removeSS)
deleteSSBtn.setBounds(750, 75, 110, 30)
piclistLabel = JLabel("Images list:")
piclistLabel.setBounds(580, 10, 140, 30)
self.screenshotsList = DefaultListModel()
self.ssList = JList(self.screenshotsList)
self.ssList.setBounds(580, 40, 150, 250)
self.ssList.addListSelectionListener(ssChangedHandler(self))
self.ssList.setBorder(BorderFactory.createLineBorder(Color.GRAY))
previewPicLabel = JLabel("Selected image preview: (click to open in image viewer)")
previewPicLabel.setBounds(580, 290, 500, 30)
copyImgMenu = JMenuItem("Copy")
copyImgMenu.addActionListener(copyImg(self))
self.imgMenu = JPopupMenu("Popup")
self.imgMenu.add(copyImgMenu)
self.firstPic = JLabel()
self.firstPic.setBorder(BorderFactory.createLineBorder(Color.GRAY))
self.firstPic.setBounds(580, 320, 550, 400)
self.firstPic.addMouseListener(imageClicked(self))
self.vulnName = JTextField("")
self.vulnName.getDocument().addDocumentListener(vulnTextChanged(self))
self.vulnName.setBounds(140, 10, 422, 30)
sevirities = ["Unclassified", "Critical","High","Medium","Low"]
self.threatLevel = JComboBox(sevirities);
self.threatLevel.setBounds(140, 45, 140, 30)
colors = ["Color:", "Green", "Red"]
self.colorCombo = JComboBox(colors);
self.colorCombo.setBounds(465, 45, 100, 30)
self.colorCombo
severityLabel = JLabel("Threat Level:")
severityLabel.setBounds(10, 45, 100, 30)
descriptionLabel = JLabel("Description:")
descriptionLabel.setBounds(10, 80, 100, 30)
self.descriptionString = JTextArea("", 5, 30)
self.descriptionString.setWrapStyleWord(True);
self.descriptionString.setLineWrap(True)
self.descriptionString.setBounds(10, 110, 555, 175)
descriptionStringScroll = JScrollPane(self.descriptionString)
descriptionStringScroll.setBounds(10, 110, 555, 175)
descriptionStringScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.mitigationStr = JTextArea("", 5, 30)
self.mitigationStr.setWrapStyleWord(True);
self.mitigationStr.setLineWrap(True)
self.mitigationStr.setBounds(10, 320, 555, 175)
mitigationStrScroll = JScrollPane(self.mitigationStr)
mitigationStrScroll.setBounds(10, 320, 555, 175)
mitigationStrScroll.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000);
self.pnl.setLayout(None);
self.pnl.add(addSSBtn)
self.pnl.add(piclistLabel)
self.pnl.add(nameLabel)
self.pnl.add(deleteSSBtn)
self.pnl.add(rmVulnButton)
self.pnl.add(severityLabel)
self.pnl.add(mitigationLabel)
self.pnl.add(descriptionLabel)
self.pnl.add(previewPicLabel)
self.pnl.add(mitigationStrScroll)
self.pnl.add(descriptionStringScroll)
self.pnl.add(self.ssList)
self.pnl.add(self.firstPic)
self.pnl.add(self.addButton)
self.pnl.add(self.vulnName)
self.pnl.add(self.threatLevel)
self.pnl.add(self.colorCombo)
class BurpExtender(IBurpExtender, ITab, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("burp-sensitive-param-extractor")
self._stdout = PrintWriter(callbacks.getStdout(), True)
callbacks.registerHttpListener(self)
#callbacks.registerMessageEditorTabFactory(self)
print 'burp-sensitive-param-extractor loaded.\nAuthor:LSA\nhttps://github.com/theLSA/burp-sensitive-param-extractor'
self.sensitiveParamR = getParamRegular()
self._callbacks.customizeUiComponent(self.getUiComponent())
self._callbacks.addSuiteTab(self)
#self.endColors = []
self.requestParamDict = {}
self.resultSensitiveParamsDict = {}
def getTabCaption(self):
return 'BSPE'
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if messageIsRequest and toolFlag == 4:
self.requestParamDict['urlParams'] = []
self.requestParamDict['BodyParams'] = []
self.requestParamDict['cookieParams'] = []
self.requestParamDict['jsonParams'] = []
cookieParamFlag = 0
service = messageInfo.getHttpService()
request = messageInfo.getRequest()
analyzeReq = self._helpers.analyzeRequest(service, request)
reqUrl = self._helpers.analyzeRequest(messageInfo).getUrl()
reqMethod = self._helpers.analyzeRequest(messageInfo).getMethod()
reqParams = analyzeReq.getParameters()
