buby 1.1.6-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +67 -0
- data/README.rdoc +289 -0
- data/Rakefile +34 -0
- data/bin/buby +108 -0
- data/buby.gemspec +37 -0
- data/java/buby.jar +0 -0
- data/java/src/BurpExtender.java +295 -0
- data/java/src/burp/IBurpExtender.java +136 -0
- data/java/src/burp/IBurpExtenderCallbacks.java +211 -0
- data/java/src/burp/IHttpRequestResponse.java +32 -0
- data/java/src/burp/IScanIssue.java +32 -0
- data/java/src/burp/IScanQueueItem.java +20 -0
- data/lib/buby.rb +772 -0
- data/lib/buby/extends.rb +4 -0
- data/lib/buby/extends/buby_array_wrapper.rb +41 -0
- data/lib/buby/extends/http_request_response.rb +95 -0
- data/lib/buby/extends/scan_issue.rb +36 -0
- data/samples/drb_buby.rb +31 -0
- data/samples/drb_sample_cli.rb +14 -0
- data/samples/mechanize_burp.rb +57 -0
- data/samples/poc_generator.rb +124 -0
- data/samples/verb_tamperer.rb +25 -0
- data/samples/watch_scan.rb +21 -0
- data/spec/buby_spec.rb +7 -0
- data/spec/spec_helper.rb +16 -0
- data/tasks/ann.rake +80 -0
- data/tasks/bones.rake +20 -0
- data/tasks/gem.rake +201 -0
- data/tasks/git.rake +40 -0
- data/tasks/notes.rake +27 -0
- data/tasks/post_load.rake +34 -0
- data/tasks/rdoc.rake +51 -0
- data/tasks/rubyforge.rake +55 -0
- data/tasks/setup.rb +292 -0
- data/tasks/spec.rake +54 -0
- data/tasks/svn.rake +47 -0
- data/tasks/test.rake +40 -0
- data/tasks/zentest.rake +36 -0
- data/test/test_buby.rb +0 -0
- metadata +106 -0
data/buby.gemspec
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{buby}
|
5
|
+
s.version = "1.1.6"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Eric Monti - Matasano Security"]
|
9
|
+
s.date = %q{2009-12-22}
|
10
|
+
s.default_executable = %q{buby}
|
11
|
+
s.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
|
12
|
+
s.email = %q{emonti@matasano.com}
|
13
|
+
s.executables = ["buby"]
|
14
|
+
s.extra_rdoc_files = ["History.txt", "README.rdoc", "bin/buby"]
|
15
|
+
s.files = ["History.txt", "README.rdoc", "Rakefile", "bin/buby", "buby.gemspec", "java/buby.jar", "java/src/BurpExtender.java", "java/src/burp/IBurpExtender.java", "java/src/burp/IBurpExtenderCallbacks.java", "java/src/burp/IHttpRequestResponse.java", "java/src/burp/IScanIssue.java", "java/src/burp/IScanQueueItem.java", "lib/buby.rb", "lib/buby/extends.rb", "lib/buby/extends/buby_array_wrapper.rb", "lib/buby/extends/http_request_response.rb", "lib/buby/extends/scan_issue.rb", "samples/drb_buby.rb", "samples/drb_sample_cli.rb", "samples/mechanize_burp.rb", "samples/poc_generator.rb", "samples/verb_tamperer.rb", "samples/watch_scan.rb", "spec/buby_spec.rb", "spec/spec_helper.rb", "tasks/ann.rake", "tasks/bones.rake", "tasks/gem.rake", "tasks/git.rake", "tasks/notes.rake", "tasks/post_load.rake", "tasks/rdoc.rake", "tasks/rubyforge.rake", "tasks/setup.rb", "tasks/spec.rake", "tasks/svn.rake", "tasks/test.rake", "tasks/zentest.rake", "test/test_buby.rb"]
|
16
|
+
s.homepage = %q{http://emonti.github.com/buby}
|
17
|
+
s.rdoc_options = ["--main", "README.rdoc"]
|
18
|
+
s.require_paths = ["lib", "java"]
|
19
|
+
s.rubyforge_project = %q{buby}
|
20
|
+
s.rubygems_version = %q{1.3.3}
