buby 1.1.7-java → 1.2.0-java
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +7 -0
- data/README.rdoc +1 -2
- data/Rakefile +3 -2
- data/VERSION +1 -1
- data/buby.gemspec +12 -9
- data/java/buby.jar +0 -0
- data/java/src/BurpExtender.java +17 -0
- data/java/src/burp/IBurpExtender.java +56 -12
- data/java/src/burp/IBurpExtenderCallbacks.java +93 -36
- data/java/src/burp/IHttpRequestResponse.java +119 -26
- data/java/src/burp/IMenuItemHandler.java +40 -0
- data/java/src/burp/IScanIssue.java +100 -26
- data/java/src/burp/IScanQueueItem.java +71 -15
- data/lib/buby.rb +28 -6
- data/samples/menu_copy_req.rb +44 -0
- metadata +58 -48
- data/.bnsignore +0 -27
data/.gitignore
ADDED
data/README.rdoc
CHANGED
@@ -44,8 +44,7 @@ You should be able to get up and running with just the gem and a copy of Burp.
|
|
44
44
|
I've packaged up a pre-built buby.jar file containing the required classes
|
45
45
|
minus ofcourse, Burp itself.
|
46
46
|
|
47
|
-
jruby -S gem
|
48
|
-
jruby -S gem install emonti-buby
|
47
|
+
(sudo)? jruby -S gem install buby --source=http://gemcutter.org
|
49
48
|
|
50
49
|
* IMPORTANT: The buby gem doesn't include a copy of Burp! See manual step #5
|
51
50
|
below. For best results, you'll still want to make your burp.jar available
|
data/Rakefile
CHANGED
@@ -8,15 +8,16 @@ begin
|
|
8
8
|
gem.name = "buby"
|
9
9
|
gem.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
|
10
10
|
gem.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
|
11
|
-
gem.email = "emonti@matasano.com"
|
11
|
+
gem.email = "emonti@matasano.com, td@matasano.com"
|
12
12
|
gem.homepage = "http://emonti.github.com/buby"
|
13
|
-
gem.authors = ["Eric Monti
|
13
|
+
gem.authors = ["Eric Monti, tduehr"]
|
14
14
|
gem.platform = "java"
|
15
15
|
gem.test_files = ["test/buby_test.rb"]
|
16
16
|
gem.require_paths << 'java'
|
17
17
|
gem.rdoc_options = ["--main", "README.rdoc"]
|
18
18
|
gem.extra_rdoc_files = ["History.txt", "README.rdoc", "bin/buby"]
|
19
19
|
end
|
20
|
+
Jeweler::GemcutterTasks.new
|
20
21
|
rescue LoadError
|
21
22
|
puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
|
22
23
|
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.2.0
|
data/buby.gemspec
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
# Generated by jeweler
|
2
|
-
# DO NOT EDIT THIS FILE
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{buby}
|
8
|
-
s.version = "1.
|
8
|
+
s.version = "1.2.0"
|
9
9
|
s.platform = %q{java}
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
|
-
s.authors = ["Eric Monti
|
13
|
-
s.date = %q{
|
12
|
+
s.authors = ["Eric Monti, tduehr"]
|
13
|
+
s.date = %q{2010-08-29}
|
14
14
|
s.default_executable = %q{buby}
|
15
15
|
s.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
|
16
|
-
s.email = %q{emonti@matasano.com}
|
16
|
+
s.email = %q{emonti@matasano.com, td@matasano.com}
|
17
17
|
s.executables = ["buby"]
|
18
18
|
s.extra_rdoc_files = [
|
19
19
|
"History.txt",
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
|
|
21
21
|
"bin/buby"
|
22
22
|
]
|
23
23
|
s.files = [
|
24
|
-
".
|
24
|
+
".gitignore",
|
25
25
|
"History.txt",
|
26
26
|
"README.rdoc",
|
27
27
|
"Rakefile",
|
@@ -33,6 +33,7 @@ Gem::Specification.new do |s|
|
|
33
33
|
"java/src/burp/IBurpExtender.java",
|
34
34
|
"java/src/burp/IBurpExtenderCallbacks.java",
|
35
35
|
"java/src/burp/IHttpRequestResponse.java",
|
36
|
+
"java/src/burp/IMenuItemHandler.java",
|
36
37
|
"java/src/burp/IScanIssue.java",
|
37
38
|
"java/src/burp/IScanQueueItem.java",
|
38
39
|
"lib/buby.rb",
|
@@ -43,6 +44,7 @@ Gem::Specification.new do |s|
|
|
43
44
|
"samples/drb_buby.rb",
|
44
45
|
"samples/drb_sample_cli.rb",
|
45
46
|
"samples/mechanize_burp.rb",
|
47
|
+
"samples/menu_copy_req.rb",
|
46
48
|
"samples/poc_generator.rb",
|
47
49
|
"samples/verb_tamperer.rb",
|
48
50
|
"samples/watch_scan.rb",
|
@@ -50,8 +52,8 @@ Gem::Specification.new do |s|
|
|
50
52
|
]
|
51
53
|
s.homepage = %q{http://emonti.github.com/buby}
|
52
54
|
s.rdoc_options = ["--main", "README.rdoc"]
|
53
|
-
s.require_paths = ["lib", "java"]
|
54
|
-
s.rubygems_version = %q{1.3.
|
55
|
+
s.require_paths = ["lib", "java", "java"]
|
56
|
+
s.rubygems_version = %q{1.3.6}
|
55
57
|
s.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
|
56
58
|
s.test_files = [
|
57
59
|
"test/buby_test.rb"
|
@@ -67,3 +69,4 @@ Gem::Specification.new do |s|
|
|
67
69
|
else
|
68
70
|
end
|
69
71
|
end
|
72
|
+
|
data/java/buby.jar
CHANGED
Binary file
|
data/java/src/BurpExtender.java
CHANGED
@@ -291,5 +291,22 @@ public class BurpExtender implements IBurpExtender {
|
|
291
291
|
*/
|
292
292
|
public final static int ACTION_DROP = 3;
|
293
293
|
|
294
|
+
/**
|
295
|
+
* Causes Burp Proxy to follow the current interception rules to determine
|
296
|
+
* the appropriate action to take for the message, and then make a second
|
297
|
+
* call to processProxyMessage.
