buby 1.5.2-java → 1.6.0-java

data/lib/buby/burp_extender/console_pane.rb

@@ -1,6 +1,7 @@
 class BurpExtender
   # @api private
   class ConsolePane < Java::JavaxSwing::JScrollPane
+    HEADER = " Welcome to the Burp JRuby IRB Console [#{JRUBY_VERSION} (#{RUBY_VERSION})]\n\n"
     attr_accessor :text, :tar
     def initialize
       super
@@ -11,7 +12,13 @@ class BurpExtender
       @text.background  = Java::JavaAwt::Color.new(0xf2f2f2)
       @text.foreground  = Java::JavaAwt::Color.new(0xa40000)
       self.viewport_view = @text
-      @tar = Java::OrgJrubyDemo::TextAreaReadline.new(@text, " Welcome to the Burp JRuby IRB Console [#{JRUBY_VERSION} (#{RUBY_VERSION})]\n\n")
+      @tar = begin
+        Java::OrgJrubyDemo::TextAreaReadline.new(@text, HEADER)
+      rescue NameError
+        require 'readline'
+        Java::OrgJrubyDemoReadline::TextAreaReadline.new(text, HEADER)
+      end
+        
       JRuby.objectspace = true # useful for code completion
       @tar.hook_into_runtime_with_streams(JRuby.runtime)
     end

data/lib/buby/context_menu_factory.rb

@@ -18,6 +18,7 @@ class Buby
     #   sub-menus, checkbox menu items, etc.) that should be displayed.
     #   Extensions may return +nil+ from this method, to indicate that no menu
     #   items are required.
+    # @deprecated
     #
     def self.createMenuItems invocation
       pp [:got_create_menu_items, invocation] if $DEBUG
@@ -25,10 +26,38 @@ class Buby
       nil
     end
 
-    # (see ContextMenuFactory.createMenuItems)
+    # This method will be called by Burp when the user invokes a context menu
+    # anywhere within Burp. The factory can then provide any custom context
+    # menu items that should be displayed in the context menu, based on the
+    # details of the menu invocation.
+    # This method calls create_menu_items after implanting the invocation class.
+    # Redefine to bypass this behavior
+    #
+    # @param [IContextMenuInvocation] invocation An object the extension can
+    #   query to obtain details of the context menu invocation.
+    # @return [Array<JMenuItem>] A list of custom menu items (which may include
+    #   sub-menus, checkbox menu items, etc.) that should be displayed.
+    #   Extensions may return +nil+ from this method, to indicate that no menu
+    #   items are required.
+    #
     def createMenuItems invocation
       pp [:got_create_menu_items, invocation] if $DEBUG
-      Buby::Implants::ContextMenuInvocation.implant invocation
+      create_menu_items Buby::Implants::ContextMenuInvocation.implant(invocation)
+    end
+
+    # This method will be called by Burp when the user invokes a context menu
+    # anywhere within Burp. The factory can then provide any custom context
+    # menu items that should be displayed in the context menu, based on the
+    # details of the menu invocation.
+    #
+    # @param [IContextMenuInvocation] invocation An object the extension can
+    #   query to obtain details of the context menu invocation.
+    # @return [Array<JMenuItem>] A list of custom menu items (which may include
+    #   sub-menus, checkbox menu items, etc.) that should be displayed.
+    #   Extensions may return +nil+ from this method, to indicate that no menu
+    #   items are required.
+    #
+    def create_menu_items invocation
       nil
     end
   end

data/lib/buby/extender.rb

@@ -138,6 +138,8 @@ class Buby
     end
 
     module ExtenderMethods
+      @@handler = nil
+
       # Returns the internal Ruby handler reference. 
       #
       # The handler is the ruby class or module used for proxying BurpExtender 

data/lib/buby/implants.rb

@@ -1,4 +1,5 @@
 class Buby
+  # @todo document
   module Implants
     module Proxy
       def implanted?

