buby 1.5.0.pre2-java → 1.5.0.pre3-java

data/Rakefile

@@ -138,7 +138,7 @@ task :test_console, [:script] do |t,args|
 
   require 'irb'
 
-  require 'burpsuite_pro_v1.5.04.jar'
+  require File.basename Dir.glob('lib/burpsuite_pro_*.jar').last
   require 'burp_interfaces.jar'
   require 'buby.jar'
   require 'buby'

data/VERSION.yml

@@ -2,4 +2,4 @@
 :major: 1
 :minor: 5
 :patch: 0
-:build: pre2
+:build: pre3

data/buby.gemspec

@@ -5,12 +5,12 @@
 
 Gem::Specification.new do |s|
   s.name = "buby"
-  s.version = "1.5.0.pre2"
+  s.version = "1.5.0.pre3"
   s.platform = "java"
 
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["Eric Monti, tduehr"]
-  s.date = "2013-02-19"
+  s.date = "2013-03-14"
   s.description = "Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface."
   s.email = "td@matasano.com"
   s.executables = ["buby"]
@@ -64,10 +64,22 @@ Gem::Specification.new do |s|
     "ext/burp_interfaces/burp/ITab.java",
     "ext/burp_interfaces/burp/ITempFile.java",
     "ext/burp_interfaces/burp/ITextEditor.java",
-    "lib/buby.jar",
     "lib/buby.rb",
+    "lib/buby/burp_extender.rb",
+    "lib/buby/burp_extender/console_frame.rb",
+    "lib/buby/burp_extender/console_pane.rb",
+    "lib/buby/burp_extender/console_tab.rb",
+    "lib/buby/burp_extender/context_menu.rb",
+    "lib/buby/burp_extender/context_menu_factory.rb",
+    "lib/buby/burp_extender/context_menu_item.rb",
+    "lib/buby/burp_extender/jcheck_box_menu_item.rb",
+    "lib/buby/burp_extender/jmenu.rb",
+    "lib/buby/burp_extender/jmenu_item.rb",
+    "lib/buby/burp_extender/menu.rb",
+    "lib/buby/burp_extender/menu_item.rb",
     "lib/buby/context_menu_factory.rb",
     "lib/buby/cookie.rb",
+    "lib/buby/extender.rb",
     "lib/buby/http_listener.rb",
     "lib/buby/implants.rb",
     "lib/buby/implants/buby_array_wrapper.rb",
@@ -109,7 +121,6 @@ Gem::Specification.new do |s|
     "lib/buby/session_handling_action.rb",
     "lib/buby/tab.rb",
     "lib/buby/version.rb",
-    "lib/burp_interfaces.jar",
     "samples/drb_buby.rb",
     "samples/drb_sample_cli.rb",
     "samples/mechanize_burp.rb",

data/ext/buby/burp/BurpExtender.java

@@ -7,6 +7,8 @@ import org.jruby.javasupport.JavaUtil;
 import org.jruby.runtime.ThreadContext; 
 import org.jruby.runtime.builtin.IRubyObject;
 import org.jruby.RubyBoolean;
+import java.util.List;
+import javax.swing.JMenuItem;
 
 /**
  * This is an implementation of the BurpExtender/IBurpExtender interface
@@ -15,7 +17,7 @@ import org.jruby.RubyBoolean;
  * This is a complete implementation of the Burp Extender interfaces available
  * as of Burp Suite 1.4
  */
-public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHttpListener, IProxyListener, IScannerListener { 
+public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHttpListener, IProxyListener, IScannerListener, IContextMenuFactory, IScopeChangeListener { 
 
