bscan 2.0.1 → 3.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7cd2c132cb1c5719f640c8820bcea3eb7b0fa121
+  data.tar.gz: db78ba320a6d30b6d587b23f38d5b69f2841b0b7
+SHA512:
+  metadata.gz: 1de53e763e7160627e70880ffeb82eee7991aab9cfcedc0ae42627ea200630fc708737910614ffc0cfb2e2e762832641d9a47f5f6e252252e9528154f8c64c0d
+  data.tar.gz: 1992b9fcac4775b3f5cdafb69c5b517b67b81bd9739daad4b40f9812d6c0abbde65ba4d1d80e5c387c2147afddc03e773ac4a5072a260cdfca79f75900062e1b

data/CONFIG.rdoc

@@ -32,12 +32,17 @@ see BscannerHelper#search_path for details
 
 == BScan Parameters
 * bscan.modules - see 'CONVENTIONS' for details
-* bscan.inactivity_to - inactivity is sec that triggers exit
+* bscan.inactivity_to - inactivity is sec that triggers exit and generating a report
+* bscan.run_proxy - run Burp proxy and collect vulns in passive mode
+  Default: false
+* bscan.report_url_prefix=<URL-prefix>|<path-to-report-file.xml> sort reports by URL
+* bscan.report_def_name=<path-to-report-file.xml> default report file
 * bscan.issues=issues - output directory for findings/issues
 * scan.modules_only - if true, only modules with static requests 
   will run (no spider)
 * bscan.url - URL to spider, multiple entries are OK. Have no effect 
   if scan.modules_only=true
+* proxy.listener0=1.<port>.1.0..0.0.1.0..0..0..0. - this is a burp's param, used to change a proxy's port number
 
 == BScan SMTP Parameters
 If specified an email will be sent. If 'include_report' is set

data/README.rdoc

@@ -2,9 +2,12 @@
 == DESCRIPTION:
 BScan is a configurable and extendable command line application security scanner. 
 It's built on top of arguably the most popular commercial security testing tool 
-Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr
+Burp Suite from PortSwigger
 
 == USE CASES:
+* Run Burp proxy from a command line and passively scan, e.g. QA regression traffic:
+  jruby -S bscan -c bscan.config -l bscan.log
+
 * Run security scans offline from a command line headless (without UI).
 
 * Change the type of scanning easily by changing configuration parameters.
@@ -22,13 +25,11 @@ Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr
 == DOCS, CODE, etc.:
 * Documentation: http://gryb.info/bscan
 * Git repo: git://git.code.sf.net/p/b-scan/trunk
-* Sourceforge: http://sf.net/projects/b-scan/
 * Gem package: http://gemcutter.org (see 'BUILD/INSTALL')
 
 == REQUIREMENTS:
 * JRuby - http://jruby.org
 * Burp pro if you want to use default Burp's scanners 
-* Buby 1.3.1 (see http://emonti.github.com/buby/) (not neccessary for modules_only mode)
 
 == BUILD/INSTALL:
 
@@ -37,14 +38,13 @@ Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr
   sudo jruby -S gem install buby -d --source=http://gemcutter.org (not necessary for modules_only)
   sudo jruby -S gem install bscan --source=http://gemcutter.org
   
-  After Buby and BScan are installed, you'll need to link BScan to Burp's JAR (see below)
 
 === Building Manually from Git
 
 	git git://git.code.sf.net/p/b-scan/trunk <src_dir>
 	cd <src_dir>
-	jruby -S gem build bscan.gemspec
-	jruby -S gem install -d --local bscan-*.gem
+	jruby -S rake build gemspec
+	sudo jruby -S gem install  --local pkg/bscan-*.gem (sudo might not be necessary on some systems)
 	bscan --help
 	bscan --help config
 
@@ -52,22 +52,29 @@ Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr
 
 * This step is not neccessary for modules_only mode
 
-After Buby and BScan are installed (either manually or by gem) 
-you'll need to link them to a Burp's JAR.
+Java code is used to register a Burp extension and to bind Burp's events to Ruby functions.
 
-The easiest way of doing that is to find the directory where buby.jar is located
-and then create a link from that directory to a Burp's jar:
+You'll need to re-compile it in at least three following cases:
 
-	cd <dir_where_buby.jar_is_located>
-	ln -s <path_to_burp*.jar> <dir_where_buby.jar_is_located>/burp.jar
+1. You want to link to your own license version of Burp's jar. The default BScan comes with a public Burp's version.  
+2. You want to update the Burp's jar when a new version is released (either public or licensed).
+3. You want to change the Java code.
 
