├── .classpath ├── .gitignore ├── .project ├── .settings └── org.eclipse.jdt.core.prefs ├── README.md ├── burp-scope.png ├── history-burp.png ├── showsploits.png ├── sploitmenu.png ├── sploitname.png ├── sploitprops.png ├── sploitpropsmenu.png └── src ├── burp └── BurpExtender.java └── com └── josh └── ActionJackson.java /.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bin/ 2 | -------------------------------------------------------------------------------- /.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | Domain2Scope 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.8 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.8 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | #sploits 2 | ##A [Burp Extension](https://portswigger.net/) with predefined payloads that can be injected into your requests and responses. 3 | 4 | Download the JAR file [here](https://github.com/summitt/sploits/releases). 5 | 6 | This [Burp](https://portswigger.net/) extension adds to [Burp](https://portswigger.net/) the 'sploits' right click menu to Repeater. This allows users to select many common XSS or SQLi payloads that replace highlighted text in Repeater. If no text is selected then the payload is added to where the cursor is currently located. 7 | 8 | Sploits lets users create a local text file with their custom exploits or use files from remote sources. 9 | 10 | ![](/showsploits.png ) 11 | 12 | ## sploits naming 13 | The name of the sploit can change the submenu for the sploit. The '.' is used to separate normal menu items from sub menus. 14 | If the name of the sploit is 'basicXSS' then it will show up in the top menu. If the sploit is named 'xss.basic' then it will show up under a submenu named 'xss'. 15 | 16 | ![](/sploitname.png ) 17 | 18 | Submenu of 'xss' contains the 'basic' sploit. 19 | 20 | ![](/sploitmenu.png ) 21 | 22 | The following names are reserved. 23 | - Starts with 'remote'. These are used by the tool to store URL's to remote properties files. 24 | - 'proxy' is used to store local proxy setting to access remote properties files. 25 | - 'title' is used for remote hosted properties files. 26 | 27 | ## remote sploit naming 28 | If you want to host a sploit properties file then the same rules apply as mentioned above with one exception. It is highly recommended that you add a property called "title" to your properties file. This will create a submenu with your title name so that all your contributions are contained together. 29 | 30 | ![](/sploitprops.png ) 31 | 32 | Below is the submenu containing the title from the above hosted properties file. 33 | 34 | ![](/sploitpropsmenu.png ) 35 | 36 | My default listing for common sploits can be found [here](https://raw.githubusercontent.com/summitt/sploits-default/master/sploits.properties) 37 | 38 | 39 | 40 | ## Add All or Remove All from scope 41 | 42 | This [Burp](https://portswigger.net/) extension also adds to [Burp](https://portswigger.net/) the ability to add or exclude domains to burp's scope by selecting one or many items in the Proxy History or Repeater and selecting either 'Add All To Scope' or 'Remove All From Scope'. 43 | 44 | [Burp](https://portswigger.net/) currently has an option add items from the proxy history to the scope but this is very specific. It will only add the exact protocol and exact path to the scope. 45 | 46 | This plugin adds both http and https and only adds the domain w/o path information. 47 | 48 | ###Note: The following screenshots show an older version of the plugin. The Domains2Scope has been replaced with 'Add All To Scope' and !Domains2Scope has been replaced with 'Remove All From Scope' 49 | 50 | ![Burp History: Right Click](/history-burp.png "Burp History: add or exclude domains from scope.") 51 | 52 | 53 | 54 | ![Burp Scope](/burp-scope.png "Both HTTPS and HTTP added to scope with only the domains names.") 