buby 1.5.0.pre1-java → 1.5.0.pre2-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION.yml +1 -1
- data/buby.gemspec +3 -3
- data/ext/buby/burp/BurpExtender.java +38 -19
- data/lib/buby.jar +0 -0
- data/lib/buby.rb +53 -10
- data/lib/buby/cookie.rb +2 -0
- data/lib/buby/http_listener.rb +2 -0
- data/lib/buby/implants/context_menu_invocation.rb +1 -1
- data/lib/buby/implants/intercepted_proxy_message.rb +9 -1
- data/lib/buby/implants/intruder_attack.rb +1 -1
- data/lib/buby/implants/message_editor.rb +1 -1
- data/lib/buby/implants/message_editor_controller.rb +1 -1
- data/lib/buby/implants/parameter.rb +1 -1
- data/lib/buby/implants/request_info.rb +1 -1
- data/lib/buby/implants/response_info.rb +1 -1
- data/lib/buby/implants/scan_queue_item.rb +1 -1
- data/lib/buby/implants/scanner_insertion_point.rb +1 -1
- data/lib/buby/implants/temp_file.rb +1 -1
- data/lib/buby/implants/text_editor.rb +12 -1
- data/lib/buby/message_editor_tab_factory.rb +2 -0
- data/lib/buby/scan_issue.rb +5 -3
- data/lib/buby/scanner_check.rb +2 -1
- data/lib/buby/scanner_insertion_point_provider.rb +1 -0
- data/lib/buby/version.rb +2 -2
- data/lib/burp_interfaces.jar +0 -0
- metadata +26 -24
data/VERSION.yml
CHANGED
data/buby.gemspec
CHANGED
@@ -5,12 +5,12 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "buby"
|
8
|
-
s.version = "1.5.0.
|
8
|
+
s.version = "1.5.0.pre2"
|
9
9
|
s.platform = "java"
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
|
12
12
|
s.authors = ["Eric Monti, tduehr"]
|
13
|
-
s.date = "2013-02-
|
13
|
+
s.date = "2013-02-19"
|
14
14
|
s.description = "Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface."
|
15
15
|
s.email = "td@matasano.com"
|
16
16
|
s.executables = ["buby"]
|
@@ -122,7 +122,7 @@ Gem::Specification.new do |s|
|
|
122
122
|
s.homepage = "http://tduehr.github.com/buby"
|
123
123
|
s.rdoc_options = ["--main", "README.rdoc"]
|
124
124
|
s.require_paths = ["lib"]
|
125
|
-
s.rubygems_version = "1.8.
|
125
|
+
s.rubygems_version = "1.8.25"
|
126
126
|
s.summary = "Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger"
|
127
127
|
s.test_files = ["test/buby_test.rb"]
|
128
128
|
|
@@ -5,7 +5,8 @@ import burp.*;
|
|
5
5
|
import org.jruby.*;
|
6
6
|
import org.jruby.javasupport.JavaUtil;
|
7
7
|
import org.jruby.runtime.ThreadContext;
|
8
|
-
import org.jruby.runtime.builtin.IRubyObject;
|
8
|
+
import org.jruby.runtime.builtin.IRubyObject;
|
9
|
+
import org.jruby.RubyBoolean;
|
9
10
|
|
10
11
|
/**
|
11
12
|
* This is an implementation of the BurpExtender/IBurpExtender interface
|
@@ -15,17 +16,23 @@ import org.jruby.runtime.builtin.IRubyObject;
|
|
15
16
|
* as of Burp Suite 1.4
|
16
17
|
*/
|
17
18
|
public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHttpListener, IProxyListener, IScannerListener {
|
18
|
-
|
19
|
-
|
20
|
-
public final static String
|
19
|
+
|
20
|
+
// Legacy callbacks
|
21
|
+
public final static String L_CLOSE_METH = "evt_application_closing";
|
22
|
+
public final static String L_HTTPMSG_METH = "evt_http_message";
|
23
|
+
public final static String L_INIT_METH = "evt_extender_init";
|
24
|
+
public final static String L_MAINARGS_METH = "evt_commandline_args";
