class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, ComponentListener, ActionListener, MouseAdapter): # contains the messages to show in the messages table _table_data = [] # contains the messages to translate _messages = [] # used to keep track when to refresh the table _reload_table = False _sql_file = None def registerExtenderCallbacks(self, callbacks): self._panel = JPanel() self._panel.setLayout(BorderLayout()) #self._panel.setSize(400,400) # sourrounding try\except because Burp is not giving enough info try: # creating all the UI elements # create the split pane self._split_pane_horizontal = JSplitPane( JSplitPane.HORIZONTAL_SPLIT) self._split_panel_vertical = JSplitPane(JSplitPane.VERTICAL_SPLIT) # create panels self._panel_top = JPanel() self._panel_top.setLayout(BorderLayout()) self._panel_bottom = JPanel() self._panel_bottom.setLayout(BorderLayout()) self._panel_right = JPanel() self._panel_right.setLayout(BorderLayout()) self._panel_request = JPanel() self._panel_request.setLayout(BorderLayout()) self._panel_response = JPanel() self._panel_response.setLayout(BorderLayout()) # create the tabbed pane used to show request\response self._tabbed_pane = JTabbedPane(JTabbedPane.TOP) # create the tabbed pane used to show aslan++\concretization file self._tabbed_pane_editor = JTabbedPane(JTabbedPane.TOP) # create the bottom command for selecting the SQL file and # generating the model self._button_generate = JButton( 'Generate!', actionPerformed=self._generate_model) self._button_save = JButton('Save', actionPerformed=self._save_model) self._button_select_sql = JButton( 'Select SQL', actionPerformed=self._select_sql_file) self._text_field_sql_file = JTextField(20) self._panel_bottom_commands = JPanel() layout = GroupLayout(self._panel_bottom_commands) layout.setAutoCreateGaps(True) layout.setAutoCreateContainerGaps(True) seq_layout = layout.createSequentialGroup() seq_layout.addComponent(self._text_field_sql_file) seq_layout.addComponent(self._button_select_sql) seq_layout.addComponent(self._button_generate) seq_layout.addComponent(self._button_save) layout.setHorizontalGroup(seq_layout) # create the message editors that will be used to show request and response self._message_editor_request = callbacks.createMessageEditor( None, True) self._message_editor_response = callbacks.createMessageEditor( None, True) # create the table that will be used to show the messages selected for # the translation self._columns_names = ('Host', 'Method', 'URL') dataModel = NonEditableModel(self._table_data, self._columns_names) self._table = JTable(dataModel) self._scrollPane = JScrollPane() self._scrollPane.getViewport().setView((self._table)) popmenu = JPopupMenu() delete_item = JMenuItem("Delete") delete_item.addActionListener(self) popmenu.add(delete_item) self._table.setComponentPopupMenu(popmenu) self._table.addMouseListener(self) # add all the elements self._panel_request.add( self._message_editor_request.getComponent()) self._panel_response.add( self._message_editor_response.getComponent()) self._tabbed_pane.addTab("Request", self._panel_request) self._tabbed_pane.addTab("Response", self._panel_response) self._panel_top.add(self._scrollPane, BorderLayout.CENTER) self._panel_bottom.add(self._tabbed_pane, BorderLayout.CENTER) scroll = JScrollPane(self._panel_bottom) self._panel_right.add(self._tabbed_pane_editor, BorderLayout.CENTER) self._panel_right.add(self._panel_bottom_commands, BorderLayout.PAGE_END) self._split_panel_vertical.setTopComponent(self._panel_top) self._split_panel_vertical.setBottomComponent(scroll) self._split_pane_horizontal.setLeftComponent( self._split_panel_vertical) self._split_pane_horizontal.setRightComponent(self._panel_right) self._panel.addComponentListener(self) self._panel.add(self._split_pane_horizontal) self._callbacks = callbacks callbacks.setExtensionName("WAFEx") callbacks.addSuiteTab(self) callbacks.registerContextMenuFactory(self) except Exception as e: exc_type, exc_obj, exc_tb = sys.exc_info() fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1] print(exc_type, fname, exc_tb.tb_lineno) def getTabCaption(self): return "WAFEx" def getUiComponent(self): try: Platform.runLater(EditorTabUI(self)) return self._panel except Exception as e: exc_type, exc_obj, exc_tb = sys.exc_info() fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1] print(exc_type, fname, exc_tb.tb_lineno) def componentShown(self, e): self._split_pane_horizontal.setDividerLocation(0.25) # populate the table with the selected requests\response try: if self._reload_table: print("reload") self._table_data = [ ] # empty _table_data (not too cool but quick) for c in self._messages: msg = c[0] http_request = converter._byte_array_to_string( msg.getRequest()) request_parser = HttpParser() request_parser.execute(http_request, len(http_request)) host = msg.getHttpService().getHost() page = request_parser.get_url() method = request_parser.get_method() tmp = [host, method, page] self._table_data += [tmp] self._table.getModel().setDataVector(self._table_data, self._columns_names) self._reload_table = False except Exception as e: print(e) def componentHidden(self, e): return def componentMoved(self, e): return def componentResized(self, e): self._split_pane_horizontal.setDividerLocation(0.25) def createMenuItems(self, invocation): ret = [] try: if (invocation.getInvocationContext() == invocation.CONTEXT_TARGET_SITE_MAP_TABLE): menu = JMenuItem("Send to WAFEx") messages = invocation.getSelectedMessages() def listener(e): """ Generates a new WAFEx model. """ #self._generateWAFExModel(messages) self._addToGeneration(messages) menu.addActionListener(listener) ret.append(menu) except Exception as e: print(e) return ret def mouseClicked(self, e): """ Positions the Aslan++ editor to the selected request position. """ try: index = self._table.getSelectedRow() c = self._messages[index] print(len(c)) message = c[0] tag = c[1] self._message_editor_request.setMessage(message.getRequest(), True) self._message_editor_response.setMessage(message.getResponse(), False) if tag != None: document = self._jfxp_aslanpp._editor.getText() start, end = self._search_tag_position(tag, document) self._jfxp_aslanpp._editor.moveTo(start) self._jfxp_aslanpp._editor.selectRange(start, end) self._jfxp_aslanpp._editor.requestFollowCaret() self._jfxp_aslanpp._editor.requestFocus() except Exception as e: print(e) def actionPerformed(self, e): """ Performs the delete action. """ try: index = self._table.getSelectedRow() del self._table_data[index] del self._messages[index] self._table.getModel().setDataVector(self._table_data, self._columns_names) except Exception as e: print(e) def _search_tag_position(self, tag, text): """ Searches for a particular tag in a given text and return its position. """ pattern = self._search_pattern.format(tag) for m in re.finditer(pattern, text): return m.start(), m.end() def _save_model(self, e): """ Saves the current Aslan++ model and concretization file. """ try: chooseFile = JFileChooser() filter_ = FileNameExtensionFilter("txt files", ["txt"]) chooseFile.addChoosableFileFilter(filter_) ret = chooseFile.showDialog(self._panel, "Choose file") if ret == JFileChooser.APPROVE_OPTION: self._model_name = chooseFile.getSelectedFile().getPath() with open("{}.aslan++".format(self._model_name), "w") as f: skeleton = self._jfxp_aslanpp._editor.getText() skeleton = skeleton.replace("@filename", basename(self._model_name)) f.write(skeleton) print("model created") with open("{}.txt".format(self._model_name), "w") as f: f.write(self._jfxp_concretization._editor.getText()) except Exception as e: print(e) def _select_sql_file(self, e): """ Shows a JFileChooser dialog to select the SQL file to use for creating the model. """ try: chooseFile = JFileChooser() filter_ = FileNameExtensionFilter("txt files", ["txt"]) chooseFile.addChoosableFileFilter(filter_) ret = chooseFile.showDialog(self._panel, "Choose file") if ret == JFileChooser.APPROVE_OPTION: self._sql_file = chooseFile.getSelectedFile().getPath() else: self._sql_file = None self._text_field_sql_file.setText("" + self._sql_file) except Exception as e: print(e) def _addToGeneration(self, messages): for msg in messages: self._messages += [[msg, None]] self._reload_table = True def _generate_model(self, e): if len(self._messages) <= 0: frame = JFrame("Error") JOptionPane.showMessageDialog(frame, "No messages!", "Error", JOptionPane.ERROR_MESSAGE) return if self._sql_file == None: frame = JFrame("Error") replay = JOptionPane.showConfirmDialog( frame, "No SQL file selected!\nDo you want to continue?", "Info", JOptionPane.YES_NO_OPTION) if replay == JOptionPane.NO_OPTION: return # create a new AslanppModel model = AslanppModel() # save _sql_file model._sql_file = self._sql_file for c in self._messages: # from byte to char Request and Response # for some reason b can be a negative value causing a crash # so I put a check to ensure b is in the right range msg = c[0] if msg.getRequest() == None or msg.getResponse() == None: # do not convert empty messages continue http_request = "".join( chr(b) for b in msg.getRequest() if b >= 0 and b <= 256) http_response = "".join( chr(b) for b in msg.getResponse() if b >= 0 and b <= 256) protocol = msg.getHttpService().getProtocol() # save the tag number generate by _parseHttpRequestResponse in the _messages array c[1] = converter._parseHttpRequestResponse(model, http_request, http_response, protocol) # generate the ASLan++ code self._model, self._concrete = converter._generateWAFExModel(model) Platform.runLater( UpdateEditor(self._jfxp_aslanpp._editor, self._jfxp_concretization._editor, self._model, self._concrete))