55 | 56 | 57 | You can check out the source code or download the jar from the [releases](https://github.com/summitt/domains2scope/releases) 58 | -------------------------------------------------------------------------------- /burp-scope.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/burp-scope.png -------------------------------------------------------------------------------- /history-burp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/history-burp.png -------------------------------------------------------------------------------- /showsploits.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/showsploits.png -------------------------------------------------------------------------------- /sploitmenu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/sploitmenu.png -------------------------------------------------------------------------------- /sploitname.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/sploitname.png -------------------------------------------------------------------------------- /sploitprops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/sploitprops.png -------------------------------------------------------------------------------- /sploitpropsmenu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/summitt/sploits/526385c6dd4fa54d77817f6bbf4a2bfcd4635886/sploitpropsmenu.png -------------------------------------------------------------------------------- /src/burp/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.awt.Color; 4 | import java.awt.Font; 5 | import java.awt.event.ActionEvent; 6 | import java.awt.event.ActionListener; 7 | import java.awt.event.KeyEvent; 8 | import java.awt.event.KeyListener; 9 | import java.io.File; 10 | import java.io.FileInputStream; 11 | import java.io.FileOutputStream; 12 | import java.io.IOException; 13 | import java.io.InputStream; 14 | import java.io.InputStreamReader; 15 | import java.io.Reader; 16 | import java.lang.reflect.Method; 17 | import java.net.HttpURLConnection; 18 | import java.net.InetSocketAddress; 19 | import java.net.Proxy; 20 | import java.net.URL; 21 | import java.net.URLConnection; 22 | import java.util.ArrayList; 23 | import java.util.HashMap; 24 | import java.util.List; 25 | import java.util.Map; 26 | import java.util.Properties; 27 | import java.util.TreeMap; 28 | 29 | import javax.swing.JFrame; 30 | import javax.swing.JMenu; 31 | import javax.swing.JMenuItem; 32 | import javax.swing.JOptionPane; 33 | import javax.swing.KeyStroke; 34 | 35 | import com.josh.ActionJackson; 36 | 37 | public class BurpExtender implements IBurpExtender,IContextMenuFactory{ 38 | private IBurpExtenderCallbacks cb; 39 | private HashMap sploits = new HashMap(); 40 | private HashMap remotes = new HashMap(); 41 | 42 | 43 | @Override 44 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { 45 | 46 | this.cb = callbacks; 47 | cb.setExtensionName("sploits"); 48 | cb.registerContextMenuFactory(this); 49 | propsTest(); 50 | getSploits(); 51 | 52 | 53 | } 54 | 55 | @Override 56 | public List createMenuItems(IContextMenuInvocation inv) { 57 | 58 | JMenuItem inc = new JMenuItem("Add All To Scope"); 59 | inc.addActionListener(new ActionJackson(inv, cb, false)); // This will add the domain to the scope. 60 | JMenuItem exc = new JMenuItem("Remove All From Scope"); 61 | exc.addActionListener(new ActionJackson(inv, cb, true)); // This will add the domain to the scope. 