|
25
|
+
public final static String L_PROXYMSG_METH = "evt_proxy_message_raw";
|
26
|
+
public final static String L_SCANISSUE_METH = "evt_scan_issue";
|
27
|
+
public final static String L_REG_METH = "evt_register_callbacks";
|
28
|
+
|
29
|
+
// new callbacks
|
30
|
+
public final static String INIT_METH = "extender_initialize";
|
21
31
|
public final static String PROXYMSG_METH = "process_proxy_message";
|
22
32
|
public final static String HTTPMSG_METH = "process_http_messge";
|
23
|
-
public final static String L_SCANISSUE_METH = "evt_scan_issue";
|
24
33
|
public final static String SCANISSUE_METH = "new_scan_issue";
|
25
|
-
public final static String
|
26
|
-
public final static String
|
27
|
-
public final static String CLOSE_METH = "evt_application_closing";
|
28
|
-
public final static String UNLOAD_METH = "evt_extension_unloaded";
|
34
|
+
public final static String REG_METH = "register_callbacks";
|
35
|
+
public final static String UNLOAD_METH = "extension_unloaded";
|
29
36
|
|
30
37
|
// Flag used to identify Burp Suite as a whole.
|
31
38
|
public static final int TOOL_SUITE = 0x00000001;
|
@@ -83,6 +90,8 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
|
|
83
90
|
public BurpExtender() {
|
84
91
|
if (r_obj !=null && r_obj.respondsTo(INIT_METH))
|
85
92
|
r_obj.callMethod(ctx(r_obj), INIT_METH, to_ruby(rt(r_obj), this));
|
93
|
+
if (r_obj !=null && r_obj.respondsTo(L_INIT_METH))
|
94
|
+
r_obj.callMethod(ctx(r_obj), L_INIT_METH, to_ruby(rt(r_obj), this));
|
86
95
|
}
|
87
96
|
|
88
97
|
|
@@ -92,7 +101,7 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
|
|
92
101
|
* startup.
|
93
102
|
*
|
94
103
|
* This implementation invokes the method defined by
|
95
|
-
* <code>
|
104
|
+
* <code>L_MAINARGS_METH</code> in the Ruby handler if both the handler
|
96
105
|
* and its ruby method are defined.
|
97
106
|
*
|
98
107
|
* It allows Ruby implementations to control aspects of their behaviour at
|
@@ -105,8 +114,8 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
|
|
105
114
|
* @param args The command-line arguments passed to Burp Suite on startup.
|
106
115
|
*/
|
107
116
|
public void setCommandLineArgs(String[] args) {
|
108
|
-
if(r_obj != null && r_obj.respondsTo(
|
109
|
-
r_obj.callMethod(ctx(r_obj),
|
117
|
+
if(r_obj != null && r_obj.respondsTo(L_MAINARGS_METH))
|
118
|
+
r_obj.callMethod(ctx(r_obj), L_MAINARGS_METH, to_ruby(rt(r_obj), args));
|
110
119
|
}
|
111
120
|
|
112
121
|
/**
|
@@ -125,14 +134,24 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
|
|
125
134
|
* <code>IBurpExtenderCallbacks</code> interface.
|
126
135
|
*/
|
127
136
|
public void registerExtenderCallbacks(IBurpExtenderCallbacks cb) {
|
128
|
-
if(r_obj != null
|
129
|
-
|
137
|
+
if(r_obj != null) {
|
138
|
+
// TODO should look for Buby class instead
|
130
139
|
cb.setExtensionName("Buby v" + r_obj.getType().defineOrGetModuleUnder("Version").getConstant("STRING"));
|
140
|
+
cb.issueAlert("[BurpExtender] registering JRuby handler callbacks");
|
131
141
|
cb.registerExtensionStateListener(this);
|
132
142
|
cb.registerHttpListener(this);
|
133
143
|
cb.registerScannerListener(this);
|
134
|
-
|
135
|
-
r_obj.
