buby 1.5.0.pre2-java → 1.5.0.pre3-java

data/ext/burp_interfaces/burp/IInterceptedProxyMessage.java

@@ -9,6 +9,8 @@ package burp;
  * and Burp Suite Professional, provided that this usage does not violate the
  * license terms for those products.
  */
+import java.net.InetAddress;
+
 /**
  * This interface is used to represent an HTTP message that has been intercepted
  * by Burp Proxy. Extensions can register an
@@ -67,9 +69,8 @@ public interface IInterceptedProxyMessage
     /**
      * This method retrieves details of the intercepted message.
      *
-     * @return An
-     * <code>IHttpRequestResponse</code> object containing details of the
-     * intercepted message.
+     * @return An <code>IHttpRequestResponse</code> object containing details of
+     * the intercepted message.
      */
     IHttpRequestResponse getMessageInfo();
 
@@ -93,4 +94,23 @@ public interface IInterceptedProxyMessage
      * defined within this interface.
      */
     void setInterceptAction(int interceptAction);
+
+    /**
+     * This method retrieves the name of the Burp Proxy listener that is
+     * processing the intercepted message.
+     *
+     * @return The name of the Burp Proxy listener that is processing the
+     * intercepted message. The format is the same as that shown in the Proxy
+     * Listeners UI - for example, "127.0.0.1:8080".
+     */
+    String getListenerInterface();
+
+    /**
+     * This method retrieves the client IP address from which the request for
+     * the intercepted message was received.
+     *
+     * @return The client IP address from which the request for the intercepted
+     * message was received.
+     */
+    InetAddress getClientIpAddress();
 }

data/ext/burp_interfaces/burp/IProxyListener.java

@@ -11,7 +11,7 @@ package burp;
  */
 /**
  * Extensions can implement this interface and then call
- * <code>IBurpExtenderCallbacks.registerHttpListener()</code> to register a
+ * <code>IBurpExtenderCallbacks.registerProxyListener()</code> to register a
  * Proxy listener. The listener will be notified of requests and responses being
  * processed by the Proxy tool. Extensions can perform custom analysis or
  * modification of these messages, and control in-UI message interception, by

data/lib/buby.rb

@@ -110,7 +110,7 @@ class Buby
   VERSION = Buby::Version::STRING
   
   # latest tested version of burp
-  COMPAT_VERSION = '1.5.04'
+  COMPAT_VERSION = '1.5.05'
 
   # :stopdoc:
   # @deprecated to be removed next version
@@ -241,7 +241,7 @@ class Buby
   # Exclude the specified URL from the Suite-wide scope.
   #  * url = The URL to exclude from the Suite-wide scope.
   def excludeFromScope(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.excludeFromScope(url)
   end
   alias exclude_from_scope excludeFromScope
@@ -250,7 +250,7 @@ class Buby
   # Include the specified URL in the Suite-wide scope.
   #  * url = The URL to exclude in the Suite-wide scope.
   def includeInScope(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.includeInScope(url)
   end
   alias include_in_scope includeInScope 
@@ -261,7 +261,7 @@ class Buby
   #
   # Returns: true / false
   def isInScope(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.isInScope(url)
   end
   alias is_in_scope isInScope
@@ -341,7 +341,7 @@ class Buby
   # Send a seed URL to the Burp Spider tool.
   #  * url = The new seed URL to begin spidering from.
   def sendToSpider(url)
-    url = java.net.URL.new(url) if url.is_a? String
+    url = Java::JavaNet::URL.new(url) if url.is_a? String
     _check_cb.sendToSpider(url)
   end
   alias send_to_spider sendToSpider
@@ -401,7 +401,7 @@ class Buby
   #
   # * filename = path and filename of the file to restore from
   def restoreState(filename)
-    _check_and_callback(:restoreState, java.io.File.new(filename))
+    _check_and_callback(:restoreState, Java::JavaIo::File.new(filename))
   end
   alias restore_state restoreState
 
@@ -412,7 +412,7 @@ class Buby
   #
   # * filename = path and filename of the file to save to
   def saveState(filename)
-    _check_and_callback(:saveState, java.io.File.new(filename))
+    _check_and_callback(:saveState, Java::JavaIo::File.new(filename))
   end
   alias save_state saveState
 