62 | 63 | Liststuff = new ArrayList(); 64 | stuff.add(inc); 65 | stuff.add(exc); 66 | 67 | if(isRequest(inv) || isResponse(inv)){ 68 | JMenu sub = new JMenu("sploits"); 69 | sub.setMnemonic(KeyEvent.VK_S); 70 | //sub.setForeground(Color.red); 71 | //sub.setFont(new Font("courier", Font.PLAIN, 24)); 72 | JMenu config = new JMenu("sploits config"); 73 | //Convert to treemap to automatically sort results before displaying in the menu 74 | Map sorted = new TreeMap(sploits); 75 | //Remote Menu Collections 76 | HashMap> remoteSubMenues = new HashMap>(); 77 | //Normal Sub Menu collections 78 | HashMap addedSubMenues = new HashMap(); 79 | int cmdNum = 1; 80 | for(String sploitKey : sorted.keySet()){ 81 | 82 | if(sploitKey.startsWith("r_")){ // THis is a remote repo.. needs its own menu 83 | String title = sploitKey.substring(2, sploitKey.indexOf("_", 2)); 84 | if(!remoteSubMenues.containsKey(title)){ 85 | remoteSubMenues.put(title, new TreeMap()); 86 | } 87 | String subtitle = sploitKey.replace("r_"+title+"_", ""); 88 | if(!subtitle.contains(".")){ 89 | JMenuItem jmi = new JMenuItem(subtitle); 90 | jmi.setToolTipText(sploits.get(sploitKey)); 91 | //jmi.setFont(new Font("courier", Font.PLAIN, 24)); 92 | jmi.addActionListener(new ActionJackson(inv, cb, sploits, sploitKey)); 93 | remoteSubMenues.get(title).put(subtitle, jmi); 94 | }else{ 95 | String subsubmenu = subtitle.split("\\.")[0]; 96 | 97 | if(!remoteSubMenues.get(title).containsKey(subsubmenu)){ 98 | remoteSubMenues.get(title).put(subsubmenu, new TreeMap()); 99 | } 100 | //OMG where ami?!?!... this should have been a recursive function 101 | JMenuItem jmi = new JMenuItem(subtitle.split("\\.")[1]); 102 | jmi.setToolTipText(sploits.get(sploitKey)); 103 | //jmi.setFont(new Font("courier", Font.PLAIN, 24)); 104 | jmi.addActionListener(new ActionJackson(inv, cb, sploits, sploitKey)); 105 | ((TreeMap)remoteSubMenues.get(title).get(subsubmenu)).put(subtitle.split("\\.")[1], jmi); 106 | 107 | } 108 | 109 | }else{ // These are local user sploits 110 | if(sploitKey.contains(".")){ // these items have a sub menu 111 | String subkey = sploitKey.split("\\.")[0]; 112 | if(!addedSubMenues.containsKey(subkey)){ 113 | JMenu submenu = new JMenu(subkey); 114 | //submenu.setFont(new Font("courier", Font.PLAIN, 24)); 115 | addedSubMenues.put(subkey, new JMenu(subkey)); 116 | } 117 | JMenuItem subsub = new JMenuItem(sploitKey.split("\\.")[1]); 118 | subsub.setToolTipText(sploits.get(sploitKey)); 119 | //subsub.setFont(new Font("courier", Font.PLAIN, 24)); 120 | subsub.addActionListener(new ActionJackson(inv, cb, sploits, sploitKey)); 121 | addedSubMenues.get(subkey).add(subsub); 122 | }else{ // these are normal items 123 | JMenuItem spm = new JMenuItem(sploitKey); 124 | if(cmdNum <=9) 125 | spm.setAccelerator(KeyStroke.getKeyStroke("shift " + cmdNum)); 126 | spm.setToolTipText(sploits.get(sploitKey)); 127 | //spm.setFont(new Font("courier", Font.PLAIN, 24)); 128 | spm.addActionListener(new ActionJackson(inv, cb, sploits, sploitKey)); 129 | sub.add(spm); 130 | } 131 | } 132 | 133 | } 134 | // Add User submenues 135 | for(String skey :addedSubMenues.keySet()){ 136 | //addedSubMenues.get(skey).setFont(new Font("courier", Font.PLAIN, 24)); 137 | sub.add(addedSubMenues.get(skey)); 138 | } 139 | 140 | //add remote submenues 141 | for(String rkey : remoteSubMenues.keySet()){ 142 | TreeMap hms = remoteSubMenues.get(rkey); 143 | JMenu remote = new JMenu(rkey); 144 | //remote.setFont(new Font("courier", Font.PLAIN, 24)); 145 | for(String rrkey : hms.keySet()){ 146 | if(hms.get(rrkey).getClass().getName().contains("JMenuItem")){ 147 | remote.add((JMenuItem)hms.get(rrkey)); 148 | }else{ // we have a treemap instead 149 | JMenu remoteMenu = new JMenu(rrkey); 150 | //remoteMenu.setFont(new Font("courier", Font.PLAIN, 24)); 151 | TreeMap items = (TreeMap)hms.get(rrkey); 152 | for(String item : items.keySet()){ 153 | remoteMenu.add(items.get(item)); 154 | } 155 | remote.add(remoteMenu); 156 | } 157 | } 158 | sub.add(remote); 159 | 160 | } 161 | // Adding Config Options 162 | //This will update the submenu items both locally and from remote lists 163 | JMenuItem update = new JMenuItem("Refresh sploits"); 164 | update.addActionListener(new ActionListener(){ 165 | @Override 166 | public void actionPerformed(ActionEvent