for param in reqParams:
paramType = param.getType()
if paramType == 0:
#self.outputTxtArea.append("\nurlParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'urlParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]" % paramName)
self.requestParamDict['urlParams'].append(
paramName.strip())
if paramType == 1:
#self.outputTxtArea.append("\nBodyParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'BodyParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]\n" % paramName)
self.requestParamDict['BodyParams'].append(
paramName.strip())
if paramType == 2:
#self.outputTxtArea.append("\ncookieParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'CookieParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]\n" % paramName)
self.requestParamDict['cookieParams'].append(
paramName.strip())
cookieParamFlag = 1
if paramType == 6:
#self.outputTxtArea.append("\njsonParams-")
paramName = param.getName()
paramValue = param.getValue()
print 'JsonParams:'
print paramName + ':' + paramValue
#self.outputTxtArea.append("[%s]\n" % paramName)
self.requestParamDict['jsonParams'].append(
paramName.strip())
self.resultSensitiveParamsDict = self.findSensitiveParam(
self.requestParamDict)
#print self.resultSensitiveParamsDict
for rspdKey in self.resultSensitiveParamsDict.keys():
if self.resultSensitiveParamsDict[rspdKey] != []:
print "[%s][%s]" % (reqMethod, reqUrl)
self.outputTxtArea.append(
"\n------------------------------------------------------\n"
)
self.outputTxtArea.append("[%s][%s]\n" %
(reqMethod, reqUrl))
break
for rspdKey in self.resultSensitiveParamsDict.keys():
if self.resultSensitiveParamsDict[rspdKey] != []:
self.outputTxtArea.append(
"\n" + rspdKey + "--" +
str(self.resultSensitiveParamsDict[rspdKey]))
self.write2file()
#pass
else:
return
def findSensitiveParam(self, requestParamDict):
#sensitiveParamR = getParamRegular()
resultSensitiveParamsDict = {}
resultSensitiveParamsDict['urlParams'] = []
resultSensitiveParamsDict['BodyParams'] = []
resultSensitiveParamsDict['cookieParams'] = []
resultSensitiveParamsDict['jsonParams'] = []
#print requestParamDict
for spr in self.sensitiveParamR:
for key in requestParamDict.keys():
for reqParam in requestParamDict[key]:
if len(spr) == 1:
if spr == reqParam.lower():
resultSensitiveParamsDict[key].append(reqParam)
else:
if spr in reqParam.lower():
print spr + ' in ' + reqParam
resultSensitiveParamsDict[key].append(reqParam)
#print resultSensitiveParamsDict
for key in resultSensitiveParamsDict.keys():
resultSensitiveParamsDict[key] = {}.fromkeys(
resultSensitiveParamsDict[key]).keys()
#resultSensitiveParamsDict[key] = sorted(resultSensitiveParamsDict[key],key=resultSensitiveParamsDict[key].index)
#print resultSensitiveParamsDict
return resultSensitiveParamsDict
def write2file(self):
sensitiveParamsList = getSensitiveParamsFromFile()
newSensitiveParamsList = []
#print self.resultSensitiveParamsDict
for rspdKey in self.resultSensitiveParamsDict.keys():
if (self.resultSensitiveParamsDict[rspdKey] != []) and (set(
self.resultSensitiveParamsDict[rspdKey]).issubset(
set(sensitiveParamsList)) == False):
newSensitiveParamsList.extend([
newSensitiveParam for newSensitiveParam in
self.resultSensitiveParamsDict[rspdKey]
if newSensitiveParam not in sensitiveParamsList
])
#print str(newSensitiveParamsList)
if newSensitiveParamsList != []:
newSensitiveParamsList = {}.fromkeys(newSensitiveParamsList).keys()
with open('sensitive-params.txt', 'a') as sps:
for nsp in newSensitiveParamsList:
#print 'writeNewParams:'+nsp
sps.write('\n' + nsp)
def addAndSaveNewParamRegular(self, event):
NewParamRegular = self.addAndSaveNewParamRegularTextField.getText()
if NewParamRegular not in self.sensitiveParamR:
self.sensitiveParamR.append(NewParamRegular)
with open(paramRegularFile, 'a') as prf:
prf.write('\n' + NewParamRegular)
self.alertSaveSuccess.showMessageDialog(self.spePanel,
"Add and save success!")
