buby 1.5.2-java → 1.6.0-java

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2175d306bf70e2a9c589d487352f097a77abf0ce
+  data.tar.gz: 701b8c4f4402196bd2c9bd6cc0057ec4bb1a08ac
+SHA512:
+  metadata.gz: 6a6a102290b2bba7da077b818c18fb64c28cb36c076a003e00f0646a7b4435f40dd07d025824cdf4b1f977934f918b4e806d7652e4cf28e5a37ca3e60a064eaf
+  data.tar.gz: 44a5c95aea901646359d800348c339015e59729f8cd51b918687abddd7c06bdb5ada4381701f5aa80d68d1664dce73b9110fa2e3db6c109339e4272c6f34cd18

data/README.rdoc

@@ -1,33 +1,36 @@
-buby
+= buby
   by Eric Monti, Timur Duehr
   http://tduehr.github.com/buby
 
 == DESCRIPTION:
 
-Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
+Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API or a JRuby BurpExtender implementation using the new embedded JRuby support.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface. This extension works best with Burp Suite Professional. The Free version may also be used but does not contain many of the features that make Burp Suite and Buby shine.
 
 == FEATURES/PROBLEMS:
 
-* Intercept and log proxied requests and responses via Burp into Ruby and 
-  perform arbitrary processing on them.
+* Intercept and log proxied requests and responses via Burp into Ruby and perform arbitrary processing on them.
 
 * Modify requests and responses in-line using Ruby scripts.
 
-* Pass requests and other information from JRuby to various sub-interfaces in 
-  Burp
+* Pass requests and other information from JRuby to various sub-interfaces in Burp
 
-* Use the Burp framework for active and passive scanning using arbitrary
-  requests and responses.
+* Use the Burp framework for active and passive scanning using arbitrary requests and responses.
 
 * Use the Burp framework for making arbitrary HTTP requests
 
-
-Buby is implemented using an abstract Ruby event handler and interface class. The Buby Ruby class is back-ended with a minimal BurpExtender class implemented in Java.  The java code is required to conform to nuances in the Burp extension interface and while it's in the pure Java runtime, it acts as 'glue' where deemed appropriate, but otherwise tries to stay out of the way.
+Buby is implemented using an abstract Ruby event handler and interface class. The Buby Ruby class is back-ended with a minimal BurpExtender class implemented in Java or JRuby depending on how it's launched.  The java code is required to conform to nuances in the Burp extension interface and while it's in the pure Java runtime, it acts as 'glue' where deemed appropriate, but otherwise tries to stay out of the way.
 
 The java BurpExtender included with Buby is an implementation of IBurpExtender which is the interface API supplied by PortSwigger for writing extensions to Burp Suite. It mostly acts as a method proxy between Ruby and Java, doing very little except event handler proxying between the java and ruby runtimes with run-time type conversion as needed.
 
 == Caveat
 
+  Note: 1.6 fixes a bug were some of the newer wrapper methods return the native
+        Java arrays. This haas been corrected to return the appropriate
+        HttpRequestResponseList or ScanIssuesList object. Most code in use
+        should not be affected by this. In 2.0 these methods will return the
+        correct Java/JRuby arrays. These were originally created to make nice
+        Ruby Array-like objects but are no longer needed.
+
 Burp's extension interfaces have changed significantly in 1.5.01. I don't yet know how compatible this will be with Burp versions 1.5.0 and lower going forward. If you want compatibility with Burp Suite versions 1.5.0 and earlier stick with Buby version 1.3.3 or prior.
 
 I will keep the API provided by earlier Buby versions and mark methods deprecated as required. Hopefully, I'll be able to keep them around for a while so old buby scripts will continue to work for a while.
@@ -40,33 +43,32 @@ Methods removed/deprecated in 1.5.01 interfaces:
 * IBurpExtenderCallbacks.registerMenuItem (deprecated, use IBurpExtenderCalbacks.registerContextMenuFactory instead)
 * IMenuItemHandler (deprecated, use IContextMenuFactory instead)
 
-The deprecated getPatameters and getHeaders methods will, for now, call the equivalent methods on IBurpExtenderCallbacks. At some point soon they'll forward the calls to the correct interface before being removed entirely in favor of the new interfaces.
+The deprecated getParameters and getHeaders methods will, for now, call the equivalent methods on IBurpExtenderCallbacks. At some point soon they'll forward the calls to the correct interface before being removed entirely in favor of the new interfaces.
 
