├── .gitignore ├── README.md ├── assets ├── favicon.png ├── jaeles-report.png └── jaeles.png ├── burpcollaborator-oob.py ├── imgs ├── Burp-Integration.gif ├── apache-status.png ├── jaeles-architecture.png ├── jaeles.png ├── jenkins-xss.png ├── rabbitmq-cred.png └── tableau-dom-xss.png ├── jaeles-burp.py ├── report ├── index.html └── verbose.html ├── turbo-intruder └── basic.py └── ui ├── asset-manifest.json ├── extentions.png ├── favicon.ico ├── index.html ├── layers.png ├── malware.png ├── manifest.json ├── precache-manifest.b669697b0533eb71c6e31cd017fb56a2.js ├── service-worker.js ├── simulation.png ├── static ├── css │ ├── main.2446d3e9.chunk.css │ └── main.2446d3e9.chunk.css.map ├── jaeles-architecture.png ├── js │ ├── 2.2bf2ab41.chunk.js │ ├── 2.2bf2ab41.chunk.js.map │ ├── main.751d1940.chunk.js │ ├── main.751d1940.chunk.js.map │ ├── runtime~main.a8a9905a.js │ └── runtime~main.a8a9905a.js.map └── landing.jpg └── tab-illo.png /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 |

3 | Osmedeus 4 |

5 | 6 | 7 |

8 |

9 | 10 | **Jaeles** is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. 11 | 12 | ![Architecture](imgs/jaeles-architecture.png) 13 | 14 | This repo only contain default Plugins and Web UI build for Jaeles project. Please visit the 15 | Official Documention [here](https://jaeles-project.github.io/). 16 | 17 | 18 | ## License 19 | 20 | `Jaeles` is made with ♥ by [@j3ssiejjj](https://twitter.com/j3ssiejjj) and it is released under the MIT license. -------------------------------------------------------------------------------- /assets/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/assets/favicon.png -------------------------------------------------------------------------------- /assets/jaeles-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/assets/jaeles-report.png -------------------------------------------------------------------------------- /assets/jaeles.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/assets/jaeles.png -------------------------------------------------------------------------------- /burpcollaborator-oob.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | 4 | ''' 5 | This is proxy parser 6 | run: mitmdump -q -p 8667 -s this_file.py 7 | ''' 8 | 9 | import os 10 | import sys 11 | import json 12 | import time 13 | 14 | CURRENT_DIR = os.path.dirname(os.path.realpath(__file__)) 15 | 16 | from mitmproxy import http 17 | import mitmproxy.connections 18 | from pprint import pprint 19 | 20 | 21 | print(''' 22 | [Instructions] 23 | 24 | # Route traffic through proxy: 25 | Burp -> Project Options -> Connections -> Upstream Proxy Server 26 | Add new proxy rule to this script: * | 127.0.0.1 | 8667 27 | Run command: mitmdump -q -p 8667 -s burpcollaborator-oob.py 28 | 29 | # Get burpcollaborator secret: 30 | Burp -> Project Options -> Connections -> Mics -> -> Burp Collaborator Server 31 | Check on Poll over unencrypted HTTP. 32 | Not open Collaborator Client and click Poll now. 33 | Not copy as many collab as need to be and store it in a file. 34 | 35 | # Note: 36 | Default log will be store in ./collaborator.json 37 | 38 | ''') 39 | print('-'*50) 40 | 41 | polling_host = 'polling.burpcollaborator.net' 42 | default_log = os.path.join(CURRENT_DIR, 'collaborator.json') 43 | 44 | 45 | class Analyze: 46 | def load(self, entry: mitmproxy.addonmanager.Loader): 47 | self.secret = None 48 | self.hosts = [] 49 | 50 | # def clientconnect(self, layer: mitmproxy.proxy.protocol.Layer): 51 | # self.secret = None 52 | # self.hosts = [] 53 | 54 | 55 | def request(self, flow: http.HTTPFlow): 56 | # Avoid an infinite loop by not replaying already replayed requests 57 | if flow.request.is_replay: 58 | return 59 | flow_dup = flow.copy() 60 | req_data = flow_dup.request 61 | 62 | pretty_url = req_data.pretty_url 63 | print('----> {0}'.format(pretty_url)) 64 | if polling_host in pretty_url: 65 | secret = req_data.query.get('biid', None) 66 | if secret and secret != 'test': 67 | self.secret = secret 68 | print( 69 | "[+] Found burpcollaborator polling secret: {0}".format(self.secret)) 70 | 71 | elif pretty_url.endswith('.burpcollaborator.net/'): 72 | self.hosts.append(req_data.pretty_host) 73 | print(pretty_url) 74 | 75 | def write_log(self, secret, hosts): 76 | collab_log = self.load_log() 77 | 78 | if collab_log.get('secret', None): 79 | collab_log[secret].extend(hosts) 80 | else: 81 | collab_log[secret] = hosts 82 | 83 | # just clean it up 84 | for key in collab_log.keys(): 85 | collab_log[key] = list(set(collab_log[key])) 86 | 87 | # store log again 88 | with open(default_log, 