|
144
|
+
boolean respondsLegacyRegister = r_obj.respondsTo(L_REG_METH);
|
145
|
+
boolean respondsRegister = r_obj.respondsTo(REG_METH);
|
146
|
+
|
147
|
+
IRubyObject args[] = {to_ruby(rt(r_obj), cb), RubyBoolean.newBoolean(rt(r_obj), false)};
|
148
|
+
if(respondsLegacyRegister && respondsRegister){
|
149
|
+
r_obj.callMethod(ctx(r_obj), REG_METH, args[0]);
|
150
|
+
r_obj.callMethod(ctx(r_obj), L_REG_METH, args);
|
151
|
+
} else if(respondsRegister){
|
152
|
+
r_obj.callMethod(ctx(r_obj), REG_METH, args[0]);
|
153
|
+
} else if(respondsLegacyRegister)
|
154
|
+
r_obj.callMethod(ctx(r_obj), L_REG_METH, args[0]);
|
136
155
|
}
|
137
156
|
}
|
138
157
|
|
@@ -327,15 +346,15 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
|
|
327
346
|
/**
|
328
347
|
* This method is invoked immediately before Burp Suite exits.
|
329
348
|
* This implementation simply invokes the Ruby handler's method defined
|
330
|
-
* by <code>
|
349
|
+
* by <code>L_CLOSE_METH</code> if both the handler and its ruby method are
|
331
350
|
* defined.
|
332
351
|
*
|
333
352
|
* This allows implementations to carry out any clean-up actions necessary
|
334
353
|
* (e.g. flushing log files or closing database resources, etc.).
|
335
354
|
*/
|
336
355
|
public void applicationClosing() {
|
337
|
-
if (r_obj != null && r_obj.respondsTo(
|
338
|
-
r_obj.callMethod(ctx(r_obj),
|
356
|
+
if (r_obj != null && r_obj.respondsTo(L_CLOSE_METH))
|
357
|
+
r_obj.callMethod(ctx(r_obj), L_CLOSE_METH);
|
339
358
|
}
|
340
359
|
|
341
360
|
// Private method to return the ThreadContext for a given ruby object.
|
data/lib/buby.jar
CHANGED
Binary file
|
data/lib/buby.rb
CHANGED
@@ -134,7 +134,7 @@ class Buby
|
|
134
134
|
# Java runtime. (there can be only one!)
|
135
135
|
# @param extender Buby's BurpExtender interface
|
136
136
|
def activate!(extender)
|
137
|
-
extender.