class AccountManagementGUI: def __init__(self): self.acctmanager = AccountManager() self.mainframe = JFrame("Account Manager") self.chatui = None self.headers = ["Account Name", "Status", "Autologin", "Gateway"] self.data = UneditableTableModel([], self.headers) self.table = JTable(self.data) self.table.columnSelectionAllowed = 0 #cannot select columns self.table.selectionMode = ListSelectionModel.SINGLE_SELECTION self.connectbutton = JButton("Connect", actionPerformed=self.connect) self.dconnbutton = JButton("Disconnect", actionPerformed=self.disconnect) self.deletebutton = JButton("Delete", actionPerformed=self.deleteAccount) self.buildpane() self.mainframe.pack() self.mainframe.show() def buildpane(self): buttons = JPanel(FlowLayout(), doublebuffered) buttons.add(self.connectbutton) buttons.add(self.dconnbutton) buttons.add(JButton("New", actionPerformed=self.addNewAccount)) buttons.add(self.deletebutton) buttons.add(JButton("Quit", actionPerformed=self.quit)) mainpane = self.mainframe.getContentPane() mainpane.layout = BoxLayout(mainpane, BoxLayout.Y_AXIS) mainpane.add(JScrollPane(self.table)) mainpane.add(buttons) self.update() def update(self): self.data.setDataVector(self.acctmanager.getSnapShot(), self.headers) if self.acctmanager.isEmpty(): self.deletebutton.setEnabled(0) self.connectbutton.setEnabled(0) self.dconnbutton.setEnabled(0) else: self.deletebutton.setEnabled(1) if not 1 in self.acctmanager.getConnectionInfo( ): #all disconnected self.dconnbutton.setEnabled(0) self.connectbutton.setEnabled(1) elif not 0 in self.acctmanager.getConnectionInfo(): #all connected self.dconnbutton.setEnabled(1) self.connectbutton.setEnabled(0) else: self.dconnbutton.setEnabled(1) self.connectbutton.setEnabled(1) #callable button actions def connect(self, ae): print "Trying to connect" row = self.table.getSelectedRow() if row < 0: print "Trying to connect to an account but no account selected" else: acctname = self.data.getValueAt(row, 0) if not self.chatui: self.chatui = twisted.words.im.jychat.JyChatUI() self.acctmanager.connect(acctname, self.chatui) self.update() def disconnect(self, ae): print "Trying to disconnect" row = self.table.getSelectedRow() if row < 0: print "Trying to logoff an account but no account was selected." else: acctname = self.data.getValueAt(row, 0) self.acctmanager.disconnect(acctname) self.update() def addNewAccount(self, ae): print "Starting new account creation" NewAccountGUI(self).show() def deleteAccount(self, ae): print "Deleting account" row = self.table.getSelectedRow() if row < 0: print "Trying to delete an account but no account selected" else: acctname = self.data.getValueAt(row, 0) self.acctmanager.delAccount(acctname) self.update() def quit(self, ae): self.acctmanager.quit() sys.exit()
class BurpExtender(IBurpExtender,ITab,IHttpListener): def registerExtenderCallbacks(self,callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.callbacks.setExtensionName("KkMultiProxy") self.PROXY_LIST = [] self.jPanel = JPanel() boxVertical = Box.createVerticalBox() boxHorizontal = Box.createHorizontalBox() boxHorizontal.add(JButton("File",actionPerformed=self.getFile)) self.FileText = JTextField("") boxHorizontal.add(self.FileText) boxVertical.add(boxHorizontal) TableHeader = ('IP','PORT') TableModel = DefaultTableModel(self.PROXY_LIST,TableHeader) self.Table = JTable(TableModel) boxVertical.add(self.Table) boxHorizontal = Box.createHorizontalBox() boxHorizontal.add(JButton("Add",actionPerformed=self.addIP)) boxHorizontal.add(JButton("Delete",actionPerformed=self.deleteIP)) boxHorizontal.add(JButton("Save",actionPerformed=self.saveIP)) boxVertical.add(boxHorizontal) self.jPanel.add(boxVertical) self.callbacks.addSuiteTab(self) self.callbacks.registerHttpListener(self) return def getFile(self,button): dlg = JFileChooser() result = dlg.showOpenDialog(None) if result == JFileChooser.APPROVE_OPTION: f = dlg.getSelectedFile() path = f.getPath() self.FileText.setText(path) try: self.getIPList(path) except: exit(0) def addIP(self,button): #chooser = JFileChooser() #chooser.showOpenDialog(None) demo = DialogDemo(self.Table) def deleteIP(self,button): selectRows = len(self.Table.getSelectedRows()) TableModel = self.Table.getModel() if selectRows: selectedRowIndex = self.Table.getSelectedRow() TableModel.removeRow(selectedRowIndex) def saveIP(self,button): TableModel = self.Table.getModel() rowCount = TableModel.getRowCount() result_str = "" for i in range(rowCount): if i == 0: result_str+=TableModel.getValueAt(i,0)+':'+TableModel.getValueAt(i,1) else: result_str+='|'+TableModel.getValueAt(i,0)+':'+TableModel.getValueAt(i,1) print result_str f = open(self.FileText.getText(),'w+') f.write(result_str) f.close() def getTabCaption(self): return "MultiProxy" def getUiComponent(self): return self.jPanel def processHttpMessage(self,toolFlag,messageIsRequest,messageInfo): if messageIsRequest: httpService = messageInfo.getHttpService() print httpService.getHost() # if the host is HOST_FROM, change it to HOST_TO i = randint(0,len(self.TableDatas)-1) messageInfo.setHttpService(self.helpers.buildHttpService(self.PROXY_LIST[i]['ip'], self.PROXY_LIST[i]['port'], httpService.getProtocol())) print messageInfo.getHttpService().getHost() def getIPList(self,path): f = open(path,'r+') content = f.read() f.close() if content: ip_array = content.split('|') for _ip in ip_array: ip = _ip.split(':')[0] port = _ip.split(':')[1] self.PROXY_LIST.append([ip,port]) print self.PROXY_LIST
