buby 1.3.3-java → 1.5.0-java
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +28 -14
- data/Rakefile +96 -6
- data/VERSION.yml +5 -0
- data/bin/buby +2 -0
- data/buby.gemspec +102 -17
- data/{java/src → ext/buby/burp}/BurpExtender.java +189 -29
- data/ext/burp_interfaces/burp/IBurpExtender.java +31 -0
- data/ext/burp_interfaces/burp/IBurpExtenderCallbacks.java +785 -0
- data/ext/burp_interfaces/burp/IContextMenuFactory.java +38 -0
- data/ext/burp_interfaces/burp/IContextMenuInvocation.java +156 -0
- data/ext/burp_interfaces/burp/ICookie.java +53 -0
- data/ext/burp_interfaces/burp/IExtensionHelpers.java +352 -0
- data/ext/burp_interfaces/burp/IExtensionStateListener.java +27 -0
- data/ext/burp_interfaces/burp/IHttpListener.java +37 -0
- data/ext/burp_interfaces/burp/IHttpRequestResponse.java +102 -0
- data/ext/burp_interfaces/burp/IHttpRequestResponsePersisted.java +26 -0
- data/ext/burp_interfaces/burp/IHttpRequestResponseWithMarkers.java +44 -0
- data/ext/burp_interfaces/burp/IHttpService.java +39 -0
- data/ext/burp_interfaces/burp/IInterceptedProxyMessage.java +116 -0
- data/ext/burp_interfaces/burp/IIntruderAttack.java +31 -0
- data/ext/burp_interfaces/burp/IIntruderPayloadGenerator.java +50 -0
- data/ext/burp_interfaces/burp/IIntruderPayloadGeneratorFactory.java +40 -0
- data/ext/burp_interfaces/burp/IIntruderPayloadProcessor.java +45 -0
- data/{java/src → ext/burp_interfaces}/burp/IMenuItemHandler.java +36 -40
- data/ext/burp_interfaces/burp/IMessageEditor.java +64 -0
- data/ext/burp_interfaces/burp/IMessageEditorController.java +49 -0
- data/ext/burp_interfaces/burp/IMessageEditorTab.java +102 -0
- data/ext/burp_interfaces/burp/IMessageEditorTabFactory.java +38 -0
- data/ext/burp_interfaces/burp/IParameter.java +104 -0
- data/ext/burp_interfaces/burp/IProxyListener.java +37 -0
- data/ext/burp_interfaces/burp/IRequestInfo.java +95 -0
- data/ext/burp_interfaces/burp/IResponseInfo.java +54 -0
- data/ext/burp_interfaces/burp/IScanIssue.java +120 -0
- data/ext/burp_interfaces/burp/IScanQueueItem.java +80 -0
- data/ext/burp_interfaces/burp/IScannerCheck.java +89 -0
- data/ext/burp_interfaces/burp/IScannerInsertionPoint.java +156 -0
- data/ext/burp_interfaces/burp/IScannerInsertionPointProvider.java +38 -0
- data/ext/burp_interfaces/burp/IScannerListener.java +30 -0
- data/ext/burp_interfaces/burp/IScopeChangeListener.java +25 -0
- data/ext/burp_interfaces/burp/ISessionHandlingAction.java +51 -0
- data/ext/burp_interfaces/burp/ITab.java +38 -0
- data/ext/burp_interfaces/burp/ITempFile.java +33 -0
- data/ext/burp_interfaces/burp/ITextEditor.java +90 -0
- data/lib/buby/burp_extender/console_frame.rb +33 -0
- data/lib/buby/burp_extender/console_pane.rb +26 -0
- data/lib/buby/burp_extender/console_tab.rb +15 -0
- data/lib/buby/burp_extender/context_menu.rb +29 -0
- data/lib/buby/burp_extender/context_menu_factory.rb +17 -0
- data/lib/buby/burp_extender/context_menu_item.rb +13 -0
- data/lib/buby/burp_extender/jcheck_box_menu_item.rb +12 -0
- data/lib/buby/burp_extender/jmenu.rb +11 -0
- data/lib/buby/burp_extender/jmenu_item.rb +12 -0
- data/lib/buby/burp_extender/menu.rb +11 -0
- data/lib/buby/burp_extender/menu_item.rb +12 -0
- data/lib/buby/burp_extender.rb +339 -0
- data/lib/buby/context_menu_factory.rb +35 -0
- data/lib/buby/cookie.rb +37 -0
- data/lib/buby/extender.rb +156 -0
- data/lib/buby/http_listener.rb +29 -0