|
137
|
+
extender.handler = self
|
138
138
|
end
|
139
139
|
|
140
140
|
# Returns the internal reference to the BurpExtender instance. This
|
@@ -999,7 +999,7 @@ class Buby
|
|
999
999
|
alias add_scan_issue addScanIssue
|
1000
1000
|
|
1001
1001
|
### Event Handlers ###
|
1002
|
-
# @todo move event handler
|
1002
|
+
# @todo move basic event handler logic to extender side
|
1003
1003
|
|
1004
1004
|
# This method is called by the BurpExtender java implementation upon
|
1005
1005
|
# initialization of the BurpExtender instance for Burp. The args parameter
|
@@ -1007,11 +1007,24 @@ class Buby
|
|
1007
1007
|
# so that implementations can access and extend its public interfaces.
|
1008
1008
|
#
|
1009
1009
|
# The return value is ignored.
|
1010
|
+
# @deprecated
|
1010
1011
|
def evt_extender_init ext
|
1011
1012
|
@burp_extender = ext
|
1012
1013
|
pp([:got_extender, ext]) if $DEBUG
|
1013
1014
|
end
|
1014
1015
|
|
1016
|
+
# This method is called by the BurpExtender implementations upon
|
1017
|
+
# initialization of the BurpExtender instance for Burp. The args parameter
|
1018
|
+
# is passed with a instance of the newly initialized BurpExtender instance
|
1019
|
+
# so that implementations can access and extend its public interfaces.
|
1020
|
+
#
|
1021
|
+
# @param [IBurpExtender] ext
|
1022
|
+
# @return [void]
|
1023
|
+
def extender_initialize ext
|
1024
|
+
@burp_extender = ext
|
1025
|
+
pp([:got_extender, ext]) if $DEBUG
|
1026
|
+
end
|
1027
|
+
|
1015
1028
|
# This method is called by the BurpExtender implementation Burp startup.
|
1016
1029
|
# The args parameter contains main()'s argv command-line arguments array.
|
1017
1030
|
#
|
@@ -1024,19 +1037,40 @@ class Buby
|
|
1024
1037
|
pp([:got_args, args]) if $DEBUG
|
1025
1038
|
end
|
1026
1039
|
|
1027
|
-
# This method is called by BurpExtender on startup to register Burp's
|
1040
|
+
# This method is called by BurpExtender on startup to register Burp's
|
1028
1041
|
# IBurpExtenderCallbacks interface object.
|
1029
1042
|
#
|
1030
|
-
# This maps to the 'registerExtenderCallbacks' method in the Java
|
1043
|
+
# This maps to the 'registerExtenderCallbacks' method in the Java
|
1031
1044
|
# implementation of BurpExtender.
|
1032
1045
|
#
|
1033
1046
|
# The return value is ignored.
|
1034
|
-
|
1047
|
+
# @deprecated
|
1048
|
+
# @param cb [IBurpExtenderCallbacks] callbacks presented by burp
|
1049
|
+
# @param alert [Boolean]
|
1050
|
+
# @return [IBurpExtenderCallbacks] cb
|
1051
|
+
def evt_register_callbacks cb, alert = true
|
1052
|
+
cb.issueAlert("[JRuby::#{self.class}] registered callback") if alert
|
1053
|
+
pp([:got_evt_register_callbacks, cb]) if $DEBUG
|
1035
1054
|
@burp_callbacks = cb
|
1036
|
-
cb.issueAlert("[JRuby::#{self.class}] registered callback")
|
1037
|
-
pp([:got_callbacks, cb]) if $DEBUG
|
1038
1055
|
end
|
1039
1056
|
|
1057
|
+
# This method is called by BurpExtender on startup to register Burp's
|
1058
|
+
# IBurpExtenderCallbacks interface object.
|
1059
|
+
#
|
1060
|
+
# This maps to the 'registerExtenderCallbacks' method in the Java
|
1061
|
+
# implementation of BurpExtender.
|
1062
|
+
#
|
1063
|
+
# @param cb [IBurpExtenderCallbacks] callbacks presented by burp
|
1064
|
+
# @param alert [Boolean]
|
1065
|
+
# @return [IBurpExtenderCallbacks] cb
|
1066
|
+
def register_callbacks callbacks, alert = true
|
1067
|
+
callbacks.issueAlert("[JRuby::#{self.class}] registered callback") if alert
|
1068
|
+
pp([:got_register_callbacks, callbacks]) if $DEBUG
|
1069
|
+
evt_register_callbacks(callbacks, false) if respond_to? :evt_register_callbacks
|
1070
|
+
@burp_callbacks = callbacks
|
1071
|
+
end
|
1072
|
+
|
1073
|
+
|
1040
1074
|
ACTION_FOLLOW_RULES = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES
|
1041
1075
|
ACTION_DO_INTERCEPT = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT
|
1042
1076
|
ACTION_DONT_INTERCEPT = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT
|
@@ -1310,6 +1344,7 @@ class Buby
|
|
1310
1344
|
# * issue = an instance of the IScanIssue Java class with methods for viewing
|
1311
1345
|
# information on the scan issue that was generated.
|
1312
1346
|
# @todo move implant to new way...
|
1347
|
+
# @deprecated
|
1313
1348
|
def evt_scan_issue(issue)
|
1314
1349
|
ScanIssueHelper.implant(issue)