class AccountManagementGUI: def __init__(self): self.acctmanager = AccountManager() self.mainframe = JFrame("Account Manager") self.chatui = None self.headers = ["Account Name", "Status", "Autologin", "Gateway"] self.data = UneditableTableModel([], self.headers) self.table = JTable(self.data) self.table.columnSelectionAllowed = 0 # cannot select columns self.table.selectionMode = ListSelectionModel.SINGLE_SELECTION self.connectbutton = JButton("Connect", actionPerformed=self.connect) self.dconnbutton = JButton("Disconnect", actionPerformed=self.disconnect) self.deletebutton = JButton("Delete", actionPerformed=self.deleteAccount) self.buildpane() self.mainframe.pack() self.mainframe.show() def buildpane(self): buttons = JPanel(FlowLayout(), doublebuffered) buttons.add(self.connectbutton) buttons.add(self.dconnbutton) buttons.add(JButton("New", actionPerformed=self.addNewAccount)) buttons.add(self.deletebutton) buttons.add(JButton("Quit", actionPerformed=self.quit)) mainpane = self.mainframe.getContentPane() mainpane.layout = BoxLayout(mainpane, BoxLayout.Y_AXIS) mainpane.add(JScrollPane(self.table)) mainpane.add(buttons) self.update() def update(self): self.data.setDataVector(self.acctmanager.getSnapShot(), self.headers) if self.acctmanager.isEmpty(): self.deletebutton.setEnabled(0) self.connectbutton.setEnabled(0) self.dconnbutton.setEnabled(0) else: self.deletebutton.setEnabled(1) if not 1 in self.acctmanager.getConnectionInfo(): # all disconnected self.dconnbutton.setEnabled(0) self.connectbutton.setEnabled(1) elif not 0 in self.acctmanager.getConnectionInfo(): # all connected self.dconnbutton.setEnabled(1) self.connectbutton.setEnabled(0) else: self.dconnbutton.setEnabled(1) self.connectbutton.setEnabled(1) # callable button actions def connect(self, ae): print "Trying to connect" row = self.table.getSelectedRow() if row < 0: print "Trying to connect to an account but no account selected" else: acctname = self.data.getValueAt(row, 0) if not self.chatui: self.chatui = twisted.words.im.jychat.JyChatUI() self.acctmanager.connect(acctname, self.chatui) self.update() def disconnect(self, ae): print "Trying to disconnect" row = self.table.getSelectedRow() if row < 0: print "Trying to logoff an account but no account was selected." else: acctname = self.data.getValueAt(row, 0) self.acctmanager.disconnect(acctname) self.update() def addNewAccount(self, ae): print "Starting new account creation" NewAccountGUI(self).show() def deleteAccount(self, ae): print "Deleting account" row = self.table.getSelectedRow() if row < 0: print "Trying to delete an account but no account selected" else: acctname = self.data.getValueAt(row, 0) self.acctmanager.delAccount(acctname) self.update() def quit(self, ae): self.acctmanager.quit() sys.exit()
class ContactsListGUI(ContactsList): """A GUI object that displays a contacts list""" def __init__(self, chatui): ContactsList.__init__(self, chatui) self.clientsByName = {} self.mainframe = JFrame("Contacts List") self.headers = ["Contact", "Status", "Idle", "Account"] self.data = UneditableTableModel([], self.headers) self.table = JTable( self.data, columnSelectionAllowed=0, #cannot select columns selectionMode=ListSelectionModel.SINGLE_SELECTION) self.buildpane() self.mainframe.pack() self.mainframe.show() def setContactStatus(self, person): ContactsList.setContactStatus(self, person) self.update() def registerAccountClient(self, client): ContactsList.registerAccountClient(self, client) if not client.accountName in self.clientsByName.keys(): self.clientsByName[client.accountName] = client def unregisterAccount(self, client): ContactsList.unregisterAccountClient(self, client) if client.accountName in self.clientsByName.keys(): del self.clientsByName[client.accountName] def contactChangedNick(self, person, newnick): ContactsList.contactChangedNick(self, person, newnick) self.update() #GUI code def buildpane(self): buttons = JPanel(FlowLayout(), doublebuffered) buttons.add(JButton("Send Message", actionPerformed=self.message)) buttons.add(JButton("Add Contact", actionPerformed=self.addContact)) #buttons.add(JButton("Quit", actionPerformed=self.quit)) mainpane = self.mainframe.getContentPane() mainpane.setLayout(BoxLayout(mainpane, BoxLayout.Y_AXIS)) mainpane.add(JScrollPane(self.table)) mainpane.add(buttons) self.update() def update(self): contactdata = [] for contact in self.onlineContacts.values(): if contact.status == AWAY: stat = "(away)" else: stat = "(active)" contactdata.append([ contact.name, stat, contact.getIdleTime(), contact.client.accountName ]) self.data.setDataVector(contactdata, self.headers) #callable actionlisteners def message(self, ae): row = self.table.getSelectedRow() if row < 0: print "Trying to send IM to person, but no person selected" else: person = self.onlineContacts[self.data.getValueAt(row, 0)] self.chat.getConversation(person) def addContact(self, ae): _AccountAdder(self) def quit(self, ae): sys.exit()
