├── .gitignore ├── History.txt ├── README.rdoc ├── Rakefile ├── VERSION.yml ├── bin └── buby ├── buby.gemspec ├── ext ├── buby │ └── burp │ │ └── BurpExtender.java └── burp_interfaces │ └── burp │ ├── IBurpExtender.java │ ├── IBurpExtenderCallbacks.java │ ├── IContextMenuFactory.java │ ├── IContextMenuInvocation.java │ ├── ICookie.java │ ├── IExtensionHelpers.java │ ├── IExtensionStateListener.java │ ├── IHttpListener.java │ ├── IHttpRequestResponse.java │ ├── IHttpRequestResponsePersisted.java │ ├── IHttpRequestResponseWithMarkers.java │ ├── IHttpService.java │ ├── IInterceptedProxyMessage.java │ ├── IIntruderAttack.java │ ├── IIntruderPayloadGenerator.java │ ├── IIntruderPayloadGeneratorFactory.java │ ├── IIntruderPayloadProcessor.java │ ├── IMenuItemHandler.java │ ├── IMessageEditor.java │ ├── IMessageEditorController.java │ ├── IMessageEditorTab.java │ ├── IMessageEditorTabFactory.java │ ├── IParameter.java │ ├── IProxyListener.java │ ├── IRequestInfo.java │ ├── IResponseInfo.java │ ├── IScanIssue.java │ ├── IScanQueueItem.java │ ├── IScannerCheck.java │ ├── IScannerInsertionPoint.java │ ├── IScannerInsertionPointProvider.java │ ├── IScannerListener.java │ ├── IScopeChangeListener.java │ ├── ISessionHandlingAction.java │ ├── ITab.java │ ├── ITempFile.java │ └── ITextEditor.java ├── lib ├── buby.rb ├── buby │ ├── burp_extender.rb │ ├── burp_extender │ │ ├── console_frame.rb │ │ ├── console_pane.rb │ │ ├── console_tab.rb │ │ ├── context_menu.rb │ │ ├── context_menu_factory.rb │ │ ├── context_menu_item.rb │ │ ├── jcheck_box_menu_item.rb │ │ ├── jmenu.rb │ │ ├── jmenu_item.rb │ │ ├── menu.rb │ │ └── menu_item.rb │ ├── context_menu_factory.rb │ ├── cookie.rb │ ├── extender.rb │ ├── http_listener.rb │ ├── implants.rb │ ├── implants │ │ ├── buby_array_wrapper.rb │ │ ├── context_menu_invocation.rb │ │ ├── cookie.rb │ │ ├── extension_helpers.rb │ │ ├── http_request_response.rb │ │ ├── intercepted_proxy_message.rb │ │ ├── intruder_attack.rb │ │ ├── jruby.rb │ │ ├── message_editor.rb │ │ ├── message_editor_controller.rb │ │ ├── parameter.rb │ │ ├── request_info.rb │ │ ├── response_info.rb │ │ ├── scan_issue.rb │ │ ├── scan_queue_item.rb │ │ ├── scanner_insertion_point.rb │ │ ├── temp_file.rb │ │ └── text_editor.rb │ ├── intruder_payload_generator.rb │ ├── intruder_payload_generator_factory.rb │ ├── intruder_payload_processor.rb │ ├── message_editor_controller.rb │ ├── message_editor_tab.rb │ ├── message_editor_tab_factory.rb │ ├── parameter.rb │ ├── parameter │ │ ├── base.rb │ │ ├── body.rb │ │ ├── cookie.rb │ │ └── url.rb │ ├── proxy_listener.rb │ ├── scan_issue.rb │ ├── scanner_check.rb │ ├── scanner_insertion_point.rb │ ├── scanner_insertion_point_provider.rb │ ├── scanner_listener.rb │ ├── scope_change_listener.rb │ ├── session_handling_action.rb │ ├── tab.rb │ └── version.rb ├── burp.rb └── burp │ ├── IBurpExtender.rb │ ├── IBurpExtenderCallbacks.rb │ ├── IContextMenuFactory.rb │ ├── IContextMenuInvocation.rb │ ├── ICookie.rb │ ├── IExtensionHelpers.rb │ ├── IExtensionStateListener.rb │ ├── IHttpListener.rb │ ├── IHttpRequestResponse.rb │ ├── IHttpRequestResponsePersisted.rb │ ├── IHttpRequestResponseWithMarkers.rb │ ├── IHttpService.rb │ ├── IInterceptedProxyMessage.rb │ ├── IIntruderAttack.rb │ ├── IIntruderPayloadGenerator.rb │ ├── IIntruderPayloadGeneratorFactory.rb │ ├── IIntruderPayloadProcessor.rb │ ├── IMenuItemHandler.rb │ ├── IMessageEditor.rb │ ├── IMessageEditorController.rb │ ├── IMessageEditorTab.rb │ ├── IMessageEditorTabFactory.rb │ ├── IParameter.rb │ ├── IProxyListener.rb │ ├── IRequestInfo.rb │ ├── IResponseInfo.rb │ ├── IScanIssue.rb │ ├── IScanQueueItem.rb │ ├── IScannerCheck.rb │ ├── IScannerInsertionPoint.rb │ ├── IScannerInsertionPointProvider.rb │ ├── IScannerListener.rb │ ├── IScopeChangeListener.rb │ ├── ISessionHandlingAction.rb │ ├── ITab.rb │ ├── ITempFile.rb │ └── ITextEditor.rb ├── samples ├── bubystart.rb ├── drb_buby.rb ├── drb_sample_cli.rb ├── mechanize_burp.rb ├── menu_copy_req.rb ├── poc_generator.rb ├── verb_tamperer.rb └── watch_scan.rb ├── test └── buby_test.rb └── tmp └── .gitignore /.gitignore: -------------------------------------------------------------------------------- 1 | *.sw? 2 | .DS_Store 3 | coverage 4 | rdoc 5 | pkg 6 | *.gem 7 | *.class 8 | *.jar 9 | doc 10 | .yardoc 11 | notes.txt 12 | -------------------------------------------------------------------------------- /History.txt: -------------------------------------------------------------------------------- 1 | == 1.2.1 / 2011-01-27 2 | * Fixed burp -v to print version... somewhat 3 | 4 | == 1.2.0 / 2010-08-29 5 | * added menu item support from 1.3 6 | * added some additional processing constants from 1.3 7 | 8 | == 1.1.7 / 2009-12-29 9 | * fix evt_proxy_message_raw bridge to modify proxy messages (broken in 1.1.6) 10 | * switched from bones to jeweler for project mgmt 11 | 12 | == 1.1.6 / 2009-11-19 13 | * fix 14 | * poc_generator.rb example fixed to properly parse port in Host header 15 | * fix evt_proxy_message bridge to deal correctly with binary content data 16 | 17 | == 1.1.5 / 2009-10-15 18 | * enhancements 19 | * added support for exitSuite in burp v 1.2.17+ 20 | * added samples/poc_generator.rb 21 | 22 | == 1.1.4.1 / 2009-09-22 23 | * fix 24 | * Buby.harvest_cookies_from_history() was broken. 25 | It now implements select() block semantics and always returns an array. 26 | 27 | == 1.1.4 / 2009-09-14 28 | * enhancements 29 | * buby got implants! (har har) 30 | * Ruby wrapper classes added for proxy_history, site_map, and scan_issues 31 | * Extensions module for IHttpRequestResponse burp's class implementation 32 | * Extensions module for IScanIssue burp's class implementation 33 | * Added -s/--state, -r/--require, -e/--extend to buby cmd-line executable 34 | * Added -v/--version buby cmd-line flag 35 | * Modified samples for use as modules with -r/-e as well as run standalone 36 | * Added drb client and server sample 37 | 38 | == 1.1.3.1 / 2009-09-09 39 | * fix 40 | * fixed a typo in the String type-check for Buby.getParameters() 41 | 42 | == 1.1.3 / 2009-08-25 43 | * 1 enhancement 44 | * new convenience methods added for iterating and searching through 45 | proxy history, scan history, etc. 46 | * 1 fix 47 | * The gem now includes a buby.jar which should be usable with Java 1.5+ 48 | (previously the jar had been compiled only for Java 1.6) 49 | 50 | == 1.1.2 / 2009-08-20 51 | * 1 enhancement 52 | * Support added for the new getScanIssues extender method exposed in v1.2.15 53 | See http://releases.portswigger.net/2009/08/v1215.html 54 | 55 | == 1.1.1 / 2009-06-24 56 | * Fix 57 | * fixed getSiteMap callback front-end so that it takes the urlprefix argument 58 | 59 | == 1.1.0 / 2009-06-18 60 | * 1 major enhancement 61 | * Support added for the new Burp API features added in Burp 1.2.09. 62 | See http://releases.portswigger.net/2009/05/v1209.html 63 | * 1 minor enhancement 64 | * buby command-line tool exposes arguments for debugging and IRB 65 | 66 | == 1.0.2 / 2009-06-02 67 | * Enhancements 68 | * Added a sample illustrating synching cookies with Mechanize 69 | 70 | == 1.0.1 / 2009-05-10 71 | * Enhancements 72 | * Added some sugar to make swapping Burp event handlers easier. 73 | * Fixed documentation errors 74 | 75 | == 1.0.0 / 2009-05-08 76 | 77 | * 1 major enhancement 78 | * Birthday! 79 | -------------------------------------------------------------------------------- /VERSION.yml: -------------------------------------------------------------------------------- 1 | --- 2 | :major: 1 3 | :minor: 6 4 | :patch: 0 5 | :build: 6 | -------------------------------------------------------------------------------- /bin/buby: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env jruby 2 | 3 | require 'burp_interfaces.jar' 4 | require 'buby.jar' 5 | require 'buby' 6 | require 'irb' 7 | require 'optparse' 8 | 9 | args = {} 10 | 11 | begin 12 | opts = OptionParser.new do |o| 13 | o.banner = "Usage: #{File.basename $0} [options]" 14 | 15 | o.on_tail("-h", "--help", "Show this help message") do 16 | raise opts.to_s 17 | end 18 | 19 | o.on("-i", "--interactive", "Start IRB") { args[:interactive] = :irb } 20 | 21 | o.on("-p", "--pry", "Start pry") { args[:interactive] = :pry } 22 | 23 | o.on("-d", "--debug", "Debug info") { args[:debug] = true } 24 | 25 | o.on("-B", "--load-burp=PATH", "Load Burp Jar from PATH") do |b| 26 | args[:load_burp] = b 27 | end 28 | 29 | o.on("-P", "--proxy-interception", "Enable intercept on load") {args[:proxy_interception] = true} 30 | 31 | o.on('-s', '--state=FILE', "Restore burp state file on startup") do |r| 32 | args[:restore] = r 33 | end 34 | 35 | o.on('-r', '--require=LIB', 36 | 'load a ruby lib (or jar) after Burp loads') do |i| 37 | (args[:requires] ||= []).push(i) 38 | end 39 | 40 | o.on('-e', '--extend=MOD', 41 | 'Extend Buby with a module (loaded via -r?)') do |m| 42 | (args[:extensions] ||= []).push(m) 43 | end 44 | 45 | o.on('-v', '--version', 'Prints version and exits.') do 46 | puts "#{File.basename $0} v#{Buby::VERSION}" 47 | exit 0 48 | end 49 | end 50 | 51 | opts.parse!(ARGV) 52 | 53 | if jar=args[:load_burp] 54 | raise "Load Burp Error: #{jar} did not provide burp.StartBurp" unless Buby.load_burp(jar) 55 | end 56 | 57 | raise "Load Burp Error: Specify a path to your burp.jar with -B" unless Buby.burp_loaded? 58 | 59 | rescue 60 | STDERR.puts $! 61 | exit 1 62 | end 63 | 64 | $DEBUG=true if args[:debug] 65 | 66 | $burp = Buby.start_burp() 67 | 68 | until $burp.burp_callbacks 69 | puts 'Waiting for burp callbacks...' if $DEBUG 70 | sleep 0.1 71 | end 72 | 73 | if libs=args[:requires] 74 | libs.each {|lib| STDERR.puts "Loading: #{lib.inspect}"; require(lib)} 75 | end 76 | 77 | def resolve_const(str) 78 | raise "can't resolve empty name #{str.inspect}" if str.empty? 79 | names = str.split('::') 80 | obj = ::Object 81 | names.each do |name| 82 | raise "#{name.inspect} is not defined" unless obj.const_defined?(name) 83 | obj = obj.const_get(name) 84 | end 85 | return obj if obj != ::Object 86 | end 87 | 88 | if mods=args[:extensions] 89 | mods.each do |mod| 90 | obj = resolve_const(mod) 91 | raise "#{obj.name} is not a module" unless obj.kind_of? Module 92 | STDERR.puts "Extending $burp with: #{obj.name}" 93 | $burp.extend(obj) 94 | if $burp.respond_to?(imeth=:"init_#{mod.split('::').last}") 95 | $burp.__send__ imeth 96 | end 97 | end 98 | end 99 | 100 | if f=args[:restore] 101 | raise "no such file #{f.inspect}" unless File.exists?(f) 102 | STDERR.puts "Restoring burp state from: #{f.inspect}" 103 | $burp.restore_state(f) 104 | end 105 | 106 | $burp.proxy_interception = false unless args[:proxy_interception] 107 | 108 | case args[:interactive] 109 | when :irb 110 | # yucky hack... 111 | IRB.setup(nil) 112 | IRB.conf[:IRB_NAME] = File.basename($0, ".rb") 113 | module IRB 114 | class <IBurpExtenderCallbacks interface, providing methods that may 25 | * be invoked by the extension to perform various actions. 26 | * 27 | * @param callbacks An 28 | * IBurpExtenderCallbacks object. 29 | */ 30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); 31 | } 32 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IContextMenuFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | import javax.swing.JMenuItem; 14 | 15 | /** 16 | * Extensions can implement this interface and then call 17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register 18 | * a factory for custom context menu items. 19 | */ 20 | public interface IContextMenuFactory 21 | { 22 | /** 23 | * This method will be called by Burp when the user invokes a context menu 24 | * anywhere within Burp. The factory can then provide any custom context 25 | * menu items that should be displayed in the context menu, based on the 26 | * details of the menu invocation. 27 | * 28 | * @param invocation An object that implements the 29 | * IMessageEditorTabFactory interface, which the extension can 30 | * query to obtain details of the context menu invocation. 31 | * @return A list of custom menu items (which may include sub-menus, 32 | * checkbox menu items, etc.) that should be displayed. Extensions may 33 | * return 34 | * null from this method, to indicate that no menu items are 35 | * required. 36 | */ 37 | List createMenuItems(IContextMenuInvocation invocation); 38 | } 39 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/ICookie.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ICookie.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Date; 13 | 14 | /** 15 | * This interface is used to hold details about an HTTP cookie. 16 | */ 17 | public interface ICookie 18 | { 19 | /** 20 | * This method is used to retrieve the domain for which the cookie is in 21 | * scope. 22 | * 23 | * @return The domain for which the cookie is in scope. Note: For 24 | * cookies that have been analyzed from responses (by calling 25 | * IExtensionHelpers.analyzeResponse() and then 26 | * IResponseInfo.getCookies(), the domain will be 27 | * null if the response did not explicitly set a domain 28 | * attribute for the cookie. 29 | */ 30 | String getDomain(); 31 | 32 | /** 33 | * This method is used to retrieve the expiration time for the cookie. 34 | * 35 | * @return The expiration time for the cookie, or 36 | * null if none is set (i.e., for non-persistent session 37 | * cookies). 38 | */ 39 | Date getExpiration(); 40 | 41 | /** 42 | * This method is used to retrieve the name of the cookie. 43 | * 44 | * @return The name of the cookie. 45 | */ 46 | String getName(); 47 | 48 | /** 49 | * This method is used to retrieve the value of the cookie. 50 | * @return The value of the cookie. 51 | */ 52 | String getValue(); 53 | } 54 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IExtensionStateListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionStateListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to 15 | * register an extension state listener. The listener will be notified of 16 | * changes to the extension's state. Note: Any extensions that start 17 | * background threads or open system resources (such as files or database 18 | * connections) should register a listener and terminate threads / close 19 | * resources when the extension is unloaded. 20 | */ 21 | public interface IExtensionStateListener 22 | { 23 | /** 24 | * This method is called when the extension is unloaded. 25 | */ 26 | void extensionUnloaded(); 27 | } 28 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IHttpListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register an 15 | * HTTP listener. The listener will be notified of requests and responses made 16 | * by any Burp tool. Extensions can perform custom analysis or modification of 17 | * these messages by registering an HTTP listener. 18 | */ 19 | public interface IHttpListener 20 | { 21 | /** 22 | * This method is invoked when an HTTP request is about to be issued, and 23 | * when an HTTP response has been received. 24 | * 25 | * @param toolFlag A flag indicating the Burp tool that issued the request. 26 | * Burp tool flags are defined in the 27 | * IBurpExtenderCallbacks interface. 28 | * @param messageIsRequest Flags whether the method is being invoked for a 29 | * request or response. 30 | * @param messageInfo Details of the request / response to be processed. 31 | * Extensions can call the setter methods on this object to update the 32 | * current message and so modify Burp's behavior. 33 | */ 34 | void processHttpMessage(int toolFlag, 35 | boolean messageIsRequest, 36 | IHttpRequestResponse messageInfo); 37 | } 38 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IHttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponse.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve and update details about HTTP messages. 14 | * 15 | * Note: The setter methods generally can only be used before the message 16 | * has been processed, and not in read-only contexts. The getter methods 17 | * relating to response details can only be used after the request has been 18 | * issued. 19 | */ 20 | public interface IHttpRequestResponse 21 | { 22 | /** 23 | * This method is used to retrieve the request message. 24 | * 25 | * @return The request message. 26 | */ 27 | byte[] getRequest(); 28 | 29 | /** 30 | * This method is used to update the request message. 31 | * 32 | * @param message The new request message. 33 | */ 34 | void setRequest(byte[] message); 35 | 36 | /** 37 | * This method is used to retrieve the response message. 38 | * 39 | * @return The response message. 40 | */ 41 | byte[] getResponse(); 42 | 43 | /** 44 | * This method is used to update the response message. 45 | * 46 | * @param message The new response message. 47 | */ 48 | void setResponse(byte[] message); 49 | 50 | /** 51 | * This method is used to retrieve the user-annotated comment for this item, 52 | * if applicable. 53 | * 54 | * @return The user-annotated comment for this item, or null if none is set. 55 | */ 56 | String getComment(); 57 | 58 | /** 59 | * This method is used to update the user-annotated comment for this item. 60 | * 61 | * @param comment The comment to be assigned to this item. 62 | */ 63 | void setComment(String comment); 64 | 65 | /** 66 | * This method is used to retrieve the user-annotated highlight for this 67 | * item, if applicable. 68 | * 69 | * @return The user-annotated highlight for this item, or null if none is 70 | * set. 71 | */ 72 | String getHighlight(); 73 | 74 | /** 75 | * This method is used to update the user-annotated highlight for this item. 76 | * 77 | * @param color The highlight color to be assigned to this item. Accepted 78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, 79 | * or a null String to clear any existing highlight. 80 | */ 81 | void setHighlight(String color); 82 | 83 | /** 84 | * This method is used to retrieve the HTTP service for this request / 85 | * response. 86 | * 87 | * @return An 88 | * IHttpService object containing details of the HTTP service. 89 | */ 90 | IHttpService getHttpService(); 91 | 92 | /** 93 | * This method is used to update the HTTP service for this request / 94 | * response. 95 | * 96 | * @param httpService An 97 | * IHttpService object containing details of the new HTTP 98 | * service. 99 | */ 100 | void setHttpService(IHttpService httpService); 101 | 102 | } 103 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | * IHttpRequestResponse object whose request and response messages 15 | * have been saved to temporary files using 16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles(). 17 | */ 18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse 19 | { 20 | /** 21 | * This method is used to permanently delete the saved temporary files. It 22 | * will no longer be possible to retrieve the request or response for this 23 | * item. 24 | */ 25 | void deleteTempFiles(); 26 | } 27 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IHttpRequestResponseWithMarkers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponseWithMarkers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used for an 16 | * IHttpRequestResponse object that has had markers applied. 17 | * Extensions can create instances of this interface using 18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own 19 | * implementation. Markers are used in various situations, such as specifying 20 | * Intruder payload positions, Scanner insertion points, and highlights in 21 | * Scanner issues. 22 | */ 23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse 24 | { 25 | /** 26 | * This method returns the details of the request markers. 27 | * 28 | * @return A list of index pairs representing the offsets of markers for the 29 | * request message. Each item in the list is an int[2] array containing the 30 | * start and end offsets for the marker. The method may return 31 | * null if no request markers are defined. 32 | */ 33 | List getRequestMarkers(); 34 | 35 | /** 36 | * This method returns the details of the response markers. 37 | * 38 | * @return A list of index pairs representing the offsets of markers for the 39 | * response message. Each item in the list is an int[2] array containing the 40 | * start and end offsets for the marker. The method may return 41 | * null if no response markers are defined. 42 | */ 43 | List getResponseMarkers(); 44 | } 45 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IHttpService.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpService.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to provide details about an HTTP service, to which 14 | * HTTP requests can be sent. 15 | */ 16 | public interface IHttpService 17 | { 18 | /** 19 | * This method returns the hostname or IP address for the service. 20 | * 21 | * @return The hostname or IP address for the service. 22 | */ 23 | String getHost(); 24 | 25 | /** 26 | * This method returns the port number for the service. 27 | * 28 | * @return The port number for the service. 29 | */ 30 | int getPort(); 31 | 32 | /** 33 | * This method returns the protocol for the service. 34 | * 35 | * @return The protocol for the service. Expected values are "http" or 36 | * "https". 37 | */ 38 | String getProtocol(); 39 | } 40 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IIntruderAttack.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderAttack.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an Intruder attack. 14 | */ 15 | public interface IIntruderAttack 16 | { 17 | /** 18 | * This method is used to retrieve the HTTP service for the attack. 19 | * 20 | * @return The HTTP service for the attack. 21 | */ 22 | IHttpService getHttpService(); 23 | 24 | /** 25 | * This method is used to retrieve the request template for the attack. 26 | * 27 | * @return The request template for the attack. 28 | */ 29 | byte[] getRequestTemplate(); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IIntruderPayloadGenerator.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGenerator.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for custom Intruder payload generators. Extensions 14 | * that have registered an 15 | * IIntruderPayloadGeneratorFactory must return a new instance of 16 | * this interface when required as part of a new Intruder attack. 17 | */ 18 | public interface IIntruderPayloadGenerator 19 | { 20 | /** 21 | * This method is used by Burp to determine whether the payload generator is 22 | * able to provide any further payloads. 23 | * 24 | * @return Extensions should return 25 | * false when all the available payloads have been used up, 26 | * otherwise 27 | * true. 28 | */ 29 | boolean hasMorePayloads(); 30 | 31 | /** 32 | * This method is used by Burp to obtain the value of the next payload. 33 | * 34 | * @param baseValue The base value of the current payload position. This 35 | * value may be 36 | * null if the concept of a base value is not applicable (e.g. 37 | * in a battering ram attack). 38 | * @return The next payload to use in the attack. 39 | */ 40 | byte[] getNextPayload(byte[] baseValue); 41 | 42 | /** 43 | * This method is used by Burp to reset the state of the payload generator 44 | * so that the next call to 45 | * getNextPayload() returns the first payload again. This 46 | * method will be invoked when an attack uses the same payload generator for 47 | * more than one payload position, for example in a sniper attack. 48 | */ 49 | void reset(); 50 | } 51 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IIntruderPayloadGeneratorFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGeneratorFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() 15 | * to register a factory for custom Intruder payloads. 16 | */ 17 | public interface IIntruderPayloadGeneratorFactory 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload generator. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use extension-generated payloads. 23 | * 24 | * @return The name of the payload generator. 25 | */ 26 | String getGeneratorName(); 27 | 28 | /** 29 | * This method is used by Burp when the user starts an Intruder attack that 30 | * uses this payload generator. 31 | * 32 | * @param attack An 33 | * IIntruderAttack object that can be queried to obtain details 34 | * about the attack in which the payload generator will be used. 35 | * @return A new instance of 36 | * IIntruderPayloadGenerator that will be used to generate 37 | * payloads for the attack. 38 | */ 39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); 40 | } 41 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IIntruderPayloadProcessor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadProcessor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to 15 | * register a custom Intruder payload processor. 