|
21
|
+
s.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
|
22
|
+
s.test_files = ["test/test_buby.rb"]
|
23
|
+
|
24
|
+
s.platform = 'java'
|
25
|
+
if s.respond_to? :specification_version then
|
26
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
27
|
+
s.specification_version = 3
|
28
|
+
|
29
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
30
|
+
s.add_development_dependency(%q<bones>, [">= 2.5.1"])
|
31
|
+
else
|
32
|
+
s.add_dependency(%q<bones>, [">= 2.5.1"])
|
33
|
+
end
|
34
|
+
else
|
35
|
+
s.add_dependency(%q<bones>, [">= 2.5.1"])
|
36
|
+
end
|
37
|
+
end
|
data/java/buby.jar
ADDED
Binary file
|
@@ -0,0 +1,295 @@
|
|
1
|
+
//import javax.annotation.PostConstruct;
|
2
|
+
|
3
|
+
import burp.IBurpExtender;
|
4
|
+
import burp.IBurpExtenderCallbacks;
|
5
|
+
import burp.IScanIssue;
|
6
|
+
import burp.IHttpRequestResponse;
|
7
|
+
|
8
|
+
import org.jruby.*;
|
9
|
+
import org.jruby.javasupport.JavaUtil;
|
10
|
+
import org.jruby.runtime.ThreadContext;
|
11
|
+
import org.jruby.runtime.builtin.IRubyObject;
|
12
|
+
|
13
|
+
/**
|
14
|
+
* This is an implementation of the BurpExtender/IBurpExtender interface
|
15
|
+
* for Burp Suite which provides glue between a Ruby runtime and Burp.
|
16
|
+
*
|
17
|
+
* This is a complete implementation of the Burp Extender interfaces available
|
18
|
+
* as of Burp Suite 1.2/1.2.05
|
19
|
+
*/
|
20
|
+
public class BurpExtender implements IBurpExtender {
|
21
|
+
public final static String INIT_METH = "evt_extender_init";
|
22
|
+
public final static String PROXYMSG_METH = "evt_proxy_message_raw";
|
23
|
+
public final static String HTTPMSG_METH = "evt_http_message";
|
24
|
+
public final static String SCANISSUE_METH = "evt_scan_issue";
|
25
|
+
public final static String MAINARGS_METH = "evt_commandline_args";
|
26
|
+
public final static String REG_METH = "evt_register_callbacks";
|
27
|
+
public final static String CLOSE_METH = "evt_application_closing";
|
28
|
+
|
29
|
+
// Internal reference to hold the ruby Burp handler
|
30
|
+
private static IRubyObject r_obj = null;
|
31
|
+
|
32
|
+
/**
|
33
|
+
* Sets an internal reference to the ruby handler class or module to use
|
34
|
+
* for proxied BurpExtender events into a ruby runtime.
|
35
|
+
*
|
36
|
+
* Generally, this should probably be called before burp.StartBurp.main.
|
37
|
+
* However, it is also possible to set this afterwards and even swap in
|
38
|
+
* new objects during runtime.
|
39
|
+
*/
|
40
|
+
public static void set_handler(IRubyObject hnd) { r_obj = hnd; }
|
41
|
+
|
42
|
+
/**
|
43
|
+
* Returns the internal Ruby handler reference.
|
44
|
+
*
|
45
|
+
* The handler is the ruby class or module used for proxying BurpExtender
|
46
|
+
* events into a ruby runtime.
|
47
|
+
*/
|
48
|
+
public static IRubyObject get_handler() { return r_obj; }
|
49
|
+
|
50
|
+
|
51
|
+
/**
|
52
|
+
* This constructor is invoked from Burp's extender framework.
|
53
|
+
*
|
54
|
+
* This implementation invokes the <code>INIT_METH</code> method
|
55
|
+
* from the Ruby handler object if one is defined passing it Ruby
|
56
|
+
* usable reference to the instance.