|
298
|
+
*/
|
299
|
+
public final static int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
|
300
|
+
/**
|
301
|
+
* Causes Burp Proxy to present the message to the user for manual
|
302
|
+
* review or modification, and then make a second call to
|
303
|
+
* processProxyMessage.
|
304
|
+
*/
|
305
|
+
public final static int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
|
306
|
+
/**
|
307
|
+
* Causes Burp Proxy to skip user interception, and then make a second call
|
308
|
+
* to processProxyMessage.
|
309
|
+
*/
|
310
|
+
public final static int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
|
294
311
|
}
|
295
312
|
|
@@ -3,8 +3,11 @@ package burp;
|
|
3
3
|
/*
|
4
4
|
* @(#)IBurpExtender.java
|
5
5
|
*
|
6
|
-
* Copyright
|
7
|
-
*
|
6
|
+
* Copyright PortSwigger Ltd. All rights reserved.
|
7
|
+
*
|
8
|
+
* This code may be used to extend the functionality of Burp Suite and Burp
|
9
|
+
* Suite Professional, provided that this usage does not violate the
|
10
|
+
* license terms for those products.
|
8
11
|
*/
|
9
12
|
|
10
13
|
/**
|
@@ -27,9 +30,10 @@ package burp;
|
|
27
30
|
* class burp.BurpExtender, use the following command to launch Burp Suite and
|
28
31
|
* load the IBurpExtender implementation:<p>
|
29
32
|
*
|
30
|
-
* <PRE>
|
31
|
-
*
|
32
|
-
*
|
33
|
+
* <PRE> java -classpath burp.jar;BurpProxyExtender.jar burp.StartBurp</PRE>
|
34
|
+
*
|
35
|
+
* (On Linux-based platforms, use a colon character instead of the semi-colon
|
36
|
+
* as the classpath separator.)
|
33
37
|
*/
|
34
38
|
|
35
39
|
public interface IBurpExtender
|
@@ -44,7 +48,6 @@ public interface IBurpExtender
|
|
44
48
|
*/
|
45
49
|
public void setCommandLineArgs(String[] args);
|
46
50
|
|
47
|
-
|
48
51
|
/**
|
49
52
|
* This method is invoked by Burp Proxy whenever a client request or server
|
50
53
|
* response is received. It allows implementations to perform logging
|
@@ -108,10 +111,25 @@ public interface IBurpExtender
|
|
108
111
|
/**
|
109
112
|
* Causes Burp Proxy to drop the message and close the client connection.
|
110
113
|
*/
|
111
|
-
public final static int ACTION_DROP = 3;
|
112
|
-
|
113
|
-
|
114
|
-
|
114
|
+
public final static int ACTION_DROP = 3;
|
115
|
+
/**
|
116
|
+
* Causes Burp Proxy to follow the current interception rules to determine
|
117
|
+
* the appropriate action to take for the message, and then make a second
|
118
|
+
* call to processProxyMessage.
|
119
|
+
*/
|
120
|
+
public final static int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
|
121
|
+
/**
|
122
|
+
* Causes Burp Proxy to present the message to the user for manual
|
123
|
+
* review or modification, and then make a second call to
|
124
|
+
* processProxyMessage.
|
125
|
+
*/
|
126
|
+
public final static int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
|
127
|
+
/**
|
128
|
+
* Causes Burp Proxy to skip user interception, and then make a second call
|
129
|
+
* to processProxyMessage.
|
130
|
+
*/
|
131
|
+
public final static int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
|
132
|
+
|
115
133
|
/**
|
116
134
|
* This method is invoked on startup. It registers an instance of the
|
117
135
|
* <code>IBurpExtenderCallbacks</code> interface, providing methods that
|
@@ -125,12 +143,38 @@ public interface IBurpExtender
|
|
125
143
|
*/
|
126
144
|
public void registerExtenderCallbacks(burp.IBurpExtenderCallbacks callbacks);
|
127
145
|
|
128
|
-
|
129
|
-
|
130
146
|
/**
|
131
147
|
* This method is invoked immediately before Burp Suite exits.
|
132
148
|
* It allows implementations to carry out any clean-up actions necessary
|
133
149
|
* (e.g. flushing log files or closing database resources).
|
134
150
|
*/
|
135
151
|
public void applicationClosing();
|
152
|
+
|
153
|
+
/**
|
154
|
+
* This method is invoked whenever any of Burp's tools makes an HTTP request
|
155
|
+
* or receives a response. It allows extensions to intercept and modify the
|
156
|
+
* HTTP traffic of all Burp tools. For each request, the method is invoked
|
157
|
+
* after the request has been fully processed by the invoking tool and is
|
158
|
+
* about to be made on the network. For each response, the method is invoked
|
159
|
+
* after the response has been received from the network and before any
|
160
|
+
* processing is performed by the invoking tool.
|
161
|
+
*
|
162
|
+
* @param toolName The name of the Burp tool which is making the request.
|
163
|
+
* @param messageIsRequest Indicates whether the message is a request or
|
164
|
+
* response.
|
165
|
+
* @param messageInfo Details of the HTTP message.
|
166
|
+
*/
|
167
|
+
public void processHttpMessage(
|
168
|
+
String toolName,
|
169
|
+
boolean messageIsRequest,
|
170
|
+
IHttpRequestResponse messageInfo);
|
171
|
+
|
172
|
+
/**
|
173
|
+
* This method is invoked whenever Burp Scanner discovers a new, unique
|
174
|
+
* issue, and can be used to perform customised reporting or logging of issues.
|
175
|
+
*
|
176
|
+
* @param issue Details of the new scan issue.
|
177
|
+
*/
|
178
|
+
public void newScanIssue(IScanIssue issue);
|
179
|
+
|
136
180
|
}
|
@@ -3,8 +3,11 @@ package burp;
|
|
3
3
|
/*
|
4
4
|
* @(#)IBurpExtenderCallbacks.java
|
5
5
|
*
|
6
|
-
* Copyright
|
7
|
-
*
|
6
|
+
* Copyright PortSwigger Ltd. All rights reserved.
|
7
|
+
*
|
8
|
+
* This code may be used to extend the functionality of Burp Suite and Burp
|
9
|
+
* Suite Professional, provided that this usage does not violate the
|
10
|
+
* license terms for those products.
