buby 1.5.2-java → 1.6.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -46,9 +46,28 @@ public interface IResponseInfo
46
46
  * This method is used to obtain details of the HTTP cookies set in the
47
47
  * response.
48
48
  *
49
- * @return A list of
50
- * <code>ICookie</code> objects representing the cookies set in the
51
- * response, if any.
49
+ * @return A list of <code>ICookie</code> objects representing the cookies
50
+ * set in the response, if any.
52
51
  */
53
52
  List<ICookie> getCookies();
53
+
54
+ /**
55
+ * This method is used to obtain the MIME type of the response, as stated in
56
+ * the HTTP headers.
57
+ *
58
+ * @return A textual label for the stated MIME type, or an empty String if
59
+ * this is not known or recognized. The possible labels are the same as
60
+ * those used in the main Burp UI.
61
+ */
62
+ String getStatedMimeType();
63
+
64
+ /**
65
+ * This method is used to obtain the MIME type of the response, as inferred
66
+ * from the contents of the HTTP message body.
67
+ *
68
+ * @return A textual label for the inferred MIME type, or an empty String if
69
+ * this is not known or recognized. The possible labels are the same as
70
+ * those used in the main Burp UI.
71
+ */
72
+ String getInferredMimeType();
54
73
  }
Binary file
@@ -9,11 +9,11 @@ rescue NameError
9
9
  require 'burp_interfaces.jar'
10
10
  end
11
11
 
12
- # Buby is a mash-up of the commercial security testing web proxy PortSwigger
13
- # Burp Suite(tm) allowing you to add scripting to Burp. Burp is driven from
12
+ # Buby is a mash-up of the commercial security testing web proxy PortSwigger
13
+ # Burp Suite(tm) allowing you to add scripting to Burp. Burp is driven from
14
14
  # and tied to JRuby with a Java extension using the BurpExtender API.
15
15
  #
16
- # The Buby class is an abstract implementation of a BurpExtender ruby handler.
16
+ # The Buby class is an abstract implementation of a BurpExtender ruby handler.
17
17
  # Included are several abstract event handlers used from the BurpExtender
18
18
  # java implementation:
19
19
  # * evt_extender_init
@@ -28,8 +28,8 @@ end
28
28
  # * evt_scan_issue
29
29
  #
30
30
  #
31
- # This class also exposes several methods to access Burp functionality
32
- # and user interfaces through the IBurpExtenderCallbacks interface
31
+ # This class also exposes several methods to access Burp functionality
32
+ # and user interfaces through the IBurpExtenderCallbacks interface
33
33
  # (note, several abbreviated aliases also exist for each):
34
34
  # * doActiveScan
35
35
  # * doPassiveScan
@@ -42,10 +42,10 @@ end
42
42
  # * sendToRepeater
43
43
  # * sendToSpider
44
44
  #
45
- # Buby also provides front-end ruby methods for the various callback methods
45
+ # Buby also provides front-end ruby methods for the various callback methods
46
46
  # supported by Burp. New callbacks have been cropping up in newer Burp versions
47
- # frequently.
48
- #
47
+ # frequently.
48
+ #
49
49
  # Available since Burp 1.2.09:
50
50
  # * getProxyHistory
51
51
  # * getSiteMap
@@ -60,30 +60,27 @@ end
60
60
  # Available since Burp 1.2.17:
61
61
  # * exitSuite
62
62
  #
63
- # If you wish to access any of the IBurpExtenderCallbacks methods directly.
63
+ # If you wish to access any of the IBurpExtenderCallbacks methods directly.
64
64
  # You can use 'burp_callbacks' to obtain a reference.
65
65
  #
66
- # Credit:
67
- # * Burp and Burp Suite are trade-marks of PortSwigger Ltd.
68
- # Copyright 2011 PortSwigger Ltd. All rights reserved.
69
- # See http://portswigger.net for license terms.
70
- #
71
- # * This ruby library and the accompanying BurpExtender.java implementation
72
- # were written by Eric Monti @ Matasano Security.
73
- #
74
- # Matasano claims no professional or legal affiliation with PortSwigger LTD.
75
- # nor do we sell or officially endorse any of their products.
66
+ # == CREDIT:
67
+ # Burp and Burp Suite are trademarks of PortSwigger(ltd)
68
+ # Copyright 2013 PortSwigger Ltd. All rights reserved.
69
+ # See http://portswigger.net for license terms.
76
70
  #
77
- # However, this author would like to express his personal and professional
78
- # respect and appreciation for their making available the BurpExtender
79
- # extension API. The availability of this interface in an already great tool
80
- # goes a long way to make Burp Suite a truly first-class application.
71
+ # This JRuby library and the accompanying Java and JRuby BurpExtender
72
+ # implementations were written by Timur Duehr @ Matasano Security. The original
73
+ # version of this library and BurpExtender.java implementation was written by
74
+ # Eric Monti @ Matasano Security. Matasano Security claims no professional or
75
+ # legal affiliation with PortSwigger LTD.
81
76
  #
82
- # * Forgive the name. It won out over "Burb" and "BurpRub". It's just easier
83
- # to type and say out-loud. Mike Tracy gets full credit as official
84
- # Buby-namer.
77
+ # However, the authors would like to express their personal and professional
78
+ # respect and admiration to Burp's authors and appreciation to PortSwigger for
79
+ # the availability of the IBurpExtender extension API and its continued
80
+ # improvement. The availability of this interface goes a long way to helping
81
+ # make Burp Suite a truly first-class application.
85
82
  #
86
- # @todo move more to Java side
83
+ # @todo move more to BurpExtender side
87
84
  class Buby
88
85
  autoload :ContextMenuFactory, 'buby/context_menu_factory'
89
86
  autoload :Cookie, 'buby/cookie'
@@ -108,9 +105,9 @@ class Buby
108
105
 
109
106
  # @deprecated moving to proper version module
110
107
  VERSION = Buby::Version::STRING
111
-
108
+
112
109
  # latest tested version of burp
113
- COMPAT_VERSION = '1.5.05'
110
+ COMPAT_VERSION = '1.5.17'
114
111
 
115
112
  # :stopdoc:
116
113
  # @deprecated to be removed next version
@@ -143,7 +140,7 @@ class Buby
143
140
 
144
141
  # Returns the internal reference to the IBupExtenderCallbacks instance.
145
142
  # This reference gets set from Java through the evt_register_callbacks
146
- # method. It is exposed to allow you to access the IBurpExtenderCallbacks
143
+ # method. It is exposed to allow you to access the IBurpExtenderCallbacks
147
144
  # instance directly if you so choose.
148
145
  def burp_callbacks; @burp_callbacks; end
149
146
 
@@ -159,10 +156,12 @@ class Buby
159
156
  # proceed with the scan.
160
157
  #
161
158
  # @overload doActiveScan(host, port, useHttps, request, insertionPointOffsets = nil)
162
- # @param [String] host The hostname of the remote HTTP server.
159
+ # @param [String, java.net.URL, URI] host The hostname of the remote HTTP
160
+ # server.
163
161
  # @param [Fixnum] port The port of the remote HTTP server.
164
162
  # @param [Boolean] useHttps Flags whether the protocol is HTTPS or HTTP.
165
- # @param [String, Array<byte>] request The full HTTP request.
163
+ # @param [String, Array<byte>, IHttpRequestResponse] request The full HTTP
164
+ # request.
166
165
  # @param [Array<Array<Fixnum>>] insertionPointOffsets A list of index pairs
167
166
  # representing the positions of the insertion points that should be
168
167
  # scanned. Each item in the list must be an +int\[2]+ array containing the
@@ -174,6 +173,15 @@ class Buby
174
173
  # representing the positions of the insertion points that should be
175
174
  # scanned. Each item in the list must be an +int\[2]+ array containing the
176
175
  # start and end offsets for the insertion point.
176
+ # @overload doActiveScan(service, request, insertionPointOffsets = nil)
177
+ # @param [IHttpService] service Object describing host, port and protocol
178
+ # for scan.
179
+ # @param [IHttpRequestResponse, String, Array<byte>] request Request object
180
+ # containing details about the request to scan.
181
+ # @param [Array<Array<Fixnum>>] insertionPointOffsets A list of index pairs
182
+ # representing the positions of the insertion points that should be
183
+ # scanned. Each item in the list must be an +int\[2]+ array containing the
184
+ # start and end offsets for the insertion point.
177
185
  # @overload doActiveScan(url, insertionPointOffsets = nil)
178
186
  # @param [String, URI, java.net.URL] url Build a +GET+ request and scan url.
179
187
  # @param [Array<Array<Fixnum>>] insertionPointOffsets A list of index pairs
@@ -183,166 +191,478 @@ class Buby
183
191
  # @return [IScanQueueItem] The resulting scan queue item.
184
192
  #
185
193
  def doActiveScan(*args)
186
- host, port, https, req, ip_off = args
187
- case args.size
188
- when 1,2
189
- req = args.first
190
- ip_off = args[1]
191
- if req.kind_of? Java::Burp::IHttpRequestResponse
192
- serv = req.getHttpService
193
- https = serv.getProtocol == "https"
194
+ raise ArgumentError, "wrong number of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless (1..5).include?(args.size)
195
+ host, port, https, req, ip_off = *args
196
+ if args.size < 4
197
+ case args.first
198
+ when Java::Burp::IHttpRequestResponse
199
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless args.size < 3
200
+ req, ip_off = *args
201
+ host = req.host
202
+ port = req.port
203
+ https = req.protocol
204
+ when Java::Burp::IHttpService
205
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless args.size
206
+ serv, req, ip_off = *args
207
+ https = serv.getProtocol
194
208
  host = serv.getHost
195
209
  port = serv.getPort
196
210
  req = req.request
197
211
  else
198
212
  url = (req.kind_of?(URI) || req.kind_of?(Java::JavaNet::URL)) ? req : Java::JavaNet::URL.new(req.to_s)
199
- req = getHelpers.buildHttpRequest req
213
+ req = helpers.buildHttpRequest req
200
214
  host = url.host
201
215
  port = url.port
202
- if url.scheme.downcase == "https"
203
- https = true
204
- port = 443 if port == -1
205
- else
206
- https = false
207
- port = 80 if port == -1
208
- end
216
+ https = url.respond_to? :scheme ? url.scheme : url.protocol
209
217
  end
210
- when 4,5
211
- host, port, https, req, ip_off = args
218
+ end
219
+
220
+ https = case https.to_s.downcase
221
+ when 'https'
222
+ true
223
+ when 'http'
224
+ false
212
225
  else
213
- raise ArgumentError
226
+ !!https
214
227
  end
228
+
229
+ port ||= https ? 443 : 80
230
+ port = https ? 443 : 80 if port < 0
231
+ host = host.host if host.respond_to? :host
232
+
233
+ req = req.request if req.respond_to? :request
215
234
  req = req.to_java_bytes if req.respond_to? :to_java_bytes
216
235
  scanq = if getBurpVersion
217
- _check_cb.doActiveScan(host, port, https, req, ip_off)
236
+ _check_and_callback :doActiveScan, host, port, https, req, ip_off
218
237
  else
219
- _check_cb.doActiveScan(host, port, https, req)
238
+ _check_and_callback :doActiveScan, host, port, https, req
220
239
  end
221
240
  Buby::Implants::ScanQueueItem.implant scanq
222
241
  end
223
242
  alias do_active_scan doActiveScan
224
243
  alias active_scan doActiveScan
225
244
 