     // Legacy callbacks
     public final static String L_CLOSE_METH     = "evt_application_closing";
@@ -24,15 +26,20 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
     public final static String L_MAINARGS_METH  = "evt_commandline_args";
     public final static String L_PROXYMSG_METH  = "evt_proxy_message_raw";
     public final static String L_SCANISSUE_METH = "evt_scan_issue";
-    public final static String L_REG_METH =       "evt_register_callbacks";
-
-    // new callbacks
-    public final static String INIT_METH =      "extender_initialize";
-    public final static String PROXYMSG_METH =  "process_proxy_message";
-    public final static String HTTPMSG_METH =   "process_http_messge";
-    public final static String SCANISSUE_METH = "new_scan_issue";
-    public final static String REG_METH =       "register_callbacks";
-    public final static String UNLOAD_METH =    "extension_unloaded";
+    public final static String L_REG_METH       = "evt_register_callbacks";
+
+    // new style callbacks
+    public final static String INIT_METH        = "extender_initialize";
+    public final static String REG_METH         = "register_callbacks";
+    public final static String PROXYMSG_METH    = "process_proxy_message";
+    public final static String HTTPMSG_METH     = "process_http_messge";
+    public final static String SCANISSUE_METH   = "new_scan_issue";
+
+    // new callback methods
+    public final static String UNLOAD_METH      = "extension_unloaded";
+    public final static String MENUFAC_METH     = "create_menu_items";
+    public final static String SCOPE_METH       = "scope_changed";
+    
 
     // Flag used to identify Burp Suite as a whole.
     public static final int TOOL_SUITE = 0x00000001;
@@ -134,13 +141,14 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
      * <code>IBurpExtenderCallbacks</code> interface.
      */
     public void registerExtenderCallbacks(IBurpExtenderCallbacks cb) {
+      cb.setExtensionName("Buby");
+      cb.issueAlert("[BurpExtender] registering JRuby handler callbacks");
+      cb.registerExtensionStateListener(this);
+      cb.registerHttpListener(this);
+      cb.registerScannerListener(this);
+      cb.registerContextMenuFactory(this);
+      cb.registerScopeChangeListener(this);
       if(r_obj != null) {
-        // TODO should look for Buby class instead
-        cb.setExtensionName("Buby v" + r_obj.getType().defineOrGetModuleUnder("Version").getConstant("STRING"));
-        cb.issueAlert("[BurpExtender] registering JRuby handler callbacks");
-        cb.registerExtensionStateListener(this);
-        cb.registerHttpListener(this);
-        cb.registerScannerListener(this);
         boolean respondsLegacyRegister = r_obj.respondsTo(L_REG_METH);
         boolean respondsRegister = r_obj.respondsTo(REG_METH);
 
@@ -429,5 +437,36 @@ public class BurpExtender implements IBurpExtender, IExtensionStateListener, IHt
       if (r_obj != null && r_obj.respondsTo(UNLOAD_METH))
         r_obj.callMethod(ctx(r_obj), UNLOAD_METH);
     }
+
+    /**
+     * This method will be called by Burp when the user invokes a context menu
+     * anywhere within Burp. The factory can then provide any custom context
+     * menu items that should be displayed in the context menu, based on the
+     * details of the menu invocation.
+     *
+     * @param invocation An object that implements the
+     * <code>IMessageEditorTabFactory</code> interface, which the extension can
+     * query to obtain details of the context menu invocation.
+     * @return A list of custom menu items (which may include sub-menus,
+     * checkbox menu items, etc.) that should be displayed. Extensions may
+     * return
+     * <code>null</code> from this method, to indicate that no menu items are
+     * required.
+     */
+    public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
+      // IRubyObject ret = null;
+      if (r_obj != null && r_obj.respondsTo(MENUFAC_METH))
+        return (RubyArray)r_obj.callMethod(ctx(r_obj), MENUFAC_METH, to_ruby(rt(r_obj), invocation));
+      return null;
+    }
+
+    /**
+     * This method is invoked whenever a change occurs to Burp's suite-wide
+     * target scope.
+     */
+    public void scopeChanged() {
+      if (r_obj != null && r_obj.respondsTo(SCOPE_METH))
+        r_obj.callMethod(ctx(r_obj), SCOPE_METH);
+    }
 }
 

data/ext/burp_interfaces/burp/IBurpExtenderCallbacks.java

@@ -243,6 +243,11 @@ public interface IBurpExtenderCallbacks
      */
     void registerSessionHandlingAction(ISessionHandlingAction action);
 