|
57
|
+
*
|
58
|
+
*/
|
59
|
+
public BurpExtender() {
|
60
|
+
if (r_obj !=null && r_obj.respondsTo(INIT_METH))
|
61
|
+
r_obj.callMethod(ctx(r_obj), INIT_METH, to_ruby(rt(r_obj), this));
|
62
|
+
}
|
63
|
+
|
64
|
+
|
65
|
+
/**
|
66
|
+
* This method is invoked immediately after the implementation's constructor
|
67
|
+
* to pass any command-line arguments that were passed to Burp Suite on
|
68
|
+
* startup.
|
69
|
+
*
|
70
|
+
* This implementation invokes the method defined by
|
71
|
+
* <code>MAINARGS_METH</code> in the Ruby handler if both the handler
|
72
|
+
* and its ruby method are defined.
|
73
|
+
*
|
74
|
+
* It allows Ruby implementations to control aspects of their behaviour at
|
75
|
+
* runtime by defining their own command-line arguments.
|
76
|
+
*
|
77
|
+
* WARNING: Burp appears to have a bug (as of 1.2 and 1.2.05) which causes
|
78
|
+
* Burp to exit immediately if arguments are supplied regardless whether
|
79
|
+
* this handler is used.
|
80
|
+
*
|
81
|
+
* @param args The command-line arguments passed to Burp Suite on startup.
|
82
|
+
*/
|
83
|
+
public void setCommandLineArgs(String[] args) {
|
84
|
+
if(r_obj != null && r_obj.respondsTo(MAINARGS_METH))
|
85
|
+
r_obj.callMethod(ctx(r_obj), MAINARGS_METH, to_ruby(rt(r_obj), args));
|
86
|
+
}
|
87
|
+
|
88
|
+
/**
|
89
|
+
* This method is invoked on startup. It registers an instance of the
|
90
|
+
* <code>burp.IBurpExtenderCallbacks</code> interface, providing methods
|
91
|
+
* that may be invoked by the implementation to perform various actions.
|
92
|
+
*
|
93
|
+
* The call to registerExtenderCallbacks need not return, and
|
94
|
+
* implementations may use the invoking thread for any purpose.<p>
|
95
|
+
*
|
96
|
+
* This implementation simply passes a ruby-usable "callbacks" instance to
|
97
|
+
* the Ruby handler using the method defined by <code>REG_METH</code> if
|
98
|
+
* both the handler and its ruby method are defined.
|
99
|
+
*
|
100
|
+
* @param callbacks An implementation of the
|
101
|
+
* <code>IBurpExtenderCallbacks</code> interface.
|
102
|
+
*/
|
103
|
+
public void registerExtenderCallbacks(IBurpExtenderCallbacks cb) {
|
104
|
+
if(r_obj != null && r_obj.respondsTo(REG_METH)) {
|
105
|
+
cb.issueAlert("[BurpExtender] registering JRuby handler callbacks");
|
106
|
+
r_obj.callMethod(ctx(r_obj), REG_METH, to_ruby(rt(r_obj), cb));
|
107
|
+
}
|
108
|
+
}
|
109
|
+
|
110
|
+
/**
|
111
|
+
* This method is invoked by Burp Proxy whenever a client request or server
|
112
|
+
* response is received.
|
113
|
+
*
|
114
|
+
* This implementation simply passes all arguments to the Ruby handler's
|
115
|
+
* method defined by <code>PROXYMSG_METH</code> if both the handler and
|
116
|
+
* its ruby method are defined.
|
117
|
+
*
|
118
|
+
* This allows Ruby implementations to perform logging functions, modify
|
119
|
+
* the message, specify an action (intercept, drop, etc.) and perform any
|
120
|
+
* other arbitrary processing.
|
121
|
+
*
|
122
|
+
* @param messageReference An identifier which is unique to a single
|
123
|
+
* request/response pair. This can be used to correlate details of requests
|
124
|
+
* and responses and perform processing on the response message accordingly.
|
125
|
+
* @param messageIsRequest Flags whether the message is a client request or
|
126
|
+
* a server response.
|
127
|
+
* @param remoteHost The hostname of the remote HTTP server.