|
8
11
|
*/
|
9
12
|
|
10
13
|
/**
|
@@ -31,6 +34,7 @@ public interface IBurpExtenderCallbacks
|
|
31
34
|
* @param useHttps Flags whether the protocol is HTTPS or HTTP.
|
32
35
|
* @param request The full HTTP request.
|
33
36
|
* @return The full response retrieved from the remote server.
|
37
|
+
* @throws java.lang.Exception
|
34
38
|
*/
|
35
39
|
public byte[] makeHttpRequest(
|
36
40
|
String host,
|
@@ -50,6 +54,7 @@ public interface IBurpExtenderCallbacks
|
|
50
54
|
* @param tabCaption An optional caption which will appear on the Repeater
|
51
55
|
* tab containing the request. If this value is <code>null</code> then a
|
52
56
|
* default tab index will be displayed.
|
57
|
+
* @throws java.lang.Exception
|
53
58
|
*/
|
54
59
|
public void sendToRepeater(
|
55
60
|
String host,
|
@@ -68,6 +73,7 @@ public interface IBurpExtenderCallbacks
|
|
68
73
|
* @param port The port of the remote HTTP server.
|
69
74
|
* @param useHttps Flags whether the protocol is HTTPS or HTTP.
|
70
75
|
* @param request The full HTTP request.
|
76
|
+
* @throws java.lang.Exception
|
71
77
|
*/
|
72
78
|
public void sendToIntruder(
|
73
79
|
String host,
|
@@ -83,6 +89,7 @@ public interface IBurpExtenderCallbacks
|
|
83
89
|
* Spider will process the application's response in the normal way.
|
84
90
|
*
|
85
91
|
* @param url The new seed URL to begin spidering from.
|
92
|
+
* @throws java.lang.Exception
|
86
93
|
*/
|
87
94
|
public void sendToSpider(
|
88
95
|
java.net.URL url) throws Exception;
|
@@ -97,8 +104,10 @@ public interface IBurpExtenderCallbacks
|
|
97
104
|
* @param port The port of the remote HTTP server.
|
98
105
|
* @param useHttps Flags whether the protocol is HTTPS or HTTP.
|
99
106
|
* @param request The full HTTP request.
|
107
|
+
* @return The resulting scan queue item.
|
108
|
+
* @throws java.lang.Exception
|
100
109
|
*/
|
101
|
-
public
|
110
|
+
public IScanQueueItem doActiveScan(
|
102
111
|
String host,
|
103
112
|
int port,
|
104
113
|
boolean useHttps,
|
@@ -113,6 +122,7 @@ public interface IBurpExtenderCallbacks
|
|
113
122
|
* @param useHttps Flags whether the protocol is HTTPS or HTTP.
|
114
123
|
* @param request The full HTTP request.
|
115
124
|
* @param response The full HTTP response.
|
125
|
+
* @throws java.lang.Exception
|
116
126
|
*/
|
117
127
|
public void doPassiveScan(
|
118
128
|
String host,
|
@@ -128,6 +138,7 @@ public interface IBurpExtenderCallbacks
|
|
128
138
|
* @param url The URL to query.
|
129
139
|
* @return Returns <code>true</code> if the URL is within the current
|
130
140
|
* Suite-wide scope.
|
141
|
+
* @throws java.lang.Exception
|
131
142
|
*/
|
132
143
|
boolean isInScope(java.net.URL url) throws Exception;
|
133
144
|
|
@@ -136,6 +147,7 @@ public interface IBurpExtenderCallbacks
|
|
136
147
|
* scope.
|
137
148
|
*
|
138
149
|
* @param url The URL to include in the Suite-wide scope.
|
150
|
+
* @throws java.lang.Exception
|
139
151
|
*/
|
140
152
|
void includeInScope(java.net.URL url) throws Exception;
|
141
153
|
|
@@ -144,6 +156,7 @@ public interface IBurpExtenderCallbacks
|
|
144
156
|
* scope.
|
145
157
|
*
|
146
158
|
* @param url The URL to exclude from the Suite-wide scope.
|
159
|
+
* @throws java.lang.Exception
|
147
160
|
*/
|
148
161
|
void excludeFromScope(java.net.URL url) throws Exception;
|
149
162
|
|
@@ -154,58 +167,102 @@ public interface IBurpExtenderCallbacks
|
|
154
167
|
* @param message The alert message to display.
|
155
168
|
*/
|
156
169
|
public void issueAlert(String message);
|
157
|
-
|
158
|
-
/**
|
159
|
-
* New stuff added as of v1.2.11.
|
160
|
-
* The new IBurpExtenderCallbacks interface adds several new methods
|
161
|
-
* which you can invoke to query and update Burp's state, and to parse raw
|
162
|
-
* HTTP messages for parameters and headers.
|
163
|
-
*/
|
164
|
-
|
170
|
+
|
165
171
|
/**
|
166
|
-
*
|
172
|
+
* This method returns details of all items in the proxy history.
|
173
|
+
*
|
174
|
+
* @return The contents of the proxy history.
|
167
175
|
*/
|
168
176
|
public IHttpRequestResponse[] getProxyHistory();
|
169
|
-
|
177
|
+
|
170
178
|
/**
|
171
|
-
*
|
179
|
+
* This method returns details of items in the site map.
|
180
|
+
*
|
181
|
+
* @param urlPrefix This parameter can be used to specify a URL prefix, in
|
182
|
+
* order to extract a specific subset of the site map. The method performs
|
183
|
+
* a simple case-sensitive text match, returning all site
|
184
|
+
* map items whose URL begins with the specified prefix. If this parameter
|
185
|
+
* is null, the entire site map is returned.
|
186
|
+
* @return Details of items in the site map.
|
172
187
|
*/
|
173
188
|
public IHttpRequestResponse[] getSiteMap(String urlPrefix);
|
174
|
-
|
175
|
-
/**
|
176
|
-
* This method returns all of the current scan issues for URLs matching
|
177
|
-
* the specified literal prefix.
|
178
|
-
* The prefix can be null to match all issues.
|
179
|
-
*
|
180
|
-
* Added in v1.2.15.