+    /**
+     * This method is used to unload the extension from Burp Suite.
+     */
+    void unloadExtension();
+
     /**
      * This method is used to add a custom tab to the main Burp Suite window.
      *
@@ -274,23 +279,29 @@ public interface IBurpExtenderCallbacks
      *
      * @param controller An object created by the extension that implements the
      * <code>IMessageEditorController</code> interface. This parameter is
-     * optional and may be
-     * <code>null</code>. If it is provided, then the message editor will query
-     * the controller when required to obtain details about the currently
-     * displayed message, including the
+     * optional and may be <code>null</code>. If it is provided, then the
+     * message editor will query the controller when required to obtain details
+     * about the currently displayed message, including the
      * <code>IHttpService</code> for the message, and the associated request or
      * response message. If a controller is not provided, then the message
      * editor will not support context menu actions, such as sending requests to
      * other Burp tools.
      * @param editable Indicates whether the editor created should be editable,
      * or used only for message viewing.
-     * @return An object that implements the
-     * <code>IMessageEditor</code> interface, and which the extension can use in
-     * its own UI.
+     * @return An object that implements the <code>IMessageEditor</code>
+     * interface, and which the extension can use in its own UI.
      */
     IMessageEditor createMessageEditor(IMessageEditorController controller,
             boolean editable);
 
+    /**
+     * This method returns the command line arguments that were passed to Burp
+     * on startup.
+     *
+     * @return The command line arguments that were passed to Burp on startup.
+     */
+    String[] getCommandLineArguments();
+
     /**
      * This method is used to save configuration settings for the extension in a
      * persistent way that survives reloads of the extension and of Burp Suite.
@@ -298,9 +309,8 @@ public interface IBurpExtenderCallbacks
      * <code>loadExtensionSetting()</code>.
      *
      * @param name The name of the setting.
-     * @param value The value of the setting. If this value is
-     * <code>null</code> then any existing setting with the specified name will
-     * be removed.
+     * @param value The value of the setting. If this value is <code>null</code>
+     * then any existing setting with the specified name will be removed.
      */
     void saveExtensionSetting(String name, String value);
 
@@ -310,8 +320,8 @@ public interface IBurpExtenderCallbacks
      * <code>saveExtensionSetting()</code>.
      *
      * @param name The name of the setting.
-     * @return The value of the setting, or
-     * <code>null</code> if no value is set.
+     * @return The value of the setting, or <code>null</code> if no value is
+     * set.
      */
     String loadExtensionSetting(String name);
 
@@ -319,9 +329,8 @@ public interface IBurpExtenderCallbacks
      * This method is used to create a new instance of Burp's plain text editor,
      * for the extension to use in its own UI.
      *
-     * @return An object that implements the
-     * <code>ITextEditor</code> interface, and which the extension can use in
-     * its own UI.
+     * @return An object that implements the <code>ITextEditor</code> interface,
+     * and which the extension can use in its own UI.
      */
     ITextEditor createTextEditor();
 
@@ -335,8 +344,8 @@ public interface IBurpExtenderCallbacks
      * @param useHttps Flags whether the protocol is HTTPS or HTTP.
      * @param request The full HTTP request.
      * @param tabCaption An optional caption which will appear on the Repeater
-     * tab containing the request. If this value is
-     * <code>null</code> then a default tab index will be displayed.
+     * tab containing the request. If this value is <code>null</code> then a
+     * default tab index will be displayed.
      */
     void sendToRepeater(
             String host,
@@ -460,9 +469,9 @@ public interface IBurpExtenderCallbacks
      *
      * @param httpService The HTTP service to which the request should be sent.
      * @param request The full HTTP request.
-     * @return An object that implements the
-     * <code>IHttpRequestResponse</code> interface, and which the extension can
-     * query to obtain the details of the response.
+     * @return An object that implements the <code>IHttpRequestResponse</code>
+     * interface, and which the extension can query to obtain the details of the
+     * response.
      */
     IHttpRequestResponse makeHttpRequest(IHttpService httpService,
             byte[] request);
@@ -488,8 +497,8 @@ public interface IBurpExtenderCallbacks
      * current Suite-wide scope.
      *
      * @param url The URL to query.
-     * @return Returns
-     * <code>true</code> if the URL is within the current Suite-wide scope.
+     * @return Returns <code>true</code> if the URL is within the current
+     * Suite-wide scope.
      */
     boolean isInScope(java.net.URL url);
 