'w+') as f: 89 | json.dump(collab_log, f) 90 | 91 | def load_log(self): 92 | if os.path.isfile(default_log): 93 | with open(default_log, 'r+') as log: 94 | collab_log = json.loads(log.read()) 95 | else: 96 | collab_log = {} 97 | 98 | return collab_log 99 | 100 | # save record to db 101 | def serverdisconnect(self, conn: mitmproxy.connections.ServerConnection): 102 | if self.secret: 103 | print('[+] Store log for: {0}'.format(self.secret)) 104 | self.write_log(self.secret, self.hosts) 105 | print('-'*40) 106 | # clean up 107 | self.secret = None 108 | self.hosts = [] 109 | 110 | 111 | addons = [Analyze()] 112 | -------------------------------------------------------------------------------- /imgs/Burp-Integration.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/Burp-Integration.gif -------------------------------------------------------------------------------- /imgs/apache-status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/apache-status.png -------------------------------------------------------------------------------- /imgs/jaeles-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/jaeles-architecture.png -------------------------------------------------------------------------------- /imgs/jaeles.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/jaeles.png -------------------------------------------------------------------------------- /imgs/jenkins-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/jenkins-xss.png -------------------------------------------------------------------------------- /imgs/rabbitmq-cred.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/rabbitmq-cred.png -------------------------------------------------------------------------------- /imgs/tableau-dom-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/imgs/tableau-dom-xss.png -------------------------------------------------------------------------------- /jaeles-burp.py: -------------------------------------------------------------------------------- 1 | from burp import IBurpExtender 2 | from burp import ITab 3 | from burp import IMessageEditorController 4 | from burp import IContextMenuFactory 5 | from burp import IHttpRequestResponse 6 | from burp import IHttpListener 7 | from burp import IParameter 8 | from burp import IBurpCollaboratorInteraction 9 | from burp import IBurpCollaboratorClientContext 10 | 11 | from java.awt import Component 12 | from java.awt import GridBagLayout 13 | from java.awt import GridBagConstraints 14 | from java.awt import Dimension 15 | from java.util import ArrayList 16 | from java.lang import Boolean 17 | from javax.swing import JScrollPane 18 | from javax.swing import JSplitPane 19 | from javax.swing import JTabbedPane 20 | from javax.swing import JPanel 21 | from javax.swing import JButton 22 | from javax.swing import JTable 23 | from javax.swing import JTree 24 | from javax.swing import JOptionPane 25 | from javax.swing import JMenuItem 26 | from javax.swing import JCheckBox 27 | from javax.swing import JComboBox 28 | from javax.swing import JTextArea 29 | from javax.swing import DefaultCellEditor 30 | from javax.swing import JLabel 31 | from javax.swing import JFrame 32 | from javax.swing import JFileChooser 33 | from javax.swing import JPopupMenu 34 | from javax.swing import JTextField 35 | from javax.swing import TransferHandler 36 | from javax.swing import DropMode 37 | from javax.swing import JSeparator 38 | from javax.swing import SwingConstants 39 | from javax.swing import JList 40 | from javax.swing import AbstractCellEditor 41 | from javax.swing import Timer 42 | from java.awt.datatransfer import StringSelection 43 | from java.awt.datatransfer import DataFlavor 44 | from javax.swing.table import AbstractTableModel 45 | from javax.swing.table import TableCellRenderer 46 | from javax.swing.table import JTableHeader 47 | from javax.swing.table import TableCellEditor 48 | from java.awt import Color 49 | from java.awt import Font 50 | from java.awt.event import MouseAdapter 51 | from java.awt.event import ActionListener 52 | from java.awt.event import ItemListener 53 | from java.awt.event import ItemEvent 54 | from javax.swing.event import DocumentListener 55 | from javax.swing.event import ChangeListener 56 | import java.lang 57 | from threading import Lock 58 | from java.util import LinkedList 59 | from java.util import ArrayList 60 | from java.lang import Runnable 61 | from java.lang import Integer 62 | from java.lang import String 63 | from java.lang import Math 64 | from thread import start_new_thread 65 | from java.util import LinkedList 66 | from javax.swing.tree import DefaultMutableTreeNode 67 | from java.awt import GridLayout 68 | from javax.swing.table import DefaultTableModel 69 | 70 | import os 71 | import time 72 | import getpass 73 | 74 | from pprint import pprint 75 | import base64 76 | import urllib2 77 | import json 78 | 79 | 80 | class BurpExtender(IBurpExtender, ITab, IHttpListener, IContextMenuFactory, IMessageEditorController, AbstractTableModel): 81 | 82 | # 83 | # implement IBurpExtender 84 | # 85 | 86 | def registerExtenderCallbacks(self, callbacks): 87 | print("[*] Loading Jaeles beta v0.1") 88 | # keep a reference to our callbacks object 89 | self._callbacks = callbacks 90 | 91 | # obtain an extension helpers object 92 | self._helpers = callbacks.getHelpers() 93 | 94 | # set our extension name 95 | callbacks.setExtensionName("Jaeles") 96 | 97 | # main split pane 98 | self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) 99 | 100 | # table of log entries 101 | # logTable = Table(self) 102 | # scrollPane = JScrollPane(logTable) 103 | 104 | # _toppane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT) 105 | _mainpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) 106 | _mainpane.setResizeWeight(0.5) 107 | # _mainpane = JPanel() 108 | 109 | _toppane = JPanel() 110 | 111 | # top pane 112 | self.banner = JLabel("Jaeles - The Swiss Army knife for automated Web Application Testing. ") 113 | self.banner.setBounds(50, 30, 200, 400) 114 | 115 | self.banner2 = JLabel("Official Documentation: https://jaeles-project.github.io/") 116 | self.banner2.setBounds(100, 50, 200, 400) 117 | _toppane.add(self.banner) 118 | _toppane.add(self.banner2) 119 | 120 | # _botpane = JPanel() 121 | _botpane = JSplitPane(JSplitPane.VERTICAL_SPLIT) 122 | 123 | # bot pane 124 | self.HostLabel = JLabel("Jaeles Endpoint: ") 125 | self.HostLabel.setBounds(100, 150, 200, 400) 126 | 127 | self.Jaeles_endpoint = 'http://127.0.0.1:5000/api/parse' 128 | self.jwt = 'Jaeles token_here' 129 | # just prevent plugin error when you doesn't have server running 130 | try: 131 | self.initial() 132 | jwt, endpoint = self.get_config() 133 | if endpoint: 134 | self.Jaeles_endpoint = endpoint 135 | if jwt: 136 | self.jwt = jwt 137 | except: 138 | pass 139 | 140 | endpoint_pane = JPanel() 141 | 142 | # end point to submit request 143 | self.EndpointText = JTextArea(self.Jaeles_endpoint, 3, 100) 144 | 145 | self.jwtLabel = JLabel("Jaeles JWT token: ") 146 | self.jwtLabel.setBounds(100, 300, 250, 450) 147 | 148 | self.jwtText = JTextArea(self.jwt, 3, 100, lineWrap=True) 149 | 150 | buttons = JPanel() 151 | self.buttonLabel = JLabel("Actions: ") 152 | self.buttonLabel.setBounds(150, 200, 200, 400) 153 | self._saveButton = JButton("Save", actionPerformed=self.saveToken) 154 | self._loadButton = JButton( 155 | "Test Connection", actionPerformed=self.butClick) 156 | self._reloadButton = JButton("Reload", actionPerformed=self.butClick) 157 | 158 | oob_control = JPanel() 159 | self.oobLabel = JLabel("OOB: ") 160 | self.oobLabel.setBounds(150, 200, 200, 400) 161 | self._saveoob = JButton("Save OOB", actionPerformed=self.saveToken) 162 | self._pollingBox = JCheckBox("Polling") 163 | self._pollingBox.setBounds(290, 25, 300, 30) 164 | oob_control.add(self.oobLabel) 165 | oob_control.add(self._saveoob) 166 | oob_control.add(self._pollingBox) 167 | 168 | # _botpane.add(self.banner) 169 | # endpoint_pane.add(self.blankLabel) 170 | endpoint_pane.add(self.HostLabel) 171 | endpoint_pane.add(self.EndpointText) 172 | endpoint_pane.add(self.jwtLabel) 173 | endpoint_pane.add(self.jwtText) 174 | 175 | buttons.add(self.buttonLabel) 176 | buttons.add(self._saveButton) 177 | buttons.add(self._loadButton) 178 | buttons.add(self._reloadButton) 179 | 180 | _botpane.setLeftComponent(oob_control) 181 | _botpane.setLeftComponent(endpoint_pane) 182 | _botpane.setRightComponent(buttons) 183 | _botpane.setResizeWeight(0.7) 184 | 185 | # set 186 | _mainpane.setLeftComponent(_toppane) 187 | _mainpane.setRightComponent(_botpane) 188 | 189 | self._splitpane.setLeftComponent(_mainpane) 190 | 191 | ########### 192 | # tabs with request/response viewers 193 | tabs = JTabbedPane() 194 | 195 | self.log_area = JTextArea("", 5, 30) 196 | # self._requestViewer = callbacks.createMessageEditor(self, False) 197 | 198 | tabs.addTab("Log", self.log_area) 199 | # tabs.addTab("Config", self._requestViewer.getComponent()) 200 | 201 | self._splitpane.setRightComponent(tabs) 202 | self._splitpane.setResizeWeight(0.5) 203 | 204 | callbacks.customizeUiComponent(self._splitpane) 205 | callbacks.customizeUiComponent(tabs) 206 | 207 | callbacks.registerContextMenuFactory(self) 208 | 209 | # add the custom tab to Burp's UI 210 | callbacks.addSuiteTab(self) 211 | 212 | # register ourselves as an HTTP listener 213 | # callbacks.registerHttpListener(self) 214 | self.print_log("[*] Jaeles Loaded ...") 