buby 1.3.3-java → 1.5.0-java

data/lib/buby/scanner_insertion_point.rb

@@ -0,0 +1,118 @@
+class Buby
+  # This interface is used to define an insertion point for use by active
+  # Scanner checks. Extensions can obtain instances of this interface by
+  # registering an +IScannerCheck+, or can create instances for use by Burp's
+  # own scan checks by registering an +IScannerInsertionPointProvider+.
+  #
+  # @api
+  # @abstract Subclass for specific insertion point flavors used.
+  class ScannerInsertionPoint
+    include Java::Burb::IScannerInsertionPoint
+
+    INS_PARAM_URL            = 0x00
+    INS_PARAM_BODY           = 0x01
+    INS_PARAM_COOKIE         = 0x02
+    INS_PARAM_XML            = 0x03
+    INS_PARAM_XML_ATTR       = 0x04
+    INS_PARAM_MULTIPART_ATTR = 0x05
+    INS_PARAM_JSON           = 0x06
+    INS_PARAM_AMF            = 0x07
+    INS_HEADER               = 0x20
+    INS_URL_REST             = 0x21
+    INS_PARAM_NAME_URL       = 0x22
+    INS_PARAM_NAME_BODY      = 0x23
+    INS_USER_PROVIDED        = 0x40
+    INS_EXTENSION_PROVIDED   = 0x41
+    INS_UNKNOWN              = 0x7f
+
+    # @overload initialize(name = nil, type = INS_UNKNOWN, base_value = nil, offsets = nil)
+    #   @param [String] name
+    #   @param [Fixnum] type
+    #   @param [String] base_value
+    #   @param [Array<Fixnum>] offsets
+    # @overload initialize(hash)
+    #   @param [Hash] hash Hash containing instance information
+    #
+    # @abstract Subclass and override for the specific insertion point flavors
+    #   used by the implementation.
+    def initialize(*args)
+      if args.first.kind_of? Hash
+        hsh = args.first
+        @type = hsh[:type] || hsh['type']
+      else
+        @name, @type, @base_vlaue, @offsets = args
+      end
+    end
+
+    # This method returns the name of the insertion point.
+    #
+    # @return [String] The name of the insertion point (for example, a
+    #   description of a particular request parameter).
+    #
+    def getInsertionPointName
+      @name || self.class.name
+    end
+
+    # This method returns the base value for this insertion point.
+    #
+    # @return [String] the base value that appears in this insertion point in
+    #   the base request being scanned, or +nil+ if there is no value in the
+    #   base request that corresponds to this insertion point.
+    #
+    # @abstract
+    def getBaseValue
+      @base_value
+    end
+
+    # This method is used to build a request with the specified payload placed
+    # into the insertion point. Any necessary adjustments to the
+    # Content-Length header will be made by the Scanner itself when the
+    # request is issued, and there is no requirement for the insertion point
+    # to do this.
+    #
+    # @note Burp's built-in scan checks do not apply any payload encoding
+    #   (such as URL-encoding) when dealing with an extension-provided
+    #   insertion point. Custom insertion points are responsible for
+    #   performing any data encoding that is necessary given the nature and
+    #   location of the insertion point.
+    #
+    # @param [Array<byte>] payload The payload that should be placed into the
+    #   insertion point.
+    # @return [Array<byte>] The resulting request.
+    #
+    # @todo figure out wrapping these calls (method_missing magic?)
+    # @abstract
+    # @api called by burp
+    def buildRequest(payload)
+      # ...
+    end
+
+    # This method is used to determine the offsets of the payload value within
+    # the request, when it is placed into the insertion point. Scan checks may
+    # invoke this method when reporting issues, so as to highlight the
+    # relevant part of the request within the UI.
+    #
+    # @param [Array<byte>] payload The payload that should be placed into the
+    #   insertion point.
+    # @return [Array<Fixnum>] An int[2] array containing the start and end
+    #   offsets of the payload within the request, or +nil+ if this is not
+    #   applicable (for example, where the insertion point places a payload
+    #   into a serialized data structure, the raw payload may not literally
+    #   appear anywhere within the resulting request).
+    #
+    # @todo figure out wrapping these calls (method_missing magic?)
+    # @abstract
+    def getPayloadOffsets(payload)
+      @offsets
+    end
+
+    # This method returns the type of the insertion point.
+    #
+    # @return [Fixnum] The type of the insertion point. Available types are
+    #   defined in {Buby::ScannerInsertionPoint}.
+    #
+    def getInsertionPointType
+      @type || INS_UNKNOWN
+    end
+  end
+end

data/lib/buby/scanner_insertion_point_provider.rb

@@ -0,0 +1,27 @@
+class Buby
+
+  # Extensions can implement this interface and then call
+  # {Buby#registerScannerInsertionPointProvider} to register a factory for
+  # custom Scanner insertion points.
+  #
+  class ScannerInsertionPointProvider
+    include Java::Burp::IScannerInsertionPointProvider
+
+    # When a request is actively scanned, the Scanner will invoke this method,
+    # and the provider should provide a list of custom insertion points that
+    # will be used in the scan.
+    # @note these insertion points are used in addition to those that are
+    #   derived from Burp Scanner's configuration, and those provided by any
+    #   other Burp extensions.
+    #
+    # @param [IHttpRequestResponse] baseRequestResponse The base request that will be actively scanned.
+    # @return [Array<IScannerInsertionPoint>, nil] A list of
+    #   +IScannerInsertionPoint+ objects that should be used in thescanning, or
+    #   +nil+ if no custom insertion points are applicable for this request.
+    #
+    def getInsertionPoints(baseRequestResponse)
+      pp [:got_getInsertionPoints, baseRequestResponse] if $DEBUG
+      __getInsertionPoints(baseRequestResponse).tap{|x|Buby::HttpRequestResponseHelper.implant(x)}
+    end
+  end
+end

data/lib/buby/scanner_listener.rb

@@ -0,0 +1,22 @@
+class Buby
+  # Extensions can implement this interface and then call
+  # {Buby#registerScannerListener} to register a Scanner listener. The listener
+  # will be notified of new issues that are reported by the Scanner tool.
+  # Extensions can perform custom analysis or logging of Scanner issues by
+  # registering a Scanner listener.
+  #
+  class ScannerListener
+    include Java::Burp::IScannerListener
+    # This method is invoked when a new issue is added to Burp Scanner's
+    # results.
+    #
+    # @param [IScanIssue] issue An object that the extension can query to obtain
+    #   details about the new issue.
+    #
+    # @abstract
+    def newScanIssue(issue)
+      pp [:got_newScanIssue, issue] if $DEBUG
+      Buby::ScanIssueHelper.implant issue
+    end
+  end
+end

data/lib/buby/scope_change_listener.rb

@@ -0,0 +1,19 @@
+class Buby
+  # Extensions can implement this interface and then call
+  # {Buby#registerScopeChangeListener} to register a scope change listener. The
+  # listener will be notified whenever a change occurs to Burp's suite-wide
+  # target scope.
+  #
+  # @todo improve listener classes with 1.9 instance_exec goodness next version
+  class ScopeChangeListener
+    include Java::Burp::IScopeChangeListener
+
+    # This method is invoked whenever a change occurs to Burp's suite-wide
+    # target scope.
+    #
+    # @abstract
+    def scopeChanged
+      pp [:got_scopeChanged] if $DEBUG
+    end
+  end
+end