else:
self.alertSaveSuccess.showMessageDialog(self.tab,
"paramRegular existed.")
self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR)
self.sensitiveParamsRegularListPanel.revalidate()
#self.sensitiveParamR = getParamRegular()
def delParamRegular(self, event):
#delParamRegularsIndex = self.sensitiveParamsRegularListPanel.selectedIndex
#if delParamRegularsIndex >= 0:
# print delParamRegularsIndex
# print self.sensitiveParamR[delParamRegularsIndex]
for sprlp in self.sensitiveParamsRegularListPanel.getSelectedValuesList(
):
#print sprlp
self.sensitiveParamR.remove(sprlp)
#with open(paramRegularFile,'r') as prf1:
# lines = prf1.readlines()
with open(paramRegularFile, 'w') as prf2:
#print self.sensitiveParamsRegularListPanel.getSelectedValuesList()
#for line in lines:
# if line.strip() in self.sensitiveParamsRegularListPanel.getSelectedValuesList():
# print 'remove:'+line
# lines.remove(line)
#for spr1 in lines:
# #print spr1
# prf2.write(spr1)
for spr2i, spr2 in enumerate(self.sensitiveParamR):
print spr2i
print spr2
if spr2i == len(self.sensitiveParamR) - 1:
prf2.write(spr2)
else:
prf2.write(spr2 + '\n')
self.sensitiveParamsRegularListPanel.setListData(self.sensitiveParamR)
self.sensitiveParamsRegularListPanel.revalidate()
#self.sensitiveParamR = getParamRegular()
def clearRst(self, event):
self.outputTxtArea.setText("")
def exportRst(self, event):
chooseFile = JFileChooser()
ret = chooseFile.showDialog(self.logPane, "Choose file")
filename = chooseFile.getSelectedFile().getCanonicalPath()
print "\n" + "Export to : " + filename
open(filename, 'w', 0).write(self.outputTxtArea.text)
def getUiComponent(self):
self.spePanel = JPanel()
self.spePanel.setBorder(None)
self.spePanel.setLayout(None)
self.logPane = JScrollPane()
self.outputTxtArea = JTextArea()
self.outputTxtArea.setFont(Font("Consolas", Font.PLAIN, 12))
self.outputTxtArea.setLineWrap(True)
self.logPane.setViewportView(self.outputTxtArea)
self.spePanel.add(self.logPane)
self.clearBtn = JButton("Clear", actionPerformed=self.clearRst)
self.exportBtn = JButton("Export", actionPerformed=self.exportRst)
self.parentFrm = JFileChooser()
self.spePanel.add(self.clearBtn)
self.spePanel.add(self.exportBtn)
self.logPane.setBounds(20, 50, 800, 600)
self.clearBtn.setBounds(20, 650, 100, 30)
self.exportBtn.setBounds(600, 650, 100, 30)
self.sensitiveParamsRegularListPanel = JList(self.sensitiveParamR)
self.sensitiveParamsRegularListPanel.setVisibleRowCount(
len(self.sensitiveParamR))
#self.spePanel.add(self.sensitiveParamsRegularListPanel)
#self.sensitiveParamsRegularListPanel.setBounds(850,50,150,600)
self.sensitiveParamsRegularListScrollPanel = JScrollPane()
self.sensitiveParamsRegularListScrollPanel.setViewportView(
self.sensitiveParamsRegularListPanel)
self.spePanel.add(self.sensitiveParamsRegularListScrollPanel)
self.sensitiveParamsRegularListScrollPanel.setBounds(850, 50, 150, 600)
self.addAndSaveNewParamRegularButton = JButton(
'add&&save', actionPerformed=self.addAndSaveNewParamRegular)
self.spePanel.add(self.addAndSaveNewParamRegularButton)