@@ -481,8 +481,8 @@ class Buby
   #
   # This method is only available with Burp 1.3.07+ and is deprecated in 1.5.01.
   #
-  def registerMenuItem(menuItemCaption, menuItemHandler)
-    _check_and_callback(:registerMenuItem, menuItemCaption, menuItemHandler)
+  def registerMenuItem(menuItemCaption, menuItemHandler = nil, &block)
+    _check_and_callback(:registerMenuItem, menuItemCaption, (block_given? ? &block : menuItemHandler))
     issueAlert("Handler #{menuItemHandler} registered for \"#{menuItemCaption}\"")
   end
   alias register_menu_item registerMenuItem
@@ -578,7 +578,7 @@ class Buby
   # building and analyzing HTTP requests.
   #
   def getHelpers
-    Buby::Implants::ExtensionHelpers.implant(_check_and_callback(:getHelpers))
+    @helpers ||= Buby::Implants::ExtensionHelpers.implant(_check_and_callback(:getHelpers))
   end
   alias helpers getHelpers
   alias get_helpers getHelpers
@@ -591,7 +591,7 @@ class Buby
   #
   # @todo double check
   def getStdout
-    _check_and_callback(:getStdout)
+    @stdout ||= _check_and_callback(:getStdout)
   end
   alias stdout getStdout
   alias get_stdout getStdout
@@ -604,7 +604,7 @@ class Buby
   # @return [OutputStream] The extension's standard error stream.
   #
   def getStderr
-    _check_and_callback(:getStderr)
+    @stderr ||= _check_and_callback(:getStderr)
   end
   alias stderr getStderr
   alias get_stderr getStderr
@@ -623,7 +623,7 @@ class Buby
   #    (Isn't JRuby fun?)
   #
   def registerExtensionStateListener(listener = nil, &block)
-    _check_and_callback(:registerExtensionStateListener, listener || block)
+    _check_and_callback(:registerExtensionStateListener, (block_given? ? &block : listener))
   end
   alias register_extension_state_listener registerExtensionStateListener
 
@@ -639,7 +639,7 @@ class Buby
   #    (Isn't JRuby fun?)
   #
   def registerHttpListener(listener = nil, &block)
-    _check_and_callback(:registerHttpListener, listener || block)
+    _check_and_callback(:registerHttpListener, (block_given? ? &block : listener))
   end
   alias register_http_listener registerHttpListener
 
@@ -655,7 +655,7 @@ class Buby
   #    (Isn't JRuby fun?)
   #
   def registerProxyListener(listener = nil, &block)
-    _check_and_callback(:registerProxyListener, listener || block)
+    _check_and_callback(:registerProxyListener, (block_given? ? &block : listener))
   end
   alias register_proxy_listener registerProxyListener
 
@@ -671,7 +671,7 @@ class Buby
   #    (Isn't JRuby fun?)
   #
   def registerScannerListener(listener = nil, &block)
-    _check_and_callback(:registerScannerListener, listener || block)
+    _check_and_callback(:registerScannerListener, (block_given? ? &block : listener))
   end
   alias register_scanner_listener registerScannerListener
 
@@ -685,7 +685,7 @@ class Buby
   #    (Isn't JRuby fun?)
   #
   def registerScopeChangeListener(listener = nil, &block)
-    _check_and_callback(:registerScopeChangeListener, listener || block)
+    _check_and_callback(:registerScopeChangeListener, (block_given? ? &block : listener))
   end
 
   # This method is used to register a factory for custom context menu items.
@@ -704,7 +704,7 @@ class Buby
   #     wrapped properly.
   #
   def registerContextMenuFactory(factory = nil, &block)
-    _check_and_callback(:registerContextMenuFactory, factory || block)
+    _check_and_callback(:registerContextMenuFactory, (block_given? ? &block : factory))
   end
   alias register_context_menu_factory registerContextMenuFactory
 
@@ -725,7 +725,7 @@ class Buby
   #     wrapped properly.
   #
   def registerMessageEditorTabFactory(factory = nil, &block)
-    _check_and_callback(:registerMessageEditorTabFactory, factory || block)
+    _check_and_callback(:registerMessageEditorTabFactory, (block_given? ? &block : factory))
   end
   alias register_message_editor_tab_factory registerMessageEditorTabFactory
 