- data/lib/buby/{extends → implants}/buby_array_wrapper.rb +0 -0
- data/lib/buby/implants/context_menu_invocation.rb +113 -0
- data/lib/buby/implants/cookie.rb +47 -0
- data/lib/buby/implants/extension_helpers.rb +286 -0
- data/lib/buby/{extends → implants}/http_request_response.rb +8 -1
- data/lib/buby/implants/intercepted_proxy_message.rb +53 -0
- data/lib/buby/implants/intruder_attack.rb +42 -0
- data/lib/buby/implants/jruby.rb +64 -0
- data/lib/buby/implants/message_editor.rb +70 -0
- data/lib/buby/implants/message_editor_controller.rb +60 -0
- data/lib/buby/implants/parameter.rb +84 -0
- data/lib/buby/implants/request_info.rb +47 -0
- data/lib/buby/implants/response_info.rb +44 -0
- data/lib/buby/{extends → implants}/scan_issue.rb +1 -2
- data/lib/buby/implants/scan_queue_item.rb +53 -0
- data/lib/buby/implants/scanner_insertion_point.rb +92 -0
- data/lib/buby/implants/temp_file.rb +43 -0
- data/lib/buby/implants/text_editor.rb +63 -0
- data/lib/buby/implants.rb +28 -0
- data/lib/buby/intruder_payload_generator.rb +60 -0
- data/lib/buby/intruder_payload_generator_factory.rb +32 -0
- data/lib/buby/intruder_payload_processor.rb +38 -0
- data/lib/buby/message_editor_controller.rb +41 -0
- data/lib/buby/message_editor_tab.rb +98 -0
- data/lib/buby/message_editor_tab_factory.rb +28 -0
- data/lib/buby/parameter/base.rb +40 -0
- data/lib/buby/parameter/body.rb +7 -0
- data/lib/buby/parameter/cookie.rb +7 -0
- data/lib/buby/parameter/url.rb +7 -0
- data/lib/buby/parameter.rb +15 -0
- data/lib/buby/proxy_listener.rb +26 -0
- data/lib/buby/scan_issue.rb +112 -0
- data/lib/buby/scanner_check.rb +84 -0
- data/lib/buby/scanner_insertion_point.rb +118 -0
- data/lib/buby/scanner_insertion_point_provider.rb +27 -0
- data/lib/buby/scanner_listener.rb +22 -0
- data/lib/buby/scope_change_listener.rb +19 -0
- data/lib/buby/session_handling_action.rb +43 -0
- data/lib/buby/tab.rb +37 -0
- data/lib/buby/version.rb +9 -0
- data/lib/buby.rb +892 -101
- metadata +118 -22
- data/VERSION +0 -1
- data/java/buby.jar +0 -0
- data/java/src/burp/IBurpExtender.java +0 -180
- data/java/src/burp/IBurpExtenderCallbacks.java +0 -373
- data/java/src/burp/IHttpRequestResponse.java +0 -156
- data/java/src/burp/IScanIssue.java +0 -106
- data/java/src/burp/IScanQueueItem.java +0 -76
- data/lib/buby/extends.rb +0 -4
@@ -0,0 +1,41 @@
|
|
1
|
+
class Buby
|
2
|
+
# This interface is used by an +IMessageEditor+ to obtain details about the
|
3
|
+
# currently displayed message. Extensions that create instances of Burp's HTTP
|
4
|
+
# message editor can optionally provide an implementation of
|
5
|
+
# +IMessageEditorController+, which the editor will invoke when it requires
|
6
|
+
# further information about the current message (for example, to send it to
|
7
|
+
# another Burp tool). Extensions that provide custom editor tabs via an
|
8
|
+
# +IMessageEditorTabFactory+ will receive a reference to an
|
9
|
+
# +IMessageEditorController+ object for each tab instance they generate, which
|
10
|
+
# the tab can invoke if it requires further information about the current
|
11
|
+
# message.
|
12
|
+
#
|
13
|
+
class MessageEditorController
|
14
|
+
include Java::Burp::IMessageEditorController
|
15
|
+
|
16
|
+
# This method is used to retrieve the HTTP service for the current message.
|
17
|
+
#
|
18
|
+
# @return [IHttpService] The HTTP service for the current message.
|