|
1315
1350
|
pp([:got_scan_issue, issue]) if $DEBUG
|
@@ -1326,7 +1361,7 @@ class Buby
|
|
1326
1361
|
#
|
1327
1362
|
# @abstract
|
1328
1363
|
# @note This maps to the newScanIssue callback in IScannerListener implemented
|
1329
|
-
# by the
|
1364
|
+
# by the BurpExtender side.
|
1330
1365
|
def new_scan_issue(issue)
|
1331
1366
|
pp [:got_newScanIssue, issue] if $DEBUG
|
1332
1367
|
ScanIssueHelper.implant issue
|
@@ -1335,15 +1370,23 @@ class Buby
|
|
1335
1370
|
# This method is called by BurpExtender right before closing the
|
1336
1371
|
# application. Implementations can use this method to perform cleanup
|
1337
1372
|
# tasks such as closing files or databases before exit.
|
1373
|
+
# @deprecated
|
1338
1374
|
def evt_application_closing
|
1339
1375
|
pp([:got_app_close]) if $DEBUG
|
1340
1376
|
end
|
1341
1377
|
|
1378
|
+
# This method is called by BurpExtender right before closing the
|
1379
|
+
# application. Implementations can use this method to perform cleanup
|
1380
|
+
# tasks such as closing files or databases before exit.
|
1381
|
+
def application_closing
|
1382
|
+
pp([:got_app_close]) if $DEBUG
|
1383
|
+
end
|
1384
|
+
|
1342
1385
|
# This method is called by BurpExtender right before unloading the
|
1343
1386
|
# extension. Implementations can use this method to perform cleanup
|
1344
1387
|
# tasks such as closing files or databases before exit.
|
1345
|
-
def
|
1346
|
-
pp([:
|
1388
|
+
def extension_unloaded
|
1389
|
+
pp([:got_extension_unloaded]) if $DEBUG
|
1347
1390
|
end
|
1348
1391
|
|
1349
1392
|
### Sugar/Convenience methods
|
data/lib/buby/cookie.rb
CHANGED
data/lib/buby/http_listener.rb
CHANGED
@@ -61,7 +61,7 @@ class Buby
|
|
61
61
|
# @todo __persistent__?
|
62
62
|
def self.implant(invocation)
|
63
63
|
unless invocation.implanted? || invocation.nil?
|
64
|
-
pp [:implanting, invocation, invocation.class] if
|
64
|
+
pp [:implanting, invocation, invocation.class] if $DEBUG
|
65
65
|
invocation.class.class_exec(invocation) do |invocation|
|
66
66
|
a_methods = %w{
|
67
67
|
getSelectedMessages
|
@@ -6,6 +6,14 @@ class Buby
|
|
6
6
|
# receive details of proxy messages using this interface.
|
7
7
|
#
|
8
8
|
module InterceptedProxyMessage
|
9
|
+
FOLLOW_RULES = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES
|
10
|
+
DO_INTERCEPT = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT
|
11
|
+
DONT_INTERCEPT = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT
|
12
|
+
DROP = Java::Burp::IInterceptedProxyMessage::ACTION_DROP
|
13
|
+
FOLLOW_RULES_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_FOLLOW_RULES_AND_REHOOK
|
14
|
+
DO_INTERCEPT_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_DO_INTERCEPT_AND_REHOOK
|
15
|
+
DONT_INTERCEPT_AND_REHOOK = Java::Burp::IInterceptedProxyMessage::ACTION_DONT_INTERCEPT_AND_REHOOK
|
16
|
+
|
9
17
|
# This method retrieves details of the intercepted message.
|
10
18
|
#
|
11
19
|
# @return [IHttpRequestResponse] object containing details of the
|
@@ -22,7 +30,7 @@ class Buby
|
|
22
30
|
# @todo __persistent__?
|
23
31
|
def self.implant(message)
|
24
32
|
unless message.implanted? || message.nil?
|
25
|
-
pp [:implanting, message, message.class] if
|
33
|
+
pp [:implanting, message, message.class] if $DEBUG
|
26
34
|
message.class.class_exec(message) do |message|
|
27
35
|
a_methods = %w{
|
28
36
|
getMessageInfo
|
@@ -18,7 +18,7 @@ class Buby
|
|
18
18
|
# @todo __persistent__?
|
19
19
|
def self.implant(attack)
|
20
20
|
unless attack.implanted? || attack.nil?