-To find where buby.jar is located you can print JRuby's search path using:
-    
-  jruby -e 'puts $:'
+Use the following commands to recompile Java and to put a generated jar to the right location
 
-and then run 'find' command for each dirctory in the search path:
-  
-  find <dir> -name buby.jar
+cd <src-dir>/java
+./build.sh <path-to-burp-jar>
+
+Verify that the Java build was successful by typing:
+
+ls -l ../lib
+
+You should look for two jar files in that directory:
+
+bscan.jar
+burp.jar
+
+They will be deployed to JRuby locations when you install the gem 
 
 == TEST AND USAGE EXAMPLE:
 
@@ -84,9 +91,8 @@ You need to register you burp.jar before you can run it headless
 
 * Not neccessary for modules_only mode
 
-* Run your Burp as usual with GUI and provide you license. 
-  After this is done, you can run it headless using 'bscan'
-
+* Either run Burp with UI and upload the license there or run it headless and copy/paste the license when prompted.
+* No license will be asked for a public version.
 
 == DOCUMENTATION, SAMPLES, RUNNING HEADLESSLY
 * Rdoc generated files: http://gryb.info/bscan/
@@ -103,8 +109,7 @@ You need to register you burp.jar before you can run it headless
   Copyright 2012 PortSwigger Ltd. All rights reserved.
   See http://portswigger.net for license terms.
 
-* Buby library and the accompanying BurpExtender.java implementation are 
-  written by Eric Monti @ Matasano Security. Matasano Security claims no 
+* Buby BurpExtender.java has been initially implemented  by Eric Monti @ Matasano Security and modified by Oleg Gryb. Matasano Security claims no 
   professional or legal affiliation with PortSwigger LTD.
 
 * This BScan tools and library written by Oleg Gryb who claims no professional or
@@ -121,8 +126,7 @@ You need to register you burp.jar before you can run it headless
   Copyright 2012 PortSwigger Ltd. All rights reserved.
   See http://portswigger.net for license terms.
 
-* The Buby library and its accompanying BurpExtender implementation are
-  both freely available under the terms of the MIT public license:
+* The BurpExtender implementation is freely available under the terms of the MIT public and BSD 2-Clause license:
 
 (The MIT License)
 
@@ -134,15 +138,12 @@ The above copyright notice and this permission notice shall be included in all c
 
 THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
 
-* The BScan tools and library are freely available under the terms of the MIT public license:
-
-(The MIT License)
-
-Copyright (C) 2012 Oleg Gryb
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+* The BScan tools and library are freely available under the terms of the BSD 2-Clause license:
 
+Copyright (C) 2015, Oleg Gryb
+All rights reserved.
+  
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Rakefile

@@ -1,3 +1,13 @@
+=begin
+  Copyright (c) 2015, Oleg Gryb
+  All rights reserved.
+  
+  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+=end
+
 require 'rubygems'
 require 'rake'
 require 'rake/clean'
@@ -5,8 +15,10 @@ require 'rake/clean'
 begin
   require 'jeweler'
   Jeweler::Tasks.new do |gem|
-    gem.add_dependency('buby', '>= 1.3.1')
+#   gem.add_dependency('buby', '>= 1.3.1')
+#   gem.add_dependency(nil)
     gem.name = "bscan"
+    gem.license = "BSD 2-Clause"
     gem.summary = %q{BScan is an extendable and configurable command line web application security scanner}
     gem.description = %q{BScan is a configurable and extendable web application security scanner that can be run from a command line headless (without UI). It's built on top of arguably the most popular commercial security testing tool Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr}
     gem.email = "oleg@gryb.info"

data/VERSION

@@ -1 +1 @@
-2.0.1
+3.0.0

data/bin/bscan

@@ -1,24 +1,37 @@
 #!/usr/bin/env jruby
 
+=begin
+  Copyright (c) 2015, Oleg Gryb
+  All rights reserved.
+  
+  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+=end
+
 #require File.expand_path(File.join(File.dirname(__FILE__), %w[.. lib bscan]))
 $: << File.expand_path(File.join(File.dirname(__FILE__), %w[.. lib]))
 