data/lib/buby/session_handling_action.rb

@@ -0,0 +1,43 @@
+class Buby
+  # Extensions can implement this interface and then call
+  # {Buby#registerSessionHandlingAction} to register a custom session handling
+  # action. Each registered action will be available within the session handling
+  # rule UI for the user to select as a rule action. Users can choose to invoke
+  # an action directly in its own right, or following execution of a macro.
+  #
+  class SessionHandlingAction
+    include Java::Burp::ISessionHandlingAction
+    # This method is used by Burp to obtain the name of the session handling
+    # action. This will be displayed as an option within the session handling
+    # rule editor when the user selects to execute an extension-provided action.
+    #
+    # @return [String] The name of the action.
+    #
+    def getActionName
+      pp [:got_getActionName] if $DEBUG
+      self.class.name
+    end
+
+    # This method is invoked when the session handling action should be
+    # executed. This may happen as an action in its own right, or as a
+    # sub-action following execution of a macro.
+    #
+    # @param [IHttpRequestResponse] currentRequest The base request that is
+    #   currently being processed. The action can query this object to obtain
+    #   details about the base request. It can issue additional requests of its
+    #   own if necessary, and can use the setter methods on this object to
+    #   update the base request.
+    # @param [Array<IHttpRequestResponse>] macroItems If the action is invoked
+    #   following execution of a macro, this parameter contains the result of
+    #   executing the macro. Otherwise, it is +nil+. Actions can use the details
+    #   of the macro items to perform custom analysis of the macro to derive
+    #   values of non-standard session handling tokens, etc.
+    # @return [void]
+    # 
+    # @abstract
+    def performAction(currentRequest, macroItems)
+      pp [:got_performAction, currentRequest, macroItems] if $DEBUG
+      Buby::HttpRequestResponseHelper.implant(currentRequest)
+    end
+  end
+end

data/lib/buby/tab.rb

@@ -0,0 +1,37 @@
+class Buby
+  # This interface is used to provide Burp with details of a custom tab that
+  # will be added to Burp's UI, using a method such as {Buby#addSuiteTab}.
+  #
+  # @abstract
+  class Tab
+    include Java::Burp::ITab
+    attr_accessor :caption, :component
+
+    def initialize(caption = nil, component = nil)
+      @caption = caption || self.class.name
+      @component = component
+    end
+
+    # Burp uses this method to obtain the caption that should appear on the
+    # custom tab when it is displayed.
+    #
+    # @return [String] The caption that should appear on the custom tab when it
+    #   is displayed.
+    #
+    def getTabCaption
+      pp [:got_getTabCaption] if $DEBUG
+      @caption.to_s
+    end
+
+    # Burp uses this method to obtain the component that should be used as the
+    # contents of the custom tab when it is displayed.
+    #
+    # @return [java.awt.Component] The component that should be used as the
+    #   contents of the custom tab when it is displayed.
+    #
+    def getUiComponent
+      pp [:got_getUiComponent] if $DEBUG
+      @component
+    end
+  end
+end

data/lib/buby/version.rb

@@ -0,0 +1,9 @@
+class Buby
+  module Version
+    STRING = "1.5.0.pre3"
+    MAJOR = 1
+    MINOR = 5
+    PATCH = 0
+    BUILD = "pre3"
+  end
+end

data/lib/buby.rb

@@ -1,10 +1,13 @@
-include Java
-
 require 'pp'
-require "buby.jar"
-require 'buby/extends.rb'
-
-include_class 'BurpExtender'
+require 'uri'
+require 'buby/implants'
+
+# load the Burp extender interfaces if they're not already accessible
+begin
+  Java::Burp::IBurpExtender
+rescue NameError
+  require 'burp_interfaces.jar'
+end
 
 # Buby is a mash-up of the commercial security testing web proxy PortSwigger 
 # Burp Suite(tm) allowing you to add scripting to Burp. Burp is driven from 
@@ -15,9 +18,10 @@ include_class 'BurpExtender'
 # java implementation:
 # * evt_extender_init
 # * evt_proxy_message
-# * evt_command_line_args
+# * evt_command_line_args (removed in 1.5.01)
 # * evt_register_callbacks
-# * evt_application_closing
+# * evt_application_closing (deprecated)
+# * evt_extension_unloaded
 #
 # Buby also supports the newer event handlers available in Burp 1.2.09 and up:
 # * evt_http_message
@@ -79,21 +83,48 @@ include_class 'BurpExtender'
 #   to type and say out-loud. Mike Tracy gets full credit as official 
 #   Buby-namer.
 #
+# @todo move more to Java side
 class Buby
-
-  VERSION = 
-    if File.file?(f=::File.expand_path(File.join(::File.dirname(__FILE__), "../VERSION")))
-      File.read(f).chomp
-    end
+  autoload :ContextMenuFactory, 'buby/context_menu_factory'
+  autoload :Cookie, 'buby/cookie'
+  autoload :HttpListener, 'buby/http_listener'
+  autoload :IntruderPayloadGenerator, 'buby/intruder_payload_generator'
+  autoload :IntruderPayloadGeneratorFactory, 'buby/intruder_payload_generator_factory'
+  autoload :IntruderPayloadProcessor, 'buby/intruder_payload_processor'
+  autoload :MessageEditorController, 'buby/message_editor_controller'
+  autoload :MessageEditorTab, 'buby/message_editor_tab'
+  autoload :MessageEditorTabFactory, 'buby/message_editor_tab_factory'
+  autoload :Parameter, 'buby/parameter'
+  autoload :ProxyListener, 'buby/proxy_listener'
+  autoload :ScanIssue, 'buby/scan_issue'
+  autoload :ScannerCheck, 'buby/scanner_check'
+  autoload :ScannerInsertionPoint, 'buby/scanner_insertion_point'
+  autoload :ScannerInsertionPointProvider, 'buby/scanner_insertion_point_provider'
+  autoload :ScannerListener, 'buby/scanner_listener'
+  autoload :ScopeChangeListener, 'buby/scope_change_listener'
+  autoload :SessionHandlingAction, 'buby/session_handling_action'
+  autoload :Tab, 'buby/tab'
+  autoload :Version, 'buby/version'
+
+  # @deprecated moving to proper version module
+  VERSION = Buby::Version::STRING
+  
+  # latest tested version of burp
+  COMPAT_VERSION = '1.5.05'
 
   # :stopdoc:
+  # @deprecated to be removed next version
+  # @api private
   LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
+
+  # @deprecated to be removed next version
+  # @api private
   PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
   # :startdoc:
 
   def initialize(other=nil)
     if other
-      raise "arg 0 must be another kind of Buby" unless other.is_a? Buby
+      raise TypeError, "argument must be another kind of Buby, got #{other.class}" unless other.is_a? Buby
       @burp_extender = other.burp_extender
       @burp_callbacks = other.burp_callbacks
     end
@@ -101,8 +132,9 @@ class Buby
 
   # Makes this handler the active Ruby handler object for the BurpExtender
   # Java runtime. (there can be only one!)
-  def activate!
-    BurpExtender.set_handler(self)
+  # @param extender Buby's BurpExtender interface
+  def activate!(extender)
+    extender.handler = self
   end
 
   # Returns the internal reference to the BurpExtender instance. This
@@ -121,20 +153,72 @@ class Buby
     @burp_callbacks or raise "Burp callbacks have not been set"
   end
 