self.addAndSaveNewParamRegularButton.setBounds(1000, 50, 150, 30)
self.addAndSaveNewParamRegularTextField = JTextField('NewParamRegular')
self.spePanel.add(self.addAndSaveNewParamRegularTextField)
self.addAndSaveNewParamRegularTextField.setBounds(1150, 50, 100, 30)
self.alertSaveSuccess = JOptionPane()
self.spePanel.add(self.alertSaveSuccess)
self.delParamRegularButton = JButton(
"delete", actionPerformed=self.delParamRegular)
self.spePanel.add(self.delParamRegularButton)
self.delParamRegularButton.setBounds(1000, 90, 100, 30)
return self.spePanel
def draw(self):
""" init configuration tab
"""
self._extender.startButton = JToggleButton("Autorize is off",
actionPerformed=self.startOrStop)
self._extender.startButton.setBounds(10, 20, 230, 30)
self._extender.clearButton = JButton("Clear List", actionPerformed=self.clearList)
self._extender.clearButton.setBounds(10, 80, 100, 30)
self._extender.autoScroll = JCheckBox("Auto Scroll")
self._extender.autoScroll.setBounds(145, 80, 130, 30)
self._extender.ignore304 = JCheckBox("Ignore 304/204 status code responses")
self._extender.ignore304.setBounds(280, 5, 300, 30)
self._extender.ignore304.setSelected(True)
self._extender.prevent304 = JCheckBox("Prevent 304 Not Modified status code")
self._extender.prevent304.setBounds(280, 25, 300, 30)
self._extender.interceptRequestsfromRepeater = JCheckBox("Intercept requests from Repeater")
self._extender.interceptRequestsfromRepeater.setBounds(280, 45, 300, 30)
self._extender.doUnauthorizedRequest = JCheckBox("Check unauthenticated")
self._extender.doUnauthorizedRequest.setBounds(280, 65, 300, 30)
self._extender.doUnauthorizedRequest.setSelected(True)
self._extender.saveHeadersButton = JButton("Save headers",
actionPerformed=self.saveHeaders)
self._extender.saveHeadersButton.setBounds(360, 115, 120, 30)
savedHeadersTitles = self.getSavedHeadersTitles()
self._extender.savedHeadersTitlesCombo = JComboBox(savedHeadersTitles)
self._extender.savedHeadersTitlesCombo.addActionListener(SavedHeaderChange(self._extender))
self._extender.savedHeadersTitlesCombo.setBounds(10, 115, 300, 30)
self._extender.replaceString = JTextArea("Cookie: Insert=injected; cookie=or;\nHeader: here", 5, 30)
self._extender.replaceString.setWrapStyleWord(True)
self._extender.replaceString.setLineWrap(True)
scrollReplaceString = JScrollPane(self._extender.replaceString)
scrollReplaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollReplaceString.setBounds(10, 150, 470, 150)
self._extender.fetchButton = JButton("Fetch cookies from last request",
actionPerformed=self.fetchCookies)
self._extender.fetchButton.setEnabled(False)
self._extender.fetchButton.setBounds(10, 305, 250, 30)
self._extender.filtersTabs = JTabbedPane()
self._extender.filtersTabs = self._extender.filtersTabs
self._extender.filtersTabs.addTab("Enforcement Detector", self._extender.EDPnl)
self._extender.filtersTabs.addTab("Detector Unauthenticated", self._extender.EDPnlUnauth)
self._extender.filtersTabs.addTab("Interception Filters", self._extender.filtersPnl)