19
|
+
#
|
20
|
+
# @abstract
|
21
|
+
def getHttpService; raise NotImplementedError; end
|
22
|
+
|
23
|
+
# This method is used to retrieve the HTTP request associated with the
|
24
|
+
# current message (which may itself be a response).
|
25
|
+
#
|
26
|
+
# @return [Array<byte>] The HTTP request associated with the current
|
27
|
+
# message.
|
28
|
+
#
|
29
|
+
# @abstract
|
30
|
+
def getRequest; raise NotImplementedError; end
|
31
|
+
|
32
|
+
# This method is used to retrieve the HTTP response associated with the
|
33
|
+
# current message (which may itself be a request).
|
34
|
+
#
|
35
|
+
# @return [Array<byte>] The HTTP response associated with the current
|
36
|
+
# message.
|
37
|
+
#
|
38
|
+
# @abstract
|
39
|
+
def getResponse; raise NotImplementedError; end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
class Buby
|
2
|
+
# Extensions that register an +IMessageEditorTabFactory+ must return instances
|
3
|
+
# of this interface, which Burp will use to create custom tabs within its HTTP
|
4
|
+
# message editors.
|
5
|
+
#
|
6
|
+
# @abstract
|
7
|
+
# @todo voodoo method wrapping
|
8
|
+
class MessageEditorTab
|
9
|
+
include Java::Burp::IMessageEditorTab
|
10
|
+
include Java::Burp::IMessageEditorTabFactory
|
11
|
+
|
12
|
+
attr_accessor :controller, :editable
|
13
|
+
# (see Buby::MessageEditorTabFactory#createNewInstance)
|
14
|
+
def initialize controller, editable
|
15
|
+
@controller = controller
|
16
|
+
@editable = editable
|
17
|
+
end
|
18
|
+
|
19
|
+
# (see Buby::MessageEditorTabFactory#createNewInstance)
|
20
|
+
def self.createNewInstance controller, editable
|
21
|
+
self.new controller, editable
|
22
|
+
end
|
23
|
+
|
24
|
+
# This method returns the caption that should appear on the custom tab
|
25
|
+
# when it is displayed.
|
26
|
+
# @note Burp invokes this method once when the tab is first generated, and
|
27
|
+
# the same caption will be used every time the tab is displayed.
|
28
|
+
#
|
29
|
+
# @return [String] The caption that should appear on the custom tab when
|
30
|
+
# it is displayed.
|
31
|
+
#
|
32
|
+
def getTabCaption; self.class.name; end
|
33
|
+
|
34
|
+
# This method returns the component that should be used as the contents of
|
35
|
+
# the custom tab when it is displayed.
|
36
|
+
# @note Burp invokes this method once when the tab is first generated, and
|
37
|
+
# the same component will be used every time the tab is displayed.
|
38
|
+
#
|
39
|
+
# @return The component that should be used as the contents of the custom
|
40
|
+
# tab when it is displayed.
|
41
|
+
#
|
42
|
+
def getUiComponent; raise NotImplementedError; end
|
43
|
+
|
44
|
+
# The hosting editor will invoke this method before it displays a new HTTP
|
45
|
+
# message, so that the custom tab can indicate whether it should be
|
46
|
+
# enabled for that message.
|
47
|
+
#
|
48
|
+
# @param [Array<byte>] content The message that is about to be displayed.
|
49
|
+
# @param [Boolean] isRequest Indicates whether the message is a request or
|
50
|
+
# a response.
|
51
|
+
# @return [Boolean] The method should return +true+ if the custom tab is
|
52
|
+
# able to handle the specified message, and so will be displayed within
|
53
|
+
# the editor. Otherwise, the tab will be hidden while this message is
|
54
|
+
# displayed.
|
55
|
+
#
|
56
|
+
def isEnabled(content, isRequest)
