buby 1.5.0.pre2-java → 1.5.0.pre3-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +1 -1
- data/VERSION.yml +1 -1
- data/buby.gemspec +15 -4
- data/ext/buby/burp/BurpExtender.java +55 -16
- data/ext/burp_interfaces/burp/IBurpExtenderCallbacks.java +52 -53
- data/ext/burp_interfaces/burp/IContextMenuInvocation.java +26 -15
- data/ext/burp_interfaces/burp/IInterceptedProxyMessage.java +23 -3
- data/ext/burp_interfaces/burp/IProxyListener.java +1 -1
- data/lib/buby.rb +48 -30
- data/lib/buby/burp_extender.rb +339 -0
- data/lib/buby/burp_extender/console_frame.rb +33 -0
- data/lib/buby/burp_extender/console_pane.rb +26 -0
- data/lib/buby/burp_extender/console_tab.rb +15 -0
- data/lib/buby/burp_extender/context_menu.rb +29 -0
- data/lib/buby/burp_extender/context_menu_factory.rb +17 -0
- data/lib/buby/burp_extender/context_menu_item.rb +13 -0
- data/lib/buby/burp_extender/jcheck_box_menu_item.rb +12 -0
- data/lib/buby/burp_extender/jmenu.rb +11 -0
- data/lib/buby/burp_extender/jmenu_item.rb +12 -0
- data/lib/buby/burp_extender/menu.rb +11 -0
- data/lib/buby/burp_extender/menu_item.rb +12 -0
- data/lib/buby/extender.rb +156 -0
- data/lib/buby/implants/context_menu_invocation.rb +29 -2
- data/lib/buby/implants/cookie.rb +0 -1
- data/lib/buby/implants/extension_helpers.rb +0 -37
- data/lib/buby/implants/http_request_response.rb +3 -3
- data/lib/buby/implants/intercepted_proxy_message.rb +0 -1
- data/lib/buby/implants/intruder_attack.rb +0 -1
- data/lib/buby/implants/jruby.rb +19 -10
- data/lib/buby/implants/message_editor.rb +0 -1
- data/lib/buby/implants/message_editor_controller.rb +0 -1
- data/lib/buby/implants/parameter.rb +0 -1
- data/lib/buby/implants/request_info.rb +0 -1
- data/lib/buby/implants/response_info.rb +0 -1
- data/lib/buby/implants/scan_queue_item.rb +0 -1
- data/lib/buby/implants/scanner_insertion_point.rb +0 -1
- data/lib/buby/implants/temp_file.rb +0 -1
- data/lib/buby/implants/text_editor.rb +0 -1
- data/lib/buby/scanner_check.rb +1 -1
- data/lib/buby/version.rb +2 -2
- metadata +15 -4
- data/lib/buby.jar +0 -0
- data/lib/burp_interfaces.jar +0 -0
@@ -9,6 +9,8 @@ package burp;
|
|
9
9
|
* and Burp Suite Professional, provided that this usage does not violate the
|
10
10
|
* license terms for those products.
|
11
11
|
*/
|
12
|
+
import java.net.InetAddress;
|
13
|
+
|
12
14
|
/**
|
13
15
|
* This interface is used to represent an HTTP message that has been intercepted
|
14
16
|
* by Burp Proxy. Extensions can register an
|
@@ -67,9 +69,8 @@ public interface IInterceptedProxyMessage
|
|
67
69
|
/**
|
68
70
|
* This method retrieves details of the intercepted message.
|
69
71
|
*
|
70
|
-
* @return An
|
71
|
-
*
|
72
|
-
* intercepted message.
|
72
|
+
* @return An <code>IHttpRequestResponse</code> object containing details of
|
73
|
+
* the intercepted message.
|
73
74
|
*/
|
74
75
|
IHttpRequestResponse getMessageInfo();
|
75
76
|
|
@@ -93,4 +94,23 @@ public interface IInterceptedProxyMessage
|
|
93
94
|
* defined within this interface.
|
94
95
|
*/
|
95
96
|
void setInterceptAction(int interceptAction);
|
97
|
+
|
98
|
+
/**
|
99
|
+
* This method retrieves the name of the Burp Proxy listener that is
|
100
|
+
* processing the intercepted message.
|
101
|
+
*
|
102
|
+
* @return The name of the Burp Proxy listener that is processing the
|
103
|
+
* intercepted message. The format is the same as that shown in the Proxy
|
104
|
+
* Listeners UI - for example, "127.0.0.1:8080".
|
105
|
+
*/
|
106
|
+
String getListenerInterface();
|
107
|
+
|
108
|
+
/**
|
109
|
+
* This method retrieves the client IP address from which the request for
|
110
|
+
* the intercepted message was received.