|
181
|
-
*/
|
182
|
-
public IScanIssue[] getScanIssues(String urlPrefix);
|
183
|
-
|
189
|
+
|
184
190
|
/**
|
185
|
-
*
|
191
|
+
* This method can be used to restore Burp's state from a specified
|
192
|
+
* saved state file. This method blocks until the restore operation is
|
193
|
+
* completed, and must not be called from the event thread.
|
194
|
+
*
|
195
|
+
* @param file The file containing Burp's saved state.
|
196
|
+
* @throws java.lang.Exception
|
186
197
|
*/
|
187
198
|
public void restoreState(java.io.File file) throws Exception;
|
188
|
-
|
199
|
+
|
189
200
|
/**
|
190
|
-
*
|
201
|
+
* This method can be used to save Burp's state to a specified file.
|
202
|
+
* This method blocks until the save operation is completed, and must not be
|
203
|
+
* called from the event thread.
|
204
|
+
*
|
205
|
+
* @param file The file to save Burp's state in.
|
206
|
+
* @throws java.lang.Exception
|
191
207
|
*/
|
192
208
|
public void saveState(java.io.File file) throws Exception;
|
193
|
-
|
209
|
+
|
194
210
|
/**
|
195
|
-
*
|
211
|
+
* This method parses the specified request and returns details of each
|
212
|
+
* request parameter.
|
213
|
+
*
|
214
|
+
* @param request The request to be parsed.
|
215
|
+
* @return An array of:
|
216
|
+
* <code>String[] { name, value, type }</code>
|
217
|
+
* containing details of the parameters contained within the request.
|
218
|
+
* @throws java.lang.Exception
|
196
219
|
*/
|
197
220
|
public String[][] getParameters(byte[] request) throws Exception;
|
198
|
-
|
221
|
+
|
199
222
|
/**
|
200
|
-
*
|
223
|
+
* This method parses the specified request and returns details of each
|
224
|
+
* HTTP header.
|
225
|
+
*
|
226
|
+
* @param message The request to be parsed.
|
227
|
+
* @return An array of HTTP headers.
|
228
|
+
* @throws java.lang.Exception
|
201
229
|
*/
|
202
230
|
public String[] getHeaders(byte[] message) throws Exception;
|
231
|
+
|
232
|
+
/**
|
233
|
+
* This method returns all of the current scan issues for URLs matching the
|
234
|
+
* specified literal prefix.
|
235
|
+
*
|
236
|
+
* @param urlPrefix This parameter can be used to specify a URL prefix, in
|
237
|
+
* order to extract a specific subset of scan issues. The method performs
|
238
|
+
* a simple case-sensitive text match, returning all scan issues whose URL
|
239
|
+
* begins with the specified prefix. If this parameter is null, all issues
|
240
|
+
* are returned.
|
241
|
+
* @return Details of the scan issues.
|
242
|
+
*/
|
243
|
+
public IScanIssue[] getScanIssues(String urlPrefix);
|
244
|
+
|
245
|
+
/**
|
246
|
+
*
|
247
|
+
* This method can be used to register a new menu item which will appear
|
248
|
+
* on the various context menus that are used throughout Burp Suite to
|
249
|
+
* handle user-driven actions.
|
250
|
+
*
|
251
|
+
* @param menuItemCaption The caption to be displayed on the menu item.
|
252
|
+
* @param menuItemHandler The handler to be invoked when the user clicks
|
253
|
+
* on the menu item.
|
254
|
+
*/
|
255
|
+
public void registerMenuItem(
|
256
|
+
String menuItemCaption,
|
257
|
+
IMenuItemHandler menuItemHandler);
|
203
258
|
|
204
259
|
/**
|
205
|
-
*
|
206
|
-
*
|
207
|
-
*
|
208
|
-
*
|
260
|
+
* This method can be used to shut down Burp programmatically, with an
|
261
|
+
* optional prompt to the user. If the method returns, the user cancelled
|
262
|
+
* the shutdown prompt.
|
263
|
+
*
|
264
|
+
* @param promptUser Indicates whether to prompt the user to confirm the
|
265
|
+
* shutdown.
|
209
266
|
*/
|
210
|
-
public void exitSuite(boolean promptUser);
|
267
|
+
public void exitSuite(boolean promptUser);
|
211
268
|
}
|
@@ -1,32 +1,125 @@
|
|
1
1
|
package burp;
|
2
2
|
|
3
|
-
|
3
|
+
/*
|
4
|
+
* @(#)IHttpRequestResponse.java
|
5
|
+
*
|
6
|
+
* Copyright PortSwigger Ltd. All rights reserved.
|
7
|
+
*
|
8
|
+
* This code may be used to extend the functionality of Burp Suite and Burp
|
9
|
+
* Suite Professional, provided that this usage does not violate the
|
10
|
+
* license terms for those products.
|
11
|
+
*/
|
12
|
+
|
13
|
+
/**
|
14
|
+
* This interface is used to allow extensions to access details of HTTP messages
|
15
|
+
* that are processed within Burp.
|
16
|
+
*
|
17
|
+
* Note that the setter methods generally can only be used before the message
|
18
|
+
* has been forwarded to the application (e.g. using
|
19
|
+
* IBurpExtender.processHttpMessage()) and not in read-only contexts (e.g. using
|
20
|
+
* IBurpExtender.getProxyHistory()). Conversely, the getter methods relating to
|
21
|
+
* response details can only be used after the message has been forwarded to the
|
22
|
+
* application.
|
23
|
+
*/
|
4
24
|
|
5
25
|
public interface IHttpRequestResponse
|
6
26
|
{
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
27
|
+
/**
|
28
|
+
* Returns the name of the application host.
|
29
|
+
*
|
30
|
+
* @return The name of the application host.
|
31
|
+
*/
|
32
|
+
String getHost();
|
33
|
+
|
34
|
+
/**
|
35
|
+
* Returns the port number used by the application.
|
36
|
+
*
|
37
|
+
* @return The port number used by the application.
|
38
|
+
*/
|
39
|
+
int getPort();
|
40
|
+
|
41
|
+
/**
|
42
|
+
* Returns the protocol used by the application.
|
43
|
+
*
|
44
|
+
* @return The protocol used by the application.