16 | */ 17 | public interface IIntruderPayloadProcessor 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload processor. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use an extension-provided payload processor. 23 | * 24 | * @return The name of the payload processor. 25 | */ 26 | String getProcessorName(); 27 | 28 | /** 29 | * This method is invoked by Burp each time the processor should be applied 30 | * to an Intruder payload. 31 | * 32 | * @param currentPayload The value of the payload to be processed. 33 | * @param originalPayload The value of the original payload prior to 34 | * processing by any already-applied processing rules. 35 | * @param baseValue The base value of the payload position, which will be 36 | * replaced with the current payload. 37 | * @return The value of the processed payload. This may be 38 | * null to indicate that the current payload should be skipped, 39 | * and the attack will move directly to the next payload. 40 | */ 41 | byte[] processPayload( 42 | byte[] currentPayload, 43 | byte[] originalPayload, 44 | byte[] baseValue); 45 | } 46 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IMenuItemHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMenuItemHandler.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom 15 | * context menu item. 16 | * 17 | * @deprecated Use 18 | * IContextMenuFactory instead. 19 | */ 20 | @Deprecated 21 | public interface IMenuItemHandler 22 | { 23 | /** 24 | * This method is invoked by Burp Suite when the user clicks on a custom 25 | * menu item which the extension has registered with Burp. 26 | * 27 | * @param menuItemCaption The caption of the menu item which was clicked. 28 | * This parameter enables extensions to provide a single implementation 29 | * which handles multiple different menu items. 30 | * @param messageInfo Details of the HTTP message(s) for which the context 31 | * menu was displayed. 32 | */ 33 | void menuItemClicked( 34 | String menuItemCaption, 35 | IHttpRequestResponse[] messageInfo); 36 | } 37 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IMessageEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's HTTP 16 | * message editor, for the extension to use in its own UI. Extensions should 17 | * call 18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an 19 | * instance of this interface. 20 | */ 21 | public interface IMessageEditor 22 | { 23 | /** 24 | * This method returns the UI component of the editor, for extensions to add 25 | * to their own UI. 26 | * 27 | * @return The UI component of the editor. 28 | */ 29 | Component getComponent(); 30 | 31 | /** 32 | * This method is used to display an HTTP message in the editor. 33 | * 34 | * @param message The HTTP message to be displayed. 35 | * @param isRequest Flags whether the message is an HTTP request or 36 | * response. 37 | */ 38 | void setMessage(byte[] message, boolean isRequest); 39 | 40 | /** 41 | * This method is used to retrieve the currently displayed message, which 42 | * may have been modified by the user. 43 | * 44 | * @return The currently displayed HTTP message. 45 | */ 46 | byte[] getMessage(); 47 | 48 | /** 49 | * This method is used to determine whether the current message has been 50 | * modified by the user. 51 | * 52 | * @return An indication of whether the current message has been modified by 53 | * the user since it was first displayed. 54 | */ 55 | boolean isMessageModified(); 56 | 57 | /** 58 | * This method returns the data that is currently selected by the user. 59 | * 60 | * @return The data that is currently selected by the user, or 61 | * null if no selection is made. 62 | */ 63 | byte[] getSelectedData(); 64 | } 65 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IMessageEditorController.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorController.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used by an 14 | * IMessageEditor to obtain details about the currently displayed 15 | * message. Extensions that create instances of Burp's HTTP message editor can 16 | * optionally provide an implementation of 17 | * IMessageEditorController, which the editor will invoke when it 18 | * requires further information about the current message (for example, to send 19 | * it to another Burp tool). Extensions that provide custom editor tabs via an 20 | * IMessageEditorTabFactory will receive a reference to an 21 | * IMessageEditorController object for each tab instance they 22 | * generate, which the tab can invoke if it requires further information about 23 | * the current message. 24 | */ 25 | public interface IMessageEditorController 26 | { 27 | /** 28 | * This method is used to retrieve the HTTP service for the current message. 29 | * 30 | * @return The HTTP service for the current message. 31 | */ 32 | IHttpService getHttpService(); 33 | 34 | /** 35 | * This method is used to retrieve the HTTP request associated with the 36 | * current message (which may itself be a response). 37 | * 38 | * @return The HTTP request associated with the current message. 39 | */ 40 | byte[] getRequest(); 41 | 42 | /** 43 | * This method is used to retrieve the HTTP response associated with the 44 | * current message (which may itself be a request). 45 | * 46 | * @return The HTTP response associated with the current message. 47 | */ 48 | byte[] getResponse(); 49 | } 50 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IMessageEditorTab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * Extensions that register an 16 | * IMessageEditorTabFactory must return instances of this 17 | * interface, which Burp will use to create custom tabs within its HTTP message 18 | * editors. 19 | */ 20 | public interface IMessageEditorTab 21 | { 22 | /** 23 | * This method returns the caption that should appear on the custom tab when 24 | * it is displayed. Note: Burp invokes this method once when the tab 25 | * is first generated, and the same caption will be used every time the tab 26 | * is displayed. 27 | * 28 | * @return The caption that should appear on the custom tab when it is 29 | * displayed. 30 | */ 31 | String getTabCaption(); 32 | 33 | /** 34 | * This method returns the component that should be used as the contents of 35 | * the custom tab when it is displayed. Note: Burp invokes this 36 | * method once when the tab is first generated, and the same component will 37 | * be used every time the tab is displayed. 38 | * 39 | * @return The component that should be used as the contents of the custom 40 | * tab when it is displayed. 41 | */ 42 | Component getUiComponent(); 43 | 44 | /** 45 | * The hosting editor will invoke this method before it displays a new HTTP 46 | * message, so that the custom tab can indicate whether it should be enabled 47 | * for that message. 48 | * 49 | * @param content The message that is about to be displayed. 50 | * @param isRequest Indicates whether the message is a request or a 51 | * response. 52 | * @return The method should return 53 | * true if the custom tab is able to handle the specified 54 | * message, and so will be displayed within the editor. Otherwise, the tab 55 | * will be hidden while this message is displayed. 56 | */ 57 | boolean isEnabled(byte[] content, boolean isRequest); 58 | 59 | /** 60 | * The hosting editor will invoke this method to display a new message or to 61 | * clear the existing message. This method will only be called with a new 62 | * message if the tab has already returned 63 | * true to a call to 64 | * isEnabled() with the same message details. 65 | * 66 | * @param content The message that is to be displayed, or 67 | * null if the tab should clear its contents and disable any 68 | * editable controls. 69 | * @param isRequest Indicates whether the message is a request or a 70 | * response. 71 | */ 72 | void setMessage(byte[] content, boolean isRequest); 73 | 74 | /** 75 | * This method returns the currently displayed message. 76 | * 77 | * @return The currently displayed message. 78 | */ 79 | byte[] getMessage(); 80 | 81 | /** 82 | * This method is used to determine whether the currently displayed message 83 | * has been modified by the user. The hosting editor will always call 84 | * getMessage() before calling this method, so any pending 85 | * edits should be completed within 86 | * getMessage(). 87 | * 88 | * @return The method should return 89 | * true if the user has modified the current message since it 90 | * was first displayed. 91 | */ 92 | boolean isModified(); 93 | 94 | /** 95 | * This method is used to retrieve the data that is currently selected by 96 | * the user. 97 | * 98 | * @return The data that is currently selected by the user. This may be 99 | * null if no selection is currently made. 100 | */ 101 | byte[] getSelectedData(); 102 | } 103 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IMessageEditorTabFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTabFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to 15 | * register a factory for custom message editor tabs. This allows extensions to 16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP 17 | * editor. 18 | */ 19 | public interface IMessageEditorTabFactory 20 | { 21 | /** 22 | * Burp will call this method once for each HTTP message editor, and the 23 | * factory should provide a new instance of an 24 | * IMessageEditorTab object. 25 | * 26 | * @param controller An 27 | * IMessageEditorController object, which the new tab can query 28 | * to retrieve details about the currently displayed message. This may be 29 | * null for extension-invoked message editors where the 30 | * extension has not provided an editor controller. 31 | * @param editable Indicates whether the hosting editor is editable or 32 | * read-only. 33 | * @return A new 34 | * IMessageEditorTab object for use within the message editor. 35 | */ 36 | IMessageEditorTab createNewInstance(IMessageEditorController controller, 37 | boolean editable); 38 | } 39 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IParameter.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IParameter.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an HTTP request parameter. 14 | */ 15 | public interface IParameter 16 | { 17 | /** 18 | * Used to indicate a parameter within the URL query string. 19 | */ 20 | static final byte PARAM_URL = 0; 21 | /** 22 | * Used to indicate a parameter within the message body. 23 | */ 24 | static final byte PARAM_BODY = 1; 25 | /** 26 | * Used to indicate an HTTP cookie. 27 | */ 28 | static final byte PARAM_COOKIE = 2; 29 | /** 30 | * Used to indicate an item of data within an XML structure. 31 | */ 32 | static final byte PARAM_XML = 3; 33 | /** 34 | * Used to indicate the value of a tag attribute within an XML structure. 35 | */ 36 | static final byte PARAM_XML_ATTR = 4; 37 | /** 38 | * Used to indicate the value of a parameter attribute within a multi-part 39 | * message body (such as the name of an uploaded file). 40 | */ 41 | static final byte PARAM_MULTIPART_ATTR = 5; 42 | /** 43 | * Used to indicate an item of data within a JSON structure. 44 | */ 45 | static final byte PARAM_JSON = 6; 46 | 47 | /** 48 | * This method is used to retrieve the parameter type. 49 | * 50 | * @return The parameter type. The available types are defined within this 51 | * interface. 52 | */ 53 | byte getType(); 54 | 55 | /** 56 | * This method is used to retrieve the parameter name. 57 | * 58 | * @return The parameter name. 59 | */ 60 | String getName(); 61 | 62 | /** 63 | * This method is used to retrieve the parameter value. 64 | * 65 | * @return The parameter value. 66 | */ 67 | String getValue(); 68 | 69 | /** 70 | * This method is used to retrieve the start offset of the parameter name 71 | * within the HTTP request. 72 | * 73 | * @return The start offset of the parameter name within the HTTP request, 74 | * or -1 if the parameter is not associated with a specific request. 75 | */ 76 | int getNameStart(); 77 | 78 | /** 79 | * This method is used to retrieve the end offset of the parameter name 80 | * within the HTTP request. 81 | * 82 | * @return The end offset of the parameter name within the HTTP request, or 83 | * -1 if the parameter is not associated with a specific request. 84 | */ 85 | int getNameEnd(); 86 | 87 | /** 88 | * This method is used to retrieve the start offset of the parameter value 89 | * within the HTTP request. 90 | * 91 | * @return The start offset of the parameter value within the HTTP request, 92 | * or -1 if the parameter is not associated with a specific request. 93 | */ 94 | int getValueStart(); 95 | 96 | /** 97 | * This method is used to retrieve the end offset of the parameter value 98 | * within the HTTP request. 99 | * 100 | * @return The end offset of the parameter value within the HTTP request, or 101 | * -1 if the parameter is not associated with a specific request. 102 | */ 103 | int getValueEnd(); 104 | } 105 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IProxyListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IProxyListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerProxyListener() to register a 15 | * Proxy listener. The listener will be notified of requests and responses being 16 | * processed by the Proxy tool. Extensions can perform custom analysis or 17 | * modification of these messages, and control in-UI message interception, by 18 | * registering a proxy listener. 19 | */ 20 | public interface IProxyListener 21 | { 22 | /** 23 | * This method is invoked when an HTTP message is being processed by the 24 | * Proxy. 25 | * 26 | * @param messageIsRequest Indicates whether the HTTP message is a request 27 | * or a response. 28 | * @param message An 29 | * IInterceptedProxyMessage object that extensions can use to 30 | * query and update details of the message, and control whether the message 31 | * should be intercepted and displayed to the user for manual review or 32 | * modification. 33 | */ 34 | void processProxyMessage( 35 | boolean messageIsRequest, 36 | IInterceptedProxyMessage message); 37 | } 38 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IRequestInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IRequestInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface is used to retrieve key details about an HTTP request. 17 | * Extensions can obtain an 18 | * IRequestInfo object for a given request by calling 19 | * IExtensionHelpers.analyzeRequest(). 20 | */ 21 | public interface IRequestInfo 22 | { 23 | /** 24 | * Used to indicate that there is no content. 25 | */ 26 | static final byte CONTENT_TYPE_NONE = 0; 27 | /** 28 | * Used to indicate URL-encoded content. 29 | */ 30 | static final byte CONTENT_TYPE_URL_ENCODED = 1; 31 | /** 32 | * Used to indicate multi-part content. 33 | */ 34 | static final byte CONTENT_TYPE_MULTIPART = 2; 35 | /** 36 | * Used to indicate XML content. 37 | */ 38 | static final byte CONTENT_TYPE_XML = 3; 39 | /** 40 | * Used to indicate JSON content. 41 | */ 42 | static final byte CONTENT_TYPE_JSON = 4; 43 | /** 44 | * Used to indicate AMF content. 45 | */ 46 | static final byte CONTENT_TYPE_AMF = 5; 47 | /** 48 | * Used to indicate unknown content. 49 | */ 50 | static final byte CONTENT_TYPE_UNKNOWN = -1; 51 | 52 | /** 53 | * This method is used to obtain the HTTP method used in the request. 54 | * 55 | * @return The HTTP method used in the request. 56 | */ 57 | String getMethod(); 58 | 59 | /** 60 | * This method is used to obtain the URL in the request. 61 | * 62 | * @return The URL in the request. 63 | */ 64 | URL getUrl(); 65 | 66 | /** 67 | * This method is used to obtain the HTTP headers contained in the request. 68 | * 69 | * @return The HTTP headers contained in the request. 70 | */ 71 | List getHeaders(); 72 | 73 | /** 74 | * This method is used to obtain the parameters contained in the request. 75 | * 76 | * @return The parameters contained in the request. 77 | */ 78 | List getParameters(); 79 | 80 | /** 81 | * This method is used to obtain the offset within the request where the 82 | * message body begins. 83 | * 84 | * @return The offset within the request where the message body begins. 85 | */ 86 | int getBodyOffset(); 87 | 88 | /** 89 | * This method is used to obtain the content type of the message body. 90 | * 91 | * @return An indication of the content type of the message body. Available 92 | * types are defined within this interface. 93 | */ 94 | byte getContentType(); 95 | } 96 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IResponseInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to retrieve key details about an HTTP response. 16 | * Extensions can obtain an 17 | * IResponseInfo object for a given response by calling 18 | * IExtensionHelpers.analyzeResponse(). 19 | */ 20 | public interface IResponseInfo 21 | { 22 | /** 23 | * This method is used to obtain the HTTP headers contained in the response. 24 | * 25 | * @return The HTTP headers contained in the response. 26 | */ 27 | List getHeaders(); 28 | 29 | /** 30 | * This method is used to obtain the offset within the response where the 31 | * message body begins. 32 | * 33 | * @return The offset within the response where the message body begins. 34 | */ 35 | int getBodyOffset(); 36 | 37 | /** 38 | * This method is used to obtain the HTTP status code contained in the 39 | * response. 40 | * 41 | * @return The HTTP status code contained in the response. 42 | */ 43 | short getStatusCode(); 44 | 45 | /** 46 | * This method is used to obtain details of the HTTP cookies set in the 47 | * response. 48 | * 49 | * @return A list of ICookie objects representing the cookies 50 | * set in the response, if any. 51 | */ 52 | List getCookies(); 53 | 54 | /** 55 | * This method is used to obtain the MIME type of the response, as stated in 56 | * the HTTP headers. 57 | * 58 | * @return A textual label for the stated MIME type, or an empty String if 59 | * this is not known or recognized. The possible labels are the same as 60 | * those used in the main Burp UI. 61 | */ 62 | String getStatedMimeType(); 63 | 64 | /** 65 | * This method is used to obtain the MIME type of the response, as inferred 66 | * from the contents of the HTTP message body. 67 | * 68 | * @return A textual label for the inferred MIME type, or an empty String if 69 | * this is not known or recognized. The possible labels are the same as 70 | * those used in the main Burp UI. 71 | */ 72 | String getInferredMimeType(); 73 | } 74 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanIssue.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of Scanner issues. Extensions can 14 | * obtain details of issues by registering an 15 | * IScannerListener or by calling 16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add 17 | * custom Scanner issues by registering an 18 | * IScannerCheck or calling 19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own 20 | * implementations of this interface 21 | */ 22 | public interface IScanIssue 23 | { 24 | /** 25 | * This method returns the URL for which the issue was generated. 26 | * 27 | * @return The URL for which the issue was generated. 28 | */ 29 | java.net.URL getUrl(); 30 | 31 | /** 32 | * This method returns the name of the issue type. 33 | * 34 | * @return The name of the issue type (e.g. "SQL injection"). 35 | */ 36 | String getIssueName(); 37 | 38 | /** 39 | * This method returns a numeric identifier of the issue type. See the Burp 40 | * Scanner help documentation for a listing of all the issue types. 41 | * 42 | * @return A numeric identifier of the issue type. 43 | */ 44 | int getIssueType(); 45 | 46 | /** 47 | * This method returns the issue severity level. 48 | * 49 | * @return The issue severity level. Expected values are "High", "Medium", 50 | * "Low", "Information" or "False positive". 51 | * 52 | */ 53 | String getSeverity(); 54 | 55 | /** 56 | * This method returns the issue confidence level. 57 | * 58 | * @return The issue confidence level. Expected values are "Certain", "Firm" 59 | * or "Tentative". 60 | */ 61 | String getConfidence(); 62 | 63 | /** 64 | * This method returns a background description for this type of issue. 65 | * 66 | * @return A background description for this type of issue, or 67 | * null if none applies. 68 | */ 69 | String getIssueBackground(); 70 | 71 | /** 72 | * This method returns a background description of the remediation for this 73 | * type of issue. 74 | * 75 | * @return A background description of the remediation for this type of 76 | * issue, or 77 | * null if none applies. 78 | */ 79 | String getRemediationBackground(); 80 | 81 | /** 82 | * This method returns detailed information about this specific instance of 83 | * the issue. 84 | * 85 | * @return Detailed information about this specific instance of the issue, 86 | * or 87 | * null if none applies. 88 | */ 89 | String getIssueDetail(); 90 | 91 | /** 92 | * This method returns detailed information about the remediation for this 93 | * specific instance of the issue. 94 | * 95 | * @return Detailed information about the remediation for this specific 96 | * instance of the issue, or 97 | * null if none applies. 98 | */ 99 | String getRemediationDetail(); 100 | 101 | /** 102 | * This method returns the HTTP messages on the basis of which the issue was 103 | * generated. 104 | * 105 | * @return The HTTP messages on the basis of which the issue was generated. 106 | * Note: The items in this array should be instances of 107 | * IHttpRequestResponseWithMarkers if applicable, so that 108 | * details of the relevant portions of the request and response messages are 109 | * available. 110 | */ 111 | IHttpRequestResponse[] getHttpMessages(); 112 | 113 | /** 114 | * This method returns the HTTP service for which the issue was generated. 115 | * 116 | * @return The HTTP service for which the issue was generated. 117 | */ 118 | IHttpService getHttpService(); 119 | 120 | } 121 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IScanQueueItem.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanQueueItem.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of items in the Burp Scanner 14 | * active scan queue. Extensions can obtain references to scan queue items by 15 | * calling 16 | * IBurpExtenderCallbacks.doActiveScan(). 17 | */ 18 | public interface IScanQueueItem 19 | { 20 | /** 21 | * This method returns a description of the status of the scan queue item. 22 | * 23 | * @return A description of the status of the scan queue item. 24 | */ 25 | String getStatus(); 26 | 27 | /** 28 | * This method returns an indication of the percentage completed for the 29 | * scan queue item. 30 | * 31 | * @return An indication of the percentage completed for the scan queue 32 | * item. 33 | */ 34 | byte getPercentageComplete(); 35 | 36 | /** 37 | * This method returns the number of requests that have been made for the 38 | * scan queue item. 39 | * 40 | * @return The number of requests that have been made for the scan queue 41 | * item. 42 | */ 43 | int getNumRequests(); 44 | 45 | /** 46 | * This method returns the number of network errors that have occurred for 47 | * the scan queue item. 48 | * 49 | * @return The number of network errors that have occurred for the scan 50 | * queue item. 51 | */ 52 | int getNumErrors(); 53 | 54 | /** 55 | * This method returns the number of attack insertion points being used for 56 | * the scan queue item. 57 | * 58 | * @return The number of attack insertion points being used for the scan 59 | * queue item. 60 | */ 61 | int getNumInsertionPoints(); 62 | 63 | /** 64 | * This method allows the scan queue item to be canceled. 65 | */ 66 | void cancel(); 67 | 68 | /** 69 | * This method returns details of the issues generated for the scan queue 70 | * item. Note: different items within the scan queue may contain 71 | * duplicated versions of the same issues - for example, if the same request 72 | * has been scanned multiple times. Duplicated issues are consolidated in 73 | * the main view of scan results. Extensions can register an 74 | * IScannerListener to get details only of unique, newly 75 | * discovered Scanner issues post-consolidation. 76 | * 77 | * @return Details of the issues generated for the scan queue item. 78 | */ 79 | IScanIssue[] getIssues(); 80 | } 81 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IScannerCheck.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerCheck.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a 17 | * custom Scanner check. When performing scanning, Burp will ask the check to 18 | * perform active or passive scanning on the base request, and report any 19 | * Scanner issues that are identified. 