e) { 167 | getSploits(); 168 | } 169 | 170 | }); 171 | config.add(update); 172 | 173 | // This allows us to select text and add it to the user's local list of sploits 174 | JMenuItem add = new JMenuItem("Add To sploits"); 175 | add.addActionListener(new ActionListener(){ 176 | @Override 177 | public void actionPerformed(ActionEvent e) { 178 | add2sploits(inv); 179 | } 180 | 181 | }); 182 | config.add(add); 183 | 184 | // We need this to access remote lists from behind a corp firewall 185 | JMenuItem proxy = new JMenuItem("Add Proxy"); 186 | proxy.addActionListener(new ActionListener(){ 187 | @Override 188 | public void actionPerformed(ActionEvent e) { 189 | addPoxy(); 190 | } 191 | 192 | }); 193 | config.add(proxy); 194 | 195 | //Add External sploit lists from URL's 196 | JMenuItem remote = new JMenuItem("Add Remote sploits"); 197 | remote.addActionListener(new ActionListener(){ 198 | @Override 199 | public void actionPerformed(ActionEvent e) { 200 | addRemote(); 201 | } 202 | 203 | }); 204 | config.add(remote); 205 | 206 | // Delete URL's of exteneral sploits 207 | JMenuItem dremote = new JMenuItem("Delete Remote sploits"); 208 | dremote.addActionListener(new ActionListener(){ 209 | @Override 210 | public void actionPerformed(ActionEvent e) { 211 | delRemote(); 212 | } 213 | 214 | }); 215 | config.add(dremote); 216 | 217 | // Delete a local sploit 218 | JMenuItem delete = new JMenuItem("Delete sploit"); 219 | delete.addActionListener(new ActionListener(){ 220 | @Override 221 | public void actionPerformed(ActionEvent e) { 222 | deleteSploit(); 223 | } 224 | 225 | }); 226 | config.add(delete); 227 | 228 | // Copy all remote sploits to the internal properties file 229 | // This will also remove remote URL. 230 | JMenuItem convert = new JMenuItem("Convert Remote to Local"); 231 | convert.addActionListener(new ActionListener(){ 232 | @Override 233 | public void actionPerformed(ActionEvent e) { 234 | convertRemote2local(); 235 | } 236 | 237 | }); 238 | config.add(convert); 239 | 240 | stuff.add(sub); 241 | stuff.add(config); 242 | } 243 | 244 | 245 | return stuff; 246 | } 247 | 248 | 249 | private boolean isRequest(IContextMenuInvocation inv){ 250 | 251 | if(inv.getInvocationContext() == inv.CONTEXT_MESSAGE_EDITOR_REQUEST || inv.getInvocationContext() == inv.CONTEXT_MESSAGE_VIEWER_REQUEST) 252 | return true; 253 | else 254 | return false; 255 | 256 | } 257 | private boolean isResponse(IContextMenuInvocation inv){ 258 | if(inv.getInvocationContext() == inv.CONTEXT_MESSAGE_EDITOR_RESPONSE || inv.getInvocationContext() == inv.CONTEXT_MESSAGE_EDITOR_RESPONSE) 259 | return true; 260 | else 261 | return false; 262 | 263 | } 264 | 265 | /************************************************************************************ 266 | * Below this line are all the supporting functions for managing your sploit libraries 267 | * 268 | */ 269 | 270 | private void deleteSploit(){ 271 | List list = new ArrayList(); 272 | for(String key : sploits.keySet()){ 273 | if(!key.startsWith("r_")) 274 | list.add(""+key + "=" + sploits.get(key) ); 275 | } 276 | 277 | String dsploit = (String)JOptionPane.showInputDialog( 278 | new JFrame(), 279 | "Delete a local sploit: ", 280 | "Delete sploits", 281 | JOptionPane.PLAIN_MESSAGE, 282 | null, 283 | list.toArray(), 284 | null); 285 | if(dsploit!=null && !dsploit.equals("")){ 286 | delProps(dsploit.split("=")[0]); 287 | getSploits(); 288 | } 289 | } 290 | 291 | private void delRemote(){ 292 | List list = new ArrayList(); 293 | for(String key : remotes.keySet()){ 294 | list.add(""+key + "=" + remotes.get(key) ); 295 | } 296 | 297 | String remote = (String)JOptionPane.showInputDialog( 298 | new JFrame(), 299 | "Delete a remote host: ", 300 | "Update sploits", 301 | JOptionPane.PLAIN_MESSAGE, 302 | null, 303 | list.toArray(), 304 | null); 305 | if(remote!