|
21
|
-
pp [:implanting, attack, attack.class] if
|
21
|
+
pp [:implanting, attack, attack.class] if $DEBUG
|
22
22
|
attack.class.class_exec(attack) do |attack|
|
23
23
|
a_methods = %w{
|
24
24
|
getRequestTemplate
|
@@ -44,7 +44,7 @@ class Buby
|
|
44
44
|
# @todo __persistent__?
|
45
45
|
def self.implant(editor)
|
46
46
|
unless editor.implanted? || editor.nil?
|
47
|
-
pp [:implanting, editor, editor.class] if
|
47
|
+
pp [:implanting, editor, editor.class] if $DEBUG
|
48
48
|
editor.class.class_exec(editor) do |editor|
|
49
49
|
a_methods = %w{
|
50
50
|
setMessage
|
@@ -36,7 +36,7 @@ class Buby
|
|
36
36
|
# @todo __persistent__?
|
37
37
|
def self.implant(controller)
|
38
38
|
unless controller.implanted? || controller.nil?
|
39
|
-
pp [:implanting, controller, controller.class] if
|
39
|
+
pp [:implanting, controller, controller.class] if $DEBUG
|
40
40
|
controller.class.class_exec(controller) do |controller|
|
41
41
|
a_methods = %w{
|
42
42
|
getRequest
|
@@ -58,7 +58,7 @@ class Buby
|
|
58
58
|
# @todo __persistent__?
|
59
59
|
def self.implant(parameter)
|
60
60
|
unless parameter.implanted? || parameter.nil?
|
61
|
-
pp [:implanting, parameter, parameter.class] if
|
61
|
+
pp [:implanting, parameter, parameter.class] if $DEBUG
|
62
62
|
parameter.class.class_exec(parameter) do |parameter|
|
63
63
|
a_methods = %w{
|
64
64
|
getNameStart
|
@@ -23,7 +23,7 @@ class Buby
|
|
23
23
|
# @todo __persistent__?
|
24
24
|
def self.implant(info)
|
25
25
|
unless info.implanted? || info.nil?
|
26
|
-
pp [:implanting, info, info.class] if
|
26
|
+
pp [:implanting, info, info.class] if $DEBUG
|
27
27
|
info.class.class_exec(info) do |info|
|
28
28
|
a_methods = %w{
|
29
29
|
getParameters
|
@@ -21,7 +21,7 @@ class Buby
|
|
21
21
|
# @todo __persistent__?
|
22
22
|
def self.implant(info)
|
23
23
|
unless info.implanted? || info.nil?
|
24
|
-
pp [:implanting, info, info.class] if
|
24
|
+
pp [:implanting, info, info.class] if $DEBUG
|
25
25
|
info.class.class_exec(info) do |info|
|
26
26
|
a_methods = %w{
|
27
27
|
getCookies
|
@@ -29,7 +29,7 @@ class Buby
|
|
29
29
|
# @todo __persistent__?
|
30
30
|
def self.implant(item)
|
31
31
|
unless item.implanted? || item.nil?
|
32
|
-
pp [:implanting, item, item.class] if
|
32
|
+
pp [:implanting, item, item.class] if $DEBUG
|
33
33
|
item.class.class_exec(item) do |item|
|
34
34
|
a_methods = %w{
|
35
35
|
getIssues
|
@@ -68,7 +68,7 @@ class Buby
|
|
68
68
|
# @todo __persistent__?
|
69
69
|
def self.implant(point)
|
70
70
|
unless point.implanted? || point.nil?
|
71
|
-
pp [:implanting, point, point.class] if
|
71
|
+
pp [:implanting, point, point.class] if $DEBUG
|
72
72
|
point.class.class_exec(point) do |point|
|
73
73
|
a_methods = %w{
|
74
74
|
buildRequest
|
@@ -20,7 +20,7 @@ class Buby
|
|
20
20
|
# @todo __persistent__?
|
21
21
|
def self.implant(file)
|
22
22
|
unless file.implanted? || file.nil?
