buby 1.3.3-java → 1.5.0-java

data/lib/buby/message_editor_controller.rb

@@ -0,0 +1,41 @@
+class Buby
+  # This interface is used by an +IMessageEditor+ to obtain details about the
+  # currently displayed message. Extensions that create instances of Burp's HTTP
+  # message editor can optionally provide an implementation of
+  # +IMessageEditorController+, which the editor will invoke when it requires
+  # further information about the current message (for example, to send it to
+  # another Burp tool). Extensions that provide custom editor tabs via an
+  # +IMessageEditorTabFactory+ will receive a reference to an
+  # +IMessageEditorController+ object for each tab instance they generate, which
+  # the tab can invoke if it requires further information about the current
+  # message.
+  #
+  class MessageEditorController
+    include Java::Burp::IMessageEditorController
+
+    # This method is used to retrieve the HTTP service for the current message.
+    #
+    # @return [IHttpService] The HTTP service for the current message.
+    #
+    # @abstract
+    def getHttpService; raise NotImplementedError; end
+
+    # This method is used to retrieve the HTTP request associated with the
+    # current message (which may itself be a response).
+    #
+    # @return [Array<byte>] The HTTP request associated with the current
+    #   message.
+    #
+    # @abstract
+    def getRequest; raise NotImplementedError; end
+
+    # This method is used to retrieve the HTTP response associated with the
+    # current message (which may itself be a request).
+    #
+    # @return [Array<byte>] The HTTP response associated with the current
+    #   message.
+    #
+    # @abstract
+    def getResponse; raise NotImplementedError; end
+  end
+end

data/lib/buby/message_editor_tab.rb

@@ -0,0 +1,98 @@
+class Buby
+  # Extensions that register an +IMessageEditorTabFactory+ must return instances
+  # of this interface, which Burp will use to create custom tabs within its HTTP
+  # message editors.
+  #
+  # @abstract
+  # @todo voodoo method wrapping
+  class MessageEditorTab
+    include Java::Burp::IMessageEditorTab
+    include Java::Burp::IMessageEditorTabFactory
+    
+    attr_accessor :controller, :editable
+    # (see Buby::MessageEditorTabFactory#createNewInstance)
+    def initialize controller, editable
+      @controller = controller
+      @editable = editable
+    end
+
+    # (see Buby::MessageEditorTabFactory#createNewInstance)
+    def self.createNewInstance controller, editable
+      self.new controller, editable
+    end
+
+    # This method returns the caption that should appear on the custom tab
+    # when it is displayed.
+    # @note Burp invokes this method once when the tab is first generated, and
+    #   the same caption will be used every time the tab is displayed.
+    #
+    # @return [String] The caption that should appear on the custom tab when
+    #   it is displayed.
+    #
+    def getTabCaption; self.class.name; end
+
+    # This method returns the component that should be used as the contents of
+    # the custom tab when it is displayed.
+    # @note Burp invokes this method once when the tab is first generated, and
+    #   the same component will be used every time the tab is displayed.
+    #
+    # @return The component that should be used as the contents of the custom
+    #   tab when it is displayed.
+    #
+    def getUiComponent; raise NotImplementedError; end
+
+    # The hosting editor will invoke this method before it displays a new HTTP
+    # message, so that the custom tab can indicate whether it should be
+    # enabled for that message.
+    #
+    # @param [Array<byte>] content The message that is about to be displayed.
+    # @param [Boolean] isRequest Indicates whether the message is a request or
+    #   a response.
+    # @return [Boolean] The method should return +true+ if the custom tab is
+    #   able to handle the specified message, and so will be displayed within
+    #   the editor. Otherwise, the tab will be hidden while this message is
+    #   displayed.
+    #
+    def isEnabled(content, isRequest)
+      content = String.from_java_bytes content
+      raise NotImplementedError
+    end
+
+    # The hosting editor will invoke this method to display a new message or
+    # to clear the existing message. This method will only be called with a
+    # new message if the tab has already returned +true+ to a call to
+    # {#isEnabled} with the same message details.
+    #
+    # @param [Array<byte>] content The message that is to be displayed, or
+    #   +nil+ if the tab should clear its contents and disable any editable
+    #   controls.
+    # @param [Boolean] isRequest Indicates whether the message is a request or
+    #   a response.
+    #
+    def setMessage(content, isRequest); raise NotImplementedError; end
+
+    # This method returns the currently displayed message.
+    #
+    # @return [Array<byte>] The currently displayed message.
+    #
+    def getMessage; raise NotImplementedError; end
+
+    # This method is used to determine whether the currently displayed message
+    # has been modified by the user. The hosting editor will always call
+    # {#getMessage} before calling this method, so any pending edits should be
+    # completed within {#getMessage}.
+    #
+    # @return [Boolean] The method should return +true+ if the user has
+    #   modified the current message since it was first displayed.
+    #
+    def isModified; raise NotImplementedError; end
+
+    # This method is used to retrieve the data that is currently selected by
+    # the user.
+    #
+    # @return [Array<byte>] The data that is currently selected by the user.
+    #   This may be +nil+ if no selection is currently made.
+    #
+    def getSelectedData; raise NotImplementedError; end
+  end
+end