-In 2.0 bin/buby to use a bash script as the primary starting point for the current script - which will be renamed to bin/buby.rb
+In 2.0 bin/buby to use a bash script as the primary starting point for the current script - which will be renamed to bin/buby.rb. I may also just leave it as it is; the new Ruby extension stuff is quite nice.
 
 ... And one more thing. The next version of buby will require JRuby 1.7.0+. It won't use 1.9 syntax for a little while. So, extensions that require 1.8 will still work for now. Just don't forget to add the `--1.8` switch to JRuby when starting buby.
 
+Now that MRI 2.0 is out and 2.1 is around the corner, 1.9 mode support is semi-deprecated pending 2.0/2.1 support in jruby.
+
 == REQUIREMENTS:
 
 * JRuby - http://jruby.org
   Burp is Java based and the extension is developed specifically around JRuby.
   The C version of ruby will not work.
 
-* Burp (pro or free version): Buby is useless without a copy of Burp. 
-  Buby has been tested successfully with Burp 1.2.x.
-
+* Burp (pro or free version): Buby is useless without a copy of Burp.
 
 == BUILD/INSTALL:
 
 === Gem
-You should be able to get up and running with just the gem and a copy of Burp. 
-I've packaged up a pre-built buby.jar file containing the required classes 
-minus ofcourse, Burp itself. 
+You should be able to get up and running with just the gem and a copy of Burp.
+I've packaged up a pre-built buby.jar file containing the required classes minus, of course, Burp itself.
 
   (sudo)? jruby -S gem install buby --source=http://gemcutter.org
 
-* IMPORTANT: The buby gem doesn't include a copy of Burp!  See manual step #5 
-  below. For best results, you'll still want to make your burp.jar available 
+* IMPORTANT: The buby gem doesn't include a copy of Burp!  See manual step #5
+  below. For best results, you'll still want to make your burp.jar available
   in the ruby runtime library path.
 
 
@@ -90,33 +92,33 @@ Install the development dependencies:
   jruby -S gem build buby.gemspec
   jruby -S gem install --local buby-*.gem
 
-==== Step 5. 
+==== Step 5.
 
 The last part is a bit tricky. Burp Suite itself is obviously not included
-with buby. You'll want to somehow put your 'burp.jar' in a place where it 
-is visible in the JRuby RUBY-LIB paths. There are a few other ways of pulling 
-in Burp during runtime, but this method probably involves the least amount of 
+with buby. You'll want to somehow put your 'burp.jar' in a place where it
+is visible in the JRuby RUBY-LIB paths. There are a few other ways of pulling
+in Burp during runtime, but this method probably involves the least amount of
 hassle in the long run.
 
-JRuby usually gives you a 'java' lib directory for this kind of thing.  Here's 
+JRuby usually gives you a 'java' lib directory for this kind of thing.  Here's
 a quick way to see jruby's runtime lib-path:
-    
+
   jruby -e 'puts $:'
 
-There is usually a '.../jruby/lib/1.8/java' directory reference in there, 
+There is usually a '.../jruby/lib/1.8/java' directory reference in there,
 though the actual directory may need to be created.
 
 Here's how I do it. I have my jruby installation under my home directory.
-Your configuration details can be substituted below. 
+Your configuration details can be substituted below.
 
   ln -s ~/tools/burp.jar ~/jruby-1.7.1/lib/ruby/1.9/java/burp.jar
 
-Now everything should be ready to go. Try at least the first few parts of the 
-test below to confirm everything is set up. 
+Now everything should be ready to go. Try at least the first few parts of the
+test below to confirm everything is set up.
 
 == TEST AND USAGE EXAMPLE:
 
-The gem includes a command-line executable called 'buby'. You can use this to 
+The gem includes a command-line executable called 'buby'. You can use this to
 test your Buby set-up and try out a few features.
 
   $ buby -h
@@ -136,7 +138,7 @@ test your Buby set-up and try out a few features.
   [:got_extender, #<Java::Default::BurpExtender:0x80 ...>]
   Global $burp is set to #<Buby:0x78de07 @burp_callbacks=#<#<Class:...>
   [:got_callbacks, #<#<Class:01x38ba04>:0x90 ...>]
-  irb(main):001:0> 
+  irb(main):001:0>
 
 
 Once Burp is running, click on the alerts tab.
@@ -163,9 +165,9 @@ Which should produce a new alert:
   2:47:00 PM  suite   hello Burp!
 