|
45
|
+
*/
|
46
|
+
String getProtocol();
|
47
|
+
|
48
|
+
/**
|
49
|
+
* Sets the name of the application host to which the request should
|
50
|
+
* be sent.
|
51
|
+
*
|
52
|
+
* @param host The name of the application host to which the request should
|
53
|
+
* be sent.
|
54
|
+
* @throws java.lang.Exception
|
55
|
+
*/
|
56
|
+
void setHost(String host) throws Exception;
|
57
|
+
|
58
|
+
/**
|
59
|
+
* Sets the port number to which the request should be sent.
|
60
|
+
*
|
61
|
+
* @param port The port number to which the request should be sent.
|
62
|
+
* @throws java.lang.Exception
|
63
|
+
*/
|
64
|
+
void setPort(int port) throws Exception;
|
65
|
+
|
66
|
+
/**
|
67
|
+
* Sets the protocol which should be used by the request.
|
68
|
+
*
|
69
|
+
* @param protocol The protocol which should be used by the request. Valid
|
70
|
+
* values are "http" and "https".
|
71
|
+
* @throws java.lang.Exception
|
72
|
+
*/
|
73
|
+
void setProtocol(String protocol) throws Exception;
|
74
|
+
|
75
|
+
/**
|
76
|
+
* Returns the full request contents.
|
77
|
+
*
|
78
|
+
* @return The full request contents.
|
79
|
+
* @throws java.lang.Exception
|
80
|
+
*/
|
81
|
+
byte[] getRequest() throws Exception;
|
82
|
+
|
83
|
+
/**
|
84
|
+
* Returns the URL within the request.
|
85
|
+
*
|
86
|
+
* @return The URL within the request.
|
87
|
+
* @throws java.lang.Exception
|
88
|
+
*/
|
89
|
+
java.net.URL getUrl() throws Exception;
|
90
|
+
|
91
|
+
/**
|
92
|
+
* Sets the request contents which should be sent to the application.
|
93
|
+
*
|
94
|
+
* @param message The request contents which should be sent to the
|
95
|
+
* application.
|
96
|
+
* @throws java.lang.Exception
|
97
|
+
*/
|
98
|
+
void setRequest(byte[] message) throws Exception;
|
99
|
+
|
100
|
+
/**
|
101
|
+
* Returns the full response contents.
|
102
|
+
*
|
103
|
+
* @return The full response contents.
|
104
|
+
* @throws java.lang.Exception
|
105
|
+
*/
|
106
|
+
byte[] getResponse() throws Exception;
|
107
|
+
|
108
|
+
/**
|
109
|
+
* Sets the response contents which should be processed by the
|
110
|
+
* invoking Burp tool.
|
111
|
+
*
|
112
|
+
* @param message The response contents which should be processed by the
|
113
|
+
* invoking Burp tool.
|
114
|
+
* @throws java.lang.Exception
|
115
|
+
*/
|
116
|
+
void setResponse(byte[] message) throws Exception;
|
117
|
+
|
118
|
+
/**
|
119
|
+
* Returns the HTTP status code contained within the response.
|
120
|
+
*
|
121
|
+
* @return The HTTP status code contained within the response.
|
122
|
+
* @throws java.lang.Exception
|
123
|
+
*/
|
124
|
+
short getStatusCode() throws Exception;
|
32
125
|
}
|
@@ -0,0 +1,40 @@
|
|
1
|
+
package burp;
|
2
|
+
|
3
|
+
/*
|
4
|
+
* @(#)IMenuItemHandler.java
|
5
|
+
*
|
6
|
+
* Copyright PortSwigger Ltd. All rights reserved.
|
7
|
+
*
|
8
|
+
* This code may be used to extend the functionality of Burp Suite and Burp
|
9
|
+
* Suite Professional, provided that this usage does not violate the
|
10
|
+
* license terms for those products.
|
11
|
+
*/
|
12
|
+
|
13
|
+
/**
|
14
|
+
* This interface is used by implementations of the <code>IBurpExtender</code>
|
15
|
+
* interface to provide to Burp Suite a handler for one or more custom menu
|
16
|
+
* items, which appear on the various context menus that are used throughout
|
17
|
+
* Burp Suite to handle user-driven actions.
|
18
|
+
*
|
19
|
+
* Extensions which need to add custom menu items to Burp should provide an
|
20
|
+
* implementation of this interface, and use the <code>registerMenuItem</code>
|
21
|
+
* method of <code>IBurpExtenderCallbacks</code> to register each custom menu
|
22
|
+
* item.
|
23
|
+
*/
|
24
|
+
|
25
|
+
public interface IMenuItemHandler
|
26
|
+
{
|
27
|
+
/**
|
28
|
+
* This method is invoked by Burp Suite when the user clicks on a custom
|
29
|
+
* menu item which the extension has registered with Burp.
|
30
|
+
*
|
31
|
+
* @param menuItemCaption The caption of the menu item which was clicked.
|
32
|
+
* This parameter enables extensions to provide a single implementation
|
33
|
+
* which handles multiple different menu items.
|
34
|
+
* @param messageInfo Details of the HTTP message(s) for which the context
|
35
|
+
* menu was displayed.
|
36
|
+
*/
|
37
|
+
public void menuItemClicked(
|
38
|
+
String menuItemCaption,
|
39
|
+
IHttpRequestResponse[] messageInfo);
|
40
|
+
}
|
@@ -1,32 +1,106 @@
|
|
1
1
|
package burp;
|
2
2
|
|
3
|
-
|
3
|
+
/*
|
4
|
+
* @(#)IScanIssue.java
|
5
|
+
*
|
6
|
+
* Copyright PortSwigger Ltd. All rights reserved.
|
7
|
+
*
|
8
|
+
* This code may be used to extend the functionality of Burp Suite and Burp
|
9
|
+
* Suite Professional, provided that this usage does not violate the
|
10
|
+
* license terms for those products.
|
11
|
+
*/
|
12
|
+
|
13
|
+
/**
|
14
|
+
* This interface is used to allow extensions to access details of issues
|
15
|
+
* generated by Burp Scanner.
|
16
|
+
*/
|
4
17
|
|
5
18
|
public interface IScanIssue
|
6
19
|
{
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
20
|
+
/**
|
21
|
+
* Returns the name of the application host.
|
22
|
+
*
|
23
|
+
* @return The name of the application host.