self._extender.filtersTabs.addTab("Match/Replace", self._extender.MRPnl)
self._extender.filtersTabs.addTab("Table Filter", self._extender.filterPnl)
self._extender.filtersTabs.addTab("Save/Restore", self._extender.exportPnl)
self._extender.filtersTabs.setSelectedIndex(2)
self._extender.filtersTabs.setBounds(0, 350, 2000, 700)
self._extender.pnl = JPanel()
self.pnl = self._extender.pnl
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self._extender.startButton)
self.pnl.add(self._extender.clearButton)
self.pnl.add(scrollReplaceString)
self.pnl.add(self._extender.saveHeadersButton)
self.pnl.add(self._extender.savedHeadersTitlesCombo)
self.pnl.add(self._extender.fetchButton)
self.pnl.add(self._extender.autoScroll)
self.pnl.add(self._extender.interceptRequestsfromRepeater)
self.pnl.add(self._extender.ignore304)
self.pnl.add(self._extender.prevent304)
self.pnl.add(self._extender.doUnauthorizedRequest)
self.pnl.add(self._extender.filtersTabs)
def registerExtenderCallbacks(self, callbacks):
# smart xss feature (print conclusion and observation)
# mark resulsts
# add automatic check pages in the same domain
self.tagPayloads = [
"<b>test", "<b onmouseover=test()>test",
"<img src=err onerror=test()>", "<script>test</script>"
"", "<scr ipt>test</scr ipt>", "<SCRIPT>test;</SCRIPT>",
"<scri<script>pt>test;</scr</script>ipt>",
"<SCRI<script>PT>test;</SCR</script>IPT>",
"<scri<scr<script>ipt>pt>test;</scr</sc</script>ript>ipt>",
"<IMG \"\"\"><SCRIPT>test</SCRIPT>\">",
"<IMG '''><SCRIPT>test</SCRIPT>'>", "<SCR%00IPT>test</SCR%00IPT>",
"<IFRAME SRC='f' onerror=\"test\"></IFRAME>",
"<IFRAME SRC='f' onerror='test'></IFRAME>",
"<<SCRIPT>test//<</SCRIPT>", "<img src=\"1\" onerror=\"test\">",
"<img src='1' onerror='test'",
"<STYLE TYPE=\"text/javascript\">test;</STYLE>",
"<<SCRIPT>test//<</SCRIPT>"
]
self.attributePayloads = [
"\"\"\"><SCRIPT>test", "'''><SCRIPT>test'",
"\"><script>test</script>", "\"><script>test</script><\"",
"'><script>test</script>", "'><script>test</script><'",
"\";test;\"", "';test;'", ";test;", "\";test;//",
"\"onmouseover=test ", "onerror=\"test\"", "onerror='test'",
"onload=\"test\"", "onload='test'"
]
self.xssKey = 'xssme'
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("XSSor")
self.affectedResponses = ArrayList()
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._splitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
clearAPListBtn = JButton("Clear List",
actionPerformed=self.clearAPList)
clearAPListBtn.setBounds(10, 85, 120, 30)
apListLabel = JLabel('Affected Pages List:')
apListLabel.setBounds(10, 10, 140, 30)
self.affectedModel = DefaultListModel()
self.affectedList = JList(self.affectedModel)
self.affectedList.addListSelectionListener(listSelectedChange(self))
scrollAList = JScrollPane(self.affectedList)
scrollAList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollAList.setBounds(150, 10, 550, 200)
scrollAList.setBorder(LineBorder(Color.BLACK))
APtabs = JTabbedPane()
self._requestAPViewer = callbacks.createMessageEditor(self, False)
self._responseAPViewer = callbacks.createMessageEditor(self, False)