class ContactsListGUI(ContactsList): """A GUI object that displays a contacts list""" def __init__(self, chatui): ContactsList.__init__(self, chatui) self.clientsByName = {} self.mainframe = JFrame("Contacts List") self.headers = ["Contact", "Status", "Idle", "Account"] self.data = UneditableTableModel([], self.headers) self.table = JTable(self.data, columnSelectionAllowed = 0, #cannot select columns selectionMode = ListSelectionModel.SINGLE_SELECTION) self.buildpane() self.mainframe.pack() self.mainframe.show() def setContactStatus(self, person): ContactsList.setContactStatus(self, person) self.update() def registerAccountClient(self, client): ContactsList.registerAccountClient(self, client) if not client.accountName in self.clientsByName.keys(): self.clientsByName[client.accountName] = client def unregisterAccount(self, client): ContactsList.unregisterAccountClient(self, client) if client.accountName in self.clientsByName.keys(): del self.clientsByName[client.accountName] def contactChangedNick(self, person, newnick): ContactsList.contactChangedNick(self, person, newnick) self.update() #GUI code def buildpane(self): buttons = JPanel(FlowLayout(), doublebuffered) buttons.add(JButton("Send Message", actionPerformed=self.message)) buttons.add(JButton("Add Contact", actionPerformed=self.addContact)) #buttons.add(JButton("Quit", actionPerformed=self.quit)) mainpane = self.mainframe.getContentPane() mainpane.setLayout(BoxLayout(mainpane, BoxLayout.Y_AXIS)) mainpane.add(JScrollPane(self.table)) mainpane.add(buttons) self.update() def update(self): contactdata = [] for contact in self.onlineContacts.values(): if contact.status == AWAY: stat = "(away)" else: stat = "(active)" contactdata.append([contact.name, stat, contact.getIdleTime(), contact.client.accountName]) self.data.setDataVector(contactdata, self.headers) #callable actionlisteners def message(self, ae): row = self.table.getSelectedRow() if row < 0: print "Trying to send IM to person, but no person selected" else: person = self.onlineContacts[self.data.getValueAt(row, 0)] self.chat.getConversation(person) def addContact(self, ae): _AccountAdder(self) def quit(self, ae): sys.exit()
class BurpExtender(IBurpExtender, ISessionHandlingAction, ITab, IContextMenuFactory, IContextMenuInvocation, ActionListener, ITextEditor): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # save the helpers for later self.helpers = callbacks.getHelpers() # set our extension name callbacks.setExtensionName("Custom Request Handler") callbacks.registerSessionHandlingAction(self) callbacks.registerContextMenuFactory(self) self._text_editor = callbacks.createTextEditor() self._text_editor.setEditable(False) #How much loaded the table row self.current_column_id = 0 #GUI self._split_main = JSplitPane(JSplitPane.VERTICAL_SPLIT) self._split_top = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) self._split_top.setPreferredSize(Dimension(100, 50)) self._split_top.setDividerLocation(700) self._split_center = JSplitPane(JSplitPane.VERTICAL_SPLIT) boxVertical = swing.Box.createVerticalBox() box_top = swing.Box.createHorizontalBox() boxHorizontal = swing.Box.createHorizontalBox() buttonHorizontal = swing.Box.createHorizontalBox() boxVertical.add(boxHorizontal) box_regex = swing.Box.createVerticalBox() border = BorderFactory.createTitledBorder(LineBorder(Color.BLACK), "Extract target strings", TitledBorder.LEFT, TitledBorder.TOP) box_regex.setBorder(border) self._add_btn = JButton("Add") self._add_btn.addActionListener(self) self._remove_btn = JButton("Remove") self._remove_btn.addActionListener(self) items = [ 'JSON', 'Header', ] self._dropdown = JComboBox(items) type_panel = JPanel(FlowLayout(FlowLayout.LEADING)) type_panel.add(JLabel('Type:')) type_panel.add(self._dropdown) self._jLabel_param = JLabel("Name:") self._param_error = JLabel("Name is required") self._param_error.setVisible(False) self._param_error.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._param_error.setForeground(Color.red) regex_checkbox = JPanel(FlowLayout(FlowLayout.LEADING)) self._is_use_regex = JCheckBox("Extract from regex group") regex_checkbox.add(self._is_use_regex) self._jTextIn_param = JTextField(20) self._jLabel_regex = JLabel("Regex:") self._jTextIn_regex = JTextField(20) self._regex_error = JLabel("No group defined") self._regex_error.setVisible(False) self._regex_error.