buby 1.1.6-java → 1.1.7-java
Sign up to get free protection for your applications and to get access to all the features.
- data/.bnsignore +27 -0
- data/History.txt +4 -0
- data/Rakefile +41 -25
- data/VERSION +1 -0
- data/buby.gemspec +43 -11
- data/java/buby.jar +0 -0
- data/java/src/BurpExtender.java +5 -5
- data/lib/buby.rb +3 -8
- data/test/buby_test.rb +2 -0
- metadata +9 -31
- data/spec/buby_spec.rb +0 -7
- data/spec/spec_helper.rb +0 -16
- data/tasks/ann.rake +0 -80
- data/tasks/bones.rake +0 -20
- data/tasks/gem.rake +0 -201
- data/tasks/git.rake +0 -40
- data/tasks/notes.rake +0 -27
- data/tasks/post_load.rake +0 -34
- data/tasks/rdoc.rake +0 -51
- data/tasks/rubyforge.rake +0 -55
- data/tasks/setup.rb +0 -292
- data/tasks/spec.rake +0 -54
- data/tasks/svn.rake +0 -47
- data/tasks/test.rake +0 -40
- data/tasks/zentest.rake +0 -36
- data/test/test_buby.rb +0 -0
data/.bnsignore
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# The list of files that should be ignored by Mr Bones.
|
2
|
+
# Lines that start with '#' are comments.
|
3
|
+
#
|
4
|
+
# A .gitignore file can be used instead by setting it as the ignore
|
5
|
+
# file in your Rakefile:
|
6
|
+
#
|
7
|
+
# PROJ.ignore_file = '.gitignore'
|
8
|
+
#
|
9
|
+
# For a project with a C extension, the following would be a good set of
|
10
|
+
# exclude patterns (uncomment them if you want to use them):
|
11
|
+
# *.[oa]
|
12
|
+
|
13
|
+
.*
|
14
|
+
*~
|
15
|
+
*.swp
|
16
|
+
.*.swp
|
17
|
+
announcement.txt
|
18
|
+
coverage*/
|
19
|
+
doc
|
20
|
+
pkg
|
21
|
+
experimental
|
22
|
+
reference
|
23
|
+
lib/burp.jar
|
24
|
+
*.class
|
25
|
+
*.gem
|
26
|
+
.DS_Store
|
27
|
+
|
data/History.txt
CHANGED
data/Rakefile
CHANGED
@@ -1,34 +1,50 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
require 'rake/clean'
|
4
4
|
|
5
5
|
begin
|
6
|
-
require '
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
6
|
+
require 'jeweler'
|
7
|
+
Jeweler::Tasks.new do |gem|
|
8
|
+
gem.name = "buby"
|
9
|
+
gem.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
|
10
|
+
gem.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
|
11
|
+
gem.email = "emonti@matasano.com"
|
12
|
+
gem.homepage = "http://emonti.github.com/buby"
|
13
|
+
gem.authors = ["Eric Monti - Matasano Security"]
|
14
|
+
gem.platform = "java"
|
15
|
+
gem.test_files = ["test/buby_test.rb"]
|
16
|
+
gem.require_paths << 'java'
|
17
|
+
gem.rdoc_options = ["--main", "README.rdoc"]
|
18
|
+
gem.extra_rdoc_files = ["History.txt", "README.rdoc", "bin/buby"]
|
13
19
|
end
|
20
|
+
rescue LoadError
|
21
|
+
puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
|
22
|
+
end
|
23
|
+
|
24
|
+
require 'rake/testtask'
|
25
|
+
Rake::TestTask.new(:test) do |test|
|
26
|
+
test.libs << 'lib' << 'test' << 'java'
|
27
|
+
test.pattern = 'test/**/*_test.rb'
|
28
|