=null && !remote.equals("")){ 306 | String rkey = remote.split("=")[0]; 307 | delProps(rkey); 308 | getSploits(); 309 | } 310 | 311 | 312 | } 313 | 314 | private void addPoxy(){ 315 | String proxy = (String)JOptionPane.showInputDialog( 316 | new JFrame(), 317 | "Enter proxy (hostname:port): ", 318 | "Update sploits", 319 | JOptionPane.PLAIN_MESSAGE, 320 | null, 321 | null, 322 | null); 323 | if(proxy.contains(":")){ 324 | add2props("proxy", proxy); 325 | getSploits(); 326 | }else{ 327 | 328 | } 329 | } 330 | 331 | private void addRemote(){ 332 | String remote = (String)JOptionPane.showInputDialog( 333 | new JFrame(), 334 | "Enter remote URL: ", 335 | "Update sploits", 336 | JOptionPane.PLAIN_MESSAGE, 337 | null, 338 | null, 339 | null); 340 | add2props("remote" + remotes.size(), remote); 341 | getSploits(); 342 | } 343 | 344 | private void add2sploits(IContextMenuInvocation inv){ 345 | 346 | int start = inv.getSelectionBounds()[0]; 347 | int stop = inv.getSelectionBounds()[1]; 348 | for(IHttpRequestResponse o : inv.getSelectedMessages()){ 349 | String all = (new String(isRequest(inv)? o.getRequest(): o.getResponse())); 350 | String Selected = all.substring(start, stop); 351 | String Key = (String)JOptionPane.showInputDialog( 352 | new JFrame(), 353 | "Enter sploit Name: ", 354 | "Update sploits", 355 | JOptionPane.PLAIN_MESSAGE, 356 | null, 357 | null, 358 | null); 359 | add2props(Key, Selected); 360 | getSploits(); 361 | } 362 | 363 | } 364 | 365 | private void getURLSploits(String URL, String proxy){ 366 | 367 | Properties prop = new Properties(); 368 | try { 369 | URL url = new URL(URL); 370 | URLConnection conn = null; 371 | 372 | if(proxy != null && !proxy.equals("")){ 373 | String [] splits = proxy.split(":"); 374 | Proxy prox = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(splits[0], Integer.parseInt(splits[1]))); 375 | conn = url.openConnection(prox); 376 | 377 | }else{ 378 | conn = url.openConnection(); 379 | } 380 | 381 | InputStream in = conn.getInputStream(); 382 | Reader reader = new InputStreamReader(in, "UTF-8"); // for example 383 | // load a properties file 384 | prop.load(reader); 385 | String title = prop.getProperty("title",""); 386 | if(!title.equals("")) 387 | title+="_"; 388 | for(Object key : prop.keySet()){ 389 | if(!key.equals("title")) 390 | sploits.put("r_"+title +key, prop.getProperty(""+key)); 391 | 392 | } 393 | 394 | 395 | 396 | } catch (IOException ex) { 397 | ex.printStackTrace(); 398 | 399 | } 400 | 401 | } 402 | 403 | private void convertRemote2local(){ 404 | int isYes = (int)JOptionPane.showOptionDialog( 405 | new JFrame(), 406 | "Do You Want to Convert All Remote sploits to Local sploits? \n" 407 | + "This will also delete all remote urls.", 408 | "Update sploits", 409 | JOptionPane.YES_NO_CANCEL_OPTION, 410 | JOptionPane.QUESTION_MESSAGE, 411 | null,null,null); 412 | if(isYes == 0){ 413 | for(String key : sploits.keySet()){ 414 | if(key.startsWith("r_")){ // r_'s are imported from external sources 415 | String newKey = key.replaceFirst("r_", ""); 416 | add2props(newKey, sploits.get(key)); 417 | } 418 | } 419 | for(String key : remotes.keySet()){ 420 | delProps(key); 421 | } 422 | getSploits(); 423 | } 424 | } 425 | /************************************************************************************ 426 | * properties file management 427 | * 428 | */ 429 | 430 | private void add2props(String key, String value){ 431 | Properties prop = new Properties(); 432 | InputStream input = null; 433 | FileOutputStream fos = null; 434 | try { 435 | 436 | input = new FileInputStream("sploits.properties"); 437 | 438 | // load a properties file 439 | prop.load(input); 440 | prop.setProperty(key, value); 441 | fos = new FileOutputStream("sploits.properties"); 442 | prop.store(fos, "####Updated with sploits "); 443 | 444 | 445 | } catch (IOException ex) { 446 | ex.printStackTrace(); 