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._regex_error.setForeground(Color.red) self._param_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._param_panel.add(self._jLabel_param) self._param_panel.add(self._jTextIn_param) self._param_panel.add(self._param_error) self._regex_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._regex_panel.add(self._jLabel_regex) self._regex_panel.add(self._jTextIn_regex) self._regex_panel.add(self._regex_error) button_panel = JPanel(FlowLayout(FlowLayout.LEADING)) #padding button_panel.add(JPanel()) button_panel.add(JPanel()) button_panel.add(JPanel()) button_panel.add(self._add_btn) button_panel.add(self._remove_btn) box_regex.add(type_panel) box_regex.add(self._param_panel) box_regex.add(regex_checkbox) box_regex.add(self._regex_panel) buttonHorizontal.add(button_panel) box_regex.add(buttonHorizontal) boxVertical.add(box_regex) box_top.add(boxVertical) box_file = swing.Box.createHorizontalBox() checkbox_panel = JPanel(FlowLayout(FlowLayout.LEADING)) border = BorderFactory.createTitledBorder( LineBorder(Color.BLACK), 'Payload Sets [Simple list]', TitledBorder.LEFT, TitledBorder.TOP) box_file.setBorder(border) box_param = swing.Box.createVerticalBox() box_param.add(checkbox_panel) file_column_names = [ "Type", "Name", "Payload", ] data = [] self.file_table_model = DefaultTableModel(data, file_column_names) self.file_table = JTable(self.file_table_model) self.file_table.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) column_model = self.file_table.getColumnModel() for count in xrange(column_model.getColumnCount()): column = column_model.getColumn(count) column.setPreferredWidth(160) self.file_table.preferredScrollableViewportSize = Dimension(500, 70) self.file_table.setFillsViewportHeight(True) panel_dropdown = JPanel(FlowLayout(FlowLayout.LEADING)) self._file_dropdown = JComboBox(items) panel_dropdown.add(JLabel('Type:')) panel_dropdown.add(self._file_dropdown) box_param.add(panel_dropdown) box_param.add(JScrollPane(self.file_table)) callbacks.customizeUiComponent(self.file_table) file_param_panel = JPanel(FlowLayout(FlowLayout.LEADING)) self._file_param = JLabel("Name:") self._file_param_text = JTextField(20) file_param_panel.add(self._file_param) file_param_panel.add(self._file_param_text) self._error_message = JLabel("Name is required") self._error_message.setVisible(False) self._error_message.setFont(Font(Font.MONOSPACED, Font.ITALIC, 12)) self._error_message.setForeground(Color.red) file_param_panel.add(self._error_message) box_param.add(file_param_panel) box_button_file = swing.Box.createVerticalBox() self._file_load_btn = JButton("Load") self._file_clear_btn = JButton("Clear") self._file_clear_btn.addActionListener(self) self._file_load_btn.addActionListener(self) box_button_file.add(self._file_load_btn) box_button_file.add(self._file_clear_btn) box_file.add(box_button_file) box_file.add(box_param) boxVertical.add(box_file) regex_column_names = [ "Type", "Name", "Regex", "Start at offset", "End at offset", ] #clear target.json with open("target.json", "w") as f: pass data = [] self.target_table_model = DefaultTableModel(data, regex_column_names) self.target_table = JTable(self.target_table_model) self.target_table.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) column_model = self.target_table.getColumnModel() for count in xrange(column_model.getColumnCount()): column = column_model.getColumn(count) column.setPreferredWidth(100) self.target_table.preferredScrollableViewportSize = Dimension(500, 70) self.target_table.setFillsViewportHeight(True) callbacks.customizeUiComponent(self.target_table) callbacks.customizeUiComponent(boxVertical) table_panel = swing.Box.createVerticalBox() table_panel.add(JScrollPane(self.target_table)) box_top.add(table_panel) self._jScrollPaneOut = JScrollPane() #self._split_main.setBottomComponent(self._jScrollPaneOut) self._split_main.setBottomComponent(self._text_editor.getComponent()) self._split_main.setTopComponent(box_top) self._split_main.setDividerLocation(450) callbacks.customizeUiComponent(self._split_main) callbacks.addSuiteTab(self) return def getTabCaption(self): return "CRH" def getUiComponent(self): return self._split_main def createMenuItems(self, invocation): menu = [] ctx = invocation.getInvocationContext() menu.append( swing.JMenuItem("Send to CRH", None, actionPerformed=lambda x, inv=invocation: self. menu_action(inv))) return menu if menu else None # # Implementation of Menu Action # def menu_action(self, invocation): try: invMessage = invocation.getSelectedMessages() message = invMessage[0].getResponse() res_info = self.helpers.analyzeResponse(message) send_res = message.tostring() self._text_editor.setText(send_res) except: print('Failed to add data to CRH tab.') # # Implementation of event action # def actionPerformed(self, actionEvent): # onclick add button of extract from regex group if actionEvent.getSource() is self._add_btn: start, end = self._text_editor.getSelectionBounds() value = None regex = None item = self._dropdown.getSelectedItem() param = self._jTextIn_param.getText() if len(param) is 0: self._param_error.setVisible(True) return self._param_error.setVisible(False) is_selected = self._is_use_regex.isSelected() if is_selected: start = None end = None regex = self._jTextIn_regex.getText() if len(regex) is 0: self._regex_error.setVisible(True) return req = self._text_editor.getText() try: pattern = re.compile(regex) match = pattern.search(req) value = match.group(1) if match else None if value is None: raise IndexError except IndexError: self._regex_error.setVisible(True) return self._regex_error.setVisible(False) data = [ item, param, regex, start, end, ] self.target_table_model.addRow(data) with open("target.json", "r+") as f: try: json_data = json.load(f) except ValueError: json_data = dict() if is_selected: data = { param: [ item, regex, ] } else: data = { param: [ item, start, end, ] } json_data.update(data) self.write_file(f, json.dumps(json_data)) # onclick remove button of extract from regex group if actionEvent.getSource() is self._remove_btn: rowno = self.target_table.getSelectedRow() if rowno != -1: column_model = self.target_table.getColumnModel() param_name = self.target_table_model.getValueAt(rowno, 1) start = self.target_table_model.getValueAt(rowno, 3) self.target_table_model.removeRow(rowno) with open("target.json", 'r+') as f: try: json_data = json.load(f) except ValueError: json_data = dict() for key, value in json_data.items(): if value[1] == start and key == param_name: try: del json_data[key] except IndexError: print('Error: {0}: No such json key.'.format( key)) self.write_file(f, json.dumps(json_data)) # onclick load button of payload sets if actionEvent.getSource() is self._file_load_btn: #clear table self.remove_all(self.file_table_model) self.current_column_id = 0 target_param = self._file_param_text.getText() item = self._file_dropdown.getSelectedItem() if len(target_param) == 0: self._error_message.setVisible(True) return self._error_message.setVisible(False) chooser = JFileChooser() chooser.showOpenDialog(actionEvent.getSource()) file_path = chooser.getSelectedFile().getAbsolutePath() with open(file_path, 'r') as f: while True: line = f.readline().strip() if not line: break data = [ item, target_param, line, ] self.file_table_model.addRow(data) with open('target.json', 'r+') as f: try: json_data = json.load(f) except ValueError: json_data = dict() json_data.update({target_param: [ item, 'Set payload', ]}) self.write_file(f, json.dumps(json_data)) # onclick clear button of payload sets if actionEvent.getSource() is self._file_clear_btn: self.remove_all(self.file_table_model) self.current_column_id = 0 with open("target.json", 'r+') as f: try: json_data = json.load(f) except: json_data = dict() for key, value in json_data.items(): if isinstance(value[1], unicode): if value[1].encode('utf-8') == 'Set payload': try: del json_data[key] except IndexError: print('Error: {0}: No such json key.'.format( key)) self.write_file(f, json.dumps(json_data)) # # Implementaion of ISessionHandlingAction # def getActionName(self): return "custom request handler" def performAction(self, current_request, macro_items): if len(macro_items) == 0: return # extract the response headers final_response = macro_items[len(macro_items) - 1].getResponse() if final_response is None: return req = self.helpers.analyzeRequest(current_request) try: with open('target.json', 'r') as f: read_data = f.read() self.read_data = json.loads(read_data) except ValueError: sys.stderr.write('Error: json.loads()') return for key, value in self.read_data.items(): if value[0] == 'JSON': self.set_json_parameter(current_request, final_response, key, value) elif value[0] == 'Header': self.set_header(current_request, final_response, key, value) def set_json_parameter(self, current_request, final_response, key, value): req = self.helpers.analyzeRequest(current_request) if IRequestInfo.CONTENT_TYPE_JSON != req.getContentType(): return False body = current_request.getRequest()[req.getBodyOffset():].tostring() json_data = json.loads(body, object_pairs_hook=collections.OrderedDict) target_keys = filter(lambda x: x == key, json_data.keys()) if not target_keys: return req_data = json_data column_model = self.file_table.getColumnModel() row_count = self.file_table_model.getRowCount() for key in target_keys: if value[-1] == 'Set payload': if row_count > self.current_column_id: req_value = self.file_table_model.getValueAt( self.current_column_id, 