|
24
|
+
*/
|
25
|
+
String getHost();
|
26
|
+
|
27
|
+
/**
|
28
|
+
* Returns the port number used by the application.
|
29
|
+
*
|
30
|
+
* @return The port number used by the application.
|
31
|
+
*/
|
32
|
+
int getPort();
|
33
|
+
|
34
|
+
/**
|
35
|
+
* Returns the protocol used by the application.
|
36
|
+
*
|
37
|
+
* @return The protocol used by the application.
|
38
|
+
*/
|
39
|
+
String getProtocol();
|
40
|
+
|
41
|
+
/**
|
42
|
+
* Returns the URL for which the issue was generated.
|
43
|
+
*
|
44
|
+
* @return The URL for which the issue was generated.
|
45
|
+
*/
|
46
|
+
java.net.URL getUrl();
|
47
|
+
|
48
|
+
/**
|
49
|
+
* Returns a descriptive name of the issue type.
|
50
|
+
*
|
51
|
+
* @return A descriptive name of the issue type (e.g. "SQL injection").
|
52
|
+
*/
|
53
|
+
String getIssueName();
|
54
|
+
|
55
|
+
/**
|
56
|
+
* Returns a descriptive name of the issue severity level.
|
57
|
+
*
|
58
|
+
* @return A descriptive name of the issue severity level (e.g. "High").
|
59
|
+
*/
|
60
|
+
String getSeverity();
|
61
|
+
|
62
|
+
/**
|
63
|
+
* Returns a descriptive name of the issue confidence level.
|
64
|
+
*
|
65
|
+
* @return A descriptive name of the issue confidence level (e.g. "Certain").
|
66
|
+
*/
|
67
|
+
String getConfidence();
|
68
|
+
|
69
|
+
/**
|
70
|
+
* Returns a general description of this type of issue.
|
71
|
+
*
|
72
|
+
* @return A general description of this type of issue.
|
73
|
+
*/
|
74
|
+
String getIssueBackground();
|
75
|
+
|
76
|
+
/**
|
77
|
+
* Returns a general description of the remediation for this type of issue.
|
78
|
+
*
|
79
|
+
* @return A general description of the remediation for this type of issue.
|
80
|
+
*/
|
81
|
+
String getRemediationBackground();
|
82
|
+
|
83
|
+
/**
|
84
|
+
* Returns detailed information about the specific instance of the issue.
|
85
|
+
*
|
86
|
+
* @return If available, detailed information about the specific instance of
|
87
|
+
* the issue.
|
88
|
+
*/
|
89
|
+
String getIssueDetail();
|
90
|
+
|
91
|
+
/**
|
92
|
+
* Returns detailed information about the remediation for the specific
|
93
|
+
* instance of the issue.
|
94
|
+
*
|
95
|
+
* @return If available, detailed information about the remediation for the
|
96
|
+
* specific instance of the issue.
|
97
|
+
*/
|
98
|
+
String getRemediationDetail();
|
99
|
+
|
100
|
+
/**
|
101
|
+
* Returns the HTTP messages on the basis of which the issue was generated.
|
102
|
+
*
|
103
|
+
* @return The HTTP messages on the basis of which the issue was generated.
|
104
|
+
*/
|
105
|
+
IHttpRequestResponse[] getHttpMessages();
|
32
106
|
}
|
@@ -1,20 +1,76 @@
|
|
1
1
|
package burp;
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
3
|
+
/*
|
4
|
+
* @(#)IScanQueueItem.java
|
5
|
+
*
|
6
|
+
* Copyright PortSwigger Ltd. All rights reserved.
|
7
|
+
*
|
8
|
+
* This code may be used to extend the functionality of Burp Suite and Burp
|
9
|
+
* Suite Professional, provided that this usage does not violate the
|
10
|
+
* license terms for those products.
|
11
|
+
*/
|
11
12
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
public void cancel();
|
17
|
-
|
18
|
-
public IScanIssue[] getIssues();
|
13
|
+
/**
|
14
|
+
* This interface is used to allow extensions to access details of items in the
|
15
|
+
* Burp Scanner active scan queue.
|
16
|
+
*/
|
19
17
|
|
18
|
+
public interface IScanQueueItem
|
19
|
+
{
|
20
|
+
/**
|
21
|
+
* Returns a description of the status of the scan queue item.
|
22
|
+
*
|
23
|
+
* @return A description of the status of the scan queue item.
|
24
|
+
*/
|
25
|
+
String getStatus();
|
26
|
+
|
27
|
+
/**
|
28
|
+
* Returns an indication of the percentage completed for the scan queue item.
|
29
|
+
*
|
30
|
+
* @return An indication of the percentage completed for the scan queue item.
|
31
|
+
*/
|
32
|
+
byte getPercentageComplete();
|
33
|
+
|
34
|
+
/**
|
35
|
+
* Returns the number of requests that have been made for the scan queue item.
|
36
|
+
*
|
37
|
+
* @return The number of requests that have been made for the scan queue item.
|
38
|
+
*/
|
39
|
+
int getNumRequests();
|
40
|
+
|
41
|
+
/**
|
42
|
+
* Returns the number of network errors that have occurred for the scan
|
43
|
+
* queue item.
|
44
|
+
*
|
45
|
+
* @return The number of network errors that have occurred for the scan
|
46
|
+
* queue item.
|
47
|
+
*/
|
48
|
+
int getNumErrors();
|
49
|
+
|
50
|
+
/**
|
51
|
+
* Returns the number of attack insertion points being used for the scan
|
52
|
+
* queue item.
|
53
|
+
*
|
54
|
+
* @return The number of attack insertion points being used for the scan
|
55
|
+
* queue item.
|
56
|
+
*/
|
57
|
+
int getNumInsertionPoints();
|
58
|
+
|
59
|
+
/**
|
60
|
+
* This method allows the scan queue item to be cancelled.
|
61
|
+
*/
|
62
|
+
void cancel();
|
63
|
+
|
64
|
+
/**
|
65
|
+
* This method returns details of the issues generated for the scan queue item.