226
- # Send an HTTP request and response to the Burp Scanner tool to perform a
245
+ # Send an HTTP request and response to the Burp Scanner tool to perform a
227
246
  # passive vulnerability scan.
228
- # * host = The hostname of the remote HTTP server.
229
- # * port = The port of the remote HTTP server.
230
- # * https = Flags whether the protocol is HTTPS or HTTP.
231
- # * req = The full HTTP request. (String or Java bytes[])
232
- # * rsp = The full HTTP response. (String or Java bytes[])
233
- def doPassiveScan(host, port, https, req, rsp)
234
- req = req.to_java_bytes if req.is_a? String
235
- rsp = rsp.to_java_bytes if rsp.is_a? String
236
- _check_cb.doPassiveScan(host, port, https, req, rsp)
247
+ # @overload doPassiveScan(host, port, useHttps, request, response)
248
+ # @param [String, java.net.URL, URI] host The hostname of the remote HTTP
249
+ # server.
250
+ # @param [Fixnum] port The port of the remote HTTP server.
251
+ # @param [Boolean] useHttps Flags whether the protocol is HTTPS or HTTP.
252
+ # @param [String, Array<byte>, IHttpRequestResponse] request The full HTTP request.
253
+ # @param [String, Array<byte>, IHttpRequestResponse] response The full HTTP response.
254
+ # @overload doPassiveScan(host, port, useHttps, request_response)
255
+ # @param [String, java.net.URL, URI] host The hostname of the remote HTTP
256
+ # server.
257
+ # @param [Fixnum] port The port of the remote HTTP server.
258
+ # @param [Boolean] useHttps Flags whether the protocol is HTTPS or HTTP.
259
+ # @param [String, Array<byte>, IHttpRequestResponse] request The full HTTP request and response.
260
+ # @overload doPassiveScan(service, request, response)
261
+ # @param [IHttpService] service Object describing host, port and protocol
262
+ # for scan.
263
+ # @param [IHttpRequestResponse, String, Array<byte>] request Request object
264
+ # containing details about the request to scan.
265
+ # @param [IHttpRequestResponse, String, Array<byte>] request Request object
266
+ # containing details about the response to scan.
267
+ # @overload doPassiveScan(service, request_response)
268
+ # @param [IHttpService] service Object describing host, port and protocol
269
+ # for scan.
270
+ # @param [IHttpRequestResponse, String, Array<byte>] request Request object
271
+ # containing details about the request to scan.
272
+ # @return [IScanQueueItem] The resulting scan queue item.
273
+ # @overload doPassiveScan(request)
274
+ # @param [IHttpRequestResponse] request Request object containing details
275
+ # about the request to scan.
276
+ #
277
+ def doPassiveScan(*args)
278
+ raise ArgumentError, "wrong number of arguments calling '#{__callee__}' (#{args.size} for 1..4)" unless (1..4).include?(args.size)
279
+ host, port, https, req, resp = *args
280
+ case args.size
281
+ when 1
282
+ req = args.first
283
+ host = req.getHost
284
+ port = req.getPort
285
+ https = req.getProtocol
286
+ resp = req.getResponse
287
+ when 2, 3
288
+ serv, req = *args
289
+ host = serv.getHost
290
+ port = serv.getPort
291
+ https = req.getProtocol
292
+ resp = (resp && resp.getResponse) || req.getResponse
293
+ when 4
294
+ resp = req.response
295
+ else
296
+ # nop
297
+ end
298
+
299
+ https = case https.to_s.downcase
300
+ when 'https'
301
+ true
302
+ when 'http'
303
+ false
304
+ else
305
+ !!https
306
+ end
307
+
308
+ port ||= https ? 443 : 80
309
+ port = https ? 443 : 80 if port < 0
310
+ host = host.host if host.respond_to? :host
311
+
312
+ req = req.request if req.respond_to? :request
313
+ req = req.to_java_bytes if req.respond_to? :to_java_bytes
314
+
315
+ resp = resp.response if resp.respond_to? :response
316
+ resp = resp.to_java_bytes if resp.respond_to? :to_java_bytes
317
+
318
+ Buby::Implants::ScanQueueItem.implant(_check_and_callback(:doPassiveScan, host, port, https, req, resp))
237
319
  end
238
320
  alias do_passive_scan doPassiveScan
239
321
  alias passive_scan doPassiveScan
240
322
 
241
323
  # Exclude the specified URL from the Suite-wide scope.
242
- # * url = The URL to exclude from the Suite-wide scope.
243
- def excludeFromScope(url)
244
- url = Java::JavaNet::URL.new(url) if url.is_a? String
245
- _check_cb.excludeFromScope(url)
324
+ # @overload excludeFromScope(url)
325
+ # @param [java.net.URL, URI, String] url The URL to exclude from the
326
+ # Suite-wide scope.
327
+ # @overload excludeFromScope(req)
328
+ # @param [IHttpRequestResponse] req The request to exclude from the
329
+ # Suite-wide scope.
330
+ # @overload excludeFromScope(req_info)
331
+ # @param [IRequestInfo] req_info The request information to exclude from
332
+ # the Suite-wide scope.
333
+ # @overload excludeFromScope(serv, req)
334
+ # @param [IHttpService] serv The HTTP service to exclude from the Suite-wide
335
+ # scope.
336
+ # @param [Array<byte>, String] req The request to exclude
337
+ #
338
+ # @return [void]
339
+ def excludeFromScope(*args)
340
+ url, req = args
341
+ case args.size
342
+ when 1
343
+ case url
344
+ when Java::Burp::IHttpRequestResponse, Java::Burp::IRequestInfo
345
+ url = url.getUrl
346
+ else
347
+ url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
348
+ end
349
+ when 2
350
+ url = getHelpers.__analyzeRequest(url, req).getUrl
351
+ else
352
+ raise ArgumentError, "wrong number of arguments calling '#{__callee__}' (#{args.size} for 1,2)"
353
+ end
354
+ _check_and_callback :excludeFromScope, url
246
355
  end
247
356
  alias exclude_from_scope excludeFromScope
248
357
  alias exclude_scope excludeFromScope
249
358
 
250
359
  # Include the specified URL in the Suite-wide scope.
251
- # * url = The URL to exclude in the Suite-wide scope.
252
- def includeInScope(url)
253
- url = Java::JavaNet::URL.new(url) if url.is_a? String
254
- _check_cb.includeInScope(url)
360
+ # @overload includeInScope(url)
361
+ # @param [java.net.URL, URI, String] url The URL to include in the
362
+ # Suite-wide scope.
363
+ # @overload includeInScope(req)
364
+ # @param [IHttpRequestResponse] req The request to include in the Suite-wide
365
+ # scope.
366
+ # @overload includeInScope(req_info)
367
+ # @param [IRequestInfo] req_info The request information to include in
368
+ # the Suite-wide scope.
369
+ # @overload includeInScope(serv, req)
370
+ # @param [IHttpService] serv The HTTP service to include in the Suite-wide
371
+ # scope.
372
+ # @param [Array<byte>, String] req The request to include
373
+ #
374
+ # @return [void]
375
+ def includeInScope(*args)
376
+ url, req = args
377
+ case args.size
378
+ when 1
379
+ case url
380
+ when Java::Burp::IHttpRequestResponse, Java::Burp::IRequestInfo
381
+ url = url.getUrl
382
+ else
383
+ url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
384
+ end
385
+ when 2
386
+ url = getHelpers.__analyzeRequest(url, req).getUrl
387
+ else
388
+ raise ArgumentError, "wrong number of arguments calling '#{__callee__}' (#{args.size} for 1,2)"
389
+ end
390
+ _check_and_callback :includeInScope, url
255
391
  end
256
- alias include_in_scope includeInScope
257
- alias include_scope includeInScope
392
+ alias include_in_scope includeInScope
393
+ alias include_scope includeInScope
258
394
 
259
395
  # Query whether a specified URL is within the current Suite-wide scope.
260
- # * url = The URL to query
261
- #
262
- # Returns: true / false
263
- def isInScope(url)
264
- url = Java::JavaNet::URL.new(url) if url.is_a? String
265
- _check_cb.isInScope(url)
396
+ # @overload isInScope(url)
397
+ # @param [java.net.URL, URI, String] url The URL to query
398
+ # @overload isInScope(req)
399
+ # @param [IHttpRequestResponse] req The request to query
400
+ # @overload isInScope(req_info)
401
+ # @param [IRequestInfo] req_info The request info to query
402
+ # @overload isInScope(serv, req)
403
+ # @param [IHttpService] serv The HTTP service to query
404
+ # @param [Array<byte>, String] req The request to query
405
+ #
406
+ # @return [Boolean]
407
+ def isInScope(*args)
408
+ url, req = args
409
+ case args.size
410
+ when 1
411
+ case url
412
+ when Java::Burp::IHttpRequestResponse, Java::Burp::IRequestInfo
413
+ url = url.getUrl
414
+ else
415
+ url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
416
+ end
417
+ when 2
418
+ url = getHelpers.__analyzeRequest(url, req).getUrl
419
+ else
420
+ raise ArgumentError, "wrong number of arguments calling '#{__callee__}' (#{args.size} for 1,2)"
421
+ end
422
+ _check_and_callback :isInScope, url
266
423
  end
267
424
  alias is_in_scope isInScope
268
425
  alias in_scope? isInScope
269
426
 