|
111
|
+
*
|
112
|
+
* @return The client IP address from which the request for the intercepted
|
113
|
+
* message was received.
|
114
|
+
*/
|
115
|
+
InetAddress getClientIpAddress();
|
96
116
|
}
|
@@ -11,7 +11,7 @@ package burp;
|
|
11
11
|
*/
|
12
12
|
/**
|
13
13
|
* Extensions can implement this interface and then call
|
14
|
-
* <code>IBurpExtenderCallbacks.
|
14
|
+
* <code>IBurpExtenderCallbacks.registerProxyListener()</code> to register a
|
15
15
|
* Proxy listener. The listener will be notified of requests and responses being
|
16
16
|
* processed by the Proxy tool. Extensions can perform custom analysis or
|
17
17
|
* modification of these messages, and control in-UI message interception, by
|
data/lib/buby.rb
CHANGED
@@ -110,7 +110,7 @@ class Buby
|
|
110
110
|
VERSION = Buby::Version::STRING
|
111
111
|
|
112
112
|
# latest tested version of burp
|
113
|
-
COMPAT_VERSION = '1.5.
|
113
|
+
COMPAT_VERSION = '1.5.05'
|
114
114
|
|
115
115
|
# :stopdoc:
|
116
116
|
# @deprecated to be removed next version
|
@@ -241,7 +241,7 @@ class Buby
|
|
241
241
|
# Exclude the specified URL from the Suite-wide scope.
|
242
242
|
# * url = The URL to exclude from the Suite-wide scope.
|
243
243
|
def excludeFromScope(url)
|
244
|
-
url =
|
244
|
+
url = Java::JavaNet::URL.new(url) if url.is_a? String
|
245
245
|
_check_cb.excludeFromScope(url)
|
246
246
|
end
|
247
247
|
alias exclude_from_scope excludeFromScope
|
@@ -250,7 +250,7 @@ class Buby
|
|
250
250
|
# Include the specified URL in the Suite-wide scope.
|
251
251
|
# * url = The URL to exclude in the Suite-wide scope.
|
252
252
|
def includeInScope(url)
|
253
|
-
url =
|
253
|
+
url = Java::JavaNet::URL.new(url) if url.is_a? String
|
254
254
|
_check_cb.includeInScope(url)
|
255
255
|
end
|
256
256
|
alias include_in_scope includeInScope
|
@@ -261,7 +261,7 @@ class Buby
|
|
261
261
|
#
|
262
262
|
# Returns: true / false
|
263
263
|
def isInScope(url)
|
264
|
-
url =
|
264
|
+
url = Java::JavaNet::URL.new(url) if url.is_a? String
|
265
265
|
_check_cb.isInScope(url)
|
266
266
|
end
|
267
267
|
alias is_in_scope isInScope
|
@@ -341,7 +341,7 @@ class Buby
|
|
341
341
|
# Send a seed URL to the Burp Spider tool.
|
342
342
|
# * url = The new seed URL to begin spidering from.
|
343
343
|
def sendToSpider(url)
|
344
|
-
url =
|
344
|
+
url = Java::JavaNet::URL.new(url) if url.is_a? String
|
345
345
|
_check_cb.sendToSpider(url)
|
346
346
|
end
|
347
347
|
alias send_to_spider sendToSpider
|
@@ -401,7 +401,7 @@ class Buby
|
|
401
401
|
#
|
402
402
|
# * filename = path and filename of the file to restore from
|
403
403
|
def restoreState(filename)
|
404
|
-
_check_and_callback(:restoreState,
|
404
|
+
_check_and_callback(:restoreState, Java::JavaIo::File.new(filename))
|
405
405
|
end
|
406
406
|
alias restore_state restoreState
|
407
407
|
|
@@ -412,7 +412,7 @@ class Buby
|
|
412
412
|
#
|
413
413
|
# * filename = path and filename of the file to save to
|
414
414
|
def saveState(filename)
|
415
|
-
_check_and_callback(:saveState,
|
415
|
+
_check_and_callback(:saveState, Java::JavaIo::File.new(filename))