-  # Send an HTTP request to the Burp Scanner tool to perform an active 
-  # vulnerability scan.
-  #  * host = The hostname of the remote HTTP server.
-  #  * port = The port of the remote HTTP server.
-  #  * https = Flags whether the protocol is HTTPS or HTTP.
-  #  * req  = The full HTTP request. (String or Java bytes[])
-  #  * ip_off = A list of index pairs representing the
-  #  * positions of the insertion points that should be scanned. Each item in
-  #  * the list must be an int[2] array containing the start and end offsets
-  #  * for the insertion point. *1.4+* only
-  
-  def doActiveScan(host, port, https, req, ip_off)
-    req = req.to_java_bytes if req.is_a? String
-    getBurpVersion ? _check_cb.doActiveScan(host, port, https, req, ip_off) : _check_cb.doActiveScan(host, port, https, req)
+  # This method can be used to send an HTTP request to the Burp Scanner tool
+  # to perform an active vulnerability scan. If the request is not within the
+  # current active scanning scope, the user will be asked if they wish to
+  # proceed with the scan.
+  #
+  # @overload doActiveScan(host, port, useHttps, request, insertionPointOffsets = nil)
+  #   @param [String] host The hostname of the remote HTTP server.
+  #   @param [Fixnum] port The port of the remote HTTP server.
+  #   @param [Boolean] useHttps Flags whether the protocol is HTTPS or HTTP.
+  #   @param [String, Array<byte>] request The full HTTP request.
+  #   @param [Array<Array<Fixnum>>] insertionPointOffsets A list of index pairs
+  #     representing the positions of the insertion points that should be
+  #     scanned. Each item in the list must be an +int\[2]+ array containing the
+  #     start and end offsets for the insertion point.
+  # @overload doActiveScan(request, insertionPointOffsets = nil)
+  #   @param [IHttpRequestResponse] request Request object containing details
+  #     about the request to scan.
+  #   @param [Array<Array<Fixnum>>] insertionPointOffsets A list of index pairs
+  #     representing the positions of the insertion points that should be
+  #     scanned. Each item in the list must be an +int\[2]+ array containing the
+  #     start and end offsets for the insertion point.
+  # @overload doActiveScan(url, insertionPointOffsets = nil)
+  #   @param [String, URI, java.net.URL] url Build a +GET+ request and scan url.
+  #   @param [Array<Array<Fixnum>>] insertionPointOffsets A list of index pairs
+  #     representing the positions of the insertion points that should be
+  #     scanned. Each item in the list must be an +int\[2]+ array containing the
+  #     start and end offsets for the insertion point.
+  # @return [IScanQueueItem] The resulting scan queue item.
+  #
+  def doActiveScan(*args)
+    host, port, https, req, ip_off = args
+    case args.size
+    when 1,2
+      req = args.first
+      ip_off = args[1]
+      if req.kind_of? Java::Burp::IHttpRequestResponse
+        serv = req.getHttpService
+        https = serv.getProtocol == "https"
+        host = serv.getHost
+        port = serv.getPort
+        req = req.request
+      else
+        url = (req.kind_of?(URI) || req.kind_of?(Java::JavaNet::URL)) ? req : Java::JavaNet::URL.new(req.to_s)
+        req = getHelpers.buildHttpRequest req
+        host = url.host
+        port = url.port
+        if url.scheme.downcase == "https"
+          https = true
+          port = 443 if port == -1
+        else
+          https = false
+          port = 80 if port == -1
+        end
+      end
+    when 4,5
+      host, port, https, req, ip_off = args
+    else
+      raise ArgumentError
+    end
+    req = req.to_java_bytes if req.respond_to? :to_java_bytes
+    scanq = if getBurpVersion
+      _check_cb.doActiveScan(host, port, https, req, ip_off)
+    else
+      _check_cb.doActiveScan(host, port, https, req)
+    end
+    Buby::Implants::ScanQueueItem.implant scanq
   end
   alias do_active_scan doActiveScan
   alias active_scan doActiveScan
@@ -157,7 +241,7 @@ class Buby
   # Exclude the specified URL from the Suite-wide scope.
   #  * url = The URL to exclude from the Suite-wide scope.
   def excludeFromScope(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.excludeFromScope(url)
   end
   alias exclude_from_scope excludeFromScope
@@ -166,7 +250,7 @@ class Buby
   # Include the specified URL in the Suite-wide scope.
   #  * url = The URL to exclude in the Suite-wide scope.
   def includeInScope(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.includeInScope(url)
   end
   alias include_in_scope includeInScope 
@@ -177,7 +261,7 @@ class Buby
   #
   # Returns: true / false
   def isInScope(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.isInScope(url)
   end
   alias is_in_scope isInScope
@@ -197,10 +281,25 @@ class Buby
   #  * https = Flags whether the protocol is HTTPS or HTTP.
   #  * req   = The full HTTP request. (String or Java bytes[])
   #
-  # Returns: The full response retrieved from the remote server.
-  def makeHttpRequest(host, port, https, req)
-    req = req.to_java_bytes if req.is_a? String
-    String.from_java_bytes( _check_cb.makeHttpRequest(host, port, https, req) )
+  # also may be called with new IHttpService as an argument
+  #  * service = IHttpService object with host, port, etc.
+  #  * request = request string
+  # @return The full response retrieved from the remote server.
+  #
+  def makeHttpRequest(*args)
+    ret = case args.size
+    when 2
+      service, req = args
+      req = req.to_java_bytes if req.is_a? String
+      _check_and_callback(:makeHttpRequst, service, req)
+    when 4
+      host, port, https, req = args
+      req = req.to_java_bytes if req.is_a? String
+      _check_cb.makeHttpRequest(host, port, https, req)
+    else
+      raise ArgumentError
+    end
+    String.from_java_bytes(ret)
   end
   alias make_http_request makeHttpRequest
   alias make_request makeHttpRequest
@@ -242,7 +341,7 @@ class Buby
   # Send a seed URL to the Burp Spider tool.
   #  * url = The new seed URL to begin spidering from.
   def sendToSpider(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.sendToSpider(url)
   end
   alias send_to_spider sendToSpider
@@ -254,17 +353,18 @@ class Buby
   #
   # * meth = string or symbol name of method
   # * args = variable length array of arguments to pass to meth
-  def _check_and_callback(meth, *args)
+  def _check_and_callback(meth, *args, &block)
     cb = _check_cb
     unless cb.respond_to?(meth)
       raise "#{meth} is not available in your version of Burp"
     end
-    cb.__send__ meth, *args
+    cb.__send__ meth, *args, &block
   end
 
 
   # Returns a Java array of IHttpRequestResponse objects pulled directly from 
   # the Burp proxy history.
+  # @todo Bring IHttpRequestResponse helper up to date
   def getProxyHistory
     HttpRequestResponseList.new(_check_and_callback(:getProxyHistory))
   end
@@ -275,6 +375,7 @@ class Buby
   # Returns a Java array of IHttpRequestResponse objects pulled directly from 
   # the Burp site map for all urls matching the specified literal prefix. 
   # The prefix can be nil to return all objects.
+  # @todo Bring IHttpRequestResponse helper up to date
   def getSiteMap(urlprefix=nil)
     HttpRequestResponseList.new(_check_and_callback(:getSiteMap, urlprefix))
   end
@@ -300,7 +401,7 @@ class Buby
   #
   # * filename = path and filename of the file to restore from
   def restoreState(filename)
-    _check_and_callback(:restoreState, java.io.File.new(filename))
+    _check_and_callback(:restoreState, Java::JavaIo::File.new(filename))
   end
   alias restore_state restoreState
 
@@ -311,7 +412,7 @@ class Buby
   #
   # * filename = path and filename of the file to save to
   def saveState(filename)
-    _check_and_callback(:saveState, java.io.File.new(filename))
+    _check_and_callback(:saveState, Java::JavaIo::File.new(filename))
   end
   alias save_state saveState
 