|
57
|
+
content = String.from_java_bytes content
|
58
|
+
raise NotImplementedError
|
59
|
+
end
|
60
|
+
|
61
|
+
# The hosting editor will invoke this method to display a new message or
|
62
|
+
# to clear the existing message. This method will only be called with a
|
63
|
+
# new message if the tab has already returned +true+ to a call to
|
64
|
+
# {#isEnabled} with the same message details.
|
65
|
+
#
|
66
|
+
# @param [Array<byte>] content The message that is to be displayed, or
|
67
|
+
# +nil+ if the tab should clear its contents and disable any editable
|
68
|
+
# controls.
|
69
|
+
# @param [Boolean] isRequest Indicates whether the message is a request or
|
70
|
+
# a response.
|
71
|
+
#
|
72
|
+
def setMessage(content, isRequest); raise NotImplementedError; end
|
73
|
+
|
74
|
+
# This method returns the currently displayed message.
|
75
|
+
#
|
76
|
+
# @return [Array<byte>] The currently displayed message.
|
77
|
+
#
|
78
|
+
def getMessage; raise NotImplementedError; end
|
79
|
+
|
80
|
+
# This method is used to determine whether the currently displayed message
|
81
|
+
# has been modified by the user. The hosting editor will always call
|
82
|
+
# {#getMessage} before calling this method, so any pending edits should be
|
83
|
+
# completed within {#getMessage}.
|
84
|
+
#
|
85
|
+
# @return [Boolean] The method should return +true+ if the user has
|
86
|
+
# modified the current message since it was first displayed.
|
87
|
+
#
|
88
|
+
def isModified; raise NotImplementedError; end
|
89
|
+
|
90
|
+
# This method is used to retrieve the data that is currently selected by
|
91
|
+
# the user.
|
92
|
+
#
|
93
|
+
# @return [Array<byte>] The data that is currently selected by the user.
|
94
|
+
# This may be +nil+ if no selection is currently made.
|
95
|
+
#
|
96
|
+
def getSelectedData; raise NotImplementedError; end
|
97
|
+
end
|
98
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class Buby
|
2
|
+
# Extensions can implement this interface and then call
|
3
|
+
# {Buby#registerMessageEditorTabFactory} to register a factory for custom
|
4
|
+
# message editor tabs. This allows extensions to provide custom rendering or
|
5
|
+
# editing of HTTP messages, within Burp's own HTTP editor.
|
6
|
+
#
|
7
|
+
# @abstract
|
8
|
+
class MessageEditorTabFactory
|
9
|
+
include Java::Burp::IMessageEditorTabFactory
|
10
|
+
|
11
|
+
# Burp will call this method once for each HTTP message editor, and the
|
12
|
+
# factory should provide a new instance of an +IMessageEditorTab+ object.
|
13
|
+
#
|
14
|
+
# @param [IMessageEditorController] controller An object which the new tab
|
15
|
+
# can query to retrieve details about the currently displayed message.
|
16
|
+
# This may be +nil+ for extension-invoked message editors where the
|
17
|
+
# extension has not provided an editor controller.
|
18
|
+
# @param [Boolean] editable Indicates whether the hosting editor is editable
|
19
|
+
# or read-only.
|
20
|
+
# @return [IMessageEditorTab] A new tab for use within the message editor.
|
21
|
+
#
|
22
|
+
# @abstract subclass and call super
|
23
|
+
def createNewInstance(controller, editable)
|
24
|
+
Buby::Implants::MessageEditorController.implant controller
|
25
|
+
nil
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
class Buby
|
2
|
+
module Parameter
|
3
|
+
class Base
|
4
|
+
include Java::Burp::IParameter
|
5
|
+
attr_accessor :name, :value
|
6
|
+
# @overload initialize
|
7
|
+
# Create an empty instance
|
8
|
+
# @param [void]
|
9
|
+
# @overload initialize(hash)
|
10
|
+
# @param [Hash] hash name set to key, value set to value
|
11
|
+
# @overload initialize(name, value)
|
12
|
+
# @param [String] name
|
13
|
+
# @param [String] value
|
14
|
+
# @overload initialize(name, value, type)
|
15
|
+
# @param [String] name
|
16
|
+
# @param [String] value
|
17
|
+
# @param [Fixnum] type
|
18
|
+
#
|
19
|
+
def initialize *args
|
20
|
+
raise ArgumentError, "#{args.size} for 0..3" if args.size > 3
|
21
|
+
case args.size
|
22
|
+
when 0
|
23
|
+
when 1
|
24
|
+
hsh = args.first
|
25
|
+
@name = hsh[:name] || hsh['name']
|
26
|
+
@value = hsh[:value] || hsh['value']
|
27
|
+
when 2, 3
|
28
|
+
@name, @value, @type = args
|
29
|
+
end
|
30
|
+
end
|
31
|
+
def getType; @type.to_i; end
|
32
|
+
def getName; @name; end
|
33
|
+
def getValue; @value; end
|
34
|
+
def getNameStart; -1; end
|
35
|
+
def getNameEnd; -1; end
|
36
|
+
def getValueEnd; -1; end
|
37
|
+
def getValueStart;-1; end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class Buby
|
2
|
+
module Parameter
|
3
|
+
autoload :Base, 'buby/parameter/base'
|
4
|
+
autoload :Url, 'buby/parameter/url'
|
5
|
+
autoload :Body, 'buby/parameter/body'
|
6
|
+
autoload :Cookie, 'buby/parameter/cookie'