+require 'java'
 require 'getoptlong'
 require 'bscan/utils/bscan_helper'
 require 'json'
 
+
 include BscanHelper
 
 def usage
 
   puts %q{
 USAGE: jruby [-J-Xmx<nnn>M] [-J-Djava.awt.headless=true] -S bscan --config path_to_file \ 
-             [--help [config]] [--loglevel n] [--logfile file] [--version]
+             [--configonly] [--help [config]] [--loglevel n] [--logfile file] [--version]
 
 	-J-Xmx<nnn>M tells JVM to set maximum heap size to <nnn> MB 
 	-J-Djava.awt.headless=true tells JVM to run it headless (no UI)
 	-S tells jruby to search for bscan in a PATH
 	--config -c path_to_file path to config (see 'CONFIG' section in rdoc)
+	--configonly -O configure burp and exit
 	--help -h   this help
 	--help config config help
 	--loglevel -L 0 errors, 1 - warning, 2 - info, 3 - debug
@@ -64,6 +77,7 @@ def get_cmd_params
     [ '--help',     '-h', GetoptLong::OPTIONAL_ARGUMENT ],
     [ '--version',  '-v', GetoptLong::NO_ARGUMENT ],
     [ '--config',   '-c', GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--configonly',  '-O', GetoptLong::NO_ARGUMENT ],
     [ '--loglevel', '-L', GetoptLong::REQUIRED_ARGUMENT ],
     [ '--logfile', '-l', GetoptLong::REQUIRED_ARGUMENT ]
   )
@@ -82,6 +96,8 @@ def get_cmd_params
 		exit(1)
       when '--config'
         params['burp_config'], params['bscan_config'] = read_config(arg) 
+      when '--configonly'
+        params['burp_config_only'] = true 
       when '--loglevel'
         params['loglevel'] = arg
       when '--logfile'
@@ -108,10 +124,12 @@ init_internals  params
 run_modules self
 exit 0 if @modules_only
 
-require 'buby'
-require 'burp'
+#require 'buby'
+#require 'burp'
 require 'bscan'
+include BScan
+
+#$burp = Buby.new()
+#$burp.extend(BScan)
 
-$burp = Buby.new()
-$burp.extend(BScan)
-$burp.start_burp([params.to_json])
+start_burp([params.to_json], ARGV)

data/java/build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+[ -f "$1" ] || (echo Usage: ./build.sh path_to_burp_jar && exit 1) 
+
+cp "$1" lib/.
+rm -rf bin/burp bin/bscan*
+javac -cp 'lib/*' -d bin src/burp/BurpExtender.java
+jar -cf bin/bscan.jar -C bin burp/BurpExtender.class
+cp bin/bscan.jar ../lib/.
+cp lib/burp*.jar ../lib/burp.jar