@@ -320,12 +421,20 @@ class Buby
   # containing parameters as they are structured in the 'Parameters' tab in the 
   # Burp request UI.
   #
-  # IMPORTANT: This method is only available with Burp 1.2.09 and higher.
+  # IMPORTANT: This method is only available with Burp 1.2.09+ and deprecated in 1.5.01
   #
-  # req = raw request (String or Java bytes[])
-  def getParameters(req)
-    req = req.to_java_bytes if req.is_a? String
-    _check_and_callback(:getParameters, req)
+  # This method parses the specified request and returns details of each
+  # request parameter.
+  #
+  # @param request The request to be parsed.
+  # @return An array of:
+  #   <code>String[] { name, value, type }</code> containing details of the
+  #   parameters contained within the request.
+  # @deprecated Use +IExtensionHelpers.analyzeRequest()+ instead.
+  #
+  def getParameters(request)
+    request = request.to_java_bytes if request.is_a? String
+    _check_and_callback(:getParameters, request)
   end
   alias parameters getParameters
   alias get_parameters getParameters
@@ -335,12 +444,20 @@ class Buby
   # array containing the headers as they are structured in the 'Headers' tab 
   # in the Burp request/response viewer UI.
   #
-  # IMPORTANT: This method is only available with Burp 1.2.09 and higher.
+  # IMPORTANT: This method is only available with Burp 1.2.09+ and is deprecated in 1.5.01
+  #
+  # This method parses the specified request and returns details of each HTTP
+  # header.
+  #
+  # @param message The request to be parsed.
+  # @return An array of HTTP headers.
+  # @deprecated Use
+  # <code>IExtensionHelpers.analyzeRequest()</code> or
+  # <code>IExtensionHelpers.analyzeResponse()</code> instead.
   #
-  # msg = raw request/response (String or Java bytes[])
-  def getHeaders(msg)
-    msg = msg.to_java_bytes if msg.is_a? String
-    _check_and_callback(:getHeaders, msg)
+  def getHeaders(message)
+    message = message.to_java_bytes if message.is_a? String
+    _check_and_callback(:getHeaders, message)
   end
   alias headers getHeaders
   alias get_headers getHeaders
@@ -353,18 +470,25 @@ class Buby
   alias exit_suite exitSuite
   alias close exitSuite
 
-  # This method can be used to register a new menu item which will appear 
-  # on the various context menus that are used throughout Burp Suite to 
-  # handle user-driven actions.
-  # 
+  # This method can be used to register a new menu item which will appear on
+  # the various context menus that are used throughout Burp Suite to handle
+  # user-driven actions.
+  #
   # @param menuItemCaption The caption to be displayed on the menu item.
-  # @param menuItemHandler The handler to be invoked when the user clicks
-  # on the menu item.
-  # 
-  # This method is only available with Burp 1.3.07 and higher.
-  def registerMenuItem(menuItemCaption, menuItemHandler)
-    _check_and_callback(:registerMenuItem, menuItemCaption, menuItemHandler)
+  # @param menuItemHandler The handler to be invoked when the user clicks on
+  # the menu item.
+  # @deprecated Use {#registerContextMenuFactory} instead.
+  #
+  # This method is only available with Burp 1.3.07+ and is deprecated in 1.5.01.
+  #
+  def registerMenuItem(menuItemCaption, menuItemHandler = nil, &block)
+    ret = if block_given?
+      _check_and_callback(:registerMenuItem, menuItemCaption, &block)
+    else
+      _check_and_callback(:registerMenuItem, menuItemCaption, menuItemHandler)
+    end
     issueAlert("Handler #{menuItemHandler} registered for \"#{menuItemCaption}\"")
+    ret
   end
   alias register_menu_item registerMenuItem
 