@@ -742,7 +742,7 @@ class Buby
   #     (Isn't JRuby fun?)
   #
   def registerScannerInsertionPointProvider(provider = nil, &block)
-    _check_and_callback(:registerScannerInsertionPointProvider, provider || block)
+    _check_and_callback(:registerScannerInsertionPointProvider, (block_given? ? &block : provider))
   end
   alias register_scanner_insertion_point_provider registerScannerInsertionPointProvider
 
@@ -752,8 +752,8 @@ class Buby
   #
   # @param [IScannerCheck] check An object that performs a given check.
   #
-  def registerScannerCheck(check)
-    _check_and_callback(:registerScannerCheck, check)
+  def registerScannerCheck(check = nil, &block)
+    _check_and_callback(:registerScannerCheck, (block_given? ? &block : check))
   end
   alias register_scanner_check registerScannerCheck
 
@@ -768,8 +768,8 @@ class Buby
   #   generating intruder payloads.
   #
   # @todo Test - block version may work here
-  def registerIntruderPayloadGeneratorFactory(factory)
-    _check_and_callback(:registerIntruderPayloadGeneratorFactory, factory)
+  def registerIntruderPayloadGeneratorFactory(factory = nil, &block)
+    _check_and_callback(:registerIntruderPayloadGeneratorFactory, (block_given? ? &block : factory))
   end
   alias register_intruder_payload_generator_factory registerIntruderPayloadGeneratorFactory
 
@@ -782,7 +782,7 @@ class Buby
   #
   # @todo Test - block version may work here
   def registerIntruderPayloadProcessor(processor)
-    _check_and_callback(:registerIntruderPayloadProcessor, processor)
+    _check_and_callback(:registerIntruderPayloadProcessor, (block_given? ? &block : processor))
   end
   alias register_intruder_payload_processor registerIntruderPayloadProcessor
 
@@ -795,7 +795,7 @@ class Buby
   #
   # @todo Test - block version may work here
   def registerSessionHandlingAction(action)
-    _check_and_callback(:registerSessionHandlingAction, action)
+    _check_and_callback(:registerSessionHandlingAction, (block_given? ? &block : action))
   end
   alias register_session_handling_action registerSessionHandlingAction
 
@@ -1060,7 +1060,7 @@ class Buby
   # This maps to the 'registerExtenderCallbacks' method in the Java
   # implementation of BurpExtender.
   #
-  # @param cb [IBurpExtenderCallbacks] callbacks presented by burp
+  # @param callbacks [IBurpExtenderCallbacks] callbacks presented by burp
   # @param alert [Boolean]
   # @return [IBurpExtenderCallbacks] cb
   def register_callbacks callbacks, alert = true
@@ -1305,7 +1305,7 @@ class Buby
   # @todo Bring IHttpRequestResponse helper up to date
   # @note Changed in Burp 1.5.01+
   # @deprecated This is the called by the legacy interface, use
-  #   {#process_http_method} instead
+  #   {#process_http_message} instead
   def evt_http_message(tool_name, is_request, message_info)
     HttpRequestResponseHelper.implant(message_info)
     pp([:got_evt_http_message, tool_name, is_request, message_info]) if $DEBUG
@@ -1327,8 +1327,8 @@ class Buby
   # @note This is the 1.5.01+ version of this callback
   #
   def process_http_message(toolFlag, messageIsRequest, messageInfo)
-    HttpRequestResponseHelper.implant(message_info)
-    pp([:got_process_http_message, tool_name, is_request, message_info]) if $DEBUG
+    HttpRequestResponseHelper.implant(messageInfo)
+    pp([:got_process_http_message, toolFlag, messageIsRequest, messageInfo]) if $DEBUG
   end
 
   # This method is invoked whenever Burp Scanner discovers a new, unique 
@@ -1389,6 +1389,24 @@ class Buby
     pp([:got_extension_unloaded]) if $DEBUG
   end
 