|
23
|
-
pp [:implanting, file, file.class] if
|
23
|
+
pp [:implanting, file, file.class] if $DEBUG
|
24
24
|
file.class.class_exec(file) do |file|
|
25
25
|
a_methods = %w{
|
26
26
|
getBuffer
|
@@ -5,6 +5,16 @@ class Buby
|
|
5
5
|
# call {Buby#createTextEditor} to obtain an instance of this interface.
|
6
6
|
#
|
7
7
|
module TextEditor
|
8
|
+
|
9
|
+
# This method is used to update the currently displayed text in the editor.
|
10
|
+
#
|
11
|
+
# @param txt [String] The text to be displayed.
|
12
|
+
# @return [void]
|
13
|
+
#
|
14
|
+
def setText(txt)
|
15
|
+
__setText(txt.to_java_bytes)
|
16
|
+
end
|
17
|
+
|
8
18
|
# This method is used to retrieve the currently displayed text.
|
9
19
|
#
|
10
20
|
# @return [String] The currently displayed text.
|
@@ -28,9 +38,10 @@ class Buby
|
|
28
38
|
# @todo __persistent__?
|
29
39
|
def self.implant(editor)
|
30
40
|
unless editor.implanted? || editor.nil?
|
31
|
-
pp [:implanting, editor, editor.class] if
|
41
|
+
pp [:implanting, editor, editor.class] if $DEBUG
|
32
42
|
editor.class.class_exec(editor) do |editor|
|
33
43
|
a_methods = %w{
|
44
|
+
setText
|
34
45
|
getText
|
35
46
|
getSelectedText
|
36
47
|
}
|
@@ -6,6 +6,8 @@ class Buby
|
|
6
6
|
#
|
7
7
|
# @abstract
|
8
8
|
class MessageEditorTabFactory
|
9
|
+
include Java::Burp::IMessageEditorTabFactory
|
10
|
+
|
9
11
|
# Burp will call this method once for each HTTP message editor, and the
|
10
12
|
# factory should provide a new instance of an +IMessageEditorTab+ object.
|
11
13
|
#
|
data/lib/buby/scan_issue.rb
CHANGED
@@ -8,12 +8,14 @@ class Buby
|
|
8
8
|
# their own implementations of this interface
|
9
9
|
#
|
10
10
|
class ScanIssue
|
11
|
+
include Java::Burp::IScanIssue
|
12
|
+
|
11
13
|
attr_accessor :uri, :name, :type, :severity, :confidence, :ibackground
|
12
14
|
attr_accessor :rbackground, :idetail, :rdetail, :messages, :service
|
13
15
|
|
14
16
|
# @param [Hash] hash
|
15
17
|
def initialize hash
|
16
|
-
@uri = hash[:uri].kind_of?
|
18
|
+
@uri = hash[:uri].kind_of?(URI) ? hash[:uri] : hash[:uri].to_s
|
17
19
|
@name = hash[:name]
|
18
20
|
@type = hash[:type]
|
19
21
|
@severity = hash[:severity]
|
@@ -28,9 +30,9 @@ class Buby
|
|
28
30
|
|
29
31
|
# This method returns the URL for which the issue was generated.
|
30
32
|
#
|
31
|
-
# @return [Java::
|
33
|
+
# @return [Java::JavaNet::URL] The URL for which the issue was generated.
|
32
34
|
#
|
33
|
-
def getUrl; Java::