 
-Next, try making an HTTP request through the proxy. We'll use Net:HTTP right 
-in IRB for illustration purposes. However, you can just as easily perform this 
-test through a browser configured to use Burp as its proxy.  
+Next, try making an HTTP request through the proxy. We'll use Net:HTTP right
+in IRB for illustration purposes. However, you can just as easily perform this
+test through a browser configured to use Burp as its proxy.
 
   require 'net/http'
   p = Net::HTTP::Proxy("localhost", 8080).start("www.example.com")
@@ -177,7 +179,7 @@ passes your request back to your HTTP client/browser.
 
 It will look something like the following in IRB:
 
-  >> p.get("/")   
+  >> p.get("/")
   [:got_proxy_request,
    [:msg_ref, 1],
    [:is_req, true],
@@ -192,9 +194,9 @@ It will look something like the following in IRB:
    [:message, "GET / HTTP/1.1\r\nAccept:..."],
    [:action, 0]]
 
-You may also see the response right away depending on your intercept settings 
-in Burp. Back the in Burp proxy's intercept window, turn off interception if 
-it hasn't already been disabled. Now you should definitely see the response 
+You may also see the response right away depending on your intercept settings
+in Burp. Back the in Burp proxy's intercept window, turn off interception if
+it hasn't already been disabled. Now you should definitely see the response
 in IRB as it passes back through the Burp proxy.
 
   [:got_proxy_response,
@@ -215,16 +217,16 @@ in IRB as it passes back through the Burp proxy.
 
 Note also, the Net::HTTP request should have returned the same result as shown in the proxy.
 
-Now, lets try something mildly interesting with the proxy. This contrived example will implement a proxy request manipulator to do HTTP request verb tampering on every GET request that goes through the proxy. 
+Now, lets try something mildly interesting with the proxy. This contrived example will implement a proxy request manipulator to do HTTP request verb tampering on every GET request that goes through the proxy.
 
-  # Note: I'm using 'instance_eval' here only to stay with the flow of the 
-  # existing IRB session. Normally, you'd probably want to implement this as 
+  # Note: I'm using 'instance_eval' here only to stay with the flow of the
+  # existing IRB session. Normally, you'd probably want to implement this as
   # an override in your Buby-derived class.
 
   $burp.instance_eval do
 
     def evt_proxy_message(*param)
-      msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, 
+      msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType,
       status, req_content_type, message, action = param
 
       if is_req and http_meth=="GET"
@@ -272,23 +274,26 @@ And, assuming 'www.example.com' checks for valid request verbs, you should see s
 
 
 == CREDIT:
-* Burp and Burp Suite are trademarks of PortSwigger(ltd) 
-  Copyright 2012 PortSwigger Ltd. All rights reserved.
+Burp and Burp Suite are trademarks of PortSwigger(ltd)
+  Copyright 2013 PortSwigger Ltd. All rights reserved.
   See http://portswigger.net for license terms.
 
-* This ruby library and the accompanying BurpExtender.java implementation was written by Timur Duehr @ Matasano Security. The original version of this library and BurpExtender.java implementation was written my Eric Monti @ Matasano Security. Matasano Security claims no professional or legal affiliation with PortSwigger LTD.
-
-  However, the authors would like to express their personal and professional 
-  respect and admiration to Burp's authors and appreciation to PortSwigger for 
-  the availability of the IBurpExtender extension API.
+This JRuby library and the accompanying Java and JRuby BurpExtender
+implementations were written by Timur Duehr @ Matasano Security. The original
+version of this library and BurpExtender.java implementation was written my Eric
+Monti @ Matasano Security. Matasano Security claims no professional or legal
+affiliation with PortSwigger LTD.
 
-  The availability of this interface goes a long way to helping make Burp Suite 
-  a truly first-class application.
+However, the authors would like to express their personal and professional
+respect and admiration to Burp's authors and appreciation to PortSwigger for the
+availability of the IBurpExtender extension API and its continued improvement.
+The availability of this interface goes a long way to helping make Burp Suite
+a truly first-class application.
 
 == LICENSE:
 
 * Burp and Burp Suite are trademarks of PortSwigger Ltd.
-  Copyright 2012 PortSwigger Ltd. All rights reserved.
+  Copyright 2013 PortSwigger Ltd. All rights reserved.
   See http://portswigger.net for license terms.
 