|
416
416
|
end
|
417
417
|
alias save_state saveState
|
418
418
|
|
@@ -481,8 +481,8 @@ class Buby
|
|
481
481
|
#
|
482
482
|
# This method is only available with Burp 1.3.07+ and is deprecated in 1.5.01.
|
483
483
|
#
|
484
|
-
def registerMenuItem(menuItemCaption, menuItemHandler)
|
485
|
-
_check_and_callback(:registerMenuItem, menuItemCaption, menuItemHandler)
|
484
|
+
def registerMenuItem(menuItemCaption, menuItemHandler = nil, &block)
|
485
|
+
_check_and_callback(:registerMenuItem, menuItemCaption, (block_given? ? &block : menuItemHandler))
|
486
486
|
issueAlert("Handler #{menuItemHandler} registered for \"#{menuItemCaption}\"")
|
487
487
|
end
|
488
488
|
alias register_menu_item registerMenuItem
|
@@ -578,7 +578,7 @@ class Buby
|
|
578
578
|
# building and analyzing HTTP requests.
|
579
579
|
#
|
580
580
|
def getHelpers
|
581
|
-
Buby::Implants::ExtensionHelpers.implant(_check_and_callback(:getHelpers))
|
581
|
+
@helpers ||= Buby::Implants::ExtensionHelpers.implant(_check_and_callback(:getHelpers))
|
582
582
|
end
|
583
583
|
alias helpers getHelpers
|
584
584
|
alias get_helpers getHelpers
|
@@ -591,7 +591,7 @@ class Buby
|
|
591
591
|
#
|
592
592
|
# @todo double check
|
593
593
|
def getStdout
|
594
|
-
_check_and_callback(:getStdout)
|
594
|
+
@stdout ||= _check_and_callback(:getStdout)
|
595
595
|
end
|
596
596
|
alias stdout getStdout
|
597
597
|
alias get_stdout getStdout
|
@@ -604,7 +604,7 @@ class Buby
|
|
604
604
|
# @return [OutputStream] The extension's standard error stream.
|
605
605
|
#
|
606
606
|
def getStderr
|
607
|
-
_check_and_callback(:getStderr)
|
607
|
+
@stderr ||= _check_and_callback(:getStderr)
|
608
608
|
end
|
609
609
|
alias stderr getStderr
|
610
610
|
alias get_stderr getStderr
|
@@ -623,7 +623,7 @@ class Buby
|
|
623
623
|
# (Isn't JRuby fun?)
|
624
624
|
#
|
625
625
|
def registerExtensionStateListener(listener = nil, &block)
|
626
|
-
_check_and_callback(:registerExtensionStateListener,
|
626
|
+
_check_and_callback(:registerExtensionStateListener, (block_given? ? &block : listener))
|
627
627
|
end
|
628
628
|
alias register_extension_state_listener registerExtensionStateListener
|
629
629
|
|
@@ -639,7 +639,7 @@ class Buby
|
|
639
639
|
# (Isn't JRuby fun?)
|
640
640
|
#
|
641
641
|
def registerHttpListener(listener = nil, &block)
|
642
|
-
_check_and_callback(:registerHttpListener,
|
642
|
+
_check_and_callback(:registerHttpListener, (block_given? ? &block : listener))
|
643
643
|
end
|
644
644
|
alias register_http_listener registerHttpListener
|
645
645
|
|
@@ -655,7 +655,7 @@ class Buby
|
|
655
655
|
# (Isn't JRuby fun?)
|
656
656
|
#
|
657
657
|
def registerProxyListener(listener = nil, &block)
|
658
|
-
_check_and_callback(:registerProxyListener,
|
658
|
+
_check_and_callback(:registerProxyListener, (block_given? ? &block : listener))
|
659
659
|
end
|
660
660
|
alias register_proxy_listener registerProxyListener
|
661
661
|
|
@@ -671,7 +671,7 @@ class Buby
|
|
671
671
|
# (Isn't JRuby fun?)
|
672
672
|
#
|
673
673
|
def registerScannerListener(listener = nil, &block)
|
674
|
-
_check_and_callback(:registerScannerListener,
|
674
|
+
_check_and_callback(:registerScannerListener, (block_given? ? &block : listener))
|
675
675
|
end
|
676
676
|
alias register_scanner_listener registerScannerListener
|
677
677
|
|
@@ -685,7 +685,7 @@ class Buby
|
|
685
685
|
# (Isn't JRuby fun?)
|
686
686
|
#
|
687
687
|
def registerScopeChangeListener(listener = nil, &block)
|
688
|
-
_check_and_callback(:registerScopeChangeListener,
|
688
|
+
_check_and_callback(:registerScopeChangeListener, (block_given? ? &block : listener))
|
689
689
|
end
|
690
690
|
|
691
691
|
# This method is used to register a factory for custom context menu items.
|
@@ -704,7 +704,7 @@ class Buby
|
|
704
704
|
# wrapped properly.
|
705
705
|
#
|
706
706
|
def registerContextMenuFactory(factory = nil, &block)
|
707
|
-
_check_and_callback(:registerContextMenuFactory,
|
707
|
+
_check_and_callback(:registerContextMenuFactory, (block_given? ? &block : factory))