APtabs.addTab("Request", self._requestAPViewer.getComponent())
APtabs.addTab("Affeced Page Response",
self._responseAPViewer.getComponent())
APtabs.setBounds(0, 250, 700, 350)
APtabs.setSelectedIndex(1)
self.APpnl = JPanel()
self.APpnl.setBounds(0, 0, 1000, 1000)
self.APpnl.setLayout(None)
self.APpnl.add(scrollAList)
self.APpnl.add(clearAPListBtn)
self.APpnl.add(APtabs)
self.APpnl.add(apListLabel)
tabs.addTab("Affected Pages", self.APpnl)
self.intercept = 0
## init conf panel
startLabel = JLabel("Plugin status:")
startLabel.setBounds(10, 10, 140, 30)
payloadLabel = JLabel("Basic Payload:")
payloadLabel.setBounds(10, 50, 140, 30)
self.basicPayload = "<script>alert(1)</script>"
self.basicPayloadTxt = JTextArea(self.basicPayload, 5, 30)
self.basicPayloadTxt.setBounds(120, 50, 305, 30)
self.bruteForceMode = JCheckBox("Brute Force Mode")
self.bruteForceMode.setBounds(120, 80, 300, 30)
self.bruteForceMode.addItemListener(handleBFModeChange(self))
self.tagPayloadsCheck = JCheckBox("Tag paylods")
self.tagPayloadsCheck.setBounds(120, 100, 300, 30)
self.tagPayloadsCheck.setSelected(True)
self.tagPayloadsCheck.setEnabled(False)
self.tagPayloadsCheck.addItemListener(handleBFModeList(self))
self.attributePayloadsCheck = JCheckBox("Attribute payloads")
self.attributePayloadsCheck.setBounds(260, 100, 300, 30)
self.attributePayloadsCheck.setSelected(True)
self.attributePayloadsCheck.setEnabled(False)
self.attributePayloadsCheck.addItemListener(handleBFModeList(self))
payloadListLabel = JLabel("Payloads list (for BF mode):")
payloadListLabel.setBounds(10, 130, 140, 30)
self.payloadsModel = DefaultListModel()
self.payloadsList = JList(self.payloadsModel)
scrollPayloadsList = JScrollPane(self.payloadsList)
scrollPayloadsList.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollPayloadsList.setBounds(120, 170, 300, 200)
scrollPayloadsList.setBorder(LineBorder(
Color.BLACK)) # add buttons to remove payloads and add
for payload in self.tagPayloads:
self.payloadsModel.addElement(payload)
for payload in self.attributePayloads:
self.payloadsModel.addElement(payload)
self.startButton = JButton("XSSor is off",
actionPerformed=self.startOrStop)
self.startButton.setBounds(120, 10, 120, 30)
self.startButton.setBackground(Color(255, 100, 91, 255))
consoleTab = JTabbedPane()
self.consoleLog = JTextArea("", 5, 30)
scrollLog = JScrollPane(self.consoleLog)
scrollLog.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollLog.setBounds(120, 170, 550, 200)
scrollLog.setBorder(LineBorder(Color.BLACK))
scrollLog.getVerticalScrollBar().addAdjustmentListener(
autoScrollListener(self))
consoleTab.addTab("Console", scrollLog)
consoleTab.setBounds(0, 400, 500, 200)
self.pnl = JPanel()
self.pnl.setBounds(0, 0, 1000, 1000)
self.pnl.setLayout(None)
self.pnl.add(self.startButton)
self.pnl.add(startLabel)
self.pnl.add(payloadLabel)
self.pnl.add(self.basicPayloadTxt)
self.pnl.add(self.bruteForceMode)
self.pnl.add(payloadListLabel)
self.pnl.add(scrollPayloadsList)
self.pnl.add(self.attributePayloadsCheck)
self.pnl.add(self.tagPayloadsCheck)