 * The Buby Ruby library and its accompanying BurpExtender implementation are
@@ -297,11 +302,11 @@ And, assuming 'www.example.com' checks for valid request verbs, you should see s
 (The MIT License)
 
 Copyright (C) 2009 Eric Monti, Matasano Security
-Copyright (C) 2010-2012 Timur Duehr, Matasano Security
+Copyright (C) 2010-2013 Timur Duehr, Matasano Security
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 

data/VERSION.yml

@@ -1,5 +1,5 @@
 ---
 :major: 1
-:minor: 5
-:patch: 2
-:build:
+:minor: 6
+:patch: 0
+:build: 

data/buby.gemspec

@@ -2,15 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+# stub: buby 1.6.0 java lib
 
 Gem::Specification.new do |s|
   s.name = "buby"
-  s.version = "1.5.2"
+  s.version = "1.6.0"
   s.platform = "java"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Eric Monti, tduehr"]
-  s.date = "2013-04-29"
+  s.date = "2013-11-07"
   s.description = "Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface."
   s.email = "td@matasano.com"
   s.executables = ["buby"]
@@ -135,12 +136,12 @@ Gem::Specification.new do |s|
   s.homepage = "http://tduehr.github.com/buby"
   s.rdoc_options = ["--main", "README.rdoc"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
+  s.rubygems_version = "2.1.9"
   s.summary = "Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger"
   s.test_files = ["test/buby_test.rb"]
 
   if s.respond_to? :specification_version then
-    s.specification_version = 3
+    s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_development_dependency(%q<rake-compiler>, ["~> 0.8.1"])

data/ext/burp_interfaces/burp/IBurpExtenderCallbacks.java

@@ -109,6 +109,22 @@ public interface IBurpExtenderCallbacks
      */
     OutputStream getStderr();
 
+    /**
+     * This method prints a line of output to the current extension's standard
+     * output stream.
+     *
+     * @param output The message to print.
+     */
+    void printOutput(String output);
+
+    /**
+     * This method prints a line of output to the current extension's standard
+     * error stream.
+     *
+     * @param error The message to print.
+     */
+    void printError(String error);
+
     /**
      * This method is used to register a listener which will be notified of
      * changes to the extension's state. <b>Note:</b> Any extensions that start
@@ -121,6 +137,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerExtensionStateListener(IExtensionStateListener listener);
 
+    /**
+     * This method is used to retrieve the extension state listeners that are
+     * registered by the extension.
+     *
+     * @return A list of extension state listeners that are currently registered
+     * by this extension.
+     */
+    List<IExtensionStateListener> getExtensionStateListeners();
+
+    /**
+     * This method is used to remove an extension state listener that has been
+     * registered by the extension.
+     *
+     * @param listener The extension state listener to be removed.
+     */
+    void removeExtensionStateListener(IExtensionStateListener listener);
+
     /**
      * This method is used to register a listener which will be notified of
      * requests and responses made by any Burp tool. Extensions can perform
@@ -132,6 +165,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerHttpListener(IHttpListener listener);
 
+    /**
+     * This method is used to retrieve the HTTP listeners that are registered by
+     * the extension.
+     *
+     * @return A list of HTTP listeners that are currently registered by this
+     * extension.
+     */
+    List<IHttpListener> getHttpListeners();
+
+    /**
+     * This method is used to remove an HTTP listener that has been registered
+     * by the extension.
+     *
+     * @param listener The HTTP listener to be removed.
+     */
+    void removeHttpListener(IHttpListener listener);
+
     /**
      * This method is used to register a listener which will be notified of
      * requests and responses being processed by the Proxy tool. Extensions can
@@ -143,6 +193,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerProxyListener(IProxyListener listener);
 
+    /**
+     * This method is used to retrieve the Proxy listeners that are registered
+     * by the extension.
+     *
+     * @return A list of Proxy listeners that are currently registered by this
+     * extension.
+     */
+    List<IProxyListener> getProxyListeners();
+
+    /**
+     * This method is used to remove a Proxy listener that has been registered
+     * by the extension.
+     *
+     * @param listener The Proxy listener to be removed.
+     */
+    void removeProxyListener(IProxyListener listener);
+
     /**
      * This method is used to register a listener which will be notified of new
      * issues that are reported by the Scanner tool. Extensions can perform
@@ -154,6 +221,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerScannerListener(IScannerListener listener);
 