@@ -556,9 +565,8 @@ public interface IBurpExtenderCallbacks
      * <code>ISessionHandlingAction</code> can query and update the cookie jar
      * in order to handle unusual session handling mechanisms.
      *
-     * @return A list of
-     * <code>ICookie</code> objects representing the contents of Burp's session
-     * handling cookie jar.
+     * @return A list of <code>ICookie</code> objects representing the contents
+     * of Burp's session handling cookie jar.
      */
     List<ICookie> getCookieJarContents();
 
@@ -568,11 +576,10 @@ public interface IBurpExtenderCallbacks
      * <code>ISessionHandlingAction</code> can query and update the cookie jar
      * in order to handle unusual session handling mechanisms.
      *
-     * @param cookie An
-     * <code>ICookie</code> object containing details of the cookie to be
-     * updated. If the cookie jar already contains a cookie that matches the
-     * specified domain and name, then that cookie will be updated with the new
-     * value and expiration, unless the new value is
+     * @param cookie An <code>ICookie</code> object containing details of the
+     * cookie to be updated. If the cookie jar already contains a cookie that
+     * matches the specified domain and name, then that cookie will be updated
+     * with the new value and expiration, unless the new value is
      * <code>null</code>, in which case the cookie will be removed. If the
      * cookie jar does not already contain a cookie that matches the specified
      * domain and name, then the cookie will be added.
@@ -665,8 +672,7 @@ public interface IBurpExtenderCallbacks
      * of runtime data, avoiding the need to retain that data in memory.
      *
      * @param buffer The data to be saved to a temporary file.
-     * @return An object that implements the
-     * <code>ITempFile</code> interface.
+     * @return An object that implements the <code>ITempFile</code> interface.
      */
     ITempFile saveToTempFile(byte[] buffer);
 
@@ -677,9 +683,8 @@ public interface IBurpExtenderCallbacks
      * <code>IHttpRequestResponse</code> objects into a form suitable for
      * long-term storage.
      *
-     * @param httpRequestResponse The
-     * <code>IHttpRequestResponse</code> object whose request and response
-     * messages are to be saved to temporary files.
+     * @param httpRequestResponse The <code>IHttpRequestResponse</code> object
+     * whose request and response messages are to be saved to temporary files.
      * @return An object that implements the
      * <code>IHttpRequestResponsePersisted</code> interface.
      */
@@ -693,19 +698,18 @@ public interface IBurpExtenderCallbacks
      * payload positions, Scanner insertion points, and highlights in Scanner
      * issues.
      *
-     * @param httpRequestResponse The
-     * <code>IHttpRequestResponse</code> object to which the markers should be
-     * applied.
+     * @param httpRequestResponse The <code>IHttpRequestResponse</code> object
+     * to which the markers should be applied.
      * @param requestMarkers A list of index pairs representing the offsets of
      * markers to be applied to the request message. Each item in the list must
      * be an int[2] array containing the start and end offsets for the marker.
-     * This parameter is optional and may be
-     * <code>null</code> if no request markers are required.
+     * This parameter is optional and may be <code>null</code> if no request
+     * markers are required.
      * @param responseMarkers A list of index pairs representing the offsets of
      * markers to be applied to the response message. Each item in the list must
      * be an int[2] array containing the start and end offsets for the marker.
-     * This parameter is optional and may be
-     * <code>null</code> if no response markers are required.
+     * This parameter is optional and may be <code>null</code> if no response
+     * markers are required.
      * @return An object that implements the
      * <code>IHttpRequestResponseWithMarkers</code> interface.
      */
@@ -718,8 +722,7 @@ public interface IBurpExtenderCallbacks
      * This method is used to obtain the descriptive name for the Burp tool
      * identified by the tool flag provided.
      *
-     * @param toolFlag A flag identifying a Burp tool (
-     * <code>TOOL_PROXY</code>,
+     * @param toolFlag A flag identifying a Burp tool ( <code>TOOL_PROXY</code>,
      * <code>TOOL_SCANNER</code>, etc.). Tool flags are defined within this
      * interface.
      * @return The descriptive name for the specified tool.
@@ -746,11 +749,9 @@ public interface IBurpExtenderCallbacks
      * request parameter.
      *
      * @param request The request to be parsed.
-     * @return An array of:
-     * <code>String[] { name, value, type }</code> containing details of the
-     * parameters contained within the request.
-     * @deprecated Use
-     * <code>IExtensionHelpers.analyzeRequest()</code> instead.
+     * @return An array of: <code>String[] { name, value, type }</code>
+     * containing details of the parameters contained within the request.
+     * @deprecated Use <code>IExtensionHelpers.analyzeRequest()</code> instead.
      */
     @Deprecated
     String[][] getParameters(byte[] request);
@@ -761,8 +762,7 @@ public interface IBurpExtenderCallbacks
      *
      * @param message The request to be parsed.
      * @return An array of HTTP headers.
-     * @deprecated Use
-     * <code>IExtensionHelpers.analyzeRequest()</code> or
+     * @deprecated Use <code>IExtensionHelpers.analyzeRequest()</code> or
      * <code>IExtensionHelpers.analyzeResponse()</code> instead.
      */
     @Deprecated
@@ -776,8 +776,7 @@ public interface IBurpExtenderCallbacks
      * @param menuItemCaption The caption to be displayed on the menu item.
      * @param menuItemHandler The handler to be invoked when the user clicks on
      * the menu item.
-     * @deprecated Use
-     * <code>registerContextMenuFactory()</code> instead.
+     * @deprecated Use <code>registerContextMenuFactory()</code> instead.
      */
     @Deprecated
     void registerMenuItem(