|
66
|
+
*
|
67
|
+
* Note that different items within the scan queue may contain duplicated
|
68
|
+
* versions of the same issues - for example, if the same request has been
|
69
|
+
* scanned multiple times. Duplicated issues are consolidated in the main view
|
70
|
+
* of scan results. You can implementIBurpExtender.newScanIssue to get details
|
71
|
+
* only of unique, newly discovered scan issues post-consolidation.
|
72
|
+
*
|
73
|
+
* @return Details of the issues generated for the scan queue item.
|
74
|
+
*/
|
75
|
+
IScanIssue[] getIssues();
|
20
76
|
}
|
data/lib/buby.rb
CHANGED
@@ -334,6 +334,19 @@ class Buby
|
|
334
334
|
alias exit_suite exitSuite
|
335
335
|
alias close exitSuite
|
336
336
|
|
337
|
+
# This method can be used to register a new menu item which will appear
|
338
|
+
# on the various context menus that are used throughout Burp Suite to
|
339
|
+
# handle user-driven actions.
|
340
|
+
#
|
341
|
+
# @param menuItemCaption The caption to be displayed on the menu item.
|
342
|
+
# @param menuItemHandler The handler to be invoked when the user clicks
|
343
|
+
# on the menu item.
|
344
|
+
#
|
345
|
+
def registerMenuItem(menuItemCaption, menuItemHandler)
|
346
|
+
_check_and_callback(:registerMenuItem, menuItemCaption, menuItemHandler)
|
347
|
+
issueAlert("Handler #{menuItemHandler} registered for \"#{menuItemCaption}\"")
|
348
|
+
end
|
349
|
+
|
337
350
|
### Event Handlers ###
|
338
351
|
|
339
352
|
# This method is called by the BurpExtender java implementation upon
|
@@ -371,15 +384,21 @@ class Buby
|
|
371
384
|
pp([:got_callbacks, cb]) if $DEBUG
|
372
385
|
end
|
373
386
|
|
374
|
-
ACTION_FOLLOW_RULES
|
375
|
-
ACTION_DO_INTERCEPT
|
376
|
-
ACTION_DONT_INTERCEPT
|
377
|
-
ACTION_DROP
|
387
|
+
ACTION_FOLLOW_RULES = BurpExtender::ACTION_FOLLOW_RULES
|
388
|
+
ACTION_DO_INTERCEPT = BurpExtender::ACTION_DO_INTERCEPT
|
389
|
+
ACTION_DONT_INTERCEPT = BurpExtender::ACTION_DONT_INTERCEPT
|
390
|
+
ACTION_DROP = BurpExtender::ACTION_DROP
|
391
|
+
ACTION_FOLLOW_RULES_AND_REHOOK = BurpExtender::ACTION_FOLLOW_RULES_AND_REHOOK
|
392
|
+
ACTION_DO_INTERCEPT_AND_REHOOK = BurpExtender::ACTION_DO_INTERCEPT_AND_REHOOK
|
393
|
+
ACTION_DONT_INTERCEPT_AND_REHOOK = BurpExtender::ACTION_DONT_INTERCEPT_AND_REHOOK
|
378
394
|
|
379
|
-
#
|
380
|
-
#
|
395
|
+
# Seems we need to specifically render our 'message' to a string here in
|
396
|
+
# ruby. Otherwise there's flakiness when converting certain binary non-ascii
|
381
397
|
# sequences. As long as we do it here, it should be fine.
|
382
398
|
#
|
399
|
+
# Note: This method maps to the 'processProxyMessage' method in the java
|
400
|
+
# implementation of BurpExtender.
|
401
|
+
#
|
383
402
|
# This method just handles the conversion to and from evt_proxy_message
|
384
403
|
# which expects a message string
|
385
404
|
def evt_proxy_message_raw msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action
|
@@ -401,6 +420,9 @@ class Buby
|
|
401
420
|
#
|
402
421
|
# Note: This method maps to the 'processProxyMessage' method in the java
|
403
422
|
# implementation of BurpExtender.
|
423
|
+
#
|
424
|
+
# See also, evt_proxy_message_raw which is actually called before this
|
425
|
+
# in the BurpExtender processProxyMessage handler.
|
404
426
|
#
|
405
427
|
# Below are the parameters descriptions based on the IBurpExtender
|
406
428
|
# javadoc. Where applicable, decriptions have been modified for
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module CopyRequest
|
2
|
+
def copyRequest(req)
|
3
|
+
req = case
|
4
|
+
when req.is_a?(Numeric)
|
5
|
+
# offset to match UI
|
6
|
+
self.proxy_history[req-1].req_str
|
7
|
+
when req.kind_of?(String)
|
8
|
+
req
|
9
|
+
when (req.respond_to?(:java_class) and req.java_class.to_s == "[B")
|
10
|
+
String.from_java_bytes(req)
|
11
|
+
when req.respond_to?(:req_str)
|
12
|
+
req.req_str
|
13
|
+
else
|
14
|
+
warn "unknown request type... ducking"
|
15
|
+
req
|
16
|
+
end
|
17
|
+
|
18
|
+
java.awt.Toolkit.getDefaultToolkit.getSystemClipboard.setContents(java.awt.datatransfer.StringSelection.new(req), nil)
|
19
|
+
req
|
20
|
+
end
|
21
|
+
alias copy_request copyRequest
|
22
|
+
|
23
|
+
def init_CopyRequest
|
24
|
+
CopyRequestHandler.init_handler("Copy request(s)", self)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
module CopyRequestHandler
|
29
|
+
class << self
|
30
|
+
attr_accessor :_burp
|
31
|
+
attr_reader :menuItemCaption
|
32
|
+
end
|
33
|
+
|
34
|
+
def self.init_handler(menuItemCaption, _burp = $burp)
|
35
|
+
@menuItemCaption = menuItemCaption
|
36
|
+
@_burp = _burp
|
37
|
+
@_burp.registerMenuItem(menuItemCaption, self)
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.menuItemClicked(menuItemCaption, messageInfo)
|
41
|
+
messageInfo = Buby::HttpRequestResponseList.new(messageInfo).map{|x| x.req_str}.join("\r\n\r\n#{'='*50}\r\n\r\n")
|
42
|
+
java.awt.Toolkit.getDefaultToolkit.getSystemClipboard.setContents(java.awt.datatransfer.StringSelection.new(messageInfo), nil)
|
43
|
+
end
|
44
|
+
end
|
metadata
CHANGED
@@ -1,84 +1,94 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: buby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 2
|
8
|
+
- 0
|
9
|
+
version: 1.2.0
|
5
10
|
platform: java
|
6
11
|
authors:
|
7
|
-
- Eric Monti
|
12
|
+
- Eric Monti, tduehr
|
8
13
|
autorequire:
|
9
14
|
bindir: bin
|
10
15
|
cert_chain: []
|
11
16
|
|
12
|
-
date:
|
17
|
+
date: 2010-08-29 00:00:00 -05:00
|
13
18
|
default_executable: buby
|
14
19
|
dependencies: []
|
15
20
|
|
16
21
|
description: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
|
17
|
-
email: emonti@matasano.com
|
22
|
+
email: emonti@matasano.com, td@matasano.com
|
18
23
|
executables:
|
19
|
-
- buby
|
24
|
+
- buby
|
20
25
|
extensions: []
|
21
26
|
|
22
27
|
extra_rdoc_files:
|
23
|
-
- History.txt
|
24
|
-
- README.rdoc
|
25
|
-
- bin/buby
|
28
|
+
- History.txt
|
29
|
+
- README.rdoc
|
30
|
+
- bin/buby
|
26
31
|
files:
|
27
|
-
- .