+    /**
+     * This method is used to retrieve the Scanner listeners that are registered
+     * by the extension.
+     *
+     * @return A list of Scanner listeners that are currently registered by this
+     * extension.
+     */
+    List<IScannerListener> getScannerListeners();
+
+    /**
+     * This method is used to remove a Scanner listener that has been registered
+     * by the extension.
+     *
+     * @param listener The Scanner listener to be removed.
+     */
+    void removeScannerListener(IScannerListener listener);
+
     /**
      * This method is used to register a listener which will be notified of
      * changes to Burp's suite-wide target scope.
@@ -163,6 +247,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerScopeChangeListener(IScopeChangeListener listener);
 
+    /**
+     * This method is used to retrieve the scope change listeners that are
+     * registered by the extension.
+     *
+     * @return A list of scope change listeners that are currently registered by
+     * this extension.
+     */
+    List<IScopeChangeListener> getScopeChangeListeners();
+
+    /**
+     * This method is used to remove a scope change listener that has been
+     * registered by the extension.
+     *
+     * @param listener The scope change listener to be removed.
+     */
+    void removeScopeChangeListener(IScopeChangeListener listener);
+
     /**
      * This method is used to register a factory for custom context menu items.
      * When the user invokes a context menu anywhere within Burp, the factory
@@ -174,6 +275,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerContextMenuFactory(IContextMenuFactory factory);
 
+    /**
+     * This method is used to retrieve the context menu factories that are
+     * registered by the extension.
+     *
+     * @return A list of context menu factories that are currently registered by
+     * this extension.
+     */
+    List<IContextMenuFactory> getContextMenuFactories();
+
+    /**
+     * This method is used to remove a context menu factory that has been
+     * registered by the extension.
+     *
+     * @param factory The context menu factory to be removed.
+     */
+    void removeContextMenuFactory(IContextMenuFactory factory);
+
     /**
      * This method is used to register a factory for custom message editor tabs.
      * For each message editor that already exists, or is subsequently created,
@@ -186,6 +304,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
 
+    /**
+     * This method is used to retrieve the message editor tab factories that are
+     * registered by the extension.
+     *
+     * @return A list of message editor tab factories that are currently
+     * registered by this extension.
+     */
+    List<IMessageEditorTabFactory> getMessageEditorTabFactories();
+
+    /**
+     * This method is used to remove a message editor tab factory that has been
+     * registered by the extension.
+     *
+     * @param factory The message editor tab factory to be removed.
+     */
+    void removeMessageEditorTabFactory(IMessageEditorTabFactory factory);
+
     /**
      * This method is used to register a provider of Scanner insertion points.
      * For each base request that is actively scanned, Burp will ask the
@@ -198,6 +333,24 @@ public interface IBurpExtenderCallbacks
     void registerScannerInsertionPointProvider(
             IScannerInsertionPointProvider provider);
 
+    /**
+     * This method is used to retrieve the Scanner insertion point providers
+     * that are registered by the extension.
+     *
+     * @return A list of Scanner insertion point providers that are currently
+     * registered by this extension.
+     */
+    List<IScannerInsertionPointProvider> getScannerInsertionPointProviders();
+
+    /**
+     * This method is used to remove a Scanner insertion point provider that has
+     * been registered by the extension.
+     *
+     * @param provider The Scanner insertion point provider to be removed.
+     */
+    void removeScannerInsertionPointProvider(
+            IScannerInsertionPointProvider provider);
+
     /**
      * This method is used to register a custom Scanner check. When performing
      * scanning, Burp will ask the check to perform active or passive scanning
@@ -208,6 +361,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerScannerCheck(IScannerCheck check);
 
+    /**
+     * This method is used to retrieve the Scanner checks that are registered by
+     * the extension.
+     *
+     * @return A list of Scanner checks that are currently registered by this
+     * extension.
+     */
+    List<IScannerCheck> getScannerChecks();
+
+    /**
+     * This method is used to remove a Scanner check that has been registered by
+     * the extension.
+     *
+     * @param check The Scanner check to be removed.
+     */
+    void removeScannerCheck(IScannerCheck check);
+
     /**
      * This method is used to register a factory for Intruder payloads. Each
      * registered factory will be available within the Intruder UI for the user
@@ -222,6 +392,25 @@ public interface IBurpExtenderCallbacks
     void registerIntruderPayloadGeneratorFactory(
             IIntruderPayloadGeneratorFactory factory);
 