|
35
|
+
def getUrl; Java::JavaNet::URL.new @uri.to_s; end
|
34
36
|
|
35
37
|
# This method returns the name of the issue type.
|
36
38
|
#
|
data/lib/buby/scanner_check.rb
CHANGED
@@ -8,6 +8,7 @@ class Buby
|
|
8
8
|
# @todo DSL methods
|
9
9
|
class ScannerCheck
|
10
10
|
include Java::Burp::IScannerCheck
|
11
|
+
|
11
12
|
REPORT_EXISTING = -1
|
12
13
|
REPORT_BOTH = 0
|
13
14
|
REPORT_NEW = 1
|
@@ -47,7 +48,7 @@ class Buby
|
|
47
48
|
# @param [IScannerInsertionPoint] insertionPoint An object that can be
|
48
49
|
# queried to obtain details of the insertion point being tested, and can
|
49
50
|
# be used to build scan requests for particular payloads.
|
50
|
-
# @return [IScanIssue
|
51
|
+
# @return [Array<IScanIssue>, nil] A list of +IScanIssue+ objects, or +nil+ if no
|
51
52
|
# issues are identified.
|
52
53
|
#
|
53
54
|
# @abstract subclass and call +super+
|
@@ -5,6 +5,7 @@ class Buby
|
|
5
5
|
# custom Scanner insertion points.
|
6
6
|
#
|
7
7
|
class ScannerInsertionPointProvider
|
8
|
+
include Java::Burp::IScannerInsertionPointProvider
|
8
9
|
|
9
10
|
# When a request is actively scanned, the Scanner will invoke this method,
|
10
11
|
# and the provider should provide a list of custom insertion points that
|
data/lib/buby/version.rb
CHANGED
data/lib/burp_interfaces.jar
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,33 +1,36 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: buby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.5.0.
|
4
|
+
version: 1.5.0.pre2
|
5
5
|
prerelease: 6
|
6
6
|
platform: java
|
7
7
|
authors:
|
8
8
|
- Eric Monti, tduehr
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-02-
|
12
|
+
date: 2013-02-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake-compiler
|
16
|
-
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
17
18
|
requirements:
|
18
|
-
- -
|
19
|
+
- - ~>
|
19
20
|
- !ruby/object:Gem::Version
|
20
21
|
version: 0.8.1
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
21
25
|
none: false
|
22
|
-
requirement: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
|
-
- -
|
27
|
+
- - ~>
|
25
28
|
- !ruby/object:Gem::Version
|
26
29
|
version: 0.8.1
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
30
|
+
description: Buby is a mashup of JRuby with the popular commercial web security testing
|
31
|
+
tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a
|
32
|
+
Java extension using the BurpExtender API. This extension aims to add Ruby scriptability
|
33
|
+
to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
|
31
34
|
email: td@matasano.com
|
32
35
|
executables:
|
33
36
|
- buby
|
@@ -137,31 +140,30 @@ files:
|
|
137
140
|
- test/buby_test.rb
|
138
141
|
homepage: http://tduehr.github.com/buby
|
139
142
|
licenses: []
|
140
|
-
post_install_message:
|
143
|
+
post_install_message:
|
141
144
|
rdoc_options:
|
142
|
-
-
|
145
|
+
- --main
|
143
146
|
- README.rdoc
|
144
147
|
require_paths:
|
145
148
|
- lib
|
146
149
|
required_ruby_version: !ruby/object:Gem::Requirement
|
150
|
+
none: false
|
147
151
|
requirements:
|
148
|
-
- -
|
152
|
+
- - ! '>='
|
149
153
|
- !ruby/object:Gem::Version
|
150
|
-
version:
|
151
|
-
MA==
|
152
|
-
none: false
|
154
|
+
version: '0'
|
153
155
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
156
|
+
none: false
|
154
157
|
requirements:
|
155
|
-
- - !
|
156
|
-
Pg==
|
158
|
+
- - ! '>'
|
157
159
|
- !ruby/object:Gem::Version
|
158
160
|
version: 1.3.1
|
159
|
-
none: false
|
160
161
|
requirements: []
|
161
|
-
rubyforge_project:
|
162
|
-
rubygems_version: 1.8.
|
163
|
-
signing_key:
|
162
|
+
rubyforge_project:
|
163
|
+
rubygems_version: 1.8.25
|
164
|
+
signing_key:
|
164
165
|
specification_version: 3
|
165
|
-
summary: Buby is a mashup of JRuby with the popular commercial web security testing
|
166
|
+
summary: Buby is a mashup of JRuby with the popular commercial web security testing
|
167
|
+
tool Burp Suite from PortSwigger
|
166
168
|
test_files:
|
167
169
|
- test/buby_test.rb
|