data/java/src/burp/BurpExtender.java

@@ -0,0 +1,146 @@
+package burp;
+
+import burp.*;
+
+import org.jruby.*;
+import org.jruby.javasupport.JavaUtil;
+import org.jruby.runtime.ThreadContext; 
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.RubyBoolean;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.swing.JMenuItem;
+
+public class BurpExtender implements IBurpExtender, IHttpListener, IScannerListener, ISessionHandlingAction  { 
+	
+    // Internal reference to hold the ruby Burp handler
+    private static IRubyObject r_obj = null;
+    private IBurpExtenderCallbacks burp_cb = null;
+    public static void setHandler(IRubyObject hnd) { r_obj = hnd; }
+    public static IRubyObject getHandler() { return r_obj; }
+
+    public BurpExtender() {
+      if (r_obj !=null)
+        r_obj.callMethod(ctx(r_obj), "evt_extender_init", to_ruby(rt(r_obj), this));
+    }
+
+    public void setCommandLineArgs(String[] args) {
+      if(r_obj != null)
+        r_obj.callMethod(ctx(r_obj), "evt_commandline_args", to_ruby(rt(r_obj), args));
+    }
+  
+	@Override
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks cb) {
+      this.burp_cb = cb;
+      cb.setExtensionName("BScan");
+      cb.issueAlert("registering JRuby handler callbacks for BScan");
+      cb.registerHttpListener(this);
+      cb.registerScannerListener(this);
+      cb.registerSessionHandlingAction(this);
+//      this.burp_cb.issueAlert("Listeners: " + cb.getHttpListeners().get(0).toString());
+      if(r_obj != null) {
+        IRubyObject args[] = {to_ruby(rt(r_obj), cb), RubyBoolean.newBoolean(rt(r_obj), false)};
+        r_obj.callMethod(ctx(r_obj), "evt_register_callbacks", args[0]);
+      }
+    }
+/*
+	public void processHttpMessage(
+        String toolName, 
+        boolean messageIsRequest, 
+        IHttpRequestResponse messageInfo ) 
+    {
+	 this.burp_cb.issueAlert("HttpMessage from: " + toolName + " " + messageIsRequest);
+      if (r_obj != null && r_obj.respondsTo("evt_http_message")) {
+        Ruby rt = rt(r_obj);
+        IRubyObject http_msg[] = {
+          to_ruby(rt, toolName),
+          to_ruby(rt, messageIsRequest),
+          to_ruby(rt, messageInfo)
+        };
+    
+        r_obj.callMethod(ctx(r_obj), "evt_http_message", http_msg);
+      }
+    }
+*/
+
+	@Override
+    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)
+    {
+//      this.burp_cb.issueAlert("HttpMessage from: " + toolFlag + " " + messageIsRequest);
+      if (r_obj != null) {
+        Ruby rt = rt(r_obj);
+        IRubyObject http_msg[] = {
+          to_ruby(rt, toolFlag),
+          to_ruby(rt, messageIsRequest),
+          to_ruby(rt, messageInfo)
+        };
+
+//        this.burp_cb.issueAlert("HttpMessage from: " + toolFlag);
+        r_obj.callMethod(ctx(r_obj), "evt_http_message", http_msg);
+      }
+    }
+
+	@Override
+    public void newScanIssue(IScanIssue issue) {
+      
+//      this.burp_cb.issueAlert("newScanIssue: " + issue.getIssueDetail());
+      if (r_obj != null)
+      r_obj.callMethod(ctx(r_obj), "evt_scan_issue", to_ruby(rt(r_obj), issue));
+    }
+
+
+    public void applicationClosing() {
+      if (r_obj != null)
+        r_obj.callMethod(ctx(r_obj), "evt_application_closing");
+    }
+
+    private ThreadContext ctx(IRubyObject obj) {
+      return rt(obj).getThreadService().getCurrentContext();
+    }
+
+    private Ruby rt(IRubyObject obj) {
+      return obj.getRuntime();
+    }
+
+    public IRubyObject to_ruby(Ruby rt, Object obj) {
+      return JavaUtil.convertJavaToUsableRubyObject(rt, obj);
+    }
+	@Override
+	public String getActionName() {
+        String ret = "";
+//		this.burp_cb.issueAlert("getActionName");
+		if (r_obj != null)
+          ret = r_obj.callMethod(ctx(r_obj), "evt_get_action_name").asJavaString();
+//		this.burp_cb.issueAlert("getActionName " + ret);
+		return ret;
+	}
+	@Override
+	public void performAction(IHttpRequestResponse req,
+			IHttpRequestResponse[] macros) {
+//		this.burp_cb.issueAlert("perfromAction");
+		
+		if (r_obj != null)
+	    r_obj.callMethod(ctx(r_obj), "evt_perfrom_action", to_ruby(rt(r_obj), req));
+	}
+	
+	public void loadConfig (RubyHash rh, String defConfigFile) {
+		
+		if (defConfigFile != null) {
+			this.burp_cb.restoreState(new File(defConfigFile));
+		}
+		
+		Map<String,String> map = new HashMap<String,String>(); 
+		for (Object k : rh.keys()) {
+			map.put((String) k, (String) rh.get(k)); 
+		}
+		this.burp_cb.loadConfig(map); // this will set custom config
+//		this.burp_cb.issueAlert("Config loaded");
+//	    this.burp_cb.issueAlert("Listeners after load: " + this.burp_cb.getHttpListeners().get(0).toString());
+	}
+
+}
+

data/lib/bscan.rb

@@ -1,54 +1,173 @@
 #!/usr/bin/env jruby
 
-require 'buby'
+
+=begin
+  Copyright (c) 2015, Oleg Gryb
+  All rights reserved.
+  
+  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+=end
+
 require 'getoptlong'
 require 'bscan/utils/bscan_helper'
 require 'bscan/utils/mailer'
 require 'java'
 require 'json'
+require 'bscan.jar'
+require 'burp.jar'
 
 module BScan
   
   include BscanHelper
   include Mailer
   
+  def start_burp args, arg_strs
+    Java.burp.BurpExtender.handler = self
+    init_internals JSON.parse(args[0])
+    Java.burp.StartBurp.main(arg_strs.to_java(:string))
+    
+  end
 