270
427
  # Display a message in the Burp Suite alerts tab.
271
- # * msg = The alert message to display.
428
+ # @param [#to_s] msg The alert message to display.
429
+ # @return [void]
272
430
  def issueAlert(msg)
273
- _check_cb.issueAlert(msg.to_s)
431
+ _check_and_callback :issueAlert, msg.to_s
274
432
  end
275
433
  alias issue_alert issueAlert
276
434
  alias alert issueAlert
277
435
 
278
436
  # Issue an arbitrary HTTP request and retrieve its response
279
- # * host = The hostname of the remote HTTP server.
280
- # * port = The port of the remote HTTP server.
281
- # * https = Flags whether the protocol is HTTPS or HTTP.
282
- # * req = The full HTTP request. (String or Java bytes[])
283
- #
284
- # also may be called with new IHttpService as an argument
285
- # * service = IHttpService object with host, port, etc.
286
- # * request = request string
287
- # @return The full response retrieved from the remote server.
437
+ # @overload makeHttpRequest(host, port, https, request)
438
+ # @param [String, java.net.URL, URI] host The hostname of the remote HTTP
439
+ # server.
440
+ # @param [Fixnum] port The port of the remote HTTP server.
441
+ # @param [Boolean] useHttps Flags whether the protocol is HTTPS or HTTP.
442
+ # @param [String, Array<byte>, IHttpRequestResponse] request The full HTTP
443
+ # request.
444
+ # @overload makeHttpRequest(request)
445
+ # @param [IHttpRequestResponse] request The full HTTP request
446
+ # @overload makeHttpRequest(url)
447
+ # @param [String, URI, java.net.URL] url The url to make a GET request to.
448
+ # The request is built with {ExtensionHelpers#buildHttpRequest}
449
+ # @overload makeHttpRequest(service, request)
450
+ # @param [IHttpService] service Object with host, port, etc.
451
+ # @param [String, Array<byte>, IHttpRequestResponse] request The full HTTP
452
+ # request.
453
+ # @return [String] The full response retrieved from the remote server.
288
454
  #
289
455
  def makeHttpRequest(*args)
290
- ret = case args.size
456
+ raise ArgumentError, "wrong number of arguments calling '#{__callee__}' (#{args.size} for 1,2,4)" unless [1,2,4].include?(args.size)
457
+ host, port, https, req, serv = args
458
+
459
+ case args.size
460
+ when 1
461
+ case host
462
+ when Java::Burp::IHttpRequestResponse
463
+ req = host
464
+ serv = req.getHttpService
465
+ else
466
+ host = Java::JavaNet::URL.new host.to_s unless host.kind_of?(Java::JavaNet::URL)
467
+ port = host.port
468
+ https = host.protocol
469
+ req = getHelpers.__buildHttpRequest host
470
+ https = case https.to_s.downcase
471
+ when 'https'
472
+ true
473
+ when 'http'
474
+ false
475
+ else
476
+ !!https
477
+ end
478
+
479
+ port ||= https ? 443 : 80
480
+ port = https ? 443 : 80 if port < 0
481
+
482
+ host = host.host if host.respond_to? :host
483
+ serv = getHelpers.buildHttpService(host, port, https)
484
+ end
291
485
  when 2
292
- service, req = args
293
- req = req.to_java_bytes if req.is_a? String
294
- _check_and_callback(:makeHttpRequst, service, req)
486
+ serv, req = args
295
487
  when 4
296
- host, port, https, req = args
297
- req = req.to_java_bytes if req.is_a? String
298
- _check_cb.makeHttpRequest(host, port, https, req)
488
+ # nop
299
489
  else
300
490
  raise ArgumentError
301
491
  end
302
- String.from_java_bytes(ret)
492
+
493
+ req = req.request if req.respond_to? :request
494
+ req = req.to_java_bytes if req.respond_to? :to_java_bytes
495
+
496
+ ret = if serv
497
+ _check_and_callback(:makeHttpRequest, serv, req)
498
+ else
499
+ String.from_java_bytes _check_and_callback(:makeHttpRequest, host, port, https, req)
500
+ end
303
501
  end
304
502
  alias make_http_request makeHttpRequest
305
503
  alias make_request makeHttpRequest
306
504
 
307
505
  # Send an HTTP request to the Burp Intruder tool
308
- # * host = The hostname of the remote HTTP server.
309
- # * port = The port of the remote HTTP server.
310
- # * https = Flags whether the protocol is HTTPS or HTTP.
311
- # * req = The full HTTP request. (String or Java bytes[])
312
- # * ip_off = A list of index pairs representing the
313
- # * positions of the insertion points that should be scanned. Each item in
314
- # * the list must be an int[2] array containing the start and end offsets
315
- # * for the insertion point. *1.4.04+* only
316
- # *
317
- def sendToIntruder(host, port, https, req, ip_off)
318
- req = req.to_java_bytes if req.is_a? String
506
+ #
507
+ # @overload sendToIntruder(host, port, https, req, ip_off=nil)
508
+ # @param [String] host The hostname of the remote HTTP server.
509
+ # @param [Fixnum] port The port of the remote HTTP server.
510
+ # @param [Boolean, #to_s] https Flags whether the protocol is HTTPS or HTTP.
511
+ # @param [String, Array<byte>, IHttpRequestResponse] req The full HTTP
512
+ # request.
513
+ # @param [Array<Array<Fixnum>>] ip_off A list of index pairs representing
514
+ # the positions of the insertion points that should be scanned. Each item
515
+ # in the list must be an +int[2]+ array containing the start and end
516
+ # offsets for the insertion point.
517
+ # @overload sendToIntruder(request, ip_off=nil)
518
+ # @param [IHttpRequestResponse] request The complete request to send to
519
+ # Intruder.
520
+ # @param [Array<Array<Fixnum>>] ip_off A list of index pairs representing
521
+ # the positions of the insertion points that should be scanned. Each item
522
+ # in the list must be an +int[2]+ array containing the start and end
523
+ # offsets for the insertion point.
524
+ # @overload sendToIntruder(service, request, ip_off=nil)
525
+ # @param [IHttpService] service The HTTP service description for the request
526
+ # @param [IHttpRequestResponse, String, Array<byte>] request The complete
527
+ # request to send to Intruder. If +String+ or +Array<byte>+ the request
528
+ # will first be analyzed with #analyzeRequest to obtain the required
529
+ # information
530
+ # @param [Array<Array<Fixnum>>] ip_off A list of index pairs representing
531
+ # the positions of the insertion points that should be scanned. Each item
532
+ # in the list must be an +int[2]+ array containing the start and end
533
+ # offsets for the insertion point.
534
+ #
535
+ # @return [void]
536
+ def sendToIntruder(*args)
537
+ host, port, https, req, ip_off = nil
538
+ case args.first
539
+ when String
540
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless [4,5].include?(args.size)
541
+ host, port, https, req, ip_off = *args
542
+ when Java::Burp::IHttpRequestResponse
543
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless [1,2].include?(args.size)
544
+ req, ip_off = *args
545
+ port = req.port
546
+ https = req.protocol
547
+ host = req.host
548
+ when Java::Burp::IHttpService
549
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless [2,3].include?(args.size)
550
+ serv, req, ip_off = *args
551
+ port = serv.port
552
+ https = serv.protocol
553
+ host = serv.host
554
+ else
555
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)"
556
+ end
557
+
558
+ https = case https.to_s.downcase
559
+ when 'https'
560
+ true
561
+ when 'http'
562
+ false
563
+ else
564
+ !!https
565
+ end
566
+
567
+ req = req.request if req.respond_to?(:request)
568
+ req = req.to_java_bytes if req.respond_to?(:to_java_bytes)
319
569
  if self.getBurpVersion.to_a[1..-1].join(".") < "1.4.04"
320
- _check_cb.sendToIntruder(host, port, https, req)
570
+ _check_and_callback :sendToIntruder, host, port, https, req
321
571
  else
322
- _check_cb.sendToIntruder(host, port, https, req, ip_off)
572
+ _check_and_callback :sendToIntruder, host, port, https, req, ip_off
323
573
  end
324
574
  end
325
575
  alias send_to_intruder sendToIntruder
326
576
  alias intruder sendToIntruder
327
577
 
578
+ # This method can be used to send data to the Comparer tool.
579
+ #
580
+ # @overload sendToComparer(data)
581
+ # @param [Array<Byte>, String] data The data to be sent to Comparer.
582
+ # @overload sendToComparer(data, use_req=nil)
583
+ # @param [IHttpRequestResponse] data Request/Response to be sent to Comparer.
584
+ # @param [Boolean] use_req Use request instead of response
585
+ #
586
+ def sendToComparer(data, use_req=nil)
587
+ if data.kind_of? Java::Burp::IHttpRequestResponse
588
+ data = use_req ? data.request : data.response
589
+ end
590
+ data = data.to_java_bytes if data.respond_to? :to_java_bytes
591
+ _check_and_callback(:sendToComparer, data)
592
+ end
593
+ alias send_to_comparer sendToComparer
594
+ alias comparer sendToComparer
595
+
328
596
  # Send an HTTP request to the Burp Repeater tool.
329
- # * host = The hostname of the remote HTTP server.
330
- # * port = The port of the remote HTTP server.
331
- # * https = Flags whether the protocol is HTTPS or HTTP.
332
- # * req = The full HTTP request. (String or Java bytes[])
333
- # * tab = The tab caption displayed in Repeater. (default: auto-generated)
334
- def sendToRepeater(host, port, https, req, tab=nil)
335
- req = req.to_java_bytes if req.is_a? String
336
- _check_cb.sendToRepeater(host, port, https, req, tab)
597
+ #
598
+ # @overload sendToRepeater(host, port, https, req, tab=nil)
599
+ # @param [String] host The hostname of the remote HTTP server.
600
+ # @param [Fixnum] port The port of the remote HTTP server.
601
+ # @param [Boolean, #to_s] https Flags whether the protocol is HTTPS or HTTP.
602
+ # @param [String, Array<byte>, IHttpRequestResponse] req The full HTTP
603
+ # request. (String or Java +byte[]+)
604
+ # @param [String] tab The tab caption displayed in Repeater. (default:
605
+ # auto-generated)
606
+ # @overload sendToRepeater(service, request, tab=nil)
607
+ # @param [IHttpService] service The HTTP service description for the request
608
+ # @param [IHttpRequestResponse, String, Array<byte>] request The complete
609
+ # request to send to Intruder. If +String+ or +Array<byte>+ the request
610
+ # will first be analyzed with #analyzeRequest to obtain the required
611
+ # information
612
+ # @param [String] tab The tab caption displayed in Repeater. (default:
613
+ # auto-generated)
614
+ # @overload sendToRepeater(request, tab=nil)
615
+ # @param [IHttpRequestResponse] request The request to be sent to Repeater
616
+ # containing all the required information.
617
+ # @param [String] tab The tab caption displayed in Repeater. (default:
618
+ # auto-generated)
619
+ # @return [void]
620
+ def sendToRepeater(*args)
621
+ host, port, https, req, tab = nil
622
+ case args.first
623
+ when String
624
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless [4,5].include?(args.size)
625
+ host, port, https, req, tab = *args
626
+ when Java::Burp::IHttpRequestResponse
627
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless [1,2].include?(args.size)
628
+ req, tab = *args
629
+ port = req.port
630
+ https = req.protocol
631
+ host = req.host
632
+ when Java::Burp::IHttpService
633
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)" unless [2,3].include?(args.size)
634
+ serv, req, tab = *args
635
+ port = serv.port
636
+ https = serv.protocol
637
+ host = serv.host
638
+ else
639
+ raise ArgumentError, "wrong number/type of arguments calling '#{__callee__}' (#{args.size} for 1..5)"
640
+ end
641
+
642
+ https = case https.to_s.downcase
643
+ when 'https'
644
+ true
645
+ when 'http'
646
+ false
647
+ else
648
+ !!https
649
+ end
650
+
651
+ req = req.request if req.kind_of?(Java::Burp::IHttpRequestResponse)
652
+ req = req.to_java_bytes if req.respond_to?(:to_java_bytes)
653
+ _check_and_callback :sendToRepeater, host, port, https, req, tab
337
654
  end
338
655
  alias send_to_repeater sendToRepeater
339
656
  alias repeater sendToRepeater
340
657
 