|
7
|
+
PARAM_URL = 0
|
8
|
+
PARAM_BODY = 1
|
9
|
+
PARAM_COOKIE = 2
|
10
|
+
PARAM_XML = 3
|
11
|
+
PARAM_XML_ATTR = 4
|
12
|
+
PARAM_MULTIPART_ATTR = 5
|
13
|
+
PARAM_JSON = 6
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
class Buby
|
2
|
+
# Extensions can implement this interface and then call
|
3
|
+
# {Buby#registerHttpListener} to register a Proxy listener. The listener will
|
4
|
+
# be notified of requests and responses being processed by the Proxy tool.
|
5
|
+
# Extensions can perform custom analysis or modification of these messages,
|
6
|
+
# and control in-UI message interception, by registering a proxy listener.
|
7
|
+
#
|
8
|
+
class ProxyListener
|
9
|
+
include Java::Burp::IProxyListener
|
10
|
+
# This method is invoked when an HTTP message is being processed by the
|
11
|
+
# Proxy.
|
12
|
+
#
|
13
|
+
# @param [Boolean] messageIsRequest Indicates whether the HTTP message is a
|
14
|
+
# request or a response.
|
15
|
+
# @param [IInterceptedProxyMessage] message An +IInterceptedProxyMessage+
|
16
|
+
# object that extensions can use to query and update details of the
|
17
|
+
# message, and control whether the message should be intercepted and
|
18
|
+
# displayed to the user for manual review or modification.
|
19
|
+
# @return [void]
|
20
|
+
#
|
21
|
+
def processProxyMessage(messageIsRequest, message)
|
22
|
+
pp [:got_processProxyMessage] if $debug
|
23
|
+
Buby::Implants::InterceptedProxyMessage.implant message
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,112 @@
|
|
1
|
+
require 'uri'
|
2
|
+
|
3
|
+
class Buby
|
4
|
+
# This interface is used to retrieve details of Scanner issues. Extensions can
|
5
|
+
# obtain details of issues by registering an +IScannerListener+ or by calling
|
6
|
+
# {Buby#getScanIssues}. Extensions can also add custom Scanner issues by
|
7
|
+
# registering an +IScannerCheck+ or calling {Buby#addScanIssue}, and providing
|
8
|
+
# their own implementations of this interface
|
9
|
+
#
|
10
|
+
class ScanIssue
|
11
|
+
include Java::Burp::IScanIssue
|
12
|
+
|
13
|
+
attr_accessor :uri, :name, :type, :severity, :confidence, :ibackground
|
14
|
+
attr_accessor :rbackground, :idetail, :rdetail, :messages, :service
|
15
|
+
|
16
|
+
# @param [Hash] hash
|
17
|
+
def initialize hash
|
18
|
+
@uri = hash[:uri].kind_of?(URI) ? hash[:uri] : hash[:uri].to_s
|
19
|
+
@name = hash[:name]
|
20
|
+
@type = hash[:type]
|
21
|
+
@severity = hash[:severity]
|
22
|
+
@confidence = hash[:confidence]
|
23
|
+
@ibackground = hash[:ibackground]
|
24
|
+
@rbackground = hash[:rbackground]
|
25
|
+
@idetail = hash[:idetail]
|
26
|
+
@rdetail = hash[:rdetail]
|
27
|
+
@messages = hash[:messages]
|
28
|
+
@service = hash[:service]