data/lib/buby/implants/buby_array_wrapper.rb

@@ -1,5 +1,6 @@
 
 class Buby
+  # @deprecated
   class BubyArrayWrapper
     include Enumerable
 

data/lib/buby/implants/context_menu_invocation.rb

@@ -8,38 +8,53 @@ class Buby
     # This module is used to extend the JRuby proxy class returned by Burp.
     #
     module ContextMenuInvocation
+
       # Context menu is being invoked in a request editor.
-      CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
+      CONTEXT_MESSAGE_EDITOR_REQUEST = 0
 
       # Context menu is being invoked in a response editor.
-      CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
+      CONTEXT_MESSAGE_EDITOR_RESPONSE = 1
 
       # Context menu is being invoked in a non-editable request viewer.
-      CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
+      CONTEXT_MESSAGE_VIEWER_REQUEST = 2
 
       # Context menu is being invoked in a non-editable response viewer.
-      CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
+      CONTEXT_MESSAGE_VIEWER_RESPONSE = 3
 
       # Context menu is being invoked in the Target site map tree.
-      CONTEXT_TARGET_SITE_MAP_TREE = 4;
+      CONTEXT_TARGET_SITE_MAP_TREE = 4
 
       # Context menu is being invoked in the Target site map table.
-      CONTEXT_TARGET_SITE_MAP_TABLE = 5;
+      CONTEXT_TARGET_SITE_MAP_TABLE = 5
 
       # Context menu is being invoked in the Proxy history.
-      CONTEXT_PROXY_HISTORY = 6;
+      CONTEXT_PROXY_HISTORY = 6
 
       # Context menu is being invoked in the Scanner results.
-      CONTEXT_SCANNER_RESULTS = 7;
+      CONTEXT_SCANNER_RESULTS = 7
 
       # Context menu is being invoked in the Intruder payload positions editor.
-      CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
+      CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8
 
       # Context menu is being invoked in an Intruder attack results.
-      CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
+      CONTEXT_INTRUDER_ATTACK_RESULTS = 9
 
       # Context menu is being invoked in a search results window.
-      CONTEXT_SEARCH_RESULTS = 10;
+      CONTEXT_SEARCH_RESULTS = 10
+
+      CONTEXTS = {
+        CONTEXT_MESSAGE_EDITOR_REQUEST             => "message_editor_request",
+        CONTEXT_MESSAGE_EDITOR_RESPONSE    => "message_editor_response",
+        CONTEXT_MESSAGE_VIEWER_REQUEST     => "message_viewer_request",
+        CONTEXT_MESSAGE_VIEWER_RESPONSE    => "message_viewer_response",
+        CONTEXT_TARGET_SITE_MAP_TREE       => "target_site_map_tree",
+        CONTEXT_TARGET_SITE_MAP_TABLE      => "target_site_map_table",
+        CONTEXT_PROXY_HISTORY              => "proxy_history",
+        CONTEXT_SCANNER_RESULTS            => "scanner_results",
+        CONTEXT_INTRUDER_PAYLOAD_POSITIONS => "intruder_payload_positions",
+        CONTEXT_INTRUDER_ATTACK_RESULTS    => "intruder_attack_results",
+        CONTEXT_SEARCH_RESULTS             => "search_results"
+      }
 
       # This method can be used to retrieve details of the HTTP requests /
       # responses that were shown or selected by the user when the context menu
@@ -57,30 +72,39 @@ class Buby
       #   +IBurpExtenderCallbacks.saveBuffersToTempFiles()+ to create a
       #   persistent read-only copy of the +IHttpRequestResponse+.
       #
-      # @return [Array<IHttpRequestResponse>,nil] An array of objects
+      # @return [HttpRequestResponseList,nil] An array of objects
       #   representing the items that were shown or selected by the user when
       #   the context menu was invoked. This method returns +nil+ if no messages
       #   are applicable to the invocation.
       #
       def getSelectedMessages
         pp [:got_get_selected_messages] if $DEBUG
-        hrrl = __getSelectedMessages
-        HttpRequestResponseHelper.implant(hrrl.first)
-        hrrl
+        HttpRequestResponseList.new(__getSelectedMessages)
       end
 