@@ -407,8 +531,8 @@ class Buby
   # configuration.
   #
   # This method is only available with Burp 1.3.09+
-  def loadConfig(conf)
-    _check_and_callback(:loadConfig, conf)
+  def loadConfig(config)
+    _check_and_callback(:loadConfig, config)
   end
   alias load_config loadConfig
   alias config= loadConfig
@@ -437,8 +561,498 @@ class Buby
     end
   end
   alias burp_version getBurpVersion
+  alias get_burp_version getBurpVersion
+
+  # This method is used to set the display name for the current extension,
+  # which will be displayed within the user interface for the Extender tool.
+  #
+  # @param [String] name The extension name.
+  # @return [void]
+  #
+  def setExtensionName(name)
+    _check_and_callback(:setExtensionName, name)
+  end
+  alias extension_name= setExtensionName
+  alias set_extension_name setExtensionName
+
+  # This method is used to obtain an
+  # <code>IExtensionHelpers</code> object, which can be used by the extension
+  # to perform numerous useful tasks.
+  #
+  # @return An object containing numerous helper methods, for tasks such as
+  # building and analyzing HTTP requests.
+  #
+  def getHelpers
+    @helpers ||= Buby::Implants::ExtensionHelpers.implant(_check_and_callback(:getHelpers))
+  end
+  alias helpers getHelpers
+  alias get_helpers getHelpers
+
+  # This method is used to obtain the current extension's standard output
+  # stream. Extensions should write all output to this stream, allowing the
+  # Burp user to configure how that output is handled from within the UI.
+  #
+  # @return [OutputStream] The extension's standard output stream.
+  #
+  # @todo double check
+  def getStdout
+    @stdout ||= _check_and_callback(:getStdout)
+  end
+  alias stdout getStdout
+  alias get_stdout getStdout
+
+  # This method is used to obtain the current extension's standard error
+  # stream. Extensions should write all error messages to this stream,
+  # allowing the Burp user to configure how that output is handled from
+  # within the UI.
+  #
+  # @return [OutputStream] The extension's standard error stream.
+  #
+  def getStderr
+    @stderr ||= _check_and_callback(:getStderr)
+  end
+  alias stderr getStderr
+  alias get_stderr getStderr
+
+  # This method is used to register a listener which will be notified of
+  # changes to the extension's state. <b>Note:</b> Any extensions that start
+  # background threads or open system resources (such as files or database
+  # connections) should register a listener and terminate threads / close
+  # resources when the extension is unloaded.
+  #
+  # @overload registerExtensionStateListener(listener)
+  #   @param [IExtensionStateListener] listener A listener for extension
+  #    state events
+  # @overload registerExtensionStateListener(&block)
+  #   @param [Proc] &block A listener for extension state events
+  #    (Isn't JRuby fun?)
+  #
+  def registerExtensionStateListener(listener = nil, &block)
+    if block_given?
+      _check_and_callback(:registerExtensionStateListener, &block)
+    else
+      _check_and_callback(:registerExtensionStateListener, listener)
+    end
+  end
+  alias register_extension_state_listener registerExtensionStateListener
+
+  # This method is used to register a listener which will be notified of
+  # requests and responses made by any Burp tool. Extensions can perform
+  # custom analysis or modification of these messages by registering an HTTP
+  # listener.
+  #
+  # @overload registerHttpListener(listener)
+  #   @param [IHttpListener] listener A listener for http events
+  # @overload registerHttpListener(&block)
+  #   @param [Proc] &block A listener for http events
+  #    (Isn't JRuby fun?)
+  #
+  def registerHttpListener(listener = nil, &block)
+    if block_given?
+      _check_and_callback(:registerHttpListener, &block)
+    else
+      _check_and_callback(:registerHttpListener, listener)
+    end
+  end
+  alias register_http_listener registerHttpListener
+
+  # This method is used to register a listener which will be notified of
+  # requests and responses being processed by the Proxy tool. Extensions can
+  # perform custom analysis or modification of these messages, and control
+  # in-UI message interception, by registering a proxy listener.
+  #
+  # @overload registerProxyListener(listener)
+  #   @param [IProxyListener] listener A listener for proxy events
+  # @overload registerHttpListener(&block)
+  #   @param [Proc] &block A listener for proxy events
+  #    (Isn't JRuby fun?)
+  #
+  def registerProxyListener(listener = nil, &block)
+    if block_given?
+      _check_and_callback(:registerProxyListener, &block)
+    else
+      _check_and_callback(:registerProxyListener, listener)
+    end
+  end
+  alias register_proxy_listener registerProxyListener
+
+  # This method is used to register a listener which will be notified of new
+  # issues that are reported by the Scanner tool. Extensions can perform
+  # custom analysis or logging of Scanner issues by registering a Scanner
+  # listener.
+  #
+  # @overload registerScannerListener(listener)
+  #   @param [IScannerListener] listener A listener for scanner events
+  # @overload registerScannerListener(&block)
+  #   @param [Proc] &block A listener for scanner events
+  #    (Isn't JRuby fun?)
+  #
+  def registerScannerListener(listener = nil, &block)
+    if block_given?
+      _check_and_callback(:registerScannerListener, &block)
+    else
+      _check_and_callback(:registerScannerListener, listener)
+    end
+  end
+  alias register_scanner_listener registerScannerListener
+
+  # This method is used to register a listener which will be notified of
+  # changes to Burp's suite-wide target scope.
+  #
+  # @overload registerScopeChangeListener(listener)
+  #   @param [IScopeChangeListener] listener A listener for scope change events
+  # @overload registerScopeChangeListener(&block)
+  #   @param [Proc] &block A listener for scope change events
+  #    (Isn't JRuby fun?)
+  #
+  def registerScopeChangeListener(listener = nil, &block)
+    if block_given?
+      _check_and_callback(:registerScopeChangeListener, &block)
+    else
+      _check_and_callback(:registerScopeChangeListener, listener)
+    end
+  end
+
+  # This method is used to register a factory for custom context menu items.
+  # When the user invokes a context menu anywhere within Burp, the factory
+  # will be passed details of the invocation event, and asked to provide any
+  # custom context menu items that should be shown.
+  #
+  # @overload registerContextMenuFactory(factory)
+  #   @param [IContextMenuFactory] factory A listener for context
+  #     menu invocation events
+  # @overload registerContextMenuFactory(&block)
+  #   @param [Proc] &block A listener for context menu invocation events
+  #     (Isn't JRuby fun?)
+  #   @note It is probably better to use the more explicit +factory+ argument
+  #     version to ensure the +IContextMenuInvocation+ Java classes have been
+  #     wrapped properly.
+  #
+  def registerContextMenuFactory(factory = nil, &block)
+    if block_given?
+      _check_and_callback(:registerContextMenuFactory, &block)
+    else
+      _check_and_callback(:registerContextMenuFactory, factory)
+    end
+  end
+  alias register_context_menu_factory registerContextMenuFactory
+
+  # This method is used to register a factory for custom message editor tabs.
+  # For each message editor that already exists, or is subsequently created,
+  # within Burp, the factory will be asked to provide a new instance of an
+  # <code>IMessageEditorTab</code> object, which can provide custom rendering
+  # or editing of HTTP messages.
+  #
+  # @overload registerMessageEditorTabFactory(factory)
+  #   @param [IMessageEditorTabFactory] factory A listener for message editor
+  #     tab events
+  # @overload registerMessageEditorTabFactory(&block)
+  #   @param [Proc] &block A listener for message editor tab events
+  #     (Isn't JRuby fun?)
+  #   @note It is probably better to use the more explicit +factory+ argument
+  #     version to ensure the +IMessageEditorController+ Java classes have been
+  #     wrapped properly.
+  #
+  def registerMessageEditorTabFactory(factory = nil, &block)
+    if block_given?
+      _check_and_callback(:registerMessageEditorTabFactory, &block)
+    else
+      _check_and_callback(:registerMessageEditorTabFactory, factory)
+    end
+  end
+  alias register_message_editor_tab_factory registerMessageEditorTabFactory
+
+  # This method is used to register a provider of Scanner insertion points.
+  # For each base request that is actively scanned, Burp will ask the
+  # provider to provide any custom scanner insertion points that are
+  # appropriate for the request.
+  #
+  # @overload registerScannerInsertionPointProvider(provider)
+  #   @param [IScannerInsertionPointProvider] provider A provider of scanner
+  #     insertion points
+  # @overload registerScannerInsertionPointProvider(&block)
+  #   @param [Proc] &block A provider of scanner insertion points
+  #     (Isn't JRuby fun?)
+  #
+  def registerScannerInsertionPointProvider(provider = nil, &block)
+    if block_given?
+      _check_and_callback(:registerScannerInsertionPointProvider, &block)
+    else
+      _check_and_callback(:registerScannerInsertionPointProvider, provider)
+    end
+  end
+  alias register_scanner_insertion_point_provider registerScannerInsertionPointProvider
+
+  # This method is used to register a custom Scanner check. When performing
+  # scanning, Burp will ask the check to perform active or passive scanning
+  # on the base request, and report any Scanner issues that are identified.
+  #
+  # @param [IScannerCheck] check An object that performs a given check.
+  #
+  def registerScannerCheck(check = nil, &block)
+    if block_given?
+      _check_and_callback(:registerScannerCheck, &block)
+    else
+      _check_and_callback(:registerScannerCheck, check)
+    end
+  end
+  alias register_scanner_check registerScannerCheck
+
+  # This method is used to register a factory for Intruder payloads. Each
+  # registered factory will be available within the Intruder UI for the user
+  # to select as the payload source for an attack. When this is selected, the
+  # factory will be asked to provide a new instance of an
+  # +IIntruderPayloadGenerator+ object, which will be used to generate payloads
+  # for the attack.
+  #
+  # @param [IIntruderPayloadGeneratorFactory] factory An object to be used for
+  #   generating intruder payloads.
+  #
+  # @todo Test - block version may work here
+  def registerIntruderPayloadGeneratorFactory(factory = nil, &block)
+    if block_given?
+      _check_and_callback(:registerIntruderPayloadGeneratorFactory, &block)
+    else
+      _check_and_callback(:registerIntruderPayloadGeneratorFactory, factory)