|
29
|
+
end
|
30
|
+
|
31
|
+
# This method returns the URL for which the issue was generated.
|
32
|
+
#
|
33
|
+
# @return [Java::JavaNet::URL] The URL for which the issue was generated.
|
34
|
+
#
|
35
|
+
def getUrl; Java::JavaNet::URL.new @uri.to_s; end
|
36
|
+
|
37
|
+
# This method returns the name of the issue type.
|
38
|
+
#
|
39
|
+
# @return [String] The name of the issue type (e.g. "SQL injection").
|
40
|
+
#
|
41
|
+
def getIssueName; @name; end
|
42
|
+
|
43
|
+
# This method returns a numeric identifier of the issue type. See the Burp
|
44
|
+
# Scanner help documentation for a listing of all the issue types.
|
45
|
+
#
|
46
|
+
# @return [Fixnum] A numeric identifier of the issue type.
|
47
|
+
#
|
48
|
+
def getIssueType; @type; end
|
49
|
+
|
50
|
+
# This method returns the issue severity level.
|
51
|
+
#
|
52
|
+
# @return [String] The issue severity level. Expected values are "High",
|
53
|
+
# "Medium", "Low", "Information" or "False positive".
|
54
|
+
#
|
55
|
+
#
|
56
|
+
def getSeverity; @severity; end
|
57
|
+
|
58
|
+
# This method returns the issue confidence level.
|
59
|
+
#
|
60
|
+
# @return [String] The issue confidence level. Expected values are
|
61
|
+
# "Certain", "Firm" or "Tentative".
|
62
|
+
#
|
63
|
+
def getConfidence; @confidence; end
|
64
|
+
|
65
|
+
# This method returns a background description for this type of issue.
|
66
|
+
#
|
67
|
+
# @return [String] A background description for this type of issue, or +nil+
|
68
|
+
# if none applies.
|
69
|
+
#
|
70
|
+
def getIssueBackground; @ibackground; end
|
71
|
+
|
72
|
+
# This method returns a background description of the remediation for this
|
73
|
+
# type of issue.
|
74
|
+
#
|
75
|
+
# @return [String] A background description of the remediation for this type
|
76
|
+
# of issue, or +nil+ if none applies.
|
77
|
+
#
|
78
|
+
def getRemediationBackground; @rbackground; end
|
79
|
+
|
80
|
+
# This method returns detailed information about this specific instance of
|
81
|
+
# the issue.
|
82
|
+
#
|
83
|
+
# @return [String] Detailed information about this specific instance of the
|
84
|
+
# issue, or +nil+ if none applies.
|
85
|
+
#
|
86
|
+
def getIssueDetail; @idetail; end
|
87
|
+
|
88
|
+
# This method returns detailed information about the remediation for this
|
89
|
+
# specific instance of the issue.
|
90
|
+
#
|
91
|
+
# @return Detailed information about the remediation for this specific
|
92
|
+
# instance of the issue, or +nil+ if none applies.
|
93
|
+
#
|
94
|
+
def getRemediationDetail; @rdetail; end
|
95
|
+
|
96
|
+
# This method returns the HTTP messages on the basis of which the issue was
|
97
|
+
# generated.
|
98
|
+
#
|
99
|
+
# @return The HTTP messages on the basis of which the issue was generated.
|
100
|
+
# @note The items in this array should be instances of
|
101
|
+
# +IHttpRequestResponseWithMarkers+ if applicable, so that details of the
|
102
|
+
# relevant portions of the request and response messages are available.
|
103
|
+
#
|
104
|
+
def getHttpMessages; @messages; end
|
105
|
+
|
106
|
+
# This method returns the HTTP service for which the issue was generated.
|
107
|
+
#
|
108
|
+
# @return The HTTP service for which the issue was generated.
|
109
|
+
#
|
110
|
+
def getHttpService; @service; end
|
111
|
+
end
|
112
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
class Buby
|
2
|
+
# Extensions can implement this interface and then call
|
3
|
+
# {Buby#registerScannerCheck} to register a custom Scanner check. When
|
4
|
+
# performing scanning, Burp will ask the check to perform active or passive
|
5
|
+
# scanning on the base request, and report any Scanner issues that are
|
6
|
+
# identified.
|
7
|
+
#
|
8
|
+
# @todo DSL methods
|
9
|
+
class ScannerCheck
|
10
|
+
include Java::Burp::IScannerCheck
|
11
|
+
|
12
|
+
REPORT_EXISTING = -1
|
13
|
+
REPORT_BOTH = 0
|
14
|
+
REPORT_NEW = 1
|
15
|
+
|
16
|
+
# The Scanner invokes this method for each base request / response that is
|