+  def evt_extender_init ext
+    @burp_extender = ext
+    Log 2, "#"*70, "# BScan.evt_extender_init EXT: #{ext.toString}", "#"*70
+  end  
+  
   def evt_commandline_args args
       init_internals JSON.parse(args[0])
   end
   
+  def get_filtered_issues issues
+    
+    info = get_bool_prop('bscan.ignore_info')
+    low = get_bool_prop('bscan.ignore_low')
+    medium = get_bool_prop('bscan.ignore_medium') 
+    high = get_bool_prop('bscan.ignore_high')
+    
+    return issues if (not (info or low or medium or high))
+    
+    filtered = []  
+    issues.each do |i|
+#      puts "=============ISSUE==================="
+#      puts i
+#      puts i.getSeverity()
+#      i.getClass().methods.each do |m|
+#        p m.getName()
+#      end
+#      puts
+      case i.getSeverity()
+        when 'Information'
+          filtered.push(i) if not info
+        when 'Low'
+          filtered.push(i) if not low
+        when 'Medium'
+          filtered.push(i) if not medium
+        when 'High'
+          filtered.push(i) if not high
+        end
+    end
+    return filtered
+  end
   
+  def gen_report 
+    issues = nil
+    if not @url_prefs
+      issues = @burp_cb.getScanIssues(nil)
+      file = "report.xml"
+      file = @bscan_config['bscan.report_def_name'] if @bscan_config['bscan.report_def_name']
+      file = File.expand_path(File.join(@issues, [file])) if @issues
+      gen_report_params(issues,file)
+    else
+      i=1
+      @url_prefs.each do |url_name| 
+        u, n = url_name.split('|')
+        n = 'pref' + i.to_s if not n
+        i += 1
+        issues = @burp_cb.getScanIssues(u)
+        n = File.expand_path(File.join(@issues, [n])) if @issues
+        gen_report_params(issues,n)  
+      end
+    end
+  end
+  def gen_report_params issues, file
+    io = Java.java.io.File.new(file.to_java(:string))
+    filtered = get_filtered_issues(issues)
+    @burp_cb.generateScanReport("XML".to_java(:string), filtered, io)
+    Log 2, "#"*70, "# BScan.gen_report: #{file} #{io.to_s} #{filtered.to_s}", "#"*70
+ end
   