|
708
708
|
end
|
709
709
|
alias register_context_menu_factory registerContextMenuFactory
|
710
710
|
|
@@ -725,7 +725,7 @@ class Buby
|
|
725
725
|
# wrapped properly.
|
726
726
|
#
|
727
727
|
def registerMessageEditorTabFactory(factory = nil, &block)
|
728
|
-
_check_and_callback(:registerMessageEditorTabFactory,
|
728
|
+
_check_and_callback(:registerMessageEditorTabFactory, (block_given? ? &block : factory))
|
729
729
|
end
|
730
730
|
alias register_message_editor_tab_factory registerMessageEditorTabFactory
|
731
731
|
|
@@ -742,7 +742,7 @@ class Buby
|
|
742
742
|
# (Isn't JRuby fun?)
|
743
743
|
#
|
744
744
|
def registerScannerInsertionPointProvider(provider = nil, &block)
|
745
|
-
_check_and_callback(:registerScannerInsertionPointProvider,
|
745
|
+
_check_and_callback(:registerScannerInsertionPointProvider, (block_given? ? &block : provider))
|
746
746
|
end
|
747
747
|
alias register_scanner_insertion_point_provider registerScannerInsertionPointProvider
|
748
748
|
|
@@ -752,8 +752,8 @@ class Buby
|
|
752
752
|
#
|
753
753
|
# @param [IScannerCheck] check An object that performs a given check.
|
754
754
|
#
|
755
|
-
def registerScannerCheck(check)
|
756
|
-
_check_and_callback(:registerScannerCheck, check)
|
755
|
+
def registerScannerCheck(check = nil, &block)
|
756
|
+
_check_and_callback(:registerScannerCheck, (block_given? ? &block : check))
|
757
757
|
end
|
758
758
|
alias register_scanner_check registerScannerCheck
|
759
759
|
|
@@ -768,8 +768,8 @@ class Buby
|
|
768
768
|
# generating intruder payloads.
|
769
769
|
#
|
770
770
|
# @todo Test - block version may work here
|
771
|
-
def registerIntruderPayloadGeneratorFactory(factory)
|
772
|
-
_check_and_callback(:registerIntruderPayloadGeneratorFactory, factory)
|
771
|
+
def registerIntruderPayloadGeneratorFactory(factory = nil, &block)
|
772
|
+
_check_and_callback(:registerIntruderPayloadGeneratorFactory, (block_given? ? &block : factory))
|
773
773
|
end
|
774
774
|
alias register_intruder_payload_generator_factory registerIntruderPayloadGeneratorFactory
|
775
775
|
|
@@ -782,7 +782,7 @@ class Buby
|
|
782
782
|
#
|
783
783
|
# @todo Test - block version may work here
|
784
784
|
def registerIntruderPayloadProcessor(processor)
|
785
|
-
_check_and_callback(:registerIntruderPayloadProcessor, processor)
|
785
|
+
_check_and_callback(:registerIntruderPayloadProcessor, (block_given? ? &block : processor))
|
786
786
|
end
|
787
787
|
alias register_intruder_payload_processor registerIntruderPayloadProcessor
|
788
788
|
|
@@ -795,7 +795,7 @@ class Buby
|
|
795
795
|
#
|
796
796
|
# @todo Test - block version may work here
|
797
797
|
def registerSessionHandlingAction(action)
|
798
|
-
_check_and_callback(:registerSessionHandlingAction, action)
|
798
|
+
_check_and_callback(:registerSessionHandlingAction, (block_given? ? &block : action))