20 | */ 21 | public interface IScannerCheck 22 | { 23 | /** 24 | * The Scanner invokes this method for each base request / response that is 25 | * passively scanned. Note: Extensions should not only analyze the 26 | * HTTP messages provided during passive scanning, and should not make any 27 | * new HTTP requests of their own. 28 | * 29 | * @param baseRequestResponse The base HTTP request / response that should 30 | * be passively scanned. 31 | * @return A list of 32 | * IScanIssue objects, or 33 | * null if no issues are identified. 34 | */ 35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse); 36 | 37 | /** 38 | * The Scanner invokes this method for each insertion point that is actively 39 | * scanned. Extensions may issue HTTP requests as required to carry out 40 | * active scanning, and should use the 41 | * IScannerInsertionPoint object provided to build scan 42 | * requests for particular payloads. Note: Extensions are responsible 43 | * for ensuring that attack payloads are suitably encoded within requests 44 | * (for example, by URL-encoding relevant metacharacters in the URL query 45 | * string). Encoding is not automatically carried out by the 46 | * IScannerInsertionPoint, because this would prevent Scanner 47 | * checks from testing for certain input filter bypasses. Extensions should 48 | * query the 49 | * IScannerInsertionPoint to determine its type, and apply any 50 | * encoding that may be appropriate. 51 | * 52 | * @param baseRequestResponse The base HTTP request / response that should 53 | * be actively scanned. 54 | * @param insertionPoint An 55 | * IScannerInsertionPoint object that can be queried to obtain 56 | * details of the insertion point being tested, and can be used to build 57 | * scan requests for particular payloads. 58 | * @return A list of 59 | * IScanIssue objects, or 60 | * null if no issues are identified. 61 | */ 62 | List doActiveScan( 63 | IHttpRequestResponse baseRequestResponse, 64 | IScannerInsertionPoint insertionPoint); 65 | 66 | /** 67 | * The Scanner invokes this method when the custom Scanner check has 68 | * reported multiple issues for the same URL path. This can arise either 69 | * because there are multiple distinct vulnerabilities, or because the same 70 | * (or a similar) request has been scanned more than once. The custom check 71 | * should determine whether the issues are duplicates. In most cases, where 72 | * a check uses distinct issue names or descriptions for distinct issues, 73 | * the consolidation process will simply be a matter of comparing these 74 | * features for the two issues. 75 | * 76 | * @param existingIssue An issue that was previously reported by this 77 | * Scanner check. 78 | * @param newIssue An issue at the same URL path that has been newly 79 | * reported by this Scanner check. 80 | * @return An indication of which issue(s) should be reported in the main 81 | * Scanner results. The method should return 82 | * -1 to report the existing issue only, 83 | * 0 to report both issues, and 84 | * 1 to report the new issue only. 85 | */ 86 | int consolidateDuplicateIssues( 87 | IScanIssue existingIssue, 88 | IScanIssue newIssue); 89 | } 90 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IScannerInsertionPointProvider.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPointProvider.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() 17 | * to register a factory for custom Scanner insertion points. 18 | */ 19 | public interface IScannerInsertionPointProvider 20 | { 21 | /** 22 | * When a request is actively scanned, the Scanner will invoke this method, 23 | * and the provider should provide a list of custom insertion points that 24 | * will be used in the scan. Note: these insertion points are used in 25 | * addition to those that are derived from Burp Scanner's configuration, and 26 | * those provided by any other Burp extensions. 27 | * 28 | * @param baseRequestResponse The base request that will be actively 29 | * scanned. 30 | * @return A list of 31 | * IScannerInsertionPoint objects that should be used in the 32 | * scanning, or 33 | * null if no custom insertion points are applicable for this 34 | * request. 35 | */ 36 | List getInsertionPoints( 37 | IHttpRequestResponse baseRequestResponse); 38 | } 39 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IScannerListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScannerListener() to register a 15 | * Scanner listener. The listener will be notified of new issues that are 16 | * reported by the Scanner tool. Extensions can perform custom analysis or 17 | * logging of Scanner issues by registering a Scanner listener. 18 | */ 19 | public interface IScannerListener 20 | { 21 | /** 22 | * This method is invoked when a new issue is added to Burp Scanner's 23 | * results. 24 | * 25 | * @param issue An 26 | * IScanIssue object that the extension can query to obtain 27 | * details about the new issue. 28 | */ 29 | void newScanIssue(IScanIssue issue); 30 | } 31 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/IScopeChangeListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScopeChangeListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register 15 | * a scope change listener. The listener will be notified whenever a change 16 | * occurs to Burp's suite-wide target scope. 17 | */ 18 | public interface IScopeChangeListener 19 | { 20 | /** 21 | * This method is invoked whenever a change occurs to Burp's suite-wide 22 | * target scope. 23 | */ 24 | void scopeChanged(); 25 | } 26 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/ISessionHandlingAction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ISessionHandlingAction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to 15 | * register a custom session handling action. Each registered action will be 16 | * available within the session handling rule UI for the user to select as a 17 | * rule action. Users can choose to invoke an action directly in its own right, 18 | * or following execution of a macro. 19 | */ 20 | public interface ISessionHandlingAction 21 | { 22 | /** 23 | * This method is used by Burp to obtain the name of the session handling 24 | * action. This will be displayed as an option within the session handling 25 | * rule editor when the user selects to execute an extension-provided 26 | * action. 27 | * 28 | * @return The name of the action. 29 | */ 30 | String getActionName(); 31 | 32 | /** 33 | * This method is invoked when the session handling action should be 34 | * executed. This may happen as an action in its own right, or as a 35 | * sub-action following execution of a macro. 36 | * 37 | * @param currentRequest The base request that is currently being processed. 38 | * The action can query this object to obtain details about the base 39 | * request. It can issue additional requests of its own if necessary, and 40 | * can use the setter methods on this object to update the base request. 41 | * @param macroItems If the action is invoked following execution of a 42 | * macro, this parameter contains the result of executing the macro. 43 | * Otherwise, it is 44 | * null. Actions can use the details of the macro items to 45 | * perform custom analysis of the macro to derive values of non-standard 46 | * session handling tokens, etc. 47 | */ 48 | void performAction( 49 | IHttpRequestResponse currentRequest, 50 | IHttpRequestResponse[] macroItems); 51 | } 52 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/ITab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide Burp with details of a custom tab that will 16 | * be added to Burp's UI, using a method such as 17 | * IBurpExtenderCallbacks.addSuiteTab(). 18 | */ 19 | public interface ITab 20 | { 21 | /** 22 | * Burp uses this method to obtain the caption that should appear on the 23 | * custom tab when it is displayed. 24 | * 25 | * @return The caption that should appear on the custom tab when it is 26 | * displayed. 27 | */ 28 | String getTabCaption(); 29 | 30 | /** 31 | * Burp uses this method to obtain the component that should be used as the 32 | * contents of the custom tab when it is displayed. 33 | * 34 | * @return The component that should be used as the contents of the custom 35 | * tab when it is displayed. 36 | */ 37 | Component getUiComponent(); 38 | } 39 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/ITempFile.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITempFile.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details of a temporary file that has been 14 | * created via a call to 15 | * IBurpExtenderCallbacks.saveToTempFile(). 16 | * 17 | */ 18 | public interface ITempFile 19 | { 20 | /** 21 | * This method is used to retrieve the contents of the buffer that was saved 22 | * in the temporary file. 23 | * 24 | * @return The contents of the buffer that was saved in the temporary file. 25 | */ 26 | byte[] getBuffer(); 27 | 28 | /** 29 | * This method is used to permanently delete the temporary file when it is 30 | * no longer required. 31 | */ 32 | void delete(); 33 | } 34 | -------------------------------------------------------------------------------- /ext/burp_interfaces/burp/ITextEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITextEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's raw 16 | * text editor, for the extension to use in its own UI. Extensions should call 17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance 18 | * of this interface. 19 | */ 20 | public interface ITextEditor 21 | { 22 | /** 23 | * This method returns the UI component of the editor, for extensions to add 24 | * to their own UI. 25 | * 26 | * @return The UI component of the editor. 27 | */ 28 | Component getComponent(); 29 | 30 | /** 31 | * This method is used to control whether the editor is currently editable. 32 | * This status can be toggled on and off as required. 33 | * 34 | * @param editable Indicates whether the editor should be currently 35 | * editable. 36 | */ 37 | void setEditable(boolean editable); 38 | 39 | /** 40 | * This method is used to update the currently displayed text in the editor. 41 | * 42 | * @param text The text to be displayed. 43 | */ 44 | void setText(byte[] text); 45 | 46 | /** 47 | * This method is used to retrieve the currently displayed text. 48 | * 49 | * @return The currently displayed text. 50 | */ 51 | byte[] getText(); 52 | 53 | /** 54 | * This method is used to determine whether the user has modified the 55 | * contents of the editor. 56 | * 57 | * @return An indication of whether the user has modified the contents of 58 | * the editor since the last call to 59 | * setText(). 60 | */ 61 | boolean isTextModified(); 62 | 63 | /** 64 | * This method is used to obtain the currently selected text. 65 | * 66 | * @return The currently selected text, or 67 | * null if the user has not made any selection. 68 | */ 69 | byte[] getSelectedText(); 70 | 71 | /** 72 | * This method can be used to retrieve the bounds of the user's selection 73 | * into the displayed text, if applicable. 74 | * 75 | * @return An int[2] array containing the start and end offsets of the 76 | * user's selection within the displayed text. If the user has not made any 77 | * selection in the current message, both offsets indicate the position of 78 | * the caret within the editor. 79 | */ 80 | int[] getSelectionBounds(); 81 | 82 | /** 83 | * This method is used to update the search expression that is shown in the 84 | * search bar below the editor. The editor will automatically highlight any 85 | * regions of the displayed text that match the search expression. 86 | * 87 | * @param expression The search expression. 88 | */ 89 | void setSearchExpression(String expression); 90 | } 91 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/console_frame.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class ConsoleFrame < Java::JavaxSwing::JFrame 4 | attr_accessor :burp, :pane 5 | def initialize(burp_extender, pane, opts = {}, &block) 6 | @burp = burp_extender 7 | @pane = pane 8 | 9 | blck = lambda do |event| 10 | if event.getID == Java::JavaAwtEvent::WindowEvent::WINDOW_CLOSING 11 | @pane.tar.shutdown 12 | self.dispose 13 | end 14 | end 15 | 16 | super(opts[:title] || 'JRuby IRB Console (tab will autocomplete)') 17 | set_size(*(opts[:size] || [700, 600])) 18 | content_pane.add(@pane) 19 | addWindowStateListener &blck 20 | addWindowListener &blck 21 | 22 | if block_given? 23 | addWindowStateListener &block 24 | addWindowListener &block 25 | end 26 | 27 | @burp.callbacks.customizeUiComponent self 28 | Java::JavaAwt::EventQueue.invoke_later { 29 | self.visible = true 30 | } 31 | end 32 | end 33 | end 34 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/console_pane.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class ConsolePane < Java::JavaxSwing::JScrollPane 4 | HEADER = " Welcome to the Burp JRuby IRB Console [#{JRUBY_VERSION} (#{RUBY_VERSION})]\n\n" 5 | attr_accessor :text, :tar 6 | def initialize 7 | super 8 | @text = Java::JavaxSwing::JTextPane.new 9 | @text.font = find_font('Monospaced', Java::JavaAwt::Font::PLAIN, 14, 'Anonymous Pro', 'Anonymous', 'Monaco', 'Andale Mono') 10 | @text.margin = Java::JavaAwt::Insets.new(8,8,8,8) 11 | @text.caret_color = Java::JavaAwt::Color.new(0xa40000) 12 | @text.background = Java::JavaAwt::Color.new(0xf2f2f2) 13 | @text.foreground = Java::JavaAwt::Color.new(0xa40000) 14 | self.viewport_view = @text 15 | @tar = begin 16 | Java::OrgJrubyDemo::TextAreaReadline.new(@text, HEADER) 17 | rescue NameError 18 | require 'readline' 19 | Java::OrgJrubyDemoReadline::TextAreaReadline.new(text, HEADER) 20 | end 21 | 22 | JRuby.objectspace = true # useful for code completion 23 | @tar.hook_into_runtime_with_streams(JRuby.runtime) 24 | end 25 | 26 | # Try to find preferred font family, use otherwise -- err -- otherwise 27 | def find_font(otherwise, style, size, *families) 28 | avail_families = Java::JavaAwt::GraphicsEnvironment.local_graphics_environment.available_font_family_names 29 | fontname = families.find(proc {otherwise}) { |name| avail_families.include? name } 30 | Java::JavaAwt::Font.new(fontname, style, size) 31 | end 32 | end 33 | end 34 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/console_tab.rb: -------------------------------------------------------------------------------- 1 | require 'buby/version' 2 | 3 | class BurpExtender 4 | # @api private 5 | class ConsoleTab 6 | include Java::Burp::ITab 7 | attr_accessor :ui_component, :tab_caption 8 | CAPTION = "Buby v#{Buby::Version::STRING}" 9 | 10 | def initialize component, caption = nil 11 | @ui_component = component 12 | @tab_caption = caption || CAPTION 13 | end 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/context_menu.rb: -------------------------------------------------------------------------------- 1 | require 'buby/burp_extender/context_menu_item' 2 | 3 | # @api private 4 | class BurpExtender 5 | # @api private 6 | class ContextMenu < Java::JavaxSwing::JMenu 7 | attr_accessor :burp, :invocation 8 | def initialize burp_extender, invocation 9 | @burp = burp_extender 10 | @invocation = invocation 11 | super 'Buby' 12 | 13 | if @burp.frame 14 | self.add(ContextMenuItem.new('Move console to tab', @burp, @invocation) do |event| 15 | burp = event.source.burp 16 | invocation = event.source.invocation 17 | burp.move_to_tab 18 | end) 19 | else 20 | self.add(ContextMenuItem.new('Move console to window', @burp, @invocation) do |event| 21 | burp = event.source.burp 22 | invocation = event.source.invocation 23 | burp.move_to_window 24 | end) 25 | 26 | end 27 | end 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/context_menu_factory.rb: -------------------------------------------------------------------------------- 1 | require 'buby/burp_extender/context_menu' 2 | 3 | class BurpExtender 4 | # @api private 5 | class ContextMenuFactory 6 | attr_accessor :burp 7 | include Java::Burp::IContextMenuFactory 8 | def initialize burp_extender 9 | @burp = burp_extender 10 | end 11 | 12 | def createMenuItems invocation 13 | pp [:createMenuItems, invocation] if $DEBUG 14 | [BurpExtender::ContextMenu.new(@burp, invocation)] 15 | end 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/context_menu_item.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class ContextMenuItem < Java::JavaxSwing::JMenuItem 4 | attr_accessor :invocation, :burp 5 | def initialize text, burp_extender, invocation, &block 6 | super text 7 | @invocation = invocation 8 | @burp = burp_extender 9 | 10 | addActionListener &block 11 | end 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/jcheck_box_menu_item.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | class JCheckBoxMenuItem < Java::JavaxSwing::JCheckBoxMenuItem 3 | attr_accessor :burp 4 | def initialize(burp_extender, *args, &block) 5 | super *args 6 | @burp = burp_extender 7 | if block_given? 8 | addActionListener &block 9 | end 10 | end 11 | end 12 | end -------------------------------------------------------------------------------- /lib/buby/burp_extender/jmenu.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class JMenu < Java::JavaxSwing::JMenu 4 | attr_accessor :burp 5 | def initialize burp_extender, name = nil 6 | name ||= burp_extender.handler.class.name 7 | @burp = burp_extender 8 | super name 9 | end 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/jmenu_item.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class JMenuItem < Java::JavaxSwing::JMenuItem 4 | attr_accessor :burp 5 | def initialize text, burp_extender, &block 6 | super text 7 | @burp = burp_extender 8 | 9 | addActionListener &block 10 | end 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/menu.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class Menu < Java::JavaAwt::Menu 4 | attr_accessor :burp 5 | def initialize burp_extender, name = nil 6 | name ||= burp_extender.handler.class.name 7 | @burp = burp_extender 8 | super name 9 | end 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /lib/buby/burp_extender/menu_item.rb: -------------------------------------------------------------------------------- 1 | class BurpExtender 2 | # @api private 3 | class MenuItem < Java::JavaAwt::MenuItem 4 | attr_accessor :burp 5 | def initialize text, burp_extender, &block 6 | super text 7 | @burp = burp_extender 8 | 9 | addActionListener &block 10 | end 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /lib/buby/context_menu_factory.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # IBurpExtenderCallbacks.registerContextMenuFactory() to register 4 | # a factory for custom context menu items. 5 | # 6 | class ContextMenuFactory 7 | include Java::Burp::IContextMenuFactory 8 | 9 | # This method will be called by Burp when the user invokes a context menu 10 | # anywhere within Burp. The factory can then provide any custom context 11 | # menu items that should be displayed in the context menu, based on the 12 | # details of the menu invocation. 13 | # Implementations should call super 14 | # 15 | # @param [IContextMenuInvocation] invocation An object the extension can 16 | # query to obtain details of the context menu invocation. 17 | # @return [Array] A list of custom menu items (which may include 18 | # sub-menus, checkbox menu items, etc.) that should be displayed. 19 | # Extensions may return +nil+ from this method, to indicate that no menu 20 | # items are required. 21 | # @deprecated 22 | # 23 | def self.createMenuItems invocation 24 | pp [:got_create_menu_items, invocation] if $DEBUG 25 | Buby::Implants::ContextMenuInvocation.implant invocation 26 | nil 27 | end 28 | 29 | # This method will be called by Burp when the user invokes a context menu 30 | # anywhere within Burp. The factory can then provide any custom context 31 | # menu items that should be displayed in the context menu, based on the 32 | # details of the menu invocation. 33 | # This method calls create_menu_items after implanting the invocation class. 34 | # Redefine to bypass this behavior 35 | # 36 | # @param [IContextMenuInvocation] invocation An object the extension can 37 | # query to obtain details of the context menu invocation. 38 | # @return [Array] A list of custom menu items (which may include 39 | # sub-menus, checkbox menu items, etc.) that should be displayed. 40 | # Extensions may return +nil+ from this method, to indicate that no menu 41 | # items are required. 42 | # 43 | def createMenuItems invocation 44 | pp [:got_create_menu_items, invocation] if $DEBUG 45 | create_menu_items Buby::Implants::ContextMenuInvocation.implant(invocation) 46 | end 47 | 48 | # This method will be called by Burp when the user invokes a context menu 49 | # anywhere within Burp. The factory can then provide any custom context 50 | # menu items that should be displayed in the context menu, based on the 51 | # details of the menu invocation. 52 | # 53 | # @param [IContextMenuInvocation] invocation An object the extension can 54 | # query to obtain details of the context menu invocation. 55 | # @return [Array] A list of custom menu items (which may include 56 | # sub-menus, checkbox menu items, etc.) that should be displayed. 57 | # Extensions may return +nil+ from this method, to indicate that no menu 58 | # items are required. 59 | # 60 | def create_menu_items invocation 61 | nil 62 | end 63 | end 64 | end 65 | -------------------------------------------------------------------------------- /lib/buby/cookie.rb: -------------------------------------------------------------------------------- 1 | require 'cgi' 2 | 3 | class Buby 4 | # This class is used to hold details about an HTTP cookie. Implements the 5 | # +burp.ICookie+ interface 6 | # 7 | class Cookie < CGI::Cookie 8 | include Java::Burp::ICookie 9 | 10 | # This method is used to retrieve the domain for which the cookie is in 11 | # scope. 12 | # 13 | # @return [String] The domain for which the cookie is in scope. 14 | def getDomain 15 | @domain 16 | end 17 | 18 | # This method is used to retrieve the expiration time for the cookie. 19 | # 20 | # @return [java.util.Date] The expiration time for the cookie, or +nil+ if 21 | # none is set (i.e., for non-persistent session cookies). 22 | # 23 | def getExpiration; @expires; end 24 | 25 | # This method is used to retrieve the name of the cookie. 26 | # 27 | # @return [String] The name of the cookie. 28 | # 29 | def getName; @name; end 30 | 31 | # This method is used to retrieve the value of the cookie. 32 | # 33 | # @return [String] The value of the cookie. 34 | # 35 | def getValue; join("&"); end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /lib/buby/http_listener.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerHttpListener} to register an HTTP listener. The listener will 4 | # be notified of requests and responses made by any Burp tool. Extensions can 5 | # perform custom analysis or modification of these messages by registering an 6 | # HTTP listener. 7 | # 8 | class HttpListener 9 | include Java::Burp::IHttpListener 10 | 11 | # This method is invoked when an HTTP request is about to be issued, and 12 | # when an HTTP response has been received. 13 | # 14 | # @param [Fixnum, Symbol] toolFlag A flag indicating the Burp tool that 15 | # issued the request. Burp tool flags are defined in the 16 | # +IBurpExtenderCallbacks+ interface and {Buby}. 17 | # @param [Boolean] messageIsRequest Flags whether the method is being 18 | # invoked for a request or response. 19 | # @param [IHttpRequestResponse] messageInfo Details of the request/response 20 | # to be processed. Extensions can call the setter methods on this object 21 | # to update the current message and so modify Burp's behavior. 22 | # 23 | # @return void 24 | # 25 | # @todo move HttpRequestResponse to new implant scheme 26 | def processHttpMessage(toolFlag, messageIsRequest, messageInfo) 27 | pp [:got_processHttpMessage, toolFlag, messageIsRequest, messageInfo] if $DEBUG 28 | Buby::HttpRequestResponseHelper.implant(messageInfo) 29 | end 30 | end 31 | end -------------------------------------------------------------------------------- /lib/buby/implants.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # @todo document 3 | module Implants 4 | module Proxy 5 | def implanted? 