+
test.verbose = true
|
14
29
|
end
|
15
30
|
|
16
|
-
|
17
|
-
ensure_in_path 'java'
|
18
|
-
require 'buby'
|
31
|
+
task :test => :check_dependencies
|
19
32
|
|
20
|
-
task :default =>
|
33
|
+
task :default => :test
|
21
34
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
PROJ.libs << "java"
|
30
|
-
PROJ.platform = 'java'
|
35
|
+
require 'rake/rdoctask'
|
36
|
+
Rake::RDocTask.new do |rdoc|
|
37
|
+
if File.exist?('VERSION')
|
38
|
+
version = File.read('VERSION')
|
39
|
+
else
|
40
|
+
version = ""
|
41
|
+
end
|
31
42
|
|
32
|
-
|
43
|
+
rdoc.rdoc_dir = 'rdoc'
|
44
|
+
rdoc.title = "buby #{version}"
|
45
|
+
rdoc.rdoc_files.include('README*')
|
46
|
+
rdoc.rdoc_files.include('History.txt')
|
47
|
+
rdoc.rdoc_files.include('bin/buby')
|
48
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
49
|
+
end
|
33
50
|
|
34
|
-
# EOF
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.1.7
|
data/buby.gemspec
CHANGED
@@ -1,37 +1,69 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
|
1
4
|
# -*- encoding: utf-8 -*-
|
2
5
|
|
3
6
|
Gem::Specification.new do |s|
|
4
7
|
s.name = %q{buby}
|
5
|
-
s.version = "1.1.
|
8
|
+
s.version = "1.1.7"
|
9
|
+
s.platform = %q{java}
|
6
10
|
|
7
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
12
|
s.authors = ["Eric Monti - Matasano Security"]
|
9
|
-
s.date = %q{2009-12-
|
13
|
+
s.date = %q{2009-12-29}
|
10
14
|
s.default_executable = %q{buby}
|
11
15
|
s.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
|
12
16
|
s.email = %q{emonti@matasano.com}
|
13
17
|
s.executables = ["buby"]
|
14
|
-
s.extra_rdoc_files = [
|
15
|
-
|
18
|
+
s.extra_rdoc_files = [
|
19
|
+
"History.txt",
|
20
|
+
"README.rdoc",
|
21
|
+
"bin/buby"
|
22
|
+
]
|
23
|
+
s.files = [
|
24
|
+
".bnsignore",
|
25
|
+
"History.txt",
|
26
|
+
"README.rdoc",
|
27
|
+
"Rakefile",
|
28
|
+
"VERSION",
|
29
|
+
"bin/buby",
|
30
|
+
"buby.gemspec",
|
31
|
+
"java/buby.jar",
|
32
|
+
"java/src/BurpExtender.java",
|
33
|
+
"java/src/burp/IBurpExtender.java",
|
34
|
+
"java/src/burp/IBurpExtenderCallbacks.java",
|
35
|
+
"java/src/burp/IHttpRequestResponse.java",
|
36
|
+
"java/src/burp/IScanIssue.java",
|
37
|
+
"java/src/burp/IScanQueueItem.java",
|
38
|
+
"lib/buby.rb",
|
39
|
+
"lib/buby/extends.rb",
|
40
|
+
"lib/buby/extends/buby_array_wrapper.rb",
|
41
|
+
"lib/buby/extends/http_request_response.rb",
|
42
|
+
"lib/buby/extends/scan_issue.rb",
|
43
|
+
"samples/drb_buby.rb",
|
44
|
+
"samples/drb_sample_cli.rb",
|
45
|
+
"samples/mechanize_burp.rb",
|
46
|
+
"samples/poc_generator.rb",
|
47
|
+
"samples/verb_tamperer.rb",
|
48
|
+
"samples/watch_scan.rb",
|
49
|
+
"test/buby_test.rb"
|
50
|
+
]
|
16
51
|
s.homepage = %q{http://emonti.github.com/buby}
|
17
52
|
s.rdoc_options = ["--main", "README.rdoc"]
|
18
53
|
s.require_paths = ["lib", "java"]
|
19
|
-
s.