-  def evt_http_message(tool_name, is_request, message_info)
-    super(tool_name, is_request, message_info)
-    if tool_name == 'Scanner'
-      if is_request
-        Log 2, "#"*70, "# BScan.evt_http_message REQUEST: #{message_info.url.toString}, tool: #{tool_name}", "#"*70
-        Log 3, "BScan.evt_http_message #{message_info.req_str}", ""
-      else
-        Log 2, "# BScan.evt_http_message RESPONSE CODE: #{message_info.statusCode}", ""
-        Log 3, "BScan.evt_http_message #{message_info.rsp_str}", ""
+  def evt_get_action_name
+    Log 2, "# BScan.evt_get_action_name"
+    ret = ''
+    acts = get_action
+    Log 2, "# BScan.evt_get_action_name"
+    ret = acts.join('+') if acts.size > 0
+    ret 
+  end
+ 
+  def evt_perfrom_action  req
+    acts = get_action
+    pars = get_action_params
+    Log 3, "BScan.evt_perform_action #{acts[0]} #{pars[0]}"
+    msg_info = @burp_cb.getHelpers().analyzeRequest(req)
+    msg_body = req.getRequest()[msg_info.getBodyOffset()..-1]
+    i = 0
+    acts.each do |a|
+      par = pars[i] 
+      i++
+      case a
+      when 'add_header'
+        Log 3, "BScan.evt_perform_action #{msg_info.getRequest().to_s} #{a} #{par}"
+        hdrs = msg_info.getHeaders()
+        hdrs.add(par.to_java(:string))
+        msg = @burp_cb.getHelpers().buildHttpMessage(hdrs, msg_body)
+        @burp_cb.issueAlert(@burp_cb.getHelpers().bytesToString(msg))
+        req.setRequest(msg)
       end
     end
-    if tool_name == 'Spider'
-     if not is_request
-        @activity[0] = true
-        https = message_info.getProtocol() == "https" ? true : false
-        Log 2, "BScan.evt_http_message Passively scanning: #{message_info.url.to_string}"
-        do_passive_scan(message_info.getHost(), message_info.getPort(), https, message_info.getRequest(),  message_info.getResponse())
-        if (is_in_scope(message_info.url))
-          Log 2, "BScan.evt_http_message Actively scanning: #{message_info.url.to_string}"
-          isqi = do_active_scan(message_info.getHost(), message_info.getPort(), https, message_info.getRequest(), [])
-          @queue.push(isqi)
-          run_modules self, message_info
+  end
+  
+  def evt_http_message(tool_name, is_request, message_info)
+#    super(tool_name, is_request, message_info)
+    begin
+      Log 3, "BScan.evt_http_message #{tool_name} #{Java.burp.IBurpExtenderCallbacks.TOOL_SPIDER} #{is_request} #{message_info.to_s}"
+      if tool_name == Java.burp.IBurpExtenderCallbacks.TOOL_SCANNER or tool_name == 'scanner'
+        if is_request
+          Log 2, "#"*70, "# BScan.evt_http_message REQUEST: #{message_info.url.toString}, tool: #{tool_name}", "#"*70
+          Log 3, "BScan.evt_http_message #{message_info.getRequest()}", ""
+        else
+          Log 2, "# BScan.evt_http_message RESPONSE CODE: #{message_info.statusCode}", ""
+          Log 3, "BScan.evt_http_message #{message_info.getResponse()}", ""
         end
-     end
-    end  
+      end
+      if tool_name == Java.burp.IBurpExtenderCallbacks.TOOL_SPIDER or tool_name == 'spider'\
+              or tool_name == Java.burp.IBurpExtenderCallbacks.TOOL_PROXY or tool_name == 'proxy'
+       if not is_request
+          @activity[0] = true
+          https = message_info.getProtocol() == "https" ? true : false
+          Log 2, "BScan.evt_http_message Passively scanning: #{message_info.url.to_string}"
+          do_passive_scan(message_info.getHost(), message_info.getPort(), https, message_info.getRequest(),  message_info.getResponse())
+          if (is_in_scope(message_info.url) and not excluded? message_info.url)
+            Log 2, "BScan.evt_http_message Actively scanning: #{message_info.url.to_string}"
+  #          isqi = do_active_scan(message_info.getHost(), message_info.getPort(), https, message_info.getRequest(), [])
+            isqi = do_active_scan(message_info.getHost(), message_info.getPort(), https, message_info.getRequest())
+            @queue.push(isqi)
+            run_modules self, message_info
+          end
+       end
+      end
+     rescue Exception => e
+      Log 0, "BScan.evt_http_message Exception: #{e.message}"
+      Log 0, e.backtrace.join("\n")
+     end  
   end
   
 
   def evt_scan_issue issue
-    super(issue)
+#    super(issue)
 #    Buby::HttpRequestResponseHelper.implant(issue.http_messages)
     write_issue_state issue
   end
@@ -64,10 +183,14 @@ module BScan
   def evt_application_closing
     begin
       Log 2,"BScan.evt_application_closing #{@bscan_config['bscan.smtp.server']} #{@bscan_config['bscan.smtp.to']}"
-      @istream.close if @istream
-      @stat['end_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S") 
-      send_email if @bscan_config['bscan.smtp.server'] and @bscan_config['bscan.smtp.to']
-      @log.close if @log
+      if not @load_config_flag 
+        @istream.close if @istream
+        @stat['end_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S") 
+        send_email if @bscan_config['bscan.smtp.server'] and @bscan_config['bscan.smtp.to']
+        @log.close if @log
+#        exit_suite false
+      end
+      @load_config_flag = false
     rescue Exception => e
       Log 0, "BScan.evt_application_closing Exception: #{e.message}"
       Log 0, e.backtrace.join("\n")
@@ -75,7 +198,8 @@ module BScan
   end
     