341
658
  # Send a seed URL to the Burp Spider tool.
342
- # * url = The new seed URL to begin spidering from.
659
+ # @param [String, URI, java.net.URL, IHttpRequestResponse] url The new seed URL to begin
660
+ # spidering from.
661
+ # @return [void]
343
662
  def sendToSpider(url)
344
- url = Java::JavaNet::URL.new(url) if url.is_a? String
345
- _check_cb.sendToSpider(url)
663
+ url = url.url if url.respond_to? :url
664
+ url = Java::JavaNet::URL.new(url.to_s) unless url.kind_of?(Java::JavaNet::URL)
665
+ _check_and_callback :sendToSpider, url
346
666
  end
347
667
  alias send_to_spider sendToSpider
348
668
  alias spider sendToSpider
@@ -354,17 +674,18 @@ class Buby
354
674
  # * meth = string or symbol name of method
355
675
  # * args = variable length array of arguments to pass to meth
356
676
  def _check_and_callback(meth, *args, &block)
357
- cb = _check_cb
358
- unless cb.respond_to?(meth)
677
+ begin
678
+ _check_cb.__send__ meth, *args, &block
679
+ rescue NoMethodError
359
680
  raise "#{meth} is not available in your version of Burp"
360
681
  end
361
- cb.__send__ meth, *args, &block
362
682
  end
363
683
 
364
684
 
365
- # Returns a Java array of IHttpRequestResponse objects pulled directly from
685
+ # Returns a Java array of IHttpRequestResponse objects pulled directly from
366
686
  # the Burp proxy history.
367
687
  # @todo Bring IHttpRequestResponse helper up to date
688
+ # @return [HttpRequestResponseList]
368
689
  def getProxyHistory
369
690
  HttpRequestResponseList.new(_check_and_callback(:getProxyHistory))
370
691
  end
@@ -372,23 +693,26 @@ class Buby
372
693
  alias get_proxy_history getProxyHistory
373
694
 
374
695
 
375
- # Returns a Java array of IHttpRequestResponse objects pulled directly from
376
- # the Burp site map for all urls matching the specified literal prefix.
696
+ # Returns a Java array of IHttpRequestResponse objects pulled directly from
697
+ # the Burp site map for all urls matching the specified literal prefix.
377
698
  # The prefix can be nil to return all objects.
378
699
  # @todo Bring IHttpRequestResponse helper up to date
700
+ # @param [String, java.net.URL, URI, nil] urlprefix
701
+ # @return [HttpRequestResponseList]
379
702
  def getSiteMap(urlprefix=nil)
380
- HttpRequestResponseList.new(_check_and_callback(:getSiteMap, urlprefix))
703
+ HttpRequestResponseList.new(_check_and_callback(:getSiteMap, urlprefix && urlprefix.to_s))
381
704
  end
382
705
  alias site_map getSiteMap
383
706
  alias get_site_map getSiteMap
384
707
 
385
708
 
386
- # This method returns all of the current scan issues for URLs matching the
709
+ # This method returns all of the current scan issues for URLs matching the
387
710
  # specified literal prefix. The prefix can be nil to match all issues.
388
711
  #
389
- # IMPORTANT: This method is only available with Burp 1.2.15 and higher.
712
+ # @param [String, java.net.URL, URI, nil] urlprefix
713
+ # @return [ScanIssuesList]
390
714
  def getScanIssues(urlprefix=nil)
391
- ScanIssuesList.new( _check_and_callback(:getScanIssues, urlprefix) )
715
+ ScanIssuesList.new( _check_and_callback(:getScanIssues, urlprefix && urlprefix.to_s) )
392
716
  end
393
717
  alias scan_issues getScanIssues
394
718
  alias get_scan_issues getScanIssues
@@ -399,7 +723,9 @@ class Buby
399
723
  #
400
724
  # IMPORTANT: This method is only available with Burp 1.2.09 and higher.
401
725
  #
402
- # * filename = path and filename of the file to restore from
726
+ # @param [String, java.io.File] filename path and filename of the file to
727
+ # restore from
728
+ # @return [void]
403
729
  def restoreState(filename)
404
730
  _check_and_callback(:restoreState, Java::JavaIo::File.new(filename))
405
731
  end
@@ -410,25 +736,25 @@ class Buby
410
736
  #
411
737
  # IMPORTANT: This method is only available with Burp 1.2.09 and higher.
412
738
  #
413
- # * filename = path and filename of the file to save to
739
+ # @param [String, java.io.File] filename path and filename of the file to
740
+ # save to
741
+ # @return [void]
414
742
  def saveState(filename)
415
743
  _check_and_callback(:saveState, Java::JavaIo::File.new(filename))
416
744
  end
417
745
  alias save_state saveState
418
746
 
419
747
 
420
- # Parses a raw HTTP request message and returns an associative array
421
- # containing parameters as they are structured in the 'Parameters' tab in the
748
+ # Parses a raw HTTP request message and returns an associative array
749
+ # containing parameters as they are structured in the 'Parameters' tab in the
422
750
  # Burp request UI.
423
751
  #
424
- # IMPORTANT: This method is only available with Burp 1.2.09+ and deprecated in 1.5.01
425
- #
426
752
  # This method parses the specified request and returns details of each
427
753
  # request parameter.
428
754
  #
429
- # @param request The request to be parsed.
430
- # @return An array of:
431
- # <code>String[] { name, value, type }</code> containing details of the
755
+ # @note This method is only available with Burp 1.2.09+ and is deprecated in 1.5.01+
756
+ # @param [Array<btye>, String] request The request to be parsed.
757
+ # @return [Array<Array<String{ name, value, type }>>] details of the
432
758
  # parameters contained within the request.
433
759
  # @deprecated Use +IExtensionHelpers.analyzeRequest()+ instead.
434
760
  #
@@ -441,19 +767,17 @@ class Buby
441
767
 
442
768
 
443
769
  # Parses a raw HTTP message (request or response ) and returns an associative
444
- # array containing the headers as they are structured in the 'Headers' tab
770
+ # array containing the headers as they are structured in the 'Headers' tab
445
771
  # in the Burp request/response viewer UI.
446
772
  #
447
- # IMPORTANT: This method is only available with Burp 1.2.09+ and is deprecated in 1.5.01
448
- #
449
773
  # This method parses the specified request and returns details of each HTTP
450
774
  # header.
451
775
  #
452
- # @param message The request to be parsed.
453
- # @return An array of HTTP headers.
454
- # @deprecated Use
455
- # <code>IExtensionHelpers.analyzeRequest()</code> or
456
- # <code>IExtensionHelpers.analyzeResponse()</code> instead.
776
+ # @note This method is only available with Burp 1.2.09+ and is deprecated in 1.5.01+
777
+ # @param [Array<byte>, String] message The request to be parsed.
778
+ # @return [Array<Array<String>>] An array of HTTP headers.
779
+ # @deprecated Use +IExtensionHelpers.analyzeRequest+ or
780
+ # +IExtensionHelpers.analyzeResponse()+ instead.
457
781
  #
458
782
  def getHeaders(message)
459
783
  message = message.to_java_bytes if message.is_a? String
@@ -464,8 +788,10 @@ class Buby
464
788
 