+    end
+  end
+  alias register_intruder_payload_generator_factory registerIntruderPayloadGeneratorFactory
+
+  # This method is used to register a custom Intruder payload processor. Each
+  # registered processor will be available within the Intruder UI for the
+  # user to select as the action for a payload processing rule.
+  #
+  # @param [IIntruderPayloadProcessor] processor An object used for processing
+  #   Intruder payloads
+  #
+  # @todo Test - block version may work here
+  def registerIntruderPayloadProcessor(processor)
+    if block_given?
+      _check_and_callback(:registerIntruderPayloadProcessor, &block)
+    else
+      _check_and_callback(:registerIntruderPayloadProcessor, processor)
+    end
+  end
+  alias register_intruder_payload_processor registerIntruderPayloadProcessor
+
+  # This method is used to register a custom session handling action. Each
+  # registered action will be available within the session handling rule UI
+  # for the user to select as a rule action. Users can choose to invoke an
+  # action directly in its own right, or following execution of a macro.
+  #
+  # @param [ISessionHandlingAction] action An object used to perform a given session action.
+  #
+  # @todo Test - block version may work here
+  def registerSessionHandlingAction(action)
+    if block_given?
+      _check_and_callback(:registerSessionHandlingAction, &block)
+    else
+      _check_and_callback(:registerSessionHandlingAction, action)
+    end
+  end
+  alias register_session_handling_action registerSessionHandlingAction
+
+  # This method is used to add a custom tab to the main Burp Suite window.
+  #
+  # @param [ITab] tab A tab to be added to the suite's user interface.
+  #
+  def addSuiteTab(tab)
+    _check_and_callback(:addSuiteTab, tab)
+  end
+  alias add_suite_tab addSuiteTab
+
+  # This method is used to remove a previously-added tab from the main Burp
+  # Suite window.
+  #
+  # @param [ITab] tab The tab to be removed from the suite's user interface.
+  #
+  def removeSuiteTab(tab)
+    _check_and_callback(:removeSuiteTab, tab)
+  end
+  alias remove_suite_tab removeSuiteTab
+
+  # This method is used to customize UI components in line with Burp's UI
+  # style, including font size, colors, table line spacing, etc.
+  #
+  # @param [Component] component The UI component to be customized.
+  #
+  def customizeUiComponent(component)
+    _check_and_callback(:customizeUiComponent, component)
+  end
+  alias customize_ui_component customizeUiComponent
+
+  # This method is used to create a new instance of Burp's HTTP message
+  # editor, for the extension to use in its own UI.
+  #
+  # @param controller An object created by the extension that implements the
+  #   +IMessageEditorController+ interface. This parameter is optional and
+  #   defaults to +nil+. If it is provided, then the message editor will query
+  #   the controller when required to obtain details about the currently
+  #   displayed message, including the +IHttpService+ for the message, and the
+  #   associated request or response message. If a controller is not provided,
+  #   then the message editor will not support context menu actions, such as
+  #   sending requests to other Burp tools.
+  # @param [Boolean] editable Indicates whether the editor created should be
+  #   editable, or used only for message viewing.
+  # @return [IMessageEditor] An object which the extension can use in
+  #   its own UI.
+  #
+  def createMessageEditor(controller = nil, editable = true)
+    Buby::Implants::MessageEditor.implant _check_and_callback(:createMessageEditor, controller, editable)
+  end
+  alias create_message_editor createMessageEditor
+
+  # This method is used to save configuration settings for the extension in a
+  # persistent way that survives reloads of the extension and of Burp Suite.
+  # Saved settings can be retrieved using the method {#loadExtensionSetting}.
+  #
+  # @param [String] name The name of the setting.
+  # @param [String] value The value of the setting. If this value is +nil+ then
+  #   any existing setting with the specified name will be removed.
+  #
+  def saveExtensionSetting(name, value)
+    _check_and_callback(:saveExtensionSetting, name, value)
+  end
+  alias save_extension_setting saveExtensionSetting
+
+  # This method is used to load configuration settings for the extension that
+  # were saved using the method
+  # <code>saveExtensionSetting()</code>.
+  #
+  # @param [String] name The name of the setting.
+  # @return [String] The value of the setting, or +nil+ if no value is set.
+  #
+  def loadExtensionSetting(name)
+    _check_and_callback(:loadExtensionSetting, name)
+  end
+  alias load_extension_setting loadExtensionSetting
+
+  # This method is used to create a new instance of Burp's plain text editor,
+  # for the extension to use in its own UI.
+  #
+  # @return [ITextEditor] A new text editor the extension can use in its own UI.
+  #
+  def createTextEditor()
+    _check_and_callback(:createTextEditor)
+  end
+  alias create_text_editor createTextEditor
+
+  # This method is used to retrieve the contents of Burp's session handling
+  # cookie jar. Extensions that provide an +ISessionHandlingAction+ can query
+  # and update the cookie jar in order to handle unusual session handling
+  # mechanisms.
+  #
+  # @return [Array<ICookie>] An array of the cookies representing the contents
+  #   of Burp's session handling cookie jar.
+  #
+  def getCookieJarContents
+    _check_and_callback(:getCookieJarContents).tap{|arr| Buby::Implants::Cookie.implant(arr.first)}
+  end
+  alias get_cookie_jar_contents getCookieJarContents
+  alias cookie_jar_contents getCookieJarContents
+
+  # This method is used to update the contents of Burp's session handling
+  # cookie jar. Extensions that provide an
+  # <code>ISessionHandlingAction</code> can query and update the cookie jar
+  # in order to handle unusual session handling mechanisms.
+  #
+  # @param [ICookie] cookie An object containing details of the cookie to be
+  #   updated. If the cookie jar already contains a cookie that matches the
+  #   specified domain and name, then that cookie will be updated with the new
+  #   value and expiration, unless the new value is +nil+, in which case the
+  #   cookie will be removed. If the cookie jar does not already contain a
+  #   cookie that matches the specified domain and name, then the cookie will
+  #   be added.
+  #
+  # @see Buby::Cookie
+  def updateCookieJar(cookie)
+    _check_and_callback(:updateCookieJar, cookie)
+  end
+  alias update_cookie_jar updateCookieJar
+
+  # This method is used to create a temporary file on disk containing the
+  # provided data. Extensions can use temporary files for long-term storage
+  # of runtime data, avoiding the need to retain that data in memory.
+  # Not strictly needed in JRuby (use Tempfile class in stdlib instead) but might see use.
+  #
+  # @param [String, Array<byte>] buffer The data to be saved to a temporary file.
+  # @return [ITempFile] A reference to the temp file.
+  #
+  def saveToTempFile(buffer)
+    buffer = buffer.to_java_bytes if buffer.respond_to? :to_java_bytes
+    Buby::Implants::TempFile.implant(_check_and_callback(:saveToTempFile, buffer))
+  end
+  alias save_to_temp_file saveToTempFile
+
+  # This method is used to save the request and response of an
+  # +IHttpRequestResponse+ object to temporary files, so that they are no longer
+  # held in memory. Extensions can used this method to convert
+  # +IHttpRequestResponse+ objects into a form suitable for long-term storage.
+  #
+  # @param [IHttpRequestResponse] httpRequestResponse The request and response
+  #   messages to be saved to temporary files.
+  # @return [IHttpRequestResponsePersisted] A reference to the saved temp file.
+  #
+  # @todo move HttpRequestResponse to new Implants method...
+  def saveBuffersToTempFiles(httpRequestResponse)
+    _check_and_callback(:saveBuffersToTempFiles, httpRequestResponse).tap{|obj| Buby::HttpRequestResponseHelper.implant(obj)}
+  end
+  alias save_buffers_to_temp_files saveBuffersToTempFiles
+
+  # This method is used to apply markers to an HTTP request or response, at
+  # offsets into the message that are relevant for some particular purpose.
+  # Markers are used in various situations, such as specifying Intruder
+  # payload positions, Scanner insertion points, and highlights in Scanner
+  # issues.
+  #
+  # @param [IHttpRequestResponse] httpRequestResponse The object to which the
+  #   markers should be applied.
+  # @param [Array<Array<Fixnum>>] requestMarkers A list of index pairs
+  #   representing the offsets of markers to be applied to the request message.
+  #   Each item in the list must be an +int[2]+ array containing the start and
+  #   end offsets for the marker. This parameter is optional and may be +nil+ if
+  #   no request markers are required.
+  # @param [Array<Array<Fixnum>>] responseMarkers A list of index pairs
+  #   representing the offsets of markers to be applied to the response message.
+  #   Each item in the list must be an +int[2]+ array containing the start and
+  #   end offsets for the marker. This parameter is optional and may be +nil+ if
+  #   no response markers are required.
+  # @return [IHttpRequestResponseWithMarkers] A marked request/response pair.
+  #
+  # @todo Bring IHttpRequestResponse helper up to date
+  def applyMarkers(httpRequestResponse, requestMarkers, responseMarkers)
+    _check_and_callback(:applyMarkers, httpRequestResponse, requestMarkers, responseMarkers).tap{|obj| Buby::HttpRequestResponseHelper.implant(obj)}
+  end
+  alias apply_markers applyMarkers
+
+  # This method is used to obtain the descriptive name for the Burp tool
+  # identified by the tool flag provided.
+  #
+  # @param [Fixnum] toolFlag A flag identifying a Burp tool (+TOOL_PROXY+, +TOOL_SCANNER+, etc.). Tool flags are defined within this interface.
+  # @return [String] The descriptive name for the specified tool.
+  #
+  def getToolName(toolFlag)
+    _check_and_callback(:getToolName, toolFlag)
+  end
+  alias get_tool_name getToolName
+
+  # This method is used to register a new Scanner issue.
+  # @note Wherever possible, extensions should implement custom Scanner checks
+  #   using +IScannerCheck+ and report issues via those checks, so as to
+  #   integrate with Burp's user-driven workflow, and ensure proper
+  #   consolidation of duplicate reported issues. This method is only designed
+  #   for tasks outside of the normal testing workflow, such as importing
+  #   results from other scanning tools.
+  #
+  # @param [IScanIssue] issue An issue to be added to the scan results.
+  #
+  def addScanIssue(issue)
+    _check_and_callback(:addScanIssue, issue)
+  end
+  alias add_scan_issue addScanIssue
 