   def evt_register_callbacks cb
-    super(cb)
+    #    super(cb)
+    @burp_cb = cb
     @burp ||= self
     begin
       Log 2, "="*30, "BScan.evt_register_callbacks registring, log = #{@cmd_params['logfile']}  ", "="*30 
@@ -84,14 +208,18 @@ module BScan
       @queue ||= []
       @inactivity_to = @bscan_config['bscan.inactivity_to']
       @inactivity_to ||= '30'
+      @max_proxy_time ||= '30'
       @inactivity_to = @inactivity_to.to_i
+      @max_proxy_time = @max_proxy_time.to_i
       # Will exit if @activity = 0  and @queue is empty two times
       if @monitor == nil
         Log 2, "="*30, "BScan.evt_register_callbacks Starting Monitor", "="*30 
         @monitor = Thread.new(@queue, @activity) {|q,a|
           cnt=0;
           while (true) 
-            sleep(@inactivity_to/2)        
+            sleep(@inactivity_to/2)
+            @max_proxy_time -= @inactivity_to/2
+                    
             q.delete_if {|e| e.getPercentageComplete() == 100}
             if q.length == 0 and not a[0] 
               cnt += 1
@@ -99,11 +227,15 @@ module BScan
               cnt = 0
   #            Log 2, "BScan.evt_register_callbacks QUEUE: #{q.length}, Activity: #{a[0]}"
             end
-            if cnt > 1
-  #            Log 2, "BScan.evt_register_callbacks Scanning complete"
-              exit_suite
+            if cnt > 1 
+              Log 2, "BScan.evt_register_callbacks Scanning complete"
+              if @run_proxy
+                gen_report 
+              end
+              exit_suite false
               break
             end
+            Log 2, "BScan.evt_register_callbacks monitor #{@run_proxy} #{@max_proxy_time}"
             a[0] = false
           end
         }
@@ -111,11 +243,19 @@ module BScan
      
       Log 2, '='*30, 'BScan.evt_register_callbacks Params', '='*30
       params = save_config
+ #     params.each_pair {|k,v| Log 2,"#{k}:#{v}:#{v.class}"} # if k =~ /^(scanner|spider)/}
       params['target.scopeinclude0']='**empty**' # burp can store the previous scope somehow, thus need to clean
       @burp_config.each_pair do |k,v|
-        params[k] = v
-      end  
-      load_config params
+        params[k] = v if params[k]
+      end 
+      add_spider_headers(params) 
+      if @cmd_params['burp_config_only']
+        load_config params, @bscan_config['bscan.burp_defaults']
+        exit_suite false
+      else 
+        load_config @burp_config
+      end
+        
       params.each_pair {|k,v| Log 2,"#{k}:#{v}"} # if k =~ /^(scanner|spider)/}
      
 #      run_modules
@@ -123,24 +263,27 @@ module BScan
 
       urls = @bscan_config['bscan.url']
       Log 2, "BScan.evt_register_callbacks urls: #{@modules_only} #{urls}"
-  
-      if not urls
+      
+      
+      if not urls and not @run_proxy
        Log 0, "BScan.evt_register_callbacks No URL's provided in config. Use bscan.url param. Multiple entries are OK"
-       exit_suite 
+       exit_suite false
       end
       
-      urls = [urls] if not urls.kind_of?(Array)
+      urls = [urls] if urls and not urls.kind_of?(Array)
       
-      urls.each do |u|
-        Log 2, "BScan.evt_register_callbacks checking url: #{u}"
-        if not is_in_scope(u)
-          Log 2, "BScan.evt_register_callbacks including url: #{u}"
-          include_in_scope(u)
+      if urls
+        urls.each do |u|
+          Log 2, "BScan.evt_register_callbacks checking url: #{u}"
+          if not is_in_scope(u)
+            Log 2, "BScan.evt_register_callbacks including url: #{u}"
+            include_in_scope(u)
+          end
+          Log 2, "BScan.evt_register_callbacks Sending to spider: #{u}"
+          send_to_spider(u)
         end
-        Log 2, "BScan.evt_register_callbacks Sending to spider: #{u}"
-        send_to_spider(u)
       end
-    end
+  end
   rescue Exception => e
         Log 0, "BScan.evt_register_callbacks Exception: #{e.message}"
         Log 0,  e.backtrace.join("\n")