|
799
799
|
end
|
800
800
|
alias register_session_handling_action registerSessionHandlingAction
|
801
801
|
|
@@ -1060,7 +1060,7 @@ class Buby
|
|
1060
1060
|
# This maps to the 'registerExtenderCallbacks' method in the Java
|
1061
1061
|
# implementation of BurpExtender.
|
1062
1062
|
#
|
1063
|
-
# @param
|
1063
|
+
# @param callbacks [IBurpExtenderCallbacks] callbacks presented by burp
|
1064
1064
|
# @param alert [Boolean]
|
1065
1065
|
# @return [IBurpExtenderCallbacks] cb
|
1066
1066
|
def register_callbacks callbacks, alert = true
|
@@ -1305,7 +1305,7 @@ class Buby
|
|
1305
1305
|
# @todo Bring IHttpRequestResponse helper up to date
|
1306
1306
|
# @note Changed in Burp 1.5.01+
|
1307
1307
|
# @deprecated This is the called by the legacy interface, use
|
1308
|
-
# {#
|
1308
|
+
# {#process_http_message} instead
|
1309
1309
|
def evt_http_message(tool_name, is_request, message_info)
|
1310
1310
|
HttpRequestResponseHelper.implant(message_info)
|
1311
1311
|
pp([:got_evt_http_message, tool_name, is_request, message_info]) if $DEBUG
|
@@ -1327,8 +1327,8 @@ class Buby
|
|
1327
1327
|
# @note This is the 1.5.01+ version of this callback
|
1328
1328
|
#
|
1329
1329
|
def process_http_message(toolFlag, messageIsRequest, messageInfo)
|
1330
|
-
HttpRequestResponseHelper.implant(
|
1331
|
-
pp([:got_process_http_message,
|
1330
|
+
HttpRequestResponseHelper.implant(messageInfo)
|
1331
|
+
pp([:got_process_http_message, toolFlag, messageIsRequest, messageInfo]) if $DEBUG
|
1332
1332
|
end
|
1333
1333
|
|
1334
1334
|
# This method is invoked whenever Burp Scanner discovers a new, unique
|
@@ -1389,6 +1389,24 @@ class Buby
|
|
1389
1389
|
pp([:got_extension_unloaded]) if $DEBUG
|
1390
1390
|
end
|
1391
1391
|
|
1392
|
+
# This method is used to unload the extension from Burp Suite.
|
1393
|
+
#
|
1394
|
+
def unloadExtension
|
1395
|
+
_check_and_callback(:unloadExtension)
|
1396
|
+
end
|
1397
|
+
alias unload_extension unloadExtension
|
1398
|
+
|
1399
|
+
# This method returns the command line arguments that were passed to Burp
|
1400
|
+
# on startup.
|
1401
|
+
#
|
1402
|
+
# @return [Array<String>] The command line arguments that were passed to Burp on startup.
|
1403
|
+
#
|
1404
|
+
def getCommandLineArguments
|
1405
|
+
_check_and_callback(:getCommandLineArguments)
|
1406
|
+
end
|
1407
|
+
alias get_command_line_arguments getCommandLineArguments
|
1408
|
+
alias command_line_arguments getCommandLineArguments
|
1409
|
+
|
1392
1410
|
### Sugar/Convenience methods
|
1393
1411
|
|
1394
1412
|
# This is a convenience wrapper which can load a given burp state file and
|
@@ -0,0 +1,339 @@
|
|
1
|
+
require 'buby'
|
2
|
+
require 'buby/extender'
|
3
|
+
require 'pp'
|
4
|
+
require 'buby/burp_extender/context_menu_factory'
|
5
|
+
require 'buby/burp_extender/jmenu_item'
|
6
|
+
require 'buby/burp_extender/jmenu'
|
7
|
+
require 'buby/burp_extender/jcheck_box_menu_item'
|
8
|
+
|
9
|
+
|
10
|
+
if ARGV.empty?
|
11
|
+
# default options, esp. useful for jrubyw
|
12
|
+
ARGV << '--readline' << '--prompt' << 'inf-ruby'
|
13
|
+
end
|
14
|
+
|
15
|
+
# This is the default JRuby implementation of IBurpExtender for use as a JRuby
|
16
|
+
# extension.
|
17
|
+
#
|
18
|
+
class BurpExtender
|
19
|
+
include Buby::Extender
|
20
|
+
include Java::Burp::IBurpExtender
|
21
|
+
|
22
|
+
@@handler ||= Buby.new
|
23
|
+
|
24
|
+
# ExtensionHelpers for internal reference
|
25
|
+
attr_reader :helpers
|
26
|
+
# BurpExtenderCallbacks for internal reference.
|
27
|
+
attr_reader :callbacks
|
28
|
+
# Start with an interactive session running. Defaults to IRB when +nil+ or unkown, can be +irb+, +none+ or +pry+.
|
29
|
+
attr_accessor :interactive
|
30
|
+
# Set $DEBUG on start.
|
31
|
+
attr_accessor :debug
|
32
|
+
# Run interactive session in a window instead of a tab.
|
33
|
+
attr_accessor :windowed
|
34
|
+
# Allow proxy interception on load.
|
35
|
+
attr_accessor :intercept
|
36
|
+
# Unload the extension when exiting irb. Defaults to nil. The values +exit+
|
37
|
+
# and +unload+ will close Burp and unload Buby, respectively.
|
38
|
+
attr_accessor :on_quit
|
39
|
+
|
40
|
+
attr_accessor :frame
|
41
|
+
attr_accessor :pane
|
42
|
+
|
43
|
+
# save the current BurpExtender settings to the preferences cache
|
44
|
+
def save_settings!
