dradis-burp 3.18.0

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'nokogiri'
+require 'combustion'
+
+Combustion.initialize!
+
+RSpec.configure do |config|
+end

data/templates/evidence.fields

@@ -0,0 +1,8 @@
+issue.host
+issue.path
+issue.location
+issue.severity
+issue.confidence
+issue.request
+issue.response
+issue.detail

data/templates/evidence.sample

@@ -0,0 +1,76 @@
+<issue>
+  <serialNumber>5236964506139299840</serialNumber>
+  <type>6291712</type>
+  <name>Directory listing</name>
+  <host ip="10.0.0.1">http://wiki.local</host>
+  <path><![CDATA[/crmmanager/]]></path>
+  <location><![CDATA[/crmmanager/]]></location>
+  <severity>Information</severity>
+  <confidence>Firm</confidence>
+  <issueBackground><![CDATA[Directory listings do not necessarily constitute a security vulnerability. Any sensitive resources within your web root should be properly access-controlled in any case, and should not be accessible by an unauthorized party who happens to know the URL. Nevertheless, directory listings can aid an attacker by enabling them to quickly identify the resources at a given path, and proceed directly to analyzing and attacking them.]]></issueBackground>
+  <remediationBackground><![CDATA[There is not usually any good reason to provide directory listings, and disabling them may place additional hurdles in the path of an attacker. This can normally be achieved in two ways:<ul><li>Configure your web server to prevent directory listings for all paths beneath the web root; </li><li>Place into each directory a default file (such as index.htm) which the web server will display instead of returning a directory listing.</li></ul>]]></remediationBackground>
+  <requestresponse>
+    <request base64="false"><![CDATA[GET /crmmanager/ HTTP/1.1
+    Host: wiki.local
+    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
+    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+    Accept-Language: en-US,en;q=0.5
+    Accept-Encoding: gzip, deflate
+    DNT: 1
+    Proxy-Connection: keep-alive
+    Referer: http://wiki.local/
+    Cookie: JSESSIONID=e2ff342b-f981-4ec0-9d55-f5b13dfe269c
+
+    ]]></request>
+    <response base64="false"><![CDATA[HTTP/1.1 200 OK
+    Date: Wed, 02 Jan 2013 15:10:59 GMT
+    Content-Type: text/html
+    Last-Modified: Fri, 19 Nov 2010 09:36:13 GMT
+    Date: Wed, 02 Jan 2013 15:10:59 GMT
+    Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
+    Server: Apache
+    Content-Length: 2447
+
+    <!--
+
+        lots of crazy stuff
+    -->
+    <html>
+      <head>
+        <title>Index of /crmmanager/</title>
+      </head>
+      <body>
+        <h1>Index of /crmmanager/</h1>
+        <table cellspacing="10">
+          <tr>
+            <th align="left">Name</th>
+            <th>Last Modified</th>
+            <th>Size</th>
+            <th>Description</th>
+          </tr>
+          <tr>
+            <td>
+              <a href="../">Parent Directory</a>
+            </td>
+          </tr>
+          <tr>
+            <td>
+              <a href="http://wiki.local/crm-manager/admin/">admin/</a>
+            </td>
+            <td>
+              Wed Jan 02 01:00:13 CET 2013
+            </td>
+            <td align="right">
+                              &nbsp;
+                          </td>
+            <td>
+              &nbsp;
+            </td>
+          </tr>
+        </table>
+      </body>
+    </html>
+    ]]></response>
+    <responseRedirected>false</responseRedirected>
+  </requestresponse>
+</issue>

data/templates/evidence.template

@@ -0,0 +1,20 @@
+#[Host]#
+%issue.host%
+
+#[Path]#
+%issue.path%
+
+#[Location]#
+%issue.location%
+
+#[Severity]#
+%issue.severity%
+
+#[Confidence]#
+%issue.confidence%
+
+#[Request]#
+bc.. %issue.request%
+
+#[Response]#
+bc.. %issue.response%

data/templates/html_evidence.fields

@@ -0,0 +1,13 @@
+issue.host
+issue.path
+issue.location
+issue.severity
+issue.confidence
+issue.request
+issue.request_1
+issue.request_2
+issue.request_3
+issue.response
+issue.response_1
+issue.response_2
+issue.response_3