2) self.current_column_id += 1 else: # No selected regex if len(value) > 2: start, end = value[1:] req_value = final_response[start:end].tostring() else: regex = value[1] match = re.search(regex, final_response.tostring()) req_value = match.group(1) if match else None req_data[key] = req_value req = current_request.getRequest() json_data_start = self.helpers.indexOf(req, bytearray(body), False, 0, len(req)) # glue together header + customized json of request current_request.setRequest( req[0:json_data_start] + self.helpers.stringToBytes(json.dumps(req_data))) def set_header(self, current_request, final_response, key, value): req = self.helpers.analyzeRequest(current_request) headers = req.getHeaders() target_keys = [] for header in headers: if header.startswith(key): target_keys += [key] if not target_keys: return column_model = self.file_table.getColumnModel() row_count = self.file_table_model.getRowCount() req = current_request.getRequest() for key in target_keys: if value[-1] == 'Set payload': if row_count > self.current_column_id: req_value = self.file_table_model.getValueAt( self.current_column_id, 2) self.current_column_id += 1 else: # No selected regex if len(value) > 2: start, end = value[1:] req_value = final_response[start:end].tostring() else: regex = value[1] match = re.search(regex, final_response.string()) req_value = match.group(1) if match else None key_start = self.helpers.indexOf(req, bytearray(key.encode('utf-8')), False, 0, len(req)) key_end = self.helpers.indexOf(req, bytearray('\r\n'), False, key_start, len(req)) keylen = len(key) # glue together first line + customized hedaer + rest of request current_request.setRequest( req[0:key_start] + self.helpers.stringToBytes("%s: %s" % (key.encode('utf-8'), req_value)) + req[key_end:]) # # Implementation of function for Remove all for specific table data # def remove_all(self, model): count = model.getRowCount() for i in xrange(count): model.removeRow(0) # # Implementaion of function for write data for specific file # def write_file(self, f, data): f.seek(0) f.write(data) f.truncate() return
class BurpExtender(IBurpExtender, ITab, IHttpListener): def registerExtenderCallbacks(self, callbacks): self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.callbacks.setExtensionName("KkMultiProxy") self.PROXY_LIST = [] self.jPanel = JPanel() boxVertical = Box.createVerticalBox() boxHorizontal = Box.createHorizontalBox() boxHorizontal.add(JButton("File", actionPerformed=self.getFile)) self.FileText = JTextField("") boxHorizontal.add(self.FileText) boxVertical.add(boxHorizontal) TableHeader = ('IP', 'PORT') TableModel = DefaultTableModel(self.PROXY_LIST, TableHeader) self.Table = JTable(TableModel) boxVertical.add(self.Table) boxHorizontal = Box.createHorizontalBox() boxHorizontal.add(JButton("Add", actionPerformed=self.addIP)) boxHorizontal.add(JButton("Delete", actionPerformed=self.deleteIP)) boxHorizontal.add(JButton("Save", actionPerformed=self.saveIP)) boxVertical.add(boxHorizontal) self.jPanel.add(boxVertical) self.callbacks.addSuiteTab(self) self.callbacks.registerHttpListener(self) return def getFile(self, button): dlg = JFileChooser() result = dlg.showOpenDialog(None) if result == JFileChooser.APPROVE_OPTION: f = dlg.getSelectedFile() path = f.getPath() self.FileText.setText(path) try: self.getIPList(path) except: exit(0) def addIP(self, button): #chooser = JFileChooser() #chooser.showOpenDialog(None) demo = DialogDemo(self.Table) def deleteIP(self, button): selectRows = len(self.Table.getSelectedRows()) TableModel = self.Table.getModel() if selectRows: selectedRowIndex = self.Table.getSelectedRow() TableModel.removeRow(selectedRowIndex) def saveIP(self, button): TableModel = self.Table.getModel() rowCount = TableModel.getRowCount() result_str = "" for i in range(rowCount): if i == 0: result_str += TableModel.getValueAt( i, 0) + ':' + TableModel.getValueAt(i, 1) else: result_str += '|' + TableModel.getValueAt( i, 0) + ':' + TableModel.getValueAt(i, 1) print result_str f = open(self.FileText.getText(), 'w+') f.write(result_str) f.close() def getTabCaption(self): return "MultiProxy" def getUiComponent(self): return self.jPanel def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if messageIsRequest: httpService = messageInfo.getHttpService() print httpService.getHost() # if the host is HOST_FROM, change it to HOST_TO i = randint(0, len(self.TableDatas) - 1) messageInfo.setHttpService( self.helpers.buildHttpService(self.PROXY_LIST[i]['ip'], self.PROXY_LIST[i]['port'], httpService.getProtocol())) print messageInfo.getHttpService().getHost() def getIPList(self, path): f = open(path, 'r+') content = f.read() f.close() if content: ip_array = content.split('|') for _ip in ip_array: ip = _ip.split(':')[0] port = _ip.split(':')[1] self.PROXY_LIST.append([ip, port]) print self.PROXY_LIST