6 | true 7 | end 8 | end 9 | end 10 | end 11 | 12 | require 'buby/implants/jruby' 13 | require 'buby/implants/buby_array_wrapper' 14 | require 'buby/implants/context_menu_invocation' 15 | require 'buby/implants/cookie' 16 | require 'buby/implants/extension_helpers' 17 | require 'buby/implants/http_request_response' 18 | require 'buby/implants/intercepted_proxy_message' 19 | require 'buby/implants/intruder_attack' 20 | require 'buby/implants/message_editor' 21 | require 'buby/implants/message_editor_controller' 22 | require 'buby/implants/parameter' 23 | require 'buby/implants/request_info' 24 | require 'buby/implants/response_info' 25 | require 'buby/implants/scanner_insertion_point' 26 | require 'buby/implants/scan_issue' 27 | require 'buby/implants/scan_queue_item' 28 | require 'buby/implants/temp_file' 29 | require 'buby/implants/text_editor' 30 | -------------------------------------------------------------------------------- /lib/buby/implants/buby_array_wrapper.rb: -------------------------------------------------------------------------------- 1 | 2 | class Buby 3 | # @deprecated 4 | class BubyArrayWrapper 5 | include Enumerable 6 | 7 | attr_reader :array_obj 8 | 9 | def initialize(obj) 10 | @array_obj = obj 11 | end 12 | 13 | def [](*args) 14 | if args.size == 1 and args.first.kind_of? Numeric 15 | self.array_obj[args[0]] 16 | else 17 | self.to_a(*args) 18 | end 19 | end 20 | 21 | def each 22 | self.array_obj.size.times do |idx| 23 | yield self.array_obj[idx] 24 | end 25 | end 26 | 27 | def size 28 | self.array_obj.size 29 | end 30 | alias length size 31 | 32 | def first 33 | return(self.array_obj[0]) if(self.size > 0) 34 | end 35 | 36 | def last 37 | return self.array_obj[self.size - 1] if(self.size > 0) 38 | end 39 | 40 | end 41 | 42 | end 43 | -------------------------------------------------------------------------------- /lib/buby/implants/cookie.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to hold details about an HTTP cookie. 4 | # 5 | # @note This module is used to extend the ICookie interface implementation 6 | # java class at runtime. 7 | module Cookie 8 | # This method is used to retrieve the expiration time for the cookie. 9 | # 10 | # @return [Time] The expiration time for the cookie, or +nil+ if none is 11 | # set (i.e., for non-persistent session cookies). 12 | # 13 | def getExpiration 14 | ret = __getExpiration 15 | ret.nil? ? ret : Time.at(ret.time/1000.0) 16 | end 17 | 18 | # Install ourselves into the current +ICookie+ java class 19 | # @param [ICookie] cookie instance 20 | # 21 | def self.implant(cookie) 22 | unless cookie.implanted? || cookie.nil? 23 | pp [:implanting, cookie, cookie.class] if $DEBUG 24 | cookie.class.class_exec(cookie) do |cookie| 25 | a_methods = %w{ 26 | getExpiration 27 | } 28 | a_methods.each do |meth| 29 | pp ["__" + meth, self] if $DEBUG 30 | alias_method "__"+meth.to_s, meth 31 | end 32 | include Buby::Implants::Cookie 33 | a_methods.each do |meth| 34 | pp [meth, self] if $DEBUG 35 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 36 | pp [ruby_meth, meth, self] if $DEBUG 37 | define_method ruby_meth, Buby::Implants::Cookie.instance_method(meth) 38 | end 39 | end 40 | include Buby::Implants::Proxy 41 | end 42 | end 43 | cookie 44 | end 45 | end 46 | end 47 | end 48 | -------------------------------------------------------------------------------- /lib/buby/implants/http_request_response.rb: -------------------------------------------------------------------------------- 1 | require 'uri' 2 | 3 | class Buby 4 | # @todo bring IHttpRequestResponse into the now. 5 | 6 | # @deprecated no longer needed in JRuby 7 | class HttpRequestResponseList < BubyArrayWrapper 8 | def initialize(obj) 9 | HttpRequestResponseHelper.implant(obj[0]) if obj.size > 0 10 | super(obj) 11 | end 12 | 13 | end 14 | 15 | # @deprecated This will change to the new Buby::Implants style in the next 16 | # release. The interface methods will be overwritten to be Ruby-like 17 | # themselves. If the standard Java implententation is still desired, use the 18 | # +__method+ version (e.g. +#__response+ or +#__request+). 19 | module HttpRequestResponseHelper 20 | 21 | # returns the response as a Ruby String object - returns an empty string 22 | # if response is nil. 23 | # @deprecated 24 | def response_str 25 | return response().nil? ? "" : ::String.from_java_bytes(response()) 26 | end 27 | alias response_string response_str 28 | alias rsp_str response_str 29 | 30 | 31 | # returns an array of response headers split into header name and value. 32 | # For example: 33 | # [ 34 | # ["HTTP/1.1 301 Moved Permanently"], 35 | # ["Server", "Apache/1.3.41 ..."], 36 | # ... 37 | # ] 38 | def response_headers 39 | if headers=(@rsp_split ||= rsp_str.split(/\r?\n\r?\n/, 2))[0] 40 | @rsp_headers ||= headers.split(/\r?\n/).map {|h| h.split(/\s*:\s*/,2)} 41 | end 42 | end 43 | alias rsp_headers response_headers 44 | 45 | # Returns the message body of the response, minus headers 46 | def response_body 47 | (@rsp_split ||= rsp_str.split(/\r?\n\r?\n/, 2))[1] 48 | end 49 | alias rsp_body response_body 50 | 51 | 52 | # Returns the full request as a Ruby String - returns an empty string if 53 | # request is nil. 54 | # @deprecated 55 | def request_str 56 | return request().nil? ? "" : ::String.from_java_bytes(request()) 57 | end 58 | alias request_string request_str 59 | alias req_str request_str 60 | 61 | 62 | # Returns a split array of headers. Example: 63 | # [ 64 | # ["GET / HTTP/1.1"], 65 | # ["Host", "www.example.org"], 66 | # ["User-Agent", "Mozilla/5.0 (..."], 67 | # ... 68 | # ] 69 | def request_headers 70 | if headers=(@req_split ||= req_str.split(/\r?\n\r?\n/, 2))[0] 71 | @req_headers ||= headers.split(/\r?\n/).map {|h| h.split(/\s*:\s*/,2)} 72 | end 73 | end 74 | alias req_headers request_headers 75 | 76 | 77 | # Returns the request message body or an empty string if there is none. 78 | def request_body 79 | (@req_split ||= req_str.split(/\r?\n\r?\n/, 2))[1] 80 | end 81 | alias req_body request_body 82 | 83 | 84 | # Returns a Ruby URI object derived from the java.net.URL object 85 | def uri 86 | @uri ||= URI.parse url.to_s if not url.nil? 87 | end 88 | 89 | 90 | # one-shot method to implant ourselves onto a target object's class 91 | # interface in ruby. All later instances will also get 'us' for free! 92 | def self.implant(base) 93 | return if @implanted 94 | base.class.instance_eval { include(HttpRequestResponseHelper) } 95 | @implanted = true 96 | end 97 | 98 | 99 | def self.implanted? ; @implanted; end 100 | end 101 | 102 | end 103 | -------------------------------------------------------------------------------- /lib/buby/implants/intercepted_proxy_message.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | 4 | # This interface is used to represent an HTTP message that has been 5 | # intercepted by Burp Proxy. Extensions can register an +IProxyListener+ to 6 | # receive details of proxy messages using this interface. 7 | # 8 | module InterceptedProxyMessage 9 | FOLLOW_RULES = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES 10 | DO_INTERCEPT = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT 11 | DONT_INTERCEPT = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT 12 | DROP = Java::Burp::IInterceptedProxyMessage::ACTION_DROP 13 | FOLLOW_RULES_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES_AND_REHOOK 14 | DO_INTERCEPT_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT_AND_REHOOK 15 | DONT_INTERCEPT_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT_AND_REHOOK 16 | 17 | # This method retrieves details of the intercepted message. 18 | # 19 | # @return [IHttpRequestResponse] object containing details of the 20 | # intercepted message. 21 | # 22 | # @todo IHttpRequestResponse 23 | def getMessageInfo 24 | __getMessageInfo.tap{|msg| Buby::HttpRequestResponseHelper.implant(msg)} 25 | end 26 | 27 | # Install ourselves into the current +IInterceptedProxyMessage+ java class 28 | # @param [IInterceptedProxyMessage] message 29 | # 30 | def self.implant(message) 31 | unless message.implanted? || message.nil? 32 | pp [:implanting, message, message.class] if $DEBUG 33 | message.class.class_exec(message) do |message| 34 | a_methods = %w{ 35 | getMessageInfo 36 | } 37 | a_methods.each do |meth| 38 | alias_method "__"+meth.to_s, meth 39 | end 40 | include Buby::Implants::InterceptedProxyMessage 41 | a_methods.each do |meth| 42 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 43 | define_method ruby_meth, Buby::Implants::InterceptedProxyMessage.instance_method(meth) 44 | end 45 | end 46 | include Buby::Implants::Proxy 47 | end 48 | end 49 | message 50 | end 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /lib/buby/implants/intruder_attack.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to hold details about an Intruder attack. 4 | # 5 | module IntruderAttack 6 | # This method is used to retrieve the request template for the attack. 7 | # 8 | # @return [String] The request template for the attack. 9 | # 10 | def getRequestTemplate 11 | pp [:got_getRequestTemplate] if $DEBUG 12 | String.from_java_bytes __getRequestTemplate 13 | end 14 | 15 | # Install ourselves into the current +IIntruderAttack+ java class 16 | # @param [IIntruderAttack] attack 17 | # 18 | def self.implant(attack) 19 | unless attack.implanted? || attack.nil? 20 | pp [:implanting, attack, attack.class] if $DEBUG 21 | attack.class.class_exec(attack) do |attack| 22 | a_methods = %w{ 23 | getRequestTemplate 24 | } 25 | a_methods.each do |meth| 26 | alias_method "__"+meth.to_s, meth 27 | end 28 | include Buby::Implants::IntruderAttack 29 | a_methods.each do |meth| 30 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 31 | define_method ruby_meth, Buby::Implants::IntruderAttack.instance_method(meth) 32 | end 33 | end 34 | include Buby::Implants::Proxy 35 | end 36 | end 37 | attack 38 | end 39 | 40 | end 41 | end 42 | end -------------------------------------------------------------------------------- /lib/buby/implants/jruby.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | module Object 4 | def implanted?(klass = nil) 5 | self.class.ancestors.include?(klass) 6 | end 7 | 8 | def unique_methods regular = true 9 | klass = self.class 10 | meths = self.methods regular 11 | while (klass != ::Object) 12 | meths -= JRuby.reference(klass).getMethods.each_with_object([]){|meth, arr| arr << meth.first.intern if meth.last.kind_of?(Java::OrgJrubyInternalRuntimeMethods::AliasMethod)} 13 | klass = klass.superclass 14 | end 15 | meths 16 | end 17 | end 18 | 19 | unless [].respond_to?(:each_with_object) 20 | module Enumerable 21 | # XXX backport for 1.8.7 22 | def each_with_object(memo) 23 | inject(memo) do |memo, item| 24 | yield item, memo 25 | memo 26 | end 27 | end 28 | end 29 | end 30 | 31 | module JavaClass 32 | def ruby_names_for_java_method meth 33 | self_java_ref = JRuby.reference(self).javaClass 34 | target_methods = self_java_ref.getMethods.group_by{|jmeth| jmeth.name}[meth.to_s] 35 | Java::OrgJrubyJavasupport::JavaUtil.getRubyNamesForJavaName(target_methods.first.name, target_methods) 36 | end 37 | 38 | # copies wrapper_id method to java_id and all ruby-like aliases 39 | # used to re-attach java method proxies to new call wrapper 40 | # 41 | # @param java_id target java method (the original java method name) 42 | def rewrap_java_method java_id 43 | ruby_names_for_java_method(java_id).each do |ruby_name| 44 | alias_method(ruby_name, java_id) unless wrapper_id == ruby_name 45 | end 46 | end 47 | end 48 | 49 | module URL 50 | def inspect 51 | if $DEBUG 52 | super.insert(-2, ": #{self.to_s} ") 53 | else 54 | self.to_s 55 | end 56 | end 57 | end 58 | end 59 | end 60 | 61 | class Object 62 | include Buby::Implants::Object 63 | end 64 | 65 | module Enumerable 66 | include Buby::Implants::Enumerable unless [].respond_to?(:each_with_object) 67 | end 68 | 69 | module Java 70 | module JavaNet 71 | class URL 72 | include Buby::Implants::URL 73 | end 74 | end 75 | 76 | class JavaClass 77 | include Buby::Implants::JavaClass 78 | end 79 | end 80 | 81 | -------------------------------------------------------------------------------- /lib/buby/implants/message_editor.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to provide extensions with an instance of Burp's 4 | # HTTP message editor, for the extension to use in its own UI. Extensions 5 | # should call {Buby#createMessageEditor} to obtain an instance of this 6 | # interface. 7 | # 8 | module MessageEditor 9 | # This method is used to display an HTTP message in the editor. 10 | # 11 | # @param [Array, String, IHttpRequestResponse] message The HTTP message to be displayed. 12 | # @param [Boolean] isRequest Flags whether the message is an HTTP request 13 | # or response. 14 | # @return [void] 15 | # 16 | def setMessage(message, isRequest = true) 17 | if message.kind_of? Java::Burp::IHttpRequestResponse 18 | message = isRequest ? message.request : message.response 19 | end 20 | message = message.to_java_bytes if message.respond_to? :to_java_bytes 21 | message = message.to_java :byte if message.kind_of? Array 22 | __setMessage(message, isRequest) 23 | end 24 | 25 | # This method is used to retrieve the currently displayed message, which 26 | # may have been modified by the user. 27 | # 28 | # @return [String] The currently displayed HTTP message. 29 | # 30 | def getMessage 31 | String.from_java_bytes __getMessage 32 | end 33 | 34 | # This method returns the data that is currently selected by the user. 35 | # 36 | # @return [String, nil] The data that is currently selected by the user, 37 | # or +nil+ if no selection is made. 38 | # 39 | def getSelectedData 40 | ret = __getSelectedData 41 | ret ? String.from_java_bytes(ret) : ret 42 | end 43 | 44 | # Install ourselves into the current +IMessageEditor+ java class 45 | # @param [IMessageEditor] editor 46 | # 47 | def self.implant(editor) 48 | unless editor.implanted? || editor.nil? 49 | pp [:implanting, editor, editor.class] if $DEBUG 50 | editor.class.class_exec(editor) do |editor| 51 | a_methods = %w{ 52 | setMessage 53 | getMessage 54 | getSelectedData 55 | } 56 | a_methods.each do |meth| 57 | alias_method "__"+meth.to_s, meth 58 | end 59 | include Buby::Implants::MessageEditor 60 | a_methods.each do |meth| 61 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 62 | define_method ruby_meth, Buby::Implants::MessageEditor.instance_method(meth) 63 | end 64 | end 65 | include Buby::Implants::Proxy 66 | end 67 | end 68 | editor 69 | end 70 | 71 | end 72 | end 73 | end 74 | -------------------------------------------------------------------------------- /lib/buby/implants/message_editor_controller.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used by an +IMessageEditor+ to obtain details about the 4 | # currently displayed message. Extensions that create instances of Burp's 5 | # HTTP message editor can optionally provide an implementation of 6 | # +IMessageEditorController+, which the editor will invoke when it requires 7 | # further information about the current message (for example, to send it to 8 | # another Burp tool). Extensions that provide custom editor tabs via an 9 | # +IMessageEditorTabFactory+ will receive a reference to an 10 | # +IMessageEditorController+ object for each tab instance they generate, 11 | # which the tab can invoke if it requires further information about the 12 | # current message. 13 | # 14 | module MessageEditorController 15 | # This method is used to retrieve the HTTP request associated with the 16 | # current message (which may itself be a response). 17 | # 18 | # @return [String] The HTTP request associated with the current message. 19 | # 20 | def getRequest 21 | String.from_java_bytes __getRequest 22 | end 23 | 24 | # This method is used to retrieve the HTTP response associated with the 25 | # current message (which may itself be a request). 26 | # 27 | # @return [String] The HTTP response associated with the current message. 28 | # 29 | def getResponse 30 | String.from_java_bytes __getResponse 31 | end 32 | 33 | # Install ourselves into the current +IMessageEditorController+ java class 34 | # @param [IMessageEditorController] controller 35 | # 36 | def self.implant(controller) 37 | unless controller.implanted? || controller.nil? 38 | pp [:implanting, controller, controller.class] if $DEBUG 39 | controller.class.class_exec(controller) do |controller| 40 | a_methods = %w{ 41 | getRequest 42 | getResponse 43 | } 44 | a_methods.each do |meth| 45 | alias_method "__"+meth.to_s, meth 46 | end 47 | include Buby::Implants::MessageEditorController 48 | a_methods.each do |meth| 49 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 50 | define_method ruby_meth, Buby::Implants::MessageEditorController.instance_method(meth) 51 | end 52 | end 53 | include Buby::Implants::Proxy 54 | end 55 | end 56 | controller 57 | end 58 | end 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /lib/buby/implants/parameter.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to hold details about an HTTP request parameter. 4 | # 5 | module Parameter 6 | 7 | # This method is used to retrieve the start offset of the parameter name 8 | # within the HTTP request. 9 | # 10 | # @return [Fixnum, nil] The start offset of the parameter name within 11 | # the HTTP request, or +nil+ if the parameter is not associated with a 12 | # specific request. 13 | # 14 | def getNameStart 15 | ret = __getNameStart 16 | ret == -1 ? nil : ret 17 | end 18 | 19 | # This method is used to retrieve the end offset of the parameter name 20 | # within the HTTP request. 21 | # 22 | # @return [Fixnum, nil] The end offset of the parameter name within the 23 | # HTTP request, or +nil+ if the parameter is not associated with a 24 | # specific request. 25 | # 26 | def getNameEnd 27 | ret = __getNameEnd 28 | ret == -1 ? nil : ret 29 | end 30 | 31 | # This method is used to retrieve the start offset of the parameter 32 | # value within the HTTP request. 33 | # 34 | # @return [Fixnum, nil] The start offset of the parameter value within 35 | # the HTTP request, or +nil+ if the parameter is not associated with a 36 | # specific request. 37 | # 38 | def getValueStart 39 | ret = __getValueStart 40 | ret == -1 ? nil : ret 41 | end 42 | 43 | # This method is used to retrieve the end offset of the parameter value 44 | # within the HTTP request. 45 | # 46 | # @return [Fixnum, nil] The end offset of the parameter value within the 47 | # HTTP request, or +nil+ if the parameter is not associated with a 48 | # specific request. 49 | # 50 | def getValueEnd 51 | ret = __getValueEnd 52 | ret == -1 ? nil : ret 53 | end 54 | 55 | # Install ourselves into the current +IParameter+ java class 56 | # @param [IParameter] parameter 57 | # 58 | def self.implant(parameter) 59 | unless parameter.implanted? || parameter.nil? 60 | pp [:implanting, parameter, parameter.class] if $DEBUG 61 | parameter.class.class_exec(parameter) do |parameter| 62 | a_methods = %w{ 63 | getNameStart 64 | getNameEnd 65 | getValueEnd 66 | getValueStart 67 | } 68 | a_methods.each do |meth| 69 | alias_method "__"+meth.to_s, meth 70 | end 71 | include Buby::Implants::Parameter 72 | a_methods.each do |meth| 73 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 74 | define_method ruby_meth, Buby::Implants::Parameter.instance_method(meth) 75 | end 76 | end 77 | include Buby::Implants::Proxy 78 | end 79 | end 80 | parameter 81 | end 82 | end 83 | end 84 | end 85 | -------------------------------------------------------------------------------- /lib/buby/implants/request_info.rb: -------------------------------------------------------------------------------- 1 | require 'uri' 2 | 3 | class Buby 4 | module Implants 5 | # This interface is used to retrieve key details about an HTTP request. 6 | # Extensions can obtain an +IRequestInfo+ object for a given request by 7 | # calling {ExtensionHelpers#analyzeRequest}. 8 | # 9 | module RequestInfo 10 | 11 | # This method is used to obtain the parameters contained in the request. 12 | # 13 | # @return [Array] The parameters contained in the request. 14 | # 15 | def getParameters 16 | __getParameters.tap{|parm| Buby::Implants::Parameter.implant parm.first} 17 | end 18 | 19 | def uri 20 | URI.parse self.url.to_s 21 | end 22 | 23 | # Install ourselves into the current +IRequestInfo+ java class 24 | # @param [IRequestInfo] info 25 | # 26 | def self.implant(info) 27 | unless info.implanted? || info.nil? 28 | pp [:implanting, info, info.class] if $DEBUG 29 | info.class.class_exec(info) do |info| 30 | a_methods = %w{ 31 | getParameters 32 | } 33 | a_methods.each do |meth| 34 | alias_method "__"+meth.to_s, meth 35 | end 36 | include Buby::Implants::RequestInfo 37 | a_methods.each do |meth| 38 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 39 | define_method ruby_meth, Buby::Implants::RequestInfo.instance_method(meth) 40 | end 41 | end 42 | include Buby::Implants::Proxy 43 | end 44 | end 45 | info 46 | end 47 | 48 | end 49 | end 50 | end -------------------------------------------------------------------------------- /lib/buby/implants/response_info.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to retrieve key details about an HTTP response. 4 | # Extensions can obtain an +IResponseInfo+ object for a given response by 5 | # calling {ExtensionHelpers#analyzeResponse}. 6 | # 7 | module ResponseInfo 8 | # This method is used to obtain details of the HTTP cookies set in the 9 | # response. 10 | # 11 | # @return [ICookie] A list of +ICookie+ objects representing the cookies 12 | # set in the response, if any. 13 | # 14 | def getCookies 15 | __getCookies.tap{|cookies| Buby::Implants::Cookie.implant(cookies.first)} 16 | end 17 | 18 | # Install ourselves into the current +IResponseInfo+ java class 19 | # @param [IResponseInfo] info 20 | # 21 | def self.implant(info) 22 | unless info.implanted? || info.nil? 23 | pp [:implanting, info, info.class] if $DEBUG 24 | info.class.class_exec(info) do |info| 25 | a_methods = %w{ 26 | getCookies 27 | } 28 | a_methods.each do |meth| 29 | alias_method "__"+meth.to_s, meth 30 | end 31 | include Buby::Implants::ResponseInfo 32 | a_methods.each do |meth| 33 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 34 | define_method ruby_meth, Buby::Implants::ResponseInfo.instance_method(meth) 35 | end 36 | end 37 | include Buby::Implants::Proxy 38 | end 39 | end 40 | info 41 | end 42 | end 43 | end 44 | end -------------------------------------------------------------------------------- /lib/buby/implants/scan_issue.rb: -------------------------------------------------------------------------------- 1 | require 'uri' 2 | 3 | class Buby 4 | # @deprecated 5 | class ScanIssuesList < BubyArrayWrapper 6 | def initialize(obj) 7 | ScanIssueHelper.implant(obj[0]) if obj.size > 0 8 | super(obj) 9 | end 10 | end 11 | 12 | # @deprecated this will change to the new style in the next release 13 | module ScanIssueHelper 14 | # Returns a Ruby URI object derived from the java.net.URL object 15 | def uri 16 | @uri ||= URI.parse url.to_s if not url.nil? 17 | end 18 | 19 | # one-shot method to implant ourselves onto a target object's class 20 | # interface in ruby. All later instances will also get 'us' for free! 21 | def self.implant(base) 22 | return if @implanted 23 | base.class.instance_eval { include(ScanIssueHelper) } 24 | @implanted = true 25 | end 26 | 27 | def http_messages 28 | HttpRequestResponseList.new( self.getHttpMessages() ) 29 | end 30 | alias messages http_messages 31 | alias messages http_messages 32 | 33 | def self.implanted? ; @implanted; end 34 | end 35 | end 36 | 37 | -------------------------------------------------------------------------------- /lib/buby/implants/scan_queue_item.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | 4 | # This interface is used to retrieve details of items in the Burp Scanner 5 | # active scan queue. Extensions can obtain references to scan queue items by 6 | # calling {Buby#doActiveScan}. 7 | # 8 | module ScanQueueItem 9 | 10 | # This method returns details of the issues generated for the scan queue 11 | # item. 12 | # @note different items within the scan queue may contain duplicated 13 | # versions of the same issues - for example, if the same request has 14 | # been scanned multiple times. Duplicated issues are consolidated in the 15 | # main view of scan results. Extensions can register a 16 | # {Buby::ScannerListener} to get details only of unique, newly 17 | # discovered Scanner issues post-consolidation. 18 | # 19 | # @return [ScanIssuesList] Details of the issues generated for the scan 20 | # queue item. 21 | # 22 | def getIssues 23 | # __getIssues.tap{|issues| Buby::ScanIssueHelper.implant issues.first} 24 | ScanIssuesList.new __getIssues 25 | end 26 | 27 | # Install ourselves into the current +IScanQueueItem+ java class 28 | # @param [IScanQueueItem] item 29 | # 30 | def self.implant(item) 31 | unless item.implanted? || item.nil? 32 | pp [:implanting, item, item.class] if $DEBUG 33 | item.class.class_exec(item) do |item| 34 | a_methods = %w{ 35 | getIssues 36 | } 37 | a_methods.each do |meth| 38 | alias_method "__"+meth.to_s, meth 39 | end 40 | include Buby::Implants::ScanQueueItem 41 | a_methods.each do |meth| 42 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 43 | define_method ruby_meth, Buby::Implants::ScanQueueItem.instance_method(meth) 44 | end 45 | end 46 | include Buby::Implants::Proxy 47 | end 48 | end 49 | item 50 | end 51 | 52 | end 53 | end 54 | end -------------------------------------------------------------------------------- /lib/buby/implants/scanner_insertion_point.