+  # This method is used to unload the extension from Burp Suite.
+  #
+  def unloadExtension
+    _check_and_callback(:unloadExtension)
+  end
+  alias unload_extension unloadExtension
+
+  # This method returns the command line arguments that were passed to Burp
+  # on startup.
+  #
+  # @return [Array<String>] The command line arguments that were passed to Burp on startup.
+  #
+  def getCommandLineArguments
+    _check_and_callback(:getCommandLineArguments)
+  end
+  alias get_command_line_arguments getCommandLineArguments
+  alias command_line_arguments getCommandLineArguments
+
   ### Sugar/Convenience methods
 
   # This is a convenience wrapper which can load a given burp state file and 

data/lib/buby/burp_extender.rb

@@ -0,0 +1,339 @@
+require 'buby'
+require 'buby/extender'
+require 'pp'
+require 'buby/burp_extender/context_menu_factory'
+require 'buby/burp_extender/jmenu_item'
+require 'buby/burp_extender/jmenu'
+require 'buby/burp_extender/jcheck_box_menu_item'
+
+
+if ARGV.empty?
+  # default options, esp. useful for jrubyw
+  ARGV << '--readline' << '--prompt' << 'inf-ruby'
+end
+
+# This is the default JRuby implementation of IBurpExtender for use as a JRuby
+# extension.
+#
+class BurpExtender
+  include Buby::Extender
+  include Java::Burp::IBurpExtender
+
+  @@handler ||= Buby.new
+
+  # ExtensionHelpers for internal reference
+  attr_reader :helpers
+  # BurpExtenderCallbacks for internal reference.
+  attr_reader :callbacks
+  # Start with an interactive session running. Defaults to IRB when +nil+ or unkown, can be +irb+, +none+ or +pry+.
+  attr_accessor :interactive
+  # Set $DEBUG on start.
+  attr_accessor :debug
+  # Run interactive session in a window instead of a tab.
+  attr_accessor :windowed
+  # Allow proxy interception on load.
+  attr_accessor :intercept
+  # Unload the extension when exiting irb. Defaults to nil. The values +exit+
+  #   and +unload+ will close Burp and unload Buby, respectively.
+  attr_accessor :on_quit
+
+  attr_accessor :frame
+  attr_accessor :pane
+
+  # save the current BurpExtender settings to the preferences cache
+  def save_settings!
+    @callbacks.saveExtensionSetting('intercept', @intercept ? @intercept.to_s : nil)
+    case @interactive
+    when nil, 'irb', 'pry', 'none'
+      @callbacks.saveExtensionSetting('interactive', @interactive)
+    when false
+      @callbacks.saveExtensionSetting('interactive', 'none')
+    else
+      @callbacks.saveExtensionSetting('interactive', @interactive.to_s)
+    end
+    @callbacks.saveExtensionSetting('debug', @debug ? @debug.to_s : nil)
+    @callbacks.saveExtensionSetting('windowed', @windowed ? @windowed.to_s : nil)
+    case @on_quit
+    when 'exit', 'unload', nil
+      @callbacks.saveExtensionSetting('on_quit', @on_quit)
+    else
+      @callbacks.saveExtensionSetting('on_quit', @on_quit.to_s)
+    end
+  end
+
+  # @group Internals
+  # @see Buby::Extender#registerExtenderCallbacks
+  def registerExtenderCallbacks(callbacks)
+    @@handler.extender_initialize self
+    @interactive_sessions = 0
+    @callbacks = callbacks
+    @helpers = @callbacks.helpers
+    @callbacks.setExtensionName("Buby")
+
+    sys_properties = Java::JavaLang::System.getProperties
+
+    @intercept = sys_properties.getProperty("burp.buby.intercept", nil) || @callbacks.loadExtensionSetting('intercept')
+    @interactive = sys_properties.getProperty("burp.buby.interactive", nil) || @callbacks.loadExtensionSetting('interactive') || 'irb'
+    @debug = sys_properties.getProperty("burp.buby.debug", nil) || @callbacks.loadExtensionSetting('debug')
+    @windowed = sys_properties.getProperty("burp.buby.windowed", nil) || @callbacks.loadExtensionSetting('windowed') || 'false'