447 | 448 | } finally { 449 | if (input != null) { 450 | try { 451 | input.close(); 452 | fos.close(); 453 | 454 | } catch (IOException e) { 455 | e.printStackTrace(); 456 | } 457 | } 458 | } 459 | 460 | } 461 | private void delProps(String key){ 462 | Properties prop = new Properties(); 463 | InputStream input = null; 464 | FileOutputStream fos = null; 465 | try { 466 | 467 | input = new FileInputStream("sploits.properties"); 468 | 469 | // load a properties file 470 | prop.load(input); 471 | prop.remove(key); 472 | fos = new FileOutputStream("sploits.properties"); 473 | prop.store(fos, "####Updated with sploits "); 474 | 475 | 476 | } catch (IOException ex) { 477 | ex.printStackTrace(); 478 | 479 | } finally { 480 | if (input != null) { 481 | try { 482 | input.close(); 483 | fos.close(); 484 | 485 | } catch (IOException e) { 486 | e.printStackTrace(); 487 | } 488 | } 489 | } 490 | 491 | } 492 | 493 | private void getSploits(){ 494 | sploits = new HashMap(); 495 | remotes = new HashMap(); 496 | Properties prop = new Properties(); 497 | InputStream input = null; 498 | try { 499 | 500 | input = new FileInputStream("sploits.properties"); 501 | // load a properties file 502 | prop.load(input); 503 | for(Object key : prop.keySet()){ 504 | if(((String) key).startsWith("remote")){ 505 | getURLSploits(prop.getProperty(""+key),prop.getProperty("proxy","")); 506 | remotes.put(""+key, prop.getProperty(""+key)); 507 | }else if (!key.equals("proxy")){ 508 | sploits.put(""+key, prop.getProperty(""+key)); 509 | } 510 | 511 | } 512 | 513 | 514 | } catch (IOException ex) { 515 | ex.printStackTrace(); 516 | 517 | } finally { 518 | if (input != null) { 519 | try { 520 | input.close(); 521 | } catch (IOException e) { 522 | e.printStackTrace(); 523 | } 524 | } 525 | } 526 | } 527 | 528 | private void propsTest(){ 529 | File prop = new File("sploits.properties"); 530 | if(!prop.exists()){ 531 | try { 532 | prop.createNewFile(); 533 | add2props("remote0", "https://raw.githubusercontent.com/summitt/sploits-default/master/sploits.properties"); 534 | 535 | } catch (IOException e) { 536 | // TODO Auto-generated catch block 537 | e.printStackTrace(); 538 | } 539 | } 540 | 541 | 542 | } 543 | 544 | 545 | 546 | 547 | 548 | } 549 | -------------------------------------------------------------------------------- /src/com/josh/ActionJackson.java: -------------------------------------------------------------------------------- 1 | package com.josh; 2 | 3 | import java.awt.event.ActionEvent; 4 | import java.awt.event.ActionListener; 5 | import java.io.FileInputStream; 6 | import java.io.FileOutputStream; 7 | import java.io.IOException; 8 | import java.io.InputStream; 9 | import java.io.OutputStream; 10 | import java.net.MalformedURLException; 11 | import java.net.URL; 12 | import java.util.Arrays; 13 | import java.util.HashMap; 14 | import java.util.List; 15 | import java.util.Properties; 16 | 17 | import burp.IBurpExtenderCallbacks; 18 | import burp.IContextMenuInvocation; 19 | import burp.IExtensionHelpers; 20 | import burp.IHttpRequestResponse; 21 | import burp.IRequestInfo; 22 | 23 | public class ActionJackson implements ActionListener{ 24 | private IContextMenuInvocation inv; 25 | private IBurpExtenderCallbacks cb; 26 | private boolean isExclude=false; 27 | private HashMap sploits; 28 | private String PropKey; 29 | 30 | public ActionJackson(IContextMenuInvocation inv, IBurpExtenderCallbacks callbacks, boolean isExclude ){ 31 | this.inv = inv; 32 | this.cb = callbacks; 33 | this.isExclude=isExclude; 34 | 35 | } 36 | public ActionJackson(IContextMenuInvocation inv, IBurpExtenderCallbacks callbacks, HashMapsploits){ 37 | this.inv = inv; 38 | this.cb = callbacks; 39 | this.sploits = sploits; 40 | 41 | } 42 | public ActionJackson(IContextMenuInvocation inv, IBurpExtenderCallbacks callbacks, HashMapsploits, String