|
128
|
+
* @param remotePort The port of the remote HTTP server.
|
129
|
+
* @param serviceIsHttps Flags whether the protocol is HTTPS or HTTP.
|
130
|
+
* @param httpMethod The method verb used in the client request.
|
131
|
+
* @param url The requested URL.
|
132
|
+
* @param resourceType The filetype of the requested resource, or a
|
133
|
+
* zero-length string if the resource has no filetype.
|
134
|
+
* @param statusCode The HTTP status code returned by the server. This value
|
135
|
+
* is <code>null</code> for request messages.
|
136
|
+
* @param responseContentType The content-type string returned by the
|
137
|
+
* server. This value is <code>null</code> for request messages.
|
138
|
+
* @param message The full HTTP message.
|
139
|
+
* @param action An array containing a single integer, allowing the
|
140
|
+
* implementation to communicate back to Burp Proxy a non-default
|
141
|
+
* interception action for the message. The default value is
|
142
|
+
* <code>ACTION_FOLLOW_RULES</code>. Set <code>action[0]</code> to one of
|
143
|
+
* the other possible values to perform a different action.
|
144
|
+
* @return Implementations should return either (a) the same object received
|
145
|
+
* in the <code>message</code> paramater, or (b) a different object
|
146
|
+
* containing a modified message.
|
147
|
+
*/
|
148
|
+
public byte[] processProxyMessage(
|
149
|
+
int messageReference,
|
150
|
+
boolean messageIsRequest,
|
151
|
+
String remoteHost,
|
152
|
+
int remotePort,
|
153
|
+
boolean serviceIsHttps,
|
154
|
+
String httpMethod,
|
155
|
+
String url,
|
156
|
+
String resourceType,
|
157
|
+
String statusCode,
|
158
|
+
String responseContentType,
|
159
|
+
byte[] message,
|
160
|
+
int[] action )
|
161
|
+
{
|
162
|
+
|
163
|
+
if (r_obj != null && r_obj.respondsTo(PROXYMSG_METH)) {
|
164
|
+
Ruby rt = rt(r_obj);
|
165
|
+
// prepare an alternate action value to present to ruby
|
166
|
+
IRubyObject r_action = to_ruby(rt, action);
|
167
|
+
|
168
|
+
// prepare an alternate String message value to present to ruby
|
169
|
+
//String message_str = new String(message);
|
170
|
+
//IRubyObject r_msg = to_ruby(rt, message_str);
|
171
|
+
|
172
|
+
IRubyObject pxy_msg[] = {
|
173
|
+
to_ruby(rt, messageReference),
|
174
|
+
to_ruby(rt, messageIsRequest),
|
175
|
+
to_ruby(rt, remoteHost),
|
176
|
+
to_ruby(rt, remotePort),
|
177
|
+
to_ruby(rt, serviceIsHttps),
|
178
|
+
to_ruby(rt, httpMethod),
|
179
|
+
to_ruby(rt, url),
|
180
|
+
to_ruby(rt, resourceType),
|
181
|
+
to_ruby(rt, statusCode),
|
182
|
+
to_ruby(rt, responseContentType),
|
183
|
+
//r_msg,
|
184
|
+
to_ruby(rt, message),
|
185
|
+
r_action
|
186
|
+
};
|
187
|
+
|
188
|
+
// slurp back in the action value in-case it's been changed
|
189
|
+
action[0] = ((int[]) JavaUtil.convertRubyToJava(r_action))[0];
|
190
|
+
|
191
|
+
IRubyObject ret = r_obj.callMethod(ctx(r_obj), PROXYMSG_METH, pxy_msg);
|
192
|
+
//if(ret != r_msg)
|
193
|
+
// return ((RubyString) ret).getBytes();
|
194
|
+
}
|
195
|
+
|
196
|
+
return message;
|
197
|
+
}
|
198
|
+
|
199
|
+
/**
|
200
|
+
* Added in Burp 1.2.09
|
201
|
+
* No javadoc yet but here's what the PortSwigger dev blog has to say:
|
202
|
+
*
|
203
|
+
* The processHttpMessage method is invoked whenever any of Burp's tools
|
204
|
+
* makes an HTTP request or receives a response. This is effectively a
|
205
|
+
* generalised version of the existing processProxyMessage method, and
|
206
|
+
* can be used to intercept and modify the HTTP traffic of all Burp
|
207
|
+
* tools.