+    @on_quit = sys_properties.getProperty("burp.buby.on_quit", nil) || @callbacks.loadExtensionSetting('on_quit') || 'unload'
+
+    $DEBUG = @debug unless @debug && @debug.match(/\Afalse\Z/i)
+    @callbacks.setProxyInterceptionEnabled false unless @intercept &&  @intercept.match(/\A(?:false|f|n|no|off)\Z/i)
+
+    $burp = @@handler
+
+    super
+
+    @main_menu = Java::JavaAwt::Frame.getFrames.map{|x| x.getJMenuBar if x.respond_to?(:getJMenuBar)}.compact.find_all do |mb|
+      labels = mb.getMenuCount.times.map{|x| mb.getMenu(x).label}
+      !(labels & ["Burp", "Intruder", "Repeater", "Window", "Help"]).empty?
+    end.first
+
+    @menu = BurpExtender::JMenu.new self
+    @menu.add(tcm = BurpExtender::JMenuItem.new('Toggle console mode', self) do |event|
+      self.toggle_windowed
+    end)
+
+    pref_menu = BurpExtender::JMenu.new self, "Preferences.."
+
+    interact = BurpExtender::JMenu.new self, "Interactive..."
+
+    mode_group = Java::JavaxSwing::ButtonGroup.new
+
+    mode = BurpExtender::JMenu.new self, "Mode"
+    %w{irb pry none}.each do |md|
+      mode_item = Java::JavaxSwing::JRadioButtonMenuItem.new md
+      mode_item.action_command = md
+      # mode_item.selected = (@interactive == md)
+      mode_item.addActionListener do |event|
+        @callbacks.saveExtensionSetting('interactive', event.action_command)
+        @interactive = event.action_command
+      end
+      mode_group.add mode_item
+      mode.add mode_item
+    end
+    interact.add mode
+
+    quit_group = Java::JavaxSwing::ButtonGroup.new
+
+    oq = BurpExtender::JMenu.new self, "On quit"
+    %w{exit unload none}.each do |md|
+      menu_item = Java::JavaxSwing::JRadioButtonMenuItem.new md
+      menu_item.action_command = md
+      # menu_item.selected = (@on_quit == md)
+      menu_item.addActionListener do |event|
+        @callbacks.saveExtensionSetting('on_quit', event.action_command)
+        @on_quit = event.action_command
+      end
+      quit_group.add menu_item
+      oq.add menu_item
+    end
+    interact.add oq
+
+    windowd = BurpExtender::JCheckBoxMenuItem.new(self, "Windowed", (@windowed && (@windowed != 'false'))) do |event|
+      enabl = event.source.state
+
+      @windowed = enabl
+      if enabl
+        @callbacks.saveExtensionSetting('windowed', 'true')
+        self.move_to_window
+      else
+        @callbacks.saveExtensionSetting('windowed', nil)
+        self.move_to_tab
+      end
+    end
+
+    interact.add windowd
+    pref_menu.add interact
+
+    dbg = BurpExtender::JCheckBoxMenuItem.new self, "$DEBUG"  do |event|
+      enabl = event.source.state
+      @debug = enabl
+      @callbacks.saveExtensionSetting('debug', enabl ? 'true' : nil)
+      $DEBUG = enabl ? 1 : nil
+    end
+
+    interc = BurpExtender::JCheckBoxMenuItem.new self, "Disable intercept on start"  do |event|
+      enabl = event.source.state
+      if enabl
+        @intercept = nil
+        @callbacks.saveExtensionSetting('intercept', nil)
+      else
+        @intercept = true
+        @callbacks.saveExtensionSetting('intercept', 'true')
+      end
+    end
+    pref_menu.add interc
+
+    dbg.state = !!$DEBUG
+    pref_menu.add dbg
+
+    @menu.add pref_menu
+
+    @main_menu.add @menu
+
+    @menu.addChangeListener do |event|
+      if @menu.isSelected
+        mode.getMenuComponents.each do |menu|
+          menu.selected = (@interactive == menu.action_command)
+        end
+
+        oq.getMenuComponents.each do |menu|
+          menu.selected = (@on_quit == menu.action_command)
+        end
+
+        if @frame
+          tcm.text = 'Move console to tab'
+        elsif @interactive_running
+          tcm.text = 'Move console to window'
