buby 1.3.0-java → 1.3.1-java

data/VERSION

@@ -1 +1 @@
-1.3.0
+1.3.1

data/buby.gemspec

@@ -5,16 +5,15 @@
 
 Gem::Specification.new do |s|
   s.name = %q{buby}
-  s.version = "1.3.0"
+  s.version = "1.3.1"
   s.platform = %q{java}
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Eric Monti, tduehr"]
-  s.date = %q{2011-06-14}
-  s.default_executable = %q{buby}
+  s.authors = [%q{Eric Monti, tduehr}]
+  s.date = %q{2011-12-05}
   s.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
   s.email = %q{emonti@matasano.com, td@matasano.com}
-  s.executables = ["buby"]
+  s.executables = [%q{buby}]
   s.extra_rdoc_files = [
     "History.txt",
     "README.rdoc",
@@ -50,11 +49,11 @@ Gem::Specification.new do |s|
     "test/buby_test.rb"
   ]
   s.homepage = %q{http://tduehr.github.com/buby}
-  s.rdoc_options = ["--main", "README.rdoc"]
-  s.require_paths = ["lib", "java", "java"]
-  s.rubygems_version = %q{1.5.1}
+  s.rdoc_options = [%q{--main}, %q{README.rdoc}]
+  s.require_paths = [%q{lib}, %q{java}, %q{java}]
+  s.rubygems_version = %q{1.8.6}
   s.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
-  s.test_files = ["test/buby_test.rb"]
+  s.test_files = [%q{test/buby_test.rb}]
 
   if s.respond_to? :specification_version then
     s.specification_version = 3

data/java/src/burp/IBurpExtenderCallbacks.java

@@ -84,6 +84,29 @@ public interface IBurpExtenderCallbacks
             boolean useHttps,
             byte[] request) throws Exception;
 
+
+    /**
+    * This method can be used to send an HTTP request to the Burp Intruder
+    * tool. The request will be displayed in the user interface, and markers
+    * for attack payloads will be placed into the specified locations within
+    * the request.
+    *
+    * @param host The hostname of the remote HTTP server.
+    * @param port The port of the remote HTTP server.
+    * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+    * @param request The full HTTP request.
+    * @param payloadPositionOffsets A list of index pairs representing the
+    * payload positions to be used. Each item in the list must be an int[2]
+    * array containing the start and end offset for the payload position.
+    * @throws java.lang.Exception
+    */
+    public void sendToIntruder(
+        String host,
+        int port,
+        boolean useHttps,
+        byte[] request,
+        List payloadPositionOffsets) throws Exception;
+
     /**
      * This method can be used to send a seed URL to the Burp Spider tool. If 
      * the URL is not within the current Spider scope, the user will be asked 

data/java/src/burp/IHttpRequestResponse.java

@@ -138,4 +138,19 @@ public interface IHttpRequestResponse
      */
     void setComment(String comment) throws Exception;
 
+    /**
+     * Returns the user-annotated highlight for this item, if applicable.
+     *
+     * @return The highlight color for this item, or null if none is set.
+     */
+    String getHighlight() throws Exception;
+
+    /**
+     * Sets the user-annotated highlight for this item.
+     *
+     * @param color The highlight color to be assigned to this item. Accepted
+     * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray.
+     * @throws Exception
+     */
+    void setHighlight(String color) throws Exception;
 }