       # This method can be used to retrieve details of the Scanner issues that
       # were selected by the user when the context menu was invoked.
       #
-      # @return [Array<IScanIssue>,nil] The issues that were selected by the
+      # @return [ScanIssuesList,nil] The issues that were selected by the
       #   user when the context menu was invoked. This method returns +nil+ if
       #   no Scanner issues are applicable to the invocation.
       #
       def getSelectedIssues
         pp [:got_get_selected_issues] if $DEBUG
-        sil = __getSelectedIssues
-        ScanIssueHelper.implant(sil.first)
-        sil
+        ScanIssuesList.new(__getSelectedIssues)
+      end
+
+      # Get the name of the tool invoking a context menu
+      # @return [String] Tool name
+      def tool_name
+        $burp.getToolName getToolFlag
+      end
+
+      # This method can be used to retrieve the context within which the menu
+      # was invoked.
+      # @return [String] Context name
+      def context_name
+        CONTEXTS[getInvocationContext]
       end
 
       # Install ourselves into the current +IContextMenuInvocation+ java class

data/lib/buby/implants/extension_helpers.rb

@@ -8,6 +8,16 @@ class Buby
     # This module is used to extend the JRuby proxy class returned by Burp.
     #
     module ExtensionHelpers
+      PARAM_TYPES = {
+        'url' => 0,
+        'body' => 1,
+        'cookie' => 2,
+        'xml' => 3,
+        'xml_attr' => 4,
+        'multipart_attr' => 5,
+        'json' => 6
+      }
+
       # This method can be used to analyze an HTTP request, and obtain various
       # key details about it. The resulting +IRequestInfo+ object
       # will not include the full request URL.
@@ -21,9 +31,10 @@ class Buby
       #   @param [IHttpService] http_service HTTP service description
       #   @param [String, Array<byte>] request The request to be analyzed
       # @overload analyzeRequest(request)
-      #   Analyze a +String+ or +byte[]+ request. To obtain the full URL, use one
-      # of the other overloaded {#analyzeRequest} methods.
+      #   Analyze a +String+ or +byte[]+ request. To obtain the full URL, use
+      #     one of the other overloaded {#analyzeRequest} methods.
       #   @param [String, Array<byte>] request The request to be analyzed
+      #
       # @return [IRequestInfo] object (wrapped with Ruby goodness)
       #   that can be queried to obtain details about the request.
       #
@@ -36,44 +47,57 @@ class Buby
       # This method can be used to analyze an HTTP response, and obtain various
       # key details about it.
       #
-      # @param [String, Array<byte>] response The response to be analyzed.
-      # @return [IResponseInfo] object (wrapped with Ruby goodness) that can be
-      #   queried to obtain details about the response.
+      # @overload analyzeResponse(response)
+      #   @param [String, Array<byte>] response The response to be analyzed.
+      #   @return [IResponseInfo] object (wrapped with Ruby goodness) that
+      #     can be queried to obtain details about the response.
+      # @overload analyzeResponse(response)
+      #   @param [IHttpRequestResponse] response The response to be analyzed.
+      #   @return [IResponseInfo, nil] Object (wrapped with Ruby goodness) that
+      #     can be queried to obtain details about the response. Returns +nil+
+      #     when +response+ is +nil+.
       #
       def analyzeResponse(response)
         pp [:got_analyze_response, response] if $DEBUG
+        response = response.response if response.respond_to? :response
         response = response.to_java_bytes if response.respond_to? :to_java_bytes
-        Buby::Implants::ResponseInfo.implant(__analyzeResponse(response))
+        Buby::Implants::ResponseInfo.implant(__analyzeResponse(response)) if response
       end
 
       # This method can be used to retrieve details of a specified parameter
-      # within an HTTP request. <b>Note:</b> Use {#analyzeRequest} to obtain
-      # details of all parameters within the request.
+      # within an HTTP request. Use {#analyzeRequest} to obtain details of all
+      # parameters within the request.
       #
-      # @param [String, Array<byte>] request The request to be inspected for the
-      #   specified parameter.
-      # @param [String] parameter_name The name of the parameter to retrieve.
-      # @return [IParameter] object that can be queried to obtain details
+      # @param [IHttpRequestResponse, String, Array<byte>] request The request
+      #   to be inspected for the specified parameter.
+      # @param [#to_s] parameter_name The name of the parameter to retrieve.
+      # @return [IParameter, nil] object that can be queried to obtain details
       #   about the parameter, or +nil+ if the parameter was not found.
       #
       def getRequestParameter(request, parameter_name)
         pp [:got_get_request_parameter, parameter_name, request] if $DEBUG
+        request = request.request if request.kind_of?(Java::Burp::IHttpRequestResponse)
         request = request.to_java_bytes if request.respond_to? :to_java_bytes
-        Buby::Implants::Parameter.implant(__getRequestParameter(request, parameter_name))
+        Buby::Implants::Parameter.implant(__getRequestParameter(request, parameter_name.to_s))
       end
 