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | 4 | # This interface is used to define an insertion point for use by active 5 | # Scanner checks. Extensions can obtain instances of this interface by 6 | # registering an +IScannerCheck+, or can create instances for use by Burp's 7 | # own scan checks by registering an +IScannerInsertionPointProvider+. 8 | # 9 | module ScannerInsertionPoint 10 | INS_PARAM_URL = 0x00; 11 | INS_PARAM_BODY = 0x01; 12 | INS_PARAM_COOKIE = 0x02; 13 | INS_PARAM_XML = 0x03; 14 | INS_PARAM_XML_ATTR = 0x04; 15 | INS_PARAM_MULTIPART_ATTR = 0x05; 16 | INS_PARAM_JSON = 0x06; 17 | INS_PARAM_AMF = 0x07; 18 | INS_HEADER = 0x20; 19 | INS_URL_REST = 0x21; 20 | INS_PARAM_NAME_URL = 0x22; 21 | INS_PARAM_NAME_BODY = 0x23; 22 | INS_USER_PROVIDED = 0x40; 23 | INS_EXTENSION_PROVIDED = 0x41; 24 | INS_UNKNOWN = 0x7f; 25 | 26 | # This method is used to build a request with the specified payload placed 27 | # into the insertion point. Any necessary adjustments to the 28 | # Content-Length header will be made by the Scanner itself when the 29 | # request is issued, and there is no requirement for the insertion point 30 | # to do this. 31 | # 32 | # @note Burp's built-in scan checks do not apply any payload encoding 33 | # (such as URL-encoding) when dealing with an extension-provided 34 | # insertion point. Custom insertion points are responsible for 35 | # performing any data encoding that is necessary given the nature and 36 | # location of the insertion point. 37 | # 38 | # @param [String] payload The payload that should be placed into the 39 | # insertion point. 40 | # @return [String] The resulting request. 41 | # 42 | def buildRequest(payload) 43 | String.from_java_bytes(__buildRequest(payload.to_java_bytes)) 44 | end 45 | 46 | 47 | # This method is used to determine the offsets of the payload value within 48 | # the request, when it is placed into the insertion point. Scan checks may 49 | # invoke this method when reporting issues, so as to highlight the 50 | # relevant part of the request within the UI. 51 | # 52 | # @param [String, Array] payload The payload that should be placed 53 | # into the insertion point. 54 | # @return [Array, nil] An int[2] array containing the start and 55 | # end offsets of the payload within the request, or +nil+ if this is not 56 | # applicable (for example, where the insertion point places a payload 57 | # into a serialized data structure, the raw payload may not literally 58 | # appear anywhere within the resulting request). 59 | # 60 | def getPayloadOffsets(payload) 61 | payload = payload.to_java_bytes if payload.respond_to? :to_java_bytes 62 | __getPayloadOffsets(payload) 63 | end 64 | 65 | # Install ourselves into the current +IScannerInsertionPoint+ java class 66 | # @param [IScannerInsertionPoint] point 67 | # 68 | def self.implant(point) 69 | unless point.implanted? || point.nil? 70 | pp [:implanting, point, point.class] if $DEBUG 71 | point.class.class_exec(point) do |point| 72 | a_methods = %w{ 73 | buildRequest 74 | getPayloadOffsets 75 | } 76 | a_methods.each do |meth| 77 | alias_method "__"+meth.to_s, meth 78 | end 79 | include Buby::Implants::ScannerInsertionPoint 80 | a_methods.each do |meth| 81 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 82 | define_method ruby_meth, Buby::Implants::ScannerInsertionPoint.instance_method(meth) 83 | end 84 | end 85 | include Buby::Implants::Proxy 86 | end 87 | end 88 | point 89 | end 90 | end 91 | end 92 | end 93 | -------------------------------------------------------------------------------- /lib/buby/implants/temp_file.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to hold details of a temporary file that has been 4 | # created via a call to {Buby#saveToTempFile}. 5 | # 6 | module TempFile 7 | # This method is used to retrieve the contents of the buffer that was 8 | # saved in the temporary file. 9 | # 10 | # @return [String] The contents of the buffer that was saved in the 11 | # temporary file. 12 | # 13 | def getBuffer 14 | String.from_java_bytes __getBuffer 15 | end 16 | 17 | # Install ourselves into the current +ITempFile+ java class 18 | # @param [ITempFile] file 19 | # 20 | def self.implant(file) 21 | unless file.implanted? || file.nil? 22 | pp [:implanting, file, file.class] if $DEBUG 23 | file.class.class_exec(file) do |file| 24 | a_methods = %w{ 25 | getBuffer 26 | } 27 | a_methods.each do |meth| 28 | alias_method "__"+meth.to_s, meth 29 | end 30 | include Buby::Implants::TempFile 31 | a_methods.each do |meth| 32 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 33 | define_method ruby_meth, Buby::Implants::TempFile.instance_method(meth) 34 | end 35 | end 36 | include Buby::Implants::Proxy 37 | end 38 | end 39 | file 40 | end 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /lib/buby/implants/text_editor.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Implants 3 | # This interface is used to provide extensions with an instance of Burp's 4 | # raw text editor, for the extension to use in its own UI. Extensions should 5 | # call {Buby#createTextEditor} to obtain an instance of this interface. 6 | # 7 | module TextEditor 8 | 9 | # This method is used to update the currently displayed text in the editor. 10 | # 11 | # @param txt [String] The text to be displayed. 12 | # @return [void] 13 | # 14 | def setText(txt) 15 | __setText(txt.respond_to?(:to_java_bytes) ? txt.to_java_bytes : txt) 16 | end 17 | 18 | # This method is used to retrieve the currently displayed text. 19 | # 20 | # @return [String] The currently displayed text. 21 | # 22 | def getText 23 | String.from_java_bytes __getText 24 | end 25 | 26 | # This method is used to obtain the currently selected text. 27 | # 28 | # @return [String, nil] The currently selected text, or +nil+ if the user 29 | # has not made any selection. 30 | # 31 | def getSelectedText 32 | String.from_java_bytes __getSelectedText 33 | end 34 | 35 | # Install ourselves into the current +ITextEditor+ java class 36 | # @param [ITextEditor] editor 37 | # 38 | def self.implant(editor) 39 | unless editor.implanted? || editor.nil? 40 | pp [:implanting, editor, editor.class] if $DEBUG 41 | editor.class.class_exec(editor) do |editor| 42 | a_methods = %w{ 43 | setText 44 | getText 45 | getSelectedText 46 | } 47 | a_methods.each do |meth| 48 | alias_method "__"+meth.to_s, meth 49 | end 50 | include Buby::Implants::TextEditor 51 | a_methods.each do |meth| 52 | java_class.ruby_names_for_java_method(meth).each do |ruby_meth| 53 | define_method ruby_meth, Buby::Implants::TextEditor.instance_method(meth) 54 | end 55 | end 56 | include Buby::Implants::Proxy 57 | end 58 | end 59 | editor 60 | end 61 | end 62 | end 63 | end 64 | -------------------------------------------------------------------------------- /lib/buby/intruder_payload_generator.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # This interface is used for custom Intruder payload generators. Extensions 3 | # that have registered an +IIntruderPayloadGeneratorFactory+ must return a new 4 | # instance of this interface when required as part of a new Intruder attack. 5 | # 6 | class IntruderPayloadGenerator 7 | include Java::Burp::IIntruderPayloadGenerator 8 | include Java::Burp::IIntruderPayloadGeneratorFactory 9 | 10 | # (see Buby::IntruderPayloadGeneratorFactory#getGeneratorName) 11 | def self.getGeneratorName; self.name.to_java_string; end 12 | 13 | # {include:Buby::IntruderPayloadGeneratorFactory#createNewInstance} 14 | # @param (see Buby::IntruderPayloadGeneratorFactory#createNewInstance) 15 | # @return (see #initialize) 16 | def self.createNewInstance(attack) 17 | Buby::Implants::IntruderAttack.implant(attack) 18 | self.new(attack) 19 | end 20 | 21 | # @param (see Buby::IntruderPayloadGeneratorFactory#createNewInstance) 22 | def initialize(attack) 23 | @attack = attack 24 | end 25 | 26 | # This method is used by Burp to determine whether the payload generator is 27 | # able to provide any further payloads. 28 | # 29 | # @return [Boolean] Extensions should return +false+ when all the available 30 | # payloads have been used up, otherwise +true+. 31 | # 32 | # @abstract 33 | def hasMorePayloads; end 34 | # (see #hasMorePayloads) 35 | def more_payloads?; hasMorePayloads; end 36 | 37 | # This method is used by Burp to obtain the value of the next payload. 38 | # 39 | # @param [Array] baseValue The base value of the current payload 40 | # position. This value may be +nil+ if the concept of a base value is not 41 | # applicable (e.g. in a battering ram attack). 42 | # @return [Array] The next payload to use in the attack. 43 | # 44 | # @abstract Call super to get +baseValue+ as a +String+. Implementation's 45 | # responsibility to return byte array. 46 | # @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0. 47 | def getNextPayload(baseValue) 48 | ret = baseValue 49 | baseValue = String.from_java_bytes(baseValue) if baseValue 50 | ret 51 | end 52 | 53 | # This method is used by Burp to reset the state of the payload generator so 54 | # that the next call to {#getNextPayload} returns the first payload again. 55 | # This method will be invoked when an attack uses the same payload generator 56 | # for more than one payload position, for example in a sniper attack. 57 | # 58 | # @abstract 59 | def reset; end 60 | end 61 | end -------------------------------------------------------------------------------- /lib/buby/intruder_payload_generator_factory.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | 3 | # Extensions can implement this interface and then call 4 | # {Buby#registerIntruderPayloadGeneratorFactory} to register a factory for 5 | # custom Intruder payloads. 6 | # 7 | # @see IntruderPayloadGenerator 8 | class IntruderPayloadGeneratorFactory 9 | include Java::Burp::IIntruderPayloadGeneratorFactory 10 | 11 | # This method is used by Burp to obtain the name of the payload generator. 12 | # This will be displayed as an option within the Intruder UI when the user 13 | # selects to use extension-generated payloads. 14 | # 15 | # @return [String] The name of the payload generator. 16 | # 17 | def getGeneratorName; self.class.name.to_java_string; end 18 | 19 | # This method is used by Burp when the user starts an Intruder attack that 20 | # uses this payload generator. 21 | # 22 | # @param [IIntruderAttack] attack object that can be queried to obtain 23 | # details about the attack in which the payload generator will be used. 24 | # @return [IIntruderPayloadGenerator] A new payload generator for the 25 | # attack. 26 | # 27 | # @abstract 28 | # @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0. 29 | def createNewInstance(attack) 30 | Buby::Implants::IntruderAttack.implant(attack) 31 | end 32 | end 33 | end -------------------------------------------------------------------------------- /lib/buby/intruder_payload_processor.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerIntruderPayloadProcessor} to register a custom Intruder 4 | # payload processor. 5 | # 6 | # @todo voodoo function wrapping? 7 | class IntruderPayloadProcessor 8 | include Java::Burp::IIntruderPayloadProcessor 9 | 10 | # This method is used by Burp to obtain the name of the payload processor. 11 | # This will be displayed as an option within the Intruder UI when the user 12 | # selects to use an extension-provided payload processor. 13 | # 14 | # @return [String] The name of the payload processor. 15 | # 16 | def getProcessorName; self.class.name; end 17 | 18 | # This method is invoked by Burp each time the processor should be applied 19 | # to an Intruder payload. 20 | # 21 | # @param [Array[byte]] currentPayload The value of the payload to be 22 | # processed. 23 | # @param [Array[byte]] originalPayload The value of the original payload 24 | # prior to processing by any already-applied processing rules. 25 | # @param [Array[byte]] baseValue The base value of the payload position, 26 | # which will be replaced with the current payload. 27 | # @return The value of the processed payload. This may be +nil+ to 28 | # indicate that the current payload should be skipped, and the attack 29 | # will move directly to the next payload. 30 | # 31 | # @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0. 32 | def processPayload(currentPayload, originalPayload, baseValue) 33 | currentPayload = String.from_java_bytes currentPayload 34 | originalPayload = String.from_java_bytes originalPayload 35 | baseValue = String.from_java_bytes baseValue 36 | nil 37 | end 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /lib/buby/message_editor_controller.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # This interface is used by an +IMessageEditor+ to obtain details about the 3 | # currently displayed message. Extensions that create instances of Burp's HTTP 4 | # message editor can optionally provide an implementation of 5 | # +IMessageEditorController+, which the editor will invoke when it requires 6 | # further information about the current message (for example, to send it to 7 | # another Burp tool). Extensions that provide custom editor tabs via an 8 | # +IMessageEditorTabFactory+ will receive a reference to an 9 | # +IMessageEditorController+ object for each tab instance they generate, which 10 | # the tab can invoke if it requires further information about the current 11 | # message. 12 | # 13 | class MessageEditorController 14 | include Java::Burp::IMessageEditorController 15 | 16 | # This method is used to retrieve the HTTP service for the current message. 17 | # 18 | # @return [IHttpService] The HTTP service for the current message. 19 | # 20 | # @abstract 21 | def getHttpService; raise NotImplementedError; end 22 | 23 | # This method is used to retrieve the HTTP request associated with the 24 | # current message (which may itself be a response). 25 | # 26 | # @return [Array] The HTTP request associated with the current 27 | # message. 28 | # 29 | # @abstract 30 | # @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0. 31 | def getRequest; raise NotImplementedError; end 32 | 33 | # This method is used to retrieve the HTTP response associated with the 34 | # current message (which may itself be a request). 35 | # 36 | # @return [Array] The HTTP response associated with the current 37 | # message. 38 | # 39 | # @abstract 40 | # @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0. 41 | def getResponse; raise NotImplementedError; end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /lib/buby/message_editor_tab_factory.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerMessageEditorTabFactory} to register a factory for custom 4 | # message editor tabs. This allows extensions to provide custom rendering or 5 | # editing of HTTP messages, within Burp's own HTTP editor. 6 | # 7 | # @abstract 8 | class MessageEditorTabFactory 9 | include Java::Burp::IMessageEditorTabFactory 10 | 11 | # Burp will call this method once for each HTTP message editor, and the 12 | # factory should provide a new instance of an +IMessageEditorTab+ object. 13 | # 14 | # @param [IMessageEditorController] controller An object which the new tab 15 | # can query to retrieve details about the currently displayed message. 16 | # This may be +nil+ for extension-invoked message editors where the 17 | # extension has not provided an editor controller. 18 | # @param [Boolean] editable Indicates whether the hosting editor is editable 19 | # or read-only. 20 | # @return [IMessageEditorTab] A new tab for use within the message editor. 21 | # 22 | # @abstract subclass and call super 23 | def createNewInstance(controller, editable) 24 | Buby::Implants::MessageEditorController.implant controller 25 | nil 26 | end 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /lib/buby/parameter.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Parameter 3 | autoload :Base, 'buby/parameter/base' 4 | autoload :Url, 'buby/parameter/url' 5 | autoload :Body, 'buby/parameter/body' 6 | autoload :Cookie, 'buby/parameter/cookie' 7 | PARAM_URL = 0 8 | PARAM_BODY = 1 9 | PARAM_COOKIE = 2 10 | PARAM_XML = 3 11 | PARAM_XML_ATTR = 4 12 | PARAM_MULTIPART_ATTR = 5 13 | PARAM_JSON = 6 14 | 15 | # This method constructs an +IParameter+ object based on the details 16 | # provided. 17 | # 18 | # @param [String] name The parameter name. 19 | # @param [String] value The parameter value. 20 | # @param [Fixnum, #to_s] ptype The parameter type, as defined in the 21 | # +IParameter+ interface. 22 | # @return [IParameter] object based on the details provided. 23 | def self.build_parameter(name, value, ptype) 24 | $burp.helpers.buildParameter(name, value, ptype) 25 | end 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /lib/buby/parameter/base.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Parameter 3 | class Base 4 | include Java::Burp::IParameter 5 | attr_accessor :name, :value 6 | # @overload initialize 7 | # Create an empty instance 8 | # @param [void] 9 | # @overload initialize(hash) 10 | # @param [Hash] hash name set to key, value set to value 11 | # @overload initialize(name, value) 12 | # @param [String] name 13 | # @param [String] value 14 | # @overload initialize(name, value, type) 15 | # @param [String] name 16 | # @param [String] value 17 | # @param [Fixnum] type 18 | # 19 | def initialize *args 20 | raise ArgumentError, "#{args.size} for 0..3" if args.size > 3 21 | case args.size 22 | when 0 23 | when 1 24 | hsh = args.first 25 | @name = hsh[:name] || hsh['name'] 26 | @value = hsh[:value] || hsh['value'] 27 | when 2, 3 28 | @name, @value, @type = args 29 | end 30 | end 31 | def getType; @type.to_i; end 32 | def getName; @name; end 33 | def getValue; @value; end 34 | def getNameStart; -1; end 35 | def getNameEnd; -1; end 36 | def getValueEnd; -1; end 37 | def getValueStart;-1; end 38 | end 39 | end 40 | end 41 | -------------------------------------------------------------------------------- /lib/buby/parameter/body.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Parameter 3 | class Body < Base 4 | def getType; PARAM_BODY; end 5 | end 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /lib/buby/parameter/cookie.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Parameter 3 | class Cookie < Base 4 | def getType; PARAM_COOKIE; end 5 | end 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /lib/buby/parameter/url.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Parameter 3 | class Url < Base 4 | def getType; PARAM_URL; end 5 | end 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /lib/buby/proxy_listener.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerHttpListener} to register a Proxy listener. The listener will 4 | # be notified of requests and responses being processed by the Proxy tool. 5 | # Extensions can perform custom analysis or modification of these messages, 6 | # and control in-UI message interception, by registering a proxy listener. 7 | # 8 | class ProxyListener 9 | include Java::Burp::IProxyListener 10 | # This method is invoked when an HTTP message is being processed by the 11 | # Proxy. 12 | # 13 | # @param [Boolean] messageIsRequest Indicates whether the HTTP message is a 14 | # request or a response. 15 | # @param [IInterceptedProxyMessage] message An +IInterceptedProxyMessage+ 16 | # object that extensions can use to query and update details of the 17 | # message, and control whether the message should be intercepted and 18 | # displayed to the user for manual review or modification. 19 | # @return [void] 20 | # 21 | def processProxyMessage(messageIsRequest, message) 22 | pp [:got_processProxyMessage] if $debug 23 | Buby::Implants::InterceptedProxyMessage.implant message 24 | end 25 | end 26 | end -------------------------------------------------------------------------------- /lib/buby/scan_issue.rb: -------------------------------------------------------------------------------- 1 | require 'uri' 2 | 3 | class Buby 4 | # This interface is used to retrieve details of Scanner issues. Extensions can 5 | # obtain details of issues by registering an +IScannerListener+ or by calling 6 | # {Buby#getScanIssues}. Extensions can also add custom Scanner issues by 7 | # registering an +IScannerCheck+ or calling {Buby#addScanIssue}, and providing 8 | # their own implementations of this interface 9 | # 10 | class ScanIssue 11 | include Java::Burp::IScanIssue 12 | 13 | attr_accessor :uri, :name, :type, :severity, :confidence, :ibackground 14 | attr_accessor :rbackground, :idetail, :rdetail, :messages, :service 15 | 16 | # @param [Hash] hash 17 | def initialize hash 18 | @uri = hash[:uri].kind_of?(URI) ? hash[:uri] : hash[:uri].to_s 19 | @name = hash[:name] 20 | @type = hash[:type] 21 | @severity = hash[:severity] 22 | @confidence = hash[:confidence] 23 | @ibackground = hash[:ibackground] 24 | @rbackground = hash[:rbackground] 25 | @idetail = hash[:idetail] 26 | @rdetail = hash[:rdetail] 27 | @messages = hash[:messages] 28 | @service = hash[:service] 29 | end 30 | 31 | # This method returns the URL for which the issue was generated. 32 | # 33 | # @return [Java::JavaNet::URL] The URL for which the issue was generated. 34 | # 35 | def getUrl; Java::JavaNet::URL.new @uri.to_s; end 36 | 37 | # This method returns the name of the issue type. 38 | # 39 | # @return [String] The name of the issue type (e.g. "SQL injection"). 40 | # 41 | def getIssueName; @name; end 42 | 43 | # This method returns a numeric identifier of the issue type. See the Burp 44 | # Scanner help documentation for a listing of all the issue types. 45 | # 46 | # @return [Fixnum] A numeric identifier of the issue type. 47 | # 48 | def getIssueType; @type; end 49 | 50 | # This method returns the issue severity level. 51 | # 52 | # @return [String] The issue severity level. Expected values are "High", 53 | # "Medium", "Low", "Information" or "False positive". 54 | # 55 | # 56 | def getSeverity; @severity; end 57 | 58 | # This method returns the issue confidence level. 59 | # 60 | # @return [String] The issue confidence level. Expected values are 61 | # "Certain", "Firm" or "Tentative". 62 | # 63 | def getConfidence; @confidence; end 64 | 65 | # This method returns a background description for this type of issue. 66 | # 67 | # @return [String] A background description for this type of issue, or +nil+ 68 | # if none applies. 69 | # 70 | def getIssueBackground; @ibackground; end 71 | 72 | # This method returns a background description of the remediation for this 73 | # type of issue. 74 | # 75 | # @return [String] A background description of the remediation for this type 76 | # of issue, or +nil+ if none applies. 77 | # 78 | def getRemediationBackground; @rbackground; end 79 | 80 | # This method returns detailed information about this specific instance of 81 | # the issue. 82 | # 83 | # @return [String] Detailed information about this specific instance of the 84 | # issue, or +nil+ if none applies. 85 | # 86 | def getIssueDetail; @idetail; end 87 | 88 | # This method returns detailed information about the remediation for this 89 | # specific instance of the issue. 90 | # 91 | # @return Detailed information about the remediation for this specific 92 | # instance of the issue, or +nil+ if none applies. 93 | # 94 | def getRemediationDetail; @rdetail; end 95 | 96 | # This method returns the HTTP messages on the basis of which the issue was 97 | # generated. 98 | # 99 | # @return The HTTP messages on the basis of which the issue was generated. 100 | # @note The items in this array should be instances of 101 | # +IHttpRequestResponseWithMarkers+ if applicable, so that details of the 102 | # relevant portions of the request and response messages are available. 103 | # 104 | def getHttpMessages; @messages; end 105 | 106 | # This method returns the HTTP service for which the issue was generated. 107 | # 108 | # @return The HTTP service for which the issue was generated. 109 | # 110 | def getHttpService; @service; end 111 | end 112 | end -------------------------------------------------------------------------------- /lib/buby/scanner_check.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerScannerCheck} to register a custom Scanner check. When 4 | # performing scanning, Burp will ask the check to perform active or passive 5 | # scanning on the base request, and report any Scanner issues that are 6 | # identified. 