PropKey){ 43 | this.inv = inv; 44 | this.cb = callbacks; 45 | this.sploits = sploits; 46 | this.PropKey = PropKey; 47 | 48 | } 49 | 50 | public ActionJackson(IContextMenuInvocation inv, IBurpExtenderCallbacks callbacks){ 51 | this.inv = inv; 52 | this.cb = callbacks; 53 | 54 | } 55 | 56 | @Override 57 | public void actionPerformed(ActionEvent e) { 58 | 59 | String caller = e.getActionCommand(); 60 | if(PropKey != null && !PropKey.equals("")) 61 | caller=PropKey; 62 | 63 | //If adding a domian to scope then do this: 64 | if(caller.equals("Add All To Scope") || caller.equals("Remove All From Scope")){ 65 | for(IHttpRequestResponse o : inv.getSelectedMessages()){ 66 | String host = o.getUrl().getHost(); 67 | //if(!cb.isInScope(o.getUrl())){ 68 | URL https; 69 | URL http; 70 | try { 71 | https = new URL("https://"+host); 72 | http = new URL("http://"+host); 73 | 74 | if(!isExclude){ 75 | cb.includeInScope(http); 76 | cb.includeInScope(https); 77 | cb.printOutput("Including " + host + " in Scope"); 78 | }else{ 79 | cb.excludeFromScope(http); 80 | cb.excludeFromScope(https); 81 | cb.printOutput("Excluding " + host + " in Scope"); 82 | } 83 | } catch (MalformedURLException e1) { 84 | // TODO Auto-generated catch block 85 | e1.printStackTrace(); 86 | } 87 | 88 | //} 89 | } 90 | }else{ // Else we want to add our attacks. 91 | replace(sploits.get(caller)); 92 | 93 | } 94 | 95 | 96 | } 97 | 98 | 99 | 100 | 101 | 102 | private void replace(Object replace){ 103 | if(replace == null) 104 | return; 105 | int start = inv.getSelectionBounds()[0]; 106 | int stop = inv.getSelectionBounds()[1]; 107 | IExtensionHelpers hp=cb.getHelpers(); 108 | 109 | 110 | if(replace.getClass().getName().equals("java.lang.String")){ 111 | for(IHttpRequestResponse o : inv.getSelectedMessages()){ 112 | try{ 113 | String all = getMessage(o); 114 | String Selected = all.substring(start, stop); 115 | String begin = all.substring(0, start); 116 | String end = all.substring(stop); 117 | all = begin + replace + end; 118 | setMessage(o, all); 119 | break; 120 | }catch(Exception ex){ 121 | cb.printError("Not a valid injection point"); 122 | } 123 | } 124 | }else{ 125 | for(IHttpRequestResponse o : inv.getSelectedMessages()){ 126 | try{ 127 | byte[] all = getMsgBytes(o); 128 | byte[] begin = Arrays.copyOfRange(all, 0, start); 129 | byte[] end = Arrays.copyOfRange(all, stop, all.length); 130 | byte [] r = (byte[])replace; 131 | byte [] out = new byte[begin.length + end.length + r.length]; 132 | System.arraycopy(begin, 0, out, 0, begin.length); 133 | System.arraycopy(r, 0, out, begin.length, r.length); 134 | System.arraycopy(end, 0, out, r.length+begin.length, end.length); 135 | setMsgBytes(o,out); 136 | break; 137 | }catch(Exception ex){ 138 | cb.printError("Not a valid injection point"); 139 | } 140 | } 141 | 142 | } 143 | 144 | } 145 | private boolean isRequest(){ 146 | if(inv.getInvocationContext() == inv.CONTEXT_MESSAGE_EDITOR_REQUEST || inv.getInvocationContext() == inv.CONTEXT_MESSAGE_VIEWER_REQUEST) 147 | return true; 148 | else 149 | return false; 150 | 151 | } 152 | 153 | private String getMessage(IHttpRequestResponse o){ 154 | 155 | return (new String(isRequest()? o.getRequest(): o.getResponse())); 156 | 157 | } 158 | private byte[] getMsgBytes(IHttpRequestResponse o){ 159 | return isRequest()? o.getRequest(): o.getResponse(); 160 | } 161 | private void setMessage(IHttpRequestResponse o, String update){ 162 | if(isRequest()){ 163 | o.setRequest(update.getBytes()); 164 | 165 | }else{ 166 | o.setResponse(update.getBytes()); 167 | } 168 | } 169 | private void setMsgBytes(IHttpRequestResponse o, byte [] update){ 170 | if(isRequest()){ 171 | o.setRequest(update); 172 | 173 | }else{ 174 | o.setResponse(update); 175 | } 176 | } 177 | 178 | 179 | } 180 | --------------------------------------------------------------------------------