|
20
|
-
s.rubygems_version = %q{1.3.3}
|
54
|
+
s.rubygems_version = %q{1.3.5}
|
21
55
|
s.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
|
22
|
-
s.test_files = [
|
56
|
+
s.test_files = [
|
57
|
+
"test/buby_test.rb"
|
58
|
+
]
|
23
59
|
|
24
|
-
s.platform = 'java'
|
25
60
|
if s.respond_to? :specification_version then
|
26
61
|
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
27
62
|
s.specification_version = 3
|
28
63
|
|
29
64
|
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
30
|
-
s.add_development_dependency(%q<bones>, [">= 2.5.1"])
|
31
65
|
else
|
32
|
-
s.add_dependency(%q<bones>, [">= 2.5.1"])
|
33
66
|
end
|
34
67
|
else
|
35
|
-
s.add_dependency(%q<bones>, [">= 2.5.1"])
|
36
68
|
end
|
37
69
|
end
|
data/java/buby.jar
CHANGED
Binary file
|
data/java/src/BurpExtender.java
CHANGED
@@ -167,7 +167,7 @@ public class BurpExtender implements IBurpExtender {
|
|
167
167
|
|
168
168
|
// prepare an alternate String message value to present to ruby
|
169
169
|
//String message_str = new String(message);
|
170
|
-
|
170
|
+
IRubyObject r_msg = to_ruby(rt, message);
|
171
171
|
|
172
172
|
IRubyObject pxy_msg[] = {
|
173
173
|
to_ruby(rt, messageReference),
|
@@ -180,8 +180,7 @@ public class BurpExtender implements IBurpExtender {
|
|
180
180
|
to_ruby(rt, resourceType),
|
181
181
|
to_ruby(rt, statusCode),
|
182
182
|
to_ruby(rt, responseContentType),
|
183
|
-
|
184
|
-
to_ruby(rt, message),
|
183
|
+
r_msg,
|
185
184
|
r_action
|
186
185
|
};
|
187
186
|
|
@@ -189,8 +188,9 @@ public class BurpExtender implements IBurpExtender {
|
|
189
188
|
action[0] = ((int[]) JavaUtil.convertRubyToJava(r_action))[0];
|
190
189
|
|
191
190
|
IRubyObject ret = r_obj.callMethod(ctx(r_obj), PROXYMSG_METH, pxy_msg);
|
192
|
-
|
193
|
-
|
191
|
+
if(ret != r_msg) {
|
192
|
+
return (byte[]) JavaUtil.convertRubyToJava(ret);
|
193
|
+
}
|
194
194
|
}
|
195
195
|
|
196
196
|
return message;
|
data/lib/buby.rb
CHANGED
@@ -82,7 +82,6 @@ include_class 'BurpExtender'
|
|
82
82
|
class Buby
|
83
83
|
|
84
84
|
# :stopdoc:
|
85
|
-
VERSION = '1.1.6'
|
86
85
|
LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
|
87
86
|
PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
|
88
87
|
# :startdoc:
|
@@ -385,9 +384,11 @@ class Buby
|
|
385
384
|
# which expects a message string
|
386
385
|
def evt_proxy_message_raw msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action
|
387
386
|
pp [:evt_proxy_message_raw_hit, msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action ] if $DEBUG
|
387
|
+
|
388
388
|
str_msg = String.from_java_bytes(message)
|
389
389
|
ret = evt_proxy_message(msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, str_msg, action)