+    /**
+     * This method is used to retrieve the Intruder payload generator factories
+     * that are registered by the extension.
+     *
+     * @return A list of Intruder payload generator factories that are currently
+     * registered by this extension.
+     */
+    List<IIntruderPayloadGeneratorFactory> 
+            getIntruderPayloadGeneratorFactories();
+
+    /**
+     * This method is used to remove an Intruder payload generator factory that
+     * has been registered by the extension.
+     *
+     * @param factory The Intruder payload generator factory to be removed.
+     */
+    void removeIntruderPayloadGeneratorFactory(
+            IIntruderPayloadGeneratorFactory factory);
+
     /**
      * This method is used to register a custom Intruder payload processor. Each
      * registered processor will be available within the Intruder UI for the
@@ -232,6 +421,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
 
+    /**
+     * This method is used to retrieve the Intruder payload processors that are
+     * registered by the extension.
+     *
+     * @return A list of Intruder payload processors that are currently
+     * registered by this extension.
+     */
+    List<IIntruderPayloadProcessor> getIntruderPayloadProcessors();
+
+    /**
+     * This method is used to remove an Intruder payload processor that has been
+     * registered by the extension.
+     *
+     * @param processor The Intruder payload processor to be removed.
+     */
+    void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
+
     /**
      * This method is used to register a custom session handling action. Each
      * registered action will be available within the session handling rule UI
@@ -243,6 +449,23 @@ public interface IBurpExtenderCallbacks
      */
     void registerSessionHandlingAction(ISessionHandlingAction action);
 
+    /**
+     * This method is used to retrieve the session handling actions that are
+     * registered by the extension.
+     *
+     * @return A list of session handling actions that are currently registered
+     * by this extension.
+     */
+    List<ISessionHandlingAction> getSessionHandlingActions();
+
+    /**
+     * This method is used to remove a session handling action that has been
+     * registered by the extension.
+     *
+     * @param action The extension session handling action to be removed.
+     */
+    void removeSessionHandlingAction(ISessionHandlingAction action);
+
     /**
      * This method is used to unload the extension from Burp Suite.
      */
@@ -392,6 +615,13 @@ public interface IBurpExtenderCallbacks
             byte[] request,
             List<int[]> payloadPositionOffsets);
 
+    /**
+     * This method can be used to send data to the Comparer tool.
+     *
+     * @param data The data to be sent to Comparer.
+     */
+    void sendToComparer(byte[] data);
+
     /**
      * This method can be used to send a seed URL to the Burp Spider tool. If
      * the URL is not within the current Spider scope, the user will be asked if
@@ -559,6 +789,20 @@ public interface IBurpExtenderCallbacks
      */
     IScanIssue[] getScanIssues(String urlPrefix);
 
+    /**
+     * This method is used to generate a report for the specified Scanner
+     * issues. The report format can be specified. For all other reporting
+     * options, the default settings that appear in the reporting UI wizard are
+     * used.
+     *
+     * @param format The format to be used in the report. Accepted values are
+     * HTML and XML.
+     * @param issues The Scanner issues to be reported.
+     * @param file The file to which the report will be saved.
+     */
+    void generateScanReport(String format, IScanIssue[] issues, 
+            java.io.File file);
+
     /**
      * This method is used to retrieve the contents of Burp's session handling
      * cookie jar. Extensions that provide an
@@ -703,13 +947,15 @@ public interface IBurpExtenderCallbacks
      * @param requestMarkers A list of index pairs representing the offsets of
      * markers to be applied to the request message. Each item in the list must
      * be an int[2] array containing the start and end offsets for the marker.
-     * This parameter is optional and may be <code>null</code> if no request
-     * markers are required.
+     * The markers in the list should be in sequence and not overlapping. This
+     * parameter is optional and may be <code>null</code> if no request markers
+     * are required.
      * @param responseMarkers A list of index pairs representing the offsets of
      * markers to be applied to the response message. Each item in the list must
      * be an int[2] array containing the start and end offsets for the marker.
-     * This parameter is optional and may be <code>null</code> if no response
-     * markers are required.
+     * The markers in the list should be in sequence and not overlapping. This
+     * parameter is optional and may be <code>null</code> if no response markers
+     * are required.
      * @return An object that implements the
      * <code>IHttpRequestResponseWithMarkers</code> interface.
      */