self.pnl.add(consoleTab)
tabs.addTab("Configuration", self.pnl)
tabs.setSelectedIndex(3)
self._splitpane.setRightComponent(tabs)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
self._callbacks.registerContextMenuFactory(self)
print "Thank you for installing XSSor v0.1 extension"
print "Created by Barak Tawily"
print "\nGithub:\nhttps://github.com/Quitten/XSSor"
return
def draw_unauthenticated(self):
""" init enforcement detector tab
"""
EDLType = JLabel("Type:")
EDLType.setBounds(10, 10, 140, 30)
EDLContent = JLabel("Content:")
EDLContent.setBounds(10, 50, 140, 30)
EDLabelList = JLabel("Filter List:")
EDLabelList.setBounds(10, 165, 140, 30)
EDStrings = [
"Headers (simple string): (enforced message headers contains)",
"Headers (regex): (enforced message headers contains)",
"Body (simple string): (enforced message body contains)",
"Body (regex): (enforced message body contains)",
"Full response (simple string): (enforced message contains)",
"Full response (regex): (enforced message contains)",
"Full response length: (of enforced response)",
"Status code equals: (numbers only)"
]
self._extender.EDTypeUnauth = JComboBox(EDStrings)
self._extender.EDTypeUnauth.setBounds(80, 10, 430, 30)
self._extender.EDTextUnauth = JTextArea("", 5, 30)
scrollEDTextUnauth = JScrollPane(self._extender.EDTextUnauth)
scrollEDTextUnauth.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollEDTextUnauth.setBounds(80, 50, 300, 110)
self._extender.EDModelUnauth = DefaultListModel()
self._extender.EDListUnauth = JList(self._extender.EDModelUnauth)
scrollEDListUnauth = JScrollPane(self._extender.EDListUnauth)
scrollEDListUnauth.setVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollEDListUnauth.setBounds(80, 175, 300, 110)
scrollEDListUnauth.setBorder(LineBorder(Color.BLACK))
self._extender.EDAddUnauth = JButton(
"Add filter", actionPerformed=self.addEDFilterUnauth)
self._extender.EDAddUnauth.setBounds(390, 85, 120, 30)
self._extender.EDDelUnauth = JButton(
"Remove filter", actionPerformed=self.delEDFilterUnauth)
self._extender.EDDelUnauth.setBounds(390, 210, 120, 30)
self._extender.EDModUnauth = JButton(
"Modify filter", actionPerformed=self.modEDFilterUnauth)
self._extender.EDModUnauth.setBounds(390, 250, 120, 30)
AndOrStrings = ["And", "Or"]
self._extender.AndOrTypeUnauth = JComboBox(AndOrStrings)
self._extender.AndOrTypeUnauth.setBounds(390, 170, 120, 30)
self._extender.EDPnlUnauth = JPanel()
self._extender.EDPnlUnauth.setLayout(None)
self._extender.EDPnlUnauth.setBounds(0, 0, 1000, 1000)
self._extender.EDPnlUnauth.add(EDLType)
self._extender.EDPnlUnauth.add(self._extender.EDTypeUnauth)
self._extender.EDPnlUnauth.add(EDLContent)
self._extender.EDPnlUnauth.add(scrollEDTextUnauth)
self._extender.EDPnlUnauth.add(self._extender.EDAddUnauth)
self._extender.EDPnlUnauth.add(self._extender.AndOrTypeUnauth)
self._extender.EDPnlUnauth.add(self._extender.EDDelUnauth)
self._extender.EDPnlUnauth.add(self._extender.EDModUnauth)
self._extender.EDPnlUnauth.add(EDLabelList)
self._extender.EDPnlUnauth.add(scrollEDListUnauth)