       # This method searches a piece of data for the first occurrence of a
       # specified pattern. It works on byte-based data in a way that is similar
       # to the way the native Java method +String.indexOf()+ works on
       # String-based data.
-      # @note This method is only wrapped for testing purposes. There are better ways to do this in the JRuby runtime.
+      #
+      # @note This method is only wrapped for testing purposes. There are better
+      #   ways to do this in the JRuby runtime.
       #
       # @param [String, Array<byte>] data The data to be searched.
       # @param [String, Array<byte>] pattern The pattern to be searched for.
-      # @param [Boolean] case_sensitive Flags whether or not the search is case-sensitive.
-      # @param [Fixnum] from The offset within +data+ where the search should begin.
+      # @param [Boolean] case_sensitive Flags whether or not the search is
+      #   case-sensitive.
+      # @param [Fixnum] from The offset within +data+ where the search should
+      #   begin.
       # @param [Fixnum] to The offset within +data+ where the search should end.
-      # @return The offset of the first occurrence of the pattern within the specified bounds, or nil if no match is found.
+      # @return [Fixnum, nil] The offset of the first occurrence of the pattern
+      #   within the specified bounds, or +nil+ if no match is found.
       #
       def indexOf(data, pattern, case_sensitive, from, to)
         pp [:got_index_of, case_sensitive, from, to, data, pattern] if $DEBUG
@@ -87,11 +111,13 @@ class Buby
       # message body. If applicable, the Content-Length header will be added or
       # updated, based on the length of the body.
       #
-      # @param [Array<String>] headers A list of headers to include in the message.
-      # @param [String, Array<byte>] body The body of the message, or +nil+ if the message has an empty body.
+      # @param [Array<String>] headers A list of headers to include in the
+      #   message.
+      # @param [String, Array<byte>] body The body of the message, or +nil+ if
+      #   the message has an empty body.
       # @return [String] The resulting full HTTP message.
       #
-      def buildHttpMessage(headers, body)
+      def buildHttpMessage(headers, body = nil)
         pp [:got_build_http_message, headers, body] if $DEBUG
         body = body.to_java_bytes if body.respond_to?(:to_java_bytes)
         String.from_java_bytes(__buildHttpMessage(headers, body))
@@ -101,7 +127,8 @@ class Buby
       # in the request are determined by the Request headers settings as
       # configured in Burp Spider's options.
       #
-      # @param [URL, #to_s] url The URL to which the request should be made.
+      # @param [java.net.URL, URI, #to_s] url The URL to which the request
+      #   should be built.
       # @return [String] A request to the specified URL.
       #
       def buildHttpRequest(url)
@@ -185,7 +212,7 @@ class Buby
       #
       # @param [String, Array<byte>, IHttpRequestResponse] request The HTTP
       #  request whose method should be toggled.
-      # @return [String} A new HTTP request using the toggled method.
+      # @return [String] A new HTTP request using the toggled method.
       #
       # @todo Switch IHttpRequestResponse to new Buby::Implants functionality (2.0)
       def toggleRequestMethod(request)
@@ -199,18 +226,43 @@ class Buby
       # details provided.
       #
       # @overload buildHttpService(host, port, protocol)
-      #   @param [String] host The HTTP service host.
+      #   @param [Java::JavaNet::URL, URI,String] host The HTTP service host.
       #   @param [Fixnum] port The HTTP service port.
       #   @param [String] protocol The HTTP service protocol.
       # @overload buildHttpService(host, port, use_https)
-      #   @param [String] host The HTTP service host.
+      #   @param [Java::JavaNet::URL, URI,String] host The HTTP service host.
       #   @param [Fixnum] port The HTTP service port.
       #   @param [Boolean] use_https Flags whether the HTTP service protocol is HTTPS or HTTP.
+      # @overload buildHttpService(url)
+      #   @param [Java::JavaNet::URL, URI, String] url URL specifying host, port
+      #     and protocol. Will automatically set port to 80/443 if http(s) url
+      #     is passed. Defaults to 80 for other URL schemes.
       # @return [IHttpService] object based on the details provided.
       #
-      def buildHttpService(host, port, protocol)
-        pp [:got_buildHttpService, host, port, protocol] if $DEBUG
-        Buby::Implants::HttpService.implant(__buildHttpService(host, port, protocol))
+      def buildHttpService(host, *args)
+        pp [:got_buildHttpService, host, *args] if $DEBUG
+        port, protocol = *args
+        case host
+        when URI, Java::JavaNet::URL
+          port ||= host.port
+          protocol ||= host.protocol
+          host = host.host
+        else
+          thost = host.kind_of?(String) ? Java::JavaNet::URL.new(host) : host
+          port ||= thost.port
+          protocol ||= thost.protocol
+        end
+        port ||= case protocol
+        when TrueClass, /^https$/i
+          443
+        else
+          80
+        end
+
+        port = https ? 443 : 80 if port < 0
+        host = host.host if host.respond_to? :host
+
+        __buildHttpService(host, port, protocol)
       end
 