data/templates/html_evidence.sample

@@ -0,0 +1,36 @@
+<span class="BODH1" id="2.1">2.1.&nbsp;http://mdsec.net/addressbook/32/Default.aspx [Address parameter]</span>
+<br><a class="PREVNEXT" href="#2.2">Next</a>
+<br>
+<h2>Summary</h2>
+<table cellpadding="0" cellspacing="0" class="summary_table">
+<tr>
+<td rowspan="4" class="icon" valign="top" align="center"><img width="32" height="32" src="images/scan_issue_high_certain_rpt.png"></td>
+<td>Severity:&nbsp;&nbsp;</td>
+<td><b>High</b></td>
+</tr>
+<tr>
+<td>Confidence:&nbsp;&nbsp;</td>
+<td><b>Certain</b></td>
+</tr>
+<tr>
+<td>Host:&nbsp;&nbsp;</td>
+<td><b>http://mdsec.net</b></td>
+</tr>
+<tr>
+<td>Path:&nbsp;&nbsp;</td>
+<td><b>/addressbook/32/Default<wbr>.aspx</b></td>
+</tr>
+</table>
+<h2>Issue detail</h2>
+<span class="TEXT">The <b>Address</b> parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.<br><br>The database appears to be Microsoft SQL Server.</span>
+<h2>Remediation detail</h2>
+<span class="TEXT">The application should handle errors gracefully and prevent SQL error messages from being returned in responses. </span>
+<h2>Request 1</h2>
+<div class="rr_div"><span>POST /addressbook/32/Default<wbr>.aspx HTTP/1.1<br>Host: mdsec.net<br>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0<br>Accept: text/html,application<wbr>/xhtml+xml,application<wbr>/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http://mdsec.net<wbr>/addressbook/32/<br>Connection: keep-alive<br>Content-Type: application/x-www-form<wbr>-urlencoded<br>Content-Length: 116<br><br>__VIEWSTATE=%2FwEPDw<wbr>UKMTI0NzE5MjI0MGRkoX<wbr>v4BXfugQRsGddxJO96PBvk5rI<wbr>%3D&amp;Name=&amp;Email=&amp;Phone=<wbr>&amp;Search=Search&amp;Address=<span class="HIGHLIGHT">'</span>&amp;Age=</span></div>
+<h2>Response 1</h2>
+<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Wed, 10 Apr 2013 12:40:58 GMT<br>Server: Microsoft-IIS/6.0<br>MicrosoftOfficeWebServer: 5.0_Pub<br>X-Powered-By: ASP.NET<br>X-AspNet-Version: 2.0.50727<br>Cache-Control: private<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 2642<br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR<wbr>/xhtml1/DTD/xhtml1<wbr>-transitional.dtd"&gt;<br>&lt;html xmlns="http://www.w3.org<wbr>/1999/xhtml" &gt;<br>&lt;head&gt;<br>&lt;title&gt;Contacts&lt;/title&gt;<br><b>...[SNIP]...</b><br>&lt;b&gt;Error: <span class="HIGHLIGHT">Unclosed quotation mark</span> after the character string ''.<br><span class="HIGHLIGHT">Incorrect syntax near</span> ''.&lt;/b&gt;<br><b>...[SNIP]...</b><br></span></div>
+<h2>Request 2</h2>
+<div class="rr_div"><span>POST /addressbook/32/Default<wbr>.aspx HTTP/1.1<br>Host: mdsec.net<br>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0<br>Accept: text/html,application<wbr>/xhtml+xml,application<wbr>/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http://mdsec.net<wbr>/addressbook/32/<br>Connection: keep-alive<br>Content-Type: application/x-www-form<wbr>-urlencoded<br>Content-Length: 116<br><br>__VIEWSTATE=%2FwEPDw<wbr>UKMTI0NzE5MjI0MGRkoX<wbr>v4BXfugQRsGddxJO96PBvk5rI<wbr>%3D&amp;Name=&amp;Email=&amp;Phone=<wbr>&amp;Search=Search&amp;Address=<span class="HIGHLIGHT">''</span>&amp;Age=</span></div>
+<h2>Response 2</h2>
+<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Wed, 10 Apr 2013 12:40:58 GMT<br>Server: Microsoft-IIS/6.0<br>MicrosoftOfficeWebServer: 5.0_Pub<br>X-Powered-By: ASP.NET<br>X-AspNet-Version: 2.0.50727<br>Cache-Control: private<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 2721<br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR<wbr>/xhtml1/DTD/xhtml1<wbr>-transitional.dtd"&gt;<br>&lt;html xmlns="http://www.w3.org<wbr>/1999/xhtml" &gt;<br>&lt;head&gt;<br>&lt;title&gt;Contacts&lt;/title&gt;<br><b>...[SNIP]...</b><br></span></div>
+<div class="rule"></div>

data/templates/html_evidence.template

@@ -0,0 +1,50 @@
+#[Host]#
+%issue.host%
+
+
+#[Path]#
+%issue.path%
+
+
+#[Location]#
+%issue.location%
+
+
+#[Severity]#
+%issue.severity%
+
+
+#[Confidence]#
+%issue.confidence%
+
+
+#[Request]#
+bc.. %issue.request%
+
+
+#[Response]#
+bc.. %issue.response%
+
+
+#[Request 1]#
+bc.. %issue.request_1%
+
+
+#[Response 1]#
+bc.. %issue.response_1%
+
+
+#[Request 2]#
+bc.. %issue.request_2%
+
+
+#[Response 2]#
+bc.. %issue.response_2%
+
+
+#[Request 3]#
+bc.. %issue.request_3%
+
+
+#[Response 3]#
+bc.. %issue.response_3%