|
208
|
+
*/
|
209
|
+
public void processHttpMessage(
|
210
|
+
String toolName,
|
211
|
+
boolean messageIsRequest,
|
212
|
+
IHttpRequestResponse messageInfo )
|
213
|
+
{
|
214
|
+
if (r_obj != null && r_obj.respondsTo(HTTPMSG_METH)) {
|
215
|
+
Ruby rt = rt(r_obj);
|
216
|
+
IRubyObject http_msg[] = {
|
217
|
+
to_ruby(rt, toolName),
|
218
|
+
to_ruby(rt, messageIsRequest),
|
219
|
+
to_ruby(rt, messageInfo)
|
220
|
+
};
|
221
|
+
|
222
|
+
r_obj.callMethod(ctx(r_obj), HTTPMSG_METH, http_msg);
|
223
|
+
}
|
224
|
+
}
|
225
|
+
|
226
|
+
/**
|
227
|
+
* Added in Burp 1.2.09
|
228
|
+
*
|
229
|
+
* The newScanIssue method is invoked whenever Burp Scanner discovers a
|
230
|
+
* new, unique issue, and can be used to perform customised reporting or
|
231
|
+
* logging of issues.
|
232
|
+
*/
|
233
|
+
public void newScanIssue(IScanIssue issue) {
|
234
|
+
if (r_obj != null && r_obj.respondsTo(SCANISSUE_METH))
|
235
|
+
r_obj.callMethod(ctx(r_obj), SCANISSUE_METH, to_ruby(rt(r_obj), issue));
|
236
|
+
}
|
237
|
+
|
238
|
+
|
239
|
+
/**
|
240
|
+
* This method is invoked immediately before Burp Suite exits.
|
241
|
+
* This implementation simply invokes the Ruby handler's method defined
|
242
|
+
* by <code>CLOSE_METH</code> if both the handler and its ruby method are
|
243
|
+
* defined.
|
244
|
+
*
|
245
|
+
* This allows implementations to carry out any clean-up actions necessary
|
246
|
+
* (e.g. flushing log files or closing database resources, etc.).
|
247
|
+
*/
|
248
|
+
public void applicationClosing() {
|
249
|
+
if (r_obj != null && r_obj.respondsTo(CLOSE_METH))
|
250
|
+
r_obj.callMethod(ctx(r_obj), CLOSE_METH);
|
251
|
+
}
|
252
|
+
|
253
|
+
// Private method to return the ThreadContext for a given ruby object.
|
254
|
+
// This is used in the various event proxies
|
255
|
+
private ThreadContext ctx(IRubyObject obj) {
|
256
|
+
return rt(obj).getThreadService().getCurrentContext();
|
257
|
+
}
|
258
|
+
|
259
|
+
// Private method to return the ruby runtime for a given ruby object.
|
260
|
+
// This is used in the various event proxies
|
261
|
+
private Ruby rt(IRubyObject obj) {
|
262
|
+
return obj.getRuntime();
|
263
|
+
}
|
264
|
+
|
265
|
+
// private method to transfer arbitrary java objects into a ruby runtime.
|
266
|
+
// This is used in the various event proxies to pass arguments to the
|
267
|
+
// ruby handler object.
|
268
|
+
private IRubyObject to_ruby(Ruby rt, Object obj) {
|
269
|
+
return JavaUtil.convertJavaToUsableRubyObject(rt, obj);
|
270
|
+
}
|
271
|
+
|
272
|
+
/**
|
273
|
+
* Causes Burp Proxy to follow the current interception rules to determine
|
274
|
+
* the appropriate action to take for the message.