|
28
|
-
- History.txt
|
29
|
-
- README.rdoc
|
30
|
-
- Rakefile
|
31
|
-
- VERSION
|
32
|
-
- bin/buby
|
33
|
-
- buby.gemspec
|
34
|
-
- java/buby.jar
|
35
|
-
- java/src/BurpExtender.java
|
36
|
-
- java/src/burp/IBurpExtender.java
|
37
|
-
- java/src/burp/IBurpExtenderCallbacks.java
|
38
|
-
- java/src/burp/IHttpRequestResponse.java
|
39
|
-
- java/src/burp/
|
40
|
-
- java/src/burp/
|
41
|
-
-
|
42
|
-
- lib/buby
|
43
|
-
- lib/buby/extends
|
44
|
-
- lib/buby/extends/
|
45
|
-
- lib/buby/extends/
|
46
|
-
-
|
47
|
-
- samples/
|
48
|
-
- samples/
|
49
|
-
- samples/
|
50
|
-
- samples/
|
51
|
-
- samples/
|
52
|
-
-
|
32
|
+
- .gitignore
|
33
|
+
- History.txt
|
34
|
+
- README.rdoc
|
35
|
+
- Rakefile
|
36
|
+
- VERSION
|
37
|
+
- bin/buby
|
38
|
+
- buby.gemspec
|
39
|
+
- java/buby.jar
|
40
|
+
- java/src/BurpExtender.java
|
41
|
+
- java/src/burp/IBurpExtender.java
|
42
|
+
- java/src/burp/IBurpExtenderCallbacks.java
|
43
|
+
- java/src/burp/IHttpRequestResponse.java
|
44
|
+
- java/src/burp/IMenuItemHandler.java
|
45
|
+
- java/src/burp/IScanIssue.java
|
46
|
+
- java/src/burp/IScanQueueItem.java
|
47
|
+
- lib/buby.rb
|
48
|
+
- lib/buby/extends.rb
|
49
|
+
- lib/buby/extends/buby_array_wrapper.rb
|
50
|
+
- lib/buby/extends/http_request_response.rb
|
51
|
+
- lib/buby/extends/scan_issue.rb
|
52
|
+
- samples/drb_buby.rb
|
53
|
+
- samples/drb_sample_cli.rb
|
54
|
+
- samples/mechanize_burp.rb
|
55
|
+
- samples/menu_copy_req.rb
|
56
|
+
- samples/poc_generator.rb
|
57
|
+
- samples/verb_tamperer.rb
|
58
|
+
- samples/watch_scan.rb
|
59
|
+
- test/buby_test.rb
|
53
60
|
has_rdoc: true
|
54
61
|
homepage: http://emonti.github.com/buby
|
55
62
|
licenses: []
|
56
63
|
|
57
64
|
post_install_message:
|
58
65
|
rdoc_options:
|
59
|
-
- --main
|
60
|
-
- README.rdoc
|
66
|
+
- --main
|
67
|
+
- README.rdoc
|
61
68
|
require_paths:
|
62
|
-
- lib
|
63
|
-
- java
|
69
|
+
- lib
|
70
|
+
- java
|
71
|
+
- java
|
64
72
|
required_ruby_version: !ruby/object:Gem::Requirement
|
65
73
|
requirements:
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
segments:
|
77
|
+
- 0
|
78
|
+
version: "0"
|
70
79
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
71
80
|
requirements:
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
81
|
+
- - ">="
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
segments:
|
84
|
+
- 0
|
85
|
+
version: "0"
|
76
86
|
requirements: []
|
77
87
|
|
78
88
|
rubyforge_project:
|
79
|
-
rubygems_version: 1.3.
|
89
|
+
rubygems_version: 1.3.6
|
80
90
|
signing_key:
|
81
91
|
specification_version: 3
|
82
92
|
summary: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger
|
83
93
|
test_files:
|
84
|
-
- test/buby_test.rb
|
94
|
+
- test/buby_test.rb
|
data/.bnsignore
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
# The list of files that should be ignored by Mr Bones.
|
2
|
-
# Lines that start with '#' are comments.
|
3
|
-
#
|
4
|
-
# A .gitignore file can be used instead by setting it as the ignore
|
5
|
-
# file in your Rakefile:
|
6
|
-
#
|
7
|
-
# PROJ.ignore_file = '.gitignore'
|
8
|
-
#
|
9
|
-
# For a project with a C extension, the following would be a good set of
|
10
|
-
# exclude patterns (uncomment them if you want to use them):
|
11
|
-
# *.[oa]
|
12
|
-
|
13
|
-
.*
|
14
|
-
*~
|
15
|
-
*.swp
|
16
|
-
.*.swp
|
17
|
-
announcement.txt
|
18
|
-
coverage*/
|
19
|
-
doc
|
20
|
-
pkg
|
21
|
-
experimental
|
22
|
-
reference
|
23
|
-
lib/burp.jar
|
24
|
-
*.class
|
25
|
-
*.gem
|
26
|
-
.DS_Store
|
27
|
-
|