|
45
|
+
@callbacks.saveExtensionSetting('intercept', @intercept ? @intercept.to_s : nil)
|
46
|
+
case @interactive
|
47
|
+
when nil, 'irb', 'pry', 'none'
|
48
|
+
@callbacks.saveExtensionSetting('interactive', @interactive)
|
49
|
+
when false
|
50
|
+
@callbacks.saveExtensionSetting('interactive', 'none')
|
51
|
+
else
|
52
|
+
@callbacks.saveExtensionSetting('interactive', @interactive.to_s)
|
53
|
+
end
|
54
|
+
@callbacks.saveExtensionSetting('debug', @debug ? @debug.to_s : nil)
|
55
|
+
@callbacks.saveExtensionSetting('windowed', @windowed ? @windowed.to_s : nil)
|
56
|
+
case @on_quit
|
57
|
+
when 'exit', 'unload', nil
|
58
|
+
@callbacks.saveExtensionSetting('on_quit', @on_quit)
|
59
|
+
else
|
60
|
+
@callbacks.saveExtensionSetting('on_quit', @on_quit.to_s)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
# @group Internals
|
65
|
+
# @see Buby::Extender#registerExtenderCallbacks
|
66
|
+
def registerExtenderCallbacks(callbacks)
|
67
|
+
@@handler.extender_initialize self
|
68
|
+
@interactive_sessions = 0
|
69
|
+
@callbacks = callbacks
|
70
|
+
@helpers = @callbacks.helpers
|
71
|
+
@callbacks.setExtensionName("Buby")
|
72
|
+
|
73
|
+
sys_properties = Java::JavaLang::System.getProperties
|
74
|
+
|
75
|
+
@intercept = sys_properties.getProperty("burp.buby.intercept", nil) || @callbacks.loadExtensionSetting('intercept')
|
76
|
+
@interactive = sys_properties.getProperty("burp.buby.interactive", nil) || @callbacks.loadExtensionSetting('interactive') || 'irb'
|
77
|
+
@debug = sys_properties.getProperty("burp.buby.debug", nil) || @callbacks.loadExtensionSetting('debug')
|
78
|
+
@windowed = sys_properties.getProperty("burp.buby.windowed", nil) || @callbacks.loadExtensionSetting('windowed') || 'false'
|
79
|
+
@on_quit = sys_properties.getProperty("burp.buby.on_quit", nil) || @callbacks.loadExtensionSetting('on_quit') || 'unload'
|
80
|
+
|
81
|
+
$DEBUG = @debug unless @debug && @debug.match(/\Afalse\Z/i)
|
82
|
+
@callbacks.setProxyInterceptionEnabled false unless @intercept && @intercept.match(/\A(?:false|f|n|no|off)\Z/i)
|
83
|
+
|
84
|
+
$burp = @@handler
|
85
|
+
|
86
|
+
super
|
87
|
+
|
88
|
+
@main_menu = Java::JavaAwt::Frame.getFrames.map{|x| x.getJMenuBar if x.respond_to?(:getJMenuBar)}.compact.find_all do |mb|
|
89
|
+
labels = mb.getMenuCount.times.map{|x| mb.getMenu(x).label}
|
90
|
+
!(labels & ["Burp", "Intruder", "Repeater", "Window", "Help"]).empty?
|
91
|
+
end.first
|
92
|
+
|
93
|
+
@menu = BurpExtender::JMenu.new self
|
94
|
+
@menu.add(tcm = BurpExtender::JMenuItem.new('Toggle console mode', self) do |event|
|
95
|
+
self.toggle_windowed
|
96
|
+
end)
|
97
|
+
|
98
|
+
pref_menu = BurpExtender::JMenu.new self, "Preferences.."
|
99
|
+
|
100
|
+
interact = BurpExtender::JMenu.new self, "Interactive..."