data/lib/buby/message_editor_tab_factory.rb

@@ -0,0 +1,28 @@
+class Buby
+  # Extensions can implement this interface and then call
+  # {Buby#registerMessageEditorTabFactory} to register a factory for custom
+  # message editor tabs. This allows extensions to provide custom rendering or
+  # editing of HTTP messages, within Burp's own HTTP editor.
+  #
+  # @abstract
+  class MessageEditorTabFactory
+    include Java::Burp::IMessageEditorTabFactory
+
+    # Burp will call this method once for each HTTP message editor, and the
+    # factory should provide a new instance of an +IMessageEditorTab+ object.
+    #
+    # @param [IMessageEditorController] controller An object which the new tab
+    #   can query to retrieve details about the currently displayed message.
+    #   This may be +nil+ for extension-invoked message editors where the
+    #   extension has not provided an editor controller.
+    # @param [Boolean] editable Indicates whether the hosting editor is editable
+    #   or read-only.
+    # @return [IMessageEditorTab] A new tab for use within the message editor.
+    #
+    # @abstract subclass and call super
+    def createNewInstance(controller, editable)
+      Buby::Implants::MessageEditorController.implant controller
+      nil
+    end
+  end
+end

data/lib/buby/parameter/base.rb

@@ -0,0 +1,40 @@
+class Buby
+  module Parameter
+    class Base
+      include Java::Burp::IParameter
+      attr_accessor :name, :value
+      # @overload initialize
+      #   Create an empty instance
+      #   @param [void]
+      # @overload initialize(hash)
+      #   @param [Hash] hash name set to key, value set to value
+      # @overload initialize(name, value)
+      #   @param [String] name
+      #   @param [String] value
+      # @overload initialize(name, value, type)
+      #   @param [String] name
+      #   @param [String] value
+      #   @param [Fixnum] type
+      # 
+      def initialize *args
+        raise ArgumentError, "#{args.size} for 0..3" if args.size > 3
+        case args.size
+        when 0
+        when 1
+          hsh = args.first
+          @name = hsh[:name] || hsh['name']
+          @value = hsh[:value] || hsh['value']
+        when 2, 3
+          @name, @value, @type = args
+        end
+      end
+      def getType; @type.to_i; end
+      def getName; @name;   end
+      def getValue; @value; end
+      def getNameStart; -1; end
+      def getNameEnd;   -1; end
+      def getValueEnd;  -1; end
+      def getValueStart;-1; end
+    end
+  end
+end

data/lib/buby/parameter/body.rb

@@ -0,0 +1,7 @@
+class Buby
+  module Parameter
+    class Body < Base
+      def getType; PARAM_BODY; end
+    end
+  end
+end

data/lib/buby/parameter/cookie.rb

@@ -0,0 +1,7 @@
+class Buby
+  module Parameter
+    class Cookie < Base
+      def getType; PARAM_COOKIE; end
+    end
+  end
+end

data/lib/buby/parameter/url.rb

@@ -0,0 +1,7 @@
+class Buby
+  module Parameter
+    class Url < Base
+      def getType; PARAM_URL; end
+    end
+  end
+end

data/lib/buby/parameter.rb

@@ -0,0 +1,15 @@
+class Buby
+  module Parameter
+    autoload :Base, 'buby/parameter/base'
+    autoload :Url, 'buby/parameter/url'
+    autoload :Body, 'buby/parameter/body'
+    autoload :Cookie, 'buby/parameter/cookie'
+    PARAM_URL = 0
+    PARAM_BODY = 1
+    PARAM_COOKIE = 2
+    PARAM_XML = 3
+    PARAM_XML_ATTR = 4
+    PARAM_MULTIPART_ATTR = 5
+    PARAM_JSON = 6
+  end
+end