|
390
|
-
|
390
|
+
|
391
|
+
message = ret.to_java_bytes if ret.object_id != str_msg.object_id
|
391
392
|
return message
|
392
393
|
end
|
393
394
|
|
@@ -754,12 +755,6 @@ class Buby
|
|
754
755
|
Dir.glob(search_me).sort.each {|rb| require rb}
|
755
756
|
end
|
756
757
|
|
757
|
-
# Returns the version string for the library.
|
758
|
-
#
|
759
|
-
def self.version
|
760
|
-
VERSION
|
761
|
-
end
|
762
|
-
|
763
758
|
end # Buby
|
764
759
|
|
765
760
|
|
data/test/buby_test.rb
ADDED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: buby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.7
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Eric Monti - Matasano Security
|
@@ -9,19 +9,10 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-12-
|
12
|
+
date: 2009-12-29 00:00:00 -06:00
|
13
13
|
default_executable: buby
|
14
|
-
dependencies:
|
15
|
-
|
16
|
-
name: bones
|
17
|
-
type: :development
|
18
|
-
version_requirement:
|
19
|
-
version_requirements: !ruby/object:Gem::Requirement
|
20
|
-
requirements:
|
21
|
-
- - ">="
|
22
|
-
- !ruby/object:Gem::Version
|
23
|
-
version: 2.5.1
|
24
|
-
version:
|
14
|
+
dependencies: []
|
15
|
+
|
25
16
|
description: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
|
26
17
|
email: emonti@matasano.com
|
27
18
|
executables:
|
@@ -33,9 +24,11 @@ extra_rdoc_files:
|
|
33
24
|
- README.rdoc
|
34
25
|
- bin/buby
|
35
26
|
files:
|
27
|
+
- .bnsignore
|
36
28
|
- History.txt
|
37
29
|
- README.rdoc
|
38
30
|
- Rakefile
|
31
|
+
- VERSION
|
39
32
|
- bin/buby
|
40
33
|
- buby.gemspec
|
41
34
|
- java/buby.jar
|
@@ -56,22 +49,7 @@ files:
|
|
56
49
|
- samples/poc_generator.rb
|
57
50
|
- samples/verb_tamperer.rb
|
58
51
|
- samples/watch_scan.rb
|
59
|
-
-
|
60
|
-
- spec/spec_helper.rb
|
61
|
-
- tasks/ann.rake
|
62
|
-
- tasks/bones.rake
|
63
|
-
- tasks/gem.rake
|
64
|
-
- tasks/git.rake
|
65
|
-
- tasks/notes.rake
|
66
|
-
- tasks/post_load.rake
|
67
|
-
- tasks/rdoc.rake
|
68
|
-
- tasks/rubyforge.rake
|
69
|
-
- tasks/setup.rb
|
70
|
-
- tasks/spec.rake
|
71
|
-
- tasks/svn.rake
|
72
|
-
- tasks/test.rake
|
73
|
-
- tasks/zentest.rake
|
74
|
-
- test/test_buby.rb
|
52
|
+
- test/buby_test.rb
|
75
53
|
has_rdoc: true
|
76
54
|
homepage: http://emonti.github.com/buby
|
77
55
|
licenses: []
|
@@ -97,10 +75,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
97
75
|
version:
|
98
76
|
requirements: []
|
99
77
|
|
100
|
-
rubyforge_project:
|
78
|
+
rubyforge_project:
|
101
79
|
rubygems_version: 1.3.5
|
102
80
|
signing_key:
|
103
81
|
specification_version: 3
|
104
82
|
summary: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger
|
105
83
|
test_files:
|
106
|
-
- test/
|
84
|
+
- test/buby_test.rb
|
data/spec/buby_spec.rb
DELETED
data/spec/spec_helper.rb
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
|
2
|
-
require File.expand_path(
|
3
|
-
File.join(File.dirname(__FILE__), %w[.. lib buby]))
|
4
|
-
|
5
|
-
Spec::Runner.configure do |config|
|
6
|
-
# == Mock Framework
|
7
|
-
#
|
8
|
-
# RSpec uses it's own mocking framework by default. If you prefer to
|
9
|
-
# use mocha, flexmock or RR, uncomment the appropriate line:
|
10
|
-
#
|
11
|
-
# config.mock_with :mocha
|
12
|
-
# config.mock_with :flexmock
|
13
|
-
# config.mock_with :rr
|
14
|
-
end
|
15
|
-
|
16
|
-
# EOF
|
data/tasks/ann.rake
DELETED
@@ -1,80 +0,0 @@
|
|
1
|
-
|
2
|
-
begin
|
3
|
-
require 'bones/smtp_tls'
|
4
|
-
rescue LoadError
|
5
|
-
require 'net/smtp'
|
6
|
-
end
|
7
|
-
require 'time'
|
8
|
-
|
9
|
-
namespace :ann do
|
10
|
-
|
11
|
-
# A prerequisites task that all other tasks depend upon
|
12
|
-
task :prereqs
|
13
|
-
|
14
|
-
file PROJ.ann.file do
|
15
|
-
ann = PROJ.ann
|
16
|
-
puts "Generating #{ann.file}"
|
17
|
-
File.open(ann.file,'w') do |fd|
|
18
|
-
fd.puts("#{PROJ.name} version #{PROJ.version}")
|
19
|
-
fd.puts(" by #{Array(PROJ.authors).first}") if PROJ.authors
|
20
|
-
fd.puts(" #{PROJ.url}") if PROJ.url.valid?
