buby 1.5.2-java → 1.6.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.rdoc +60 -55
- data/VERSION.yml +3 -3
- data/buby.gemspec +5 -4
- data/ext/burp_interfaces/burp/IBurpExtenderCallbacks.java +250 -4
- data/ext/burp_interfaces/burp/IResponseInfo.java +22 -3
- data/lib/buby.jar +0 -0
- data/lib/buby.rb +919 -249
- data/lib/buby/burp_extender/console_pane.rb +8 -1
- data/lib/buby/context_menu_factory.rb +31 -2
- data/lib/buby/extender.rb +2 -0
- data/lib/buby/implants.rb +1 -0
- data/lib/buby/implants/buby_array_wrapper.rb +1 -0
- data/lib/buby/implants/context_menu_invocation.rb +43 -19
- data/lib/buby/implants/extension_helpers.rb +84 -32
- data/lib/buby/implants/jruby.rb +16 -0
- data/lib/buby/implants/message_editor.rb +6 -3
- data/lib/buby/implants/parameter.rb +1 -1
- data/lib/buby/implants/request_info.rb +6 -3
- data/lib/buby/implants/response_info.rb +2 -2
- data/lib/buby/implants/scan_issue.rb +1 -0
- data/lib/buby/implants/scan_queue_item.rb +3 -2
- data/lib/buby/intruder_payload_generator.rb +1 -0
- data/lib/buby/intruder_payload_generator_factory.rb +1 -0
- data/lib/buby/intruder_payload_processor.rb +1 -0
- data/lib/buby/message_editor_controller.rb +2 -0
- data/lib/buby/message_editor_tab.rb +15 -6
- data/lib/buby/parameter.rb +12 -0
- data/lib/buby/version.rb +3 -3
- data/lib/burp_interfaces.jar +0 -0
- metadata +12 -18
@@ -8,12 +8,15 @@ class Buby
|
|
8
8
|
module MessageEditor
|
9
9
|
# This method is used to display an HTTP message in the editor.
|
10
10
|
#
|
11
|
-
# @param [Array<byte>, String] message The HTTP message to be displayed.
|
11
|
+
# @param [Array<byte>, String, IHttpRequestResponse] message The HTTP message to be displayed.
|
12
12
|
# @param [Boolean] isRequest Flags whether the message is an HTTP request
|
13
13
|
# or response.
|
14
14
|
# @return [void]
|
15
15
|
#
|
16
|
-
def setMessage(message, isRequest)
|
16
|
+
def setMessage(message, isRequest = true)