   ### Event Handlers ###
+  # @todo move basic event handler logic to extender side
 
   # This method is called by the BurpExtender java implementation upon 
   # initialization of the BurpExtender instance for Burp. The args parameter
@@ -446,11 +1060,24 @@ class Buby
   # so that implementations can access and extend its public interfaces.
   #
   # The return value is ignored.
+  # @deprecated
   def evt_extender_init ext
     @burp_extender = ext
     pp([:got_extender, ext]) if $DEBUG
   end
 
+  # This method is called by the BurpExtender implementations upon
+  # initialization of the BurpExtender instance for Burp. The args parameter
+  # is passed with a instance of the newly initialized BurpExtender instance
+  # so that implementations can access and extend its public interfaces.
+  #
+  # @param [IBurpExtender] ext
+  # @return [void]
+  def extender_initialize ext
+    @burp_extender = ext
+    pp([:got_extender, ext]) if $DEBUG
+  end
+
   # This method is called by the BurpExtender implementation Burp startup.
   # The args parameter contains main()'s argv command-line arguments array. 
   #
@@ -458,30 +1085,74 @@ class Buby
   # implementation of BurpExtender.
   #
   # The return value is ignored.
+  # @deprecated - nothing calls this anymore
   def evt_command_line_args args
     pp([:got_args, args]) if $DEBUG
   end
 
-  # This method is called by BurpExtender on startup to register Burp's 
+  # This method is called by BurpExtender on startup to register Burp's
   # IBurpExtenderCallbacks interface object.
   #
-  # This maps to the 'registerExtenderCallbacks' method in the Java 
+  # This maps to the 'registerExtenderCallbacks' method in the Java
   # implementation of BurpExtender.
   #
   # The return value is ignored.
-  def evt_register_callbacks cb
+  # @deprecated
+  # @param cb [IBurpExtenderCallbacks] callbacks presented by burp
+  # @param alert [Boolean]
+  # @return [IBurpExtenderCallbacks] cb
+  def evt_register_callbacks cb, alert = true
+    cb.issueAlert("[JRuby::#{self.class}] registered callback") if alert
+    pp([:got_evt_register_callbacks, cb]) if $DEBUG
     @burp_callbacks = cb
-    cb.issueAlert("[JRuby::#{self.class}] registered callback")
-    pp([:got_callbacks, cb]) if $DEBUG
   end
 
-  ACTION_FOLLOW_RULES              = BurpExtender::ACTION_FOLLOW_RULES
-  ACTION_DO_INTERCEPT              = BurpExtender::ACTION_DO_INTERCEPT
-  ACTION_DONT_INTERCEPT            = BurpExtender::ACTION_DONT_INTERCEPT
-  ACTION_DROP                      = BurpExtender::ACTION_DROP
-  ACTION_FOLLOW_RULES_AND_REHOOK   = BurpExtender::ACTION_FOLLOW_RULES_AND_REHOOK
-  ACTION_DO_INTERCEPT_AND_REHOOK   = BurpExtender::ACTION_DO_INTERCEPT_AND_REHOOK
-  ACTION_DONT_INTERCEPT_AND_REHOOK = BurpExtender::ACTION_DONT_INTERCEPT_AND_REHOOK
+  # This method is called by BurpExtender on startup to register Burp's
+  # IBurpExtenderCallbacks interface object.
+  #
+  # This maps to the 'registerExtenderCallbacks' method in the Java
+  # implementation of BurpExtender.
+  #
+  # @param callbacks [IBurpExtenderCallbacks] callbacks presented by burp
+  # @param alert [Boolean]
+  # @return [IBurpExtenderCallbacks] cb
+  def register_callbacks callbacks, alert = true
+    callbacks.issueAlert("[JRuby::#{self.class}] registered callback") if alert
+    pp([:got_register_callbacks, callbacks]) if $DEBUG
+    evt_register_callbacks(callbacks, false) if respond_to? :evt_register_callbacks
+    @burp_callbacks = callbacks
+  end
+
+
+  ACTION_FOLLOW_RULES              = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES
+  ACTION_DO_INTERCEPT              = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT
+  ACTION_DONT_INTERCEPT            = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT
+  ACTION_DROP                      = Java::Burp::IInterceptedProxyMessage::ACTION_DROP
+  ACTION_FOLLOW_RULES_AND_REHOOK   = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES_AND_REHOOK
+  ACTION_DO_INTERCEPT_AND_REHOOK   = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT_AND_REHOOK
+  ACTION_DONT_INTERCEPT_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT_AND_REHOOK
+  # Flag used to identify Burp Suite as a whole.
+  TOOL_SUITE                       = Java::Burp::IBurpExtenderCallbacks::TOOL_SUITE
+  # Flag used to identify the Burp Target tool.
+  TOOL_TARGET                      = Java::Burp::IBurpExtenderCallbacks::TOOL_TARGET
+  # Flag used to identify the Burp Proxy tool.
+  TOOL_PROXY                       = Java::Burp::IBurpExtenderCallbacks::TOOL_PROXY
+  # Flag used to identify the Burp Spider tool.
+  TOOL_SPIDER                      = Java::Burp::IBurpExtenderCallbacks::TOOL_SPIDER
+  # Flag used to identify the Burp Scanner tool.
+  TOOL_SCANNER                     = Java::Burp::IBurpExtenderCallbacks::TOOL_SCANNER
+  # Flag used to identify the Burp Intruder tool.
+  TOOL_INTRUDER                    = Java::Burp::IBurpExtenderCallbacks::TOOL_INTRUDER
+  # Flag used to identify the Burp Repeater tool.
+  TOOL_REPEATER                    = Java::Burp::IBurpExtenderCallbacks::TOOL_REPEATER
+  # Flag used to identify the Burp Sequencer tool.
+  TOOL_SEQUENCER                   = Java::Burp::IBurpExtenderCallbacks::TOOL_SEQUENCER
+  # Flag used to identify the Burp Decoder tool.
+  TOOL_DECODER                     = Java::Burp::IBurpExtenderCallbacks::TOOL_DECODER
+  # Flag used to identify the Burp Comparer tool.
+  TOOL_COMPARER                    = Java::Burp::IBurpExtenderCallbacks::TOOL_COMPARER
+  # Flag used to identify the Burp Extender tool.
+  TOOL_EXTENDER                    = Java::Burp::IBurpExtenderCallbacks::TOOL_EXTENDER
 
   # Seems we need to specifically render our 'message' to a string here in
   # ruby. Otherwise there's flakiness when converting certain binary non-ascii
@@ -622,6 +1293,8 @@ class Buby
   #   message[0..4] = "HEAD "
   #   return message.dup
   #
+  # @deprecated Legacy - Use {Buby#process_proxy_message} or
+  #   {Buby::ProxyListener}
   def evt_proxy_message msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action
     pp([ (is_req)? :got_proxy_request : :got_proxy_response,
          [:msg_ref, msg_ref], 
@@ -640,6 +1313,21 @@ class Buby
     return message
   end
 
+  # This method is invoked when an HTTP message is being processed by the Proxy.
+  #
+  # @param [Boolean] messageIsRequest Indicates whether the HTTP message is a
+  #   request or a response.
+  # @param [IInterceptedProxyMessage] message An +IInterceptedProxyMessage+
+  #   object that extensions can use to query and update details of the
+  #   message, and control whether the message should be intercepted and
+  #   displayed to the user for manual review or modification.
+  # @return [void]
+  #
+  # @see Buby::ProxyListener
+  def process_proxy_message(messageIsRequest, message)
+    pp [:got_processProxyMessage] if $debug
+    Buby::Implants::InterceptedProxyMessage.implant message
+  end
 