7 | # 8 | # @todo DSL methods 9 | class ScannerCheck 10 | include Java::Burp::IScannerCheck 11 | 12 | REPORT_EXISTING = -1 13 | REPORT_BOTH = 0 14 | REPORT_NEW = 1 15 | 16 | # The Scanner invokes this method for each base request / response that is 17 | # passively scanned. 18 | # @note Extensions should not only analyze the HTTP messages provided during 19 | # passive scanning, and should not make any new HTTP requests of their 20 | # own. 21 | # 22 | # @param [IHttpRequestResponse] baseRequestResponse The base HTTP request / 23 | # response that should be passively scanned. 24 | # @return [Array, nil] A list of +IScanIssue+ objects, or +nil+ 25 | # if no issues are identified. 26 | # 27 | # @abstract subclass and call +super+ 28 | def doPassiveScan(baseRequestResponse) 29 | pp [:got_doPassiveScan, baseRequestResponse] if $DEBUG 30 | Buby::HttpRequestResponseHelper.implant baseRequestResponse 31 | nil 32 | end 33 | 34 | # The Scanner invokes this method for each insertion point that is actively 35 | # scanned. Extensions may issue HTTP requests as required to carry out 36 | # active scanning, and should use the +IScannerInsertionPoint+ object 37 | # provided to build scan requests for particular payloads. 38 | # @note Extensions are responsible for ensuring that attack payloads are 39 | # suitably encoded within requests (for example, by URL-encoding relevant 40 | # metacharacters in the URL query string). Encoding is not automatically 41 | # carried out by the +IScannerInsertionPoint+, because this would prevent 42 | # Scanner checks from testing for certain input filter bypasses. 43 | # Extensions should query the +IScannerInsertionPoint+ to determine its 44 | # type, and apply any encoding that may be appropriate. 45 | # 46 | # @param [IHttpRequestResponse] baseRequestResponse The base HTTP request / 47 | # response that should be actively scanned. 48 | # @param [IScannerInsertionPoint] insertionPoint An object that can be 49 | # queried to obtain details of the insertion point being tested, and can 50 | # be used to build scan requests for particular payloads. 51 | # @return [Array, nil] A list of +IScanIssue+ objects, or +nil+ if no 52 | # issues are identified. 53 | # 54 | # @abstract subclass and call +super+ 55 | def doActiveScan(baseRequestResponse, insertionPoint) 56 | pp [:got_doActiveScan, baseRequestResponse, insertionPoint] if $DEBUG 57 | Buby::HttpRequestResponseHelper.implant baseRequestResponse 58 | Buby::Implants::ScannerInsertionPoint.implant insertionPoint 59 | nil 60 | end 61 | 62 | # The Scanner invokes this method when the custom Scanner check has 63 | # reported multiple issues for the same URL path. This can arise either 64 | # because there are multiple distinct vulnerabilities, or because the same 65 | # (or a similar) request has been scanned more than once. The custom check 66 | # should determine whether the issues are duplicates. In most cases, where 67 | # a check uses distinct issue names or descriptions for distinct issues, 68 | # the consolidation process will simply be a matter of comparing these 69 | # features for the two issues. 70 | # 71 | # @param [IScanIssue] existingIssue An issue that was previously reported by this Scanner check. 72 | # @param [IScanIssue] newIssue An issue at the same URL path that has been newly reported by this Scanner check. 73 | # @return An indication of which issue(s) should be reported in the main Scanner results. The method should return 74 | # * {REPORT_EXISTING} to report the existing issue only, 75 | # * {REPORT_BOTH} to report both issues, and 76 | # * {REPORT_NEW} to report the new issue only. 77 | # 78 | # @abstract subclass and override to proccess scan issues 79 | def consolidateDuplicateIssues(existingIssue, newIssue) 80 | pp [:got_consolidateDuplicateIssues, existingIssue, newIssue] 81 | REPORT_BOTH 82 | end 83 | end 84 | end 85 | -------------------------------------------------------------------------------- /lib/buby/scanner_insertion_point_provider.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | 3 | # Extensions can implement this interface and then call 4 | # {Buby#registerScannerInsertionPointProvider} to register a factory for 5 | # custom Scanner insertion points. 6 | # 7 | class ScannerInsertionPointProvider 8 | include Java::Burp::IScannerInsertionPointProvider 9 | 10 | # When a request is actively scanned, the Scanner will invoke this method, 11 | # and the provider should provide a list of custom insertion points that 12 | # will be used in the scan. 13 | # @note these insertion points are used in addition to those that are 14 | # derived from Burp Scanner's configuration, and those provided by any 15 | # other Burp extensions. 16 | # 17 | # @param [IHttpRequestResponse] baseRequestResponse The base request that will be actively scanned. 18 | # @return [Array, nil] A list of 19 | # +IScannerInsertionPoint+ objects that should be used in thescanning, or 20 | # +nil+ if no custom insertion points are applicable for this request. 21 | # 22 | def getInsertionPoints(baseRequestResponse) 23 | pp [:got_getInsertionPoints, baseRequestResponse] if $DEBUG 24 | __getInsertionPoints(baseRequestResponse).tap{|x|Buby::HttpRequestResponseHelper.implant(x)} 25 | end 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /lib/buby/scanner_listener.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerScannerListener} to register a Scanner listener. The listener 4 | # will be notified of new issues that are reported by the Scanner tool. 5 | # Extensions can perform custom analysis or logging of Scanner issues by 6 | # registering a Scanner listener. 7 | # 8 | class ScannerListener 9 | include Java::Burp::IScannerListener 10 | # This method is invoked when a new issue is added to Burp Scanner's 11 | # results. 12 | # 13 | # @param [IScanIssue] issue An object that the extension can query to obtain 14 | # details about the new issue. 15 | # 16 | # @abstract 17 | def newScanIssue(issue) 18 | pp [:got_newScanIssue, issue] if $DEBUG 19 | Buby::ScanIssueHelper.implant issue 20 | end 21 | end 22 | end -------------------------------------------------------------------------------- /lib/buby/scope_change_listener.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerScopeChangeListener} to register a scope change listener. The 4 | # listener will be notified whenever a change occurs to Burp's suite-wide 5 | # target scope. 6 | # 7 | # @todo improve listener classes with 1.9 instance_exec goodness next version 8 | class ScopeChangeListener 9 | include Java::Burp::IScopeChangeListener 10 | 11 | # This method is invoked whenever a change occurs to Burp's suite-wide 12 | # target scope. 13 | # 14 | # @abstract 15 | def scopeChanged 16 | pp [:got_scopeChanged] if $DEBUG 17 | end 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /lib/buby/session_handling_action.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # Extensions can implement this interface and then call 3 | # {Buby#registerSessionHandlingAction} to register a custom session handling 4 | # action. Each registered action will be available within the session handling 5 | # rule UI for the user to select as a rule action. Users can choose to invoke 6 | # an action directly in its own right, or following execution of a macro. 7 | # 8 | class SessionHandlingAction 9 | include Java::Burp::ISessionHandlingAction 10 | # This method is used by Burp to obtain the name of the session handling 11 | # action. This will be displayed as an option within the session handling 12 | # rule editor when the user selects to execute an extension-provided action. 13 | # 14 | # @return [String] The name of the action. 15 | # 16 | def getActionName 17 | pp [:got_getActionName] if $DEBUG 18 | self.class.name 19 | end 20 | 21 | # This method is invoked when the session handling action should be 22 | # executed. This may happen as an action in its own right, or as a 23 | # sub-action following execution of a macro. 24 | # 25 | # @param [IHttpRequestResponse] currentRequest The base request that is 26 | # currently being processed. The action can query this object to obtain 27 | # details about the base request. It can issue additional requests of its 28 | # own if necessary, and can use the setter methods on this object to 29 | # update the base request. 30 | # @param [Array] macroItems If the action is invoked 31 | # following execution of a macro, this parameter contains the result of 32 | # executing the macro. Otherwise, it is +nil+. Actions can use the details 33 | # of the macro items to perform custom analysis of the macro to derive 34 | # values of non-standard session handling tokens, etc. 35 | # @return [void] 36 | # 37 | # @abstract 38 | def performAction(currentRequest, macroItems) 39 | pp [:got_performAction, currentRequest, macroItems] if $DEBUG 40 | Buby::HttpRequestResponseHelper.implant(currentRequest) 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /lib/buby/tab.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | # This interface is used to provide Burp with details of a custom tab that 3 | # will be added to Burp's UI, using a method such as {Buby#addSuiteTab}. 4 | # 5 | # @abstract 6 | class Tab 7 | include Java::Burp::ITab 8 | attr_accessor :caption, :component 9 | 10 | def initialize(caption = nil, component = nil) 11 | @caption = caption || self.class.name 12 | @component = component 13 | end 14 | 15 | # Burp uses this method to obtain the caption that should appear on the 16 | # custom tab when it is displayed. 17 | # 18 | # @return [String] The caption that should appear on the custom tab when it 19 | # is displayed. 20 | # 21 | def getTabCaption 22 | pp [:got_getTabCaption] if $DEBUG 23 | @caption.to_s 24 | end 25 | 26 | # Burp uses this method to obtain the component that should be used as the 27 | # contents of the custom tab when it is displayed. 28 | # 29 | # @return [java.awt.Component] The component that should be used as the 30 | # contents of the custom tab when it is displayed. 31 | # 32 | def getUiComponent 33 | pp [:got_getUiComponent] if $DEBUG 34 | @component 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /lib/buby/version.rb: -------------------------------------------------------------------------------- 1 | class Buby 2 | module Version 3 | STRING = "1.6.0" 4 | MAJOR = 1 5 | MINOR = 6 6 | PATCH = 0 7 | BUILD = nil 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /lib/burp.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # # These are the interfaces exposed by BurpSuite. Where applicable, the method 3 | # # signatures have been updated to those provided by Buby. This namespace is 4 | # # purely for documentation purposes and should not be required. 5 | # module Burp 6 | # end 7 | -------------------------------------------------------------------------------- /lib/burp/IBurpExtender.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Main entry point for BurpSuite entensions. 4 | # module IBurpExtender 5 | # # This method is invoked when the extension is loaded. It registers an 6 | # # instance of the IBurpExtenderCallbacks interface, providing methods 7 | # # that may be invoked by the extension to perform various actions. 8 | # # 9 | # # @param [IBurpExtenderCallbacks] callbacks 10 | # # 11 | # def registerExtenderCallbacks(callbacks); end 12 | # alias register_extender_callbacks registerExtenderCallbacks 13 | # end 14 | # end 15 | -------------------------------------------------------------------------------- /lib/burp/IContextMenuFactory.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerContextMenuFactory} to register a 5 | # # factory for custom context menu items. 6 | # # 7 | # module IContextMenuFactory 8 | # # This method will be called by Burp when the user invokes a context 9 | # # menu anywhere within Burp. The factory can then provide any custom 10 | # # context menu items that should be displayed in the context menu, 11 | # # based on the details of the menu invocation. 12 | # # 13 | # # @param [IContextMenuInvocation] invocation An object that implements 14 | # # the {IMessageEditorTabFactory} interface, which the extension can 15 | # # query to obtain details of the context menu invocation. 16 | # # 17 | # # @return [Array, nil] A list of custom menu items (which 18 | # # may include sub-menus, checkbox menu items, etc.) that should be 19 | # # displayed. Extensions may return +nil+ from this method, to 20 | # # indicate that no menu items are required. 21 | # # 22 | # def createMenuItems(invocation); end 23 | # alias create_menu_items createMenuItems 24 | # end 25 | # end 26 | -------------------------------------------------------------------------------- /lib/burp/ICookie.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to hold details about an HTTP cookie. 4 | # # 5 | # module ICookie 6 | # # This method is used to retrieve the domain for which the cookie is in 7 | # # scope. 8 | # # 9 | # # @note For cookies that have been analyzed from responses (by calling 10 | # # {IExtensionHelpers#analyzeResponse} and then 11 | # # {IResponseInfo#getCookies}, the domain will be +nil+ if the 12 | # # response did not explicitly set a domain attribute for the cookie. 13 | # # 14 | # # @return [String] The domain for which the cookie is in scope. 15 | # # 16 | # def getDomain; end 17 | # alias get_domain getDomain 18 | # 19 | # # This method is used to retrieve the expiration time for the cookie. 20 | # # 21 | # # @return [Date] The expiration time for the cookie, or +nil+ if none 22 | # # is set (i.e., for non-persistent session cookies). 23 | # # 24 | # def getExpiration; end 25 | # alias get_expiration getExpiration 26 | # 27 | # # This method is used to retrieve the name of the cookie. 28 | # # 29 | # # @return [String] The name of the cookie. 30 | # # 31 | # def getName; end 32 | # alias get_name getName 33 | # 34 | # # This method is used to retrieve the value of the cookie. 35 | # # 36 | # # @return [String] The value of the cookie. 37 | # # 38 | # def getValue; end 39 | # alias get_value getValue 40 | # end 41 | # end 42 | -------------------------------------------------------------------------------- /lib/burp/IExtensionStateListener.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerExtensionStateListener} to register an 5 | # # extension state listener. The listener will be notified of changes to 6 | # # the extension's state. 7 | # # 8 | # # @note Any extensions that start background threads or open system 9 | # # resources (such as files or database connections) should register a 10 | # # listener and terminate threads / close aaresources when the extension 11 | # # is unloaded. 12 | # # 13 | # module IExtensionStateListener 14 | # # This method is called when the extension is unloaded. 15 | # # 16 | # # @return [void] 17 | # # 18 | # def extensionUnloaded; end 19 | # end 20 | # end 21 | -------------------------------------------------------------------------------- /lib/burp/IHttpListener.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerHttpListener} to register an HTTP 5 | # # listener. The listener will be notified of requests and responses made 6 | # # by any Burp tool. Extensions can perform custom analysis or 7 | # # modification of these messages by registering an HTTP listener. 8 | # # 9 | # module IHttpListener 10 | # # This method is invoked when an HTTP request is about to be issued, 11 | # # and when an HTTP response has been received. 12 | # # 13 | # # @param [int] toolFlag A flag indicating the Burp tool that issued the 14 | # # request. Burp tool flags are defined in the 15 | # # {IBurpExtenderCallbacks} interface. 16 | # # @param [boolean] messageIsRequest Flags whether the method is being 17 | # # invoked for a request or response. 18 | # # @param [IHttpRequestResponse] messageInfo Details of the request / 19 | # # response to be processed. Extensions can call the setter methods on 20 | # # this object to update the current message and so modify Burp's 21 | # # behavior. 22 | # # 23 | # # @return [void] 24 | # # 25 | # def processHttpMessage(toolFlag, messageIsRequest, messageInfo); end 26 | # end 27 | # end 28 | -------------------------------------------------------------------------------- /lib/burp/IHttpRequestResponse.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to retrieve and update details about HTTP 4 | # # messages. 5 | # # 6 | # # @note The setter methods generally can only be used before the message 7 | # # has been processed, and not in read-only contexts. The getter methods 8 | # # relating to response details can only be used after the request has 9 | # # been issued. 10 | # # 11 | # module IHttpRequestResponse 12 | # # This method is used to retrieve the request message. 13 | # # 14 | # # @return [byte[]] The request message. 15 | # # 16 | # def getRequest; end 17 | # alias get_request getRequest 18 | # alias request getRequest 19 | # 20 | # # This method is used to update the request message. 21 | # # 22 | # # @param [byte[]] message The new request message. 23 | # # 24 | # # @return [void] 25 | # # 26 | # def setRequest(message); end 27 | # alias set_request setRequest 28 | # alias request= setRequest 29 | # 30 | # # This method is used to retrieve the response message. 31 | # # 32 | # # @return [byte[]] The response message. 33 | # # 34 | # def getResponse; end 35 | # alias get_response getResponse 36 | # alias response getResponse 37 | # 38 | # # This method is used to update the response message. 39 | # # 40 | # # @param [byte[]] message The new response message. 41 | # # 42 | # # @return [void] 43 | # # 44 | # def setResponse(message); end 45 | # alias set_response setResponse 46 | # alias response= setResponse 47 | # 48 | # # This method is used to retrieve the user-annotated comment for this 49 | # # item, if applicable. 50 | # # 51 | # # @return [String, nil] The user-annotated comment for this item, or 52 | # # +nil+ if none is set. 53 | # # 54 | # def getComment; end 55 | # alias get_comment getComment 56 | # alias comment getComment 57 | # 58 | # # This method is used to update the user-annotated comment for this 59 | # # item. 60 | # # 61 | # # @param [String] comment The comment to be assigned to this item. 62 | # # 63 | # # @return [void] 64 | # # 65 | # def setComment(comment); end 66 | # alias set_comment setComment 67 | # alias comment= setComment 68 | # 69 | # # This method is used to retrieve the user-annotated highlight for this 70 | # # item, if applicable. 71 | # # 72 | # # @return [String, nil] The user-annotated highlight for this item, or 73 | # # +nil+ if none is set. 74 | # # 75 | # def getHighlight; end 76 | # alias get_highlight getHighlight 77 | # alias highlight getHighlight 78 | # 79 | # # This method is used to update the user-annotated highlight for this 80 | # # item. 81 | # # 82 | # # @param [String, nil] color The highlight color to be assigned to this 83 | # # item. Accepted values are: red, orange, yellow, green, cyan, blue, 84 | # # pink, magenta, gray, or +nil+ to clear any existing highlight. 85 | # # 86 | # # @return [void] 87 | # # 88 | # def setHighlight(color); end 89 | # alias set_highlight setHighlight 90 | # alias highlight= setHighlight 91 | # 92 | # # This method is used to retrieve the HTTP service for this request / 93 | # # response. 94 | # # 95 | # # @return [IHttpService] An {IHttpService} object containing details of 96 | # # the HTTP service. 97 | # # 98 | # def getHttpService; end 99 | # alias get_http_service getHttpService 100 | # alias http_service getHttpService 101 | # 102 | # # This method is used to update the HTTP service for this request / 103 | # # response. 104 | # # 105 | # # @param [IHttpService] httpService An {IHttpService} object containing 106 | # # details of the new HTTP service. 107 | # # 108 | # # @return [void] 109 | # # 110 | # def setHttpService(httpService); end 111 | # alias set_http_service setHttpService 112 | # alias http_service= setHttpService 113 | # end 114 | # end 115 | -------------------------------------------------------------------------------- /lib/burp/IHttpRequestResponsePersisted.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used for an {IHttpRequestResponse} object whose 4 | # # request and response messages have been saved to temporary files using 5 | # # {IBurpExtenderCallbacks#saveBuffersToTempFiles}. 6 | # module IHttpRequestResponsePersisted 7 | # include IHttpRequestResponse 8 | # 9 | # # This method is deprecated and no longer performs any action. 10 | # # 11 | # # @return [void] 12 | # # 13 | # # @deprecated 14 | # # 15 | # def deleteTempFiles; end 16 | # alias delete_temp_files deleteTempFiles 17 | # end 18 | # end 19 | -------------------------------------------------------------------------------- /lib/burp/IHttpRequestResponseWithMarkers.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used for an {IHttpRequestResponse} object that has 4 | # # had markers applied. 5 | # # 6 | # # Extensions can create instances of this interface using 7 | # # {IBurpExtenderCallbacks#applyMarkers}, or provide their own 8 | # # implementation. Markers are used in various situations, such as 9 | # # specifying Intruder payload positions, Scanner insertion points, and 10 | # # highlights in Scanner issues. 11 | # # 12 | # module IHttpRequestResponseWithMarkers 13 | # include IHttpRequestResponse 14 | # 15 | # # This method returns the details of the request markers. 16 | # # 17 | # # @return [Array>] A list of index pairs representing the 18 | # # offsets of markers for the request message. Each item in the list 19 | # # is an +int[2]+ array containing the start and end offsets for the 20 | # # marker. The method may return +nil+ if no request markers are 21 | # # defined. 22 | # # 23 | # def getRequestMarkers; end 24 | # alias get_request_markers getRequestMarkers 25 | # alias request_markers getRequestMarkers 26 | # 27 | # # This method returns the details of the response markers. 28 | # # 29 | # # @return [Array>] A list of index pairs representing the 30 | # # offsets of markers for the response message. Each item in the list 31 | # # is an +int[2]+ array containing the start and end offsets for the 32 | # # marker. The method may return +nil+ if no response markers are 33 | # # defined. 34 | # # 35 | # def getResponseMarkers; end 36 | # alias get_response_markers getResponseMarkers 37 | # alias response_markers getResponseMarkers 38 | # end 39 | # end 40 | -------------------------------------------------------------------------------- /lib/burp/IHttpService.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to provide details about an HTTP service, to 4 | # # which HTTP requests can be sent. 5 | # # 6 | # module IHttpService 7 | # # This method returns the hostname or IP address for the service. 8 | # # 9 | # # @return [String] The hostname or IP address for the service. 10 | # # 11 | # def getHost; end 12 | # alias get_host getHost 13 | # alias host getHost 14 | # 15 | # # This method returns the port number for the service. 16 | # # 17 | # # @return [int] The port number for the service. 18 | # # 19 | # def getPort; end 20 | # alias get_port getPort 21 | # alias port getPort 22 | # 23 | # # This method returns the protocol for the service. 24 | # # 25 | # # @return [String] The protocol for the service. Expected values are 26 | # # "http" or "https". 27 | # # 28 | # def getProtocol; end 29 | # alias get_protocol getProtocol 30 | # alias protocol getProtocol 31 | # end 32 | # end 33 | -------------------------------------------------------------------------------- /lib/burp/IIntruderAttack.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to hold details about an Intruder attack. 4 | # # 5 | # module IIntruderAttack 6 | # # This method is used to retrieve the HTTP service for the attack. 7 | # # 8 | # # @return [IHttpService] The HTTP service for the attack. 9 | # # 10 | # def getHttpService; end 11 | # alias get_http_service getHttpService 12 | # 13 | # # This method is used to retrieve the request template for the attack. 14 | # # 15 | # # @return [byte[]] The request template for the attack. 16 | # # 17 | # def getRequestTemplate; end 18 | # alias get_request_template getRequestTemplate 19 | # end 20 | # end 21 | -------------------------------------------------------------------------------- /lib/burp/IIntruderPayloadGenerator.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used for custom Intruder payload generators. 