215 | return 216 | 217 | # 218 | # implement ITab 219 | # 220 | 221 | ## 222 | def saveToken(self, e): 223 | token = self.jwtText.getText().strip() 224 | endpoint = self.EndpointText.getText().strip() 225 | self.Jaeles_endpoint = endpoint 226 | self.jwt = token 227 | self.set_config(token, endpoint) 228 | 229 | def butClick(self, e): 230 | button_name = e.getActionCommand() 231 | 232 | if button_name == 'Reload': 233 | # self.initial() 234 | username, password = self.get_cred() 235 | self.login(username, password) 236 | jwt, endpoint = self.get_config() 237 | self.Jaeles_endpoint = endpoint 238 | self.jwt = jwt 239 | self.print_log("[+] Reload Config") 240 | 241 | elif button_name == 'Test Connection': 242 | connection = self.test_connection() 243 | if connection: 244 | self.print_log("[+] Ready to send request to {0}".format(self.Jaeles_endpoint)) 245 | else: 246 | self.print_log("[-] Fail to authen with API server at {0}".format(self.Jaeles_endpoint)) 247 | 248 | def createMenuItems(self, invocation): 249 | responses = invocation.getSelectedMessages() 250 | if responses > 0: 251 | ret = LinkedList() 252 | requestMenuItem = JMenuItem("[*] Send request to Jaeles Endpoint") 253 | requestMenuItem.addActionListener( 254 | handleMenuItems(self, responses, "request")) 255 | ret.add(requestMenuItem) 256 | return ret 257 | return None 258 | 259 | def highlightTab(self): 260 | currentPane = self._splitpane 261 | previousPane = currentPane 262 | while currentPane and not isinstance(currentPane, JTabbedPane): 263 | previousPane = currentPane 264 | currentPane = currentPane.getParent() 265 | if currentPane: 266 | index = currentPane.indexOfComponent(previousPane) 267 | currentPane.setBackgroundAt(index, Color(0xff6633)) 268 | 269 | class setColorBackActionListener(ActionListener): 270 | def actionPerformed(self, e): 271 | currentPane.setBackgroundAt(index, Color.BLACK) 272 | 273 | timer = Timer(5000, setColorBackActionListener()) 274 | timer.setRepeats(False) 275 | timer.start() 276 | 277 | def getTabCaption(self): 278 | return "Jaeles" 279 | 280 | def getUiComponent(self): 281 | return self._splitpane 282 | 283 | # 284 | # implement Polling Collaborator 285 | # this allows our request/response viewers to obtain details about the messages being displayed 286 | # 287 | # def jaeles_collab(self, collab): 288 | # oob = collab.generatePayload(True) 289 | 290 | # # oob2 = collab.generatePayload(True) 291 | # # print(oob2) 292 | # self.print_log("[+] Gen oob host: {0}".format(oob)) 293 | # # print(oob) 294 | # # os.system('curl {0}'.format(oob)) 295 | 296 | # 297 | # implement IMessageEditorController 298 | # this allows our request/response viewers to obtain details about the messages being displayed 299 | # 300 | def sendRequestToJaeles(self, messageInfos): 301 | for messageInfo in messageInfos: 302 | data_json = self.req_parsing(messageInfo) 303 | 304 | if data_json: 305 | self.print_log("Import to external Jaeles ...") 306 | self.import_to_Jaeles(data_json) 307 | else: 308 | self.print_log("No response on selected request") 309 | self.print_log("-"*30) 310 | 311 | # start of my function 312 | def req_parsing(self, messageInfo): 313 | data_json = {} 314 | data_json['req_scheme'] = str(messageInfo.getProtocol()) # return http 315 | data_json['req_host'] = str(messageInfo.getHost()) 316 | data_json['req_port'] = str(messageInfo.getPort()) 317 | data_json['url'] = str(messageInfo.getUrl()) 318 | 319 | # full request 320 | full_req = self._helpers.bytesToString(messageInfo.getRequest()) 321 | data_json['req'] = self.just_base64(str(full_req)) 322 | 323 | if messageInfo.getResponse(): 324 | full_res = self._helpers.bytesToString(messageInfo.getResponse()) 325 | else: 326 | full_res = None 327 | if not full_res: 328 | data_json['res'] = "" 329 | return data_json 330 | 331 | data_json['res'] = self.just_base64(str(full_res.encode('utf-8'))) 332 | return data_json 333 | 334 | # send data to Jaeles API Endpoint 335 | def import_to_Jaeles(self, data_json): 336 | req = urllib2.Request(self.Jaeles_endpoint) 337 | req.add_header('Content-Type', 'application/json') 338 | req.add_header('Authorization', self.jwt) 339 | response = urllib2.urlopen(req, json.dumps(data_json)) 340 | if str(response.code) == "200": 341 | self.print_log("[+] Start scan {0}".format(data_json['url'])) 342 | else: 343 | self.print_log("[-] Fail Send request to {0}".format(self.Jaeles_endpoint)) 344 | 345 | # check if token is available or not 346 | def initial(self): 347 | connection = self.test_connection() 348 | if connection: 349 | return True 350 | username, password = self.get_cred() 351 | valid_cred = self.login(username, password) 352 | if valid_cred: 353 | return True 354 | return False 355 | 356 | # do login 357 | def login(self, username, password): 358 | req = urllib2.Request(self.Jaeles_endpoint.replace("/api/parse","/auth/login")) 359 | req.add_header('Content-Type', 'application/json') 360 | response = urllib2.urlopen(req, json.dumps({"username": username, "password": password})) 361 | 362 | if str(response.code) == "200": 363 | data = json.loads(response.read()) 364 | token = "Jaeles " + data.get("token") 365 | self.set_config(token, self.Jaeles_endpoint, username, password) 366 | print("[+] Authentication success on {0}".format(self.Jaeles_endpoint)) 367 | return True 368 | else: 369 | print("[-] Can't authen on {0}".format(self.Jaeles_endpoint)) 370 | return False 371 | 372 | # check connection 373 | def test_connection(self): 374 | req = urllib2.Request(self.Jaeles_endpoint.replace("/parse", "/ping")) 375 | req.add_header('Content-Type', 'application/json') 376 | req.add_header('Authorization', self.jwt) 377 | try: 378 | response = urllib2.urlopen(req) 379 | if str(response.code) == "200": 380 | return True 381 | except: 382 | pass 383 | return False 384 | 385 | # get default credentials 386 | def get_cred(self): 387 | config_path = self.get_config_path() 388 | if os.path.isfile(config_path): 389 | with open(config_path, 'r') as f: 390 | data = json.load(f) 391 | print('[+] Load credentials from {0}'.format(config_path)) 392 | return data.get('username', False), data.get('password', False) 393 | else: 394 | print('[-] No config file to load.') 395 | return False, False 396 | 397 | # get token and endpoint 398 | def get_config(self): 399 | config_path = self.get_config_path() 400 | if os.path.isfile(config_path): 401 | with open(config_path, 'r') as f: 402 | data = json.load(f) 403 | print('[+] Load JWT from {0}'.format(config_path)) 404 | return data.get('JWT', False), data.get('endpoint', False) 405 | else: 406 | print('[-] No config file to load.') 407 | return False, False 408 | 409 | # save jwt token and endpoint to ~/.jaeles/burp.json 410 | def set_config(self, token, endpoint, username='', password=''): 411 | data = { 412 | 'JWT': token, 413 | 'endpoint': endpoint, 414 | 'username': username, 415 | 'password': password, 416 | } 417 | config_path = self.get_config_path() 418 | jaeles_path = os.path.dirname(config_path) 419 | 420 | if jaeles_path and not os.path.exists(jaeles_path): 421 | os.makedirs(jaeles_path) 422 | with open(config_path, 'w+') as f: 423 | json.dump(data, f) 424 | 425 | print('[+] Store JWT in {0}'.format(config_path)) 426 | return True 427 | 428 | def just_base64(self, text): 429 | if not text: 430 | return "" 431 | return str(base64.b64encode(str(text))) 432 | 433 | def get_config_path(self): 434 | home = os.path.expanduser('~{0}'.format(getpass.getuser())) 435 | jaeles_path = os.path.join(home, '.jaeles') 436 | 437 | config_path = os.path.join(jaeles_path, 'burp.json') 438 | return config_path 439 | 440 | def print_log(self, text): 441 | if type(text) != str: 442 | text = str(text) 443 | self.log_area.append(text) 444 | self.log_area.append("\n") 445 | 446 | def getHttpService(self): 447 | return self._currentlyDisplayedItem.getHttpService() 448 | 449 | def getRequest(self): 450 | return self._currentlyDisplayedItem.getRequest() 451 | 452 | def getResponse(self): 453 | return self._currentlyDisplayedItem.getResponse() 454 | 455 | 456 | # 457 | # class to hold details of each log entry 458 | # 459 | class handleMenuItems(ActionListener): 460 | def __init__(self, extender, messageInfo, menuName): 461 | self._extender = extender 462 | self._menuName = menuName 463 | self._messageInfo = messageInfo 464 | 465 | def actionPerformed(self, e): 466 | if self._menuName == "request": 467 | start_new_thread(self._extender.sendRequestToJaeles, 468 | (self._messageInfo,)) 469 | 470 | if self._menuName == "cookie": 471 | self._extender.replaceString.setText( 472 | self._extender.getCookieFromMessage(self._messageInfo)) 473 | 474 | self._extender.highlightTab() -------------------------------------------------------------------------------- /report/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {{.Title}} 6 | 12 | 13 | 17 | 21 | 25 | 29 | 30 | 31 |