   # This method is invoked whenever any of Burp's tools makes an HTTP request 
   # or receives a response. This is effectively a generalised version of the 
@@ -667,9 +1355,33 @@ class Buby
   # * message_info = an instance of the IHttpRequestResponse Java class with
   #   methods for accessing and manipulating various attributes of the message.
   #
+  # @todo Bring IHttpRequestResponse helper up to date
+  # @note Changed in Burp 1.5.01+
+  # @deprecated This is the called by the legacy interface, use
+  #   {#process_http_message} instead
   def evt_http_message(tool_name, is_request, message_info)
     HttpRequestResponseHelper.implant(message_info)
-    pp([:got_http_message, tool_name, is_request, message_info]) if $DEBUG
+    pp([:got_evt_http_message, tool_name, is_request, message_info]) if $DEBUG
+  end
+
+
+  # This method is invoked when an HTTP request is about to be issued, and
+  # when an HTTP response has been received.
+  #
+  # @param [Fixnum] toolFlag A flag indicating the Burp tool that issued the
+  #   request. Burp tool flags are defined in the +IBurpExtenderCallbacks+
+  #   interface.
+  # @param [Boolean] messageIsRequest Flags whether the method is being invoked
+  #   for a request or response.
+  # @param [IHttpRequestResponse] messageInfo Details of the request / response
+  #   to be processed. Extensions can call the setter methods on this object to
+  #   update the current message and so modify Burp's behavior.
+  # @return [void]
+  # @note This is the 1.5.01+ version of this callback
+  #
+  def process_http_message(toolFlag, messageIsRequest, messageInfo)
+    HttpRequestResponseHelper.implant(messageInfo)
+    pp([:got_process_http_message, toolFlag, messageIsRequest, messageInfo]) if $DEBUG
   end
 
   # This method is invoked whenever Burp Scanner discovers a new, unique 
@@ -684,18 +1396,70 @@ class Buby
   # Parameters:
   # * issue = an instance of the IScanIssue Java class with methods for viewing
   #   information on the scan issue that was generated.
+  # @todo move implant to new way...
+  # @deprecated
   def evt_scan_issue(issue)
     ScanIssueHelper.implant(issue)
     pp([:got_scan_issue, issue]) if $DEBUG
   end
 
+
+  # This method is invoked when a new issue is added to Burp Scanner's
+  # results.
+  #
+  # @param [IScanIssue] issue An +IScanIssue+ object that the extension can
+  #   query to obtain details about the new issue.
+  #
+  # @return [void]
+  #
+  # @abstract
+  # @note This maps to the newScanIssue callback in IScannerListener implemented
+  #   by the BurpExtender side.
+  def new_scan_issue(issue)
+    pp [:got_newScanIssue, issue] if $DEBUG
+    ScanIssueHelper.implant issue
+  end
+
   # This method is called by BurpExtender right before closing the
   # application. Implementations can use this method to perform cleanup
   # tasks such as closing files or databases before exit.
+  # @deprecated
   def evt_application_closing 
     pp([:got_app_close]) if $DEBUG
   end
 
+  # This method is called by BurpExtender right before closing the
+  # application. Implementations can use this method to perform cleanup
+  # tasks such as closing files or databases before exit.
+  def application_closing 
+    pp([:got_app_close]) if $DEBUG
+  end
+
+  # This method is called by BurpExtender right before unloading the
+  # extension. Implementations can use this method to perform cleanup
+  # tasks such as closing files or databases before exit.
+  def extension_unloaded
+    pp([:got_extension_unloaded]) if $DEBUG
+  end
+
+  # This method is used to unload the extension from Burp Suite.
+  #
+  def unloadExtension
+    _check_and_callback(:unloadExtension)
+  end
+  alias unload_extension unloadExtension
+
+  # This method returns the command line arguments that were passed to Burp
+  # on startup.
+  #
+  # @return [Array<String>] The command line arguments that were passed to Burp on startup.
+  #
+  def getCommandLineArguments
+    _check_and_callback(:getCommandLineArguments)
+  end
+  alias get_command_line_arguments getCommandLineArguments
+  alias command_line_arguments getCommandLineArguments
+
   ### Sugar/Convenience methods
 
   # This is a convenience wrapper which can load a given burp state file and 
@@ -783,10 +1547,10 @@ class Buby
   def harvest_cookies_from_history(cookie=nil, urlrx=nil, statefile=nil)
     ret = []
     search_proxy_history(statefile, urlrx) do |hrr|
-      if heads=hrr.rsp_headers
-        ret += heads.select do |h| 
-          h[0].downcase == 'set-cookie' and (not block_given? or yield(h[1]))
-        end.map{|h| h[1]}
+      if (resp = hrr.response)
+        ret += helpers.analyzeResponse(resp).getCookies.select do |c| 
+          (cookie.nil? or c.match(cookie)) && (not block_given? or yield(c))
+        end
       end
     end
     return ret
@@ -796,23 +1560,38 @@ class Buby
 
   # Prepares the java BurpExtender implementation with a reference
   # to self as the module handler and launches burp suite.
-  def start_burp(args=[])
-    activate!()
-    Java::Burp::StartBurp.main(args.to_java(:string))
+  # @param extender Buby exender interface
+  def start(extender = nil, args = [])
+    # so we don't get error when this file is loaded
+    extender ||= legacy_mode? ? Java.burp.BurpExtender : Object.const_get(:BurpExtender)
+    activate!(extender)
+    Java.burp.StartBurp.main(args.to_java(:string)) if legacy_mode?
     return self
   end
 
-  # Starts burp using a supplied handler class, 
-  #  h_class = Buby or a derived class. instance of which will become handler.
-  #  args = arguments to Burp
-  #  init_args = arguments to the handler constructor
+  # @deprecated Use Buby#start instead
+  alias start_burp start
+
+  # Starts burp using a supplied handler class
+  #
+  # @param extender Buby BurpExtender to use for callbacks
+  # @param [Class] h_class Buby or a derived class. instance of which will
+  #   become handler.
+  # @param [Array<String>] args arguments to Burp
+  # @param init_args arguments to the handler constructor
   #
-  #  Returns the handler instance
-  def self.start_burp(h_class=nil, init_args=nil, args=nil)
+  #  @return Buby handler instance
+  def self.start(extender = nil, h_class=nil, init_args=nil, args=nil)
     h_class ||= self
     init_args ||= []
     args ||= []
-    h_class.new(*init_args).start_burp(args)
+    h_class.new(*init_args).start_burp(extender, args)
+  end
+
+  # @see Buby.start
+  # @deprecated Use Buby.start instead
+  def self.start_burp(extender = nil, h_class = nil, init_args = nil, args = nil)
+    self.start(extender, h_class, init_args, args)
   end
 
   # Attempts to load burp with require and confirm it provides the required 
@@ -830,19 +1609,36 @@ class Buby
   # Checks the Java namespace to see if Burp has been loaded.
   def self.burp_loaded?
     @burp_loaded ||= begin
-      java_import 'burp.StartBurp'
+      Java.burp.StartBurp
       true
     rescue NameError
       false
     end
   end
 
+  # determines if we're running in legacy mode
+  # @return [Class, nil]
+  def self.legacy_mode?
+    @legacy ||= begin
+      Java.burp.BurpExtender
+    rescue NameError
+      false
+    end
+    @legacy
+  end
+
+  def legacy_mode?
+    self.class.legacy_mode?
+  end
+
   ### Extra cruft added by Mr Bones:
 
   # Returns the library path for the module. If any arguments are given,
   # they will be joined to the end of the libray path using
   # <tt>File.join</tt>.
   #
+  # @deprecated
+  # @api private
   def self.libpath( *args )
     args.empty? ? LIBPATH : ::File.join(LIBPATH, args.flatten)
   end
@@ -851,6 +1647,8 @@ class Buby
   # they will be joined to the end of the path using
   # <tt>File.join</tt>.
   #
+  # @deprecated
+  # @api private
   def self.path( *args )
     args.empty? ? PATH : ::File.join(PATH, args.flatten)
   end
@@ -860,6 +1658,8 @@ class Buby
   # in. Optionally, a specific _directory_ name can be passed in such that
   # the _filename_ does not have to be equivalent to the directory.
   #
+  # @deprecated
+  # @api private
   def self.require_all_libs_relative_to( fname, dir = nil )
     dir ||= ::File.basename(fname, '.*')
     search_me = ::File.expand_path(
@@ -869,12 +1669,3 @@ class Buby
   end
 
 end # Buby
-
-
-# Try requiring 'burp.jar' from the Ruby lib-path
-unless Buby.burp_loaded?
-  begin require "burp.jar" 
-  rescue LoadError 
-  end
-end
-