4 | # # Extensions that have registered an {IIntruderPayloadGeneratorFactory} 5 | # # must return a new instance of this interface when required as part of a 6 | # # new Intruder attack. 7 | # # 8 | # module IIntruderPayloadGenerator 9 | # # This method is used by Burp to determine whether the payload 10 | # # generator is able to provide any further payloads. 11 | # # 12 | # # @return [boolean] Extensions should return +false+ when all the 13 | # # available payloads have been used up, otherwise +true+. 14 | # # 15 | # def hasMorePayloads; end 16 | # alias has_more_payloads hasMorePayloads 17 | # alias more_payloads? hasMorePayloads 18 | # 19 | # # This method is used by Burp to obtain the value of the next payload. 20 | # # 21 | # # @param [byte[], nil] baseValue The base value of the current payload 22 | # # position. This value may be +nil+ if the concept of a base value is 23 | # # not applicable (e.g. in a battering ram attack). 24 | # # 25 | # # @return [byte[]] The next payload to use in the attack. 26 | # # 27 | # def getNextPayload(baseValue); end 28 | # alias get_next_payload getNextPayload 29 | # alias next_payload getNextPayload 30 | # 31 | # # This method is used by Burp to reset the state of the payload 32 | # # generator so that the next call to {getNextPayload} returns the first 33 | # # payload again. This method will be invoked when an attack uses the 34 | # # same payload generator for more than one payload position, for 35 | # # example in a sniper attack. 36 | # # 37 | # # @return [void] 38 | # # 39 | # def reset; end 40 | # end 41 | # end 42 | -------------------------------------------------------------------------------- /lib/burp/IIntruderPayloadGeneratorFactory.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerIntruderPayloadGeneratorFactory} to 5 | # # register a factory for custom Intruder payloads. 6 | # # 7 | # module IIntruderPayloadGeneratorFactory 8 | # # This method is used by Burp to obtain the name of the payload 9 | # # generator. This will be displayed as an option within the Intruder UI 10 | # # when the user selects to use extension-generated payloads. 11 | # # 12 | # # @return [String] The name of the payload generator. 13 | # # 14 | # def getGeneratorName; end 15 | # alias get_generator_name getGeneratorName 16 | # alias generator_name getGeneratorName 17 | # 18 | # # This method is used by Burp when the user starts an Intruder attack 19 | # # that uses this payload generator. 20 | # # 21 | # # @param [IIntruderAttack] attack An {IIntruderAttack} object that can 22 | # # be queried to obtain details about the attack in which the payload 23 | # # generator will be used. 24 | # # 25 | # # @return [IIntruderPayloadGenerator] A new instance of 26 | # # {IIntruderPayloadGenerator} that will be used to generate payloads 27 | # # for the attack. 28 | # # 29 | # def createNewInstance(attack); end 30 | # alias create_new_instance createNewInstance 31 | # end 32 | # end 33 | -------------------------------------------------------------------------------- /lib/burp/IIntruderPayloadProcessor.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerIntruderPayloadProcessor} to register a 5 | # # custom Intruder payload processor. 6 | # # 7 | # module IIntruderPayloadProcessor 8 | # # This method is used by Burp to obtain the name of the payload 9 | # # processor. This will be displayed as an option within the Intruder UI 10 | # # when the user selects to use an extension-provided payload processor. 11 | # # 12 | # # @return [String] The name of the payload processor. 13 | # # 14 | # def getProcessorName; end 15 | # alias get_processor_name getProcessorName 16 | # alias processor_name getProcessorName 17 | # 18 | # # This method is invoked by Burp each time the processor should be 19 | # # applied to an Intruder payload. 20 | # # 21 | # # @param [byte[]] currentPayload The value of the payload to be 22 | # # processed. 23 | # # @param [byte[]] originalPayload The value of the original payload 24 | # # prior to processing by any already-applied processing rules. 25 | # # @param [byte[]] baseValue The base value of the payload position, 26 | # # which will be replaced with the current payload. 27 | # # 28 | # # @return [byte[]] The value of the processed payload. This may be 29 | # # +nil+ to indicate that the current payload should be skipped, and 30 | # # the attack will move directly to the next payload. 31 | # # 32 | # def processPayload(currentPayload, originalPayload, baseValue); end 33 | # alias process_payload processPayload 34 | # end 35 | # end 36 | -------------------------------------------------------------------------------- /lib/burp/IMenuItemHandler.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerMenuItem} to register a custom context 5 | # # menu item. 6 | # # 7 | # # @deprecated Use {IContextMenuFactory} instead. 8 | # # 9 | # module IMenuItemHandler 10 | # # This method is invoked by Burp Suite when the user clicks on a custom 11 | # # menu item which the extension has registered with Burp. 12 | # # 13 | # # @param [String] menuItemCaption The caption of the menu item which 14 | # # was clicked. This parameter enables extensions to provide a single 15 | # # implementation which handles multiple different menu items. 16 | # # @param [Array] messageInfo Details of the HTTP 17 | # # message(s) for which the context menu was displayed. 18 | # # 19 | # # @return [void] 20 | # # 21 | # def menuItemClicked(menuItemCaption, messageInfo); end 22 | # alias menu_item_clicked menuItemClicked 23 | # end 24 | # end 25 | -------------------------------------------------------------------------------- /lib/burp/IMessageEditor.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to provide extensions with an instance of Burp's 4 | # # HTTP message editor, for the extension to use in its own UI. Extensions 5 | # # should call {IBurpExtenderCallbacks#createMessageEditor} to obtain an 6 | # # instance of this interface. 7 | # # 8 | # module IMessageEditor 9 | # # This method returns the UI component of the editor, for extensions to 10 | # # add to their own UI. 11 | # # 12 | # # @return [Component] The UI component of the editor. 13 | # # 14 | # def getComponent; end 15 | # alias get_component getComponent 16 | # alias component getComponent 17 | # 18 | # # This method is used to display an HTTP message in the editor. 19 | # # 20 | # # @param [byte[]] message The HTTP message to be displayed. 21 | # # @param [boolean] isRequest Flags whether the message is an HTTP 22 | # # request or response. 23 | # # 24 | # # @return [void] 25 | # # 26 | # def setMessage(message, isRequest); end 27 | # alias set_message setMessage 28 | # alias message= setMessage 29 | # 30 | # # This method is used to retrieve the currently displayed message, 31 | # # which may have been modified by the user. 32 | # # 33 | # # @return [byte[]] The currently displayed HTTP message. 34 | # # 35 | # def getMessage; end 36 | # alias get_message getMessage 37 | # alias message getMessage 38 | # 39 | # # This method is used to determine whether the current message has been 40 | # # modified by the user. 41 | # # 42 | # # @return [boolean] An indication of whether the current message has 43 | # # been modified by the user since it was first displayed. 44 | # # 45 | # def isMessageModified; end 46 | # alias is_message_modified isMessageModified 47 | # alias message_modified? isMessageModified 48 | # 49 | # # This method returns the data that is currently selected by the user. 50 | # # 51 | # # @return [byte[]] The data that is currently selected by the user, or 52 | # # +nil+ if no selection is made. 53 | # # 54 | # def getSelectedData; end 55 | # alias get_selected_data getSelectedData 56 | # alias selected_data getSelectedData 57 | # end 58 | # end 59 | -------------------------------------------------------------------------------- /lib/burp/IMessageEditorController.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used by an {IMessageEditor} to obtain details about 4 | # # the currently displayed message. 5 | # # 6 | # # Extensions that create instances of Burp's HTTP message editor can 7 | # # optionally provide an implementation of {IMessageEditorController}, 8 | # # which the editor will invoke when it requires further information about 9 | # # the current message (for example, to send it to another Burp tool). 10 | # # 11 | # # Extensions that provide custom editor tabs via an 12 | # # {IMessageEditorTabFactory} will receive a reference to an 13 | # # {IMessageEditorController} object for each tab instance they generate, 14 | # # which the tab can invoke if it requires further information about the 15 | # # current message. 16 | # # 17 | # module IMessageEditorController 18 | # # This method is used to retrieve the HTTP service for the current 19 | # # message. 20 | # # 21 | # # @return [IHttpService] The HTTP service for the current message. 22 | # # 23 | # def getHttpService; end 24 | # alias get_http_service getHttpService 25 | # alias http_service getHttpService 26 | # 27 | # # This method is used to retrieve the HTTP request associated with the 28 | # # current message (which may itself be a response). 29 | # # 30 | # # @return [byte[]] The HTTP request associated with the current 31 | # # message. 32 | # # 33 | # def getRequest; end 34 | # alias get_request getRequest 35 | # alias request getRequest 36 | # 37 | # # This method is used to retrieve the HTTP response associated with the 38 | # # current message (which may itself be a request). 39 | # # 40 | # # @return [byte[]] The HTTP response associated with the current 41 | # # message. 42 | # # 43 | # def getResponse; end 44 | # alias get_response getResponse 45 | # alias response getResponse 46 | # end 47 | # end 48 | -------------------------------------------------------------------------------- /lib/burp/IMessageEditorTab.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions that register an {IMessageEditorTabFactory} must return 4 | # # instances of this interface, which Burp will use to create custom tabs 5 | # # within its HTTP message editors. 6 | # # 7 | # module IMessageEditorTab 8 | # # This method returns the caption that should appear on the custom tab 9 | # # when it is displayed. 10 | # # 11 | # # @note Burp invokes this method once when the tab is first generated, 12 | # # and the same caption will be used every time the tab is displayed. 13 | # # 14 | # # @return [String] The caption that should appear on the custom tab 15 | # # when it is displayed. 16 | # # 17 | # def getTabCaption; end 18 | # alias get_tab_caption getTabCaption 19 | # alias tab_caption getTabCaption 20 | # 21 | # # This method returns the component that should be used as the contents 22 | # # of the custom tab when it is displayed. 23 | # # 24 | # # @note Burp invokes this method once when the tab is first generated, 25 | # # and the same component will be used every time the tab is 26 | # # displayed. 27 | # # 28 | # # @return [Component] The component that should be used as the contents 29 | # # of the custom tab when it is displayed. 30 | # # 31 | # def getUiComponent; end 32 | # alias get_ui_component getUiComponent 33 | # alias ui_component getUiComponent 34 | # 35 | # # The hosting editor will invoke this method before it displays a new 36 | # # HTTP message, so that the custom tab can indicate whether it should 37 | # # be enabled for that message. 38 | # # 39 | # # @param [byte[]] content The message that is about to be displayed. 40 | # # @param [boolean] isRequest Indicates whether the message is a request 41 | # # or a response. 42 | # # 43 | # # @return [boolean] The method should return +true+ if the custom tab 44 | # # is able to handle the specified message, and so will be displayed 45 | # # within the editor. Otherwise, the tab will be hidden while this 46 | # # message is displayed. 47 | # # 48 | # def isEnabled(content, isRequest); end 49 | # alias is_enabled isEnabled 50 | # alias enabled? isEnabled 51 | # 52 | # # The hosting editor will invoke this method to display a new message 53 | # # or to clear the existing message. This method will only be called 54 | # # with a new message if the tab has already returned +true+ to a call 55 | # # to {isEnabled} with the same message details. 56 | # # 57 | # # @param [byte[]] content The message that is to be displayed, or +nil+ 58 | # # if the tab should clear its contents and disable any editable 59 | # # controls. 60 | # # @param [boolean] isRequest Indicates whether the message is a request 61 | # # or a response. 62 | # # 63 | # # @return [void] 64 | # # 65 | # def setMessage(content, isRequest); end 66 | # alias set_message setMessage 67 | # alias message= setMessage 68 | # 69 | # # This method returns the currently displayed message. 70 | # # 71 | # # @return [byte[]] The currently displayed message. 72 | # # 73 | # def getMessage; end 74 | # alias get_message getMessage 75 | # alias message getMessage 76 | # 77 | # # This method is used to determine whether the currently displayed 78 | # # message has been modified by the user. The hosting editor will always 79 | # # call {getMessage} before calling this method, so any pending edits 80 | # # should be completed within {getMessage}. 81 | # # 82 | # # @return [boolean] The method should return +true+ if the user has 83 | # # modified the current message since it was first displayed. 84 | # # 85 | # def isModified; end 86 | # alias is_modified isModified 87 | # alias modified? isModified 88 | # 89 | # # This method is used to retrieve the data that is currently selected 90 | # # by the user. 91 | # # 92 | # # @return [byte[]] The data that is currently selected by the user. 93 | # # This may be +nil+ if no selection is currently made. 94 | # # 95 | # def getSelectedData; end 96 | # alias get_selected_data getSelectedData 97 | # alias selected_data getSelectedData 98 | # end 99 | # end 100 | -------------------------------------------------------------------------------- /lib/burp/IMessageEditorTabFactory.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerMessageEditorTabFactory} to register a 5 | # # factory for custom message editor tabs. This allows extensions to 6 | # # provide custom rendering or editing of HTTP messages, within Burp's own 7 | # # HTTP editor. 8 | # # 9 | # module IMessageEditorTabFactory 10 | # # Burp will call this method once for each HTTP message editor, and the 11 | # # factory should provide a new instance of an {IMessageEditorTab} 12 | # # object. 13 | # # 14 | # # @param [IMessageEditorController] controller An 15 | # # {IMessageEditorController} object, which the new tab can query to 16 | # # retrieve details about the currently displayed message. This may be 17 | # # +nil+ for extension-invoked message editors where the extension has 18 | # # not provided an editor controller. 19 | # # @param [boolean] editable Indicates whether the hosting editor is 20 | # # editable or read-only. 21 | # # 22 | # # @return [IMessageEditorTab] A new {IMessageEditorTab} object for use 23 | # # within the message editor. 24 | # # 25 | # def createNewInstance(controller, editable); end 26 | # alias create_new_instance createNewInstance 27 | # end 28 | # end 29 | -------------------------------------------------------------------------------- /lib/burp/IParameter.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to hold details about an HTTP request parameter. 4 | # # 5 | # module IParameter 6 | # 7 | # # Used to indicate a parameter within the URL query string. 8 | # # 9 | # # # PARAM_URL = 0; 10 | # 11 | # # Used to indicate a parameter within the message body. 12 | # # 13 | # # # PARAM_BODY = 1; 14 | # 15 | # # Used to indicate an HTTP cookie. 16 | # # 17 | # # # PARAM_COOKIE = 2; 18 | # 19 | # # Used to indicate an item of data within an XML structure. 20 | # # 21 | # # # PARAM_XML = 3; 22 | # 23 | # # Used to indicate the value of a tag attribute within an XML 24 | # # structure. 25 | # # 26 | # # # PARAM_XML_ATTR = 4; 27 | # 28 | # # Used to indicate the value of a parameter attribute within a 29 | # # multi-part message body (such as the name of an uploaded file). 30 | # # 31 | # # # PARAM_MULTIPART_ATTR = 5; 32 | # 33 | # # Used to indicate an item of data within a JSON structure. 34 | # # 35 | # # # PARAM_JSON = 6; 36 | # 37 | # # This method is used to retrieve the parameter type. 38 | # # 39 | # # @return [byte] The parameter type. The available types are defined 40 | # # within this interface. 41 | # # 42 | # def getType; end 43 | # alias get_type getType 44 | # alias type getType 45 | # 46 | # # This method is used to retrieve the parameter name. 47 | # # 48 | # # @return [String] The parameter name. 49 | # # 50 | # def getName; end 51 | # alias get_name getName 52 | # alias name getName 53 | # 54 | # # This method is used to retrieve the parameter value. 55 | # # 56 | # # @return [String] The parameter value. 57 | # # 58 | # def getValue; end 59 | # alias get_value getValue 60 | # alias value getValue 61 | # 62 | # # This method is used to retrieve the start offset of the parameter 63 | # # name within the HTTP request. 64 | # # 65 | # # @return [int] The start offset of the parameter name within the HTTP 66 | # # request, or -1 if the parameter is not associated with a specific 67 | # # request. 68 | # # 69 | # def getNameStart; end 70 | # alias get_name_start getNameStart 71 | # alias name_start getNameStart 72 | # 73 | # # This method is used to retrieve the end offset of the parameter name 74 | # # within the HTTP request. 75 | # # 76 | # # @return [int] The end offset of the parameter name within the HTTP 77 | # # request, or -1 if the parameter is not associated with a specific 78 | # # request. 79 | # # 80 | # def getNameEnd; end 81 | # alias get_name_end getNameEnd 82 | # alias name_end getNameEnd 83 | # 84 | # # This method is used to retrieve the start offset of the parameter 85 | # # value within the HTTP request. 86 | # # 87 | # # @return [int] The start offset of the parameter value within the HTTP 88 | # # request, or -1 if the parameter is not associated with a specific 89 | # # request. 90 | # # 91 | # def getValueStart; end 92 | # alias get_value_start getValueStart 93 | # alias value_start getValueStart 94 | # 95 | # # This method is used to retrieve the end offset of the parameter value 96 | # # within the HTTP request. 97 | # # 98 | # # @return [int] The end offset of the parameter value within the HTTP 99 | # # request, or -1 if the parameter is not associated with a specific 100 | # # request. 101 | # # 102 | # def getValueEnd; end 103 | # alias get_value_end getValueEnd 104 | # alias value_end getValueEnd 105 | # end 106 | # end 107 | -------------------------------------------------------------------------------- /lib/burp/IProxyListener.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerProxyListener} to register a Proxy 5 | # # listener. The listener will be notified of requests and responses being 6 | # # processed by the Proxy tool. 7 | # # 8 | # # Extensions can perform custom analysis or modification of these 9 | # # messages, and control in-UI message interception, by registering a 10 | # # proxy listener. 11 | # # 12 | # module IProxyListener 13 | # # This method is invoked when an HTTP message is being processed by the 14 | # # Proxy. 15 | # # 16 | # # @param [boolean] messageIsRequest Indicates whether the HTTP message 17 | # # is a request or a response. 18 | # # @param [IInterceptedProxyMessage] message An object that extensions 19 | # # can use to query and update details of the message, and control 20 | # # whether the message should be intercepted and displayed to the user 21 | # # for manual review or modification. 22 | # # 23 | # # @return [void] 24 | # # 25 | # def processProxyMessage(messageIsRequest, message); end 26 | # alias process_proxy_message processProxyMessage 27 | # end 28 | # end 29 | -------------------------------------------------------------------------------- /lib/burp/IRequestInfo.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to retrieve key details about an HTTP request. 4 | # # 5 | # # Extensions can obtain an {IRequestInfo} object for a given request by 6 | # # calling {IExtensionHelpers#analyzeRequest}. 7 | # # 8 | # module IRequestInfo 9 | # 10 | # # Used to indicate that there is no content. 11 | # # 12 | # # # CONTENT_TYPE_NONE = 0; 13 | # 14 | # # Used to indicate URL-encoded content. 15 | # # 16 | # # # CONTENT_TYPE_URL_ENCODED = 1; 17 | # 18 | # # Used to indicate multi-part content. 19 | # # 20 | # # # CONTENT_TYPE_MULTIPART = 2; 21 | # 22 | # # Used to indicate XML content. 23 | # # 24 | # # # CONTENT_TYPE_XML = 3; 25 | # 26 | # # Used to indicate JSON content. 27 | # # 28 | # # # CONTENT_TYPE_JSON = 4; 29 | # 30 | # # Used to indicate AMF content. 31 | # # 32 | # # # CONTENT_TYPE_AMF = 5; 33 | # 34 | # # Used to indicate unknown content. 35 | # # 36 | # # # CONTENT_TYPE_UNKNOWN = -1; 37 | # 38 | # # This method is used to obtain the HTTP method used in the request. 39 | # # 40 | # # @return [String] The HTTP method used in the request. 41 | # # 42 | # def getMethod; end 43 | # alias get_method getMethod 44 | # alias method getMethod 45 | # 46 | # # This method is used to obtain the URL in the request. 47 | # # 48 | # # @return [URL] The URL in the request. 49 | # # 50 | # def getUrl; end 51 | # alias get_url getUrl 52 | # alias url getUrl 53 | # 54 | # # This method is used to obtain the HTTP headers contained in the 55 | # # request. 56 | # # 57 | # # @return [Array] The HTTP headers contained in the request. 58 | # # 59 | # def getHeaders; end 60 | # alias get_headers getHeaders 61 | # alias headers getHeaders 62 | # 63 | # # This method is used to obtain the parameters contained in the 64 | # # request. 65 | # # 66 | # # @return [Array] The parameters contained in the request. 67 | # # 68 | # def getParameters; end 69 | # alias get_parameters getParameters 70 | # alias parameters getParameters 71 | # 72 | # # This method is used to obtain the offset within the request where the 73 | # # message body begins. 74 | # # 75 | # # @return [int] The offset within the request where the message body 76 | # # begins. 77 | # # 78 | # def getBodyOffset; end 79 | # alias get_body_offset getBodyOffset 80 | # alias body_offset getBodyOffset 81 | # 82 | # # This method is used to obtain the content type of the message body. 83 | # # 84 | # # @return [byte] An indication of the content type of the message body. 85 | # # Available types are defined within this interface. 86 | # # 87 | # def getContentType; end 88 | # alias get_content_type getContentType 89 | # alias content_type getContentType 90 | # end 91 | # end 92 | -------------------------------------------------------------------------------- /lib/burp/IResponseInfo.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to retrieve key details about an HTTP response. 4 | # # 5 | # # Extensions can obtain an {IResponseInfo} object for a given response by 6 | # # calling {IExtensionHelpers#analyzeResponse}. 7 | # # 8 | # module IResponseInfo 9 | # # This method is used to obtain the HTTP headers contained in the 10 | # # response. 11 | # # 12 | # # @return [Array] The HTTP headers contained in the response. 13 | # # 14 | # def getHeaders; end 15 | # alias get_headers getHeaders 16 | # alias headers getHeaders 17 | # 18 | # # This method is used to obtain the offset within the response where 19 | # # the message body begins. 20 | # # 21 | # # @return [int] The offset within the response where the message body 22 | # # begins. 23 | # # 24 | # def getBodyOffset; end 25 | # alias get_body_offset getBodyOffset 26 | # alias body_offset getBodyOffset 27 | # 28 | # # This method is used to obtain the HTTP status code contained in the 29 | # # response. 30 | # # 31 | # # @return [short] The HTTP status code contained in the response. 32 | # # 33 | # def getStatusCode; end 34 | # alias get_status_code getStatusCode 35 | # alias status_code getStatusCode 36 | # 37 | # # This method is used to obtain details of the HTTP cookies set in the 38 | # # response. 39 | # # 40 | # # @return [Array] A list of {ICookie} objects representing the 41 | # # cookies set in the response, if any. 42 | # # 43 | # def getCookies; end 44 | # alias get_cookies getCookies 45 | # alias cookies getCookies 46 | # 47 | # # This method is used to obtain the MIME type of the response, as 48 | # # stated in the HTTP headers. 