data/lib/buby.rb

@@ -127,7 +127,7 @@ class Buby
   #  * port = The port of the remote HTTP server.
   #  * https = Flags whether the protocol is HTTPS or HTTP.
   #  * req  = The full HTTP request. (String or Java bytes[])
-  #  * insertionPointOffsets = A list of index pairs representing the
+  #  * ip_off = A list of index pairs representing the
   #  * positions of the insertion points that should be scanned. Each item in
   #  * the list must be an int[2] array containing the start and end offsets
   #  * for the insertion point. *1.4+* only
@@ -210,9 +210,18 @@ class Buby
   #  * port  = The port of the remote HTTP server.
   #  * https = Flags whether the protocol is HTTPS or HTTP.
   #  * req   = The full HTTP request.  (String or Java bytes[])
-  def sendToIntruder(host, port, https, req)
+  #  * ip_off = A list of index pairs representing the
+  #  * positions of the insertion points that should be scanned. Each item in
+  #  * the list must be an int[2] array containing the start and end offsets
+  #  * for the insertion point. *1.4.04+* only
+  #  * 
+  def sendToIntruder(host, port, https, req, ip_off)
     req = req.to_java_bytes if req.is_a? String
-    _check_cb.sendToIntruder(host, port, https, req)
+    if self.getBurpVersion.to_a[1..-1].join(".") < "1.4.04"
+      _check_cb.sendToIntruder(host, port, https, req)
+    else
+      _check_cb.sendToIntruder(host, port, https, req, ip_off)
+    end
   end
   alias send_to_intruder sendToIntruder
   alias intruder sendToIntruder

metadata

@@ -1,87 +1,96 @@
 --- !ruby/object:Gem::Specification 
 name: buby
 version: !ruby/object:Gem::Version 
+  hash: 25
   prerelease: 
-  version: 1.3.0
+  segments: 
+  - 1
+  - 3
+  - 1
+  version: 1.3.1
 platform: java
 authors: 
-  - Eric Monti, tduehr
+- Eric Monti, tduehr
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2011-06-14 00:00:00 -05:00
-default_executable: buby
+date: 2011-12-05 00:00:00 Z
 dependencies: []
 
 description: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
 email: emonti@matasano.com, td@matasano.com
 executables: 
-  - buby
+- buby
 extensions: []
 
 extra_rdoc_files: 
-  - History.txt
-  - README.rdoc
-  - bin/buby
+- History.txt
+- README.rdoc
+- bin/buby
 files: 
-  - History.txt
-  - README.rdoc
-  - Rakefile
-  - VERSION
-  - bin/buby
-  - buby.gemspec
-  - java/buby.jar
-  - java/src/BurpExtender.java
-  - java/src/burp/IBurpExtender.java
-  - java/src/burp/IBurpExtenderCallbacks.java
-  - java/src/burp/IHttpRequestResponse.java
-  - java/src/burp/IMenuItemHandler.java
-  - java/src/burp/IScanIssue.java
-  - java/src/burp/IScanQueueItem.java
-  - lib/buby.rb
-  - lib/buby/extends.rb
-  - lib/buby/extends/buby_array_wrapper.rb
-  - lib/buby/extends/http_request_response.rb
-  - lib/buby/extends/scan_issue.rb
-  - samples/drb_buby.rb
-  - samples/drb_sample_cli.rb
-  - samples/mechanize_burp.rb
-  - samples/menu_copy_req.rb
-  - samples/poc_generator.rb
-  - samples/verb_tamperer.rb
-  - samples/watch_scan.rb
-  - test/buby_test.rb
-has_rdoc: true
+- History.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- bin/buby
+- buby.gemspec
+- java/buby.jar
+- java/src/BurpExtender.java
+- java/src/burp/IBurpExtender.java
+- java/src/burp/IBurpExtenderCallbacks.java
+- java/src/burp/IHttpRequestResponse.java
+- java/src/burp/IMenuItemHandler.java
+- java/src/burp/IScanIssue.java
+- java/src/burp/IScanQueueItem.java
+- lib/buby.rb
+- lib/buby/extends.rb
+- lib/buby/extends/buby_array_wrapper.rb
+- lib/buby/extends/http_request_response.rb
+- lib/buby/extends/scan_issue.rb
+- samples/drb_buby.rb
+- samples/drb_sample_cli.rb
+- samples/mechanize_burp.rb
+- samples/menu_copy_req.rb
+- samples/poc_generator.rb
+- samples/verb_tamperer.rb
+- samples/watch_scan.rb
+- test/buby_test.rb
 homepage: http://tduehr.github.com/buby
 licenses: []
 
 post_install_message: 
 rdoc_options: 
-  - --main
-  - README.rdoc
+- --main
+- README.rdoc
 require_paths: 
-  - lib
-  - java
-  - java
+- lib
+- java
+- java
 required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.5.1
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger
 test_files: 
-  - test/buby_test.rb
+- test/buby_test.rb