465
789
  # Shuts down Burp programatically. If the method returns the user cancelled
466
790
  # the shutdown prompt.
791
+ # @param [Boolean] prompt_user Display a dialog to confirm shutdown
792
+ # @return [void]
467
793
  def exitSuite(prompt_user=false)
468
- _check_and_callback(:exitSuite, prompt_user ? true : false)
794
+ _check_and_callback(:exitSuite, prompt_user)
469
795
  end
470
796
  alias exit_suite exitSuite
471
797
  alias close exitSuite
@@ -478,8 +804,7 @@ class Buby
478
804
  # @param menuItemHandler The handler to be invoked when the user clicks on
479
805
  # the menu item.
480
806
  # @deprecated Use {#registerContextMenuFactory} instead.
481
- #
482
- # This method is only available with Burp 1.3.07+ and is deprecated in 1.5.01.
807
+ # @note This method is only available with Burp 1.3.07+ and is deprecated in 1.5.01.
483
808
  #
484
809
  def registerMenuItem(menuItemCaption, menuItemHandler = nil, &block)
485
810
  ret = if block_given?
@@ -497,8 +822,9 @@ class Buby
497
822
  # This method can be used to add an item to Burp's site map with the
498
823
  # specified request/response details. This will overwrite the details
499
824
  # of any existing matching item in the site map.
500
- #
501
- # @param item Details of the item to be added to the site map
825
+ #
826
+ # @param [IHttpRequestResponse] item Details of the item to be added to the
827
+ # site map
502
828
  #
503
829
  # This method is only available with Burp 1.3.09+
504
830
  def addToSiteMap(item)
@@ -509,8 +835,8 @@ class Buby
509
835
  # This method causes Burp to save all of its current configuration as a
510
836
  # Map of name/value Strings.
511
837
  #
512
- # @return A Map of name/value Strings reflecting Burp's current
513
- # configuration.
838
+ # @return [java.util.Map] A Map of name/value Strings reflecting Burp's
839
+ # current configuration.
514
840
  #
515
841
  # This method is only available with Burp 1.3.09+
516
842
  def saveConfig
@@ -523,14 +849,15 @@ class Buby
523
849
  # name/value Strings provided. Any settings not specified in the Map will
524
850
  # be restored to their default values. To selectively update only some
525
851
  # settings and leave the rest unchanged, you should first call
526
- # <code>saveConfig</code> to obtain Burp's current configuration, modify
527
- # the relevant items in the Map, and then call <code>loadConfig</code>
528
- # with the same Map.
852
+ # +saveConfig+ to obtain Burp's current configuration, modify the relevant
853
+ # items in the Map, and then call +loadConfig+ with the same Map.
529
854
  #
530
- # @param config A map of name/value Strings to use as Burp's new
531
- # configuration.
855
+ # @param [Hash, java.util.Map] config A map of name/value Strings to use as
856
+ # Burp's new configuration.
857
+ # @return [void]
532
858
  #
533
859
  # This method is only available with Burp 1.3.09+
860
+ # @todo updateConfig
534
861
  def loadConfig(config)
535
862
  _check_and_callback(:loadConfig, config)
536
863
  end
@@ -540,10 +867,11 @@ class Buby
540
867
  ## 1.4 methods ##
541
868
 
542
869
  # This method sets the interception mode for Burp Proxy.
543
- #
544
- # @param enabled Indicates whether interception of proxy messages should
545
- # be enabled.
546
- #
870
+ #
871
+ # @param [Boolean] enabled Indicates whether interception of proxy messages
872
+ # should be enabled.
873
+ # @return [void]
874
+ #
547
875
  def setProxyInterceptionEnabled(enabled)
548
876
  _check_and_callback(:setProxyInterceptionEnabled, enabled)
549
877
  end
@@ -551,8 +879,7 @@ class Buby
551
879
  alias proxy_interception= setProxyInterceptionEnabled
552
880
 
553
881
  # This method can be used to determine the version of the loaded burp at runtime.
554
- # This is included in the Javadoc for the extension interfaces but not the supplied interface files.
555
- # @return String array containing the product name, major version, and minor version.
882
+ # @return [Array<String>] the product name, major version, and minor version.
556
883
  def getBurpVersion
557
884
  begin
558
885
  _check_and_callback(:getBurpVersion)
@@ -614,6 +941,29 @@ class Buby
614
941
  alias stderr getStderr
615
942
  alias get_stderr getStderr
616
943
 
944
+
945
+ # This method prints a line of output to the current extension's standard
946
+ # output stream.
947
+ #
948
+ # @param output The message to print.
949
+ # @return [void]
950
+ #
951
+ def printOutput(output)
952
+ _check_and_callback(:printOutput, output)
953
+ end
954
+ alias print_output printOutput
955
+
956
+ # This method prints a line of output to the current extension's standard
957
+ # error stream.
958
+ #
959
+ # @param error The message to print.
960
+ # @return [void]
961
+ #
962
+ def printError(error)
963
+ _check_and_callback(:printError, error)
964
+ end
965
+ alias print_error printError
966
+
617
967
  # This method is used to register a listener which will be notified of
618
968
  # changes to the extension's state. <b>Note:</b> Any extensions that start
619
969
  # background threads or open system resources (such as files or database
@@ -636,6 +986,31 @@ class Buby
636
986
  end
637
987
  alias register_extension_state_listener registerExtensionStateListener
638
988
 
989
+
990
+ # This method is used to retrieve the extension state listeners that are
991
+ # registered by the extension.
992
+ #
993
+ # @return [Array<IExtensionStateListener>] A list of extension state listeners
994
+ # that are currently registered by this extension.
995
+ #
996
+ def getExtensionStateListeners
997
+ _check_and_callback(:getExtensionStateListeners)
998
+ end
999
+ alias get_extension_state_listeners getExtensionStateListeners
1000
+ alias extension_state_listeners getExtensionStateListeners
1001
+
1002
+
1003
+ # This method is used to remove an extension state listener that has been
1004
+ # registered by the extension.
1005
+ #
1006
+ # @param listener The extension state listener to be removed.
1007
+ # @return [void]
1008
+ #
1009
+ def removeExtensionStateListener(listener)
1010
+ _check_and_callback(:removeExtensionStateListener, listener)
1011
+ end
1012
+ alias remove_extension_state_listener removeExtensionStateListener
1013
+
639
1014
  # This method is used to register a listener which will be notified of
640
1015
  # requests and responses made by any Burp tool. Extensions can perform
641
1016
  # custom analysis or modification of these messages by registering an HTTP
@@ -656,6 +1031,29 @@ class Buby
656
1031
  end
657
1032
  alias register_http_listener registerHttpListener
658
1033
 
1034
+ # This method is used to retrieve the HTTP listeners that are registered by
1035
+ # the extension.
1036
+ #
1037
+ # @return [Array<IHttpListener>] A list of HTTP listeners that are currently
1038
+ # registered by this extension.
1039
+ #
1040
+ def getHttpListeners
1041
+ _check_and_callback(:getHttpListeners)
1042
+ end
1043
+ alias get_http_listeners getHttpListeners
1044
+ alias http_listeners getHttpListeners
1045
+
1046
+ # This method is used to remove an HTTP listener that has been registered
1047
+ # by the extension.
1048
+ #
1049
+ # @param listener The HTTP listener to be removed.
1050
+ # @return [void]
1051
+ #
1052
+ def removeHttpListener(listener)
1053
+ _check_and_callback(:removeHttpListener, listener)
1054
+ end
1055
+ alias remove_http_listener removeHttpListener
1056
+
659
1057
  # This method is used to register a listener which will be notified of
660
1058
  # requests and responses being processed by the Proxy tool. Extensions can
661
1059
  # perform custom analysis or modification of these messages, and control
@@ -676,6 +1074,29 @@ class Buby
676
1074
  end
677
1075
  alias register_proxy_listener registerProxyListener
678
1076
 
1077
+ # This method is used to retrieve the Proxy listeners that are registered
1078
+ # by the extension.
1079
+ #
1080
+ # @return [Array<IProxyListener>] A list of Proxy listeners that are currently
1081
+ # registered by this extension.
1082
+ #
1083
+ def getProxyListeners
1084
+ _check_and_callback(:getProxyListeners)
1085
+ end
1086
+ alias get_proxy_listeners getProxyListeners
1087
+ alias proxy_listeners getProxyListeners
1088
+
1089
+ # This method is used to remove a Proxy listener that has been registered
1090
+ # by the extension.
1091
+ #
1092
+ # @param [IProxyListener] listener The Proxy listener to be removed.
1093
+ # @return [void]
1094
+ #
1095
+ def removeProxyListener(listener)
1096
+ _check_and_callback(:removeProxyListener, listener)
1097
+ end
1098
+ alias remove_proxy_listener removeProxyListener
1099
+
679
1100
  # This method is used to register a listener which will be notified of new
680
1101
  # issues that are reported by the Scanner tool. Extensions can perform
681
1102
  # custom analysis or logging of Scanner issues by registering a Scanner
@@ -696,6 +1117,29 @@ class Buby
696
1117
  end
697
1118
  alias register_scanner_listener registerScannerListener
698
1119
 
1120
+ # This method is used to retrieve the Scanner listeners that are registered
1121
+ # by the extension.
1122
+ #
1123
+ # @return [Array<IScannerListener>] A list of Scanner listeners that are
1124
+ # currently registered by this extension.
1125
+ #
1126
+ def getScannerListeners
1127
+ _check_and_callback(:getScannerListeners)
1128
+ end
1129
+ alias get_scanner_listeners getScannerListeners
1130
+
1131
+
1132
+ # This method is used to remove a Scanner listener that has been registered
1133
+ # by the extension.
1134
+ #
1135
+ # @param listener The Scanner listener to be removed.
1136
+ # @return void
1137
+ #
1138
+ def removeScannerListener(listener)
1139
+ _check_and_callback(:removeScannerListener, listener)
1140
+ end
1141
+ alias remove_scanner_listener removeScannerListener
1142
+
699
1143
  # This method is used to register a listener which will be notified of
700
1144
  # changes to Burp's suite-wide target scope.
701
1145
  #
@@ -713,6 +1157,30 @@ class Buby
713
1157
  end
714
1158
  end
715
1159
 
1160
+ # This method is used to retrieve the scope change listeners that are
1161
+ # registered by the extension.
1162
+ #
1163
+ # @return [Array<IScopeChangeListener>] A list of scope change listeners that
1164
+ # are currently registered by this extension.
1165
+ #
1166
+ def getScopeChangeListeners
1167
+ _check_and_callback(:getScopeChangeListeners)
1168
+ end
1169
+ alias get_scope_change_listeners getScopeChangeListeners
1170
+ alias scope_change_listeners getScopeChangeListeners
1171
+
1172
+ # This method is used to remove a scope change listener that has been
1173
+ # registered by the extension.
1174
+ #
1175
+ # @param [IScopeChangeListener] listener The scope change listener to be
1176
+ # removed.
1177
+ # @return [void]
1178
+ #
1179
+ def removeScopeChangeListener(listener)
1180
+ _check_and_callback(:removeScopeChangeListener, listener)
1181
+ end
1182
+ alias remove_scope_change_listener removeScopeChangeListener
1183
+
716
1184
  # This method is used to register a factory for custom context menu items.
717
1185
  # When the user invokes a context menu anywhere within Burp, the factory
718
1186
  # will be passed details of the invocation event, and asked to provide any
@@ -737,6 +1205,29 @@ class Buby
737
1205
  end
738
1206
  alias register_context_menu_factory registerContextMenuFactory
739
1207
 