data/templates/issue.fields

@@ -0,0 +1,8 @@
+issue.background
+issue.detail
+issue.name
+issue.references
+issue.remediation_background
+issue.remediation_detail
+issue.severity
+issue.vulnerability_classifications

data/templates/issue.sample

@@ -0,0 +1,23 @@
+<issue>
+  <serialNumber>5863488220648493056</serialNumber>
+  <type>16777984</type>
+  <name><![CDATA[Strict transport security not enforced]]></name>
+  <host ip="192.168.1.1">https://this.is.a.url</host>
+  <path><![CDATA[/]]></path>
+  <location><![CDATA[/]]></location>
+  <severity>Low</severity>
+  <confidence>Certain</confidence>
+  <issueBackground><![CDATA[<p> The application fails to prevent users from connecting  to it over unencrypted connections.  An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool  automates this process. </p>
+<p>
+To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. </p>]]></issueBackground>
+  <remediationBackground><![CDATA[<p>The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.</p>
+<p>Note that because HSTS is a &quot;trust on first use&quot; (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.</p>]]></remediationBackground>
+  <references><![CDATA[<ul>
+<li><a href="https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security">HTTP Strict Transport Security</a></li>
+<li><a href="http://www.thoughtcrime.org/software/sslstrip/">sslstrip</a></li>
+<li><a href="https://hstspreload.appspot.com/">HSTS Preload Form</a></li>
+</ul>]]></references>
+  <vulnerabilityClassifications><![CDATA[<ul>
+<li><a href="https://cwe.mitre.org/data/definitions/523.html">CWE-523: Unprotected Transport of Credentials</a></li>
+</ul>]]></vulnerabilityClassifications>
+</issue>

data/templates/issue.template

@@ -0,0 +1,30 @@
+#[Title]#
+%issue.name%
+
+
+#[Severity]#
+%issue.severity%
+
+
+#[Background]#
+%issue.background%
+
+
+#[RemediationBackground]#
+%issue.remediation_background%
+
+
+#[Detail]#
+%issue.detail%
+
+
+#[RemediationDetails]#
+%issue.remediation_detail%
+
+
+#[References]#
+%issue.references%
+
+
+#[Classifications]#
+%issue.vulnerability_classifications%

metadata

@@ -0,0 +1,174 @@
+--- !ruby/object:Gem::Specification
+name: dradis-burp
+version: !ruby/object:Gem::Version
+  version: 3.18.0
+platform: ruby
+authors:
+- Daniel Martin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-07-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dradis-plugins
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+description: This plugin allows you to upload and parse output produced from Portswigger's
+  Burp Scanner into Dradis.
+email:
+- etd@nomejortu.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/issue_template.md"
+- ".github/pull_request_template.md"
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- dradis-burp.gemspec
+- lib/burp/html/issue.rb
+- lib/burp/issue.rb
+- lib/burp/xml/issue.rb
+- lib/dradis-burp.rb
+- lib/dradis/plugins/burp.rb
+- lib/dradis/plugins/burp/engine.rb
+- lib/dradis/plugins/burp/field_processor.rb
+- lib/dradis/plugins/burp/gem_version.rb
+- lib/dradis/plugins/burp/html/importer.rb
+- lib/dradis/plugins/burp/version.rb
+- lib/dradis/plugins/burp/xml/importer.rb
+- lib/tasks/thorfile.rb
+- spec/burp_upload_spec.rb
+- spec/fixtures/files/burp.html
+- spec/fixtures/files/burp.xml
+- spec/fixtures/files/burp_issue_severity.xml
+- spec/fixtures/files/invalid-utf-issue.xml
+- spec/fixtures/files/without-base64.xml
+- spec/spec_helper.rb
+- templates/evidence.fields
+- templates/evidence.sample
+- templates/evidence.template
+- templates/html_evidence.fields
+- templates/html_evidence.sample
+- templates/html_evidence.template
+- templates/issue.fields
+- templates/issue.sample
+- templates/issue.template
+homepage: http://dradisframework.org
+licenses:
+- GPL-2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Burp Scanner upload plugin for the Dradis Framework.
+test_files:
+- spec/burp_upload_spec.rb
+- spec/fixtures/files/burp.html
+- spec/fixtures/files/burp.xml
+- spec/fixtures/files/burp_issue_severity.xml
+- spec/fixtures/files/invalid-utf-issue.xml
+- spec/fixtures/files/without-base64.xml
+- spec/spec_helper.rb