32 |

33 |

34 |

39 |
40 |
41 |

42 | {{.Title}} 43 |

44 |

45 |

46 |

47 | 48 | 49 |

50 |

51 |

52 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | {{range .Vulnerabilities}} 69 | 70 | 75 | 80 | 104 | 105 | 112 | 113 | 140 | 141 | {{end}} 142 | 143 | 144 | 145 | 146 |

Confidence	Risk	URL	Signature name	Details
71 \| 72 \| {{.Confidence}} 73 \| 74 \|	76 \| 77 \| {{.Risk}} 78 \| 79 \|	81 \| 82 \| 101 \| 102 \| {{.URL}} 103 \|	106 \| 107 \| 108 \| {{.SignID}} 109 \| 110 \| 111 \|	114 \| 119 \| 137 \| 138 \| {{.ReportFile}} 139 \|

147 |

148 |

149 |

150 | 151 | 152 |

153 |

154 |

155 |

156 | Generated by 157 | Jaeles {{.Version}} 162 | at 163 | {{.CurrentDay}} 164 |

165 |

166 |

167 |

175 |

176 |

177 |

178 | 182 |

183 |

184 |

185 |

186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 226 | 500 | 501 | 502 | -------------------------------------------------------------------------------- /report/verbose.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {{.Title}} 6 | 12 | 13 | 17 | 21 | 25 | 29 | 30 | 31 |