|
17
|
+
if message.kind_of? Java::Burp::IHttpRequestResponse
|
18
|
+
message = isRequest ? message.request : message.response
|
19
|
+
end
|
17
20
|
message = message.to_java_bytes if message.respond_to? :to_java_bytes
|
18
21
|
message = message.to_java :byte if message.kind_of? Array
|
19
22
|
__setMessage(message, isRequest)
|
@@ -64,7 +67,7 @@ class Buby
|
|
64
67
|
end
|
65
68
|
editor
|
66
69
|
end
|
67
|
-
|
70
|
+
|
68
71
|
end
|
69
72
|
end
|
70
73
|
end
|
@@ -4,7 +4,7 @@ class Buby
|
|
4
4
|
module Implants
|
5
5
|
# This interface is used to retrieve key details about an HTTP request.
|
6
6
|
# Extensions can obtain an +IRequestInfo+ object for a given request by
|
7
|
-
# calling {
|
7
|
+
# calling {ExtensionHelpers#analyzeRequest}.
|
8
8
|
#
|
9
9
|
module RequestInfo
|
10
10
|
|
@@ -16,7 +16,10 @@ class Buby
|
|
16
16
|
__getParameters.tap{|parm| Buby::Implants::Parameter.implant parm.first}
|
17
17
|
end
|
18
18
|
|
19
|
-
|
19
|
+
def uri
|
20
|
+
URI.parse self.url.to_s
|
21
|
+
end
|
22
|
+
|
20
23
|
# Install ourselves into the current +IRequestInfo+ java class
|
21
24
|
# @param [IRequestInfo] info
|
22
25
|
#
|
@@ -41,7 +44,7 @@ class Buby
|
|
41
44
|
end
|
42
45
|
info
|
43
46
|
end
|
44
|
-
|
47
|
+
|
45
48
|
end
|
46
49
|
end
|
47
50
|
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class Buby
|
2
2
|
module Implants
|
3
3
|
# This interface is used to retrieve key details about an HTTP response.
|
4
|
-
# Extensions can obtain an +IResponseInfo+ object for a given response by
|
5
|
-
#
|
4
|
+
# Extensions can obtain an +IResponseInfo+ object for a given response by
|
5
|
+
# calling {ExtensionHelpers#analyzeResponse}.
|
6
6
|
#
|
7
7
|
module ResponseInfo
|
8
8
|
# This method is used to obtain details of the HTTP cookies set in the
|
@@ -16,11 +16,12 @@ class Buby
|
|
16
16
|
# {Buby::ScannerListener} to get details only of unique, newly
|
17
17
|
# discovered Scanner issues post-consolidation.
|
18
18
|
#
|
19
|
-
# @return [
|
19
|
+
# @return [ScanIssuesList] Details of the issues generated for the scan
|
20
20
|
# queue item.
|
21
21
|
#
|
22
22
|
def getIssues
|
23
|
-
__getIssues.tap{|issues| Buby::ScanIssueHelper.implant issues.first}
|
23
|
+
# __getIssues.tap{|issues| Buby::ScanIssueHelper.implant issues.first}
|
24
|
+
ScanIssuesList.new __getIssues
|
24
25
|
end
|
25
26
|
|
26
27
|
# Install ourselves into the current +IScanQueueItem+ java class
|
@@ -43,6 +43,7 @@ class Buby
|
|
43
43
|
#
|
44
44
|
# @abstract Call super to get +baseValue+ as a +String+. Implementation's
|
45
45
|
# responsibility to return byte array.
|
46
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
46
47
|
def getNextPayload(baseValue)
|
47
48
|
ret = baseValue
|
48
49
|
baseValue = String.from_java_bytes(baseValue) if baseValue
|
@@ -28,6 +28,7 @@ class Buby
|
|
28
28
|
# indicate that the current payload should be skipped, and the attack
|
29
29
|
# will move directly to the next payload.
|
30
30
|
#
|
31
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
31
32
|
def processPayload(currentPayload, originalPayload, baseValue)
|
32
33
|
currentPayload = String.from_java_bytes currentPayload
|
33
34
|
originalPayload = String.from_java_bytes originalPayload
|
@@ -27,6 +27,7 @@ class Buby
|
|
27
27
|
# message.
|
28
28
|
#
|
29
29
|
# @abstract
|
30
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
30
31
|
def getRequest; raise NotImplementedError; end
|
31
32
|
|
32
33
|
# This method is used to retrieve the HTTP response associated with the
|
@@ -36,6 +37,7 @@ class Buby
|
|
36
37
|
# message.
|
37
38
|
#
|
38
39
|
# @abstract
|
40
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
39
41
|
def getResponse; raise NotImplementedError; end
|
40
42
|
end
|
41
43
|
end
|
@@ -7,9 +7,10 @@ class Buby
|
|
7
7
|
# @todo voodoo method wrapping
|
8
8
|
class MessageEditorTab
|
9
9
|
include Java::Burp::IMessageEditorTab
|
10
|
-
|
10
|
+
extend Java::Burp::IMessageEditorTabFactory
|
11
|
+
|
12
|
+
attr_accessor :controller, :editable, :message, :ui_component
|
11
13
|
|
12
|
-
attr_accessor :controller, :editable
|
13
14
|
# (see Buby::MessageEditorTabFactory#createNewInstance)
|
14
15
|
def initialize controller, editable
|
15
16
|
@controller = controller
|
@@ -39,7 +40,7 @@ class Buby
|
|
39
40
|
# @return The component that should be used as the contents of the custom
|
40
41
|
# tab when it is displayed.
|
41
42
|
#
|
42
|
-
def getUiComponent;
|
43
|
+
def getUiComponent; @ui_component end
|
43
44
|
|
44
45
|
# The hosting editor will invoke this method before it displays a new HTTP
|
45
46
|
# message, so that the custom tab can indicate whether it should be
|
@@ -53,11 +54,17 @@ class Buby
|
|
53
54
|
# the editor. Otherwise, the tab will be hidden while this message is
|
54
55
|
# displayed.
|
55
56
|
#
|
56
|
-
|
57
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
58
|
+
def isEnabled(content, isRequest = true)
|
57
59
|
content = String.from_java_bytes content
|
58
60
|
raise NotImplementedError
|
59
61
|
end
|
60
62
|
|
63
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
64
|
+
def enabled?(content, is_request = true)
|
65
|
+
isEnabled(content, is_request)