1208
+ # This method is used to retrieve the context menu factories that are
1209
+ # registered by the extension.
1210
+ #
1211
+ # @return [Array<IContextMenuFactory>] A list of context menu factories that
1212
+ # are currently registered by this extension.
1213
+ #
1214
+ def getContextMenuFactories
1215
+ _check_and_callback(:getContextMenuFactories)
1216
+ end
1217
+ alias get_context_menu_factories getContextMenuFactories
1218
+ alias context_menu_factories getContextMenuFactories
1219
+
1220
+ # This method is used to remove a context menu factory that has been
1221
+ # registered by the extension.
1222
+ #
1223
+ # @param [IContextMenuFactory] factory The context menu factory to be removed.
1224
+ # @return [void]
1225
+ #
1226
+ def removeContextMenuFactory(factory)
1227
+ _check_and_callback(:removeContextMenuFactory, factory)
1228
+ end
1229
+ alias remove_context_menu_factory removeContextMenuFactory
1230
+
740
1231
  # This method is used to register a factory for custom message editor tabs.
741
1232
  # For each message editor that already exists, or is subsequently created,
742
1233
  # within Burp, the factory will be asked to provide a new instance of an
@@ -762,6 +1253,30 @@ class Buby
762
1253
  end
763
1254
  alias register_message_editor_tab_factory registerMessageEditorTabFactory
764
1255
 
1256
+ # This method is used to retrieve the message editor tab factories that are
1257
+ # registered by the extension.
1258
+ #
1259
+ # @return [Array<IMessageEditorTabFactory>] A list of message editor tab
1260
+ # factories that are currently registered by this extension.
1261
+ #
1262
+ def getMessageEditorTabFactories
1263
+ _check_and_callback(:getMessageEditorTabFactories)
1264
+ end
1265
+ alias get_message_editor_tab_factories getMessageEditorTabFactories
1266
+ alias message_editor_tab_factories getMessageEditorTabFactories
1267
+
1268
+ # This method is used to remove a message editor tab factory that has been
1269
+ # registered by the extension.
1270
+ #
1271
+ # @param [IMessageEditorTabFactory] factory The message editor tab factory to
1272
+ # be removed.
1273
+ # @return [void]
1274
+ #
1275
+ def removeMessageEditorTabFactory(factory)
1276
+ _check_and_callback(:removeMessageEditorTabFactory, factory)
1277
+ end
1278
+ alias remove_message_editor_tab_factory removeMessageEditorTabFactory
1279
+
765
1280
  # This method is used to register a provider of Scanner insertion points.
766
1281
  # For each base request that is actively scanned, Burp will ask the
767
1282
  # provider to provide any custom scanner insertion points that are
@@ -783,6 +1298,29 @@ class Buby
783
1298
  end
784
1299
  alias register_scanner_insertion_point_provider registerScannerInsertionPointProvider
785
1300
 
1301
+ # This method is used to retrieve the Scanner insertion point providers
1302
+ # that are registered by the extension.
1303
+ #
1304
+ # @return [Array<IScannerInsertionPointProvider>] A list of Scanner insertion
1305
+ # point providers that are currently registered by this extension.
1306
+ #
1307
+ def getScannerInsertionPointProviders
1308
+ _check_and_callback(:getScannerInsertionPointProviders)
1309
+ end
1310
+ alias get_scanner_insertion_point_providers getScannerInsertionPointProviders
1311
+ alias scanner_insertion_point_providers getScannerInsertionPointProviders
1312
+
1313
+ # This method is used to remove a Scanner insertion point provider that has
1314
+ # been registered by the extension.
1315
+ #
1316
+ # @param [IScannerInsertionPointProvider] provider The Scanner insertion point provider to be removed.
1317
+ # @return [void]
1318
+ #
1319
+ def removeScannerInsertionPointProvider(provider)
1320
+ _check_and_callback(:removeScannerInsertionPointProvider, provider)
1321
+ end
1322
+ alias remove_scanner_insertion_point_provider removeScannerInsertionPointProvider
1323
+
786
1324
  # This method is used to register a custom Scanner check. When performing
787
1325
  # scanning, Burp will ask the check to perform active or passive scanning
788
1326
  # on the base request, and report any Scanner issues that are identified.
@@ -798,6 +1336,29 @@ class Buby
798
1336
  end
799
1337
  alias register_scanner_check registerScannerCheck
800
1338
 
1339
+ # This method is used to retrieve the Scanner checks that are registered by
1340
+ # the extension.
1341
+ #
1342
+ # @return [Array<IScannerCheck>] A list of Scanner checks that are currently
1343
+ # registered by this extension.
1344
+ #
1345
+ def getScannerChecks
1346
+ _check_and_callback(:getScannerChecks)
1347
+ end
1348
+ alias get_scanner_checks getScannerChecks
1349
+ alias scanner_checks getScannerChecks
1350
+
1351
+ # This method is used to remove a Scanner check that has been registered by
1352
+ # the extension.
1353
+ #
1354
+ # @param [IScannerCheck] check The Scanner check to be removed.
1355
+ # @return [void]
1356
+ #
1357
+ def removeScannerCheck(check)
1358
+ _check_and_callback(:removeScannerCheck, check)
1359
+ end
1360
+ alias remove_scanner_check removeScannerCheck
1361
+
801
1362
  # This method is used to register a factory for Intruder payloads. Each
802
1363
  # registered factory will be available within the Intruder UI for the user
803
1364
  # to select as the payload source for an attack. When this is selected, the
@@ -818,6 +1379,29 @@ class Buby
818
1379
  end
819
1380
  alias register_intruder_payload_generator_factory registerIntruderPayloadGeneratorFactory
820
1381
 
1382
+ # This method is used to retrieve the Intruder payload generator factories
1383
+ # that are registered by the extension.
1384
+ #
1385
+ # @return [Array<IIntruderPayloadGeneratorFactory>] A list of Intruder payload
1386
+ # generator factories that are currently registered by this extension.
1387
+ #
1388
+ def getIntruderPayloadGeneratorFactories
1389
+ _check_and_callback(:getIntruderPayloadGeneratorFactories)
1390
+ end
1391
+ alias get_intruder_payload_generator_factories getIntruderPayloadGeneratorFactories
1392
+ alias intruder_payload_generator_factories getIntruderPayloadGeneratorFactories
1393
+
1394
+ # This method is used to remove an Intruder payload generator factory that
1395
+ # has been registered by the extension.
1396
+ #
1397
+ # @param [IIntruderPayloadGeneratorFactory] factory The Intruder payload
1398
+ # generator factory to be removed.
1399
+ #
1400
+ def removeIntruderPayloadGeneratorFactory(factory)
1401
+ _check_and_callback(:removeIntruderPayloadGeneratorFactory, factory)
1402
+ end
1403
+ alias remove_intruder_payload_generator_factory removeIntruderPayloadGeneratorFactory
1404
+
821
1405
  # This method is used to register a custom Intruder payload processor. Each
822
1406
  # registered processor will be available within the Intruder UI for the
823
1407
  # user to select as the action for a payload processing rule.
@@ -835,6 +1419,30 @@ class Buby
835
1419
  end
836
1420
  alias register_intruder_payload_processor registerIntruderPayloadProcessor
837
1421
 
1422
+ # This method is used to retrieve the Intruder payload processors that are
1423
+ # registered by the extension.
1424
+ #
1425
+ # @return [Array<IIntruderPayloadProcessor>] A list of Intruder payload
1426
+ # processors that are currently registered by this extension.
1427
+ #
1428
+ def getIntruderPayloadProcessors
1429
+ _check_and_callback(:getIntruderPayloadProcessors)
1430
+ end
1431
+ alias get_intruder_payload_processors getIntruderPayloadProcessors
1432
+ alias intruder_payload_processors getIntruderPayloadProcessors
1433
+
1434
+ # This method is used to remove an Intruder payload processor that has been
1435
+ # registered by the extension.
1436
+ #
1437
+ # @param [IIntruderPayloadProcessor] processor The Intruder payload processor
1438
+ # to be removed.
1439
+ # @return [void]
1440
+ #
1441
+ def removeIntruderPayloadProcessor(processor)
1442
+ _check_and_callback(:removeIntruderPayloadProcessor, processor)
1443
+ end
1444
+ alias remove_intruder_payload_processor removeIntruderPayloadProcessor
1445
+
838
1446
  # This method is used to register a custom session handling action. Each
839
1447
  # registered action will be available within the session handling rule UI
840
1448
  # for the user to select as a rule action. Users can choose to invoke an
@@ -852,6 +1460,29 @@ class Buby
852
1460
  end
853
1461
  alias register_session_handling_action registerSessionHandlingAction
854
1462
 
1463
+ # This method is used to retrieve the session handling actions that are
1464
+ # registered by the extension.
1465
+ #
1466
+ # @return [Array<ISessionHandlingAction>] A list of session handling actions
1467
+ # that are currently registered by this extension.
1468
+ #
1469
+ def getSessionHandlingActions
1470
+ _check_and_callback(:getSessionHandlingActions)
1471
+ end
1472
+ alias get_session_handling_actions getSessionHandlingActions
1473
+ alias session_handling_actions getSessionHandlingActions
1474
+
1475
+ # This method is used to remove a session handling action that has been
1476
+ # registered by the extension.
1477
+ #
1478
+ # @param action The extension session handling action to be removed.
1479
+ # @return [void]
1480
+ #
1481
+ def removeSessionHandlingAction(action)
1482
+ _check_and_callback(:removeSessionHandlingAction, action)
1483
+ end
1484
+ alias remove_session_handling_action removeSessionHandlingAction
1485
+
855
1486
  # This method is used to add a custom tab to the main Burp Suite window.
856
1487
  #
857
1488
  # @param [ITab] tab A tab to be added to the suite's user interface.
@@ -932,7 +1563,7 @@ class Buby
932
1563
  #
933
1564
  # @return [ITextEditor] A new text editor the extension can use in its own UI.
934
1565
  #
935
- def createTextEditor()
1566
+ def createTextEditor
936
1567
  _check_and_callback(:createTextEditor)
937
1568
  end
938
1569
  alias create_text_editor createTextEditor
@@ -952,9 +1583,9 @@ class Buby
952
1583
  alias cookie_jar_contents getCookieJarContents
953
1584
 