data/lib/buby/proxy_listener.rb

@@ -0,0 +1,26 @@
+class Buby
+  # Extensions can implement this interface and then call
+  # {Buby#registerHttpListener} to register a Proxy listener. The listener will
+  # be notified of requests and responses being processed by the Proxy tool.
+  # Extensions can perform custom analysis or modification of these messages,
+  # and control in-UI message interception, by registering a proxy listener.
+  #
+  class ProxyListener
+    include Java::Burp::IProxyListener
+    # This method is invoked when an HTTP message is being processed by the
+    # Proxy.
+    #
+    # @param [Boolean] messageIsRequest Indicates whether the HTTP message is a
+    #   request or a response.
+    # @param [IInterceptedProxyMessage] message An +IInterceptedProxyMessage+
+    #   object that extensions can use to query and update details of the
+    #   message, and control whether the message should be intercepted and
+    #   displayed to the user for manual review or modification.
+    # @return [void]
+    #
+    def processProxyMessage(messageIsRequest, message)
+      pp [:got_processProxyMessage] if $debug
+      Buby::Implants::InterceptedProxyMessage.implant message
+    end
+  end
+end

data/lib/buby/scan_issue.rb

@@ -0,0 +1,112 @@
+require 'uri'
+
+class Buby
+  # This interface is used to retrieve details of Scanner issues. Extensions can
+  # obtain details of issues by registering an +IScannerListener+ or by calling
+  # {Buby#getScanIssues}. Extensions can also add custom Scanner issues by
+  # registering an +IScannerCheck+ or calling {Buby#addScanIssue}, and providing
+  # their own implementations of this interface
+  #
+  class ScanIssue
+    include Java::Burp::IScanIssue
+
+    attr_accessor :uri, :name, :type, :severity, :confidence, :ibackground
+    attr_accessor :rbackground, :idetail, :rdetail, :messages, :service
+
+    # @param [Hash] hash
+    def initialize hash
+      @uri = hash[:uri].kind_of?(URI) ? hash[:uri] : hash[:uri].to_s
+      @name = hash[:name]
+      @type = hash[:type]
+      @severity = hash[:severity]
+      @confidence = hash[:confidence]
+      @ibackground = hash[:ibackground]
+      @rbackground = hash[:rbackground]
+      @idetail = hash[:idetail]
+      @rdetail = hash[:rdetail]
+      @messages = hash[:messages]
+      @service = hash[:service]
+    end
+
+    # This method returns the URL for which the issue was generated.
+    #
+    # @return [Java::JavaNet::URL] The URL for which the issue was generated.
+    #
+    def getUrl; Java::JavaNet::URL.new @uri.to_s; end
+
+    # This method returns the name of the issue type.
+    #
+    # @return [String] The name of the issue type (e.g. "SQL injection").
+    #
+    def getIssueName; @name; end
+
+    # This method returns a numeric identifier of the issue type. See the Burp
+    # Scanner help documentation for a listing of all the issue types.
+    #
+    # @return [Fixnum] A numeric identifier of the issue type.
+    #
+    def getIssueType; @type; end
+
+    # This method returns the issue severity level.
+    #
+    # @return [String] The issue severity level. Expected values are "High",
+    #   "Medium", "Low", "Information" or "False positive".
+    #
+    #
+    def getSeverity; @severity; end
+
+    # This method returns the issue confidence level.
+    #
+    # @return [String] The issue confidence level. Expected values are
+    #   "Certain", "Firm" or "Tentative".
+    #
+    def getConfidence; @confidence; end
+
+    # This method returns a background description for this type of issue.
+    #
+    # @return [String] A background description for this type of issue, or +nil+
+    #   if none applies.
+    #
+    def getIssueBackground; @ibackground; end
+
+    # This method returns a background description of the remediation for this
+    # type of issue.
+    #
+    # @return [String] A background description of the remediation for this type
+    #   of issue, or +nil+ if none applies.
+    #
+    def getRemediationBackground; @rbackground; end
+
+    # This method returns detailed information about this specific instance of
+    # the issue.
+    #
+    # @return [String] Detailed information about this specific instance of the
+    #   issue, or +nil+ if none applies.
+    #
+    def getIssueDetail; @idetail; end
+
+    # This method returns detailed information about the remediation for this
+    # specific instance of the issue.
+    #
+    # @return Detailed information about the remediation for this specific
+    #   instance of the issue, or +nil+ if none applies.
+    #
+    def getRemediationDetail; @rdetail; end
+
+    # This method returns the HTTP messages on the basis of which the issue was
+    # generated.
+    #
+    # @return The HTTP messages on the basis of which the issue was generated.
+    # @note The items in this array should be instances of
+    #   +IHttpRequestResponseWithMarkers+ if applicable, so that details of the
+    #   relevant portions of the request and response messages are available.
+    #
+    def getHttpMessages; @messages; end
+
+    # This method returns the HTTP service for which the issue was generated.
+    #
+    # @return The HTTP service for which the issue was generated.
+    #
+    def getHttpService; @service; end
+  end
+end