|
66
|
+
end
|
67
|
+
|
61
68
|
# The hosting editor will invoke this method to display a new message or
|
62
69
|
# to clear the existing message. This method will only be called with a
|
63
70
|
# new message if the tab has already returned +true+ to a call to
|
@@ -69,13 +76,15 @@ class Buby
|
|
69
76
|
# @param [Boolean] isRequest Indicates whether the message is a request or
|
70
77
|
# a response.
|
71
78
|
#
|
79
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
72
80
|
def setMessage(content, isRequest); raise NotImplementedError; end
|
73
81
|
|
74
82
|
# This method returns the currently displayed message.
|
75
83
|
#
|
76
84
|
# @return [Array<byte>] The currently displayed message.
|
77
85
|
#
|
78
|
-
|
86
|
+
# @deprecated This will become a raw version/proxied version pair like {ContextMenuFactory#createMenuItems} in 2.0.
|
87
|
+
def getMessage; @message.to_java_bytes end
|
79
88
|
|
80
89
|
# This method is used to determine whether the currently displayed message
|
81
90
|
# has been modified by the user. The hosting editor will always call
|
@@ -85,7 +94,7 @@ class Buby
|
|
85
94
|
# @return [Boolean] The method should return +true+ if the user has
|
86
95
|
# modified the current message since it was first displayed.
|
87
96
|
#
|
88
|
-
def isModified;
|
97
|
+
def isModified; false end
|
89
98
|
|
90
99
|
# This method is used to retrieve the data that is currently selected by
|
91
100
|
# the user.
|
data/lib/buby/parameter.rb
CHANGED
@@ -11,5 +11,17 @@ class Buby
|
|
11
11
|
PARAM_XML_ATTR = 4
|
12
12
|
PARAM_MULTIPART_ATTR = 5
|
13
13
|
PARAM_JSON = 6
|
14
|
+
|
15
|
+
# This method constructs an +IParameter+ object based on the details
|
16
|
+
# provided.
|
17
|
+
#
|
18
|
+
# @param [String] name The parameter name.
|
19
|
+
# @param [String] value The parameter value.
|
20
|
+
# @param [Fixnum, #to_s] ptype The parameter type, as defined in the
|
21
|
+
# +IParameter+ interface.
|
22
|
+
# @return [IParameter] object based on the details provided.
|
23
|
+
def self.build_parameter(name, value, ptype)
|
24
|
+
$burp.helpers.buildParameter(name, value, ptype)
|
25
|
+
end
|
14
26
|
end
|
15
27
|
end
|
data/lib/buby/version.rb
CHANGED
data/lib/burp_interfaces.jar
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,30 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: buby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
version: 1.5.2
|
4
|
+
version: 1.6.0
|
6
5
|
platform: java
|
7
6
|
authors:
|
8
7
|
- Eric Monti, tduehr
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date: 2013-
|
11
|
+
date: 2013-11-07 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: rake-compiler
|
16
15
|
version_requirements: !ruby/object:Gem::Requirement
|
17
16
|
requirements:
|
18
|
-
- -
|
17
|
+
- - ~>
|
19
18
|
- !ruby/object:Gem::Version
|
20
19
|
version: 0.8.1
|
21
|
-
none: false
|
22
20
|
requirement: !ruby/object:Gem::Requirement
|
23
21
|
requirements:
|
24
|
-
- -
|
22
|
+
- - ~>
|
25
23
|
- !ruby/object:Gem::Version
|
26
24
|
version: 0.8.1
|
27
|
-
none: false
|
28
25
|
prerelease: false
|
29
26
|
type: :development
|
30
27
|
description: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
|
@@ -150,31 +147,28 @@ files:
|
|
150
147
|
- test/buby_test.rb
|
151
148
|
homepage: http://tduehr.github.com/buby
|
152
149
|
licenses: []
|
150
|
+
metadata: {}
|
153
151
|
post_install_message:
|
154
152
|
rdoc_options:
|
155
|
-
-
|
153
|
+
- --main
|
156
154
|
- README.rdoc
|
157
155
|
require_paths:
|
158
156
|
- lib
|
159
157
|
required_ruby_version: !ruby/object:Gem::Requirement
|
160
158
|
requirements:
|
161
|
-
- -
|
159
|
+
- - '>='
|
162
160
|
- !ruby/object:Gem::Version
|
163
|
-
version:
|
164
|
-
MA==
|
165
|
-
none: false
|
161
|
+
version: '0'
|
166
162
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
167
163
|
requirements:
|
168
|
-
- -
|
164
|
+
- - '>='
|
169
165
|
- !ruby/object:Gem::Version
|
170
|
-
version:
|
171
|
-
MA==
|
172
|
-
none: false
|
166
|
+
version: '0'
|
173
167
|
requirements: []
|
174
168
|
rubyforge_project:
|
175
|
-
rubygems_version: 1.
|
169
|
+
rubygems_version: 2.1.9
|
176
170
|
signing_key:
|
177
|
-
specification_version:
|
171
|
+
specification_version: 4
|
178
172
|
summary: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger
|
179
173
|
test_files:
|
180
174
|
- test/buby_test.rb
|