954
1585
  # This method is used to update the contents of Burp's session handling
955
- # cookie jar. Extensions that provide an
956
- # <code>ISessionHandlingAction</code> can query and update the cookie jar
957
- # in order to handle unusual session handling mechanisms.
1586
+ # cookie jar. Extensions that provide an +ISessionHandlingAction+ can query
1587
+ # and update the cookie jar in order to handle unusual session handling
1588
+ # mechanisms.
958
1589
  #
959
1590
  # @param [ICookie] cookie An object containing details of the cookie to be
960
1591
  # updated. If the cookie jar already contains a cookie that matches the
@@ -973,9 +1604,11 @@ class Buby
973
1604
  # This method is used to create a temporary file on disk containing the
974
1605
  # provided data. Extensions can use temporary files for long-term storage
975
1606
  # of runtime data, avoiding the need to retain that data in memory.
976
- # Not strictly needed in JRuby (use Tempfile class in stdlib instead) but might see use.
1607
+ # Not strictly needed in JRuby (use Tempfile class in stdlib instead) but
1608
+ # might see use.
977
1609
  #
978
- # @param [String, Array<byte>] buffer The data to be saved to a temporary file.
1610
+ # @param [String, Array<byte>] buffer The data to be saved to a temporary
1611
+ # file.
979
1612
  # @return [ITempFile] A reference to the temp file.
980
1613
  #
981
1614
  def saveToTempFile(buffer)
@@ -1010,13 +1643,15 @@ class Buby
1010
1643
  # @param [Array<Array<Fixnum>>] requestMarkers A list of index pairs
1011
1644
  # representing the offsets of markers to be applied to the request message.
1012
1645
  # Each item in the list must be an +int[2]+ array containing the start and
1013
- # end offsets for the marker. This parameter is optional and may be +nil+ if
1014
- # no request markers are required.
1646
+ # end offsets for the marker. The markers in the list should be in sequence
1647
+ # and not overlapping. This parameter is optional and may be +nil+ if no
1648
+ # response markers are required.
1015
1649
  # @param [Array<Array<Fixnum>>] responseMarkers A list of index pairs
1016
1650
  # representing the offsets of markers to be applied to the response message.
1017
1651
  # Each item in the list must be an +int[2]+ array containing the start and
1018
- # end offsets for the marker. This parameter is optional and may be +nil+ if
1019
- # no response markers are required.
1652
+ # end offsets for the marker. The markers in the list should be in sequence
1653
+ # and not overlapping. This parameter is optional and may be +nil+ if no
1654
+ # response markers are required.
1020
1655
  # @return [IHttpRequestResponseWithMarkers] A marked request/response pair.
1021
1656
  #
1022
1657
  # @todo Bring IHttpRequestResponse helper up to date
@@ -1028,11 +1663,12 @@ class Buby
1028
1663
  # This method is used to obtain the descriptive name for the Burp tool
1029
1664
  # identified by the tool flag provided.
1030
1665
  #
1031
- # @param [Fixnum] toolFlag A flag identifying a Burp tool (+TOOL_PROXY+, +TOOL_SCANNER+, etc.). Tool flags are defined within this interface.
1666
+ # @param [Fixnum] toolFlag A flag identifying a Burp tool (+TOOL_PROXY+,
1667
+ # +TOOL_SCANNER+, etc.). Tool flags are defined within this interface.
1032
1668
  # @return [String] The descriptive name for the specified tool.
1033
1669
  #
1034
1670
  def getToolName(toolFlag)
1035
- _check_and_callback(:getToolName, toolFlag)
1671
+ @tool_names[toolFlag] ||= _check_and_callback(:getToolName, toolFlag)
1036
1672
  end
1037
1673
  alias get_tool_name getToolName
1038
1674
 
@@ -1054,9 +1690,9 @@ class Buby
1054
1690
  ### Event Handlers ###
1055
1691
  # @todo move basic event handler logic to extender side
1056
1692
 
1057
- # This method is called by the BurpExtender java implementation upon
1693
+ # This method is called by the BurpExtender java implementation upon
1058
1694
  # initialization of the BurpExtender instance for Burp. The args parameter
1059
- # is passed with a instance of the newly initialized BurpExtender instance
1695
+ # is passed with a instance of the newly initialized BurpExtender instance
1060
1696
  # so that implementations can access and extend its public interfaces.
1061
1697
  #
1062
1698
  # The return value is ignored.
@@ -1075,13 +1711,14 @@ class Buby
1075
1711
  # @return [void]
1076
1712
  def extender_initialize ext
1077
1713
  @burp_extender = ext
1714
+ @tool_names = {}
1078
1715
  pp([:got_extender, ext]) if $DEBUG
1079
1716
  end
1080
1717
 
1081
1718
  # This method is called by the BurpExtender implementation Burp startup.
1082
- # The args parameter contains main()'s argv command-line arguments array.
1719
+ # The args parameter contains main()'s argv command-line arguments array.
1083
1720
  #
1084
- # Note: This maps to the 'setCommandLineArgs' method in the java
1721
+ # Note: This maps to the 'setCommandLineArgs' method in the java
1085
1722
  # implementation of BurpExtender.
1086
1723
  #
1087
1724
  # The return value is ignored.
@@ -1158,11 +1795,12 @@ class Buby
1158
1795
  # ruby. Otherwise there's flakiness when converting certain binary non-ascii
1159
1796
  # sequences. As long as we do it here, it should be fine.
1160
1797
  #
1161
- # Note: This method maps to the 'processProxyMessage' method in the java
1798
+ # Note: This method maps to the 'processProxyMessage' method in the java
1162
1799
  # implementation of BurpExtender.
1163
1800
  #
1164
1801
  # This method just handles the conversion to and from evt_proxy_message
1165
- # which expects a message string
1802
+ # which expects a message string
1803
+ # @deprecated
1166
1804
  def evt_proxy_message_raw msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action
1167
1805
  pp [:evt_proxy_message_raw_hit, msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action ] if $DEBUG
1168
1806
 
@@ -1175,25 +1813,25 @@ class Buby
1175
1813
 
1176
1814
  # This method is called by BurpExtender while proxying HTTP messages and
1177
1815
  # before passing them through the Burp proxy. Implementations can use this
1178
- # method to implement arbitrary processing upon HTTP requests and responses
1816
+ # method to implement arbitrary processing upon HTTP requests and responses
1179
1817
  # such as interception, logging, modification, and so on.
1180
1818
  #
1181
1819
  # The 'is_req' parameter indicates whether it is a response or request.
1182
1820
  #
1183
- # Note: This method maps to the 'processProxyMessage' method in the java
1821
+ # Note: This method maps to the 'processProxyMessage' method in the java
1184
1822
  # implementation of BurpExtender.
1185
- #
1823
+ #
1186
1824
  # See also, evt_proxy_message_raw which is actually called before this
1187
1825
  # in the BurpExtender processProxyMessage handler.
1188
1826
  #
1189
- # Below are the parameters descriptions based on the IBurpExtender
1190
- # javadoc. Where applicable, decriptions have been modified for
1827
+ # Below are the parameters descriptions based on the IBurpExtender
1828
+ # javadoc. Where applicable, decriptions have been modified for
1191
1829
  # local parameter naming and other ruby-specific details added.
1192
1830
  #
1193
1831
  # * msg_ref:
1194
- # An identifier which is unique to a single request/response pair. This
1195
- # can be used to correlate details of requests and responses and perform
1196
- # processing on the response message accordingly. This number also
1832
+ # An identifier which is unique to a single request/response pair. This
1833
+ # can be used to correlate details of requests and responses and perform
1834
+ # processing on the response message accordingly. This number also
1197
1835
  # corresponds to the Burp UI's proxy "history" # column.
1198
1836
  #
1199
1837
  # * is_req: (true/false)
@@ -1215,28 +1853,28 @@ class Buby
1215
1853
  # The requested URL. Set in both the request and response.
1216
1854
  #
1217
1855
  # * resourceType:
1218
- # The filetype of the requested resource, or nil if the resource has no
1856
+ # The filetype of the requested resource, or nil if the resource has no
1219
1857
  # filetype.
1220
1858
  #
1221
1859
  # * status:
1222
- # The HTTP status code returned by the server. This value is nil for
1860
+ # The HTTP status code returned by the server. This value is nil for
1223
1861
  # request messages.
1224
1862
  #
1225
1863
  # * req_content_type:
1226
- # The content-type string returned by the server. This value is nil for
1864
+ # The content-type string returned by the server. This value is nil for
1227
1865
  # request messages.
1228
1866
  #
1229
1867
  # * message:
1230
- # The full HTTP message.
1231
- # **Ruby note:
1232
- # For convenience, the message is received and returned as a ruby
1233
- # String object. Internally within Burp it is handled as a java byte[]
1868
+ # The full HTTP message.
1869
+ # **Ruby note:
1870
+ # For convenience, the message is received and returned as a ruby
1871
+ # String object. Internally within Burp it is handled as a java byte[]
1234
1872
  # array. See also the notes about the return object below.
1235
1873
  #
1236
1874
  # * action:
1237
- # An array containing a single integer, allowing the implementation to
1238
- # communicate back to Burp Proxy a non-default interception action for
1239
- # the message. The default value is ACTION_FOLLOW_RULES (or 0).
1875
+ # An array containing a single integer, allowing the implementation to
1876
+ # communicate back to Burp Proxy a non-default interception action for
1877
+ # the message. The default value is ACTION_FOLLOW_RULES (or 0).
1240
1878
  # Possible values include:
1241
1879
  # ACTION_FOLLOW_RULES = 0
1242
1880
  # ACTION_DO_INTERCEPT = 1
@@ -1248,25 +1886,25 @@ class Buby
1248
1886
  #
1249
1887
  # Return Value:
1250
1888
  # Implementations should return either (a) the same object received
1251
- # in the message paramater, or (b) a different object containing a
1252
- # modified message.
1889
+ # in the message paramater, or (b) a different object containing a
1890
+ # modified message.
1253
1891
  #
1254
1892
  # **IMPORTANT RUBY NOTE:
1255
1893
  # Always be sure to return a new object if making modifications to messages.
1256
1894
  #
1257
- # Explanation:
1258
- # The (a) and (b) convention above is followed rather literally during type
1895
+ # Explanation:
1896
+ # The (a) and (b) convention above is followed rather literally during type
1259
1897
  # conversion on the return value back into the java BurpExtender.
1260
1898
  #
1261
- # When determining whether a change has been made in the message or not,
1899
+ # When determining whether a change has been made in the message or not,
1262
1900
  # the decision is made based on whether the object returned is the same
1263
- # as the object submitted in the call to evt_proxy_message.
1901
+ # as the object submitted in the call to evt_proxy_message.
1264
1902
  #
1265
1903
  #
1266
- # So, for example, using in-place modification of the message using range
1267
- # substring assignments or destructive method variations like String.sub!()
1268
- # and String.gsub! alone won't work because the same object gets returned
1269
- # to BurpExtender.
1904
+ # So, for example, using in-place modification of the message using range
1905
+ # substring assignments or destructive method variations like String.sub!()
1906
+ # and String.gsub! alone won't work because the same object gets returned
1907
+ # to BurpExtender.
1270
1908
  #
1271
1909
  # In short, this means that if you want modifications to be made, be sure
1272
1910
  # to return a different String than the one you got in your handler.
@@ -1297,19 +1935,19 @@ class Buby
1297
1935
  # {Buby::ProxyListener}
1298
1936
  def evt_proxy_message msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action
1299
1937
  pp([ (is_req)? :got_proxy_request : :got_proxy_response,
1300
- [:msg_ref, msg_ref],
1301
- [:is_req, is_req],
1302
- [:rhost, rhost],
1303
- [:rport, rport],
1304
- [:is_https, is_https],
1305
- [:http_meth, http_meth],
1306
- [:url, url],
1307
- [:resourceType, resourceType],
1308
- [:status, status],
1309
- [:req_content_type, req_content_type],
1310
- [:message, message],
1938
+ [:msg_ref, msg_ref],
1939
+ [:is_req, is_req],
1940
+ [:rhost, rhost],
1941
+ [:rport, rport],
1942
+ [:is_https, is_https],
1943
+ [:http_meth, http_meth],
1944
+ [:url, url],
1945
+ [:resourceType, resourceType],
1946
+ [:status, status],
1947
+ [:req_content_type, req_content_type],
1948
+ [:message, message],
1311
1949
  [:action, action[0]] ]) if $DEBUG
1312
-
1950
+
1313
1951
  return message
1314
1952
  end
1315
1953
 