|
275
|
+
*/
|
276
|
+
public final static int ACTION_FOLLOW_RULES = 0;
|
277
|
+
|
278
|
+
/**
|
279
|
+
* Causes Burp Proxy to present the message to the user for manual
|
280
|
+
* review or modification.
|
281
|
+
*/
|
282
|
+
public final static int ACTION_DO_INTERCEPT = 1;
|
283
|
+
|
284
|
+
/**
|
285
|
+
* Causes Burp Proxy to forward the message to the remote server or client.
|
286
|
+
*/
|
287
|
+
public final static int ACTION_DONT_INTERCEPT = 2;
|
288
|
+
|
289
|
+
/**
|
290
|
+
* Causes Burp Proxy to drop the message and close the client connection.
|
291
|
+
*/
|
292
|
+
public final static int ACTION_DROP = 3;
|
293
|
+
|
294
|
+
}
|
295
|
+
|
@@ -0,0 +1,136 @@
|
|
1
|
+
package burp;
|
2
|
+
|
3
|
+
/*
|
4
|
+
* @(#)IBurpExtender.java
|
5
|
+
*
|
6
|
+
* Copyright 2008 PortSwigger Ltd. All rights reserved.
|
7
|
+
* Use is subject to license terms - see http://portswigger.net/
|
8
|
+
*/
|
9
|
+
|
10
|
+
/**
|
11
|
+
* This interface allows third-party code to extend Burp Suite's functionality.
|
12
|
+
*
|
13
|
+
* Implementations must be called BurpExtender, in the package burp,
|
14
|
+
* must be declared public, and must provide a default (public, no-argument)
|
15
|
+
* constructor. On startup, Burp Suite searches its classpath for the class
|
16
|
+
* burp.BurpExtender, and attempts to dynamically load and instantiate this
|
17
|
+
* class. The <code>IBurpExtender</code> methods implemented will then be
|
18
|
+
* dynamically invoked as appropriate.<p>
|
19
|
+
*
|
20
|
+
* Partial implementations are acceptable. The class will be used provided at
|
21
|
+
* least one of the interface's methods is implemented.<p>
|
22
|
+
*
|
23
|
+
* To make use of the interface, create a class called BurpExtender, in the
|
24
|
+
* package burp, which implements one or more methods of the interface, and
|
25
|
+
* place this into the application's classpath at startup. For example, if
|
26
|
+
* Burp Suite is loaded from burp.jar, and BurpProxyExtender.jar contains the
|
27
|
+
* class burp.BurpExtender, use the following command to launch Burp Suite and
|
28
|
+
* load the IBurpExtender implementation:<p>
|
29
|
+
*
|
30
|
+
* <PRE>
|
31
|
+
* java -classpath burp.jar;BurpProxyExtender.jar burp.StartBurp
|
32
|
+
* </PRE>
|
33
|
+
*/
|
34
|
+
|
35
|
+
public interface IBurpExtender
|
36
|
+
{
|
37
|
+
/**
|
38
|
+
* This method is invoked immediately after the implementation's constructor
|
39
|
+
* to pass any command-line arguments that were passed to Burp Suite on
|
40
|
+
* startup. It allows implementations to control aspects of their behaviour
|
41
|
+
* at runtime by defining their own command-line arguments.
|
42
|
+
*
|
43
|
+
* @param args The command-line arguments passed to Burp Suite on startup.
|
44
|
+
*/
|
45
|
+
public void setCommandLineArgs(String[] args);
|
46
|
+
|
47
|
+
|
48
|
+
/**
|
49
|
+
* This method is invoked by Burp Proxy whenever a client request or server
|
50
|
+
* response is received. It allows implementations to perform logging
|
51
|
+
* functions, modify the message, specify an action (intercept, drop, etc.)
|
52
|
+
* and perform any other arbitrary processing.
|
53
|
+
*
|
54
|
+
* @param messageReference An identifier which is unique to a single
|
55
|
+
* request/response pair. This can be used to correlate details of requests
|
56
|
+
* and responses and perform processing on the response message accordingly.
|
57
|
+
* @param messageIsRequest Flags whether the message is a client request or
|
58
|
+
* a server response.