data/ext/burp_interfaces/burp/IContextMenuInvocation.java

@@ -80,9 +80,8 @@ public interface IContextMenuInvocation
      * This method can be used to retrieve the native Java input event that was
      * the trigger for the context menu invocation.
      *
-     * @return The
-     * <code>InputEvent</code> that was the trigger for the context menu
-     * invocation.
+     * @return The <code>InputEvent</code> that was the trigger for the context
+     * menu invocation.
      */
     InputEvent getInputEvent();
 
@@ -113,8 +112,7 @@ public interface IContextMenuInvocation
      * user's selection in the current message. If the user has not made any
      * selection in the current message, both offsets indicate the position of
      * the caret within the editor. If the menu is not being invoked from a
-     * message editor, the method returns
-     * <code>null</code>.
+     * message editor, the method returns <code>null</code>.
      */
     int[] getSelectionBounds();
 
@@ -123,11 +121,25 @@ public interface IContextMenuInvocation
      * responses that were shown or selected by the user when the context menu
      * was invoked.
      *
-     * @return An array of
-     * <code>IHttpRequestResponse</code> objects representing the items that
-     * were shown or selected by the user when the context menu was invoked.
-     * This method returns
-     * <code>null</code> if no messages are applicable to the invocation.
+     * <b>Note:</b> For performance reasons, the objects returned from this
+     * method are tied to the originating context of the messages within the
+     * Burp UI. For example, if a context menu is invoked on the Proxy intercept
+     * panel, then the
+     * <code>IHttpRequestResponse</code> returned by this method will reflect
+     * the current contents of the interception panel, and this will change when
+     * the current message has been forwarded or dropped. If your extension
+     * needs to store details of the message for which the context menu has been
+     * invoked, then you should query those details from the
+     * <code>IHttpRequestResponse</code> at the time of invocation, or you
+     * should use
+     * <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code> to create a
+     * persistent read-only copy of the
+     * <code>IHttpRequestResponse</code>.
+     *
+     * @return An array of <code>IHttpRequestResponse</code> objects
+     * representing the items that were shown or selected by the user when the
+     * context menu was invoked. This method returns <code>null</code> if no
+     * messages are applicable to the invocation.
      */
     IHttpRequestResponse[] getSelectedMessages();
 
@@ -135,11 +147,10 @@ public interface IContextMenuInvocation
      * This method can be used to retrieve details of the Scanner issues that
      * were selected by the user when the context menu was invoked.
      *
-     * @return An array of
-     * <code>IScanIssue</code> objects representing the issues that were
-     * selected by the user when the context menu was invoked. This method
-     * returns
-     * <code>null</code> if no Scanner issues are applicable to the invocation.
+     * @return An array of <code>IScanIssue</code> objects representing the
+     * issues that were selected by the user when the context menu was invoked.
+     * This method returns <code>null</code> if no Scanner issues are applicable
+     * to the invocation.
      */
     IScanIssue[] getSelectedIssues();
 }