32 |

33 |

34 |

39 |
40 |
41 |

42 | {{.Title}} 43 |

44 |

45 |

46 |

47 | 48 | 49 |

50 |

51 |

52 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | {{range .Vulnerabilities}} 72 | 73 | 78 | 102 | 103 | 110 | 111 | 118 | 119 | 126 | 127 | 134 | 135 | 142 | 143 | 170 | 171 | {{end}} 172 | 173 | 174 | 175 | 176 |

Risk	URL	Status	Length	Words	Time	Signature name	Details
74 \| 75 \| {{.Risk}} 76 \| 77 \|	79 \| 80 \| 99 \| 100 \| {{.URL}} 101 \|	104 \| 105 \| 106 \| {{.Status}} 107 \| 108 \| 109 \|	112 \| 113 \| 114 \| {{.Length}} 115 \| 116 \| 117 \|	120 \| 121 \| 122 \| {{.Words}} 123 \| 124 \| 125 \|	128 \| 129 \| 130 \| {{.Time}} 131 \| 132 \| 133 \|	136 \| 137 \| 138 \| {{.SignID}} 139 \| 140 \| 141 \|	144 \| 149 \| 167 \| 168 \| {{.ReportFile}} 169 \|

177 |

178 |

179 |

180 | 181 | 182 |

183 |

184 |

185 |

186 | Generated by 187 | Jaeles {{.Version}} 192 | at 193 | {{.CurrentDay}} 194 |

195 |

196 |

197 |

205 |

206 |

207 |

208 | 212 |

213 |

214 |

215 |

216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 256 | 530 | 531 | 532 | -------------------------------------------------------------------------------- /turbo-intruder/basic.py: -------------------------------------------------------------------------------- 1 | def queueRequests(target, wordlists): 2 | engine = RequestEngine(endpoint=target.endpoint, 3 | concurrentConnections=2, 4 | requestsPerConnection=10, 5 | pipeline=False, 6 | maxQueueSize=1, 7 | timeout=20, 8 | maxRetriesPerRequest=3 9 | ) 10 | engine.start() 11 | engine.queue(target.req) 12 | 13 | 14 | def handleResponse(req, interesting): 15 | # just mark the result for easily parse 16 | print("=-+-================") 17 | resTime = str(float(req.time) / 1000) 18 | info = "[Info] {0} {1} {2}".format(req.status, req.length, resTime) 19 | print(info) 20 | print("------------------+=") 21 | print(req.request) 22 | print("------------------+=") 23 | print(req.response) 24 | print("=-+-================") 25 | -------------------------------------------------------------------------------- /ui/asset-manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "main.css": "/static/css/main.2446d3e9.chunk.css", 3 | "main.js": "/static/js/main.751d1940.chunk.js", 4 | "main.js.map": "/static/js/main.751d1940.chunk.js.map", 5 | "runtime~main.js": "/static/js/runtime~main.a8a9905a.js", 6 | "runtime~main.js.map": "/static/js/runtime~main.a8a9905a.js.map", 7 | "static/js/2.2bf2ab41.chunk.js": "/static/js/2.2bf2ab41.chunk.js", 8 | "static/js/2.2bf2ab41.chunk.js.map": "/static/js/2.2bf2ab41.chunk.js.map", 9 | "index.html": "/index.html", 10 | "precache-manifest.b669697b0533eb71c6e31cd017fb56a2.js": "/precache-manifest.b669697b0533eb71c6e31cd017fb56a2.js", 11 | "service-worker.js": "/service-worker.js", 12 | "static/css/main.2446d3e9.chunk.css.map": "/static/css/main.2446d3e9.chunk.css.map" 13 | } -------------------------------------------------------------------------------- /ui/extentions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/ui/extentions.png -------------------------------------------------------------------------------- /ui/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/ui/favicon.ico -------------------------------------------------------------------------------- /ui/index.html: -------------------------------------------------------------------------------- 1 | Jaeles UI