|
101
|
+
|
102
|
+
mode_group = Java::JavaxSwing::ButtonGroup.new
|
103
|
+
|
104
|
+
mode = BurpExtender::JMenu.new self, "Mode"
|
105
|
+
%w{irb pry none}.each do |md|
|
106
|
+
mode_item = Java::JavaxSwing::JRadioButtonMenuItem.new md
|
107
|
+
mode_item.action_command = md
|
108
|
+
# mode_item.selected = (@interactive == md)
|
109
|
+
mode_item.addActionListener do |event|
|
110
|
+
@callbacks.saveExtensionSetting('interactive', event.action_command)
|
111
|
+
@interactive = event.action_command
|
112
|
+
end
|
113
|
+
mode_group.add mode_item
|
114
|
+
mode.add mode_item
|
115
|
+
end
|
116
|
+
interact.add mode
|
117
|
+
|
118
|
+
quit_group = Java::JavaxSwing::ButtonGroup.new
|
119
|
+
|
120
|
+
oq = BurpExtender::JMenu.new self, "On quit"
|
121
|
+
%w{exit unload none}.each do |md|
|
122
|
+
menu_item = Java::JavaxSwing::JRadioButtonMenuItem.new md
|
123
|
+
menu_item.action_command = md
|
124
|
+
# menu_item.selected = (@on_quit == md)
|
125
|
+
menu_item.addActionListener do |event|
|
126
|
+
@callbacks.saveExtensionSetting('on_quit', event.action_command)
|
127
|
+
@on_quit = event.action_command
|
128
|
+
end
|
129
|
+
quit_group.add menu_item
|
130
|
+
oq.add menu_item
|
131
|
+
end
|
132
|
+
interact.add oq
|
133
|
+
|
134
|
+
windowd = BurpExtender::JCheckBoxMenuItem.new(self, "Windowed", (@windowed && (@windowed != 'false'))) do |event|
|
135
|
+
enabl = event.source.state
|
136
|
+
|
137
|
+
@windowed = enabl
|
138
|
+
if enabl
|
139
|
+
@callbacks.saveExtensionSetting('windowed', 'true')
|
140
|
+
self.move_to_window
|
141
|
+
else
|
142
|
+
@callbacks.saveExtensionSetting('windowed', nil)
|
143
|
+
self.move_to_tab
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
147
|
+
interact.add windowd
|
148
|
+
pref_menu.add interact
|
149
|
+
|
150
|
+
dbg = BurpExtender::JCheckBoxMenuItem.new self, "$DEBUG" do |event|
|
151
|
+
enabl = event.source.state
|
152
|
+
@debug = enabl
|
153
|
+
@callbacks.saveExtensionSetting('debug', enabl ? 'true' : nil)
|
154
|
+
$DEBUG = enabl ? 1 : nil
|
155
|
+
end
|
156
|
+
|
157
|
+
interc = BurpExtender::JCheckBoxMenuItem.new self, "Disable intercept on start" do |event|
|
158
|
+
enabl = event.source.state
|
159
|
+
if enabl
|
160
|
+
@intercept = nil
|
161
|
+
@callbacks.saveExtensionSetting('intercept', nil)
|
162
|
+
else
|
163
|
+
@intercept = true
|
164
|
+
@callbacks.saveExtensionSetting('intercept', 'true')
|
165
|
+
end
|
166
|
+
end
|
167
|
+
pref_menu.add interc
|
168
|
+
|
169
|
+
dbg.state = !!$DEBUG
|
170
|
+
pref_menu.add dbg
|
171
|
+
|
172
|
+
@menu.add pref_menu
|
173
|
+
|
174
|
+
@main_menu.add @menu
|
175
|
+
|
176
|
+
@menu.addChangeListener do |event|
|
177
|
+
if @menu.isSelected
|
178
|
+
mode.getMenuComponents.each do |menu|
|
179
|
+
menu.selected = (@interactive == menu.action_command)
|
180
|
+
end
|
181
|
+
|
182
|
+
oq.getMenuComponents.each do |menu|
|
183
|
+
menu.selected = (@on_quit == menu.action_command)
|
184
|
+
end
|
185
|
+
|
186
|
+
if @frame
|
187
|
+
tcm.text = 'Move console to tab'
|
188
|
+
elsif @interactive_running
|
189
|
+
tcm.text = 'Move console to window'
|
190
|
+
else
|
191
|
+
tcm.text = 'Start interactive session'
|
192
|
+
end
|
193
|
+
|
194
|
+
dbg.state = !!(@debug && (@debug != 'false'))
|
195
|
+
interc.state = !(@intercept && (@intercept != 'false'))
|
196
|
+
windowd.state = !!(@windowed && (@windowed != 'false'))
|
197
|
+
end
|
198
|
+
end
|
199
|
+
|
200
|
+
@callbacks.getStderr.flush
|
201
|
+
@callbacks.getStdout.flush
|
202
|
+
start_interactive unless @interactive == 'none'
|
203
|
+
end
|
204
|
+
|
205
|
+
def start_interactive(allow_multiple = false)
|
206
|
+
unless @interactive_sessions.nonzero? || allow_multiple
|
207
|
+
init_console
|
208
|
+
case @interactive
|
209
|
+
when 'irb', nil
|
210
|
+