|
21
|
-
fd.puts(" (the \"#{PROJ.release_name}\" release)") if PROJ.release_name
|
22
|
-
fd.puts
|
23
|
-
fd.puts("== DESCRIPTION")
|
24
|
-
fd.puts
|
25
|
-
fd.puts(PROJ.description)
|
26
|
-
fd.puts
|
27
|
-
fd.puts(PROJ.changes.sub(%r/^.*$/, '== CHANGES'))
|
28
|
-
fd.puts
|
29
|
-
ann.paragraphs.each do |p|
|
30
|
-
fd.puts "== #{p.upcase}"
|
31
|
-
fd.puts
|
32
|
-
fd.puts paragraphs_of(PROJ.readme_file, p).join("\n\n")
|
33
|
-
fd.puts
|
34
|
-
end
|
35
|
-
fd.puts ann.text if ann.text
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
desc "Create an announcement file"
|
40
|
-
task :announcement => ['ann:prereqs', PROJ.ann.file]
|
41
|
-
|
42
|
-
desc "Send an email announcement"
|
43
|
-
task :email => ['ann:prereqs', PROJ.ann.file] do
|
44
|
-
ann = PROJ.ann
|
45
|
-
from = ann.email[:from] || Array(PROJ.authors).first || PROJ.email
|
46
|
-
to = Array(ann.email[:to])
|
47
|
-
|
48
|
-
### build a mail header for RFC 822
|
49
|
-
rfc822msg = "From: #{from}\n"
|
50
|
-
rfc822msg << "To: #{to.join(',')}\n"
|
51
|
-
rfc822msg << "Subject: [ANN] #{PROJ.name} #{PROJ.version}"
|
52
|
-
rfc822msg << " (#{PROJ.release_name})" if PROJ.release_name
|
53
|
-
rfc822msg << "\n"
|
54
|
-
rfc822msg << "Date: #{Time.new.rfc822}\n"
|
55
|
-
rfc822msg << "Message-Id: "
|
56
|
-
rfc822msg << "<#{"%.8f" % Time.now.to_f}@#{ann.email[:domain]}>\n\n"
|
57
|
-
rfc822msg << File.read(ann.file)
|
58
|
-
|
59
|
-
params = [:server, :port, :domain, :acct, :passwd, :authtype].map do |key|
|
60
|
-
ann.email[key]
|
61
|
-
end
|
62
|
-
|
63
|
-
params[3] = PROJ.email if params[3].nil?
|
64
|
-
|
65
|
-
if params[4].nil?
|
66
|
-
STDOUT.write "Please enter your e-mail password (#{params[3]}): "
|
67
|
-
params[4] = STDIN.gets.chomp
|
68
|
-
end
|
69
|
-
|
70
|
-
### send email
|
71
|
-
Net::SMTP.start(*params) {|smtp| smtp.sendmail(rfc822msg, from, to)}
|
72
|
-
end
|
73
|
-
end # namespace :ann
|
74
|
-
|
75
|
-
desc 'Alias to ann:announcement'
|
76
|
-
task :ann => 'ann:announcement'
|
77
|
-
|
78
|
-
CLOBBER << PROJ.ann.file
|
79
|
-
|
80
|
-
# EOF
|