|
59
|
+
* @param remoteHost The hostname of the remote HTTP server.
|
60
|
+
* @param remotePort The port of the remote HTTP server.
|
61
|
+
* @param serviceIsHttps Flags whether the protocol is HTTPS or HTTP.
|
62
|
+
* @param httpMethod The method verb used in the client request.
|
63
|
+
* @param url The requested URL.
|
64
|
+
* @param resourceType The filetype of the requested resource, or a
|
65
|
+
* zero-length string if the resource has no filetype.
|
66
|
+
* @param statusCode The HTTP status code returned by the server. This value
|
67
|
+
* is <code>null</code> for request messages.
|
68
|
+
* @param responseContentType The content-type string returned by the
|
69
|
+
* server. This value is <code>null</code> for request messages.
|
70
|
+
* @param message The full HTTP message.
|
71
|
+
* @param action An array containing a single integer, allowing the
|
72
|
+
* implementation to communicate back to Burp Proxy a non-default
|
73
|
+
* interception action for the message. The default value is
|
74
|
+
* <code>ACTION_FOLLOW_RULES</code>. Set <code>action[0]</code> to one of
|
75
|
+
* the other possible values to perform a different action.
|
76
|
+
* @return Implementations should return either (a) the same object received
|
77
|
+
* in the <code>message</code> paramater, or (b) a different object
|
78
|
+
* containing a modified message.
|
79
|
+
*/
|
80
|
+
public byte[] processProxyMessage(
|
81
|
+
int messageReference,
|
82
|
+
boolean messageIsRequest,
|
83
|
+
String remoteHost,
|
84
|
+
int remotePort,
|
85
|
+
boolean serviceIsHttps,
|
86
|
+
String httpMethod,
|
87
|
+
String url,
|
88
|
+
String resourceType,
|
89
|
+
String statusCode,
|
90
|
+
String responseContentType,
|
91
|
+
byte[] message,
|
92
|
+
int[] action);
|
93
|
+
|
94
|
+
/**
|
95
|
+
* Causes Burp Proxy to follow the current interception rules to determine
|
96
|
+
* the appropriate action to take for the message.
|
97
|
+
*/
|
98
|
+
public final static int ACTION_FOLLOW_RULES = 0;
|
99
|
+
/**
|
100
|
+
* Causes Burp Proxy to present the message to the user for manual
|
101
|
+
* review or modification.
|
102
|
+
*/
|
103
|
+
public final static int ACTION_DO_INTERCEPT = 1;
|
104
|
+
/**
|
105
|
+
* Causes Burp Proxy to forward the message to the remote server or client.
|
106
|
+
*/
|
107
|
+
public final static int ACTION_DONT_INTERCEPT = 2;
|
108
|
+
/**
|
109
|
+
* Causes Burp Proxy to drop the message and close the client connection.
|
110
|
+
*/
|
111
|
+
public final static int ACTION_DROP = 3;
|
112
|
+
|
113
|
+
|
114
|
+
|
115
|
+
/**
|
116
|
+
* This method is invoked on startup. It registers an instance of the
|
117
|
+
* <code>IBurpExtenderCallbacks</code> interface, providing methods that
|
118
|
+
* may be invoked by the implementation to perform various actions.
|
119
|
+
*
|
120
|
+
* The call to registerExtenderCallbacks need not return, and
|
121
|
+
* implementations may use the invoking thread for any purpose.<p>
|
122
|
+
*
|
123
|
+
* @param callbacks An implementation of the
|
124
|
+
* <code>IBurpExtenderCallbacks</code> interface.
|
125
|
+
*/
|
126
|
+
public void registerExtenderCallbacks(burp.IBurpExtenderCallbacks callbacks);
|
127
|
+
|
128
|
+
|
129
|
+
|
130
|
+
/**
|
131
|
+
* This method is invoked immediately before Burp Suite exits.
|
132
|
+
* It allows implementations to carry out any clean-up actions necessary
|
133
|
+
* (e.g. flushing log files or closing database resources).
|
134
|
+
*/
|
135
|
+
public void applicationClosing();
|
136
|
+
}
|