data/lib/buby/scanner_check.rb

@@ -0,0 +1,84 @@
+class Buby
+  # Extensions can implement this interface and then call
+  # {Buby#registerScannerCheck} to register a custom Scanner check. When
+  # performing scanning, Burp will ask the check to perform active or passive
+  # scanning on the base request, and report any Scanner issues that are
+  # identified.
+  #
+  # @todo DSL methods
+  class ScannerCheck
+    include Java::Burp::IScannerCheck
+
+    REPORT_EXISTING = -1
+    REPORT_BOTH     =  0
+    REPORT_NEW      =  1
+    
+    # The Scanner invokes this method for each base request / response that is
+    # passively scanned.
+    # @note Extensions should not only analyze the HTTP messages provided during
+    #   passive scanning, and should not make any new HTTP requests of their
+    #   own.
+    #
+    # @param [IHttpRequestResponse] baseRequestResponse The base HTTP request /
+    #   response that should be passively scanned.
+    # @return [Array<IScanIssue>, nil] A list of +IScanIssue+ objects, or +nil+
+    #   if no issues are identified.
+    #
+    # @abstract subclass and call +super+
+    def doPassiveScan(baseRequestResponse)
+      pp [:got_doPassiveScan, baseRequestResponse] if $DEBUG
+      Buby::HttpRequestResponseHelper.implant baseRequestResponse
+      nil
+    end
+
+    # The Scanner invokes this method for each insertion point that is actively
+    # scanned. Extensions may issue HTTP requests as required to carry out
+    # active scanning, and should use the +IScannerInsertionPoint+ object
+    # provided to build scan requests for particular payloads.
+    # @note Extensions are responsible for ensuring that attack payloads are
+    #   suitably encoded within requests (for example, by URL-encoding relevant
+    #   metacharacters in the URL query string). Encoding is not automatically
+    #   carried out by the +IScannerInsertionPoint+, because this would prevent
+    #   Scanner checks from testing for certain input filter bypasses.
+    #   Extensions should query the +IScannerInsertionPoint+ to determine its
+    #   type, and apply any encoding that may be appropriate.
+    #
+    # @param [IHttpRequestResponse] baseRequestResponse The base HTTP request /
+    #   response that should be actively scanned.
+    # @param [IScannerInsertionPoint] insertionPoint An object that can be
+    #   queried to obtain details of the insertion point being tested, and can
+    #   be used to build scan requests for particular payloads.
+    # @return [Array<IScanIssue>, nil] A list of +IScanIssue+ objects, or +nil+ if no
+    #   issues are identified.
+    #
+    # @abstract subclass and call +super+
+    def doActiveScan(baseRequestResponse, insertionPoint)
+      pp [:got_doActiveScan, baseRequestResponse, insertionPoint] if $DEBUG
+      Buby::HttpRequestResponseHelper.implant baseRequestResponse
+      Buby::Implants::ScannerInsertionPoint.implant insertionPoint
+      nil
+    end
+
+    # The Scanner invokes this method when the custom Scanner check has
+    # reported multiple issues for the same URL path. This can arise either
+    # because there are multiple distinct vulnerabilities, or because the same
+    # (or a similar) request has been scanned more than once. The custom check
+    # should determine whether the issues are duplicates. In most cases, where
+    # a check uses distinct issue names or descriptions for distinct issues,
+    # the consolidation process will simply be a matter of comparing these
+    # features for the two issues.
+    #
+    # @param [IScanIssue] existingIssue An issue that was previously reported by this Scanner check.
+    # @param [IScanIssue] newIssue An issue at the same URL path that has been newly reported by this Scanner check.
+    # @return An indication of which issue(s) should be reported in the main Scanner results. The method should return
+    #   * {REPORT_EXISTING} to report the existing issue only,
+    #   * {REPORT_BOTH} to report both issues, and
+    #   * {REPORT_NEW} to report the new issue only.
+    #
+    # @abstract subclass and override to proccess scan issues
+    def consolidateDuplicateIssues(existingIssue, newIssue)
+      pp [:got_consolidateDuplicateIssues, existingIssue, newIssue]
+      REPORT_BOTH
+    end
+  end
+end