start_irb
|
211
|
+
when 'pry'
|
212
|
+
start_pry
|
213
|
+
when 'none'
|
214
|
+
else
|
215
|
+
@callbacks.getStderr.write "Unknown interactive setting #{@interactive.dump}. Starting IRB".to_java_bytes
|
216
|
+
start_irb
|
217
|
+
end
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
def toggle_windowed
|
222
|
+
if @frame
|
223
|
+
move_to_tab
|
224
|
+
elsif @interactive_running
|
225
|
+
move_to_window
|
226
|
+
else
|
227
|
+
start_interactive
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
231
|
+
def move_to_tab
|
232
|
+
require 'buby/burp_extender/console_tab'
|
233
|
+
@tab = BurpExtender::ConsoleTab.new @pane
|
234
|
+
@callbacks.addSuiteTab @tab
|
235
|
+
if @frame
|
236
|
+
Java::JavaAwt::EventQueue.invoke_later {
|
237
|
+
@frame.dispose if @frame
|
238
|
+
@frame = nil
|
239
|
+
}
|
240
|
+
end
|
241
|
+
end
|
242
|
+
|
243
|
+
def move_to_window
|
244
|
+
@callbacks.removeSuiteTab @tab if @tab
|
245
|
+
create_frame
|
246
|
+
end
|
247
|
+
|
248
|
+
# Starts an IRB Session
|
249
|
+
def start_irb
|
250
|
+
require 'irb'
|
251
|
+
require 'irb/completion'
|
252
|
+
|
253
|
+
unless @interactive_running
|
254
|
+
@interactive_running = true
|
255
|
+
@interactive_sessions += 1
|
256
|
+
puts "Starting IRB: Global $burp is set to #{$burp.inspect}"
|
257
|
+
IRB.start(__FILE__)
|
258
|
+
quitting
|
259
|
+
end
|
260
|
+
end
|
261
|
+
|
262
|
+
def start_pry
|
263
|
+
require 'pry'
|
264
|
+
|
265
|
+
unless @interactive_running
|
266
|
+
@interactive_running = true
|
267
|
+
puts "Starting Pry: Global $burp is set to #{$burp.inspect}"
|
268
|
+
ENV['TERM'] = 'dumb'
|
269
|
+
Pry.color = false
|
270
|
+
|
271
|
+
# Pry makes a bunch of invalid assumptions. This seems to be the best we can do for now.
|
272
|
+
Pry.toplevel_binding.pry
|
273
|
+
quitting
|
274
|
+
end
|
275
|
+
end
|
276
|
+
|
277
|
+
def quitting
|
278
|
+
@interactive_running = false
|
279
|
+
|
280
|
+
case @on_quit
|
281
|
+
when 'exit'
|
282
|
+
@callbacks.exitSuite true
|
283
|
+
unload_ui # just in case closing is cancelled, we need to kill the frame and tab
|
284
|
+
when 'unload'
|
285
|
+
@callbacks.unloadExtension
|
286
|
+
else
|
287
|
+
unload_ui
|
288
|
+
end
|
289
|
+
end
|
290
|
+
|
291
|
+
def extensionUnloaded
|
292
|
+
super
|
293
|
+
unload_ui
|
294
|
+
unload_menu
|
295
|
+
end
|
296
|
+
|
297
|
+
def inspect
|
298
|
+
"<#{self.class}:0x#{self.hash.to_s(16)} @interactive=#{@interactive.inspect}, @windowed=#{@windowed.inspect}, @on_quit=#{@on_quit.inspect}, @intercept=#{@intercept.inspect}, @debug=#{@debug.inspect}, @callbacks=#{@callbacks.inspect}, @helpers=#{@helpers.inspect}>"
|
299
|
+
end
|
300
|
+
|
301
|
+
private
|
302
|
+
def unload_ui
|
303
|
+
if @frame
|
304
|
+
Java::JavaAwt::EventQueue.invoke_later {
|
305
|
+
@frame.dispose if @frame
|
306
|
+
@frame = nil
|
307
|
+
}
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
311
|
+
def unload_menu
|
312
|
+
@main_menu.remove @menu
|
313
|
+
@callbacks.removeSuiteTab @tab if @tab
|
314
|
+
@pane = nil
|
315
|
+
end
|
316
|
+
|
317
|
+
def init_console
|
318
|
+
require 'buby/burp_extender/console_pane'
|
319
|
+
@pane = ConsolePane.new
|
320
|
+
|
321
|
+
@callbacks.customizeUiComponent @pane
|
322
|
+
if @windowed && @windowed != 'false'
|
323
|
+
create_frame
|
324
|
+
else
|
325
|
+
require 'buby/burp_extender/console_tab'
|
326
|
+
@tab = BurpExtender::ConsoleTab.new @pane
|
327
|
+
@callbacks.addSuiteTab @tab
|
328
|
+
end
|
329
|
+
end
|
330
|
+
|
331
|
+
def create_frame
|
332
|
+
require 'buby/burp_extender/console_frame'
|
333
|
+
unless @frame
|
334
|
+
@frame = BurpExtender::ConsoleFrame.new self, @pane do |event|
|
335
|
+
@frame = nil if event.getID == Java::JavaAwtEvent::WindowEvent::WINDOW_CLOSED
|
336
|
+
end
|
337
|
+
end
|
338
|
+
end
|
339
|
+
end
|