-------------------------------------------------------------------------------- /ui/layers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/ui/layers.png -------------------------------------------------------------------------------- /ui/malware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/ui/malware.png -------------------------------------------------------------------------------- /ui/manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "short_name": "React App", 3 | "name": "Create React App Sample", 4 | "icons": [ 5 | { 6 | "src": "favicon.ico", 7 | "sizes": "64x64 32x32 24x24 16x16", 8 | "type": "image/x-icon" 9 | } 10 | ], 11 | "start_url": ".", 12 | "display": "standalone", 13 | "theme_color": "#000000", 14 | "background_color": "#ffffff" 15 | } 16 | -------------------------------------------------------------------------------- /ui/precache-manifest.b669697b0533eb71c6e31cd017fb56a2.js: -------------------------------------------------------------------------------- 1 | self.__precacheManifest = [ 2 | { 3 | "revision": "42ac5946195a7306e2a5", 4 | "url": "/static/js/runtime~main.a8a9905a.js" 5 | }, 6 | { 7 | "revision": "72910210041e7f3ab74e", 8 | "url": "/static/js/main.751d1940.chunk.js" 9 | }, 10 | { 11 | "revision": "a46fc6ddb132feed97e9", 12 | "url": "/static/js/2.2bf2ab41.chunk.js" 13 | }, 14 | { 15 | "revision": "72910210041e7f3ab74e", 16 | "url": "/static/css/main.2446d3e9.chunk.css" 17 | }, 18 | { 19 | "revision": "34309b2e4196ecb578fff84a75a8f760", 20 | "url": "/index.html" 21 | } 22 | ]; -------------------------------------------------------------------------------- /ui/service-worker.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Welcome to your Workbox-powered service worker! 3 | * 4 | * You'll need to register this file in your web app and you should 5 | * disable HTTP caching for this file too. 6 | * See https://goo.gl/nhQhGp 7 | * 8 | * The rest of the code is auto-generated. Please don't update this file 9 | * directly; instead, make changes to your Workbox build configuration 10 | * and re-run your build process. 11 | * See https://goo.gl/2aRDsh 12 | */ 13 | 14 | importScripts("https://storage.googleapis.com/workbox-cdn/releases/3.6.3/workbox-sw.js"); 15 | 16 | importScripts( 17 | "/precache-manifest.b669697b0533eb71c6e31cd017fb56a2.js" 18 | ); 19 | 20 | workbox.clientsClaim(); 21 | 22 | /** 23 | * The workboxSW.precacheAndRoute() method efficiently caches and responds to 24 | * requests for URLs in the manifest. 25 | * See https://goo.gl/S9QRab 26 | */ 27 | self.__precacheManifest = [].concat(self.__precacheManifest || []); 28 | workbox.precaching.suppressWarnings(); 29 | workbox.precaching.precacheAndRoute(self.__precacheManifest, {}); 30 | 31 | workbox.routing.registerNavigationRoute("/index.html", { 32 | 33 | blacklist: [/^\/_/,/\/[^\/]+\.[^\/]+$/], 34 | }); 35 | -------------------------------------------------------------------------------- /ui/simulation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/ui/simulation.png -------------------------------------------------------------------------------- /ui/static/jaeles-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jaeles-project/jaeles-plugins/16de50a200fe16fa6b7bf2e08fc60e6adfb53863/ui/static/jaeles-architecture.png -------------------------------------------------------------------------------- /ui/static/js/runtime~main.a8a9905a.js: -------------------------------------------------------------------------------- 1 | !function(e){function r(r){for(var n,f,i=r[0],l=r[1],a=r[2],c=0,s=[];c

42 | {{.Title}} 43 |

107 |
108 | {{.SignID}} 109 |
110 |

42 | {{.Title}} 43 |

105 |
106 | {{.Status}} 107 |
108 |

113 |
114 | {{.Length}} 115 |
116 |

121 |
122 | {{.Words}} 123 |
124 |

129 |
130 | {{.Time}} 131 |
132 |

137 |
138 | {{.SignID}} 139 |
140 |

42 | {{.Title}} 43 |

107 | 108 | {{.SignID}} 109 | 110 |

42 | {{.Title}} 43 |

105 | 106 | {{.Status}} 107 | 108 |

113 | 114 | {{.Length}} 115 | 116 |

121 | 122 | {{.Words}} 123 | 124 |

129 | 130 | {{.Time}} 131 | 132 |

137 | 138 | {{.SignID}} 139 | 140 |

107 |
108 | {{.SignID}} 109 |
110 |

105 |
106 | {{.Status}} 107 |
108 |

113 |
114 | {{.Length}} 115 |
116 |

121 |
122 | {{.Words}} 123 |
124 |

129 |
130 | {{.Time}} 131 |
132 |

137 |
138 | {{.SignID}} 139 |
140 |