49 | # # 50 | # # @return [String] A textual label for the stated MIME type, or an 51 | # # empty String if this is not known or recognized. The possible 52 | # # labels are the same as those used in the main Burp UI. 53 | # # 54 | # def getStatedMimeType; end 55 | # alias get_stated_mime_type getStatedMimeType 56 | # alias stated_mime_type getStatedMimeType 57 | # 58 | # # This method is used to obtain the MIME type of the response, as 59 | # # inferred from the contents of the HTTP message body. 60 | # # 61 | # # @return [String] A textual label for the inferred MIME type, or an 62 | # # empty String if this is not known or recognized. The possible 63 | # # labels are the same as those used in the main Burp UI. 64 | # # 65 | # def getInferredMimeType; end 66 | # alias get_inferred_mime_type getInferredMimeType 67 | # alias inferred_mime_type getInferredMimeType 68 | # end 69 | # end 70 | -------------------------------------------------------------------------------- /lib/burp/IScanQueueItem.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to retrieve details of items in the Burp Scanner 4 | # # active scan queue. 5 | # # 6 | # # Extensions can obtain references to scan queue items by calling 7 | # # {IBurpExtenderCallbacks#doActiveScan}. 8 | # # 9 | # module IScanQueueItem 10 | # # This method returns a description of the status of the scan queue 11 | # # item. 12 | # # 13 | # # @return [String] A description of the status of the scan queue item. 14 | # # 15 | # def getStatus; end 16 | # alias get_status getStatus 17 | # alias status getStatus 18 | # 19 | # # This method returns an indication of the percentage completed for the 20 | # # scan queue item. 21 | # # 22 | # # @return [byte] An indication of the percentage completed for the scan 23 | # # queue item. 24 | # # 25 | # def getPercentageComplete; end 26 | # alias get_percentage_complete getPercentageComplete 27 | # alias percentage_complete getPercentageComplete 28 | # 29 | # # This method returns the number of requests that have been made for 30 | # # the scan queue item. 31 | # # 32 | # # @return [int] The number of requests that have been made for the scan 33 | # # queue item. 34 | # # 35 | # def getNumRequests; end 36 | # alias get_num_requests getNumRequests 37 | # alias num_requests getNumRequests 38 | # 39 | # # This method returns the number of network errors that have occurred 40 | # # for the scan queue item. 41 | # # 42 | # # @return [int] The number of network errors that have occurred for the 43 | # # scan queue item. 44 | # # 45 | # def getNumErrors; end 46 | # alias get_num_errors getNumErrors 47 | # alias num_errors getNumErrors 48 | # 49 | # # This method returns the number of attack insertion points being used 50 | # # for the scan queue item. 51 | # # 52 | # # @return [int] The number of attack insertion points being used for 53 | # # the scan queue item. 54 | # # 55 | # def getNumInsertionPoints; end 56 | # alias get_num_insertion_points getNumInsertionPoints 57 | # alias num_insertion_points getNumInsertionPoints 58 | # 59 | # # This method allows the scan queue item to be canceled. 60 | # # 61 | # # @return [void] 62 | # # 63 | # def cancel; end 64 | # 65 | # # This method returns details of the issues generated for the scan 66 | # # queue item. 67 | # # 68 | # # @note different items within the scan queue may contain duplicated 69 | # # versions of the same issues - for example, if the same request has 70 | # # been scanned multiple times. Duplicated issues are consolidated in 71 | # # the main view of scan results. Extensions can register an 72 | # # {IScannerListener} to get details only of unique, newly discovered 73 | # # Scanner issues post-consolidation. 74 | # # 75 | # # @return [Array] Details of the issues generated for the 76 | # # scan queue item. 77 | # # 78 | # def getIssues; end 79 | # alias get_issues getIssues 80 | # alias issues getIssues 81 | # end 82 | # end 83 | -------------------------------------------------------------------------------- /lib/burp/IScannerCheck.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerScannerCheck} to register a custom 5 | # # Scanner check. When performing scanning, Burp will ask the check to 6 | # # perform active or passive scanning on the base request, and report any 7 | # # Scanner issues that are identified. 8 | # # 9 | # module IScannerCheck 10 | # # The Scanner invokes this method for each base request / response that 11 | # # is passively scanned. 12 | # # 13 | # # @note Extensions should only analyze the HTTP messages provided 14 | # # during passive scanning, and should not make any new HTTP requests 15 | # # of their own. 16 | # # @param [IHttpRequestResponse] baseRequestResponse The base HTTP 17 | # # request / response that should be passively scanned. 18 | # # 19 | # # @return [Array] A list of {IScanIssue} objects, or +nil+ 20 | # # if no issues are identified. 21 | # # 22 | # def doPassiveScan(baseRequestResponse); end 23 | # alias do_passive_scan doPassiveScan 24 | # 25 | # # The Scanner invokes this method for each insertion point that is 26 | # # actively scanned. Extensions may issue HTTP requests as required to 27 | # # carry out active scanning, and should use the 28 | # # {IScannerInsertionPoint} object provided to build scan requests for 29 | # # particular payloads. 30 | # # 31 | # # @note Scan checks should submit raw non-encoded payloads to insertion 32 | # # points, and the insertion point has responsibility for performing 33 | # # any data encoding that is necessary given the nature and location 34 | # # of the insertion point. 35 | # # @param [IHttpRequestResponse] baseRequestResponse The base HTTP 36 | # # request / response that should be actively scanned. 37 | # # @param [IScannerInsertionPoint] insertionPoint An 38 | # # {IScannerInsertionPoint} object that can be queried to obtain 39 | # # details of the insertion point being tested, and can be used to 40 | # # build scan requests for particular payloads. 41 | # # 42 | # # @return [Array] A list of {IScanIssue} objects, or +nil+ 43 | # # if no issues are identified. 44 | # # 45 | # def doActiveScan(baseRequestResponse, insertionPoint); end 46 | # alias do_active_scan doActiveScan 47 | # 48 | # # The Scanner invokes this method when the custom Scanner check has 49 | # # reported multiple issues for the same URL path. This can arise either 50 | # # because there are multiple distinct vulnerabilities, or because the 51 | # # same (or a similar) request has been scanned more than once. The 52 | # # custom check should determine whether the issues are duplicates. In 53 | # # most cases, where a check uses distinct issue names or descriptions 54 | # # for distinct issues, the consolidation process will simply be a 55 | # # matter of comparing these features for the two issues. 56 | # # 57 | # # @param [IScanIssue] existingIssue An issue that was previously 58 | # # reported by this Scanner check. 59 | # # @param [IScanIssue] newIssue An issue at the same URL path that has 60 | # # been newly reported by this Scanner check. 61 | # # 62 | # # @return [int] An indication of which issue(s) should be reported in 63 | # # the main Scanner results. The method should return -1 64 | # # to report the existing issue only, +0+ to report both issues, and 65 | # # +1+ to report the new issue only. 66 | # # 67 | # def consolidateDuplicateIssues(existingIssue, newIssue); end 68 | # alias consolidate_duplicate_issues consolidateDuplicateIssues 69 | # end 70 | # end 71 | -------------------------------------------------------------------------------- /lib/burp/IScannerInsertionPointProvider.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerScannerInsertionPointProvider} to 5 | # # register a factory for custom Scanner insertion points. 6 | # # 7 | # module IScannerInsertionPointProvider 8 | # # When a request is actively scanned, the Scanner will invoke this 9 | # # method, and the provider should provide a list of custom insertion 10 | # # points that will be used in the scan. 11 | # # 12 | # # @note these insertion points are used in addition to those that are 13 | # # derived from Burp Scanner's configuration, and those provided by 14 | # # any other Burp extensions. 15 | # # 16 | # # @param [IHttpRequestResponse] baseRequestResponse The base request 17 | # # that will be actively scanned. 18 | # # 19 | # # @return [Array] A list of 20 | # # {IScannerInsertionPoint} objects that should be used in the 21 | # # scanning, or +nil+ if no custom insertion points are applicable for 22 | # # this request. 23 | # # 24 | # def getInsertionPoints(baseRequestResponse); end 25 | # alias get_insertion_points getInsertionPoints 26 | # alias insertion_points getInsertionPoints 27 | # end 28 | # end 29 | -------------------------------------------------------------------------------- /lib/burp/IScannerListener.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerScannerListener} to register a Scanner 5 | # # listener. The listener will be notified of new issues that are reported 6 | # # by the Scanner tool. Extensions can perform custom analysis or logging 7 | # # of Scanner issues by registering a Scanner listener. 8 | # # 9 | # module IScannerListener 10 | # # This method is invoked when a new issue is added to Burp Scanner's 11 | # # results. 12 | # # 13 | # # @param [IScanIssue] issue An {IScanIssue} object that the extension 14 | # # can query to obtain details about the new issue. 15 | # # 16 | # # @return [void] 17 | # # 18 | # def newScanIssue(issue); end 19 | # alias new_scan_issue newScanIssue 20 | # end 21 | # end 22 | -------------------------------------------------------------------------------- /lib/burp/IScopeChangeListener.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerScopeChangeListener} to register a 5 | # # scope change listener. The listener will be notified whenever a change 6 | # # occurs to Burp's suite-wide target scope. 7 | # # 8 | # module IScopeChangeListener 9 | # # This method is invoked whenever a change occurs to Burp's suite-wide 10 | # # target scope. 11 | # # 12 | # # @return [void] 13 | # # 14 | # def scopeChanged; end 15 | # alias scope_changed scopeChanged 16 | # end 17 | # end 18 | -------------------------------------------------------------------------------- /lib/burp/ISessionHandlingAction.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # Extensions can implement this interface and then call 4 | # # {IBurpExtenderCallbacks#registerSessionHandlingAction} to register a 5 | # # custom session handling action. Each registered action will be 6 | # # available within the session handling rule UI for the user to select as 7 | # # a rule action. Users can choose to invoke an action directly in its own 8 | # # right, or following execution of a macro. 9 | # # 10 | # module ISessionHandlingAction 11 | # # This method is used by Burp to obtain the name of the session 12 | # # handling action. This will be displayed as an option within the 13 | # # session handling rule editor when the user selects to execute an 14 | # # extension-provided action. 15 | # # 16 | # # @return [String] The name of the action. 17 | # # 18 | # def getActionName; end 19 | # alias get_action_name getActionName 20 | # 21 | # # This method is invoked when the session handling action should be 22 | # # executed. This may happen as an action in its own right, or as a 23 | # # sub-action following execution of a macro. 24 | # # 25 | # # @param [IHttpRequestResponse] currentRequest The base request that is 26 | # # currently being processed. The action can query this object to 27 | # # obtain details about the base request. It can issue additional 28 | # # requests of its own if necessary, and can use the setter methods on 29 | # # this object to update the base request. 30 | # # @param [Array] macroItems If the action is 31 | # # invoked following execution of a macro, this parameter contains the 32 | # # result of executing the macro. Otherwise, it is +nil+. Actions can 33 | # # use the details of the macro items to perform custom analysis of 34 | # # the macro to derive values of non-standard session handling tokens, 35 | # # etc. 36 | # # 37 | # # @return [void] 38 | # # 39 | # def performAction(currentRequest, macroItems); end 40 | # alias perform_action performAction 41 | # end 42 | # end 43 | -------------------------------------------------------------------------------- /lib/burp/ITab.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to provide Burp with details of a custom tab 4 | # # that will be added to Burp's UI, using a method such as 5 | # # {IBurpExtenderCallbacks#addSuiteTab}. 6 | # # 7 | # module ITab 8 | # # Burp uses this method to obtain the caption that should appear on the 9 | # # custom tab when it is displayed. 10 | # # 11 | # # @return [String] The caption that should appear on the custom tab 12 | # # when it is displayed. 13 | # # 14 | # def getTabCaption; end 15 | # alias get_tab_caption getTabCaption 16 | # alias tab_caption getTabCaption 17 | # 18 | # # Burp uses this method to obtain the component that should be used as 19 | # # the contents of the custom tab when it is displayed. 20 | # # 21 | # # @return [Component] The component that should be used as the contents 22 | # # of the custom tab when it is displayed. 23 | # # 24 | # def getUiComponent; end 25 | # alias get_ui_component getUiComponent 26 | # alias ui_component getUiComponent 27 | # end 28 | # end 29 | -------------------------------------------------------------------------------- /lib/burp/ITempFile.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to hold details of a temporary file that has 4 | # # been created via a call to {IBurpExtenderCallbacks#saveToTempFile}. 5 | # # 6 | # # 7 | # module ITempFile 8 | # # This method is used to retrieve the contents of the buffer that was 9 | # # saved in the temporary file. 10 | # # 11 | # # @return [byte[]] The contents of the buffer that was saved in the 12 | # # temporary file. 13 | # # 14 | # def getBuffer; end 15 | # alias get_buffer getBuffer 16 | # alias buffer getBuffer 17 | # 18 | # # This method is deprecated and no longer performs any action. 19 | # # 20 | # # @deprecated 21 | # # 22 | # # @return [void] 23 | # # 24 | # def delete; end 25 | # end 26 | # end 27 | -------------------------------------------------------------------------------- /lib/burp/ITextEditor.rb: -------------------------------------------------------------------------------- 1 | # @!parse 2 | # module Burp 3 | # # This interface is used to provide extensions with an instance of Burp's 4 | # # raw text editor, for the extension to use in its own UI. Extensions 5 | # # should call {IBurpExtenderCallbacks#createTextEditor} to obtain an 6 | # # instance of this interface. 7 | # # 8 | # module ITextEditor 9 | # # This method returns the UI component of the editor, for extensions to 10 | # # add to their own UI. 11 | # # 12 | # # @return [Component] The UI component of the editor. 13 | # # 14 | # def getComponent; end 15 | # alias get_component getComponent 16 | # alias component getComponent 17 | # 18 | # # This method is used to control whether the editor is currently 19 | # # editable. This status can be toggled on and off as required. 20 | # # 21 | # # @param [boolean] editable Indicates whether the editor should be 22 | # # currently editable. 23 | # # 24 | # # @return [void] 25 | # # 26 | # def setEditable(editable); end 27 | # alias set_editable setEditable 28 | # alias editable= setEditable 29 | # 30 | # # This method is used to update the currently displayed text in the 31 | # # editor. 32 | # # 33 | # # @param [byte[]] text The text to be displayed. 34 | # # 35 | # # @return [void] 36 | # # 37 | # def setText(text); end 38 | # alias set_text setText 39 | # alias text= setText 40 | # 41 | # # This method is used to retrieve the currently displayed text. 42 | # # 43 | # # @return [byte[]] The currently displayed text. 44 | # # 45 | # def getText; end 46 | # alias get_text getText 47 | # alias text getText 48 | # 49 | # # This method is used to determine whether the user has modified the 50 | # # contents of the editor. 51 | # # 52 | # # @return [boolean] An indication of whether the user has modified the 53 | # # contents of the editor since the last call to {setText}. 54 | # # 55 | # def isTextModified; end 56 | # alias is_text_modified isTextModified 57 | # alias text_modified? isTextModified 58 | # 59 | # # This method is used to obtain the currently selected text. 60 | # # 61 | # # @return [byte[]] The currently selected text, or +nil+ if the user 62 | # # has not made any selection. 63 | # # 64 | # def getSelectedText; end 65 | # alias get_selected_text getSelectedText 66 | # alias selected_text getSelectedText 67 | # 68 | # # This method can be used to retrieve the bounds of the user's 69 | # # selection into the displayed text, if applicable. 70 | # # 71 | # # @return [Array>] An +int[2]+ array containing the start 72 | # # and end offsets of the user's selection within the displayed text. 73 | # # If the user has not made any selection in the current message, both 74 | # # offsets indicate the position of the caret within the editor. 75 | # # 76 | # def getSelectionBounds; end 77 | # alias get_selection_bounds getSelectionBounds 78 | # alias selection_bounds getSelectionBounds 79 | # 80 | # # This method is used to update the search expression that is shown in 81 | # # the search bar below the editor. The editor will automatically 82 | # # highlight any regions of the displayed text that match the search 83 | # # expression. 84 | # # 85 | # # @param [String] expression The search expression. 86 | # # 87 | # # @return [void] 88 | # # 89 | # def setSearchExpression(expression); end 90 | # alias set_search_expression setSearchExpression 91 | # alias search_expression= setSearchExpression 92 | # end 93 | # end 94 | -------------------------------------------------------------------------------- /samples/bubystart.rb: -------------------------------------------------------------------------------- 1 | $:.unshift File.join(File.dirname(Dir.glob(File.join(File.dirname(Java::JavaLang::System.getProperties['java.class.path'].split(File::PATH_SEPARATOR).grep(/burp.*\.jar/).first),"bapps",'**','bubystart.rb')).first),"lib") 2 | 3 | require 'buby/burp_extender' 4 | -------------------------------------------------------------------------------- /samples/drb_buby.rb: -------------------------------------------------------------------------------- 1 | 2 | require 'rubygems' 3 | require 'buby' 4 | require 'drb' 5 | 6 | module DrbBuby 7 | attr_reader :drb_server 8 | 9 | def evt_register_callbacks(cb) 10 | super(cb) 11 | # cb.issueAlert("[DrbBuby] Service on: #{@drb_server.uri}") 12 | end 13 | 14 | def init_DrbBuby 15 | ## want to bind the DRb service on a specific socket? 16 | uri ='druby://127.0.0.1:9999' 17 | ## or let it choose one automatically: 18 | # uri = nil 19 | @drb_server = DRb.start_service uri, self 20 | puts "[DrbBuby] Service on: #{@drb_server.uri}" 21 | self.alert("[DrbBuby] Service on: #{@drb_server.uri}") 22 | end 23 | end 24 | 25 | if __FILE__ == $0 26 | $burp = Buby.new 27 | $burp.extend(DrbBuby) 28 | $burp.start_burp() 29 | $burp.init_DrbBuby 30 | end 31 | 32 | -------------------------------------------------------------------------------- /samples/drb_sample_cli.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # notice... we're using MRI ruby here, not JRuby (but either will work) 3 | 4 | require 'drb' 5 | 6 | unless drb_uri = ARGV.shift 7 | STDERR.puts "Usage: #{File.basename $0} druby://:" 8 | exit 1 9 | end 10 | 11 | drb = DRbObject.new nil, drb_uri 12 | rsp=drb.make_http_request 'example.com', 80, false, "GET / HTTP/1.0\r\n\r\n" 13 | 14 | puts rsp 15 | -------------------------------------------------------------------------------- /samples/mechanize_burp.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env jruby 2 | 3 | require 'rubygems' 4 | require 'buby' 5 | require 'mechanize' 6 | require 'rbkb/http' 7 | require 'irb' 8 | 9 | include Java 10 | 11 | # This Buby handler implementation simply keeps cookie state synched 12 | # for a Mechanize agent by intercepting all requests sent through the 13 | # Burp proxy. This lets you use Mechanize in tandem with your browser 14 | # through Burp without having to fuss around with cookies. 15 | module MechGlue 16 | attr_accessor :mech_agent 17 | 18 | def evt_proxy_message(*param) 19 | msg_ref, is_req, rhost, rport, is_https, http_meth, url, 20 | resourceType, status, req_content_type, message, action = param 21 | 22 | if (not is_req) and (message =~ /Set-Cookie/i) 23 | 24 | rsp = Rbkb::Http::Response.new(message, :ignore_content_length => true) 25 | 26 | # Get an uri object ready for mechanize 27 | uri = URI.parse(url) 28 | uri.scheme = (is_https)? "https" : "http" 29 | uri.host = rhost 30 | uri.port = rport 31 | 32 | # Grab cookies from headers: 33 | rsp.headers.get_header_value('Set-Cookie').each do |cookie| 34 | WWW::Mechanize::Cookie.parse(uri, cookie) do |c| 35 | @mech_agent.cookie_jar.add(uri, c) 36 | end 37 | end 38 | end 39 | return(message) 40 | end 41 | end 42 | 43 | 44 | if __FILE__ == $0 45 | $mech = WWW::Mechanize.new 46 | #$mech.set_proxy('localhost', '8080') 47 | 48 | $burp = Buby.new() 49 | $burp.extend(MechGlue) 50 | $burp.mech_agent = $mech 51 | $burp.start_burp 52 | 53 | puts "$burp is set to #{$burp.class}" 54 | puts "$mech is set to #{$mech.class}" 55 | IRB.start 56 | end 57 | 58 | -------------------------------------------------------------------------------- /samples/menu_copy_req.rb: -------------------------------------------------------------------------------- 1 | module CopyRequest 2 | def copyRequest(req) 3 | req = case 4 | when req.is_a?(Numeric) 5 | # offset to match UI 6 | self.proxy_history[req-1].req_str 7 | when req.kind_of?(String) 8 | req 9 | when (req.respond_to?(:java_class) and req.java_class.to_s == "[B") 10 | String.from_java_bytes(req) 11 | when req.respond_to?(:req_str) 12 | req.req_str 13 | else 14 | warn "unknown request type... ducking" 15 | req 16 | end 17 | 18 | java.awt.Toolkit.getDefaultToolkit.getSystemClipboard.setContents(java.awt.datatransfer.StringSelection.new(req), nil) 19 | req 20 | end 21 | alias copy_request copyRequest 22 | 23 | def init_CopyRequest 24 | CopyRequestHandler.init_handler("Copy request(s)", self) 25 | end 26 | end 27 | 28 | module CopyRequestHandler 29 | class << self 30 | attr_accessor :_burp 31 | attr_reader :menuItemCaption 32 | end 33 | 34 | def self.init_handler(menuItemCaption, _burp = $burp) 35 | @menuItemCaption = menuItemCaption 36 | @_burp = _burp 37 | @_burp.registerMenuItem(menuItemCaption, self) 38 | end 39 | 40 | def self.menuItemClicked(menuItemCaption, messageInfo) 41 | messageInfo = Buby::HttpRequestResponseList.new(messageInfo).map{|x| x.req_str}.join("\r\n\r\n#{'='*50}\r\n\r\n") 42 | java.awt.Toolkit.getDefaultToolkit.getSystemClipboard.setContents(java.awt.datatransfer.StringSelection.new(messageInfo), nil) 43 | end 44 | end 45 | -------------------------------------------------------------------------------- /samples/verb_tamperer.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env jruby 2 | require 'rubygems' 3 | require 'buby' 4 | 5 | module VerbTamperer 6 | def evt_proxy_message(*param) 7 | msg_ref, is_req, rhost, rport, is_https, http_meth, url, 8 | resourceType, status, req_content_type, message, action = param 9 | 10 | if is_req and http_meth == "GET" 11 | message[0,3] = "PET" 12 | action[0] = Buby::ACTION_DONT_INTERCEPT 13 | 14 | return super(*param).dup 15 | else 16 | return super(*param) 17 | end 18 | end 19 | end 20 | 21 | if __FILE__ == $0 22 | $burp = Buby.new() 23 | $burp.extend(VerbTamperer) 24 | $burp.start_burp() 25 | end 26 | -------------------------------------------------------------------------------- /samples/watch_scan.rb: -------------------------------------------------------------------------------- 1 | 2 | module WatchScan 3 | def evt_http_message(tool_name, is_request, message_info) 4 | super(tool_name, is_request, message_info) 5 | if tool_name == 'scanner' 6 | if is_request 7 | puts "#"*70, "# REQUEST: #{message_info.url.toString}", "#"*70 8 | puts message_info.req_str 9 | puts 10 | else 11 | puts "#"*70, "# RESPONSE: #{message_info.url.toString}", "#"*70 12 | puts message_info.rsp_str 13 | puts 14 | end 15 | end 16 | end 17 | 18 | def init_WatchScan 19 | puts "WatchScan module initialized" 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /test/buby_test.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | require 'buby' 3 | -------------------------------------------------------------------------------- /tmp/.gitignore: -------------------------------------------------------------------------------- 1 | !.gitignore 2 | * 3 | --------------------------------------------------------------------------------