@@ -1329,22 +1967,22 @@ class Buby
1329
1967
  Buby::Implants::InterceptedProxyMessage.implant message
1330
1968
  end
1331
1969
 
1332
- # This method is invoked whenever any of Burp's tools makes an HTTP request
1333
- # or receives a response. This is effectively a generalised version of the
1334
- # pre-existing evt_proxy_message method, and can be used to intercept and
1970
+ # This method is invoked whenever any of Burp's tools makes an HTTP request
1971
+ # or receives a response. This is effectively a generalised version of the
1972
+ # pre-existing evt_proxy_message method, and can be used to intercept and
1335
1973
  # modify the HTTP traffic of all Burp tools.
1336
1974
  #
1337
- # IMPORTANT: This event handler is only used in Burp version 1.2.09 and
1975
+ # IMPORTANT: This event handler is only used in Burp version 1.2.09 and
1338
1976
  # higher.
1339
- #
1977
+ #
1340
1978
  # Note: this method maps to the processHttpMessage BurpExtender Java method.
1341
1979
  #
1342
1980
  # This method should be overridden if you wish to implement functionality
1343
1981
  # relating to generalized requests and responses from any BurpSuite tool.
1344
1982
  #
1345
1983
  # You may want to use evt_proxy_message if you only intend to work on
1346
- # proxied messages. Note, however, the IHttpRequestResponse Java object is
1347
- # not used in evt_proxy_message and gives evt_http_message a somewhat
1984
+ # proxied messages. Note, however, the IHttpRequestResponse Java object is
1985
+ # not used in evt_proxy_message and gives evt_http_message a somewhat
1348
1986
  # nicer interface to work with.
1349
1987
  #
1350
1988
  # Parameters:
@@ -1384,11 +2022,11 @@ class Buby
1384
2022
  pp([:got_process_http_message, toolFlag, messageIsRequest, messageInfo]) if $DEBUG
1385
2023
  end
1386
2024
 
1387
- # This method is invoked whenever Burp Scanner discovers a new, unique
1388
- # issue, and can be used to perform customised reporting or logging of
2025
+ # This method is invoked whenever Burp Scanner discovers a new, unique
2026
+ # issue, and can be used to perform customised reporting or logging of
1389
2027
  # detected issues.
1390
2028
  #
1391
- # IMPORTANT: This event handler is only used in Burp version 1.2.09 and
2029
+ # IMPORTANT: This event handler is only used in Burp version 1.2.09 and
1392
2030
  # higher.
1393
2031
  #
1394
2032
  # Note: this method maps to the BurpExtender Java method.
@@ -1424,14 +2062,14 @@ class Buby
1424
2062
  # application. Implementations can use this method to perform cleanup
1425
2063
  # tasks such as closing files or databases before exit.
1426
2064
  # @deprecated
1427
- def evt_application_closing
2065
+ def evt_application_closing
1428
2066
  pp([:got_app_close]) if $DEBUG
1429
2067
  end
1430
2068
 
1431
2069
  # This method is called by BurpExtender right before closing the
1432
2070
  # application. Implementations can use this method to perform cleanup
1433
2071
  # tasks such as closing files or databases before exit.
1434
- def application_closing
2072
+ def application_closing
1435
2073
  pp([:got_app_close]) if $DEBUG
1436
2074
  end
1437
2075
 
@@ -1460,11 +2098,43 @@ class Buby
1460
2098
  alias get_command_line_arguments getCommandLineArguments
1461
2099
  alias command_line_arguments getCommandLineArguments
1462
2100
 
2101
+ # This method is used to generate a report for the specified Scanner
2102
+ # issues. The report format can be specified. For all other reporting
2103
+ # options, the default settings that appear in the reporting UI wizard are
2104
+ # used.
2105
+ #
2106
+ # @param [String] format The format to be used in the report. Accepted values
2107
+ # are HTML and XML.
2108
+ # @param [Array<IScanIssue>] issues The Scanner issues to be reported.
2109
+ # @param [String, java.io.File] file The file to which the report will be saved.
2110
+ # @return [void]
2111
+ #
2112
+ def generateScanReport(format, issues, file)
2113
+ file = Java::JavaIo::File.new file if file.kind_of?(String)
2114
+ _check_and_callback(:generateScanReport, format, issues, file)
2115
+ end
2116
+ alias generate_scan_report generateScanReport
2117
+
1463
2118
  ### Sugar/Convenience methods
1464
2119
 
1465
- # This is a convenience wrapper which can load a given burp state file and
1466
- # lets its caller to perform actions inside of a block on the site map
1467
- # contained in the loaded session.
2120
+ # so things will just work for most new interface changes.
2121
+ def method_missing(meth, *args, &block)
2122
+ if _check_cb.respond_to?(meth)
2123
+ warn 'this method may not be implemented fully, punting'
2124
+ self.class.class_exec do |meth|
2125
+ define_method(meth) do |*argv, &blck|
2126
+ _check_and_callback(meth, *argv, &blck)
2127
+ end
2128
+ end
2129
+ __send__ meth, *args, &block
2130
+ else
2131
+ super
2132
+ end
2133
+ end
2134
+
2135
+ # This is a convenience wrapper which can load a given burp state file and
2136
+ # lets its caller to perform actions inside of a block on the site map
2137
+ # contained in the loaded session.
1468
2138
  #
1469
2139
  # If a statefile argument isn't specified current burp session state is used.
1470
2140
  #
@@ -1475,9 +2145,9 @@ class Buby
1475
2145
  end
1476
2146
  end
1477
2147
 
1478
- # This is a convenience wrapper which can load a given burp state file and
1479
- # lets its caller to perform actions inside of a block on the proxy history
1480
- # contained in the loaded session.
2148
+ # This is a convenience wrapper which can load a given burp state file and
2149
+ # lets its caller to perform actions inside of a block on the proxy history
2150
+ # contained in the loaded session.
1481
2151
  #
1482
2152
  # If a statefile argument isn't specified current burp session state is used.
1483
2153
  #
@@ -1489,10 +2159,10 @@ class Buby
1489
2159
  end
1490
2160
 
1491
2161
  # This is a convenience wrapper which loads a given burp statefile and lets
1492
- # its caller perform actions via burp while its loaded on it inside of a
2162
+ # its caller perform actions via burp while its loaded on it inside of a
1493
2163
  # block. The old state is restored after the block completes.
1494
2164
  #
1495
- # It can safely be run with a nil statefile argument in which the
2165
+ # It can safely be run with a nil statefile argument in which the
1496
2166
  # current burp session state is used.
1497
2167
  def with_statefile(statefile=nil)
1498
2168
  if statefile
@@ -1515,7 +2185,7 @@ class Buby
1515
2185
  end
1516
2186
  end
1517
2187
 
1518
- # Searches the proxy history for the url's matched by the specified
2188
+ # Searches the proxy history for the url's matched by the specified
1519
2189
  # regular expression (returns them all if urlrx is nil).
1520
2190
  #
1521
2191
  # A statefile to search in can optionally be specified or the existing
@@ -1542,13 +2212,13 @@ class Buby
1542
2212
  # and harvest from.
1543
2213
  #
1544
2214
  # Takes an optional block as additional 'select' criteria for cookies.
1545
- # The block return value of true/false will determine whether a cookie
2215
+ # The block return value of true/false will determine whether a cookie
1546
2216
  # string is selected.
1547
2217
  def harvest_cookies_from_history(cookie=nil, urlrx=nil, statefile=nil)
1548
2218
  ret = []
1549
2219
  search_proxy_history(statefile, urlrx) do |hrr|
1550
2220
  if (resp = hrr.response)
1551
- ret += helpers.analyzeResponse(resp).getCookies.select do |c|
2221
+ ret += helpers.analyzeResponse(resp).getCookies.select do |c|
1552
2222
  (cookie.nil? or c.match(cookie)) && (not block_given? or yield(c))
1553
2223
  end
1554
2224
  end
@@ -1594,7 +2264,7 @@ class Buby
1594
2264
  self.start(extender, h_class, init_args, args)
1595
2265
  end
1596
2266
 
1597
- # Attempts to load burp with require and confirm it provides the required
2267
+ # Attempts to load burp with require and confirm it provides the required
1598
2268
  # class in the Java namespace.
1599
2269
  #
1600
2270
  # Returns: true/false depending on whether the required jar provides us