+        else
+          tcm.text = 'Start interactive session'
+        end
+
+        dbg.state = !!(@debug && (@debug != 'false'))
+        interc.state = !(@intercept && (@intercept != 'false'))
+        windowd.state = !!(@windowed && (@windowed != 'false'))
+      end
+    end
+
+    @callbacks.getStderr.flush
+    @callbacks.getStdout.flush
+    start_interactive  unless @interactive == 'none'
+  end
+
+  def start_interactive(allow_multiple = false)
+    unless @interactive_sessions.nonzero? || allow_multiple
+      init_console
+      case @interactive
+      when 'irb', nil
+        start_irb
+      when 'pry'
+        start_pry
+      when 'none'
+      else
+        @callbacks.getStderr.write "Unknown interactive setting #{@interactive.dump}. Starting IRB".to_java_bytes
+        start_irb
+      end
+    end
+  end
+
+  def toggle_windowed
+    if @frame
+      move_to_tab
+    elsif @interactive_running
+      move_to_window
+    else
+      start_interactive
+    end
+  end
+
+  def move_to_tab
+    require 'buby/burp_extender/console_tab'
+    @tab = BurpExtender::ConsoleTab.new @pane
+    @callbacks.addSuiteTab @tab
+    if @frame
+      Java::JavaAwt::EventQueue.invoke_later {
+        @frame.dispose if @frame
+        @frame = nil
+      }
+    end
+  end
+
+  def move_to_window
+    @callbacks.removeSuiteTab @tab if @tab
+    create_frame
+  end
+
+  # Starts an IRB Session
+  def start_irb
+    require 'irb'
+    require 'irb/completion'
+
+    unless @interactive_running
+      @interactive_running = true
+      @interactive_sessions += 1
+      puts "Starting IRB: Global $burp is set to #{$burp.inspect}"
+      IRB.start(__FILE__)
+      quitting
+    end
+  end
+
+  def start_pry
+    require 'pry'
+
+    unless @interactive_running
+      @interactive_running = true
+      puts "Starting Pry: Global $burp is set to #{$burp.inspect}"
+      ENV['TERM'] = 'dumb'
+      Pry.color = false
+
+      # Pry makes a bunch of invalid assumptions. This seems to be the best we can do for now.
+      Pry.toplevel_binding.pry
+      quitting
+    end
+  end
+
+  def quitting
+    @interactive_running = false
+
+    case @on_quit
+    when 'exit'
+      @callbacks.exitSuite true
+      unload_ui # just in case closing is cancelled, we need to kill the frame and tab
+    when 'unload'
+      @callbacks.unloadExtension
+    else
+      unload_ui
+    end
+  end
+
+  def extensionUnloaded
+    super
+    unload_ui
+    unload_menu
+  end
+
+  def inspect
+    "<#{self.class}:0x#{self.hash.to_s(16)} @interactive=#{@interactive.inspect}, @windowed=#{@windowed.inspect}, @on_quit=#{@on_quit.inspect}, @intercept=#{@intercept.inspect}, @debug=#{@debug.inspect}, @callbacks=#{@callbacks.inspect}, @helpers=#{@helpers.inspect}>"
+  end
+
+  private
+  def unload_ui
+    if @frame
+      Java::JavaAwt::EventQueue.invoke_later {
+        @frame.dispose if @frame
+        @frame = nil
+      }
+    end
+  end
+
+  def unload_menu
+    @main_menu.remove @menu
+    @callbacks.removeSuiteTab @tab if @tab
+    @pane = nil
+  end
+
+  def init_console
+    require 'buby/burp_extender/console_pane'
+    @pane = ConsolePane.new
+
+    @callbacks.customizeUiComponent @pane
+    if @windowed && @windowed != 'false'
+      create_frame
+    else
+      require 'buby/burp_extender/console_tab'
+      @tab = BurpExtender::ConsoleTab.new @pane
+      @callbacks.addSuiteTab @tab
+    end
+  end
+
+  def create_frame
+    require 'buby/burp_extender/console_frame'
+    unless @frame
+      @frame = BurpExtender::ConsoleFrame.new self, @pane do |event|
+        @frame = nil if event.getID == Java::JavaAwtEvent::WindowEvent::WINDOW_CLOSED
+      end
+    end
+  end
+end