       # This method constructs an +IParameter+ object based on the details
@@ -223,6 +275,7 @@ class Buby
       # @return [IParameter] object based on the details provided.
       def buildParameter(name, value, type)
         pp [:got_buildParameter, name, value, type] if $DEBUG
+        ptype = TYPE_HASH[ptype.to_s] unless ptype.kind_of?(Fixnum)
         Buby::Implants::Parameter.implant(__buildParameter(name, value, type))
       end
 
@@ -231,8 +284,8 @@ class Buby
       #  point based on a fixed payload location within a base request.
       #
       # @param [String] insertion_point_name The name of the insertion point.
-      # @param [String, Array<byte>, IHttpRequestResponse] base_request The request from which to
-      #  build scan requests.
+      # @param [String, Array<byte>, IHttpRequestResponse] base_request The
+      #   request from which to build scan requests.
       # @param [Fixnum] from The offset of the start of the payload location.
       # @param [Fixnum] to The offset of the end of the payload location.
       # @return [IScannerInsertionPoint] object based on the details provided.
@@ -240,7 +293,7 @@ class Buby
       # @todo Switch IHttpRequestResponse to new Buby::Implants functionality (2.0)
       def makeScannerInsertionPoint(insertion_point_name, base_request, from, to)
         pp [:got_makeScannerInsertionPoint, insertion_point_name, base_request, from, to] if $DEBUG
-        base_request = base_request.request if base_request.kind_of? Java::Burp::IHttpRequestResponse
+        base_request = base_request.request if base_request.respond_to? :request
         base_request = base_request.to_java_bytes if base_request.respond_to? :to_java_bytes
         Buby::Implants::ScannerInsertionPoint.implant(__makeScannerInsertionPoint(insertion_point_name, base_request, from, to))
       end
@@ -263,9 +316,8 @@ class Buby
               removeParameter
               updateParameter
               toggleRequestMethod
-              buildHttpService
               buildParameter
-              makeScannerInsertionPoint            
+              makeScannerInsertionPoint
             }
             a_methods.each do |meth|
               alias_method "__"+meth.to_s, meth

data/lib/buby/implants/jruby.rb

@@ -45,6 +45,16 @@ class Buby
         end
       end
     end
+
+    module URL
+      def inspect
+        if $DEBUG
+          super.insert(-2, ": #{self.to_s} ")
+        else
+          self.to_s
+        end
+      end
+    end
   end
 end
 
@@ -57,6 +67,12 @@ module Enumerable
 end
 
 module Java
+  module JavaNet
+    class URL
+      include Buby::Implants::URL
+    end
+  end
+
   class JavaClass
     include Buby::Implants::JavaClass
   end