17
|
+
# passively scanned.
|
18
|
+
# @note Extensions should not only analyze the HTTP messages provided during
|
19
|
+
# passive scanning, and should not make any new HTTP requests of their
|
20
|
+
# own.
|
21
|
+
#
|
22
|
+
# @param [IHttpRequestResponse] baseRequestResponse The base HTTP request /
|
23
|
+
# response that should be passively scanned.
|
24
|
+
# @return [Array<IScanIssue>, nil] A list of +IScanIssue+ objects, or +nil+
|
25
|
+
# if no issues are identified.
|
26
|
+
#
|
27
|
+
# @abstract subclass and call +super+
|
28
|
+
def doPassiveScan(baseRequestResponse)
|
29
|
+
pp [:got_doPassiveScan, baseRequestResponse] if $DEBUG
|
30
|
+
Buby::HttpRequestResponseHelper.implant baseRequestResponse
|
31
|
+
nil
|
32
|
+
end
|
33
|
+
|
34
|
+
# The Scanner invokes this method for each insertion point that is actively
|
35
|
+
# scanned. Extensions may issue HTTP requests as required to carry out
|
36
|
+
# active scanning, and should use the +IScannerInsertionPoint+ object
|
37
|
+
# provided to build scan requests for particular payloads.
|
38
|
+
# @note Extensions are responsible for ensuring that attack payloads are
|
39
|
+
# suitably encoded within requests (for example, by URL-encoding relevant
|
40
|
+
# metacharacters in the URL query string). Encoding is not automatically
|
41
|
+
# carried out by the +IScannerInsertionPoint+, because this would prevent
|
42
|
+
# Scanner checks from testing for certain input filter bypasses.
|
43
|
+
# Extensions should query the +IScannerInsertionPoint+ to determine its
|
44
|
+
# type, and apply any encoding that may be appropriate.
|
45
|
+
#
|
46
|
+
# @param [IHttpRequestResponse] baseRequestResponse The base HTTP request /
|
47
|
+
# response that should be actively scanned.
|
48
|
+
# @param [IScannerInsertionPoint] insertionPoint An object that can be
|
49
|
+
# queried to obtain details of the insertion point being tested, and can
|
50
|
+
# be used to build scan requests for particular payloads.
|
51
|
+
# @return [Array<IScanIssue>, nil] A list of +IScanIssue+ objects, or +nil+ if no
|
52
|
+
# issues are identified.
|
53
|
+
#
|
54
|
+
# @abstract subclass and call +super+
|
55
|
+
def doActiveScan(baseRequestResponse, insertionPoint)
|
56
|
+
pp [:got_doActiveScan, baseRequestResponse, insertionPoint] if $DEBUG
|
57
|
+
Buby::HttpRequestResponseHelper.implant baseRequestResponse
|
58
|
+
Buby::Implants::ScannerInsertionPoint.implant insertionPoint
|
59
|
+
nil
|
60
|
+
end
|
61
|
+
|
62
|
+
# The Scanner invokes this method when the custom Scanner check has
|
63
|
+
# reported multiple issues for the same URL path. This can arise either
|
64
|
+
# because there are multiple distinct vulnerabilities, or because the same
|
65
|
+
# (or a similar) request has been scanned more than once. The custom check
|
66
|
+
# should determine whether the issues are duplicates. In most cases, where
|
67
|
+
# a check uses distinct issue names or descriptions for distinct issues,
|
68
|
+
# the consolidation process will simply be a matter of comparing these
|
69
|
+
# features for the two issues.
|
70
|
+
#
|
71
|
+
# @param [IScanIssue] existingIssue An issue that was previously reported by this Scanner check.
|
72
|
+
# @param [IScanIssue] newIssue An issue at the same URL path that has been newly reported by this Scanner check.
|
73
|
+
# @return An indication of which issue(s) should be reported in the main Scanner results. The method should return
|
74
|
+
# * {REPORT_EXISTING} to report the existing issue only,
|
75
|
+
# * {REPORT_BOTH} to report both issues, and
|
76
|
+
# * {REPORT_NEW} to report the new issue only.
|
77
|
+
#
|
78
|
+
# @abstract subclass and override to proccess scan issues
|
79
|
+
def consolidateDuplicateIssues(existingIssue, newIssue)
|
80
|
+
pp [:got_consolidateDuplicateIssues, existingIssue, newIssue]
|
81
|
+
REPORT_BOTH
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|